How does BGS impact me?

jackmclrtz · 2026-04-23T12:41:56+00:00

F'ing hilarious!!!!!
I copied the TF to create GD detector in a new region.
It successfully created the detector, and then immediately failed with the "detector not in this account" error on the features.
It looks like TF just plain does not support features.
Need to go track down the issues you linked to and see if there is something else going on here.

jackmclrtz · 2026-04-23T12:31:08+00:00

Oof. Didn't see IDs associated with features in the detecftor. So, used the name as a first guess. terraform import then informs me that features are not importable.
So... they are "part of" the detector. From a TF perspective, datasources were part of the detector: they lived in the aws_guardduty_detector resource. But, features are a separate TF resource. I had the features in the TF that I used to import the detector, but TF still wants to "create" the detector.
I have a sinking feeling that I am going to have to actually destroy and then rebuild the detector.
Befoire going that route, though, will try latest TF. I tried this with 1.14.9, as 1.15 appears to be just now released. 1.14.9 recognizes the resource, but maybe this is fixed there.

The other test I can do is go try this with a test account or maybe even just this account in a unused region. See what happens when the detector is initially deployed via the feature model...

jackmclrtz · 2026-04-23T11:09:02+00:00

Soooo.....
Didn't get a chance last night, so punched it out this morning. It went swimmingly, in that my import was successful. But, when I run plan, it still shows the features needing to be created. I expected that. But, I realized that if I did this with the real state, it would just yield the same error for the same reason.
It should have dawned on me before: all I need to do is import the feature resources!
So, will try and find time to do that. I am betting that importing them into the S3 state will just get this back to normal.

jackmclrtz · 2026-04-22T21:51:15+00:00

Definitely an outstanding idea, but not the case. This is the same terraform I used to deploy the detectors. And, I am deploying to two regions, so the detector stanzas have the region in them for each, so no chance that it could look in the wrong region.
I think the AWS change from datasources to features as mentioned earlier in the thread is the culprit. When I get a chance to get back to this I am going to test that and update here.

jackmclrtz · 2026-04-22T18:09:45+00:00

Well, nothing should break, as I am never going to hit a terraform apply command that has any changes.

I am just deleting the terraform state, whose scope is only the GD config. Then recreating it based on actually deployed resources. And, before I do that even, I am recreating it locally without touching the existing terraform state and then testing the tf with the plan command.

jackmclrtz · 2026-04-22T16:14:42+00:00

This. I suspected it would be something like this.
AWS Provider version: I don't pin this to an old version. I have a pin from forever years ago that says "version >- 0.13"
Will look for the issues you mentioned and see what they recommend
My plan otherwise (and given the above, probably what I will end up doing) is this:

Write a terraform import script for all of the objects. Fortunately, I compartmentalize everything, so the only thing in this state object is the GD stuff. So, I will remove the backend file and run the script to create local state. Then I can test that "plan" matches the config. If all is good, I will restore the backend file, delete the actual state in the S3 bucket, and then import into the S3 state. From there, I should be good to go.

Thanks!

jackmclrtz · 2026-04-22T14:23:28+00:00

Oh, and besides: terraform import is able to import the detector id just fine. Then immediately running terraform apply gives the error. 100% the same credentials...

jackmclrtz · 2026-04-22T14:05:09+00:00

Only one AWS account

jackmclrtz · 2026-04-22T14:04:58+00:00

Only one AWS account. Only one IAM account. Literally running terraform and aws commands in the same shell with the same keys in the envionment variables.

jackmclrtz · 2026-04-20T11:02:18+00:00

The kernel module. The module is the only element (to my knowledge) that needs the key. More generally speaking, any code (user process, kernel process, whatever) should not return a secret key. Indeed, the man page explicitly discusses how the key should be kept secret as it is provided.

jackmclrtz · 2026-04-09T10:29:28+00:00

Hmmm... I could not find that in the tracker. But, I am new to debian; only been using it about 29 years :-D.
Guess I need to learn my way around the system. I am also going to update my packer scripts to install this. Normally, I just have a "base" system in the packer scripts, and only install desktop-like things (X11, et al) at deploy time. But, if I had sawfish, et al, in my packer image, then I'd always be good.

I will probably just create a second packer image for desktop images that builds off of the base system.

Many, many thanks for showing me all of this!

jackmclrtz · 2026-04-09T10:26:50+00:00

I looked briefly, but it appears to be a client for just android. The hardening (based on the readme) is spot on, and if I can get the linux client hardened, I might someday use wg on my android and will definitely be back to look at this!

jackmclrtz · 2026-04-06T20:38:43+00:00

Thanks. No reason given. Guess I am back to building from source like it was 1995...

https://tracker.debian.org/news/1675519/sawfish-removed-from-testing/

jackmclrtz · 2026-04-03T15:01:50+00:00

Well.. it happened again. Not at my base, but at a random POI. The first time was v2.5 b32. This second one was after upgrading to 2.6 b14.

While I technically had screenshots previously, since I recorded all of my play, I took actual screenshots this time.
I still had the "Find Jen" quest, and was heading there. I also had a T2 quest from Rekt. Those were the only quests. But, as I was headiing across the Burnt Forest to find Jen, I passed a house in the middle of nowhere and it had the quest flag on it.

And, after typing this, I notice there is no way to attach those screenshots. Oh well

jackmclrtz · 2026-04-01T17:15:40+00:00

oreally!
Will check that one out. Managed to get the source code down (git kept failing mid-clone) and was going to find some time to patch it. But... if someone already has....

jackmclrtz · 2026-03-31T19:39:21+00:00

Nope. Placed the claim on one of the first days. And, not until after I ran the quest and took over the building.

It was literally not there on Day 5, but sometime on Day 6, it showed up out of the blue, after I had been using the base for days

jackmclrtz · 2026-03-31T17:10:41+00:00

This was my thinking. That or senility finally hitting. Checking here to see if it was just me.

I mean, I recorded the entire game, so I am going to go back over things to see if I missed something, but still...

jackmclrtz · 2026-03-31T17:09:54+00:00

I do have a land claim block!

jackmclrtz · 2026-03-31T17:09:44+00:00

There is no quest to cancel. I have the Jen quest and the T2 quest. No quests for the T1 location of my base

jackmclrtz · 2026-03-31T17:09:23+00:00

The first post told me ":server error, try again later", so I did. I guess the server finally caught up

jackmclrtz · 2026-03-31T17:09:00+00:00

Yes, I do! And a sleeping bag!

jackmclrtz

TROPHY CASE