Major Hayden

cloud-init and dhcpcd

Thu, 18 Apr 2024 00:00:00 +0000

Fedora’s cloud-init package now uses dhcpcd in place of dhclient, which went end of life in 2022. 💀

Texas Linux Fest 2024 recap 🤠

Tue, 16 Apr 2024 00:00:00 +0000

I gave two talks at this year’s event and ran into lots of old friends and colleagues. 🐧

Roll your own static blog analytics

Thu, 04 Apr 2024 00:00:00 +0000

Static blogs are easy to serve, but so many of the free options have no analytics whatsoever. This post talks about how to serve your own blog from a container with live updating analytics

Connect Caddy to Porkbun

Thu, 29 Feb 2024 00:00:00 +0000

Caddy offers a great web and proxy server experience with minimal configuration and automated TLS certificates. Learn how to connect Caddy to Porkbun to get TLS certificates by managing your DNS records for you automatically. 🐷

Linux on the AMD ThinkPad Z13 G2

Sun, 14 Jan 2024 00:00:00 +0000

Now that AMD’s Zen 4 CPUs landed in lots of laptops, I picked up a ThinkPad Z13 G2 with an AMD Ryzen CPU. Did I put Linux on it? Of course I did. 🐧

Dark mode in Sway

Tue, 09 Jan 2024 00:00:00 +0000

Dark mode lovers rejoice! It’s possible to get (most) applications to show up in dark mode in the Sway window manager. 😎

On diversity

Sat, 16 Dec 2023 00:00:00 +0000

Diverse teams lead to great outcomes, but how we measure diversity remains a challenge. Enforcing it is even more challenging. 🌎

Horror book reviews from October 2023

Sun, 19 Nov 2023 00:00:00 +0000

October brings us the Halloween holiday here in the US and I set off on an adventure into some spooky and unsettling books. 👻

Moving to cloud is more than just a purchasing exercise

Fri, 27 Oct 2023 00:00:00 +0000

Moving to cloud is about much more than just capital efficiency. It enables your teams to do more if they’re willing to adopt some new practices.

How I learned to stop worrying and love the CoreOS

Fri, 13 Oct 2023 00:00:00 +0000

Here’s a blog post to answer the question: Why do you write so much about CoreOS? 📦

Quadlets might make me finally stop using docker-compose

Mon, 25 Sep 2023 00:00:00 +0000

Sure, docker-compose is great, but could we get similar functionality using just the tools that are built into CoreOS? Can we get automatic updates, too? Yes we can! 📦

Mounting the AWS Elastic File Store on Fedora

Wed, 13 Sep 2023 00:00:00 +0000

Fedora now has the AWS Elastic File Store (EFS) mount helper available for Fedora 38 and newer releases! It chooses optimized NFS mount options for you and makes mounting and unmounting a breeze.

Car buying guide

Mon, 04 Sep 2023 00:00:00 +0000

If you love to nerd out on just about anything, give it a try the next time you buy a car.

Fixing a ghost database migration failure

Thu, 31 Aug 2023 00:00:00 +0000

I woke up one morning to find my Ghost blog unresponsive. It required an unexpected fix. 🔧

Open source contributions: Just do it

Wed, 16 Aug 2023 00:00:00 +0000

Want to make a change in an open source project? Take the Nike approach and Just Do It. 👟

Add CloudFront CDN to a Ghost blog

Mon, 03 Jul 2023 00:00:00 +0000

Adding an AWS CloudFront CDN distribution to a Ghost blog improves response times on an already fast blogging platform and increases security along the way. ⚡

Deploy a containerized Ghost blog 👻

Tue, 27 Jun 2023 00:00:00 +0000

Ghost delivers a great self-hosted blogging platform that deploys well in containers. Let’s deploy it on CoreOS along with Caddy. ️📝

Engineering through layoffs

Sun, 25 Jun 2023 00:00:00 +0000

Layoffs create traumatic times for many. Find ways to break through the frustration and pain. For those that stay, your ability to influence the business can grow. 🪴

Launch a watchtower container via podman quadlets

Wed, 31 May 2023 00:00:00 +0000

Podman’s new quadlet feature lets you specify container launch configuration via simple systemd-like unit files. 📦

CoreOS as a pet

Thu, 25 May 2023 00:00:00 +0000

CoreOS provides a fast track to running containers with a light weight immutable OS underneath. This doesn’t mean that you can’t keep it around as a pet instance. 🐕

My beef with mailing lists

Wed, 10 May 2023 00:00:00 +0000

My issues with open source mailing lists aren’t with the technology, but with unorganized pattern of the discourse itself. 🖇️

Fedora on Oracle Cloud

Fri, 05 May 2023 00:00:00 +0000

Add a Fedora x86_64 or aarch64 image to Oracle Cloud and launch an instance. 🚀

Add a VLAN on a Mikrotik router

Thu, 20 Apr 2023 00:00:00 +0000

Segment your home network easily with a VLAN on a Mikrotik router. 🖥️

1Password quick access in Sway

Wed, 19 Apr 2023 00:00:00 +0000

1Password has a handy quick access launcher and you can bring it on screen for fast access to passwords and two factor codes in Sway. 🔐

My home phone costs 85 cents a month

Tue, 18 Apr 2023 00:00:00 +0000

After trying several services for home phones, I found a solution that costs me about $0.85 per month. ️️☎️

Monitor your AWS bill

Thu, 02 Mar 2023 00:00:00 +0000

Nobody likes a surprise bill. Learn some ways to keep your AWS bill under control and avoid that end of the month panic. 😱

Migrating to AWS CloudFront

Fri, 17 Feb 2023 00:00:00 +0000

New experiences bring joy! After working with fun AWS CloudFront hacks at work this week, I decided to migrate this blog to AWS S3 and CloudFront. ⛅

Red flags

Thu, 05 Jan 2023 00:00:00 +0000

Every job has its ups and downs, but when is it the right time to double down or the right time to leave? Make a list of red flags that help you decide. 🚩

Automatic container updates with watchtower

Wed, 04 Jan 2023 00:00:00 +0000

Watchtower keeps an eye on your running containers and updates them when new containers appear upstream. 📦

Second try at self-hosting Mastodon

Mon, 02 Jan 2023 00:00:00 +0000

Although my first attempt at self-hosting Mastodon was a failure, I went back for a second attempt with docker-compose. 🧗‍♂️

Connect 1Password's CLI and app in i3 with lxpolkit

Fri, 30 Dec 2022 00:00:00 +0000

1Password’s CLI tool connects via PolicyKit to the 1Password application for authentication, but this isn’t the easiest in i3. 🔑

Three years of keto

Sun, 18 Dec 2022 00:00:00 +0000

Adopting the keto lifestyle in 2023? Here are some pointers from me after three years. 🍽

docker-compose on Fedora CoreOS

Sat, 17 Dec 2022 00:00:00 +0000

My go-to method for managing containers easily is still docker-compose. It works really well on Fedora CoreOS. 📦

My favorite podcasts

Thu, 15 Dec 2022 00:00:00 +0000

Podcasts provide a great way to keep up with current events or learn more about the world around us, especially while we’re doing other activities. 🎧

Make your mark with the compose key

Mon, 12 Dec 2022 00:00:00 +0000

Keep your composure with diacritics, symbols, and other characters with the compose key! ⌨

Switch audio to bluetooth headphones automatically

Fri, 09 Dec 2022 00:00:00 +0000

Automatically switch your system audio to your bluetooth headset as soon as they connect. 🎧

Deploy Fedora 37 on Hetzner Cloud 🇩🇪

Thu, 08 Dec 2022 00:00:00 +0000

Avoid cloud provider modifications and deploy a genuine release version of Fedora 37 on Hetzner Cloud. ⛅

Configure multimedia keys on a Ducky One keyboard

Mon, 05 Dec 2022 00:00:00 +0000

Setting up the multimedia keys on Ducky One keyboards lets you manage your music quickly. ⌨

Clocks in multiple time zones with i3status

Sun, 04 Dec 2022 00:00:00 +0000

Have family or coworkers in multiple time zones? Get multiple clocks with i3status. ⌚

Make screenshots quickly in i3 with maim and xclip

Tue, 29 Nov 2022 00:00:00 +0000

Take quick screenshots and send them to the clipboard in i3 with maim. 📸

Manage sound volume with volumeicon in i3

Sun, 27 Nov 2022 00:00:00 +0000

Simplify your i3 configuration and monitor sound levels with volumeicon in your tray with the i3 window manager. 🔈

Adventures with the mastodon herd

Fri, 11 Nov 2022 00:00:00 +0000

Ongoing changes at Twitter led me to take a second look at mastodon, including running my own mastodon instance. 🐘

Amateur Guide to Running

Sun, 06 Nov 2022 00:00:00 +0000

Running gets me outside and gives me a challenge where I can compete against myself. Here are my tips for becoming an amateur runner. 🎽

Monitor a UPS with a Mikrotik router via SNMP

Fri, 28 Oct 2022 00:00:00 +0000

Mikrotik routers and switches serve as efficient network devices, but they know other tricks, too. Monitor your UPS with a Mikrotik device and query it via SNMP. 🔌

Build a Tailscale exit node with firewalld

Thu, 27 Oct 2022 00:00:00 +0000

Tailscale exit nodes allow you to route your traffic through nearly any system in your tailnet. Learn how to build an exit node using firewalld. 🕳️

Strong impacts require soft skills

Thu, 08 Sep 2022 00:00:00 +0000

Success at work depends on more than your technical ability. Improve your soft skills to increase your impact. 💪

PXE boot netboot.xyz on a Mikrotik router

Fri, 02 Sep 2022 00:00:00 +0000

Get systems online quickly or rescue a broken system by PXE booting from netboot.xyz using a Mikrotik router. 🛠

How I write blog posts

Wed, 17 Aug 2022 00:00:00 +0000

This feels very meta, but I thought it would be a good idea to share my blog post writing process anyway. 📝

Takeaways from The Obesity Code

Fri, 12 Aug 2022 00:00:00 +0000

This book teaches you more than dieting – it changes how you think about food entirely. 🍽

Migrating from vscode to vim

Thu, 11 Aug 2022 00:00:00 +0000

Some people say I just enjoy the sound of my mechanical keyboard too much. 🤭 I see it as a simpler, more consistent workflow.

Use GNOME Keyring with Sway

Fri, 05 Aug 2022 00:00:00 +0000

Add encrypted ssh keys to your workflow more efficiently with gnome-keyring in the sway window manager.

Raise the bar with an SBAR

Tue, 02 Aug 2022 00:00:00 +0000

Efficiently communicate a problem and your recommendation in record time with an SBAR. 📝

Extra icanhazip services going offline

Thu, 28 Jul 2022 00:00:00 +0000

The original icanhazip.com lives on, but the other services are going offline. 😢

Efficient emoji experience in Wayland

Fri, 27 May 2022 00:00:00 +0000

Because nobody wants an inefficient emoji workflow. 🙈

Sway reload causes a Firefox crash

Tue, 24 May 2022 00:00:00 +0000

Reload your sway config without disrupting Firefox. 🔥

Build a custom CentOS Stream 9 cloud image

Fri, 06 May 2022 00:00:00 +0000

Learn how to customize a CentOS Stream 9 cloud image with the stuff you want and nothing that you don’t. 📦

Basic authentication with Traefik on kubernetes

Wed, 20 Apr 2022 00:00:00 +0000

Keep prying eyes away from your sites behind Traefik with basic authentication. 🛃

W5WUT: My amateur radio station

Wed, 20 Apr 2022 00:00:00 +0000

Ham radio is the best (and most frustrating) hobby on the planet! 📻

Encrypted gitops secrets with flux and age

Tue, 19 Apr 2022 00:00:00 +0000

Store encrypted kubernetes secrets safely in your gitops repository with easy-to-use age encryption. 🔐

Mount NFS shares in kubernetes

Fri, 08 Apr 2022 00:00:00 +0000

Access files over NFS within kubernetes pods with a quick volume mount. 🗄

Update Supermicro BIOS firmware from Linux

Thu, 07 Apr 2022 00:00:00 +0000

Upgrade your Supermicro BIOS firmware from Linux using their SUM utility. 🔧

Install ThinkOrSwim on Fedora Linux

Thu, 31 Mar 2022 00:00:00 +0000

Learn how to install TD Ameritrade’s ThinkOrSwim desktop application on Linux and get everything working. 💸

Disable HiDPI in alacritty

Fri, 25 Mar 2022 00:00:00 +0000

The alacritty terminal on Fedora enables HiDPI mode by default. Break out your magnifying glasses as we disable HiDPI. 👓

Build a URL shortener with Cloudflare Workers

Thu, 24 Mar 2022 00:00:00 +0000

Host your own personal URL shortener with GitHub Actions and Cloudflare Workers. No web or database servers required! 🥰

Kerberos logins with Brave on Linux

Sat, 18 Dec 2021 00:00:00 +0000

Brave recently changed how their browser reads managed policy configuration, but luckily the fix is an easy one. 🔧

My Twitter reset

Fri, 17 Dec 2021 00:00:00 +0000

At first I thought Twitter was the problem, but then I realized I was making poor choices. 🤔

Deploy a custom Fedora 35 AMI to AWS with Image Builder

Tue, 16 Nov 2021 00:00:00 +0000

Want to build your own Fedora 35 image for AWS? Use Image Builder to build and deploy an image made just for you. 🏗

Install Azure CLI on Fedora 35

Mon, 01 Nov 2021 00:00:00 +0000

Provision services on Microsoft’s Azure CLI on Fedora 35. 💙

Secure Tailscale networks with firewalld

Sat, 30 Oct 2021 00:00:00 +0000

Tailscale provides a handy private network mesh across multiple devices but it needs security just like any other network. 🕵

ThinkPad X1 Nano Gen 1 Review

Sat, 23 Oct 2021 00:00:00 +0000

One of the smallest ThinkPads delivers one of the best experiences I’ve had on a laptop. 💻

Run Xorg applications with podman

Sun, 17 Oct 2021 00:00:00 +0000

Package up graphical applications in containers and run them with podman. 🚢

Backlight control with i3

Thu, 14 Oct 2021 00:00:00 +0000

Adjust the LED backlight on your laptop quickly in i3 on Linux. 💡

Forwarding ports with firewalld

Mon, 11 Oct 2021 00:00:00 +0000

Learn how to forward ports with firewalld for IPv4 and IPv6 destinations. 🕵🏻

My summer 2021 reading list

Mon, 06 Sep 2021 00:00:00 +0000

I set out to read a bunch of books this summer and succeeded! Here’s my reading list. 📚

Deploy Fedora CoreOS in Hetzner cloud

Fri, 20 Aug 2021 00:00:00 +0000

Launch your containers on Fedora CoreOS instances in Hetzner cloud with a few workarounds. 🚀

Set network interface speed with systemd-networkd

Fri, 20 Aug 2021 00:00:00 +0000

Sometimes network interface autonegotiation doesn’t work as well as it should. Luckily, you can fix it with systemd-networkd. 🔧

Wildcard LetsEncrypt certificates with Traefik and Cloudflare

Mon, 16 Aug 2021 00:00:00 +0000

Re-use the same wildcard TLS certificate for multiple containers running behind traefik. 🚦

Build Fedora AWS images in GitHub Actions with Image Builder

Fri, 06 Aug 2021 00:00:00 +0000

Build images for AWS and deploy them to your AWS account all within GitHub Actions. 🤖

Major's CV

Fri, 06 Aug 2021 00:00:00 +0000

Learn more about me, my work experience, and the things I’ve created. 👨🏻‍💼

DHCPv6 prefix delegation with systemd-networkd

Wed, 28 Jul 2021 00:00:00 +0000

Use the new DHCPv6 prefix delegation features in systemd-networkd to make IPv6 subnetting easy! 🎉

Enable dark mode in Firefox without changing themes

Mon, 19 Jul 2021 00:00:00 +0000

Firefox allows you to set dark mode as the default without changing themes or changing your desktop configuration. 😎

Enable touchpad tap to click in i3

Sun, 18 Jul 2021 00:00:00 +0000

Enable tap-to-click on your laptop’s touchpad in i3 with one of two methods. 💻

Persuasion engineering

Sun, 11 Jul 2021 00:00:00 +0000

Improve your persuasive skills to get your team on board with solutions to tough problems. 🤔

Rootless container management with docker-compose and podman

Fri, 09 Jul 2021 00:00:00 +0000

Run rootless Linux containers without any daemons using docker-compose and podman on Fedora! 📦

icanhazip.com FAQ

Mon, 05 Jul 2021 00:00:00 +0000

The family of icanhaz sites help you get more information about your network connection.

A new future for icanhazip

Sun, 06 Jun 2021 00:00:00 +0000

icanhazip.com lives on with the same mission, but with a new owner 🤗

Efficient emojis with rofimoji

Sat, 15 May 2021 00:00:00 +0000

Emojis brighten up any message or document. 🌻 Search, select, and use emojis quickly on Linux with rofimoji. 🤗

Free resources for the stock market

Thu, 22 Apr 2021 00:00:00 +0000

Investing in stock or trading options is complicated, but there are plenty of free resources available to make research easier.

Selling options made simpler

Wed, 17 Mar 2021 00:00:00 +0000

Feedback from my original options selling post said that the concept was too difficult to follow. Let’s use an analogy!

Monitor a UPS with a Raspberry Pi Zero W

Mon, 15 Mar 2021 00:00:00 +0000

Monitor nearly any uninterruptible power supply (UPS) with a Raspberry Pi Zero W and HomeAssistant

Defending losing options trades

Wed, 10 Feb 2021 00:00:00 +0000

You did your research and made a great options trade, but now it is a losing trade. What can you do now?

Which stock broker should you use?

Sun, 24 Jan 2021 00:00:00 +0000

Not all stock brokerages are the same. Think about your requirements, shop around, and read the fine print.

Choosing options to sell

Sat, 23 Jan 2021 00:00:00 +0000

Taking the leap and selling your first options contract takes a lot of thought and preparation.

Lessons learned from selling puts

Mon, 04 Jan 2021 00:00:00 +0000

Learn from my successes and mistakes while selling puts in the stock market in 2020.

Know your max loss

Wed, 09 Dec 2020 00:00:00 +0000

Knowing your maximum amount of loss on trade is the difference between taking a calculated risk and blowing up your account.

The Dark Side: Selling Options

Mon, 07 Dec 2020 00:00:00 +0000

Selling options puts you on the other side of the options contract from buyers, but it comes with obligations.

Options trading introduction

Sun, 06 Dec 2020 00:00:00 +0000

Trading options contracts feels incredibly daunting, but you can learn the terminology and make good choices in the market.

Build AWS images with Image Builder

Fri, 19 Jun 2020 00:00:00 +0000

Build a customized image for AWS with Image Builder and use the built-in automatic uploader and importer.

My experience with keto so far

Thu, 11 Jun 2020 00:00:00 +0000

Moving to the keto lifestyle is a big change. It’s more than just a diet and I’ll share my ups and downs from my journey.

Make diacritics easy in Linux

Thu, 13 Feb 2020 00:00:00 +0000

Making an effort to use diacritics is always a good idea, but how can you make it easier in Linux?

My Travel Guide to Brno

Thu, 30 Jan 2020 00:00:00 +0000

Brno is a beautiful city in the Czech Republic. Learn some travel tips from my experiences as an American in Brno!

Disable Nvidia GPU on the Thinkpad T490

Fri, 24 Jan 2020 00:00:00 +0000

The Lenovo ThinkPad T490 is a great laptop, but it comes with some discrete GPU challenges.

Bring Back Fedora's Beefy Miracle boot splash

Mon, 16 Dec 2019 00:00:00 +0000

Fedora 17’s code name was Beefy Miracle and it had a great mascot. You can see it at boot time with a few quick changes.

Thinkpad T490 Fedora install tips

Thu, 12 Dec 2019 00:00:00 +0000

My new T490 with a 10th generation Intel CPU and a discrete NVIDIA MX250 has arrived! Installing Linux creates some interesting challenges.

Monitoring OpenShift cron jobs

Mon, 18 Nov 2019 00:00:00 +0000

Openshift (and Kubernetes) allow you to run jobs on schedule, but these jobs can fail from time to time. You can monitor them from bash!

Monitor CyberPower UPS wattage

Fri, 08 Nov 2019 00:00:00 +0000

Monitor the power consumption of your CyberPower UPS and display the live output in your Linux desktop’s status bar.

Install Chromium with VAAPI on Fedora 30

Sun, 20 Oct 2019 00:00:00 +0000

Lower your CPU usage and increase battery life when you watch certain videos by using Chromium with VAAPI support.

Customize GNOME from i3

Sun, 22 Sep 2019 00:00:00 +0000

All of your GNOME and gtk applications are configured in i3 with a few simple tricks.

Deploy monit in OpenShift

Wed, 11 Sep 2019 00:00:00 +0000

Monit is a tried-and-true monitoring daemon that is easy to deploy. Add it to OpenShift to make monitoring even easier.

Get faster GitLab runners with a ramdisk

Fri, 16 Aug 2019 00:00:00 +0000

Many cloud providers give you lots of memory with each instance and you can speed up tests and builds by using a ramdisk.

buildah error: vfs driver does not support overlay.mountopt options

Tue, 13 Aug 2019 00:00:00 +0000

Buildah and podman work well with the vfs storage driver, but the default mount options can cause problems.

Fedora 30 on Google Compute Engine

Wed, 07 Aug 2019 00:00:00 +0000

Fedora 30 is a great Linux distribution for cloud platforms, but it needs a little work to perform well on Google Compute Engine.

Ham Radio FAQ

Thu, 06 Jun 2019 00:00:00 +0000

Welcome! #This page is a work in progress!

Texas Linux Fest 2019 Recap

Sun, 02 Jun 2019 00:00:00 +0000

Another Texas Linux Fest has come and gone!

Build containers in GitLab CI with buildah

Fri, 24 May 2019 00:00:00 +0000

My team at Red Hat depends heavily on GitLab CI and we build containers often to run all kinds of tests.

Inspecting OpenShift cgroups from inside the pod

Fri, 05 Apr 2019 00:00:00 +0000

My team at Red Hat builds a lot of kernels in OpenShift pods as part of our work with the Continuous Kernel Integration (CKI) project.

Running Ansible in OpenShift with arbitrary UIDs

Fri, 22 Mar 2019 00:00:00 +0000

My work at Red Hat involves testing lots and lots of kernels from various sources and we use GitLab CE to manage many of our repositories and run our CI jobs.

Get a /56 from Spectrum using wide-dhcpv6

Tue, 19 Mar 2019 00:00:00 +0000

After writing my last post on my IPv6 woes with my Pixel 3, some readers asked how I’m handling IPv6 on my router lately.

Pixel 3 Wi-Fi drops constantly

Sun, 17 Mar 2019 00:00:00 +0000

We have two Google Pixel phones in our house: a Pixel 2 and a Pixel 3.

Stop audio pops on Intel HD Audio

Mon, 04 Mar 2019 00:00:00 +0000

I recently picked up a Dell Optiplex 7060 and I’m using it as my main workstation now.

Automatic floating windows in i3

Fri, 08 Feb 2019 00:00:00 +0000

The i3 window manager is a fast window manager that helps you keep all of your applications in the right place.

DevConf.CZ 2019 Recap

Thu, 31 Jan 2019 00:00:00 +0000

DevConf.CZ 2019 wrapped up last weekend and it was a great event packed with lots of knowledgeable speakers, an engaging hallway track, and delicious food.

Using the pressure stall information interface in kernel 4.20

Sun, 27 Jan 2019 00:00:00 +0000

Fedora 29 now has kernel 4.

Running Home Assistant in a Docker container with a Z-Wave USB stick

Mon, 14 Jan 2019 00:00:00 +0000

The Home Assistant project provides a great open source way to get started with home automtion that can be entirely self-contained within your home.

Allow a port range with firewalld

Fri, 04 Jan 2019 00:00:00 +0000

Managing iptables gets a lot easier with firewalld.

Disable autoplay for videos in Firefox 65

Tue, 18 Dec 2018 00:00:00 +0000

Firefox has some great features, but one of my favorites is the ability to disable autoplay for videos.

Getting started with ham radio repeaters

Thu, 13 Dec 2018 00:00:00 +0000

Repeaters are a great way to get into ham radio, but they can be tricky to use for new amateur radio operators. This post explains how to get started.

Use a secret as an environment variable in OpenShift deployments

Thu, 06 Dec 2018 00:00:00 +0000

Environment variables are easy to add to OpenShift deployments, but a more secure way to add these variables is by referencing a secret.

Make alt-arrow keys work with terminator and weechat

Thu, 06 Sep 2018 03:43:30 +0000

As I make the move from the world of GNOME to i3, I found myself digging deeper into the terminator preferences to make it work more like gnome-terminal.

How to thrive at a technical conference

Wed, 09 May 2018 23:54:28 +0000

I’m at the 2018 Red Hat Summit this week in San Francisco and I am enjoying the interactions between developers, executives, vendors, and engineers.

Reaching the fork in the road

Wed, 07 Mar 2018 16:18:51 +0000

Walt Disney said it best:

Install testing kernels in Fedora

Wed, 28 Feb 2018 13:53:48 +0000

If you’re on the latest Fedora release, you’re already running lots of modern packages.

Takeaways from my foray into amateur radio

Sat, 06 Jan 2018 19:26:53 +0000

The Overland Expo in Asheville last year was a great event, and one of my favorite sessions covered the basics about radio communications while overlanding.

Ensuring keepalived starts after the network is ready

Fri, 15 Dec 2017 21:18:37 +0000

After a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time:

Changes in RHEL 7 Security Technical Implementation Guide Version 1, Release 3

Thu, 02 Nov 2017 15:00:25 +0000

The latest release of the Red Hat Enterprise Linux Security Technical Implementation Guide (STIG) was published last week.

Import RPM repository GPG keys from other keyservers temporarily

Wed, 20 Sep 2017 15:24:13 +0000

I’ve been working through some patches to OpenStack-Ansible lately to optimize how we configure yum repositories in our deployments.

Thunderbird changes fonts in some messages, not all

Wed, 02 Aug 2017 12:54:38 +0000

Thunderbird is a great choice for a mail client on Linux systems if you prefer a GUI, but I had some problems with fonts in the most recent releases.

Troubleshooting CyberPower PowerPanel issues in Linux

Tue, 25 Jul 2017 18:16:11 +0000

I have a CyberPower BRG1350AVRLCD at home and I’ve just connected it to a new device.

Apply the STIG to even more operating systems with ansible-hardening

Fri, 21 Jul 2017 17:38:46 +0000

Tons of improvements made their way into the ansible-hardening role in preparation for the OpenStack Pike release next month.

Customize LDAP autocompletion format in Thunderbird

Tue, 18 Jul 2017 18:08:42 +0000

Thunderbird can connect to an LDAP server and autocomplete email addresses as you type, but it needs some adjustment for some LDAP servers.

Old role, new name: ansible-hardening

Tue, 27 Jun 2017 20:49:44 +0000

The interest in the openstack-ansible-security role has taken off faster than I expected, and one piece of constant feedback I received was around the name of the role.

Enable AppArmor on a Debian Jessie cloud image

Wed, 24 May 2017 16:14:03 +0000

I merged some initial Debian support into the openstack-ansible-security role and ran into an issue enabling AppArmor.

Fixing OpenStack noVNC consoles that ignore keyboard input

Thu, 18 May 2017 16:58:56 +0000

I opened up a noVNC console to a virtual machine today in my OpenStack cloud but found that the console wouldn’t take keyboard input.

OpenStack-Ansible networking on CentOS 7 with systemd-networkd

Thu, 13 Apr 2017 13:18:09 +0000

Although OpenStack-Ansible doesn’t fully support CentOS 7 yet, the support is almost ready.

RHEL 7 STIG v1 updates for openstack-ansible-security

Wed, 05 Apr 2017 17:46:17 +0000

DISA’s final release of the Red Hat Enterprise Linux (RHEL) 7 Security Technical Implementation Guide (STIG) came out a few weeks ago and it has plenty of improvements and changes.

Reflecting on 10 years of (mostly) technical blogging

Fri, 10 Mar 2017 14:11:51 +0000

It all started shortly after I joined Rackspace in December of 2006.

OpenStack isn’t dead. It’s boring. That’s a good thing.

Fri, 24 Feb 2017 16:06:24 +0000

NOTE: The opinions shared in this post are mine alone and are not related to my employer in any way.

systemd-networkd on Ubuntu 16.04 LTS (Xenial)

Sun, 15 Jan 2017 15:24:40 +0000

My OpenStack cloud depends on Ubuntu, and the latest release of OpenStack-Ansible (what I use to deploy OpenStack) requires Ubuntu 16.

ICC color profile for Lenovo ThinkPad X1 Carbon 4th generation

Wed, 11 Jan 2017 18:42:26 +0000

My new ThinkPad arrived this week and it is working well!

Display auditd messages with journalctl

Thu, 05 Jan 2017 15:53:13 +0000

All systems running systemd come with a powerful tool for reviewing the system journal: journalctl.

augenrules fails with “rule exists” when loading rules into auditd

Tue, 03 Jan 2017 19:01:46 +0000

When I came back from the holiday break, I found that the openstack-ansible-security role wasn’t passing tests any longer.

Talk Recap: Holistic Security for OpenStack Clouds

Mon, 31 Oct 2016 15:52:47 +0000

Thanks to everyone who attended my talk at the OpenStack Summit in Barcelona!

Why should students learn to write code?

Tue, 11 Oct 2016 04:08:19 +0000

There are lots of efforts underway to get students (young and old) to learn to write code.

Power 8 to the people

Thu, 22 Sep 2016 00:00:21 +0000

IBM Edge 2016 is almost over and I’ve learned a lot about Power 8 this week.

Preventing critical services from deploying on the same OpenStack host

Tue, 09 Aug 2016 17:07:35 +0000

OpenStack’s compute service, nova, manages all of the virtual machines within a OpenStack cloud.

OpenStack instances come online with multiple network ports attached

Wed, 03 Aug 2016 14:40:16 +0000

I ran into an interesting problem recently in my production OpenStack deployment that runs the Mitaka release.

Setting up a telnet handler for OpenStack Zuul CI jobs in GNOME 3

Fri, 22 Jul 2016 19:44:07 +0000

The OpenStack Zuul system has gone through some big changes recently, and one of those changes is around how you monitor a running CI job.

Bring back two and three finger taps in Fedora 24

Wed, 06 Jul 2016 04:54:13 +0000

Most of the recent Fedora upgrades have been quite smooth.

Talk recap: The friendship of OpenStack and Ansible

Wed, 29 Jun 2016 03:43:21 +0000

The 2016 Red Hat Summit is underway in San Francisco this week and I delivered a talk with Robyn Bergeron earlier today.

Automated security hardening with Ansible: May updates

Fri, 27 May 2016 02:40:33 +0000

Lots of work has gone into the openstack-ansible-security Ansible role since I delivered a talk about it last month at the OpenStack Summit in Austin.

Troubleshooting OpenStack network connectivity

Tue, 17 May 2016 02:43:41 +0000

NOTE: This post is a work in progress.

Getting started with gertty

Wed, 11 May 2016 13:45:53 +0000

When you’re ready to commit code in an OpenStack project, your patch will eventually land in a Gerrit queue for review.

Preventing Ubuntu 16.04 from starting daemons when a package is installed

Thu, 05 May 2016 15:54:27 +0000

I’ve gone on some mini-rants in other posts about starting daemons immediately after they’re installed in Ubuntu and Debian.

802.1x with NetworkManager using nmcli

Tue, 03 May 2016 19:23:24 +0000

Authenticating to a wired or wireless network using 802.

Talk Recap: Automated security hardening with OpenStack-Ansible

Tue, 26 Apr 2016 21:19:02 +0000

Today is the second day of the OpenStack Summit in Austin and I offered up a talk on host security hardening in OpenStack clouds.

Lessons learned: Five years of colocation

Fri, 22 Apr 2016 13:30:52 +0000

Back in 2011, I decided to try out a new method for hosting my websites and other applications: colocation.

Thunderbird opens multiple windows

Wed, 20 Apr 2016 13:31:56 +0000

When I started Thunderbird today, it opened three windows.

Enable IPv6 privacy in NetworkManager

Sun, 17 Apr 2016 16:35:57 +0000

On most IPv6-enabled networks, network addresses are distributed via stateless address autoconfiguration (SLAAC).

Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS

Thu, 31 Mar 2016 19:39:50 +0000

Let’s Encrypt has taken the world by storm by providing free SSL certificates that can be renewed via automated methods.

Mouse cursor disappears in GNOME 3

Fri, 11 Mar 2016 15:36:25 +0000

UPDATE: The fixed version of mutter is now in the Fedora updates repository.

Recovering deleted Chrome bookmarks on Linux

Fri, 26 Feb 2016 15:31:15 +0000

After getting a bit overzealous with cleaning up bookmarks in Chrome, I discovered that I deleted a helpful Gerrit filter for OpenStack reviews.

Fight cynicism with curiosity

Wed, 17 Feb 2016 15:30:14 +0000

I’m always interested to talk to college students about technology and business in general.

Segmentation faults with sphinx and pyenv

Tue, 09 Feb 2016 14:09:44 +0000

I’m a big fan of the pyenv project because it makes installing multiple python versions a simple process.

Enabling kwallet after accidentally disabling it

Thu, 28 Jan 2016 16:27:44 +0000

Although I use GNOME 3 as my desktop environment, I prefer KDE’s kwallet service to gnome-keyring for some functions.

Tinkering with systemd’s predictable network names

Wed, 20 Jan 2016 19:46:52 +0000

I’ve talked about predictable network names (and seemingly unpredictable ones) on the blog before, but some readers asked me how they could alter the network naming to fit a particular situation.

Updating Dell PowerEdge BIOS from Linux

Mon, 18 Jan 2016 20:53:38 +0000

Updating Dell PowerEdge firmware from Linux is quite easy, but it isn’t documented very well.

Nobody is using your software project. Now what?

Fri, 15 Jan 2016 17:35:48 +0000

Working with open source software is an amazing experience.

Custom keyboard shortcuts for Evolution in GNOME

Sat, 28 Nov 2015 05:33:29 +0000

I’ve been a big fan of Thunderbird for years, but it lacks features in some critical areas.

Talking to college students about information security

Tue, 10 Nov 2015 14:50:52 +0000

I was recently asked to talk to Computer Information Systems students at the University of the Incarnate Word here in San Antonio about information security in the business world.

systemd-networkd and macvlan interfaces

Mon, 26 Oct 2015 13:50:36 +0000

I spent some time working with macvlan interfaces on KVM hypervisors last weekend.

GRE tunnels with systemd-networkd

Fri, 16 Oct 2015 23:54:52 +0000

Switching to systemd-networkd for managing your networking interfaces makes things quite a bit simpler over standard networking scripts or NetworkManager.

What I learned while securing Ubuntu

Wed, 14 Oct 2015 20:53:12 +0000

The blog posts have slowed down a bit lately because I’ve been heads down on a security project at work.

Customizing systemd’s network device names

Tue, 29 Sep 2015 02:08:22 +0000

Earlier today, I wrote a post about my first thoughts on the Supermicro 5028D-T4NT server.

First thoughts: Linux on the Supermicro 5028D-TN4T

Mon, 28 Sep 2015 12:55:51 +0000

I’ve recently moved over to Rackspace’s OpenStack Private Cloud team and the role is full of some great challenges.

systemd in Fedora 22: Failed to restart service: Access Denied

Fri, 18 Sep 2015 19:43:35 +0000

If you’re running Fedora 22 and you’ve recently updated to systemd-219-24.

Time Warner Road Runner, Linux, and large IPv6 subnets

Fri, 11 Sep 2015 21:08:44 +0000

Although Time Warner Cable is now Spectrum and wide-dhcpv6 is quite old, this post is still what I’m using today (in 2019)!

Chronicles of SELinux: Dealing with web content in unusual directories

Thu, 10 Sep 2015 13:40:35 +0000

I’ve decided to start a series of posts called “Chronicles of SELinux” where I hope to educate more users on how to handle SELinux denials with finesse rather than simply disabling it entirely.

Impostor syndrome talk: FAQs and follow-ups

Wed, 02 Sep 2015 15:34:34 +0000

I’ve had a great time talking to people about my “Be an inspiration, not an impostor” talk that I delivered in August.

Build a network router and firewall with Fedora 22 and systemd-networkd

Thu, 27 Aug 2015 12:38:43 +0000

This post originally appeared on the Fedora Magazine blog.

Slides from my Texas Linux Fest 2015 talk

Sat, 22 Aug 2015 19:42:52 +0000

Thanks to all of the people who attended my “Be an inspiration, not an impostor” talk at Texas Linux Fest 2015.

Understanding systemd’s predictable network device names

Fri, 21 Aug 2015 21:15:36 +0000

I talked a bit about systemd’s network device name in my earlier post about systemd-networkd and bonding and I received some questions about how systemd rolls through the possible names of network devices to choose the final name.

Using systemd-networkd with bonding on Rackspace’s OnMetal servers

Fri, 21 Aug 2015 14:00:46 +0000

I’ve written about systemd-networkd in the past and how easy it can be to set up new network devices and tunnels.

Research Paper: Securing Linux Containers

Fri, 14 Aug 2015 20:45:50 +0000

It seems like there’s a new way to run containers every week.

Fedora Flock 2015: Keynote slides

Fri, 14 Aug 2015 15:10:08 +0000

Fedora Flock 2015 is still going here in Rochester, New York, and I kicked off our second day with a keynote talk about overcoming impostor syndrome.

Automated testing for Ansible CIS playbook on RHEL/CentOS 6

Wed, 05 Aug 2015 13:13:52 +0000

I started working on the Ansible CIS playbook for CentOS and RHEL 6 back in 2014 and I’ve made a few changes to increase quality and make it easier to use.

Live migration failures with KVM and libvirt

Mon, 03 Aug 2015 13:13:30 +0000

I decided to change some of my infrastructure back to KVM again, and the overall experience has been quite good in Fedora 22.

Very slow ssh logins on Fedora 22

Mon, 27 Jul 2015 12:09:44 +0000

I’ve recently set up a Fedora 22 firewall/router at home (more on that later) and I noticed that remote ssh logins were extremely slow.

Restoring wireless and Bluetooth state after reboot in Fedora 22

Sun, 19 Jul 2015 22:14:30 +0000

My upgrade to Fedora 22 on the ThinkPad X1 Carbon was fairly uneventful and the hiccups were minor.

Aruba access points, EAP, and wpa_supplicant 2.4 bugs

Fri, 17 Jul 2015 12:29:29 +0000

I stumbled upon a strange bug at work one day and found I couldn’t connect to our wireless access points any longer.

Allow new windows to steal focus in GNOME 3

Mon, 06 Jul 2015 12:36:05 +0000

GNOME 3 generally works well for me but it has some quirks.

Stumbling into the world of 4K displays [UPDATED]

Wed, 01 Jul 2015 04:33:43 +0000

Woot suckered me into buying a 4K display at a fairly decent price and now I have a Samsung U28D590D sitting on my desk at home.

Fedora 22 and rotating GNOME wallpaper with systemd timers

Tue, 23 Jun 2015 17:25:02 +0000

My older post about rotating GNOME’s wallpaper with systemd timers doesn’t seem to work in Fedora 22.

Book Review: Linux Kernel Development

Sun, 21 Jun 2015 15:26:54 +0000

I picked up a copy of Robert Love’s book, Linux Kernel Development, earlier this year and I’ve worked my way through it over the past several weeks.

Improving LXC template security

Thu, 18 Jun 2015 19:52:11 +0000

I’ve been getting involved with the Fedora Security Team lately and we’re working as a group to crush security bugs that affect Fedora, CentOS (via EPEL) and Red Hat Enterprise Linux (via EPEL).

Time for a new GPG key

Thu, 11 Jun 2015 19:14:03 +0000

After an unfortunate death of my Yubikey NEO and a huge mistake on backups, I’ve come to realize that it’s time for a new GPG key.

Chrome 43 stuck in HiDPI mode

Wed, 10 Jun 2015 12:36:03 +0000

I ran some package updates last night and ended up with a new version of Google Chrome from the stable branch.

cups.service start operation timed out in Fedora 22

Tue, 09 Jun 2015 14:35:48 +0000

Applications on my Fedora 22 system kept stalling when I attempted to print.

PulseAudio popping with multiple sounds in Fedora 22

Mon, 08 Jun 2015 13:37:24 +0000

My transition from Fedora 21 to 22 on the ThinkPad X1 Carbon was fairly uneventful even with over 2,400 packages involved in the upgrade.

Adventures with GRE and IPSec on Mikrotik routers

Wed, 27 May 2015 13:46:28 +0000

I recently picked up a RB850GX2 from my favorite Mikrotik retailer, r0c-n0c.

Xen 4.5 crashes during boot on Fedora 22

Wed, 27 May 2015 12:33:21 +0000

If you’re currently running a Xen hypervisor on a Fedora release before 22, stay put for now.

You have a problem and icanhazip.com isn’t one of them

Wed, 20 May 2015 12:50:41 +0000

I really enjoy operating icanhazip.

Keep old kernels with yum and dnf

Mon, 18 May 2015 14:22:56 +0000

When you upgrade packages on Red Hat, CentOS and Fedora systems, the newer package replaces the older package.

Automatic package updates with dnf

Tue, 12 May 2015 01:22:10 +0000

With Fedora 22’s release date quickly approaching, it’s time to familiarize yourself with dnf.

Tweetdeck’s Chrome notifications stopped working

Fri, 08 May 2015 13:55:55 +0000

With the last few weeks, I noticed that Tweetdeck’s notifications weren’t showing up in Chrome any longer.

HOWTO: Mikrotik OpenVPN server

Fri, 01 May 2015 15:33:35 +0000

Mikrotik firewalls have been good to me over the years and they work well for multiple purposes. Creating an OpenVPN server on the device can allow you to connect into your local network when you’re on the road or protect your traffic when you’re using untrusted networks.

Although Miktrotik’s implementation isn’t terribly robust (TCP only, client cert auth is wonky), it works quite well for most users. I’ll walk you through the process from importing certificates through testing it out with a client.

Rackspace::Solve Atlanta Session Recap: “The New Normal”

Wed, 15 Apr 2015 14:00:56 +0000

This post originally appeared on the Rackspace Blog and I’ve posted it here for readers of this blog. Feel free to send over any comments you have!

Most IT professionals would agree that 2014 was a long year. Heartbleed, Shellshock, Sandworm and POODLE were just a subset of the vulnerabilities that caused many of us to stay up late and reach for more coffee. As these vulnerabilities became public, I found myself fielding questions from non-technical family members after they watched the CBS Evening News and wondered what was happening. Security is now part of the popular discussion.

Aaron Hackney and I delivered a presentation at Rackspace::Solve Atlanta called “The New Normal” where we armed the audience with security strategies that channel spending to the most effective security improvements. Our approach at Rackspace is simple and balanced: use common sense prevention strategies, invest heavily in detection, and be sure you’re ready to respond when (not if) disaster strikes. We try to help companies prioritize by focusing on a few key areas. Know when there’s a breach. Know what they touched. Know who’s responsible. Below, I’ve included five ways to put this approach into practice.

Run virsh and access libvirt as a regular user

Sat, 11 Apr 2015 15:30:54 +0000

Libvirt is a handy way to manage containers and virtual machines on various systems. On most distributions, you can only access the libvirt daemon via the root user by default. I’d rather use a regular non-root user to access libvirt and limit that access via groups.

Review: Lenovo X1 Carbon 3rd generation and Linux

Mon, 30 Mar 2015 14:15:52 +0000

After a boatload of challenges with what I thought would be my favorite Linux laptop, the Dell XPS 13 9343, I decided to take the plunge on a new Lenovo X1 Carbon (3rd gen). My late-2013 MacBook Pro Retina (MacbookPro11,1) had plenty of quirks when running Linux and I was eager to find a better platform.

Share a wireless connection via ethernet in GNOME 3.14

Mon, 30 Mar 2015 02:31:19 +0000

There are some situations where you want to do the opposite of creating a wireless hotspot and you want to share a wireless connection to an ethernet connection. For example, if you’re at a hotel that offers only WiFi internet access, you could share that connection to an ethernet switch and plug in more devices. Also, you could get online with your wireless connection and create a small NAT network to test a network device without mangling your home network.

Creating a bridge for virtual machines using systemd-networkd

Thu, 26 Mar 2015 13:17:08 +0000

There are plenty of guides out there for making ethernet bridges in Linux to support virtual machines using built-in network scripts or NetworkManager.

Test Fedora 22 at Rackspace with Ansible

Tue, 24 Mar 2015 13:55:08 +0000

Fedora 22 will be arriving soon and it’s easy to test on Rackspace’s cloud with my Ansible playbook:

Xerox ColorQube 9302 and Linux

Mon, 16 Mar 2015 02:23:07 +0000

I do a bunch of Linux-related tasks daily.

Using play/pause buttons in Chrome with GNOME 3

Fri, 20 Feb 2015 14:21:44 +0000

I wrote a post last summer about preventing Chrome from stealing the media buttons (like play, pause, previous track and next track) from OS X.

Rotate GNOME 3’s wallpaper with systemd user units and timers

Wed, 11 Feb 2015 14:23:03 +0000

NOTE: This works in Fedora 21, but not in Fedora 22.

Lessons learned from a kernel bisection

Mon, 09 Feb 2015 14:39:08 +0000

I’m far from being a kernel developer, but I found myself staring down a [peculiar touchpad problem][2] with my new Dell XPS 13.

Using ZoneMinder with a Logitech C270 webcam

Sun, 08 Feb 2015 04:04:08 +0000

For those of you in the market for a cheap webcam for videoconferencing or home surveillance, the Logitech C270 is hard to beat at about $20-25 USD.

Linux support for the Dell XPS 13 9343 (2015 model)

Tue, 03 Feb 2015 15:23:24 +0000

I’M ALL DONE: I’m not working on Linux compatibility for the XPS 13 any longer.

Helpful, low-FUD information security sites, mailing lists, and blogs

Thu, 08 Jan 2015 13:55:43 +0000

![1]

Try out LXC with an Ansible playbook

Wed, 17 Dec 2014 13:50:26 +0000

The world of containers is constantly evolving lately.

Install sysstat on Fedora 21

Fri, 12 Dec 2014 17:55:57 +0000

One of the first tools I learned about after working with Red Hat was sysstat.

Send weechat notifications via Pushover

Fri, 05 Dec 2014 16:11:13 +0000

IRC is my main communication mechanism and I’ve gradually moved from graphical clients, to irssi and then to weechat.

Trust an IP address with firewalld’s rich rules

Mon, 24 Nov 2014 14:44:09 +0000

Managing firewall rules with iptables can be tricky at times.

Test Fedora 21 at Rackspace with Ansible

Fri, 03 Oct 2014 20:24:19 +0000

Fedora 21 reached Alpha status last month and will reach beta status at the end of October.

Apache’s mod_proxy, mod_ssl, and BitTorrent Sync

Sun, 28 Sep 2014 02:08:18 +0000

BitTorrent Sync allows you to keep files synchronized between multiple computers or mobile devices.

HOWTO: Time Warner Cable and IPv6

Thu, 11 Sep 2014 14:43:03 +0000

Asus Maximus VI Gene – Error 55

Fri, 22 Aug 2014 14:20:23 +0000

It’s been quite a while since I built a computer but I decided to give it a try for a new hypervisor/NAS box at home.

Start Jenkins on Fedora 20

Wed, 13 Aug 2014 14:39:52 +0000

Installing Jenkins on Fedora 20 is quite easy thanks to the available Red Hat packages, but I ran into problems when I tried to start Jenkins.

httpry 0.1.8 available for RHEL and CentOS 7

Wed, 13 Aug 2014 13:20:28 +0000

Red Hat Enterprise Linux and CentOS 7 users can now install httpry 0.

Quickly post gists to GitHub Enterprise and github.com

Fri, 08 Aug 2014 21:13:07 +0000

Unexpected predictable network naming with systemd

Wed, 06 Aug 2014 21:09:34 +0000

While using a Dell R720 at work today, we stumbled upon a problem where the predictable network device naming with systemd gave us some unpredictable results.

Play/pause button stopped working in OS X Mavericks

Wed, 30 Jul 2014 14:31:04 +0000

My play/pause button mysteriously stopped working in iTunes and VLC mysteriously this week on my laptop.

Adventures in live booting Linux distributions

Tue, 29 Jul 2014 13:05:54 +0000

We’re all familiar with live booting Linux distributions.

X11 forwarding request failed on channel 0

Thu, 24 Jul 2014 19:24:32 +0000

Forwarding X over ssh is normally fairly straightforward when you have the correct packages installed.

Etsy reminds us that information security is an active process

Tue, 22 Jul 2014 13:06:23 +0000

I’m always impressed with the content published by folks at Etsy and Ben Hughes’ presentation from DevOpsDays Minneapolis 2014 is no exception.

AVC: denied dyntransition from sshd

Thu, 03 Jul 2014 19:52:51 +0000

I’ve been working with some Fedora environments in chroots and I ran into a peculiar SELinux AVC denial a short while ago:

Install Debian packages without starting daemons

Thu, 26 Jun 2014 20:39:44 +0000

My work at Rackspace has involved working with a bunch of Debian chroots lately.

Get colorful ansible output in Jenkins

Wed, 25 Jun 2014 21:32:18 +0000

Working with ansible is enjoyable, but it’s a little bland when you use it with Jenkins.

Getting Dell’s racadm working in Fedora 20

Fri, 20 Jun 2014 14:39:19 +0000

Dell provides the racadm software on Linux that allows you to manage Dell hardware from a Linux system.

Fixing broken DNS lookups in spamassassin

Fri, 20 Jun 2014 13:20:56 +0000

I talked about the joys of running my own mail server last week only to find that my mail server was broken yesterday.

Configure remote syslog for XenServer via the command line

Tue, 03 Jun 2014 17:55:59 +0000

Citrix has some helpful documentation online about configuring remote syslog support for XenServer using the XenCenter GUI.

Evade the Breach

Sat, 24 May 2014 18:36:48 +0000

This post appeared on the Rackspace Blog last week and I copied it here so that readers of this blog will see it.

Switching to systemd on Debian jessie

Tue, 20 May 2014 13:47:33 +0000

It seems like everyone is embracing systemd these days.

Text missing in chrome on Linux

Sun, 18 May 2014 04:33:14 +0000

I’m in the process of trying Fedora 20 on my retina MacBook and I ran into a peculiar issue with Chrome.

Helpful Linux I/O stack diagram

Wed, 30 Apr 2014 15:03:46 +0000

During one of my regular trips to reddit, I stumbled upon an amazingly helpful Linux I/O stack diagram:

Configure static IP addresses for Project Atomic’s KVM image

Wed, 23 Apr 2014 15:14:39 +0000

Amid all of the Docker buzz at the Red Hat Summit, Project Atomic was launched.

Launch secure LXC containers on Fedora 20 using SELinux and sVirt

Tue, 22 Apr 2014 04:11:00 +0000

Getting started with LXC is a bit awkward and I’ve assembled this guide for anyone who wants to begin experimenting with LXC containers in Fedora 20.

DevOps and enterprise inertia

Thu, 17 Apr 2014 17:46:25 +0000

As I wait in the airport to fly back home from this year’s Red Hat Summit, I’m thinking back over the many conversations I had over breakfast, over lunch, and during the events.

openssl heartbleed updates for Fedora 19 and 20

Tue, 08 Apr 2014 01:18:19 +0000

The openssl heartbleed bug has made the rounds today and there are two new testing builds or openssl out for Fedora 19 and 20:

Docker, trusted builds, and Fedora 20

Wed, 26 Mar 2014 05:17:58 +0000

Docker is a hot topic in the Linux world at the moment and I decided to try out the new trusted build process.

Show originating IP address in Apple Mail

Tue, 18 Mar 2014 14:20:13 +0000

I’ve received some very sophisticated phishing emails lately and I was showing some of them to my coworkers.

Annoying security requests highlight company silos

Mon, 10 Mar 2014 13:39:53 +0000

I stumbled upon this video earlier today via Tripwire’s Twitter feed:

virt-manager: ‘NoneType’ object has no attribute ‘cpus’

Thu, 06 Mar 2014 18:44:58 +0000

After upgrading my Fedora 20 Xen hypervisor to virt-manager 1.

Installing Xen on Fedora 20

Fri, 28 Feb 2014 03:43:27 +0000

I’ve written about installing Xen on Fedora 19 and earlier versions on this blog before.

Puppy Linux, icanhazip, and tin foil hats

Mon, 10 Feb 2014 04:04:27 +0000

I figured that the Puppy Linux and icanhazip.

Be an inspiration, not an impostor

Wed, 05 Feb 2014 03:44:18 +0000

Many of the non-technical posts on the blog are inspired by the comments of others.

Hierarchy of DevOps Needs from DevOps Weekly

Mon, 03 Feb 2014 02:30:40 +0000

I’ve made posts about the DevOps Weekly mailing list before.

nf_conntrack: table full, dropping packet

Tue, 07 Jan 2014 20:22:01 +0000

I was doing some testing with apachebench and received some peculiar results:

Learn octal file permissions easily with stat

Tue, 10 Dec 2013 13:41:40 +0000

My SANS classmates were learning how to set and recognize file permissions on a Linux server and we realized it would be helpful to display the octal value of the permissions next to the normal rwx display.

Information security nuggets from DevOps Weekly #150

Sun, 17 Nov 2013 21:31:10 +0000

Keeping an eye out for the DevOps Weekly email is something I’ve enjoyed since it started at the end of 2010.

One year in information security

Wed, 13 Nov 2013 15:15:12 +0000

Going to the dark side.

Speed up your Fedora PXE installations by hosting the stage2 installer locally

Sun, 03 Nov 2013 17:04:33 +0000

In my previous post about installing Fedora via PXE, I forgot to mention a big time saver for the installation.

Guide to securing apache

Tue, 22 Oct 2013 12:30:51 +0000

I stumbled upon a helpful guide to securing an apache server via Reddit’s /r/netsec subreddit.

One month using a Linux laptop at work: Back to the Mac

Mon, 23 Sep 2013 02:38:59 +0000

This post has been a bit delayed, but I want to follow up on the post I wrote last month about moving from OS X to Linux at work.

Keeping bwm-ng 0.6 functional on Fedora 19

Fri, 20 Sep 2013 02:51:31 +0000

If you run bwm-ng and you’ve run a yum upgrade lately on Fedora 19, you have probably seen this:

Need an edge at work? Learn accounting and finance.

Tue, 17 Sep 2013 04:06:18 +0000

I spent two days last week in a class called “Accounting and Finance for Non-Financial Managers” at UT Austin’s Texas Executive Education program.

Moving from OS X to Linux: Day One

Tue, 27 Aug 2013 03:05:46 +0000

The thought of using Linux as a manager in a highly Windows- and Mac-centric corporate environment isn’t something to be taken lightly.

Get a rock-solid Linux touchpad configuration for the Lenovo X1 Carbon

Sat, 24 Aug 2013 20:28:35 +0000

The X1 Carbon’s touchpad has been my nemesis in Linux for quite some time because of its high sensitivity.

PXE boot Fedora 19 using a Mikrotik firewall

Tue, 23 Jul 2013 21:47:33 +0000

Outside of the RHCA exams, I haven’t configured a PXE system for my personal needs.

A humble farewell to Seth Vidal

Wed, 10 Jul 2013 02:58:36 +0000

I was shocked to see Robyn Bergeron’s email today about Seth Vidal’s passing.

Boot VM’s with virt-manager and libvirt with ISO’s stored remotely via samba/cifs

Sun, 07 Jul 2013 01:51:10 +0000

Pairing virt-manager with KVM makes booting new VM’s pretty darned easy.

Confine untrusted users (including your children) with SELinux

Fri, 05 Jul 2013 18:50:43 +0000

The confined user support in SELinux is handy for ensuring that users aren’t able to do something that they shouldn’t.

Supermicro X9SCI/X9SCA server does a shutdown rather than a reboot

Mon, 03 Jun 2013 14:45:34 +0000

Most of my websites run on a pair of Supermicro servers that I purchased from Silicon Mechanics (and I can’t say enough good things about them and their servers).

Installing the Xen hypervisor on Fedora 19

Mon, 03 Jun 2013 04:27:43 +0000

It’s been a little while since I last posted about installing Xen on Fedora, so I figured that Fedora 19’s beta release was as good a time as any to write a new post.

Presentation: Demystifying SELinux

Wed, 29 May 2013 01:01:09 +0000

While rolling through my RSS feeds, I found a great presentation by David Quigley titled “Demystifying SELinux”.

Migrate KVM virtual machines from CentOS 6 to Fedora 18 without the luxury of shared storage

Wed, 22 May 2013 15:15:36 +0000

I’ve converted one of my KVM hypervisors from CentOS 6 to Fedora 18 and now comes the task of migrating my virtual machines off of my single remaining CentOS 6 hypervisor.

Handling terminal color escape sequences in less

Wed, 22 May 2013 02:33:00 +0000

This post is a quick one but I wanted to share it since I taught it to someone new today.

Changing your ssh server’s port from the default: Is it worth it?

Wed, 15 May 2013 04:43:41 +0000

Changing my ssh port from the default port (22) has been one of my standard processes for quite some time when I build new servers or virtual machines.

Automate CentOS 6 deployments with CIS Security Benchmarks already applied

Fri, 26 Apr 2013 14:15:24 +0000

A coworker heard me grumbling about Linux system administration standards and recommended that I review the CIS Security Benchmarks.

Limit access to the su command

Fri, 26 Apr 2013 04:05:46 +0000

The wheel group exists for a critical purpose and Wikipedia has a concise definition:

Reprint: Stop Disabling SELinux!

Fri, 19 Apr 2013 05:52:23 +0000

This article appeared in SC Magazine and I’ve posted it here as well.

Seriously, stop disabling SELinux

Tue, 16 Apr 2013 04:40:10 +0000

After many discussions with fellow Linux users, I’ve come to realize that most seem to disable SELinux rather than understand why it’s denying access.

Remove sensitive information from email headers with postfix

Mon, 15 Apr 2013 02:59:34 +0000

I’m in the process of moving back to a postfix/dovecot setup for hosting my own mail and I wanted a way to remove the more sensitive email headers that are normally generated when I send mail.

virt-manager won’t release the mouse when using ssh forwarding from OS X

Wed, 20 Mar 2013 05:26:56 +0000

The latest versions of virt-manager don’t release the mouse pointer when you’re doing X forwarding to a machine running OS X.

Late night virtualization frustration with kvm

Wed, 20 Mar 2013 05:07:21 +0000

I dragged out an old Aopen MP57-D tonight that was just sitting in the closet and decided to load up kvm on Fedora 18.

Survive the Google Reader exodus with Tiny Tiny RSS

Sun, 17 Mar 2013 21:27:38 +0000

It’s no secret that Google Reader is a popular way to keep up with your RSS feeds, but it’s getting shelved later this year.

Controlling sensitive company data means losing some control of it

Sun, 03 Mar 2013 17:18:13 +0000

This year’s RSA Conference was full of very useful content but the most useful session for me was a peer to peer discussion regarding BYOD on mobile devices.

Quick access to OpenPGP tasks with GPGTools in OS X

Fri, 08 Feb 2013 19:05:30 +0000

I’ve been a big fan of the GPGTools suite for Mac for quite a while but I discovered some neat features when right-clicking on a file in Finder today.

What my toddler taught me about information security

Sun, 13 Jan 2013 17:15:47 +0000

My new role has caused me to look at information security in a different way.

Fixing the Lenovo X1 Carbon’s washed out display

Tue, 08 Jan 2013 16:30:54 +0000

Although the X1 Carbon has a much better looking display than the T430s, it still looked a bit washed out when I compared it to other monitors right next to it.

Handy settings for the touchpad/clickpad in the Lenovo X1 Carbon

Fri, 28 Dec 2012 16:15:42 +0000

UPDATE: I’ve found a better configuration via another X1 Carbon user and there’s a new post with all the details.

Launch applications quickly with dmenu in XFCE

Thu, 27 Dec 2012 21:09:43 +0000

Ever since I saw QuickSilver for the first time, I’ve been hooked on quick application launchers.

Relocating a python virtual environment

Sun, 25 Nov 2012 21:27:47 +0000

Python’s virtual environment capability is extremely handy for situations where you don’t want the required modules for a particular python project to get mixed up with your system-wide installed modules.

Fixing finicky Bluetooth on the Samsung Galaxy S III

Tue, 20 Nov 2012 13:47:51 +0000

The biggest gripe I have about my Android phone is that the Bluetooth connectivity is very finicky with my car.

Log Android events remotely to a syslog server

Sun, 04 Nov 2012 20:47:39 +0000

I’m still quite pleased with my Samsung Galaxy SIII but there are some finicky Bluetooth issues with my car that I simply can’t figure out.

Using git clean to remove subdirectories containing git repositories

Wed, 24 Oct 2012 20:44:59 +0000

I had a peculiar situation today where I cloned a repository into a directory which was inside another repository.

Lenovo ThinkPad T430s review

Sun, 21 Oct 2012 21:15:44 +0000

This post covers the second half of my experience moving back to a Linux desktop but I figured it was a good opportunity to focus on the ThinkPad T430s itself as well as the Lenovo ordering experience.

Proud to be a part of OpenStack at Rackspace

Thu, 18 Oct 2012 03:34:37 +0000

Troy Toman delivered a great keynote this morning about OpenStack and how Rackspace uses it:

Going back to Linux as a desktop

Fri, 12 Oct 2012 13:43:01 +0000

Although I’ve been exclusively using a Mac for everything but servers since about 2008, I found myself considering a move back to Linux on the desktop after seeing how some people were using it at LinuxCon.

Automatic package updates in CentOS 6

Fri, 21 Sep 2012 13:21:01 +0000

Automating package updates in CentOS 6 is a quick process and it ensures that your system receives the latest available security patches, bugfixes and enhancements.

One week with Android

Fri, 07 Sep 2012 03:53:42 +0000

After getting Android-envy at LinuxCon, I decided to push myself out of my comfort zone and ditch my iPhone 4 for a Samsung Galaxy S III.

Monitoring and protecting your reputation online

Mon, 06 Aug 2012 14:00:50 +0000

After a recent issue I had with some users in the Puppy Linux forums, I thought it might be prudent to write a post about how to monitor and protect your reputation online.

Building vpnc with openssl support via MacPorts on Mac OS X

Wed, 01 Aug 2012 04:16:09 +0000

If you install vpnc via MacPorts on OS X, you’ll find that you have no openssl support after it’s built:

DNS Service Review: Luadns

Sun, 22 Jul 2012 20:31:16 +0000

Vitalie Cherpec contacted me back in May about his new hosted DNS offering, Luadns.

Boot the Xen hypervisor by default in Fedora 17 with GRUB 2

Mon, 16 Jul 2012 15:00:44 +0000

Although GRUB 2 does give us some nice benefits, changing its configuration can be a bit of a challenge if you’re used to working with the original GRUB for many, many years.

Mounting an LVM snapshot containing partitions

Sun, 15 Jul 2012 20:11:38 +0000

LVM snapshots can be really handy when you’re trying to take a backup of a running virtual machine.

X forwarding over ssh woes: DISPLAY is not set

Sat, 14 Jul 2012 19:56:09 +0000

This problem came up in conversation earlier this week and I realized that I’d never written a post about it.

SELinux, Xen, and block devices in Fedora 17

Tue, 10 Jul 2012 05:05:33 +0000

If you try to run Xen without libvirt on Fedora 17 with SELinux in enforcing mode, you’ll be butting heads with SELinux in no time.

Great guide for using traceroute and understanding its results

Wed, 13 Jun 2012 12:40:47 +0000

Anyone who has been a system administrator for even a short length of time has probably used traceroute at least once.

What installing a ceiling fan can teach you about administering servers

Mon, 11 Jun 2012 16:00:57 +0000

The feedback from my last lengthy post (Lessons learned in the ambulance pay dividends in the datacenter) about analogies between EMS and server administration was mostly positive, so I decided to do it again!

Keep tabs on OpenStack development with OpenStack Watch on Twitter

Fri, 08 Jun 2012 12:19:26 +0000

It’s no secret that I’m a fan of Twitter and OpenStack.

Lessons learned in the ambulance pay dividends in the datacenter

Thu, 31 May 2012 15:00:47 +0000

While cleaning up a room at home in preparation for some new flooring, I found my original documents from when I first became certified as an Emergency Medical Technician (EMT) in Texas.

Lesser-known but extremely handy Linux tools

Fri, 11 May 2012 21:28:58 +0000

Kristóf Kovács has a fantastic post about some lesser-known Linux tools that can really come in handy in different situations.

Performance and redundancy boost for icanhazip.com

Wed, 18 Apr 2012 23:30:06 +0000

It’s been a few years since I started a little project to operate a service to return your IPv4 and IPv6 address.

Getting a Technical Job at Rackspace

Mon, 09 Apr 2012 14:00:56 +0000

You’ve probably noticed that the blog has slowed down a bit recently.

Why technical people should blog (but don’t)

Fri, 30 Mar 2012 14:30:45 +0000

I originally wrote this post for the Rackspace Blog but I decided to post it here in case some of my readers might have missed it.

mysql-json-bridge: a simple JSON API for MySQL

Thu, 29 Mar 2012 02:34:53 +0000

My quest to get better at Python led me to create a new project on GitHub.

Compare commits between two git branches

Thu, 15 Mar 2012 15:00:24 +0000

I found myself stuck in a particularly nasty situation a few weeks ago where I had two git branches with some commits that were mixed up.

New Fedora and EPEL package: httpry

Wed, 14 Mar 2012 14:00:29 +0000

A fellow Racker showed me httpry about five years ago and I’ve had in my toolbox as a handy way to watch HTTP traffic.

Installing XenServer 6.0.2 on an AOpen MP57

Mon, 12 Mar 2012 17:00:56 +0000

Getting XenServer installed on some unusual platforms takes a bit of work and the AOpen MP57 is a challenging platform for a XenServer 6.

Handy hints for using dtrace on the Mac

Sat, 10 Mar 2012 18:49:59 +0000

I’m a big fan of Linux tools which allow you to monitor things in great detail.

Preparing for Red Hat Exams

Tue, 28 Feb 2012 21:35:28 +0000

I originally wrote this post for the Rackspace Blog but I’ve posted it here just in case anyone following my blog’s feed finds it useful.

Looking back at the long road to becoming a Red Hat Certified Architect

Mon, 13 Feb 2012 15:00:41 +0000

The grades came back last Friday and I’ve passed the last exam in the requirements to become a Red Hat Certified Architect (RHCA).

Installing Fedora 16 in XenServer

Sun, 12 Feb 2012 03:39:11 +0000

Getting Fedora 16 working in XenServer isn’t the easiest thing to do, but I’ve put together a repository on GitHub that should help.

Using OpenSSL’s s_client command with web servers using Server Name Indication (SNI)

Tue, 07 Feb 2012 14:07:41 +0000

One of the handiest tools in the OpenSSL toolbox is s_client.

The Kerberos-hater’s guide to installing Kerberos

Sun, 05 Feb 2012 21:03:52 +0000

As promised in my earlier post entitled Kerberos for haters, I’ve assembled the simplest possible guide to get Kerberos up an running on two CentOS 5 servers.

Get notifications instead of automatic updates in Scientific Linux

Sat, 04 Feb 2012 19:01:54 +0000

Scientific Linux installations have a package called yum-autoupdate by default and the package contains two files:

Kerberos for haters

Fri, 03 Feb 2012 04:29:32 +0000

I’ll be the first one to admit that Kerberos drives me a little insane.

Create a local PyPi repository using only mod_rewrite

Wed, 01 Feb 2012 04:02:49 +0000

Regular users of Python’s package tools like pip or easy_install are probably familiar with the PyPi repository.

Getting started with SELinux

Thu, 26 Jan 2012 04:28:41 +0000

I used to be one of those folks who would install Fedora, CentOS, Scientific Linux, or Red Hat and disable SELinux during the installation.

XenServer 6: Storage repository on software RAID

Mon, 16 Jan 2012 15:00:21 +0000

Although Citrix recommends against using software RAID with XenServer due to performance issues, I’ve had some pretty awful experiences with hardware RAID cards over the last few years.

XenServer 6: Disable GPT and get a larger root partition

Fri, 13 Jan 2012 15:00:10 +0000

XenServer 6 is a solid virtualization platform, but the installer doesn’t give you many options for customized configurations.

Native IPv6 connectivity in Mikrotik’s RouterOS

Wed, 11 Jan 2012 13:30:07 +0000

It’s no secret that I’m a big fan of the Routerboard devices and the RouterOS software from Mikrotik that runs on them.

SELinux and .forward files

Mon, 02 Jan 2012 22:44:43 +0000

If you want to forward e-mail from root to another user, you can usually place a .

Getting online with a CradlePoint PHS-300 and an AT&T USBConnect Mercury

Fri, 16 Dec 2011 07:07:08 +0000

Anyone who has used a 3G ExpressCard or USB stick knows how handy they can be when you need internet access away from home (and away from Wi-Fi).

Automatically upgrading to new point releases of Scientific Linux

Wed, 23 Nov 2011 13:20:12 +0000

When you install Scientific Linux, it will keep you on the same point release that you installed.

DisplayLink USB to DVI issues in OS X Lion

Thu, 17 Nov 2011 13:38:48 +0000

I added a DisplayLink USB to DVI adapter to my MacBook Pro a while back and it occasionally has some issues where it won’t start the display after connecting the USB cable.

Live upgrade Fedora 15 to Fedora 16 using yum

Tue, 15 Nov 2011 04:37:39 +0000

Before we get started, I really ought to drop this here:

Tracing a build through OpenStack Compute (Nova)

Mon, 07 Nov 2011 15:05:42 +0000

My work at Rackspace has changed a bit in the last few weeks and I’ve shifted from managing a team of engineers to a full technical focus on OpenStack Nova.

Installing irssi via MacPorts on OS X Lion 10.7.1

Fri, 30 Sep 2011 13:24:44 +0000

I’ve floated back and forth between graphical IRC clients and terminal-based clients for a long time.

Getting back to using eth0 in Fedora 15

Sun, 25 Sep 2011 22:08:20 +0000

Fedora 15 was released with some updates to allow for consistent network device names.

Receive e-mail reports for SELinux AVC denials

Fri, 16 Sep 2011 04:17:04 +0000

SELinux isn’t a technology that’s easy to tackle for newcomers.

Getting apache, PHP, and memcached working with SELinux

Thu, 08 Sep 2011 03:55:00 +0000

I’m using SELinux more often now on my Fedora 15 installations and I came up against a peculiar issue today on a new server.

How to write e-mails to nerds (that they will actually read)

Fri, 26 Aug 2011 13:00:06 +0000

Standard e-mail etiquette is pretty obvious to most of us and if you’re good at it, you’ll get your point across more often without stepping on toes or causing unneeded confusion.

Contest winners from the “Inspire a sysadmin” contest

Mon, 22 Aug 2011 12:43:53 +0000

Before I get started, I’d like to give a big thanks to all of the visitors who dropped by and participated in the contest last week.

Inspire a sysadmin, get a ThinkGeek gift certificate

Wed, 17 Aug 2011 12:36:52 +0000

UPDATE: THE STAKES ARE RAISED!

Highlight IP addresses with a double click in Firefox

Tue, 16 Aug 2011 12:46:07 +0000

My daily work involves working with a large number of servers and one of my frustrations with Firefox is that it’s not possible to select an entire IP address with a double click with the default settings.

Xen 4.1 on Fedora 15 with Linux 3.0

Sat, 06 Aug 2011 04:34:06 +0000

If you haven’t noticed already, full Xen dom0 support was added in the Linux 3.

Success with stress

Fri, 22 Jul 2011 01:50:34 +0000

This is a copy of a post I wrote for the Rackspace Talent blog.

Keep all old kernels when upgrading via yum

Thu, 16 Jun 2011 12:50:46 +0000

Some might call me paranoid, but I get nervous when my package manager automatically removes a kernel.

Measure traffic flows with Mikrotik’s RouterOS and ntop on Fedora 15

Sun, 05 Jun 2011 14:58:26 +0000

It’s no secret that I’m a big fan of the RouterBoard network devices paired with Mikrotik’s RouterOS.

Handy networking cheat sheets from Packet Life

Wed, 25 May 2011 13:38:45 +0000

If you find yourself forgetting bits and pieces about network topics, Packet Life’s cheat sheets should be a handy resource for you.

Do your homework before a technical interview

Tue, 03 May 2011 02:05:05 +0000

If you work for a growing company like I do, it’s inevitable that you’ll have to do your fair share of interviewing.

How to survive as a technical manager

Tue, 29 Mar 2011 14:25:59 +0000

Anyone who says management is easy obviously hasn’t done it for very long or they’re not doing their job very well.

Strategies for detecting a compromised Linux server

Thu, 10 Mar 2011 02:52:16 +0000

There are few things which will rattle systems administrators more than a compromised server.

Dual-primary DRBD with OCFS2

Mon, 14 Feb 2011 02:12:58 +0000

As promised in one of my previous posts about dual-primary DRBD and OCFS2, I’ve compiled a step-by-step guide for Fedora.

Gearing up for FUDCon 2011

Sat, 29 Jan 2011 15:01:20 +0000

FUDCon 2011 in Tempe hasn’t even fully started yet, but it’s been well worth the trip already.

Single boot Linux on an Intel Mac Mini

Wed, 26 Jan 2011 13:32:53 +0000

After reading the title of this post, you might wonder “Why would someone pay for a Mac Mini and then not use OS X with it?

Sending binary e-mail attachments from the command line with mutt

Tue, 11 Jan 2011 01:10:58 +0000

E-mailing a binary e-mail attachment from a Linux server has always been difficult for me because I never found a reliable method to get it done.

Strategies for storing backups

Mon, 10 Jan 2011 01:20:44 +0000

Although it’s not a glamorous subject for system administrators, backups are necessary for any production environment.

Using GNU sort to sort a list by IP address

Thu, 06 Jan 2011 13:52:58 +0000

My daily work requires me to work with a lot of customer data and much of it involves IP address allocations.

Mounting a raw partition file made with dd or dd_rescue in Linux

Wed, 15 Dec 2010 01:07:24 +0000

This situation might not affect everyone, but it struck me today and left me scratching my head.

Locate RPM packages which contain a certain file

Thu, 09 Dec 2010 02:30:00 +0000

It’s not easy remembering which RPM packages contain certain files.

Tap into your Linux system with SystemTap

Wed, 08 Dec 2010 02:27:02 +0000

One of the most interesting topics I’ve seen so far during my RHCA training at Rackspace this week is SystemTap.

Keep web servers in sync with DRBD and OCFS2

Fri, 03 Dec 2010 02:01:12 +0000

The guide to redundant cloud hosting that I wrote recently will need some adjustments as I’ve fallen hard for the performance and reliability of DRBD and OCFS2.

Monitor MySQL restore progress with pv

Wed, 24 Nov 2010 16:43:28 +0000

The pv command is one that I really enjoy using but it’s also one that I often forget about.

Throwing thoughtful “403 Forbidden” responses with apache

Wed, 17 Nov 2010 13:47:19 +0000

If you offer a web service that users query via scripts or other applications, you’ll probably find that some people will begin to abuse the service.

Accessing Rackspace Cloud Servers and Slicehost slices privately via OpenVPN

Tue, 16 Nov 2010 13:52:53 +0000

Diagram: OpenVPN to Rackspace Cloud Servers and Slicehost

Upgrading Fedora 13 to Fedora 14 on Slicehost and Rackspace Cloud Servers

Wed, 03 Nov 2010 20:02:45 +0000

On most systems, using Fedora’s preupgrade package is the most reliable way to update to the next Fedora release.

Do professional certifications belong in your e-mail signature?

Sat, 16 Oct 2010 15:53:25 +0000

After a discussion amongst coworkers about professional certifications in e-mail signatures yesterday, I decided to throw the question out to Twitter to gather some feedback:

Securing your ssh server

Tue, 12 Oct 2010 22:39:15 +0000

One of the most common questions that I see in my favorite IRC channel is: “How can I secure sshd on my server?

Installing Xen 4 on Fedora 13

Fri, 10 Sep 2010 13:56:49 +0000

Installing Xen can be a bit of a challenge for a beginner and it’s made especially difficult by distribution vendors who aren’t eager to include it in their current releases.

A nerd’s perspective on cloud hosting

Wed, 25 Aug 2010 13:03:52 +0000

Let’s go ahead and get this out of the way: The following post contains only my personal opinions.

Very unscientific GlusterFS benchmarks

Fri, 13 Aug 2010 20:55:24 +0000

I’ve been getting requests for GlusterFS benchmarks from every direction lately and I’ve been a bit slow on getting them done.

One month with GlusterFS in production

Wed, 11 Aug 2010 13:29:02 +0000

As many of you might have noticed from my previous GlusterFS blog post and my various tweets, I’ve been working with GlusterFS in production for my personal hosting needs for just over a month.

Adding comments to iptables rules

Mon, 26 Jul 2010 15:00:52 +0000

After I wrote a recent post on best practices for iptables, I noticed that I forgot to mention comments for iptables rules.

A modern implementation and explanation of Linux Virtual Server (LVS)

Sun, 27 Jun 2010 16:03:27 +0000

Typical configuration for a proxy-type load balancer

Parsing mdadm output with paste

Mon, 14 Jun 2010 14:05:57 +0000

My curiosity is always piqued when I find new ways to manipulate command line output in simple ways.

GlusterFS on the cheap with Rackspace’s Cloud Servers or Slicehost

Fri, 28 May 2010 00:34:10 +0000

NOTE: This post is out of date and is relevant only for GlusterFS 2.

How to sell: a guide for technical people

Thu, 27 May 2010 02:12:39 +0000

I’ll admit it right now: I love engaging customers and learning more about how what we do at Rackspace can help their business or ideas take flight.

Idiot’s guide to OAuth logins for Twitter

Thu, 20 May 2010 01:26:07 +0000

It certainly shouldn’t be difficult, but I always have a tough time with OAuth.

Legacy tty1 and block device support for Xen guests with pvops kernels

Fri, 14 May 2010 13:24:34 +0000

The discussions about the paravirt_ops, or “pvops”, support in upstream kernels at Xen Summit 2010 last month really piqued my interest.

Best practices: iptables

Mon, 12 Apr 2010 13:35:31 +0000

Anyone who has used iptables before has locked themselves out of a remote server at least once.

Adjusting tty’s in Fedora 13 with upstart

Fri, 26 Mar 2010 14:09:13 +0000

Fedora 13 has quite a few changes related to upstart, and one of the biggest ones is how terminals are configured.

Why I’m a Racker

Fri, 26 Mar 2010 13:38:07 +0000

I normally try to keep my work-related items separate from this blog, but I felt that I needed to break tradition for a moment.

Testing network throughput with iperf

Sat, 20 Mar 2010 21:38:07 +0000

When you need to measure network throughput and capacity, I haven’t found a simpler solution than iperf.

SIGTERM vs. SIGKILL

Thu, 18 Mar 2010 13:25:59 +0000

Sending signals to processes using kill on a Unix system is not a new topic for most systems administrators, but I’ve been asked many times about the difference between kill and kill -9.

Sticky shift key with synergy in Fedora 12

Thu, 04 Mar 2010 02:44:12 +0000

My synergy setup at work is relatively simple.

Private network interfaces: the forgotten security hole

Tue, 02 Mar 2010 00:55:07 +0000

Regardless of the type of hosting you’re using - dedicated or cloud - it’s important to take network interface security seriously.

System Administration Inspiration: If it’s broken, break it a little more

Sun, 28 Feb 2010 16:47:16 +0000

Earlier this year, I started a series of posts to encourage systems administrators to refine their troubleshooting abilities.

MySQL: The total number of locks exceeds the lock table size

Tue, 16 Feb 2010 18:00:29 +0000

If you’re running an operation on a large number of rows within a table that uses the InnoDB storage engine, you might see this error:

MySQL: The total number of locks exceeds the lock table size

Fri, 29 Jan 2010 13:12:21 +0000

This problem has cropped up for me a few times, but I’ve always forgotten to make a post about it.

Switching between audible and visual bells in screen

Thu, 21 Jan 2010 14:37:09 +0000

About a year ago, I was introduced to the joys of using irssi and screen to access irc servers.

Crash course in dsh

Wed, 20 Jan 2010 14:47:56 +0000

Thanks to a recommendation from [Michael][1] and [Florian][2], I’ve been using [dsh][3] with a lot of success for quite some time.

Change the escape keystrokes in screen

Thu, 07 Jan 2010 14:11:23 +0000

One of my favorite (and most used) applications on any Linux machine is screen.

A New Year System Administrator Inspiration

Mon, 04 Jan 2010 02:53:53 +0000

Happy New Year!

Parse kernel.org changelogs with wget and grep

Tue, 15 Dec 2009 23:14:47 +0000

I try to keep up with the latest kernel update from kernel.

Upgrading Fedora 11 to 12 using yum

Tue, 08 Dec 2009 02:28:06 +0000

As with the Fedora 10 to 11 upgrade, you can upgrade Fedora 11 to Fedora 12 using yum.

Disable acceleration for Apple’s Magic Mouse

Thu, 03 Dec 2009 13:55:41 +0000

Edit: After further research, I found that this fix only adjusts the speed at which your mouse moves.

Automatically loading iptables rules on Debian/Ubuntu

Tue, 17 Nov 2009 04:39:52 +0000

If you want your iptables rules automatically loaded every time your networking comes up on your Debian or Ubuntu server, you can follow these easy steps.

Changing the time zone in irssi

Tue, 03 Nov 2009 14:34:42 +0000

I usually set the time zone on my servers to UTC, but that makes it a bit confusing for me when I use irssi.

Fix MacFusion on Snow Leopard

Fri, 28 Aug 2009 16:21:23 +0000

Running OS X 10.

Fedora 11 httpd: alloc_listener: failed to get a socket for (null)

Fri, 14 Aug 2009 17:14:02 +0000

If you use Fedora 11 in a virtualized environment, you may have seen this error recently if you’ve updated to apr-1.

Installing the mysql gem in Fedora 11 64-bit

Fri, 07 Aug 2009 18:57:22 +0000

On some systems, getting the mysql gem to build can be a little tricky.

Graphical representation of Cisco’s BGP issues this morning

Tue, 04 Aug 2009 14:45:45 +0000

If you haven’t checked out bgplay, it’s pretty handy.

Get the public-facing IP for any server with icanhazip.com

Fri, 31 Jul 2009 13:41:38 +0000

There are a ton of places on the internet where you can check the public-facing IP for the device you are using.

Rotating rails logs when using Phusion Passenger

Fri, 26 Jun 2009 15:09:54 +0000

I found a great post on Overstimulate about handling the rotation of rails logs when you use Phusion Passenger.

Deleting all e-mail messages in your inbox with mutt

Fri, 19 Jun 2009 17:37:58 +0000

Occasionally, I’ll end up with a mailbox full of random data, alerts, or other useless things.

Two great signals: SIGSTOP and SIGCONT

Mon, 15 Jun 2009 18:16:19 +0000

The best uses I’ve found for the SIGSTOP and SIGCONT signals are times when a process goes haywire, or when a script spawns too many processes at once.

Upgrading from Fedora 10 (Cambridge) to Fedora 11 (Leonidas)

Thu, 11 Jun 2009 17:48:39 +0000

There are two main ways to upgrade Fedora 10 (Cambridge) to Fedora 11 (Leonidas):

Simple SOCKS proxy using SSH

Tue, 26 May 2009 19:29:55 +0000

Sometimes we find ourselves in places where we don’t trust the network that we’re using.

Comparing MySQL result sets quickly

Tue, 05 May 2009 15:51:09 +0000

I found a really helpful tip on Xaprb for comparing result sets in MySQL:

Re-scan the SCSI bus in Linux after hot-swapping a drive

Thu, 23 Apr 2009 17:00:54 +0000

Servers with hot swappable drive bays are always handy.

Piping log files to a syslog server

Tue, 21 Apr 2009 22:59:21 +0000

If you have a centralized syslog server, or you use Splunk for log tracking, you may find the need to get older log files into a syslog port on that server.

PHPMyAdmin 3.x hides the table indexes

Sat, 04 Apr 2009 00:51:48 +0000

Users of PHPMyAdmin 3.

Enabling VNC as a pseudo-KVM with VMWare Server

Wed, 25 Mar 2009 01:28:59 +0000

Mac users feel a little left out when it comes to VMWare Server clients.

Compare the RPM packages installed on two different servers

Tue, 10 Mar 2009 23:31:49 +0000

Setting up new servers can be a pain if you’re not able to clone them from a server that is known to be working.

Prevent gnome-keyring from asking for a password when NetworkManager starts

Fri, 27 Feb 2009 00:21:21 +0000

I recently tossed Ubuntu 8.

Upgrade Debian etch to lenny

Wed, 18 Feb 2009 13:28:39 +0000

I’ve tested this Debian etch to lenny upgrade process a few times so far, and it seems to be working well.

Linux: emergency reboot or shutdown with magic commands

Fri, 30 Jan 2009 02:07:06 +0000

Most linux distributions use some type of mechanism to gracefully stop daemons and unmount storage volumes during a reboot or shutdown.

Linux: Adjust storage kernel module load order

Mon, 26 Jan 2009 20:40:01 +0000

I set up a system at home that has two SATA controllers: one is on the motherboard (nvidia chipset), while the other is on a Silicon Image SATA card that has three eSATA ports.

Writing a Ruby on Rails application without using a database

Fri, 09 Jan 2009 17:00:44 +0000

Some of you may be wondering “why would you want to use Rails without a database?

CPAN: Automatically install dependencies without confirmation

Fri, 02 Jan 2009 01:44:51 +0000

I enjoy using CPAN because it installs Perl modules with a simple interface, fetches dependencies, and warns you when things are about to end badly.

Reducing inode and dentry caches to keep OOM killer at bay

Thu, 04 Dec 2008 00:44:20 +0000

When it comes to frustrating parts of the Linux kernel, OOM killer takes the cake.

Simple server monitoring with xinetd

Wed, 03 Dec 2008 00:13:10 +0000

You can use the simple but powerful xinetd on your Linux server to monitor almost anything on the server.

Importing Excel files into MySQL with PHP

Fri, 07 Nov 2008 19:42:45 +0000

If you have Excel files that need to be imported into MySQL, you can import them easily with PHP.

Plesk: Upgrade to 8.4 causes “no such user” error in maillog

Thu, 06 Nov 2008 17:04:08 +0000

If you have a Plesk server where short mail names are enabled, upgrading to Plesk 8.

Viewing documentation for your ruby gems

Thu, 06 Nov 2008 00:14:57 +0000

I stumbled into this four line ruby script that will serve up all of the rdoc documentation for your server’s currently installed gems:

What is ‘steal time’ in my sysstat output?

Tue, 04 Nov 2008 17:19:08 +0000

After running sar on my new slice from SliceHost*, I noticed a new column called steal.

Syncing an iPhone with a new Mac without hassles

Sun, 02 Nov 2008 16:56:23 +0000

I know I usually talk about Linux server related topics on this blog, but I’m pretty proud of what I’ve figured out this morning on my Mac.

Installing Microsoft’s TrueType fonts on Linux servers

Fri, 24 Oct 2008 00:31:23 +0000

Although the idea of putting something from Microsoft on a Linux box might sound awful at first, you may find a reason to use Microsoft TrueType fonts on a Linux server.

ext3_dx_add_entry: Directory index full!

Mon, 13 Oct 2008 17:00:51 +0000

I found a server last week that was having severe issues with disk I/O to the point where most operations were taking many minutes to complete.

Apache 2.2: internal dummy connection

Wed, 24 Sep 2008 01:42:21 +0000

After working with some RHEL 5 servers fairly regularly, I noticed a reduction in Apache 2.

Compress your web content for better performance

Fri, 19 Sep 2008 17:00:47 +0000

Most web developers expend a lot of energy optimizing queries, reducing the overhead of functions, and streamlining their application’s overall flow.

SquirrelMail: 127 Can’t execute command

Mon, 08 Sep 2008 17:16:00 +0000

I found a Plesk 8.

Listing of VMWare configuration parameters

Fri, 05 Sep 2008 17:09:54 +0000

For a recent project, I needed to automatically provision VM’s for testing.

CentOS/RHEL x86_64 + VMWare: Use of uninitialized value in string

Wed, 03 Sep 2008 17:06:20 +0000

I was working with a CentOS 5 x86_64 installation running VMWare server last week when I stumbled upon this error:

Encrypted filesystems and partitions on RHEL 5

Tue, 02 Sep 2008 01:55:36 +0000

I spoke with a customer last week who was curious about enabling encrypted partitions on a DAS connected to their server.

Basic procmail configuration with spamassassin filtering

Wed, 13 Aug 2008 17:00:48 +0000

I’ve used this extremely basic procmail configuration a million times, and it’s a great start for any server configuration.

Enabling Ruby on Rails support for a domain in Plesk

Tue, 12 Aug 2008 01:16:18 +0000

If you have Plesk 8.

Reduce disk I/O for small reads using memory

Thu, 07 Aug 2008 17:00:27 +0000

Many applications that are used on a standard server perform quite a few of small writes to the disk (like MySQL or Apache).

Automatically starting synergy in GDM in Ubuntu/Fedora

Wed, 30 Jul 2008 17:00:09 +0000

Before you follow this guide, be sure to read about the issue I had in Fedora 12 with this strategy.

Plesk 8.4.0: Unable to use short names for POP3/IMAP

Mon, 28 Jul 2008 16:08:50 +0000

If you recently upgraded to Plesk 8.

MySQL: ERROR 1040: Too many connections

Tue, 24 Jun 2008 17:00:47 +0000

If you run a fairly busy and/or badly configured MySQL server, you may receive something like this when attempting to connect:

Rebuilding statistics from previous months on Plesk 8.3

Fri, 20 Jun 2008 17:00:06 +0000

There was a bug in versions of Plesk prior to 8.

Why I interviewed at Google and stayed at Rackspace

Thu, 19 Jun 2008 17:00:10 +0000

As some of you might know, I interviewed for a position at Google in April of this year.

Remove backticks from MySQL dumps

Wed, 18 Jun 2008 17:00:01 +0000

I found myself in a peculiar situation last week.

Adjusting CPAN mirror list

Mon, 16 Jun 2008 17:00:01 +0000

One of the most frustrating aspects of CPAN is connecting to mirrors via FTP.

HP Servers: hwraidinfo and hwraidstatus in Linux

Fri, 13 Jun 2008 17:09:31 +0000

Working with the RAID configurations on Linux can be a little involved if all you have is hpacucli.

MySQL: Can’t drop one or more of the requested users

Wed, 11 Jun 2008 23:59:37 +0000

MySQL has quite a few cryptic error messages, and this one is one of the best:

Backing up MySQL to Amazon’s S3

Fri, 06 Jun 2008 00:18:49 +0000

I received an e-mail from Tim Linden about a post he made in his blog about backing up MySQL data to Amazon’s S3.

Forcing qmail to process e-mail in the queue

Fri, 02 May 2008 17:00:51 +0000

Normally, qmail will be able to process the mail queue without any interaction from the system administrator, however, if you want to force it to process everything that is in the queue right now, you can do so:

After Plesk upgrade, “Cannot initialize InnoDB”

Thu, 01 May 2008 17:00:09 +0000

Upgrading Plesk from 7.

Best PHP and MySQL development book

Tue, 29 Apr 2008 17:00:54 +0000

I finally remembered this book when someone asked me about how to get started with PHP and MySQL development.

Plesk: Disabling TRACE/TRACK methods globally

Wed, 23 Apr 2008 23:40:50 +0000

UPDATE: The TRACE/TRACK methods are disabled in Plesk 8.

Reducing locking delays in MySQL

Wed, 16 Apr 2008 17:32:50 +0000

Before getting started, it’s important to understand why MySQL uses locks.

mchk: Unable to initialize quota settings for someuser@somedomain.com

Mon, 14 Apr 2008 17:00:21 +0000

If you’re working in Plesk and you receive this error:

Small Companies: How to hire and fire a technical person

Wed, 02 Apr 2008 18:00:06 +0000

DISCLAIMER: Okay, technical folks - I’m doing this as a favor to the general community of people that aren’t very technical, but they need to know some tips for ridding themselves of a technical person that is harming their business.

Setting the maximum mail size in qmail

Mon, 24 Mar 2008 18:54:35 +0000

On a Plesk server, the maximum size for an individual e-mail sent through qmail is unlimited.

Importing MySQL dumps made on 64-bit servers

Fri, 21 Mar 2008 17:51:56 +0000

It’s tough to find examples of dumps that can’t be properly reimported on other servers.

Reduce iowait in Plesk: put qmail’s queue on a ramdisk

Fri, 14 Mar 2008 18:16:57 +0000

I really dislike qmail.

Plesk Professional Website Editor hangs at login

Thu, 13 Mar 2008 18:11:57 +0000

One of my biggest Plesk gripes is dealing with the Plesk Professional Website Editor.

What is the difference between file data and metadata?

Wed, 12 Mar 2008 18:01:59 +0000

Just in case some of you out there enjoy nomenclature and theory behind Linux filesystems, here’s some things to keep in mind.

Hunting down elusive sources of iowait

Tue, 11 Mar 2008 18:00:18 +0000

A question I’m asked daily is “How can I find out what is generating iowait on my server?

Strange error with Horde 3.1.3 and Plesk 8.1.1

Tue, 11 Mar 2008 02:49:05 +0000

I saw a ticket the other day where a customer received this error from Horde when trying to expand items on the left pane of the interface:

ntpd_initres: ntpd returns a permission denied error

Wed, 20 Feb 2008 18:30:02 +0000

I recently came across a server that was throwing this error into its message log:

sendmail: savemail panic

Mon, 18 Feb 2008 18:56:37 +0000

If you see a large mail queue and your system’s I/O is increasing, you may find messages like these in your syslog:

High iowait on RHEL 4 with Plesk and SpamAssassin

Thu, 31 Jan 2008 18:38:58 +0000

One of my biggest complaints on RHEL 4 is the large resource usage by the version of SpamAssassin that is installed.

Plesk and MySQL 5

Wed, 30 Jan 2008 18:29:18 +0000

One of the questions I receive the most is: “What version of Plesk works with MySQL 5?

Limiting which commands are kept in the bash history file

Tue, 29 Jan 2008 18:33:55 +0000

By setting a certain bash environment variable, you can limit which commands are kept in the .

Rebuilding the initial ram disk (initrd)

Mon, 28 Jan 2008 18:23:39 +0000

Installing new hardware may mean that new kernel need to be loaded when your server boots up.

Can’t enable DNSBL/RBL in Plesk because it’s greyed out

Fri, 25 Jan 2008 17:11:27 +0000

If you have a new Plesk installation and the following option is greyed out in Server -> Mail:

ip_conntrack: table full, dropping packet

Thu, 24 Jan 2008 18:26:40 +0000

Using Linux kernel 3.

qmail: This message is looping: it already has my Delivered-To line

Wed, 23 Jan 2008 18:20:27 +0000

I stumbled upon this peculiar bounce message recently while working on a server:

Dovecot: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory

Tue, 22 Jan 2008 18:47:21 +0000

You may catch this error when you attempt to start dovecot on a Red Hat Enterprise Linux 5.

Removing news feeds in Horde

Mon, 21 Jan 2008 18:36:49 +0000

If you’ve used newer versions of Horde with Plesk, you have probably noticed the news feed that runs down the left side of the screen.

MySQL Replication: Wrap-up

Tue, 15 Jan 2008 18:20:02 +0000

After a couple of weeks, my MySQL replication series has come to a close.

MySQL Replication: Slave Performance

Mon, 14 Jan 2008 18:26:40 +0000

There’s a few final configuration options that may help the performance of your slave MySQL servers.

MySQL Replication: Upgrading the MySQL server

Fri, 11 Jan 2008 23:44:54 +0000

If you want to make a DBA nervous, just let them know that they need to upgrade MySQL servers that are replicating in a production environment.

MySQL Replication: Across an external network

Thu, 10 Jan 2008 18:51:39 +0000

While many people might find replicating over an external network to be an odd concept, it does have some uses.

MySQL Replication: Breakdown

Wed, 09 Jan 2008 18:24:03 +0000

On some occasions, MySQL replication can break down if an statement comes from the master that makes no sense to the slave.

MySQL Replication: Delayed Slaves

Wed, 09 Jan 2008 03:11:11 +0000

In a perfect world, slaves will contain the same data as the master at all times.

MySQL Replication: Horizontal Data Partitioning

Mon, 07 Jan 2008 17:57:56 +0000

If you have a master with multiple slaves, you can get some performance and save money on hardware by splitting data horizontally among your servers.

MySQL Replication: Backups & Data Integrity

Fri, 04 Jan 2008 19:39:12 +0000

An often overlooked benefit of MySQL replication is the ability to make reliable backups without affecting the integrity of the MySQL data.

MySQL Replication: Redundancy

Fri, 04 Jan 2008 02:39:11 +0000

Although performance is a much larger benefit of replication, it provides some redundancy for your application as well.

MySQL Replication: Performance

Wed, 02 Jan 2008 18:20:05 +0000

MySQL replication can increase performance by allowing developers to spread queries over two servers.

Seven Step MySQL Replication

Mon, 31 Dec 2007 17:51:03 +0000

MySQL replication may sound complicated, but it can be done easily.

Plesk and qmail: 421 temporary envelope failure (#4.3.0)

Tue, 04 Dec 2007 18:21:23 +0000

I stumbled upon a server running Plesk 8.

Table ‘mysql.proc’ doesn’t exist

Thu, 29 Nov 2007 18:37:55 +0000

After I was asked to create a stored procedure on a MySQL 5.

Fixing Horde problems in Plesk 8.1.x/8.2.x with PHP 5.2.5

Wed, 28 Nov 2007 18:33:37 +0000

There’s a few issues with PHP 5.

Sort e-mail in Plesk with procmail

Tue, 27 Nov 2007 18:27:26 +0000

One of my biggest beefs with Plesk’s e-mail handling is the lack of server-side filtering.

EXT3-fs error (device hda3) in start_transaction: Journal has aborted

Tue, 20 Nov 2007 18:23:40 +0000

If your system abruptly loses power, or if a RAID card is beginning to fail, you might see an ominous message like this within your logs:

Red Hat Perl Issues: unable to call function somefunction on undefined value

Mon, 19 Nov 2007 18:19:12 +0000

Apparently, a recent Red Hat Enterprise Linux update for ES3, 4 and 5 caused some Perl applications to throw errors like these:

clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem

Fri, 16 Nov 2007 18:11:05 +0000

A few days ago, I stumbled upon a server running qmail with qmail-scanner.

Change the default Apache character set

Thu, 15 Nov 2007 18:09:01 +0000

By default, Red Hat Enterprise Linux 4 sets the default character set in Apache to UTF-8.

Plesk authorization failed: HTTP request error [7]

Wed, 14 Nov 2007 18:05:24 +0000

I found myself wrestling with a server where the Plesk interface suddenly became unavailable without any user intervention.

OpenSSL Tricks

Wed, 07 Nov 2007 18:26:24 +0000

Create a strong CSR and private key

Attractive aterm/rxvt .Xdefaults configuration

Sun, 04 Nov 2007 18:04:27 +0000

I’ve struggled at times to get a decent-looking terminal on my desktop, and I believe I’ve found a good one.

Enforcing mode requested but no policy loaded. Halting now.

Wed, 17 Oct 2007 18:17:22 +0000

Here’s a pretty weird kernel panic that I came across the other day:

Installing package groups with up2date

Wed, 17 Oct 2007 01:14:53 +0000

A few days ago, I began to install a group of packages with up2date, and the person next to me was surprised that up2date even had this functionality.

Enabling Dr. Web virus scanning for new accounts

Fri, 12 Oct 2007 18:35:06 +0000

If you’re using Plesk 8.

mysqldump: Got packet bigger than ‘max_allowed_packet’ bytes

Fri, 12 Oct 2007 01:28:17 +0000

When you dump table data from MySQL, you may end up pulling a large chunk of data and it may exceed the MySQL client’s max_allowed_packet variable.

BIND: ‘RRset exists (value dependent)’ prerequisite not satisfied (NXRRSET)

Wed, 10 Oct 2007 18:13:22 +0000

I was recently working on a server where a user on the server was concerned with these log messages:

Dovecot: mbox: Can’t create root IMAP folder

Wed, 10 Oct 2007 01:05:52 +0000

In some situations with dovecot running on your server, you may receive a message from your e-mail client stating that the “connection was interrupted with your mail server” or the “login process failed”.

Plesk: Error opening /var/lib/squirrelmail/prefs/default_pref

Tue, 09 Oct 2007 00:44:48 +0000

On brand new Plesk 8.

Slow Horde login process with Plesk

Fri, 05 Oct 2007 18:35:33 +0000

I’ve seen quite a few situations where the Horde login process can take upwards of 45 minutes to log a user into the webmail interface.

Preventing Plesk 8.2.x from adding up2date sources

Thu, 04 Oct 2007 18:29:14 +0000

One of the most annoying (and explosive) changes in Plesk 8.

Convert MyISAM tables to InnoDB

Thu, 04 Oct 2007 03:29:13 +0000

If you want to convert a MyISAM table to InnoDB, the process is fairly easy, but you can do something extra to speed things up.

Plesk: There is incorrect combination of resource records in the zone

Wed, 03 Oct 2007 03:21:19 +0000

Yet another weird Plesk error with terrible grammar popped up on a server that I worked with this week:

Plesk 7.5.4: Error: HTTPD_INCLUDE_D not defined

Tue, 02 Oct 2007 02:56:20 +0000

Normally, this error will pop up when you attempt to restart a Plesk-related service, like httpsd, psa-spamassassin or qmail:

Parsing HTML through PHP in Plesk

Fri, 28 Sep 2007 18:17:00 +0000

Some users will want to parse HTML through the PHP parser because one of their applications requires it, or because they think it’s a good idea.

Session problems with Horde in Plesk with AOL

Fri, 28 Sep 2007 02:06:52 +0000

Since AOL sends their users’ traffic through proxy servers, this can cause problems with Horde’s session handling in Plesk.

Counting open files per user

Wed, 26 Sep 2007 17:13:44 +0000

In the event that your system is running out of file descriptors, or you simply want to know what your users are doing, you can review their count of open files by running this command:

Adjusting postfix queue time / lifetime

Tue, 18 Sep 2007 22:55:38 +0000

If you want to adjust how long postfix will hold a piece of undeliverable mail in its queue, just adjust bounce_queue_lifetime.

Yum equivalents of up2date arguments

Mon, 17 Sep 2007 22:50:01 +0000

With RHEL 5 ditching up2date for yum, many Red Hat users might find themselves confused with the new command line flags.

Testing SpamAssassin with GTUBE

Sat, 15 Sep 2007 17:14:24 +0000

If you have SpamAssassin installed, but you want to make sure that it is marking or filtering your e-mails, simply send an e-mail which contains the special line provided here:

Check the modulus of an SSL certificate and key with openssl

Fri, 14 Sep 2007 17:13:51 +0000

When you create a CSR and private key to obtain an SSL certificate, the private key has some internal data called a modulus.

Slow IMAP and POP3 performance with large mailboxes on RHEL 2.1

Wed, 12 Sep 2007 13:00:32 +0000

By default, Red Hat Enterprise Linux 2.

RHEL limitations cheat sheet

Wed, 12 Sep 2007 01:01:49 +0000

When you find yourself in a pinch, and you don’t know the limits of a certain Red Hat Enterprise Linux version, you can find this information in one place.

Getting GrowlMail working with Apple Mail in Growl 1.1

Mon, 10 Sep 2007 04:44:10 +0000

So, this is not really related to the normal system administration topics discussed here, but it’s Sunday, so I feel like something different.

Hunting down annoying web spiders

Sat, 08 Sep 2007 22:16:07 +0000

We all enjoy having the GoogleBot and other search engine robots index our sites as it brings us higher on search engines, but it’s annoying when some user scrapes your site for their own benefit.

MySQL binary log rotation

Fri, 07 Sep 2007 22:07:17 +0000

If you’ve run MySQL in a replication environment, or if you’ve enabled binary logging for transactional integrity, you know that the binary logs can grow rather quickly.

Low priority Plesk backups

Thu, 06 Sep 2007 03:27:09 +0000

I hear a lot of complaints about Plesk’s backup routines and how they can bring a server to its knees.

MySQL and InnoDB: Orphaned .frm files

Sun, 02 Sep 2007 01:52:00 +0000

If an .

Postfix: 554 Relay access denied

Fri, 31 Aug 2007 01:06:02 +0000

Let’s say you have a user who can’t receive e-mail.

Apache: Disable TRACE and TRACK methods

Wed, 29 Aug 2007 00:27:59 +0000

Lots of PCI Compliance and vulnerability scan vendors will complain about TRACE and TRACK methods being enabled on your server.

Use a different IP for sending mail

Tue, 28 Aug 2007 03:13:21 +0000

If you find yourself in a pinch and you need a temporary fix when your primary IP is blacklisted, use the following iptables rule:

Apache: No space left on device: Couldn’t create accept lock

Fri, 24 Aug 2007 21:55:30 +0000

This error completely stumped me a couple of weeks ago.

MySQL couldn’t find log file

Fri, 24 Aug 2007 00:24:28 +0000

This error will pop up when binary logging is enabled, and someone thought it was a good idea to remove binary logs from the filesystem:

POP3 server disconnects immediately after login

Thu, 23 Aug 2007 03:54:52 +0000

When connecting to your server’s POP3 service, your client might provide this error just after authentication:

Qmail-smtpd spawns many processes and uses 100% of CPU

Wed, 22 Aug 2007 02:47:18 +0000

It’s not abnormal for qmail act oddly at times with Plesk, and sometimes it can use 100% of the CPU.

Change Plesk back to short mail names

Tue, 21 Aug 2007 00:46:50 +0000

If you have to use short e-mail usernames in Plesk (which is a bad idea), and someone accidentally sets the server to use full usernames, you can force Plesk to go back.

MySQL: Errcode: 24 when using LOCK TABLES

Mon, 20 Aug 2007 03:07:30 +0000

While running into MySQL’s open files limit will manifest itself into various error messages, this is the standard one that you’ll receive during a mysqldump:

Issues with mysqldump and views in Plesk

Sat, 18 Aug 2007 17:40:00 +0000

By default, views in MySQL 5.

MySQL unauthenticated login pile-up

Thu, 16 Aug 2007 12:14:21 +0000

Sometimes MySQL’s process list will fill with unauthenticated login entries that look like this:

It’s on Digg: Automated MySQL Performance Tuning Script

Wed, 15 Aug 2007 03:22:29 +0000

Help me out!

Huge MySQLTuner overhaul

Sun, 12 Aug 2007 23:51:05 +0000

I’ve been flooded with requests for MySQLTuner and I’ve answered them this weekend.

Using wildcard subdomains in Plesk

Sat, 11 Aug 2007 02:19:09 +0000

In some situations, you may want to have domain.

Correcting Horde problems after upgrading to PHP 5 on Plesk 7.5.x

Sat, 11 Aug 2007 02:08:49 +0000

With Plesk 7.

Urchin: Unable to open database for writing since it has been archived

Fri, 10 Aug 2007 01:43:55 +0000

Urchin sometimes takes it upon itself to do some weird things, and this is one of those times.

MySQL’s query cache explained

Thu, 09 Aug 2007 01:42:58 +0000

An often misused and misunderstood aspect of MySQL is the query cache.

Reset the Urchin admin password

Thu, 09 Aug 2007 00:50:45 +0000

Should you find yourself in the situation where you’ve forgotten the Urchin admin password, don’t worry.

Urchin: Warning! Task scheduler disabled.

Thu, 09 Aug 2007 00:48:20 +0000

When Urchin’s task scheduler fails, you’ll notice big gaps in your data within Urchin.

Adding IP aliases in FreeBSD

Thu, 09 Aug 2007 00:35:44 +0000

One question I hear quite often is “how do I add IP aliases in FreeBSD?

MySQL: Missing *.ibd files

Thu, 09 Aug 2007 00:22:40 +0000

Using the InnoDB engine can be tricky due to the ibdata files’ rather untraditional behavior.

Obscure MySQL variable explained: max_seeks_for_key

Fri, 03 Aug 2007 22:01:33 +0000

MySQL documentation can be awfully flaky - extremely verbose on issues that don’t require such verbosity, and then extremely terse on issues that need a lot of explanation.

Add custom rules to the Plesk firewall

Fri, 03 Aug 2007 02:54:01 +0000

Plesk has a (somewhat annoying) default firewall configuration that you can adjust from within the Plesk interface.

Generate self-signed certificate and key in one line

Fri, 03 Aug 2007 02:48:25 +0000

If you need a quick self-signed certificate, you can generate the key/certificate pair, then sign it, all with one openssl line:

Plesk: Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start

Fri, 03 Aug 2007 02:43:35 +0000

This error means that Plesk attempted to make a DNS change and reload named, but it failed.

Freeing up file descriptors in Plesk 8.2 with piped Apache logs

Fri, 03 Aug 2007 02:39:45 +0000

If you’ve used Plesk with a large amount of domains, you know what a pain running out of file descriptors can be.

Add spam filtering for all users in Plesk

Mon, 30 Jul 2007 02:46:10 +0000

These two commands will enable SpamAssassin for all users on a Plesk 8 server:

Disable X support in FreeBSD

Wed, 18 Jul 2007 15:12:40 +0000

Add to /etc/make.

Installing Lighttpd + PHP + FastCGI on FreeBSD

Wed, 18 Jul 2007 15:12:06 +0000

With portinstall:

Upgrading FreeBSD remotely

Wed, 18 Jul 2007 15:10:59 +0000

It can be best to upgrade FreeBSD in an offline state, but if you do it online, you can do it like this:

Importing existing keys and certificates into java keystore files

Wed, 18 Jul 2007 15:05:37 +0000

Making Java keystores at the same time as you create a CSR and key is pretty easy, but if you have a pre-made private key that you want to throw into a keystore, it can be difficult.

/bin/tar: Argument list too long

Fri, 06 Jul 2007 03:11:43 +0000

If you find yourself stuck with over 30,000 files in a directory (text files in this example), packing them into a tar file can be tricky.

Automatic Plesk login

Fri, 06 Jul 2007 03:09:27 +0000

If you want to make a quick bookmark that will automatically log yourself into Plesk, make this bookmark:

Enable submission port 587 in Postfix

Thu, 05 Jul 2007 00:29:36 +0000

Enabling submission port support for Postfix is really easy.

Check available entropy in Linux

Sun, 01 Jul 2007 16:46:11 +0000

Sometimes servers just have the weirdest SSL problems ever.

Active FTP connections through iptables

Sun, 01 Jul 2007 16:42:01 +0000

One of the main reasons people like passive FTP is that it’s easier to get through firewalls with it.

Redirect e-mails in postfix based on subject line

Sun, 01 Jul 2007 16:37:31 +0000

Depending on your situation, it may be handy to redirect e-mails that have a certain subject line before it even reaches a user’s inbox.

Repair auto_increment in MySQL

Sun, 01 Jul 2007 16:34:03 +0000

Table corruption in MySQL can often wreak havoc on the auto_increment fields.

Enable SSL support in Postfix

Sun, 01 Jul 2007 16:31:01 +0000

If you have postfix installed with OpenSSL support compiled in, you can enable SSL connections by editing two configuration files.

MySQL time zone different from system time zone

Sun, 01 Jul 2007 16:29:11 +0000

In some situations, the system time zone will be different than the one in MySQL, even though MySQL is set to use the system time zone.

Plesk and PHPMyAdmin: Non-static method PMA_Config::isHttps() should not be called statically

Sun, 01 Jul 2007 16:27:21 +0000

If this situation pops up in Plesk, it means that a user has changed their MySQL password outside of Plesk.

Remove all open_basedir restrictions in Plesk

Sat, 30 Jun 2007 15:54:49 +0000

If you want to remove all of the open_basedir restrictions for all sites in Plesk, simply create a file called /etc/httpd/conf.

Basic SNMP Configuration

Wed, 27 Jun 2007 23:06:21 +0000

If you want to get a really basic, wide-open for localhost setup for SNMP, just toss the following into /etc/snmp/snmpd.

Corrupt /dev/null

Tue, 19 Jun 2007 02:49:56 +0000

If you find that /dev/null is no longer a block device, and it causes issues during init on Red Hat boxes, you will need to follow these steps to return things to normal:

500 OOPS error from vsftpd

Thu, 14 Jun 2007 23:14:51 +0000

If you find yourself with the ever-so-peculiar 500 OOPS error from vsftpd when you attempt to login over SSH, there could be a few different things at play.

Adjusting qmail queue time / lifetime

Thu, 14 Jun 2007 22:58:01 +0000

If you want to adjust how long e-mails will spend in the qmail queue before they’re bounced, simple set the queuelifetime:

Adjusting sendmail queue time / lifetime

Thu, 14 Jun 2007 22:56:27 +0000

By default, sendmail will keep items in the queue for up to 5 days.

PHP CLI memory limit is different between users and root

Thu, 14 Jun 2007 22:53:33 +0000

If you find that memory limits differ between root and other users when PHP scripts are run from the command line, there may be an issue with your php.

Send Plesk e-mail to /dev/null or blackhole

Thu, 14 Jun 2007 22:42:22 +0000

Should you find yourself needing to send e-mail destined for a certain account to a blackhole or to /dev/null, you’ll find very little information from Google.

Rebuild RPM file permissions and ownerships

Thu, 14 Jun 2007 22:36:47 +0000

If you find that someone has done a recursive chmod or chown on a server, don’t fret.

Replace Urchin license key / serial number

Thu, 07 Jun 2007 04:47:52 +0000

If something horrible happened to your Urchin license key or you need to replace it with something else, just run this command to change the key:

Postgres process listing

Thu, 07 Jun 2007 04:44:39 +0000

If you’re used to SHOW PROCESSLIST; or mysqladmin processlist in MySQL, you might be searching for this same functionality in postgresql.

FreeBSD: Limiting closed port RST response

Thu, 07 Jun 2007 04:42:13 +0000

One of the nifty things about FreeBSD’s kernel is that it will limit closed port RST responses, which, in layman’s terms, just means that if someone repeatedly hits a port that’s closed, the kernel won’t respond to all of the requests.

Arrow keys in iTerm not working in vi/vim

Fri, 01 Jun 2007 03:28:58 +0000

I found myself pretty darned frustrated when my arrow keys didn’t work in iTerm in vi/vim or other ncurses-based applications.

Cisco PIX: Cannot select private key

Mon, 28 May 2007 02:10:13 +0000

If you receive the following error, your PIX does not have a key set up for use with SSH:

Install snort and BASE on FreeBSD

Sun, 27 May 2007 22:23:17 +0000

Installing snort from ports on FreeBSD is pretty straightforward, but there are some ‘gotchas’ that you need to be aware of.

Install mysql-server from ports on FreeBSD

Sun, 27 May 2007 21:47:13 +0000

Installing mysql on FreeBSD from ports is one of the oddest installations I’ve ever completed.

Errors with ifup regarding MAC addresses

Sun, 27 May 2007 16:44:55 +0000

If Redhat, CentOS, Fedora, or any other similar OS provides the following error:

Forward e-mail sent to non-existent users in Postfix

Sun, 27 May 2007 16:43:08 +0000

Normally, Postfix will reject e-mail sent to non-existent users if a catchall isn’t present for the specific domain that is receiving mail.

rpmdb: Lock table is out of available locker entries

Sun, 27 May 2007 16:38:32 +0000

If up2date throws some horrible Python errors and rpm says “rpmdb: Lock table is out of available locker entries”, you can restore your system to normality with the following:

Remove PHP’s open_basedir restriction in Plesk

Wed, 23 May 2007 17:21:58 +0000

If you have an open_basedir restriction that is causing issues with a domain, you can remove the restriction easily.

Changing the default SSL certificate in Plesk

Tue, 22 May 2007 02:16:57 +0000

When Plesk is installed, the default certificate for the Plesk interface itself is a self-signed certificate that is generated during the installation.

Enable submission port 587 in Sendmail

Mon, 21 May 2007 16:08:34 +0000

To enable submission access on port 587 in sendmail, add the following to the sendmail.

Postgresql not listening on network

Mon, 21 May 2007 15:04:12 +0000

On some operating systems, postgresql is not configured to listen on the network.

Speeding up MySQL

Mon, 21 May 2007 03:44:33 +0000

If there’s one question I get a lot, it would be “Hey, how can I speed up MySQL?

MySQL connections in sleep state

Mon, 21 May 2007 03:26:11 +0000

On some servers, you may notice that MySQL is consuming CPU and memory resources when it’s not processing any queries.

Joomla and Plesk permissions

Mon, 21 May 2007 03:13:23 +0000

Thanks to a highly awesome technician on my team, we’ve discovered the perfect permissions setup for Joomla and Plesk:

Remove query strings from URL’s with mod_rewrite

Fri, 18 May 2007 14:07:37 +0000

If you need to strip query strings from a URL with mod_rewrite, you can use a rewrite syntax such as the following:

Relay access denied

Fri, 18 May 2007 03:16:06 +0000

If you’re checking through your mail logs, or you catch a bounced e-mail with “554 relay access denied” in the bounce, the issue can be related to a few different things:

Show hidden dot files in proftpd

Thu, 17 May 2007 01:46:59 +0000

If you can’t see hidden files in proftpd (the files beginning with a dot, like .

Add SSL/TLS support to proftpd

Thu, 17 May 2007 01:45:37 +0000

To enable SSL/TLS support in proftpd, add the following to the proftpd.

Plesk submission port (587) for outbound mail

Tue, 15 May 2007 14:28:17 +0000

If you can’t send mail via port 25 due to blocks imposed by your ISP, you can enable the submission port within Plesk pretty easily.

Horde refreshes when logging in

Mon, 07 May 2007 21:20:51 +0000

If you find that Horde (with Plesk) keeps refreshing when you attempt to log in, and there are no errors logged on the screen or in Apache’s logs, check the session.

Plesk SQL Statements

Fri, 27 Apr 2007 15:52:17 +0000

When you need to find information about anything in Plesk, here’s some SQL statements that you can use:

Adding chrooted FTP users outside of Plesk

Fri, 27 Apr 2007 15:51:59 +0000

To add a chrooted FTP user outside of Plesk properly, you need to:

Install PayFlowPro for PHP on RHEL

Thu, 26 Apr 2007 22:06:35 +0000

To install PayFlowPro, you will need a few things:

Add SPF records to all domains in Plesk

Tue, 24 Apr 2007 16:28:31 +0000

If you find yourself in the situation where you need to bulk add SPF records to every domain in Plesk, you can use this huge one-liner:

Can’t find file: ‘horde_sessionhandler.MYI’

Thu, 19 Apr 2007 16:38:49 +0000

If you get this error, you’ve most likely done a file-based MySQL backup restore, and the InnoDB files are hosed.

Too many languages – can’t upgrade Plesk license

Thu, 19 Apr 2007 13:40:12 +0000

If Plesk throws an error that it can’t upgrade your license key because of languages, you need to remove the extra locales:

Telnet POP3 Commands

Tue, 17 Apr 2007 22:28:19 +0000

If you ever need to communicate with a POP3 server via telnet to test it, here’s some commands you can use:

SSL connection to a non-secure port

Tue, 17 Apr 2007 22:27:12 +0000

If you have weird SSL errors and this one appears, you are trying to speak SSL to a daemon that doesn’t understand it:

Disable SSH timeouts

Thu, 12 Apr 2007 16:15:02 +0000

To pretty much completely disable SSH timeouts, simply adjust the following directives in /etc/ssh/sshd_config:

Pre-upgrade Plesk Backup

Tue, 10 Apr 2007 18:55:06 +0000

Before you upgrade Plesk, it’s always a good idea to make a backup and also make your ip and shell maps:

Disable SSLv2 in Lighttpd

Sun, 08 Apr 2007 23:26:07 +0000

As with most things, turning off SSLv2 in Lighttpd is much easier than in Apache.

WordPress permalinks in Lighttpd

Sun, 08 Apr 2007 23:21:17 +0000

WordPress uses .

Lighttpd proxy to Tomcat

Fri, 06 Apr 2007 04:41:05 +0000

It seems like lighttpd and Tomcat are at the forefront of what is ‘hot’ these days.

Disable reverse lookups with qmail in Plesk

Thu, 05 Apr 2007 16:00:53 +0000

To disable reverse lookups in qmail with Plesk, simply add -Rt0 to the server_args line in /etc/xinetd.

451 Could not complete sender verify callout

Thu, 29 Mar 2007 14:17:06 +0000

This is one of Exim’s more cryptic errors:

Setting the hostname in Sendmail

Tue, 27 Mar 2007 21:01:26 +0000

If you need to change the hostname that Sendmail announces itself as, just add the following to sendmail.

/bin/rm: Argument list too long

Mon, 26 Mar 2007 17:16:55 +0000

If you have too many files to remove, try this trick:

Reset MySQL root password

Mon, 26 Mar 2007 03:27:33 +0000

If you’ve forgotten the root password for a MySQL server, but you know the system root, you can reset the MySQL root password pretty easily.

Apache’s mysterious trailing slash

Fri, 23 Mar 2007 13:20:27 +0000

You may find that some sites do not work well if you omit a trailing slash on the URL.

Adjust max_execution_time for Horde in Plesk

Fri, 23 Mar 2007 13:15:41 +0000

Often times, the wonderful webmail application known as Horde will spin out of control and cause unnecessary resource usage and often cause defunct Apache processes to appear.

Exporting SSL certificates from Windows to Linux

Fri, 23 Mar 2007 13:11:16 +0000

First, you have to get the certificate and key out of Windows in a pfx (PKCS #12) format.

Forcing HTTPS (SSL) with mod_rewrite

Wed, 21 Mar 2007 15:00:15 +0000

If you can’t use PHP to force HTTPS, you can use mod_rewrite instead.

Forcing HTTPS with PHP

Wed, 21 Mar 2007 14:27:35 +0000

To force HTTPS with a PHP script, just put this snippet near the top:

AWStats icons don’t appear in Plesk 8.1

Sun, 18 Mar 2007 19:17:26 +0000

The AWStats package in RHEL4/Centos4 and Plesk 8.

Quick and fancy mail blacklist checking

Mon, 12 Mar 2007 00:53:57 +0000

I rarely try to toot my own horn, but I’ve created a pretty handy site.

Stopping Double Bounces in Plesk

Mon, 05 Mar 2007 22:50:41 +0000

To stop those evil double bounce e-mails in Plesk, just do:

Change Primary IP Address in Plesk

Wed, 28 Feb 2007 15:36:19 +0000

If you need to change to a different primary IP in Plesk, here’s the easiest way:

Disabling SSLv2 in Plesk

Tue, 27 Feb 2007 18:17:02 +0000

To disable SSLv2 server-wide on a Plesk server, add this in your /etc/httpd/conf.

Disable Dr. Web Notifications in Plesk

Tue, 27 Feb 2007 16:10:56 +0000

You can edit /etc/drweb/drweb_qmail.

Hide Apache Version

Fri, 23 Feb 2007 21:07:48 +0000

If you want to hide the current version of Apache and your OS, just replace

ProFTPD shows incorrect GMT time with Plesk

Wed, 21 Feb 2007 19:13:01 +0000

A really really strange issue randomly appears with ProFTPD and Plesk occasionally.

Chmod and the mysterious first octet

Wed, 14 Feb 2007 04:00:52 +0000

If you’ve ever worked on a linux system, chances are that you’ve used chmod many times.

Understanding LVM

Wed, 14 Feb 2007 03:34:06 +0000

LVM is handy when you want additional flexibility to grow or shrink your storage space safely without impacting filesystems negatively.

Measuring raw shell bandwidth

Mon, 12 Feb 2007 04:20:06 +0000

Okay, so we know it’s easy to measure web, ftp and mail traffic, right?

Bulk IP update in Plesk

Mon, 12 Feb 2007 01:41:49 +0000

There’s lots of situations where you’d want to use a bulk IP change in Plesk:

Move domain between clients in Plesk

Mon, 12 Feb 2007 01:29:18 +0000

Moving domains from client to client in Plesk is pretty quick from the command line.

Finding compromised mail accounts in Plesk

Sat, 10 Feb 2007 16:35:23 +0000

If odd bounced e-mails are coming back to the server or the server is listed in a blacklist, some accounts may be compromised on the server.

Delete single iptables rules

Fri, 09 Feb 2007 19:03:18 +0000

You can delete them based on what they’re doing:

Enabling SSL in ProFTPD

Thu, 08 Feb 2007 23:28:18 +0000

If you need to enable SSL in ProFTPD, try this out:

Rewrite for certain IP addresses

Thu, 08 Feb 2007 18:26:45 +0000

Need to redirect all users except for yourself to another site until yours is live?

Fighting DDOS attacks in Linux

Wed, 07 Feb 2007 13:45:43 +0000

Check for a SYN flood:

Getting the SMTP Auth ID with Plesk

Wed, 07 Feb 2007 12:54:29 +0000

If you think an e-mail account has been hacked in Plesk, use this to hunt down which one it could be:

Cisco Logging to RHEL

Tue, 06 Feb 2007 21:48:54 +0000

If you have a Cisco device logging to RHEL, here’s all that’s necessary:

Get Plesk e-mail addresses and passwords

Thu, 01 Feb 2007 14:33:59 +0000

Need a handy way to list all the email accounts and their passwords?

Treason Uncloaked

Wed, 31 Jan 2007 21:58:48 +0000

TCP: Treason uncloaked!

Wave the Plesk magic wand

Wed, 31 Jan 2007 16:01:22 +0000

If Plesk ever appears to be out of sync with the configuration files, or if there’s a Plesk issue that’s occurring that makes no sense at all, just stand back and wave the Plesk magic wand:

Make Apache logs mimic IIS

Mon, 29 Jan 2007 17:45:22 +0000

To make Apache write logs similar to IIS, toss this into your Apache configuration:

Moving mail between some Plesk servers

Sat, 27 Jan 2007 18:29:24 +0000

If you’re migrating a domain, sometimes their mail will go to the old server for a while after you’ve changed the DNS.

Enabling CGI in Apache virtual hosts

Fri, 26 Jan 2007 17:12:34 +0000

Add this to the Apache configuration:

Finding usernames and passwords in Plesk DB

Fri, 26 Jan 2007 15:12:22 +0000

Need a username and password from the Plesk DB?

Increase MySQL connection limit

Wed, 24 Jan 2007 17:21:37 +0000

MySQL’s default configuration sets the maximum simultaneous connections to 100.

Verify that SSLv2 is disabled

Wed, 24 Jan 2007 15:57:51 +0000

If you’re looking to get PCI/CISP compliance, or you just like better security, disable SSL version 2.

Plesk admin user can’t login

Wed, 24 Jan 2007 15:35:37 +0000

Okay, so you’ve verified that the correct admin password is being used, but you still can’t login?

Can’t upload large files in PHP

Wed, 24 Jan 2007 15:35:29 +0000

First, check max_upload_size in php.

Argument list too long

Wed, 24 Jan 2007 15:35:24 +0000

If you have a ton of files in a directory and you need to remove them, but rm says that the “argument list [is] too long”, just use find and xargs:

Strip off www from URLs with mod_rewrite

Mon, 15 Jan 2007 19:45:55 +0000

If you need to remove subdomains from the URL that users enter to visit your website, toss this into your VirtualHost directive:

Sum Apache Bandwidth From Logs

Mon, 15 Jan 2007 15:33:09 +0000

If you’re not a fan of scientific notation, use this to calculate the apache bandwidth used from log files in MB:

Repairing the qmail queue

Thu, 11 Jan 2007 22:37:07 +0000

There are three main things to remember when it comes to the qmail queue:

Securing MySQL

Fri, 05 Jan 2007 01:46:19 +0000

If you work on enough servers, you discover that a lot of people put the security of their MySQL server on the back burner.

MySQL Row & Data Limits

Fri, 05 Jan 2007 01:24:17 +0000

As most folks know, by default, MySQL limits the size of a MyISAM table at 4GB.

About Sticky Bits

Sun, 31 Dec 2006 03:35:26 +0000

Sticky bits help you take file permissions to the next level.

Can’t Kill Sendmail Processes

Fri, 29 Dec 2006 00:35:18 +0000

If you find yourself in the sticky situation where kill -9 still won’t kill a sendmail process, check the process list.

PHPLive Has No session.save_path

Wed, 27 Dec 2006 17:29:52 +0000

Add this to the virtual host configuration if PHPLive says it has no session.

Raising MaxClients? Change ServerLimit.

Wed, 27 Dec 2006 14:36:40 +0000

Remember, if you raise MaxClients for an MPM in Apache, you must raise the ServerLimit directive, which is normally set to 256 on most servers.

Rootkit Checks on RHEL

Wed, 27 Dec 2006 04:01:45 +0000

If you think you have a rooted RHEL box, you’ll want to run the usual rkhunter, chkrootkit, and you will want to inspect for rogue processes.

Group Editing With FTP

Wed, 27 Dec 2006 03:44:55 +0000

So you have multiple users that need to read and write to certain files on the filesystem?

Fixing Invalid HELO’s

Wed, 27 Dec 2006 03:02:40 +0000

If your server is spewing an invalid HELO, you could be blacklisted pretty quickly.

Postfix – Forwarding Virtual Mailboxes

Wed, 27 Dec 2006 02:47:46 +0000

Setting up Postfix to handle mail for a virtual domain and forward it to external mailboxes is pretty easy.