Really quick for loop I just ran for a bunch of files in a directory that I wanted to no longer have a .pdf extension: for file in *; do ext=${file##*.}; fname=`basename $file .$ext`; mv $file $fname; done Inspiration from here.
Taints and Tolerations are a powerful toolkit to leverage workload affinities to nodegroups within your Kubernetes environment. However, you’ll want to be careful when leveraging them for Deployment objects. If for instance, you’re deploying a node agent meant as a DaemonSet to run on each node in your cluster, you may want to bypass all taints (i.e. type:cpu-optimized) a node has to ensure that workload truly get scheduled on the entire nodegroup.
Continue reading ↦One of my favorite games to play with friends, both LAN and WAN formats, is the Artemis Spaceship Bridge Simulator game. While its incredibly rudimentary, once you get playing, it can be quite exciting (especially aided with alcohol). However, to run a Artemis server instance, you need a copy of the game and must launch the entire main dashboard. They don’t run servers so one person (or another computer) has to run one for the group.
Continue reading ↦Bat is a replacement for Cat with a slew of impressive features. The image above is a tiny example of its beauty printing out a file (a readme in this case). Install on Mac: brew install bat My zsh function which kicks in when its available in $PATH to replace cat: if which bat >/dev/null 2>&1; then alias cat='bat --theme=DarkNeon --style="numbers,changes,header,grid"'; fi This sets a better theme and explicitly defines the features I want.
Continue reading ↦Sometimes, you can run into a situation where you need to include a resource that lives in a place you had previously gitignored for safety reasons. One such example I ran into yesterday was kubeconfigs resulting from our eksctl usage. While we don’t want the root kubeconfig to accidentally get committed, we do want certain user kubeconfigs, in this case admin configs, to get stored in the same repo. We can do this as we use aws-iam-authenticator with roles to grant users privileges.
Continue reading ↦Recently, I published a Gist I made with my preferred Public DNS Servers including information and linkage about them. Today, I re-setup Adguard, one of the best solutions for blocking malicious content across multiple realms including Content Blocking, DNS Filtering, Tracking Protection, and Phishing+Malware. What’s even better is it allows you to specify your own DNS servers to use, natively supporting DNS over TLS, HTTPS, and DNSCrypt. Today, I leveraged that functionality to test and implement the following resolver configuration for my mobile device:
Continue reading ↦For most people in the k8s world, nginx-ingress has provided a fairly reliable option as their Ingress Controller. While it provides a boat-load of great features, it also provides enough string to get tangled in. Here’s one way we solved not wanting to create certificates for each microserivce, but instead, utilize a default certificate (wildcard) applied to all services existing under our TLD. The Problem For each Ingress definition you define, you can use cert-manager along with nginx-ingress to automatically provision a certificate for the given fully qualified domain name your provide i.
Continue reading ↦Sans the semi-click-baity title, I genuinely want to open your eyes to a new strategy I take with my backups, whereas I don’t ever really think about schedules, swapping out destinations, differential vs incremental, or any other backup idioms most of us consider normal. It’s 2019. Enter syncing. Across devices. Across operating systems. Over the network. Oh, and Free. Buckets Yep, just like AWS buckets, I have a logical representation for each content class, depending on its attributes and meaning to my overall life.
Continue reading ↦Most people don’t seem to fully understand Kubernetes probes beyond “they make sure my service is running”. Through my DevOps journeys, I’ve discovered probes can be incredibly powerful when leveraged effectively for your particular service. Here’s some of the things I’ve learned debugging and applying optimized probes to our deployments. General Probe Guidance Probes can be enabled for each and every container in a pod. It’s important to note that Probes don’t apply for a Pod, merely the containers within.
Continue reading ↦A lot of our services run more than one container in a single Pod to properly present the endpoint or execute the task at hand. In Kubernetes, this is encouraged as you’re taught to think of a Pod as a single unit of work representing your overall service. For example, you have a PHP-FPM container fronted by an Nginx container; both of these would exist in a single Pod. Note this article is only focusing on Pod’s with more than one container.
Continue reading ↦One calm April day, our internal ops application started showing problematic responses in the form of 504s. A HTTP 504 error is a server side gateway timeout and can be hard to diagnose. However, this usually has to do with the load balancers sitting in front of your application and their communication upstream. Ultimately the fix for came in the form of ensuring the application keep-alive timeout is the same or greater than that of the load balancers sitting in front.
Continue reading ↦Much like default values.yaml files for Helm, you can utilize ConfigMaps in Kubernetes for much the same capability. Our developers have started to do this to make it easier when managing Deployment objects across different environments. Give a ConfigMap: apiVersion: v1 data: allowed: '"true"' enemies: aliens lives: "3" kind: ConfigMap metadata: name: engage namespace: default and a Deployment: spec: containers: - env: - name: enemies value: badguy envFrom: - configMapRef: name: engage Taking a look inside the container:
Continue reading ↦We often find ourselves needing to test our Cronjobs more than we’d like out of band with their standard scheduled runtime. Kubernetes makes it super easy to do this by spawning a Job from the CronJob itself. kubectl create job --from=cronjob/<cronjob-name> <job-name> Thanks again stackoverflow!
The AWS Fingerprints listed on the Key Pairs page (in the ec2 web console) are not derived in a simple ssh-keygen fashion. Instead of installing their custom tools (ec2-api-tools, which is java) to compare fingerprints with keys locally, you can use the following command to generate the fingerprint on either the private or public key. openssl pkcs8 -in ~/Downloads/stockx.pem -nocrypt -topk8 -outform DER | openssl sha1 -c
This past weekend, I went down the rabbit hole on a project I recently discovered called Halo Online. From a past project between 343 and Saber Interactive, Halo Online was meant to be a free-to-play multiplayer experience based on Halo 3 available on PC. Sadly, outside of a closed beta in Russia, the game was cancelled. Luckily, those game files became available and modders created ElDewrito, enabling Forge mode and online servers for players everywhere plus other gameplay enhancements.
Continue reading ↦Since I have my own DAC/Amp (the coveted Schitt Stack), I very much like to play FLAC files directly to my DAC, ensuring no operating system mixer is filtering the output. This happens to be especially tricky when utilizing your optical audio output. One way you know you aren’t getting bitperfect playback is when you hear other system sounds or playback from other applications through your headphones. While this is pretty easy to achieve in Linux (VLC has a direct option as do other applications like deadbeef), it’s a bit harder in Windows.
Continue reading ↦Nowadays, systemd will halt your boot and dump you in emergency mode if any designated device mounts fail. While incredibly annoying, this is a safety feature. I encountered this whilst trying to boot my Raspberry Pi headlessly and wondering why I couldn’t ssh! To solve this, ensure you specify the nofail option for your in /etc/fstab for each of your mounts which shouldn’t interrupt the boot process. This is useful for external hard drives, NAS devices, and other headless systems.
Continue reading ↦In early 2016, I bought a Nexus 6p. It has by far and wide been my favorite device with a comfortable size, great screen, and a headphone port. While I’ve strongly considered picking up a fresh shiny Pixel, with both the proliferation of “fix it” stores and the sustained development of custom operating environments, I think its time for a Nexus Redux! First off, the battery. While Nexus phones are notorious for having an unrecoverable reboot looping problem, they also have batteries that can dye unexpectedly fast (i.
Continue reading ↦While my friends have been raving about Pi-hole for a long time, I’ve never actually started using it. This is for a variety of reasons mainly relating to how setup for my (semi-classic) router seems relatively sub-par. While I may not adopt it for my entire network, there’s a new player on the scene which covers all your devices, including mobile (without root), and it looks quite impressive: Adguard. From their main site, you can get a lifetime license for your device, which helps guarantee I’m not wasting my precious data (Project Fi ftw!
Continue reading ↦Today we officially announced availability of the recordings for DevOpsDays Detroit 2018 are live. Among them are some of the best talks I’ve heard in a while covering everything from DevSecOps to Chaos Engineering to an audience of almost 300! I’m still high from the new friends I made and DevOps learnings I soaked up. When’s the next one??? I want to take a moment to thank everyone who co-organized the conference with me, especially Joe Arnet, Dave Barnett, and Archie Cowan, all of whom I worked immensely close with.
Continue reading ↦As I’ve recently been so much more exposed to the eCommerce world through my current and previous companies, it’s been fascinating to observe the most important factors of an effective feedback loop. With any sort of Commerce business, its essential you do whatever necessary to understand your customers, and luckily, the Internet has helped us understand those interactions (much better than that slip of paper in your hotel room)! The following image is from Slack (yes I know, but I love the way it expands links) and provides three tools I haven’t actually been able to use (yet).
Continue reading ↦When you’re on CoreOS, short of using toolbox, you can actually solve most of your debugging needs by running containers. However, to really debug the host itself, the app should be in proper host namespace. Here’s a quick example of how to do this with something like htop which needs access to the host process namespace. Docker makes this super easy. docker run -it --rm --pid=host crosbymichael/htop You can also apply this for network based applications:
Continue reading ↦I’ve recently revamped my entire backup system. A datahoarder archivist like me has tons of data, with different tiers of importance, and multiple varying locations to store it. Though I’ve never lost anything important due to corruption, I absolutely understand the importance in verifying your data is what it says it is. Therefore, I set out to find a minimally invasive utility with a little more intelligence than a basic md5sum but not overbearing.
Continue reading ↦Anyone who knows me even a little bit understands my archivist tendencies. I love storage, specifically hard disk storage, and the challenge of manipulating data efficiently. A while back, I created a list of the most intriguing data utilities with a variety of features for backup, sync, archival, encryption, and others. Note these aren’t cloud services specifically, but may have the functionality to interact with cloud providers like google drive or s3.
Continue reading ↦Today I’m releasing a new project I’ve been working on to help bolster our adoption of more secure connectivity of cloud resources from remote locations. Bastion Prime is a containerized jump host meant to run anywhere (i.e. Kubernetes) as a more secure and ephemeral point of accessibility for bouncing through to internal systems. While a lot of people have successfully utilized things like OpenVPN or Pritunl (which just orchestrates OpenVPN), it can be much easier to deploy a simple container with an already populated authorized_keys file.
Continue reading ↦Working in Kubernetes most of the time, I find myself doing tons of reconnaissance around the environment I’m in. This can involve understanding the networking structure, environment variables, or other aspects of a deployed container in a distributed architecture. Additionally, testing edge functionality and communication (i.e. http headers) is especially important to ensuring everything works as expected. With this in mind, I finally started down the path of creating my own “playground” container.
Continue reading ↦In April, I became a CNCF Ambassador! For those who aren’t aware, the Cloud Native Computing Foundation is an open source body enabling communities around dedicated projects focused on container and microservice based architectures. With all of the exciting movement around projects like Kubernetes, Prometheus, and Envoy, its nice to have a vendor-neutral foundation backing the continued growth and stability of promising new open source projects. Through things like webinars, conferences, certifications, meetups, and other vessels are being bolstered by the CNCF to further people’s understanding and involvement with CNCF backed projects.
Continue reading ↦Remember how I said I’m back? That also includes a new gig leading DevOps efforts at StockX, a new e-commerce platform changing the way people interact with secondary markets. StockX aims to provide a brand new buying and selling experience for the exact same secondary markets served by the likes of Ebay…with two core differences: Verification of products and a live bid/ask (stock) market for all items. This system is applied to high demand products usually with small supply i.
Continue reading ↦As I’ve grown, I’ve increasingly realized the importance of making strong, solid connections with people. My extroversion has paid off many times already, and will even more in the future. It has constantly been a joy to interact with and be involved in tech-focused Meetups and Conferences around southern Michigan. Early last year, I founded Orchestructure, an Ann Arbor meetup group focused on DevOps and Infrastructure topics (the Orchestration of Infrastructure).
Continue reading ↦For a linux desktop, I’ve emigrated from Linux Mint over to the latest Ubuntu release in my “I’d like everything to work” kick. The older I get, the more I find myself growing in sharp disdain with flakey compatibility or busted scripts making a modern linux desktop more of a chore than I’d like it to be. In this realm, I have to tip my hat to Ubuntu for continuing to be as quick and easy as possible.
Continue reading ↦It’s back. Me. This website. My drive to write. The continued existence of my technological journey through a wide spectrum of challenging endeavours. It’s back and better than ever. Moving forward, a few things will be different. First off, this is no longer my personal outlet for internal thoughts and happenings: instead, you’ll be able to find those elsewhere (more later). Second, future posts will touch on everything from Python semantics, CI/CD, microservices, hacky one-liners, and every real approach to challenges many will encounter through their career in computing (as I have).
Continue reading ↦I recently obtained a disk dock and cloning unit (StarTech.com) for working with some of my internal drives (I have too many). This unit does a bit-by-bit clone of one disk to another, which is really useful! The problem with this is that each disk now looks exactly the same to your Operating System, meaning there is no way to mount them both at the same time! Furthermore, I decided to create a LUKS encrypted drive protecting an ext4 partition.
Continue reading ↦I just wanted to give a quick update on what my company, Arroyo Networks, is up to! Arroyo is moving forward with a brand new product in a brand new market with a brand new purpose. Over the next few months, we plan to offer a private beta of our prototype with an open beta shortly after that. Be sure to look for more announcements, a brand new website, and much more in the coming weeks!
Continue reading ↦This is a continuation of my original article on our New Dell XPS 15’s. This article will cover my “moving in” experience getting used to Gnome 3, and tuning Arch just the way I like it ;) That cool dude over at geeketeer.net has also written about his experiences and mods! Bootloader fun! Most people don’t know but GRUB has a multitude of theme customization options available. We use a set made around Arch Linux located here.
Continue reading ↦Introduction Both myself and co-founder, @seglberg, decided early in 2016 that it was time to rethink our workstations. We both had Thinkpad’s which were alright but lacked in performance and weren’t ready for the workload we presently required. While they’ve treated us well, we decided to look around and see what’s fresh in the laptop market, especially with the new Intel Skylake architecture available! With the new things we’re working on, it’s essential that we can quickly run compression, encryption, docker builds, and virtual machines, etc.
Continue reading ↦Going Public… Just over a week ago, my company rolled out our public presence: A fresh web site, LinkedIn profile, and even Twitter. I want to also thank all the wonderful people who have sent luck our way and those who have supported us thus far…you are awesome! Distro Change Moving on, I wanted to make mention of my recent decision to move to Arch Linux, an amazingly light, responsive, and elegant linux distribution.
Continue reading ↦Late last week, I resigned from my position at Arbor Networks in order to join a stealth startup. Unfortunately, I didn’t get to say goodbye to any coworkers because of my discretion around details of the new company. Either way, I’m hitting the ground running at my new gig and having a blast! Don’t worry, we’ll be going public pretty soon so keep an eye out! I want to thank all the people who have already shown their support and reached out wishing me luck.
Continue reading ↦I recently ran into a situation where I needed to copy a large amount of data from one box to another in a LAN environment. In a situation like this, the following things are usually true, at least for this project they were: Just creating a Tar archive on the source box and transferring it over isn’t gonna fly. The source contains many files and directories (in the millions); enough that its not even practical to use file based methods to move data over The Disk which data resides on is not exactly very “fast” and may be exceptionally “old” We need to maximize transfer speed and we don’t care about “syncing”; we just want a raw dump of the data from one place to another.
Continue reading ↦I recently decided to jump into the object storage revolution (yeah, I’m a little late). This drive comes from my very old archives I’d like to store offsite but also to more easily streamline how I deploy applications which have things like data directories and databases that need to be backed up. The Customary Lately, through my work at Arbor and my own personal dabbling, I’ve come to love the idea that a service may depend on one or more containers to function.
Continue reading ↦Sometimes, you need an application to run at a scheduled time. Ideally, it would be a really cool feature if you could merely tell the docker daemon to do this via some sort of schedule: * 1 * * * in your docker-compose.yml. Sadly this isn’t really possible. So you have two options: Source your image from a container which has cron installed. Merely install cron yourself. Either way, there are a few things you need to watch out for.
Continue reading ↦I wanted to mention something I just setup at work. The just of this involves the need to support shortnames/searchdomains. This allows a user to type in “bugzilla/” in their browser instead of a FQDN i.e. “bugzilla.example.com”. Of course, the DNS search domain of “example.com” must be configured (either manually or via DHCP). Enter hdr_beg(host) Using HAProxy, we can actually do one of three things relating to the host header (there are more, but these are the ones we care about):
Continue reading ↦In the past week at work, I’ve had a need to utilize some directly attached boxes working over NFS to share a storage array, the backblaze storage pod actually. This was necessary as the pods don’t have many compute resources to handle the load required to backup our datasets. Looking into this, I realized that optimizing NFS was an easy and surefire way to ensure it wasn’t taking extra resources on my pod.
Continue reading ↦Hmmm….I wonder what switch port this box is connected to??? [~]> apt-get install cdpr Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: cdpr 0 upgraded, 1 newly installed, 0 to remove and 31 not upgraded. Need to get 17.4 kB of archives. After this operation, 102 kB of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/universe cdpr amd64 2.
Continue reading ↦At work, we have a couple Backblaze storage pods (version 3 with 4TB drives) that we use for backup purposes. They were obtained before my time because quick, bulk storage was necessary to backup our object storage platform, Swift. Sadly, the boxes were deployed in an unsatisfactory manner whereas all 45 drives were pooled together in one gigantic LVM formation, meaning any one disk could die and data loss would occur.
Continue reading ↦Discovered that in recent Ubuntu versions, the following is the “official” way to up and down interfaces cleanly. Edit /etc/network/interfaces adding your entry similar to below: # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 10.1.24.30 netmask 255.255.254.0 network 10.1.24.0 broadcast 10.1.25.255 gateway 10.1.24.1 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 10.
Continue reading ↦I now run an entire Openstack Swift cluster that of course, is in production. The way its currently setup calls for for loops to be used to easily manage it. Of course, those get lame after a “quick” while. So I decided to take my second (the first was pretty bad, it was a Monday) plunge into Ansible. These are the voyages of the Ansible Noobcake. Its five-hour mission: to automate configuration parameters across all swift nodes, to boldly cfg like no man has cfg’ed before.
Continue reading ↦In our quest to roll out IPv6 intranet-wide, we ran into a weird issue with how we do VPN requiring us to filter out AAAA records being served to VPN connected clients. At first, this didn’t seem very easy. Then, pdns-recursor to the rescue! On more recent (>=3.1.7 versions), pdns-recursor can take in scripts (in real time, btw) to modify the way it operates. This is super handy and luckily, there is a filter-aaaa script available on github that does exactly what we want!
Continue reading ↦I just bought the Roku streaming stick for my parents place to supplement the cable box on one of the tv’s. The idea was that they would be able to easily connect it to the network and watch plex, netflix, etc.. in the course of under 10 minutes. That was not the case…. First, I plugged this guy in. It’s boot time was over a minute, roughly 2-3 minutes actually. The Roku then first takes you through the prompts to setup your Wi-Fi network and update itself.
Continue reading ↦Having your storage ripped from out from under your database is never good. I recently had to go through this where our iscsi storage backend powering our virtual machine vmdk’s magically died and even worse, its write cache was completely cleared out. Upon things coming back, mysqld was in a reboot loop which could only be stopped by enabling a innodb_force_recovery option in my.conf. Here’s some of the output starting up with recovery on:
Continue reading ↦Trying to setup my external with a couple partitions, one for encrypted Time Machine backups, and the other as ext4 for linux stuffs, yielded a no-go. In short, Time Machine wouldn’t let me encrypt my backups which I dumped on the first partition of my disk. Turns out this is because I used the older MBR partition scheme. These are the requirements in order for that check box to be clickable:
Continue reading ↦I’m tired. So I’m going to make this as short and clear-cut as possible: backupninja is a pretty nice backup program for linux which supports rdiff-backup, rsync, and duplicity. backupninja exists as version 1.0.1 for the latest stable ubuntu and debian packages. There exists a bug in this version of backupninja which disables it from rsyncing. This is a critical bug which disables you from using any host.
Continue reading ↦As I’ve started to containerize, certain webapps of mine utilize SSL for secure communication. Hence, I usually combine everything the resulting webapp needs to serve the app using SSL, including certificates and keys. HAProxy provides the ability to pass-through SSL via using tcp proxy mode. This is awesome, except you can forget about serving multiple domains/vhosts in this basic configuration. However, SNI to the rescue! From the HAProxy blog, there is indeed a way for HAProxy to inspect the SSL negotiation and find the hostname, sent via the client through SNI:
Continue reading ↦Today I started writing up a backupninja container for work. This container needs to be able to: Login into some of our prod boxes Store backup data on an NFS share The logical choice for handling the back-end was to use autofs because of its ability to handle mounts that may drop out for whatever reason, and since we really need our storage available, doing a plain mount is just not going to cut it.
Continue reading ↦I’ve decided its time to make life easier. With markdown entering my work environment last year, I’ve become pretty confident that it is as viable a text markup solution as any other formatting solution out there. And of course, the logical choice is Ghost :) Frankly, I love this. It’s simple, elegant, and forward. Right now, a lot of the older posts will look garbled. Unfortunately, formatting of code blocks didn’t carry over well using the Ghost Wordpress plugin.
Continue reading ↦Bet you don’t know what >&- does? According to Jeff @ stackoverflow: /your/first/command >&- 2>&- Be careful to note the order: >&- closes stdout, which is what you want to do; &>- redirects stdout and stderr to a file named - (hyphen), which is not what what you want to do. It’ll look the same at first, but the latter creates a stray file in your working directory. It’s easy to remember: >&2 redirects stdout to descriptor 2 (stderr), >&3 redirects stdout to descriptor 3, and >&- redirects stdout to a dead end (i.
Continue reading ↦A lot of people don’t get the difference to this and I think creack over at stackoverflow did a great job explaining this: Docker has a default entrypoint which is /bin/sh -c but does not have a default command. The command is run via the entrypoint. i.e., the actual thing that gets executed is /bin/sh -c bash. This allowed docker to implement RUN quickly by relying on the shell’s parser.
Continue reading ↦This post intends to give a great start to customizing your prompt, that thing you’re looking at all day whilst cruising the depths of linux ;P If you use oh-my-zsh or any one of the other frameworks, it’s quite easy to not care and just chose one of the provided themes. Below I’ll talk about some cool projects and sources of content for managing themes in your prompt. Antigen It’s even easier to dynamically switch themes using antigen, an open-source project which manages grabbing plugins and themes from github.
Continue reading ↦Recently, I’ve done a lot of work on my dotfiles. One thing that always bothers me is the sheer amount of aliases I have laying around everywhere. Kinda frustrating. Additionally, I have a set of scripts I in my env which I’d really like to automatically set aliases to easily. A commonly accepted idea is to separate all your aliases out into something like an .aliasrc file. This is definitely very helpful.
Continue reading ↦For zsh, I decided I wanted to simply add a line to my zshrc file to set the window title for iTerm2 to $(hostname) of the box I was currently logged in to: echo -ne "\e]1;${(hostname)}\a" Yes, its that easy:) Looking a little further into the superuser question. it appears theres another way that works for both bash and zsh and, by the author’s note: This way you can immediately see what host you’re connected to in what window, and the window title for each tab shows user & CWD.
Continue reading ↦I needed a quick and dirty way to allow a non-root user to use lower ports. This is because I’m starting to launch docker containers where the CMD process is run as a non-root user. The first container I thought this might work well for is my docker-ncat-proxy container which runs ncat as the nobody user. Using linux capabilities, we can set a binary to be launched without locking its binding capabilities using the setcap command.
Continue reading ↦This post will talk about how SSH handles private key forwarding and how to utilize it in a common use case for a more secure and seamless experience. You may want to study up a bit before reading on.. The Variables: client/local = host0 (i.e. my laptop) remote host = host1 (my server) secondary host = host2 (another server) ssh-agent = keychain (Keychain Access, gnome-keychain, etc..) tried/sent = offered for authentication The Facts:
Continue reading ↦For certain configuration directories in my home dir, I sometimes want multiple files pushed to my dotfiles repo, but the majority of them not to be cared for (.env, .log, etc..) so I needed a way to use gitignore the opposite way: block everything and only allow some things: # Ignore everything * # But not these files... !.gitignore !script.pl !template.latex # etc... # ...even if they are in subdirectories !
Continue reading ↦If you install windows on an IDE mode enabled storage bus, and then try to, say, do a clonezilla disk-to-disk copy to a ssd or other SATA hard drive and boot into windows, it will BSOD. This is because Windows won’t enable AHCI support if it doesn’t find it needs it. But, if you can boot into IDE mode still, you can fix that:) Startup “Regedit Open HKEY_LOCAL_MACHINE / SYSTEM / CurrentControlset / Services Open msahci In the right field, right click on “start” and go to Modify 5.
Continue reading ↦So after fighting with zsh for a bit, it seems there is never, ever, a 0 element in zsh arrays. All arrays start populating at element 1 i.e $array[1] Here is some example code to help ya populate and pilfer through an array of elements if its got at least one element: # the following ssh command will return location of each loaded key. for this example, we only have one key loaded.
Continue reading ↦This one is quite easy, but a little tricky. Had to do this for work as one of our groups was changing their email address and a few of the repo’s they used had files that depended on that email. A couple requirements to keep in mind: Had to be recursive Had to excude certain file types Had to do the replacement in an svn repository, which apparantly is difficult.
Continue reading ↦GPG is quite nice. I’ve only come to really appreciate it more recently with my delvation into Keybase.io and all the small, unimportant messages i can send to my friends:) Here are some examples of using symmetric enc on single files. Encrypting a file using AES256: gpg --pgp7 --cipher-algo AES256 -c wallet.dat Use/Load an encrypted private key in ssh-agent for 12 hours (without leaving an unencrypted copy on the fs):
Continue reading ↦An excellent article sent to me by a friend pointing out some of the important things to do/remember when creating Dockerfiles. You should also check out: Official Docker documentation best practices Michael Crosby’s take 2 Some key things to remember from a top level standpoint whilst getting started: Try to be “lean”. Your app is just that, your app, and usually, it should be the only thing running inside a container.
Continue reading ↦And yes, this handles file names with spaces and other weird characters…ohh the joys of double quotes. ls *.zip | while read i; do IFS="\n" echo "Starting on $i"; unzip -d "$i-extracted" "$i"; echo -en "Finished $i..\n"; done
This was fairly easy to do: Edit the sources.list or necessary file in sources.list.d to use the new version “qiana” and also utilize “trusty” ubuntu packages: 2. ` apt-get update apt-get dist-upgrade apt-get upgrade ??? Profit! Thanks tecmint!
This new site, Cipherli.st, allows you to get configurations for the major web server and proxy software suites to ensure they are using the most secure ssl/tls cipher settings for serving out sensitive content, or anything on port 443. The configs are copy/pastable into your web server configuration. Be sure to check there for the latest, most secure confs. Example for nginx: ssl_ciphers "AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; add_header X-Frame-Options DENY; ssl_stapling on; # Requires nginx >= 1.
Continue reading ↦Booting into the livecd, its pretty basic: Setup networking with “ip addr add” etc.. commands: # ip addr add <address>/<masklen> dev eth0 # ip link set dev eth0 up # ip route add default via <default gw> Set root user password and log in via ssh Do something similar to below, basically create a cloud-config, and call the coreos-install command. ?[~]> sh root@cartman root@cartman's password: root@cartman's password: CoreOS (stable) Update Strategy: No Reboots root@localhost ~ # export http_proxy=http://proxy.
Continue reading ↦This isn’t as easy as you think…a normal du -h doesn’t work on /var/lib/docker. This is because of the aufs filesystem docker uses that du by default skips. The proper way to figure out how much space is actually being used involves a few more arguments: docker -shx /var/lib/docker
git svn clone -s -r HEAD http://svn/java/<projectname> Not that you can do a range with a -r 2039:HEAD for revisions 2039 -> HEAD.
So besides how great it is to be able to just pull down a docker image, theres actually a bit more advanced things you can do in terms of manipulating an image. The following points will give you a better understanding of how to work with, create, and modify images for your own projects:) The two ways to get an image… A registry. A docker registry (i.e. registry.hub.docker.com) allows you to easily pull an entire image locally for utilizing to create other images or just start a container.
Continue reading ↦Fortunately, could only get server via the eval program….btw, I strongly dislike rhel. Via RedHat: yum groupinstall "X Window System" Desktop Edit /etc/inittab for runlevel 5 (change the 3 to a 5) /etc/sysconfig/desktop needs to contain: DISPLAYMANAGER=GNOME DESKTOP=GNOME Install vmware-tools (can do this via cli), mainly ./vmware*.pl (read the INSTALL) Enjoy?
A quick overview of architecture names for x86 systems: i386: The 80386 CPU has historically been the bare minimum for running Linux on a PC-compatible system. Consequently, a package for “i386? is designed for maximum compatibility and can run on any x86-like system; a system that describes itself as “i386? is either ancient or exotic, and can only be counted on to run i386 packages. i485, i586: Rarely-seen, these refer to the 80486 and Pentium (80586) CPUs.
Continue reading ↦So I don’t usually use a RHEL based machine, but recently was tasked with deploying one on our network. After the normal install process, which I decided to do text based via adding the following to the boot statement for the default installer option (push “e” when it appears): linux text I decided to setup networking later, after the machine was fully installed. On ubuntu/debian based systems, /etc/network/interfaces defines the configuration for interfaces on the system.
Continue reading ↦When migrating from one server to another, migrating the sql database is usually advantageous. There are two ways to do this, dumping the old database to a file(s) and re-importing that file to the new server, or, copy the database files themselves over to the new server (/var/lib/mysql) making sure they are owned by the new mysql user! If you perform the first method for migration/backup, it may be advantageous to also back up the mysql users you’ve created and granted access to certain db’s for.
Continue reading ↦Just a quick note, I found a fork of unetbootin called TuxBoot. I highly recommend it as it actually launched in Mint, unlike the latest unetbootin which: Doesn’t find usb devices on osx. Won’t even launch on certain linux distros for whatever reason? Tuxboot supports Linux and Windows….and worked for me the first time around:)
Docker gives you the ability to run linux containers or “chroot on steroids” which utilize a layered approach using device-mappper or aufs to enable users to create images, build containers off of them, and deploy applications quickly for both development and production (and maintain uniformity!) Before we start, virtually any major service/application has been “*dockerized*” meaning at least one person has made a docker repo for it! For examples, just do searches like “*docker-nginx*” or “*docker-powerdns*”.
Continue reading ↦Hmm, I kind of want to play digdug now:( If you have an IP you’d like to perform a reverse lookup on to find the domain associated with it, look no further than the very light and informational dig program: dig +noall +answer -x 199.232.41.10 Note that PTR records are not required for IP addresses. If a PTR record is not defined for an IP address, you cannot do a remote DNS lookup.
Continue reading ↦Hackedserver is now blogging. Please Disregard.
So I needed to take in a pasted stdin that was multiple lines. Using just read or any of the flags it provides don’t give a nice clean way to do this. However, using cat and sed, you can provide a few nice ways to allow a user to end the input stream and submit their entry: Ctrl+d: #!/bin/bash echo "Pipe in certificate, or paste and it ctrl-d when done" keyvariable=$(cat) Blank Line:
Continue reading ↦Recently, it seems my NFS connections have been crashing hard, most recently, a saved file from my browser to my servers’ mount point via NFS which caused the VM I was using to completely lock up:( So I did some quick searching and found these options which you should use when mounting any NFS shares: bg If the first NFS mount attempt times out, retry the mount in the background.
Continue reading ↦MySQL InnoDB engine based databases support compression of table data using zlib compression algorithm. From the official documentation, it is quite easy to create or alter a table to support compression! It of course helps quite a bit with column’s you might plan to use which contain a lot of text (using the TEXT, MEDIUMTEXT, LONGTEXT column formats). Here is how I altered my table using phpmyadmin (since I didn’t see an obvious place in the GUI to do it, I just ran the following SQL statements on the DB):
Continue reading ↦Using 7z: 7z l file.7z 7z x file.7z directory/neededfile.txt Using Tar: tar ztvf file.tgz tar xzvf file.tgz directory/neededfile.txt Note the “*t*” is the argument telling tar to list files, so you could do “*jtvf*” for a bz2 archive, etc…
So i’ve recently done more research into raid array performance and the variables that impact speed. I’ve found some really good articles regarding this discussing mainly chunk size but also stripe width, strides, and all kinds of fun terms you didn’t know existed. Plus, I found some useful info on how to properly format a raid array for optimaal perf! Disk Performance, Part 2: RAID Layouts and Stripe Sizing
Continue reading ↦docker run --rm -t -i phusion/baseimage:0.9.11 /bin/bash I use the baseimage-docker distro from phusion…its quite nice…includes bash, runit, and a few other nice features that make it feel like a full featured install that will work properly with docker (i.e. docker stop works correctly) The “*–rm*” will remove the container after you leave it. This is generally preferred. We just launch bash in this example. You could make your own image and launch it with zsh or the like:)
Continue reading ↦So I run multiple pastebin services. One day, a friend needed a paste from weeks ago and so to the database I went (using stikked). I needed to search the paste content, known as column “*raw*” and pull out the record corresponding to the content (date, id, etc..). What’s awesome is you can use regex in all of your sql statements when searching anywhere in the db. So I just did this:
Continue reading ↦Setting up ssh keys is effectively very easy. You throw your pubkey in its own line in your $HOME/.ssh/authorized_keys file. However, you may not know that it matters very much the permissions that the following files have set: home directory .ssh directory your authorized_keys file After doing this multiple times, here is the corresponding combination that works for me: 755, 750, or 700 (grp and other should have no write perms)
Continue reading ↦There is a pretty convienient way to save your docker images you build without needing to commit them to a registry: docker save mynewimage > /tmp/mynewimage.tar Then, to use it on a new host: docker load < /tmp/mynewimage.tar Thanks James!
Just found the command I’ve forever been looking for: goliath# blkid -o list device fs_type label mount point UUID -------------------------------------------------------------------------------------------------------- /dev/sda2 ext4 golvm /mnt/ssd2 158dac38-a368-4a37-983e-8e4b63cc838f /dev/sdd linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdb1 ext4 / d288026a-a2d2-45c0-b848-3ac032909b33 /dev/md0 ext4 /mnt/raid 5193fa69-3c56-46cd-90bd-31036c931f5e /dev/sda1 ext4 /mnt/ssd1 bc2503ac-ad7a-4c70-8127-6ed37c96548f /dev/sdl1 ext4 /mnt/usb becc31d7-35ff-4145-876a-2520460ff532 /dev/sdi linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdk linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdh linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdj linux_raid_member goliath:1 (in use) 4c9df4da-6def-7a1b-f269-1137c0c49112 /dev/sdf linux_raid_member (in use) c2e53423-5bc2-a1e6-fcbf-496432a662fa /dev/sdc1 ext4 /mnt/500dump 05fe6113-5433-45b1-9fb6-2346d94534b0 /dev/md1 jfs (not mounted) 9413d08a-fd5d-4f26-a876-198565f5e392 goliath#
So I needed to do per-directory hard quotas for my users. Luckily, xfs supports “project” quotas which allow a directory hierarchy to be soft or hard limited. To set this up for a user, lets call him derpface: Add the option “*pquota*” to fstab so the xfs partition gets mounted with project quotas enabled. Run the following commands to setup the project and directory declarations: mkdir /srv/derpface echo 1600:/srv/derpface >> /etc/projects echo derpface:1600 >> /etc/projid Note that the “1600?
Continue reading ↦And…putting an emphasis on uid/gid’s for when you really need to keep perms exact: tar czpvf ../home.tgz --numeric-owner * .* Note that you don’t need the “p” when you run this as root.
Made a change to sudo and fudged up the line where I give myself certain permissions… This caused a fun parse error that wouldn’t let me continue my “*sudo su*” Its ok though, just run: pkexec visudo type your pass, and you’ll be dumped into the sudoers file for fixing! Thanks, askubuntu!
http://sourceforge.net/p/parchive/bugs/74/ ^This is a patch for people running gcc 4+. Use the patch command to apply it. And then do the normal, ./configure, make, make install
Ran into this with my internal testing boxes. Basically, I would mount a simple insecure uid/gid mapped share: /mnt 192.168.1.0/24(rw,all_squash,insecure,no_subtree_check,anonuid=1000,anongid=1000) on a testbox with a username different from the one of the server. But, the uid was the same (1000). With NFSv3, this would have been fine. With NFSv4, there are some differences. Hence things like ssh keys would not work because while I could remove and create new files, the files that existed there were still not technically mine?
Continue reading ↦In one of my scripts, I wanted to create a log file that was dynamic based on how the script was running. For example, if the script was doing something like waiting on another script or generated an error for whatever reason, I wanted the log file name to change to reflect that. I started with this. I used the $STATUS as the switch and called a function (setstatus) to change that based on what was passed (by another function or whatever etc.
Continue reading ↦You might want to get in the habit of doing this so you don’t have to restart rtorrent all the time. Ctrl + x, import=~/.rtorrent.rc If you are only adding a few lines, you can just Ctrl + x and paste/enter them for them to be loaded. Thanks, http://rakshasa.no/pipermail/libtorrent-devel/2008-January/001476.html
Yeah. ccze. is awesome! I really wanted to use it across my systems and with all applicable commands like head, tail, cat, etc.. So I wrote a zsh function to check if the command exists and utilize it. This was kind of a pain because of the corner cases (people using pipes or redirection with the command etc..) Through it all, I created two new commands, catless and tacless. Read some of the comments to find why.
Continue reading ↦The server I usually use to store my repo is going to go offline soon. So I decided to just move it to bitbucket (love the free private repos:) $ git remote origin So obviously we only have our remote origin. git remote remove origin git remote add origin [email protected]:username/repo.git Then, lets push up our repo and all associated data with it (i.e. your commits) git push -u origin --all # pushes up the repo and its refs for the first time git push -u origin --tags # pushes up any tags And thats it!
Continue reading ↦delete old emails if necessary, turn off convo view (Settings > General) since this lumps everything together. (note, you can do things like “before:2014/4/29?) Use getmail to pull all emails as mbox or Maildir format from your old email account. I initially did maildir hence why below I convert them to mbox for thunderbird. I configured like this for pulling from our corporate exchange server: [retriever] type = SimpleIMAPSSLRetriever server = exchange.
Continue reading ↦Setting up VPN via NetworkManager in Linux Mint was actually really simple. But I kept having issues with DNS. I set up my VPN server to push down itself as the dns server to use and a domain-search domain. The domain search domain from vpn was getting mixed in with the other search domains from the local dhcp server when the connection was on eth0. NetworkManager launches dnsmasq when it starts.
Continue reading ↦This hack will enable your client machines to basically use the internet entirely through the vpn. On the server add the following to your openvpn config file: push "redirect-gateway def1" push "dhcp-option DNS 192.168.1.1" If your vpn is for example your home gateway, you’ll definitely want to use the gateway address. If your vpn server is on a remote server somewhere and it doesn’t run its own dns server or you don’t have a dns server running on the vpn network, you’ll want to just use a public dns server address such as Google’s 8.
Continue reading ↦apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome Then just go through the network manager menu’s and add a VPN connction. On Mint 16, I just selected import, and selected my config file which sits in the same directory with all certs and keys involved.
You probably have your ssh private key password protected. However, are you encrypting them with the more secure PKCS#8 standard, or the default that ssh-keygen for some reason still uses? The following articles help explain this whole idea that using PKCS#8 (which is a part of OpenSSL, hence can be used with OpenSSH) is a much stronger format for encrypt your keys with. I recommend you read them in this order:
Continue reading ↦From apple discussions: (note this relates to time machine as I wanted to decrpyt since I’m moving to linux. Once on linux, this script seems to be necessary) — I too was under the mistaken belief that I would be able to turn off encryption the same place that I turned it on. This cannot be done from within Time Machine (at least not in OS X 10.9) – you need to do it from within the Disk Utility:
Continue reading ↦So I already describe this in another post and there are various guides on the intarwebz: 1, 2. But I wanted to point out one thing. For ubuntu, the pam_access line wasn’t working in pam.d/common-auth, where I usually put it, nor was it working in pam.d/login. But, it worked in /etc/pam.d/common-account !!! Just throw it below the pam_deny.so, account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so account requisite pam_deny.so account required pam_access.so account required pam_permit.
Continue reading ↦So I added a shiny new znc init script to /etc/init.d/ and I want to enable it so I can use upstart to start and stop the service and control it at different runlevels. First, ensure the script is 755, then lets use chkconfig to get this loaded up! If you don’t already have it: apt-get install chkconfig then do the following: chkconfig –add znc chkconfig –level 2345 znc on service znc start
Continue reading ↦See something like this: perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LC_CTYPE = “en_US.UTF-8”, LANG = “en_US.UTF-8” are supported and installed on your system. perl: warning: Falling back to the standard locale (“C”). everytime you run something perl dependent? Fix it! sudo locale-gen en_US.UTF-8 Thanks ubuntuforums, your amazing!
From askubuntu: Security updates are available for 12.04, 12.10 and 13.10, see Ubuntu Security Notice USN-2165-1. So first you need to apply the available security updates, for example by running: sudo apt-get update sudo apt-get upgrade from the command line. Do not forget to restart the services (HTTP, SMTP, etc.) that use the affected OpenSSL version, otherwise you are still vulnerable. See also Heartbleed: What is it and what are options to mitigate it?
Continue reading ↦So this is something many people have had to deal with since the inception of online gaming (generally on consoles). If you were to go through the NAT error solution troubleshooting steps on xbox.com, you would get recommendations to: Enable UPnP on your router….on the WAN side…NOPE. This is a security risk. Don’t do it. Utilize a DMZ setup. No. This is stupid and unnecessary. Although it is the easy way out…
Continue reading ↦A fancy little trick with the find command, you can do -name or declarations with the find command! find . ( -name “.sh” -o -name “.pl” -o -name “*.php” ) -mtime +20 ^that command will find (recursively) any php, pl, and sh files older than 20 days in the current directory. Thanks, unixtips.
This is really useful if your in a predicament where you get a show that has constant releases…they can be overwhelming! It depends on your Sickbeard running and needs very little to do its work. #!/bin/bash : <<‘END’ This script allows you to remove tv shows that have lived on your filesystem over x amount of days. It will also remove any nfo/tbn files associated with the episode if you are telling Sickbeard to populate them (I use the xbmc profile).
Continue reading ↦This is a little tricky and a lot of people don’t use sed like this. But its actually not too hard to get a piece of a string. Lets say we have: herpderp.S14E90.tbn We want the “14? and thats it. Here is a sed that will print that out. What we are doing is telling sed about the area around the 14 so it properly matches it and then using parenthesees to indicate what we want:
Continue reading ↦http://serversforhackers.com/articles/2014/03/20/getting-started-with-docker/ Just wanted to note that this tutorial/intro on Docker does a great job of opening the door for this fantastic creation which has been extremely beneficial to many sysadmins already. I highly recommend you take a gander at the power of docker and how easy it can be to install/configure/implement into whatever your doing!
git fetch origin git reset --hard origin/master git clean -dffx If you run the above commands instead of just a git pull, your repo will be synced exactly (1:1) with its remote. This means: Any new files/folders you created will be removed, including sub-repositories. Any files you’ve changed that already existed in the repo will NOT have their changes stashed/saved. Any .gitignore files are not followed! Meaning any ignored files in a particular directory that were added by a program/script will be removed!
Continue reading ↦Its easy just follow the beat: sed ’s/Find/Replace/;s/Find/Replace/’ ^I use that one a lot for when I am piping something to sed. It’s epic. More here!
73387# ^Looks something like that. The actual data are the numbers, with the ‘#’ added (with inverse coloring b/w fg and bg colors) and my shell newlined. This is an intended zsh feature, not a problem. PROMPT_SP Attempt to preserve a partial line (i.e. a line that did not end with a newline) that would otherwise be covered up by the command prompt due to the PROMPT_CR option. This works by outputting some cursor-control characters, including a series of spaces, that should make the terminal wrap to the next line when a partial line is present (note that this is only successful if your terminal has automatic margins, which is typical).
Continue reading ↦wasdkeyboards.com is an epic site with awesome stuff. And one thing I love the most is having customization options at my disposal. Tell me which one of these you like! #1: #2: #3: #4:
The following guide explains a method for converting a Digital Ocean Droplet to a VMDK which can be used under VMware ESXi Hypervisor or other virtualization software. This process is one way. It is currently impossible to convert a VMDK to a Digital Ocean Droplet. View it here (pdf)!
So I had the normal irssi config stuff all defined and all setup from my non-bouncer days. So I figured, with the bouncer, it shouldn’t be hard to get changed over etc.. Here is what I had pre-bouncer: servers= { { address = “server.com”; chatnet = “derp”; port = “1820”; use_ssl = “yes”; ssl_verify = “no”; autoconnect = “Yes”; }, ); chatnets = { derp = { type = “IRC”; nick = “username”; };
Continue reading ↦What this does is allow you to easily work with iptables without the fear of ever being locked out of a remote box. Trust me, when it happens, you’ll wish you had something like this. All you really would need to change to use this yourself is the FLUSH_WAIT timer and maybe some of the print’s. Otherwise, this should work across pretty much all systems. Read the comments to learn more about what this does.
Continue reading ↦hping is nice for sending a bunch of traffic just to test certain reactions of remote machines etc.. Here are some cool ways to use it and some useful links on more info. Start a flood of icmp packets with a rand src: hping 16.0.24.2 –rand-source –flood –icmp -V Do 500pps with just one src: hping 16.0.24.2 -i u2000 –icmp -V Here, we use the -i u2000 which tells hping to send a packet every 2000us which is 500 packets per second.
Continue reading ↦Want all traffic destined for 16.0.24.0/24 to go through your interface with ip 192.168.192.7? route add -net 16.0.24.0 netmask 255.255.255.0 gw 192.168.192.7 To delete this route, route del -net 16.0.24.0/24 Ohh and static arp to one of the hosts in that network? arp -s 16.0.24.2 00:50:49:A0:9E:E0 It’s so easy! More info here and here.
http://misc.flogisoft.com/bash/tip_colors_and_formatting Also, see this archlinux wiki page. ^An extremely reliable and helpful source! Note if doing echo’s, be sure to do an echo -e “stuff” instead of just echo “stuff”. In zsh (maybe bash too), I like to do the following for prompts: (gold asking text, cyan (underlined) link, newline and white ‘>’ character waiting for user input) print -nP “\e[0;33mAre you sure you want to do this?, y|n? If not, go here:\e[0m \e[4;36mhttps://randonplace.
Continue reading ↦So we needed to proxy our plex server through another box. That part was easy enough with a nice little ncat socket running on the proxy: ncat -k -l 32400 –sh-exec “ncat server.com 32400” Now we can access through the proxy address proxy.com:32400/web which is great and all. However, to get our devices/plexweb to use the new address, some kung fu’ery is needed. Basically, your PMS install goes out and uses plex servers to figure out its external ip address.
Continue reading ↦#!/bin/bash echo before comment : <<‘END’ bla bla blurfl END echo after comment From http://stackoverflow.com/questions/947897/block-comments-in-a-shell-script
On ubuntu 13.10: (you should have python3.3 installed already, it comes default) wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | sudo python3.3 2. easy_install-3.3 virtualenv 3. virtualenv –no-setuptools –always-copy virtrepo/ 4. wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | virtrepo/bin/python3.3 5. cd virtrepo/ 6. ./easy-install pip 7. ./pip install Pyramid==1.5a4 8. virtualenv-3.3 –relocatable ../ Breakdown: We get the latest easy-setup, install it, install the virtualenv package, create our virtualenv in a directory “virtrepo”, grab easy-setup for this new env, install pip in it, and use pip to install pyramid.
Continue reading ↦So most people know that to mount a disk to two different locations, they can do a simple mount –bind like: mount –bind /origlocation /newlocation However, what if you want that second location to be a read-only location to the filesystem? Try this: mount –bind /origlocation /newlocation mount -o remount,ro /newlocation ^that should properly work! More reasoning for this here.
Assuming you have your VIDEO_TS folder in /mnt/data/dvd Create iso image: genisoimage -o /mnt/data/dvd.iso /mnt/data/dvd/ Burn iso image: growisofs -dvd-compat -Z /dev/sr0=/mnt/data/dvd.iso Note you may need to apt-get install these utils…I did.
To counteract this behavior, run it with a space after it. For instance, I have an alias like this: <br></br> alias sudo='sudo '<br></br> That way, whenever you type sudo, you are actually adding that extra space which enables aliases to be expanded in your current env!!!! More here!
That’s why you have to use mget in place of mirror! Kinda annoying but it must be done….ohhh and the other downside is you lose any segmented downloading with mget as only mirror can do that. I posted a little snipped on this answering a question on stackoverflow.
apt-get install smartmontools smartctl –all /dev/sdk RAW_VALUE: this is the only thing with real or physical meaning, generally these are the counts or the measurements VALUE, WORST and THRESH are all reported in the same arbitrary units, which normalize the raw value to 0-255, where bigger is better. VALUE is the current value, WORST is the worst that has been recorded while the disk is functioning, and THRESH is the floor that you want to stay above.
Continue reading ↦So that title isn’t exact…as most of you should know, you cant create hard links for directories…you also can’t create hard links across filesystems….there are pretty obvious and more technical reasons for that. So the alternative is to create the dirs and hard link the files in the dirs…which if done manually using ln continuously, would be painful. However, the cp command can do it for you in one fell swoop!
Continue reading ↦for i in $(ls | cut -c 1 | grep -v ‘[0-9]’ | uniq); do mkdir “$i”; done EDIT: So that ^ was my first thing. Then I decided to take this further…one line to rule them all and both create the single letter directory and then continue to move every other folder into the single letter directory: for i in $(ls | cut -c 1 | grep -v ‘[0-9]’ | uniq); do mkdir “$i” && for j in $(ls | grep ‘^’$i’.
Continue reading ↦So even after configuring my /etc/mdadm/mdadm.conf (im using ubuntu, its /etc/mdadm.conf if on deb), for some reason, at system boot, I was still getting a device name of /dev/md127. As per the ubuntu forums, this is a common problem with a change made in newer kernels. Here is my mdadm.conf: # mdadm.conf # # Please refer to mdadm.conf(5) for information about this file. # # by default (built-in), scan all partitions (/proc/partitions) and all # containers for MD superblocks.
Continue reading ↦Meaning if you hard shutdown your machine while testing etc.., when you reboot, grub will actually just stop and sit there. Which is totally what I want all the time…certainly don’t want to boot into that OPERATING SYSTEM that gets me and IP ADDRESS so I can remotely log into my BOX! I used the method described here to disable this. Basically, you disable the check from matering when the timeout decision is made in the make_timeout function.
Continue reading ↦So this works the same way you do it for normal Linux distros….with one catch. Use Rufus, unetbootin (what we used) LiLi, etc… to actually write the iso properly to the usb key. Edit your BOOT.CFG file and add “ks=usb” directly after “b.b00? so it should very similar to: modules=/b.b00 ks=usb — /useropts.gz Boot with the USB and love me forever.
There were intermittent storms and wind around me last night causing not full on power outtages but instead, dreadful power dips! So my server went down. Waited a bit until things seemed to be normal. Brought it back up. About 2 minutes later, power dip (im thinking now that it was really only a problem for devices taking a ton of power/voltage, aka, my server). So I said screw it. Shut everything down.
Continue reading ↦Not fun. I just spent like 1.5-2 hrs messing around with this pulling my hair out. So I have an asus p8z77 which supports uefi. I just recently acquired a IBM Serveraid M1015 and read this awesome post about flashing different LSI firmwares to the card to enable pass-through etc.. I decided I wanted to flash the “IR” firmware to get the best of both worlds. So I made my usb boot key:
Continue reading ↦Yeah…try to mitigate against this in the future. We basically were doing a reshape to grow the array using these commands: # mdadm –add /dev/md0 /dev/sdfp1 # mdadm –add /dev/md0 /dev/sdgp1 # mdadm –grow /dev/md0 –raid-devices=9 So what initially happened is the box lost power and then the power came back the box automatically restarted… With this, mdadm actually assembled the array in a read-only mode and saw the array as the new number of devices:
Continue reading ↦UPDATE – So a friend just turned me on to the fact that you can actually talk to a drive via a raw path in OSX. Using a device name like /dev/rdisk2 bypasses any extra buffer cache in between you and the raw disk. So in the example below, the entire operation would move much faster by using /dev/rdisk2 instead of just /dev/disk2. Thanks to Jared for notifying me of this and superuser.
Continue reading ↦So I’m doing some server/hdd moves etc.. that will be temporary. So I wanted to disable some of my services that rely on those mounts etc.. Rather than completely change runlevels the daemon starts and stops on (update-rc.d) or messing with symlinks in /etc/rc2.d, I found a much easier way: Disable daemon from any runlevels: # insserv -r Enable daemon again. It will keep any runlevels it previously had. # insserv
Continue reading ↦sudo apt-get install apache2-utils sudo htpasswd -c /var/www/mywebsite.com/.htpasswd exampleuser Put the following in your nginx conf file for the given server block you want this to apply to: auth_basic “Restricted”; auth_basic_user_file /var/www/mywwebsite.com/.htpasswd; Thanks DO!
So working with the ALU chassis, its totally the most fun time of my life (scp locally doesn’t support wildcards or directories, thank god I could initiate it remotely). I scp’ed over a bunch of files, cores, diags, and backups all with an awesome naming convention like so: 9-2_backup-alu2.0_2001-10-18_16-48-03-gmt.tgz 9-2_backup-alu2.0_2001-10-18_17-48-03-gmt.tgz 9-2_backup-alu-core1.0_2001-10-09_14-21-14-gmt.tgz 9-2_backup-alu-core1.0_2001-10-09_14-23-09-gmt.tgz 9-2_backup-alu-diag1.0_2001-10-09_14-22-05-gmt.tgz Where the basic number after “alu” is a backup, the core is a core, and the diag is a diag.
Continue reading ↦So this is how I recommend everyone backup their database…It basically provides for any mucked database you might have by adding remove statements before the create statements. And it back’s up all the databases you have for a given MySQL instance…which makes life easier! mysqldump -uroot -pawesomepassword –all-databases –add-drop-database –add-drop-table > db.sql
0) Install inspircd on newbox 1) from oldbox: scp -r /etc/inspircd root@newbox:/etc 2) from oldbox: scp -r /home/irc root@newbox:/home 3) on the newbox: chown -R irc /home/irc 4) edit the motd to make it unique 5) Install gnutls-bin libcurl3-gnutls libgnutls26 libgnutls-dev libneon27-gnutls 6) Copy over the old m_ssl_gnutls.so file because apparantly the new one doesn’t work. (this is more for my own personal thing…not for you exactly.)
telnet towel.blinkenlights.nl dig ch whois.cloudflare @emma.ns.cloudflare.com traceroute 216.81.59.173
Went through this with Dillinger, a live markdown converter that makes it easy to write markdown! cd rm -rf node_modules npm install Here’s where I found the fix: https://github.com/lefnire/habitrpg/issues/781
Just dump your updflash.bin at the root a fat32 (msdos) formatted usb stick and do the following….this should work with any version of xell/xellous:: For best results of getting the usb device detected. Remove the power plug from the console after running the MS dashboard. Then reinsert the power plug, insert usb device and then boot into XeLLous. More on this whole Xell process stuff here from xbox scene
OK YOU READY?!??? When you run tmux, you create a new Session. In that session, you are put into a Window (usually 0) In that window, you can create panes (usually [prefix]+” and [prefix]+% depending on horizonal or vertical) To create a new window, [prefix] + c So each window will have a statusbar at the bottom, yet each window will share the same list of available windows in the session looking like:
Continue reading ↦So I experienced tmux last week for not the first time but the “definitive time” where I actually played/studied it and configured it to my liking. One of the key things I loved about it was the epic mouse integration for scrolling, selecting panes, and resizing panes: #enable mouse support setw -g mode-mouse on set -g mouse-select-pane on set -g mouse-resize-pane on set -g mouse-select-window on I also enabled the tmux plugin for oh-my-zsh which adds a few nice features, primarily allowing you to not have to type “attach”.
Continue reading ↦Ok so this gets a little intense to think about but its something you might run into if you are using virtual terminals with ssh keys and agent forwarding etc.. NOTE: All code involved here is stored and updated at my github here!! for all intents and purposes, tmux = screen for the rest of the article. My first problem: When leaving a tmux session running on a server, logging out of that server and going home, logging back in and pulling up my tmux session (tmux attach), my key forwarding doesn’t work anymore.
Continue reading ↦Because I always forget how to do this: if [ “$1” == “help” -o “$1” == “-h” -o “$1” == “?” ]; then echo “don’t forget!” else echo “aww dude you forgot” fi thanks crazed monkey
Don’t know what lftp is? Look here. (it’s only the most feature rich, fastest, most epic file transfer program for linux:) So lftp is a little tricky when trying to use it in scripts etc.. since its meant as an interactive ftp application/client. However, it is possible to use it with one command and also to utilize ssh keys. Here’s an example: lftp -u username,placeholder -e “set sftp:connect-program ‘ssh -a -x -i /home/username/id_rsa.
Continue reading ↦So at work, I log into a lot of test boxes that share a common password (most of the time). Now while the password isn’t too long, I still would prefer to not type it every single time i log in to these boxes. Ohh and the installed OS is always changing (part of our testing) so ssh keys isn’t an option. So I needed a way to ssh via providing a plaintext password on the cli (or through a variable/file, etc.
Continue reading ↦http://speckyboy.com/2013/05/01/bootstrap-toolbox/ has pretty much every Twitter bootstrap tool you could ever see yourself needing. I mostly appreciate the bootbox and hover dropdown projects listed there. There are also some customizers which are quite useful!
This applies to a local port on localhost that your destined port 80 traffic will be routed too instead: iptables -t nat -I OUTPUT -p tcp –dport 80 -j REDIRECT –to-ports 8123 Make sure you do something like the following (where you specify the interface) if you don’t want requuests to localhost also sent out the proxy: iptables -t nat -I OUTPUT -o eth0 -p tcp –dport 80 -j REDIRECT –to-ports 8123
from here Basically, you need to increase the size of the following values above what you want your maximum value to be (except for upload_max_filesize which you can keep at exactly what you want the limit to be). Here, we want our max file size to be 10MB. memory_limit = 32M upload_max_filesize = 10M post_max_size = 20MOf course these go in your php.ini file which is usually in something like “/etc/php5/apache2/php.
Continue reading ↦So damn useful: grep -r “texthere” . from [](http://stackoverflow.com/questions/1987926/how-do-i-grep-recursively)
Add something like the following to your client.conf file: script-security 2 # run /etc/openvpn/up.sh when the connection is set up up /etc/openvpn/up.sh Obviously, up.sh must be executable. Also, if you expect the command to fail but still want Openvpn to start correctly (it will die if the script returns anything other than 0), then tack on an “exit 0? at the end of your script. Thx to askubuntu.
To set bind an addy to loopback (any incoming traffic destined for that ip address (in this case, 80.0.2.1) get pushed to lo: ip addr add 80.0.2.1⁄32 broadcast + dev lo Now when you ping for that host, your loopback will actually be the one responding. For work, I’m actually on a client machine that knows about a server (has it in its routing table) which needs to have this set up in order to respond.
Continue reading ↦1) Download the new CM rls, new radio for ATT (UCMC1 for jb), and new gapps. 2) Install all of them with recovery software (I did CM, Radio, Gapps in that order) 3) A few apps like Gmail and Google Music had problems launching so I uninstalled and reinstalled from Google Play. 4) ???? 5) Profit. Some links that help: http://forum.cyanogenmod.com/topic/75214-cm-1012/ http://forum.xda-developers.com/showthread.php?t=1785999 http://forum.xda-developers.com/showthread.php?t=2228292
grep -rl matchstring somedir/ | xargs sed -i ’s/string1/string2/g’ Ok so yeah. This uses grep to find a string in files in a directory and then executes sed to change a string in all of them. A beautiful super simple command…thx vasir!
Have a file on reviewboard that you want to download and run? 1) Go to download diff. Either copy the contents (with a bunch of +’s in front of everyline) to a file called “code.diff” or pastie the contents and grab them with wget. 2) Run the following…you may need to check that there are no empty lines without a + in front of them (possibly at the end of the fle)
Continue reading ↦The following command will initiate a ssh tunnel and daemonize itself restarting the connection if it drops for any reason: autossh -f -M 20000 -i /home/user/id_rsa -D 12345 [email protected] -N More examples of using autossh to do this can be found here
0) Make sure you have Windows 7 Enterprise or Ultimate. The others won’t work. 1) Add the “Services for NFS” feature throguh the Program and Features thing in Control Panel 2) run something like: mount -o anon \192.168.1.101\mnt h: where h: is the drive letter the mount will be mounted to. Pretty awesome. This should probably work for directories as well. More here.
tsocks provides a way to tunnel individual tty sessions or everything on a linux box through a SOCKS 4⁄5 proxy. What this enables you to do is use a SSH tunnel to proxy programs and applications through etc.. What do you need? apt-get install tsocks edit /etc/tsocks.conf local = 192.168.0.0/255.255.255.0 server = 127.0.0.1 server_type = 5 server_port = 12345 Here, we assume we have created a dynamic ssh tunnel using lets say the following command:
Continue reading ↦sudo apt-get install $(apt-cache depends | grep Depends | sed “s/.*ends:\ //” | tr ‘\n’ ‘ ‘) Where is the name of the package you want to install the dependencies for. A very cool command indeed especially when you want to build something from src instead of having your package manager download it. From here.
For a long time, I have been wishing for an easier way to get torrents added to a remote box, download there, and then securely transfer them to my home server. There are multiple things to think about when doing this like the following: 1) The torrents must stay on the remote box and continue seeding. 2) They must be unrared when i go to view them on my home server.
Continue reading ↦Been doing a lot of rutorrent stuff lately since I decided its finally time to tune this to my liking for easily managing files and transfers to other servers etc.. I’ve known about this plugin for a while. It’s called filemanager and it’s extremely useful as a file browser right in rutorrent hence you don’t need to ssh in or ftp to manage directories and files. It has a bunch of other features like compression, deletion, and virtually anything else you could think of.
Continue reading ↦A nifty little plugin that displays the current dl and ul speeds on your title bar: https://github.com/SanKen/rutorrent-titlebar
Yeah I sat on this issue for a little while. I was running it like this: lftp -u user,pass -e “mirror –parallel=10 -La /derp /herp; quit” sftp://awesomename.com:2343 as I wanted to do a mirror from a remote sftp server to my local /herp directory with some awesome parallel downloading!!! However, the remote directory has symlinks that I expected lftp to actually follow and download…but it wasn’t (note that I double checked perms and everything was fine).
Continue reading ↦So I’m developing a setup that involves my server at home to pull on the fly downloads on a remote box. The idea is that I want to be able to mark a certain torrent for rsync/tranfer down to my home machine by having it watch a directory on the remote server called “ready”. In this directory should be symlinks made by a rutorrent plugin that I call by right clicking the torrent I want transfered and just selecting “Mark for Rsync” or the like.
Continue reading ↦In Linux, there are multiple ways to do this depending on the caching daemon you’re running (nscd, dnsmasq, etc..). I will defer to this askubuntu question for the best explanation of all scenarios but will outline the most common below: sudo /etc/init.d/dns-clean restart OR sudo service dns-clean restart Mac OS X dscacheutil -flushcache Windows (pretty much all of them): ipconfig /flushdns
So I recently had to share out NFS shares which needed to be readable and writeable by the user mounting them. This is actually quite easy with NFS. Essentially, you are telling nfs that any changes by any client user are mapped to a single user on the server: /mnt 192.168.1.0/24(rw,all_squash,insecure,no_subtree_check,anonuid=1000,anongid=1000) I obviously don’t have to tell you how dangerous this can be…so unless you are sure you want to do this aka you trust everyone on the network you are sharing this out to, don’t do it.
Continue reading ↦Something like this is easy to find on google but just a note to myself: 1) Set security = share 2) Make a share like so: [mnt] path = /mnt comment = mntroot browseable = yes guest ok = yes read only = no #set to yes most likely, this will allow rw in its current state using the nobody user write list = john # or you can do this public = yes
Continue reading ↦UPDATE – The Purge… So following instructions isn’t enough apparantly. Connecting to the server with XenCenter opened my eyes. A) To use local disks, you have to use a cli utility that doesn’t seem to work properly for me (thinks /dev/sda1 is for sure in use when it actually is not) and seems to not understand anything but an LVM setup. Now yes, I didn’t do LVM when I installed Xen but seriously?
Continue reading ↦Yeah for some reason, by default, this is like a hidden folder in Finder. Here is how to get it in your side bar: 1) Open Finder 2) Click , Go > Go To Folder, enter in the full path to the ~/Library directory 3) It should open in Finder. Now, drag the blue folder icon in the title bar and place it anywhere you’d like in the sidebar. 4) Done.
Continue reading ↦I recently just bought a usb gigabit ethernet adapter for my macbook pro. I got it from monoprice.com, the greatest place for anything cable/connector related. It came with a driver disk which I promptly set aside expecting to throw away when I next walked by the trash can. I went onto the monoprice driver page and looked for the product I just bought, and clicled download: PID 5345 USB 2.0 Gigabit Ethernet Adapter Drivers
Continue reading ↦Alright heres what I needed to do. I have a gentoo vm on my mac. The Gentoo vm has two interfaces, eth0 which is bridged and eth1 which is shared with my mac. Upon boot, both interfaces become “UG” status (in a netstat -rn) meaning they are both default gateways. This works while I’m at work since I’m on the comapny lan anyway so either way, stuff is going the right way.
Continue reading ↦1) Make sure all of the users processes are dead. ps -u username ^will show you everything that user is running. Then to kill all of their processes: ps -ef | grep admin | awk ‘{ print $2 }’ | xargs kill -9 (or you can su to them and run “kill -9 -1?) 2) Obviously as root, run the following: usermod -u NEWUID username 3) Or, you could just edit passwd.
Continue reading ↦It a good idea, especially if you making keys just for automated processes to run like an rsync for instance, to tell the remote end to only allow certain clients to do certain things. Here’s a few tips on things to add to the beginning of your public key in authorized_keys: 1) Lets only allow from a specific host or set of hosts: from=”*.ac.uk” 2) Let’s not allow anything else at all, not even a tty or forwarding etc.
Continue reading ↦If the user doesn’t have a password set or your just tired of being prompted everytime you use sudo, heres the solution. Edit the line that defines the group/user in the sudoers file to look like this (more here): username ALL=(ALL) NOPASSWD: ALL This might be nice if your are using only public/private keys for your users and so a: passwd -l username can be used to disable/lock the users’ password (this only means they can’t possibly use a password to login, it does not mean they can’t log in).
Continue reading ↦So I ran into a situation where I needed to tunnel my SSH connections through a SOCKS5 proxy. I discovered through the googles that this is actually possible right through SSH itself meaning no jenky hack arounds. All you need to do is ensure you have “nc” installed (netcat) and add the following to either your command or config file: CLI: -o ‘ProxyCommand /usr/bin/nc -x localhost:3128 %h %p’ Config: ProxyCommand /usr/bin/nc -x localhost:3128 %h %p
Continue reading ↦So. You will find when using a mac that you need Xcode to run a lot of certain types of applications. I guess you could maybe think about it as .NET on windows (im not really for sure, i could be completely wrong). To install Xcode and the underlying command-line tools which are used by homebrew (something I’ll mention later in another post), do the following: 1) Install xcode from the app store.
Continue reading ↦Learned this a few days ago…If your having troubles with your rc.local running through everything you’ve put in it, you might want to take out the top part saying: #!/bin/sh -e as the -e dictates that the shell exit on any of the commands return a nonzero status. Now, your commands really shouldn’t be doing this (hopefully) but if they are, taking out the “-e” can fix the problem and allow later commands to run without problems.
Continue reading ↦Ok. So. I have a gentoo vm that I share files with through to my host os, osx (i know, please help me). Since I didn’t really seem to see any sort of fstab variant for osx, i found out that auto mounter is available and quite awesome for ensuring that things stay mounted whether it be at boot, during a network outtage, or whatever. So let me outline a very simple way to do this with links with more detail below:
Continue reading ↦So as you probably know if you use a Mac (yes I use a Mac now, its for work, don’t make fun of me), /Users has replaced /home as the default place your home dir sits. However, /home still exists but it is not usable (you’ll get permission denied even as root) and seems to be mounted by some “map auto_thing” in order to keep people from using it (its actually a part of the auto mounter app).
Continue reading ↦So I was on my main system which only has my private keys for some remote servers….and I’m lazy soo, since I needed to deploy a new server, I just used the following command to make a public key from my already existing private key… ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub NOTE: You can only go private > public, not the other way around. Found here: encryption – Create a public SSH key from the private key?
Continue reading ↦I’ve done this plenty of other times, just never posted it here. Here’s one I just finished real quick for starting my rtorrent (which likes to die every so often, i think its rutorrent causing it) when it dies. This one is unique in that it must be run in a screen session and like everything else, I tack on the “nohup command &” to ensure it starts in the background…but tbh, now that I look at it, you don’t actually need that since that screen will obviously live on when created whether or not that shell is still alive or not.
Continue reading ↦Made by a recent Michigan Technological University grad, distmap is a python script that uses google maps to display points on a world map showing the origin of users who have accessed your files/distributions. This script is extremely useful for mirrors like how it is currently used over at the Linux Users Group of MTU. Dependencies: GeoIP, PyMaps, and apachelog. Download: Github Notes: Set your mirrors and any other settings toward the top of the file.
Continue reading ↦For too long have I src’ed images from other sites on this blog and it needs to stop. I’m tired of worrying if my users will see little image placeholders which makes everything look gross. So after doing some searching, I’ve found the perfect plug in to remedy this: Add Linked Images To Gallery For every new post you make (or old one you edit and click “update”), this plug in will search for !
Continue reading ↦I decided that I needed some new work shirts for my job starting in June (and maybe my senior barrel in a few weeks)! These shirts needed to be funny and comfortable. Using funnyshirts.org, a place with one of the best shirt customizers I’ve seen, I made/found 3 awesome shirts! Here are the fronts of the 3 I made. Clicking the shirt takes you to the details page for it!
Continue reading ↦WOAH WOAH WOAH!!! Mario, why would you want to auto login to a system without at least user credentials? Well I’ll tell you trusty reader…its an HTPC with nothing important on it! In the event something happens and a reboot is necessary, I want to be automatically logged in and XBMC to auto load! Now keep in mind, I have enabled the Administrator account on this setup (Local Users and Groups from the Computer Management menu) for other purposes as well as not set a password for the main user account (playme) which is what needs to auto login.
Continue reading ↦1) Find the necessary option in your BIOS and enable. It may be under power management or south bridge settings or the like. For me, I just did this on my HTPC (which I will talk more about in later posts) which is a Zotac Zbox id80..which didn’t have the option in the BIOS because it is enabled in the BIOS by default (pretty cool uh?) 2) In Windows 7, I double clicked my adapter in Device Manager and on the resulting window, clicked the Power Management tab.
Continue reading ↦With the ending of Google Reader, this past few weeks has seen many users fleeing to other sources to provide them with their aggregated news content. Here are a couple great alternatives: The Old Reader TinyTinyRSS While reading about Google Reader, I came upon a few pages that were quite interesting: What is Google doing? (an opinion piece from Reuters) The Google Graveyard (leave flowers on the grave of your favorite deceased Google services)
Since I’m super hyped for the March 31st return of Game of Thrones: Season 3, I’ve been digging for some super awesome art to commemorate the occasion. One of the cool things is that there are different versions of House/Sigil art out there and they all look extremely classy. Here are a few links to keep handy!! Official HBO GoT Downloads Custom from Thomas Gateley in the UK TheTVDB Posters, Fanart, and Banners
Continue reading ↦I assume you are reading this because you have a legitimate reason to be cracking passwords (to ensure your infrastructure is as secure as possible, of course!). Over the years, I haven’t really had to use online password cracking but I did do some Windows NTLM hash recovery in the past and had a great experience without paying (albeit I had to wait a few days). Here are a few sites offering this service.
Continue reading ↦Since I’m stuck at home with my crappy lappy which Ubuntu likes to run horribly on, I decided to do a fresh (it feels so good) install of win7 and get comfortable. One key thing I wanted to do differently this time around was the way I emulate my terminals. I’m tired of the normal “install putty and make some basic profiles” setup. So I did some research to make everything all better!
Continue reading ↦So I have a friend that I needed some data from and lets just say the data was “fragile” so we obviously wanted to transfer it in a secure anonymous way (didn’t feel like making an account just for a few things). On my own server, all I had to do was mount his FTPes share using curlftpfs. Normal Usage (normal ftp server): curlftpfs ftp://ftp.lolcakes.com /mnt/ftp FTPes Server: curlftpfs -o tlsv1 -o ssl_control -o no_verify_hostname -o no_verify_peer -o allow_other ftp.
Continue reading ↦So I needed to find all my movie directories that didn’t contain fanart so I could fill the void and find some for em’! Here’s how: find . -type d | while read line; do if [ ! -f “$line/fanart.jpg” ]; then echo “$line”; fi; done; Thanks unix.com
So for someone who has no clue how this goes, on the android platform, you can do something called rooting your phone. This enables you to have pretty much full control over what you do with it at a software level. For most people, this means putting on a custom rom (think operating system) built off of the stock/base android releases (currently Jelly Bean) with more or less features and flexibility depending on what your looking for.
Continue reading ↦This example shows an FTP server but the same works for HTTP server /usr/bin/wget \ –verbose \ –mirror \ –wait=2 \ –random-wait \ –no-host-directories \ –cut-dirs=3 \ –directory-prefix=/home/ftp/doom/idgames_mirror \ –dot-style=binary \ ftp://ftp.fu-berlin.de/pc/games/idgames/ So ^that is how you can efficiently download all the things from a HTTP/FTP mirror (only if you have permission now!!). This is what I used to copy the idgames archive to my mirror at Michigan Tech, PSGNet.
Continue reading ↦So Backblaze is a company that prides themselves on crap tons of cheap storage to fuel their business of providing customers unlimited storage for $5 a month!! What I like about them is that they post their approaches to certain challenges they run into on their blog. For the past few years, they have posted about their amazingly popular and awesome “storage pods” which make up the majority of their infrastructure.
Continue reading ↦NOTE: I do not recommend this but it may be necessary for some sort of backup or pull system. Please only do this if you absolutely have to. It’s kind of like taking down your fire alarm in the kitchen!! Option 1: On the CLI $ ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no [email protected] Option 2: In your config file (the .ssh/config or /etc/ssh/ssh_config ): StrictHostKeyChecking no UserKnownHostsFile=/dev/null More from here.
So I just started using git and github for some of my scripts and such (figured its time to get organized) and I learned for the first time how to actually use git properly. It’s pretty simple actually. 1) Create a repo on github. 2) Go to the folder where the code you intend to share is stored. Run the following: a) git init (initialize this directory as a git repo) b) git add .
Continue reading ↦If you don’t know the reference, here. So I needed something new. I originally had a separate backup script on each server and it was set to run and backup to a “backup server.” That worked great for not very long plus it was hard to manage. So instead of a push system, I opted this time around to go the pull route. It makes things a lot easier on me and allows one centralized place for everything.
Continue reading ↦Literally for squeeze, apt-get install qemu-kvm libvirt-bin To manage vm’s as a normal user, add that user to the libvirt group. More on KVM here. Then you can use virsh to manage vm’s on the command line! But since that can be a pain, I highly recommend using virt-manager (a gnome gui utility) or some other gui (web/desktop) utility which can connect to libvirt remotely and manage your KVM Server.
Continue reading ↦So I really like that I can use my package manager to install python packages (e.x. python-django).. The only problem with this? They can sometimes be really old which causes problems when I try to run said application. If you have setuptools installed (apt-get install setuptools), use easy-install! sudo easy_install –upgrade django YAY!
modprobe ufs apt-get install ufsutils mount -r -t ufs -o ufstype=ufs2,ro /dev/sdb2 /mnt/ufsdrive The above is what I did to get a ufs partition mounted read-only (best I could get). Now sure why I had to mount it only read-only or why it was the second partition (it was a fresh format on FreeNAS’es part) but yeah.. Here’s more: http://askubuntu.com/questions/85154/mount-ufs-filesystem
Obviously, there is the awesome uname -a command to tell you kernel specific info. But that doesn’t tell you exactly what distro version you are running…Here’s how Debian: Look in /etc/debian_version Ubuntu: Look at /etc/issue OR /etc/lsb-release More here. RHEL/CentOS/Fed: Look at /etc/redhat-release More here.
I’ve always wondered why the hell Microsoft needs their own version of a “/boot” partition they call “System Reserved” which takes up hundreds of Megabytes of space right at the beginning of your disk.. Here’s the answer. Apparently, it’s used for Bitlocker and boot manager code/database contents. Note that this partition only shows up when you install windows on a clean drive with no existing partitions. The more you know….
http://securityreactions.tumblr.com/ Friend of mine showed me this amazing site that will have you on the floor in minutes. It applies hilarious gifs to common head in hand security situations Enjoy!
http://nmap.org/misc/hakin9-nmap-ebook-ch1.pdf That pdf contains an article written for hakin9?s publication by the creators of nmap, the network sec vulnerability testing application… They wrote it in response to Hakin9?s nagging for people to write articles for them…More here. Trollz hurt bad>>
apt-get install portmap nfs-common nfs-kernel-server edit /etc/exports with something like (for lets say a public share): /srv 10.0.0.0/24(ro,no_root_squash,no_subtree_check,insecure) After saving, import the shares using: exportfs -a OR /etc/init.d/nfs-kernel-server restart DONE!
So with my new build that is super duper awesome (view here), I have 32GBs of shiny blue ram to match my sexy motherboard. Upon installing the necessary drivers and getting my Windows image all set up, I noticed that it only noticed 16GBs of my ram…I mean SPD info showed they were all there and EVERYTHING!!! it just didn’t want to process the extra as usable;( What changed.? I had performed a BIOS upgrade the night before to make sure everything was cozy and working just right.
Continue reading ↦So I just launched an ESXi box at work and put in drives after installing vmware and creating 4 virtual machines. I then wanted to move some of the vm’s to a different (bigger) hdd. Here’s how: 1) In vsphere, right click each VM and select “remove from inventory”. 2) Enable SSH login to ESXi by selecting the server, selecting the “Configruation” tab and selecting “Security Profile” in the Software box.
Continue reading ↦Need to rename files recursively using regex? Thanks to commandlinefu and awesome people, you now can: find . -depth -type f -execdir bash -c ‘a=“{}”;mv -f “$a” ${a//REPLACEME/WITHME}’ \; END OF POST
So do this: apt-get install xscreensaver xscreensaver-screensaver-bsod This will install the amazing xscreensaver daemon and a crapton of extra awesome screensavers including the BSOD and XMatrix ones. Run “xscreensaver-demo” to load the config dialog box and set your awesome screensavers!! Xscreensaver Manual Then you can make a keyboard short-cut for Super+L that runs “xscreensaver-command -lock” and locks your computer and starts the screensaver!!! (basically what I did as I like Mod4+L (the windows key and L that are closest to each other) to be my shortcut just like in winblows!
Continue reading ↦So this summer was fun. During my internship at Sentry, I found out that I had no access out on non-default ports. This makes me a sad panda as I use non-standard ports over 1024 for all my ssh servers:( However, the fix is nice and awesome. There is one program I have found that enable you to grab a shell on your server through your web browser. And you don’t need any special plugins or crap like that!
Continue reading ↦So the title might be misleading but picture this: tar czvf lol.tgz /home/lol/omnom When you run that, it will tar up that directory. It will also put leading directories up to the actual data in the directory you’ve specified. So when you go to extract it to lets say /extract, you’ll get: /home/extract/home/lol/omnom Here is how to avoid that straight from one of my favorite sites: stackoverflow tar -czvf lol.tgz -C /home/lol/omnom .
Continue reading ↦Multiple line spaces in your bash programming can come in handy. Here’s how straight from the awesome that is cyberciti! #!/bin/bash echo “Say Something” <<COMMENT1 your comment 1 comment 2 blah COMMENT1 echo “Do something else”
So my users weren’t able to use the passwd command after I implemented LDAP auth on a specific client. Here’s a quick fix to /etc/pam.d/common-password password [success=1 user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass Needs to become….. password [success=1 user_unknown=ignore default=die] pam_ldap.so try_first_pass Basically, removing the use*authtok enables the try*first*pass to successfully get processed (i believe, more) *and therefore the passwd command can then properly check the first password you type unlike the error users got before:
Continue reading ↦I recently moved into a house and have had to watch my power. So obviously standby mode is a big deal in these parts where college students pay the electric bill with the small amounts of nothing they seem to find themselves holding. In linux, this is not hard to do at all especially since I have ubuntu 12.04 which seems to work great with my hardware. However, I am not able to wake the computer back up with my wireless logitech keyboard or mouse!
Continue reading ↦Challenge: 1 House (Duplex) 2 Sides 1 Hole in the Basement 2 Different Groups of College students 11 People wanting access 4 Network Ports 1 Server So I live in a duplex and both sides of the house are friends with each other. We all need access to one central server to share certain files as well as stream content etc… Here are some obstacles: 1) both have separate Charter internet connections
Continue reading ↦So I want my servers to email me when there’s problems or when I just need to feel like I matter and someone cares about emailing me. Unfortunately, my university (MTU) blocks outgoing smtp on the default port (25) hence I need to use an external service like gmail to send email. How do we do this? 1) setup a gmail account (or use a current one, whereever you want your emails to come from)
Continue reading ↦So I setup some automated emails to my housemates to remind them to PAY THEIR RENT! I ended up doing this via exim4 using this method by using a gmail account to send the mail instead of sending it straight from the system itself. (MTU blocks outgoing smtp) To ensure that the message wasn’t getting flagged as spam and html formatting was working correctly, I used a really great email test page by Brandon Checketts
Continue reading ↦Ridiculously long titles are fun…Now on to other things… One of the latest things I’ve done is look into streaming media to my newly bought PS3 and/or Xbox that I have lying around. Obviously, because of certain companies (cough MS and Sony cough), these “media” devices don’t support all the formats they should hence requiring users to at some cases find upnp serving applications that can remux and re-encode content on the fly if need be.
Continue reading ↦So there’s no way I’m going to blog if I have to log into wp-admin everytime. Luckily you have a few alternatives thanks to WordPress and its awesomeness.. 1) Email blogging…Send an email to an account watched by your wordpress install. When it sees a new email, it will post the contents as a new post. This is already built into WordPress but its in a minimal manner. I suggest the WordPress plugin, Postie which allows more fine grained options supporting categories and specific address filtering!
Continue reading ↦So yeah VMware is not liking the new kernel versions Linus and company are pushing. As a result, it has become necessary to patch your installs of 7.1.5 and 8.0.2 of Vmware workstation, a piece of software I can’t live without. Luckily a very sweet person named Weltall has this handy dandy blog that provides patches for this! I have tested on latest ubuntu 12.04 with 8.0.2 and all is well.
Continue reading ↦Aww. this is nice…. 1) Putty Tunnel Manager - A beautiful things that lets you setup and forget your tunnels from the task bar. Supports reconnections and ensures they don’t overlap on ports.. Forced to used Windows? This is necessary. 2) Gnome SSH Tunnel Manager – If you’re like me, classic gnome (version 2) is where it’s at. gSTM is an app that allows you to manage your tunnels easily with a nice gui and configuration utility.
Continue reading ↦A few of my machines authenticate to my central LDAP server and allow LDAP users to log in. However, I don’t want every user in LDAP to be able to log into every single one of those machines; rather, I would like to make a posix group in LDAP and when I put a user in that group, they will get access to the given host. This guide will describe how to accomplish this task using PAM.
Continue reading ↦Here is an updated tutorial on installing OpenLDAP server on your box. These instructions were done on Debian 6 Squeeze apt-get install slapd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev libnet-ldap-perl libnss-ldap libpam-ldap phpldapadmin Configure slapd – Enter the Administrator password to use confirm Configure libnss-ldap – Enter the ldap server URI – the hostname to connect to the server This should be localhost so…ldap://127.0.0.1 -Enter Distinguished Name of the search base.
Continue reading ↦I recently needed to compress images using one of the best compression types available, lzma. I did some research and with the help of commandlinefu and google, I was able to find what I was looking for. 7z a -t7z -m0=lzma -mx=9 -ms=on file.7z file.img The above uses lzma with the best compression selected. “file.7z” is the resulting file while “file.img” is the source file to compress. 7z a -t7z -m0=lzma2 -mx=9 -ms=on file.
Continue reading ↦I have a few administrative accounts that I do not want accessible via a password, only ssh keys. There are two ways to disable password authentication on a linux system: 1) Lock the password if using linux user accts, ldap, or whatever your using. 2) Tell ssh to not allow authentication with a password in your sshd_config file. For method 1: # passwd –lock username Note this won’t lock the user out of the account but rather lock their password so they cannot use one.
Continue reading ↦As an admin, you love to automate things. Lets say other users you have setup on your system run certain applications that may need to run in their own little shell. Instead of having to log into the server as that user (su’ing into a user and trying to create screen sessions doesn’t work very well) and making more work for yourself, you can actually (as root) start a screen session for the other user and define a command to run in the virtual terminal.
Continue reading ↦I have recently ventured into using screen (a virtual terminal in linux) in a multiuser setting. This is necessary when users need to collaborate on a project or for server which run their console in a “not” daemon sort of way. Basically, you can setup a virtual terminal and allow other people to access it. You can even be in the same shell as someone else which is extremely useful for helping other configure settings or program.
Continue reading ↦So I have for a long time had a backup script that copies the essential files to a directory in /home, and then tars, gzips, and encrypts /home so I can save all my home dirs + important things living on the root filesystem. But the way I used to do it before was really stupid and involved creating a tar, gzipping it, and then encrypting that and making another file of it…basically a bunch of unnecessary read and writes happening on the hard disk.
Continue reading ↦For years I have stayed away from ever wanting to mess with grub hoping that with each no os re-install, everything would just work. However, I recently had to face the facts and realize that there is no way for things to just work especially when adding a new 500GB hard drive with windows into the mix. The basic idea of just editing your menu entries just does not seem to be cutting it for me.
Continue reading ↦So you want to host your website in RAM? It will certainly help if you a database or very large flat files and I recently decided our sqlite database and the tons of images we have should probably be hosted in RAM since I certainly have plenty of it (24GB’s). On linux, you can use pretty much one command to do this by using tmpfs which will manage the memory usage for you based on what files you decide to put in ram.
Continue reading ↦IPTables provides you a way to make your own chains. A chain in iptables is a section of rules that iptables will run through whenever you specify. The main chain for input is the INPUT chain. I recently needed to start blacklisting ip addresses trying to attack us and it was necessary to create a new chain where I could store those ip’s instead of throwing them on the default INPUT chain which would be messy and stupid.
Continue reading ↦EDIT: Meme101 now runs from http://meme101.tty0.in/. It is no longer being updated and is kind of stagnant/dead.:( Some close friends and I have created a new site that contains memes pertaining to a bunch of different colleges and universities. If you have some free time or feel like wasting time, Please check it out. There’s anonymous upload too!
I use scp quite a bit. But I never had to use it with directory paths involving spaces until now (for some odd reason, I must be good at naming things as simple as possible, a good habit by the way). In order to use spaces, as per this article, it is necessary to add three back slashes and the space. At least that is the easiest way. Take a look at the linked article for more about it.
Continue reading ↦The following instructions have been tried on multiple Debian systems and should work perfectly for you. apt-get install subversion apache2 libapach2-mod-scgi php5 php5-cli php5-cgi php5-curl mktorrent unrar unzip php5-geoip curl libncurses5-dev pkg-config libcurl4-openssl-dev libsigc++-2.0-dev libterm-readline-gnu-perl automake libapache2-mod-php5 php5-xmlrpc libtool NOTE: If you have run an “apt-get install rtorrent”, you MUST run the following before installing from source or rtorrent will crash when you try to use rutorrent. apt-get remove libxmlrpc-c3 rtorrent
Continue reading ↦This is very useful if you have to use authentication on some web pages but want to use an ldap server you already have running instead of having to migrate or make different users in an htpasswd file. My example is doing this on a remote client machine that will be connecting to a remote ldap server. a2enmod ldap a2enmod authnz_ldap Add the following to enable auth on the /var/www/secure directory.
Continue reading ↦So I have an Areca 1680ix raid card which I use to interface all of my disks with my operating system (usually pass-through). Since I do a lot of hot-swapping, it is necessary for me to rescan the scsi devices connected for the operating system to recognize them and give them a drive letter. Additionally, you don’t want this to disable any of your currently mounted drives. A lot of sites tell you to unload and relaod the kernel module that represents your raid card driver.
Continue reading ↦So I wanted to install my NVIDIA drivers and I knew it would ask for some awesome kernel headers. In operating systems that use yum, you could use: <pre class="wp-code-highlight prettyprint">yum install kernel-headers</pre><p></p> You may also want to try: <pre class="wp-code-highlight prettyprint">yum groupinstall "Development Tools"</pre><p></p> ..which will install development tools on your system. But in Debian/Ubuntu based distributions, you should use the following which installs “build-essential” packages which will help provide NVIDIA and other driver based installers everything they need to tailor the driver for your system including gcc, make, and dpkg-dev.
Continue reading ↦\Intro// So I have some womanly type friends who like to carry on long conversations with me via text messaging. Now I don’t have a problem with texting and i dont have a problem with long conversations but I do have a problem with picking up my phone every other minute to answer a text. It gets annoying especially when I’m sitting in front of a computer with a nice beautiful keyboard that isn’t 4 inches.
Continue reading ↦So Ice Cream Sandwich is the new Operating System rolling out on the Android assembly line in the first quarter of this new year. It has a lot of new features and looks to add some very exciting features. A lot of people are wondering though when or if their device will be getting it. I have found an amazing up-to-date resource outlining details concerning your device and whether or not it will get the update and if so, when.
Continue reading ↦So one of the academic sites we use called Blackboard causes some people to get redirect loop errors in google chrome while others not really. The error looks similar to the following: Error 310 (net::ERR_TOO_MANY_REDIRECTS) This is caused because aparantly the site you are going to has a redirect to the same site again. The following are steps you can take to try and fix this issue. Some sounds really weird and out there but they have worked for various people (dont ask me why or how, just try em.
Continue reading ↦With a little for loop and some magical sed, I was able to figure out a quick line to help me rename all the files in a specific folder that have characters I don’t want there. This line will look at all the .jpg’s in the current directory and rename them taking out any instance of “( ” and replacing it with ” – “. I’m sure you can figure out how to tailor this to your liking by editing the type of file extension and putting in your own sed statements.
Continue reading ↦<pre class="wp-code-highlight prettyprint"># dpkg --get-selections</pre><p></p> Then you can grep out what your looking for!
So I’m migrating to a new server and needed to move all my users and groups over to my new machine. Here’s how I did it: 1) I installed everything and got the server (slapd) running. Refer to another guide on here that tells you how to do this. 2) use slapcat on old machine to export the database: slapcat -n 1 > /root/slapcat.dump 3) scp that over to the new machine.
Continue reading ↦So my main problem with most vnc servers available for linux is their ability to log me into my machine with a completely different environment than what I am already logged into. This makes me mad. On windows, by default, you log into your main profile, end of story. This is how I like it. Using x11vnc, we can log into our current session without any problems! Heres How:: <br></br> apt-get install x11vnc<br></br> mkdir ~/.
Continue reading ↦So i installed debian 6 and i have an external soundblaster usb device as my soundcard. Now Debian picks it up fine using the alsamixer software yet this device does not get set as the default device automatically. meaning firefox and other sound programs where i cant change the mixer to use have problems playing audio. Using this page: http://www.seehuhn.de/pages/alsa and my brain, I was able to create a /etc/asound.conf file and put the lines in it that this guide specified:
Continue reading ↦So i accidentally changed my password for my root account like a year ago and forgot what it was when I needed to add a new database. Very bad for a sysadmin I know but it will probably happen to you at some point in your career if it has not already! Here’s how to reset it: 1) Stop mysqld and restart it with the –skip-grant-tables option. mysqld –skip-grant-tables 2) Connect to the mysqld server with this command:
Continue reading ↦I finally took the venture into natting/masquerading my traffic to allow my internal boxes to be accesed from the outside world. It is really quite easy actually. As long as you are using static addressing on the private lan or set your dhcp server to always give the box u want to access the same ip, you are all set. Add the following rules to iptables and you’re golden: -A PREROUTING -p tcp -d 141.
Continue reading ↦An easy way to do this is start a “script” session using a nifty program called script. It basically puts you in a virtual terminal and records everything you type and the corresponding output. script -a /home/user/bashlog.txt Then just type exit when you want to stop logging.
NOTE: This was done on Debian 5 Lenny. This does not apply to Squeeze. A new guide will be released shortly. Generally your LDAP clients will connect to the ldap server to get user details and authentication. A lot of people will have the ldap server and client run on the same machine which is probably your setup. Here is how to install the necessary software and configure it so that your server can contact the ldap server and users can authenticate with ease.
Continue reading ↦Most people just use the normal linux user system /etc/passwd and shadow files for their users. But migrating this can be a good thing as you can centralize your users and have more fine-tuned control over them. (online ldap configuration anybody?) Here’s my guide on how to migrate your linux users to your ldap database. It was done on debian lenny with a lot of ache and pain. Hopefully this will make it easier for you.
Continue reading ↦NOTE: This was done on Debian 5 Lenny. This does not apply to Squeeze. A new guide will be released shortly. By the ! I mean get ready to dedicate some time. This might take a while and might not work perfectly when you first install it. First install the software. It will then ask you some questions. # apt-get install slapd ldap-utils migrationtools (only install migrationtools if moving user accounts from local /etc/passwd file)
Continue reading ↦1) edit /proc/sys/net/ipv4/ip_forward to contain the value of 1 instead of 0. 2) modprobe iptable_nat 3) make a bash script containing the following: NOTE: Change anywhere it says “eth3? to the interface where your internet connection is coming in from. edit the -s statement to the network and netmask of the private network you plan on creating. #!/bin/bash if [ “$1” == “enable” ]; then iptables -A POSTROUTING -t nat -o eth3 -s 10.
Continue reading ↦So my campus decided to employ 802.1X protocol for authentication over the wired network in the dormatories at Michigan Tech. This is all great except for the part that normal switches can’t participate in the authentication because of the EAPOL frames exchanged before DHCP at layer 2. What we will need to do is connect directly to the wall port while running a program called wpa_supplicant which will take care of the authentication then we will use dhclient to talk to a dhcp server and get an IP addy.
Continue reading ↦I needed to download a bunch of torrents at one time but I didn’t want them to go to the same default dir as all my other downloads. So I used this line in my .rtorrent.rc file to set my watch dir and then the download dir for those torrents. NOTE: ~/files is my default dir. In this case I made a dir called ubuntu and want anything I put into the ~/watch dir to be downloaded to ~files/ubuntu
Continue reading ↦Like a lot of people, I have one server. Its quite a powerful box and I do pretty much everything on it. I recently needed to run another site with its own domain name on the same box which has only one ip address (obviously). Using virtual hosts with apache is really easy and allows you to host two completely different directories anywhere on your server as long as the www-data user is able to read the files, you’re good to go.
Continue reading ↦So I stumbled upon some guy in some forums on some website who posted a thread requesting a web site that sold bitcoins… I know I was wondering the same thing.. After some research, it seems as though bitcoins are the first anonymous, virtual online currency that has no central control. Which means transactions are directly peer to peer. You can even mine for your own using a powerful machine and either going solo or joining a pool of people donating system resources where the resulting coins are spread amongst everyone who participated.
Continue reading ↦I recently discovered the power of dropbox. (2GB for free!) and decided I would deploy it to backup all my school documents and files from my H drive (aka my home directory) that resides on my school’s servers. I have access to my department server via a bash shell and decided I would install dropbox (it runs out of a directory) and sync certain directories residing in my home drive with it.
Continue reading ↦Here is a table which clearly shows the differences between Blu-Ray and DVD mediums. It is important to remember that these are standards. You can really put any type of video you want on a blu-ray disk but your blu-ray player most likely won’t be able to play it.
I have been using VMWare workstation (7.1.4 x64) a lot in the previous weeks and have had a few minor problems crop up lately especially with my windows xp vm. About 5 minutes ago, the vm crashed for some unknown reason (which I still am not sure why). After it did this, my control, shift, and num lock keys didn’t work properly on my host machine (Fedora 14 x64). Shift and control didn’t work at all
Continue reading ↦So you have multiple options your network card supports such as auto-negotiation, different speeds, and half or full duplexing. To set these options in linux, you can use the ethtool utility. Here is an example output about one of my interfaces: # ethtool eth1 Settings for eth1: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 1 Transceiver: internal Auto-negotiation: on MDI-X: off Supports Wake-on: pumbag Wake-on: g Current message level: 0x00000001 (1) Link detected: yes
Continue reading ↦So I needed to setup a crossover connection and set a static ip. Here are the settings i decided upon. ip: 192.168.0.1 network: 192.168.0.0 netmask: 255.255.255.0 broadcast: 192.168.0.255 So to set this with ifconfig you don’t really need the broadcast entry but the following will work sufficiently: ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up This will setup the interface and bring it up. Then just set the other interface on the other end of the crossover cable to another available ip in the range (.
Continue reading ↦This should fix it! Written by the greatest coder I know…Fuzzy!: perl -e ‘opendir(DIR, “.”);@files=readdir(DIR);foreach $file(@files){next if($file eq “.” or $file eq “..”); $newfile=$file; $newfile=~s/\s+(.+)/$1/;rename($file, $newfile);}’
So basically I needed to run a few commands at system start for a few of my debian vm’s who felt it would be a go idea to not start the system with my networking enabled @ run level 2… I want to just be able to start the vm, wait for it to boot, and login via ssh remotely. So… 1. Make your bash script. Here’s mine: #!/bin/bash ifconfig eth0 up dhclient -nw eth0
Continue reading ↦So I have a slight problem…I unrared a crapton if files which are now all in their own directories and those directories are inside other directories. Main/file1/file1unrared/file1.txt So I want all those text file to just sit in Main not 2 dirs down from there. If my current directory is Main, I can do this: find . -type f -iname ‘*.txt’ -exec mv ‘{}’ . \; find . -type d -exec rm -rf ‘{}’ .
Continue reading ↦Just so I would remember, I just installed a debian vm and came across a problem I’ve never seen before. # iptables-save > iptables.rules Unable to open /proc/net/ip_tables_names: No such file or directory. It seems that the module needs to be loaded before you can use iptables-save. To fix this, run the command “modprobe ip_tables” and everything should work fine. weird..
So I was in a dilemma. I have a gazillion files that have spaces. Spaces in linux = really annoying to work with mainly in the shell. *A quick explanation of sed (needed to understand these scripts):* sed ’s/thingtoreplace/replacewith/g’ This will replace any instance of “thingtoreplace” with “replacewith” in a whole line of text. you must remember that sed works on a line by line basis, not file by file.
Continue reading ↦So not everyone uses NFS. Actually most use sftp on linux since they can just use already existing open ssh ports to transfer data encrypted. The other problem is that many of us need to access smb/cifs shares on our linux boxes as well in an easy and simple fashion. So here’s a little insight into how to do this. I like to mount sftp shares to my home dir in linux.
Continue reading ↦So Hitachi has this new Enterprise grade drive with a 2 million MTBF (Mean time before failure) rating and 3TB storage capacity. I must say, this is pretty epic. Plus, I just learned that their storage part of the company bought the IBM storage division in the early 2000?s. 1up for Hitachi. Never really took them seriously but they have good reviews on newegg and seem to be actually innovating. I’m impressed.
Continue reading ↦OMFG I AM TIRED OF typing MY PASSWD@#$^@#%^#@$^ Here’s how to generate ssh keys you can use to automatically login to a remote server. 1: First, on either machine, create the keys. a) Run the command, “ssh-keygen -t rsa” b) Accept the default options by basically pushing enter through them 2: Now you should have a id_rsa file and an id_rsa.pub file. a) Move the id_rsa (your private key file) to the client computer in the ~/.
Continue reading ↦Lets say you have a bunch of sweet rules in iptables but there’s an application you are trying to install and it just will not work. You think it might be the restriction’s in your firewall but you don’t feel like toying with it right now. Easiest thing to do? Just clear out everything and allow all traffic for the time being (until you can get that damn application to work) Here’s a script that will help you do just that.
Continue reading ↦Some quick info about cron and how to setup jobs etc.. crontab -e Edit your crontab file, or create one if it doesn’t already exist. Each user has their own cron jobs they can setup and specify. There is not just one crontab for all users on the machine. crontab -l Display your crontab file. crontab -r Remove your crontab file. Each entry in a crontab file consists of six fields, specifying in the following order:
Continue reading ↦So on the network that I use, the admin’s like to use IPv4 but have support for IPv6 as well. So there’s always a bunch of IPv6 addresses that my NIC’s get attacked with every time they contact the DHCP server. I really don’t need all that crap and I would like to speed up my DNS queries by not worrying about IPv6. So here’s how to disable it…. 1: Open your /etc/modprobe.
Continue reading ↦In the past, I’ve had different run in’s with installing rtorrent on different linux distro’s. But I eventually found a surefire way to install it on Debian. Your working directory doesn’t really matter. I would suggest /tmp or your ~. I also recommend not installing this as root. It’s just a bad idea. FIRST: sudo apt-get install build-essential libsigc++-2.0-dev pkg-config comerr-dev libcurl4-openssl-dev libidn11-dev libkadm55 libkrb5-dev libssl-dev zlib1g-dev libncurses5 libncurses5-dev THEN :
Continue reading ↦It is completely unnecessary to give someone a shell on your server. A shell should only be given out to administrators of that server (and others that perform maintanance on it). Therefore, in this guide, using OpenSSHd, I will show you what you need to add to your sshd_config file to make the magic happen. First off, you need to understand that you can designate what kind of shell a user has by using the “usermod -s /bin/lolcakes user1?
Continue reading ↦This is a continuation of the “Setting up a RAID Array with mdadm” In this article, I will show you how to add two more drives (in my case, two more 1.5TB drives) and expand the array to use the new space. So I’ve got my two new drives, /dev/sdf and /dev/sdg 1: Use fdisk to partition them with one single partition using the “Linux Raid Autodetect” option. Make sure to use “w” to write the options to the drive.
Continue reading ↦I’ve been using Google Docs for a few months and I love it. I can access everything from everywhere. No worrying about something being on a box that I can’t get to for some unknown reason. Whats even better is that Google has released GoogleCL, a command line utility for linux that lets you interact with many of google’s services, especially google docs. So I figured, I’m a paranoid kid who would do RAID 1+1 if he had the money.
Continue reading ↦I mount a few shares using sshfs and I like to make sure they are synced with my local raid 1 array for backup. So how can I run rsync making sure the share is mounted already? What I do below is, using the mount command, check to see if the sshfs share is mounted to /mnt/login and if it is, it syncs with a directory on my local machine and puts the date into a file so I know when the last sync was run.
Continue reading ↦Got a bunch of public directories you need to set permissions on? Here ya go… #!/bin/bash<br></br> #set the owner and group for these directories recursively<br></br> chown -R bill:noobs /pub/this<br></br> chown -R bill:noobs /pub/that<br></br> chown -R bill:noobs /pub/theotherthing<br></br> #set perms for all sub-directories<br></br> find /pub/this -type d | xargs -d"\n" chmod 755<br></br> find /pub/that -type d | xargs -d"\n" chmod 755<br></br> find /pub/theotherthing -type d | xargs -d"\n" chmod 755<br></br> #set perms for all files<br></br> find /pub/this -type f | xargs -d"\n" chmod 644<br></br> find /pub/that -type f | xargs -d"\n" chmod 644<br></br> find /pub/theotherthing -type f | xargs -d"\n" chmod 644
Continue reading ↦Lets say you had a web page and you wanted to change the css at certain times to show a new picture. Here’s some sed regexp’s to do it for ya. In this example, I am picking a random image from a directory of approved images and switching out the old whatever.jpg with newstuff.jpg ______________________backchange.sh #!/bin/bash<br></br> #heres the line i am going to be editing (actually the background of my site):<br></br> #background-image: url(https://website.
Continue reading ↦So I created this little guy to help me out. Whenever run, he generates a date line in html that looks like this on a web page: Last updated Wednesday December 15 2010 and updates a footer file I’ve called foot.tpl _________update.sh #!/bin/bash<br></br> #change the Last updated part of foot.tpl<br></br> cd /var/www/<br></br> #generate nice looking date command<br></br> DATE="$(date "+%A %B %e %Y")"<br></br> MYVAR="<p>Last updated"<br></br> END="</p>"<br></br> FINAL="$(echo $MYVAR $DATE $END)"<br></br> #we are going to look for any line that has the word updated and replace that whole line with our new one now contained in the variable FINAL<br></br> sed "<br></br> /updated/ c\<br></br> $FINAL<br></br> " foot.
Continue reading ↦So I run this minecraft server. And the users that play on it are always creating and developing new things constantly a.k.a. Michigan Tech University out of blocks!! So there was a big need to backup the map directory quite a bit. Right now its only about 50MB’s or so but I know it will get bigger as more and more elements are added. So we decided that everyday backups should be sufficient.
Continue reading ↦mdadm is a command line software raid tool for raid’ing multiple partitions/disks together without worrying about any hardware devices or drivers. With mdadm, you can do any type of raid you like as well as monitor and recover from drive losses etc.. Its pretty much the ultimate tool for anything raid on linux! In my situation, I wanted to create a sweet media server for high definition movies and media without having to spend a fortune on hardware raid devices.
Continue reading ↦I have established this site for the wealth of system administrators out there that love to explore, create, and discover new types of things they can do to their systems. The purpose of this site is to provide everyone with some of the scripts, guides, and commands I have used in my journey through system administration throughout the past several years. Every guide or script posted on this site has been tested by me on the Debian distribution (64-bit) and should work for you given you follow the instructions, have a pretty decent understanding of the Linux operating system (+ command line) and are willing to learn.
Continue reading ↦