Major Hayden content on Major HaydenHugoenAll content licensed [CC BY-SA 4.0]( 💜Mon, 22 Apr 2024 19:27:42 +0000cloud-init and dhcpcd, 18 Apr 2024 00:00:00 +0000;s cloud-init package now uses dhcpcd in place of dhclient, which went end of life in 2022. 💀Texas Linux Fest 2024 recap 🤠, 16 Apr 2024 00:00:00 +0000 gave two talks at this year&rsquo;s event and ran into lots of old friends and colleagues. 🐧Roll your own static blog analytics, 04 Apr 2024 00:00:00 +0000 blogs are easy to serve, but so many of the free options have no analytics whatsoever. This post talks about how to serve your own blog from a container with live updating analyticsConnect Caddy to Porkbun, 29 Feb 2024 00:00:00 +0000 offers a great web and proxy server experience with minimal configuration and automated TLS certificates. Learn how to connect Caddy to Porkbun to get TLS certificates by managing your DNS records for you automatically. 🐷Linux on the AMD ThinkPad Z13 G2, 14 Jan 2024 00:00:00 +0000 that AMD&rsquo;s Zen 4 CPUs landed in lots of laptops, I picked up a ThinkPad Z13 G2 with an AMD Ryzen CPU. Did I put Linux on it? Of course I did. 🐧Dark mode in Sway, 09 Jan 2024 00:00:00 +0000 mode lovers rejoice! It&rsquo;s possible to get (most) applications to show up in dark mode in the Sway window manager. 😎On diversity, 16 Dec 2023 00:00:00 +0000 teams lead to great outcomes, but how we measure diversity remains a challenge. Enforcing it is even more challenging. 🌎Horror book reviews from October 2023, 19 Nov 2023 00:00:00 +0000 brings us the Halloween holiday here in the US and I set off on an adventure into some spooky and unsettling books. 👻Moving to cloud is more than just a purchasing exercise, 27 Oct 2023 00:00:00 +0000 to cloud is about much more than just capital efficiency. It enables your teams to do more if they&rsquo;re willing to adopt some new practices.How I learned to stop worrying and love the CoreOS, 13 Oct 2023 00:00:00 +0000;s a blog post to answer the question: Why do you write so much about CoreOS? 📦Quadlets might make me finally stop using docker-compose, 25 Sep 2023 00:00:00 +0000, docker-compose is great, but could we get similar functionality using just the tools that are built into CoreOS? Can we get automatic updates, too? Yes we can! 📦Mounting the AWS Elastic File Store on Fedora, 13 Sep 2023 00:00:00 +0000 now has the AWS Elastic File Store (EFS) mount helper available for Fedora 38 and newer releases! It chooses optimized NFS mount options for you and makes mounting and unmounting a breeze.Car buying guide, 04 Sep 2023 00:00:00 +0000 you love to nerd out on just about anything, give it a try the next time you buy a car.Fixing a ghost database migration failure, 31 Aug 2023 00:00:00 +0000 woke up one morning to find my Ghost blog unresponsive. It required an unexpected fix. 🔧Open source contributions: Just do it, 16 Aug 2023 00:00:00 +0000 to make a change in an open source project? Take the Nike approach and Just Do It. 👟Add CloudFront CDN to a Ghost blog, 03 Jul 2023 00:00:00 +0000 an AWS CloudFront CDN distribution to a Ghost blog improves response times on an already fast blogging platform and increases security along the way. ⚡Deploy a containerized Ghost blog 👻, 27 Jun 2023 00:00:00 +0000 delivers a great self-hosted blogging platform that deploys well in containers. Let&rsquo;s deploy it on CoreOS along with Caddy. ️📝Engineering through layoffs, 25 Jun 2023 00:00:00 +0000 create traumatic times for many. Find ways to break through the frustration and pain. For those that stay, your ability to influence the business can grow. 🪴Launch a watchtower container via podman quadlets, 31 May 2023 00:00:00 +0000;s new quadlet feature lets you specify container launch configuration via simple systemd-like unit files. 📦CoreOS as a pet, 25 May 2023 00:00:00 +0000 provides a fast track to running containers with a light weight immutable OS underneath. This doesn&rsquo;t mean that you can&rsquo;t keep it around as a pet instance. 🐕My beef with mailing lists, 10 May 2023 00:00:00 +0000 issues with open source mailing lists aren&rsquo;t with the technology, but with unorganized pattern of the discourse itself. 🖇️Fedora on Oracle Cloud, 05 May 2023 00:00:00 +0000 a Fedora x86_64 or aarch64 image to Oracle Cloud and launch an instance. 🚀Add a VLAN on a Mikrotik router, 20 Apr 2023 00:00:00 +0000 your home network easily with a VLAN on a Mikrotik router. 🖥️1Password quick access in Sway, 19 Apr 2023 00:00:00 +0000 has a handy quick access launcher and you can bring it on screen for fast access to passwords and two factor codes in Sway. 🔐My home phone costs 85 cents a month, 18 Apr 2023 00:00:00 +0000 trying several services for home phones, I found a solution that costs me about $0.85 per month. ️️☎️Monitor your AWS bill, 02 Mar 2023 00:00:00 +0000 likes a surprise bill. Learn some ways to keep your AWS bill under control and avoid that end of the month panic. 😱Migrating to AWS CloudFront, 17 Feb 2023 00:00:00 +0000 experiences bring joy! After working with fun AWS CloudFront hacks at work this week, I decided to migrate this blog to AWS S3 and CloudFront. ⛅Red flags, 05 Jan 2023 00:00:00 +0000 job has its ups and downs, but when is it the right time to double down or the right time to leave? Make a list of red flags that help you decide. 🚩Automatic container updates with watchtower, 04 Jan 2023 00:00:00 +0000 keeps an eye on your running containers and updates them when new containers appear upstream. 📦Second try at self-hosting Mastodon, 02 Jan 2023 00:00:00 +0000 my first attempt at self-hosting Mastodon was a failure, I went back for a second attempt with docker-compose. 🧗‍♂️Connect 1Password's CLI and app in i3 with lxpolkit, 30 Dec 2022 00:00:00 +0000;s CLI tool connects via PolicyKit to the 1Password application for authentication, but this isn&rsquo;t the easiest in i3. 🔑Three years of keto, 18 Dec 2022 00:00:00 +0000 the keto lifestyle in 2023? Here are some pointers from me after three years. 🍽docker-compose on Fedora CoreOS, 17 Dec 2022 00:00:00 +0000 go-to method for managing containers easily is still docker-compose. It works really well on Fedora CoreOS. 📦My favorite podcasts, 15 Dec 2022 00:00:00 +0000 provide a great way to keep up with current events or learn more about the world around us, especially while we&rsquo;re doing other activities. 🎧Make your mark with the compose key, 12 Dec 2022 00:00:00 +0000 your composure with diacritics, symbols, and other characters with the compose key! ⌨Switch audio to bluetooth headphones automatically, 09 Dec 2022 00:00:00 +0000 switch your system audio to your bluetooth headset as soon as they connect. 🎧Deploy Fedora 37 on Hetzner Cloud 🇩🇪, 08 Dec 2022 00:00:00 +0000 cloud provider modifications and deploy a genuine release version of Fedora 37 on Hetzner Cloud. ⛅Configure multimedia keys on a Ducky One keyboard, 05 Dec 2022 00:00:00 +0000 up the multimedia keys on Ducky One keyboards lets you manage your music quickly. ⌨Clocks in multiple time zones with i3status, 04 Dec 2022 00:00:00 +0000 family or coworkers in multiple time zones? Get multiple clocks with i3status. ⌚Make screenshots quickly in i3 with maim and xclip, 29 Nov 2022 00:00:00 +0000 quick screenshots and send them to the clipboard in i3 with maim. 📸Manage sound volume with volumeicon in i3, 27 Nov 2022 00:00:00 +0000 your i3 configuration and monitor sound levels with volumeicon in your tray with the i3 window manager. 🔈Adventures with the mastodon herd, 11 Nov 2022 00:00:00 +0000 changes at Twitter led me to take a second look at mastodon, including running my own mastodon instance. 🐘Amateur Guide to Running, 06 Nov 2022 00:00:00 +0000 gets me outside and gives me a challenge where I can compete against myself. Here are my tips for becoming an amateur runner. 🎽Monitor a UPS with a Mikrotik router via SNMP, 28 Oct 2022 00:00:00 +0000 routers and switches serve as efficient network devices, but they know other tricks, too. Monitor your UPS with a Mikrotik device and query it via SNMP. 🔌Build a Tailscale exit node with firewalld, 27 Oct 2022 00:00:00 +0000 exit nodes allow you to route your traffic through nearly any system in your tailnet. Learn how to build an exit node using firewalld. 🕳️Strong impacts require soft skills, 08 Sep 2022 00:00:00 +0000 at work depends on more than your technical ability. Improve your soft skills to increase your impact. 💪PXE boot on a Mikrotik router, 02 Sep 2022 00:00:00 +0000 systems online quickly or rescue a broken system by PXE booting from using a Mikrotik router. 🛠How I write blog posts, 17 Aug 2022 00:00:00 +0000 feels very meta, but I thought it would be a good idea to share my blog post writing process anyway. 📝Takeaways from The Obesity Code, 12 Aug 2022 00:00:00 +0000 book teaches you more than dieting &ndash; it changes how you think about food entirely. 🍽Migrating from vscode to vim, 11 Aug 2022 00:00:00 +0000 people say I just enjoy the sound of my mechanical keyboard too much. 🤭 I see it as a simpler, more consistent workflow.Use GNOME Keyring with Sway, 05 Aug 2022 00:00:00 +0000 encrypted ssh keys to your workflow more efficiently with gnome-keyring in the sway window manager.Raise the bar with an SBAR, 02 Aug 2022 00:00:00 +0000 communicate a problem and your recommendation in record time with an SBAR. 📝Extra icanhazip services going offline, 28 Jul 2022 00:00:00 +0000 original lives on, but the other services are going offline. 😢Efficient emoji experience in Wayland, 27 May 2022 00:00:00 +0000 nobody wants an inefficient emoji workflow. 🙈Sway reload causes a Firefox crash, 24 May 2022 00:00:00 +0000 your sway config without disrupting Firefox. 🔥Build a custom CentOS Stream 9 cloud image, 06 May 2022 00:00:00 +0000 how to customize a CentOS Stream 9 cloud image with the stuff you want and nothing that you don&rsquo;t. 📦Basic authentication with Traefik on kubernetes, 20 Apr 2022 00:00:00 +0000 prying eyes away from your sites behind Traefik with basic authentication. 🛃W5WUT: My amateur radio station, 20 Apr 2022 00:00:00 +0000 radio is the best (and most frustrating) hobby on the planet! 📻Encrypted gitops secrets with flux and age, 19 Apr 2022 00:00:00 +0000 encrypted kubernetes secrets safely in your gitops repository with easy-to-use age encryption. 🔐Mount NFS shares in kubernetes, 08 Apr 2022 00:00:00 +0000 files over NFS within kubernetes pods with a quick volume mount. 🗄Update Supermicro BIOS firmware from Linux, 07 Apr 2022 00:00:00 +0000 your Supermicro BIOS firmware from Linux using their SUM utility. 🔧Install ThinkOrSwim on Fedora Linux, 31 Mar 2022 00:00:00 +0000 how to install TD Ameritrade&rsquo;s ThinkOrSwim desktop application on Linux and get everything working. 💸Disable HiDPI in alacritty, 25 Mar 2022 00:00:00 +0000 alacritty terminal on Fedora enables HiDPI mode by default. Break out your magnifying glasses as we disable HiDPI. 👓Build a URL shortener with Cloudflare Workers, 24 Mar 2022 00:00:00 +0000 your own personal URL shortener with GitHub Actions and Cloudflare Workers. No web or database servers required! 🥰Kerberos logins with Brave on Linux, 18 Dec 2021 00:00:00 +0000 recently changed how their browser reads managed policy configuration, but luckily the fix is an easy one. 🔧My Twitter reset, 17 Dec 2021 00:00:00 +0000 first I thought Twitter was the problem, but then I realized I was making poor choices. 🤔Deploy a custom Fedora 35 AMI to AWS with Image Builder, 16 Nov 2021 00:00:00 +0000 to build your own Fedora 35 image for AWS? Use Image Builder to build and deploy an image made just for you. 🏗Install Azure CLI on Fedora 35, 01 Nov 2021 00:00:00 +0000 services on Microsoft&rsquo;s Azure CLI on Fedora 35. 💙Secure Tailscale networks with firewalld, 30 Oct 2021 00:00:00 +0000 provides a handy private network mesh across multiple devices but it needs security just like any other network. 🕵ThinkPad X1 Nano Gen 1 Review, 23 Oct 2021 00:00:00 +0000 of the smallest ThinkPads delivers one of the best experiences I&rsquo;ve had on a laptop. 💻Run Xorg applications with podman, 17 Oct 2021 00:00:00 +0000 up graphical applications in containers and run them with podman. 🚢Backlight control with i3, 14 Oct 2021 00:00:00 +0000 the LED backlight on your laptop quickly in i3 on Linux. 💡Forwarding ports with firewalld, 11 Oct 2021 00:00:00 +0000 how to forward ports with firewalld for IPv4 and IPv6 destinations. 🕵🏻My summer 2021 reading list, 06 Sep 2021 00:00:00 +0000 set out to read a bunch of books this summer and succeeded! Here&rsquo;s my reading list. 📚Deploy Fedora CoreOS in Hetzner cloud, 20 Aug 2021 00:00:00 +0000 your containers on Fedora CoreOS instances in Hetzner cloud with a few workarounds. 🚀Set network interface speed with systemd-networkd, 20 Aug 2021 00:00:00 +0000 network interface autonegotiation doesn&rsquo;t work as well as it should. Luckily, you can fix it with systemd-networkd. 🔧Wildcard LetsEncrypt certificates with Traefik and Cloudflare, 16 Aug 2021 00:00:00 +0000 the same wildcard TLS certificate for multiple containers running behind traefik. 🚦Build Fedora AWS images in GitHub Actions with Image Builder, 06 Aug 2021 00:00:00 +0000 images for AWS and deploy them to your AWS account all within GitHub Actions. 🤖Major's CV, 06 Aug 2021 00:00:00 +0000 more about me, my work experience, and the things I&rsquo;ve created. 👨🏻‍💼DHCPv6 prefix delegation with systemd-networkd, 28 Jul 2021 00:00:00 +0000 the new DHCPv6 prefix delegation features in systemd-networkd to make IPv6 subnetting easy! 🎉Enable dark mode in Firefox without changing themes, 19 Jul 2021 00:00:00 +0000 allows you to set dark mode as the default without changing themes or changing your desktop configuration. 😎Enable touchpad tap to click in i3, 18 Jul 2021 00:00:00 +0000 tap-to-click on your laptop&rsquo;s touchpad in i3 with one of two methods. 💻Persuasion engineering, 11 Jul 2021 00:00:00 +0000 your persuasive skills to get your team on board with solutions to tough problems. 🤔Rootless container management with docker-compose and podman, 09 Jul 2021 00:00:00 +0000 rootless Linux containers without any daemons using docker-compose and podman on Fedora! 📦 FAQ, 05 Jul 2021 00:00:00 +0000 family of icanhaz sites help you get more information about your network connection.A new future for icanhazip, 06 Jun 2021 00:00:00 +0000 lives on with the same mission, but with a new owner 🤗Efficient emojis with rofimoji, 15 May 2021 00:00:00 +0000 brighten up any message or document. 🌻 Search, select, and use emojis quickly on Linux with rofimoji. 🤗Free resources for the stock market, 22 Apr 2021 00:00:00 +0000 in stock or trading options is complicated, but there are plenty of free resources available to make research easier.Selling options made simpler, 17 Mar 2021 00:00:00 +0000 from my original options selling post said that the concept was too difficult to follow. Let&rsquo;s use an analogy!Monitor a UPS with a Raspberry Pi Zero W, 15 Mar 2021 00:00:00 +0000 nearly any uninterruptible power supply (UPS) with a Raspberry Pi Zero W and HomeAssistantDefending losing options trades, 10 Feb 2021 00:00:00 +0000 did your research and made a great options trade, but now it is a losing trade. What can you do now?Which stock broker should you use?, 24 Jan 2021 00:00:00 +0000 all stock brokerages are the same. Think about your requirements, shop around, and read the fine print.Choosing options to sell, 23 Jan 2021 00:00:00 +0000 the leap and selling your first options contract takes a lot of thought and preparation.Lessons learned from selling puts, 04 Jan 2021 00:00:00 +0000 from my successes and mistakes while selling puts in the stock market in 2020.Know your max loss, 09 Dec 2020 00:00:00 +0000 your maximum amount of loss on trade is the difference between taking a calculated risk and blowing up your account.The Dark Side: Selling Options, 07 Dec 2020 00:00:00 +0000 options puts you on the other side of the options contract from buyers, but it comes with obligations.Options trading introduction, 06 Dec 2020 00:00:00 +0000 options contracts feels incredibly daunting, but you can learn the terminology and make good choices in the market.Build AWS images with Image Builder, 19 Jun 2020 00:00:00 +0000 a customized image for AWS with Image Builder and use the built-in automatic uploader and importer.My experience with keto so far, 11 Jun 2020 00:00:00 +0000 to the keto lifestyle is a big change. It&rsquo;s more than just a diet and I&rsquo;ll share my ups and downs from my journey.Make diacritics easy in Linux, 13 Feb 2020 00:00:00 +0000 an effort to use diacritics is always a good idea, but how can you make it easier in Linux?My Travel Guide to Brno, 30 Jan 2020 00:00:00 +0000 is a beautiful city in the Czech Republic. Learn some travel tips from my experiences as an American in Brno!Disable Nvidia GPU on the Thinkpad T490, 24 Jan 2020 00:00:00 +0000 Lenovo ThinkPad T490 is a great laptop, but it comes with some discrete GPU challenges.Bring Back Fedora's Beefy Miracle boot splash, 16 Dec 2019 00:00:00 +0000 17&rsquo;s code name was Beefy Miracle and it had a great mascot. You can see it at boot time with a few quick changes.Thinkpad T490 Fedora install tips, 12 Dec 2019 00:00:00 +0000 new T490 with a 10th generation Intel CPU and a discrete NVIDIA MX250 has arrived! Installing Linux creates some interesting challenges.Monitoring OpenShift cron jobs, 18 Nov 2019 00:00:00 +0000 (and Kubernetes) allow you to run jobs on schedule, but these jobs can fail from time to time. You can monitor them from bash!Monitor CyberPower UPS wattage, 08 Nov 2019 00:00:00 +0000 the power consumption of your CyberPower UPS and display the live output in your Linux desktop&rsquo;s status bar.Install Chromium with VAAPI on Fedora 30, 20 Oct 2019 00:00:00 +0000 your CPU usage and increase battery life when you watch certain videos by using Chromium with VAAPI support.Customize GNOME from i3, 22 Sep 2019 00:00:00 +0000 of your GNOME and gtk applications are configured in i3 with a few simple tricks.Deploy monit in OpenShift, 11 Sep 2019 00:00:00 +0000 is a tried-and-true monitoring daemon that is easy to deploy. Add it to OpenShift to make monitoring even easier.Get faster GitLab runners with a ramdisk, 16 Aug 2019 00:00:00 +0000 cloud providers give you lots of memory with each instance and you can speed up tests and builds by using a ramdisk.buildah error: vfs driver does not support overlay.mountopt options, 13 Aug 2019 00:00:00 +0000 and podman work well with the vfs storage driver, but the default mount options can cause problems.Fedora 30 on Google Compute Engine, 07 Aug 2019 00:00:00 +0000 30 is a great Linux distribution for cloud platforms, but it needs a little work to perform well on Google Compute Engine.Ham Radio FAQ, 06 Jun 2019 00:00:00 +0000! #This page is a work in progress!Texas Linux Fest 2019 Recap, 02 Jun 2019 00:00:00 +0000 Texas Linux Fest has come and gone!Build containers in GitLab CI with buildah, 24 May 2019 00:00:00 +0000 team at Red Hat depends heavily on GitLab CI and we build containers often to run all kinds of tests.Inspecting OpenShift cgroups from inside the pod, 05 Apr 2019 00:00:00 +0000 team at Red Hat builds a lot of kernels in OpenShift pods as part of our work with the Continuous Kernel Integration (CKI) project.Running Ansible in OpenShift with arbitrary UIDs, 22 Mar 2019 00:00:00 +0000 work at Red Hat involves testing lots and lots of kernels from various sources and we use GitLab CE to manage many of our repositories and run our CI jobs.Get a /56 from Spectrum using wide-dhcpv6, 19 Mar 2019 00:00:00 +0000 writing my last post on my IPv6 woes with my Pixel 3, some readers asked how I&rsquo;m handling IPv6 on my router lately.Pixel 3 Wi-Fi drops constantly, 17 Mar 2019 00:00:00 +0000 have two Google Pixel phones in our house: a Pixel 2 and a Pixel 3.Stop audio pops on Intel HD Audio, 04 Mar 2019 00:00:00 +0000 recently picked up a Dell Optiplex 7060 and I&rsquo;m using it as my main workstation now.Automatic floating windows in i3, 08 Feb 2019 00:00:00 +0000 i3 window manager is a fast window manager that helps you keep all of your applications in the right place.DevConf.CZ 2019 Recap, 31 Jan 2019 00:00:00 +0000 2019 wrapped up last weekend and it was a great event packed with lots of knowledgeable speakers, an engaging hallway track, and delicious food.Using the pressure stall information interface in kernel 4.20, 27 Jan 2019 00:00:00 +0000 29 now has kernel 4.Running Home Assistant in a Docker container with a Z-Wave USB stick, 14 Jan 2019 00:00:00 +0000 Home Assistant project provides a great open source way to get started with home automtion that can be entirely self-contained within your home.Allow a port range with firewalld, 04 Jan 2019 00:00:00 +0000 iptables gets a lot easier with firewalld.Disable autoplay for videos in Firefox 65, 18 Dec 2018 00:00:00 +0000 has some great features, but one of my favorites is the ability to disable autoplay for videos.Getting started with ham radio repeaters, 13 Dec 2018 00:00:00 +0000 are a great way to get into ham radio, but they can be tricky to use for new amateur radio operators. This post explains how to get started.Use a secret as an environment variable in OpenShift deployments, 06 Dec 2018 00:00:00 +0000 variables are easy to add to OpenShift deployments, but a more secure way to add these variables is by referencing a secret.Make alt-arrow keys work with terminator and weechat, 06 Sep 2018 03:43:30 +0000<p>As I make the move from the world of GNOME to i3, I found myself digging deeper into the <a href="" target="_blank" rel="noreferrer">terminator</a> preferences to make it work more like <a href="" target="_blank" rel="noreferrer">gnome-terminal</a>.</p>How to thrive at a technical conference, 09 May 2018 23:54:28 +0000;m at the 2018 Red Hat Summit this week in San Francisco and I am enjoying the interactions between developers, executives, vendors, and engineers.Reaching the fork in the road, 07 Mar 2018 16:18:51 +0000 Disney said it best:Install testing kernels in Fedora, 28 Feb 2018 13:53:48 +0000 you&rsquo;re on the latest Fedora release, you&rsquo;re already running lots of modern packages.Takeaways from my foray into amateur radio, 06 Jan 2018 19:26:53 +0000 Overland Expo in Asheville last year was a great event, and one of my favorite sessions covered the basics about radio communications while overlanding.Ensuring keepalived starts after the network is ready, 15 Dec 2017 21:18:37 +0000 a recent OpenStack-Ansible (OSA) deployment on CentOS, I found that keepalived was not starting properly at boot time:Changes in RHEL 7 Security Technical Implementation Guide Version 1, Release 3, 02 Nov 2017 15:00:25 +0000 latest release of the Red Hat Enterprise Linux Security Technical Implementation Guide (STIG) was published last week.Import RPM repository GPG keys from other keyservers temporarily, 20 Sep 2017 15:24:13 +0000;ve been working through some patches to OpenStack-Ansible lately to optimize how we configure yum repositories in our deployments.Thunderbird changes fonts in some messages, not all, 02 Aug 2017 12:54:38 +0000 is a great choice for a mail client on Linux systems if you prefer a GUI, but I had some problems with fonts in the most recent releases.Troubleshooting CyberPower PowerPanel issues in Linux, 25 Jul 2017 18:16:11 +0000 have a CyberPower BRG1350AVRLCD at home and I&rsquo;ve just connected it to a new device.Apply the STIG to even more operating systems with ansible-hardening, 21 Jul 2017 17:38:46 +0000 of improvements made their way into the ansible-hardening role in preparation for the OpenStack Pike release next month.Customize LDAP autocompletion format in Thunderbird, 18 Jul 2017 18:08:42 +0000 can connect to an LDAP server and autocomplete email addresses as you type, but it needs some adjustment for some LDAP servers.Old role, new name: ansible-hardening, 27 Jun 2017 20:49:44 +0000 interest in the openstack-ansible-security role has taken off faster than I expected, and one piece of constant feedback I received was around the name of the role.Enable AppArmor on a Debian Jessie cloud image, 24 May 2017 16:14:03 +0000 merged some initial Debian support into the openstack-ansible-security role and ran into an issue enabling AppArmor.Fixing OpenStack noVNC consoles that ignore keyboard input, 18 May 2017 16:58:56 +0000 opened up a noVNC console to a virtual machine today in my OpenStack cloud but found that the console wouldn&rsquo;t take keyboard input.OpenStack-Ansible networking on CentOS 7 with systemd-networkd, 13 Apr 2017 13:18:09 +0000 OpenStack-Ansible doesn&rsquo;t fully support CentOS 7 yet, the support is almost ready.RHEL 7 STIG v1 updates for openstack-ansible-security, 05 Apr 2017 17:46:17 +0000;s final release of the Red Hat Enterprise Linux (RHEL) 7 Security Technical Implementation Guide (STIG) came out a few weeks ago and it has plenty of improvements and changes.Reflecting on 10 years of (mostly) technical blogging, 10 Mar 2017 14:11:51 +0000 all started shortly after I joined Rackspace in December of 2006.OpenStack isn’t dead. It’s boring. That’s a good thing., 24 Feb 2017 16:06:24 +0000 The opinions shared in this post are mine alone and are not related to my employer in any way.systemd-networkd on Ubuntu 16.04 LTS (Xenial), 15 Jan 2017 15:24:40 +0000 OpenStack cloud depends on Ubuntu, and the latest release of OpenStack-Ansible (what I use to deploy OpenStack) requires Ubuntu 16.ICC color profile for Lenovo ThinkPad X1 Carbon 4th generation, 11 Jan 2017 18:42:26 +0000 new ThinkPad arrived this week and it is working well!Display auditd messages with journalctl, 05 Jan 2017 15:53:13 +0000 systems running systemd come with a powerful tool for reviewing the system journal: journalctl.augenrules fails with “rule exists” when loading rules into auditd, 03 Jan 2017 19:01:46 +0000 I came back from the holiday break, I found that the openstack-ansible-security role wasn&rsquo;t passing tests any longer.Talk Recap: Holistic Security for OpenStack Clouds, 31 Oct 2016 15:52:47 +0000 to everyone who attended my talk at the OpenStack Summit in Barcelona!Why should students learn to write code?, 11 Oct 2016 04:08:19 +0000 are lots of efforts underway to get students (young and old) to learn to write code.Power 8 to the people, 22 Sep 2016 00:00:21 +0000 Edge 2016 is almost over and I&rsquo;ve learned a lot about Power 8 this week.Preventing critical services from deploying on the same OpenStack host, 09 Aug 2016 17:07:35 +0000;s compute service, nova, manages all of the virtual machines within a OpenStack cloud.OpenStack instances come online with multiple network ports attached, 03 Aug 2016 14:40:16 +0000 ran into an interesting problem recently in my production OpenStack deployment that runs the Mitaka release.Setting up a telnet handler for OpenStack Zuul CI jobs in GNOME 3, 22 Jul 2016 19:44:07 +0000 OpenStack Zuul system has gone through some big changes recently, and one of those changes is around how you monitor a running CI job.Bring back two and three finger taps in Fedora 24, 06 Jul 2016 04:54:13 +0000 of the recent Fedora upgrades have been quite smooth.Talk recap: The friendship of OpenStack and Ansible, 29 Jun 2016 03:43:21 +0000 2016 Red Hat Summit is underway in San Francisco this week and I delivered a talk with Robyn Bergeron earlier today.Automated security hardening with Ansible: May updates, 27 May 2016 02:40:33 +0000 of work has gone into the openstack-ansible-security Ansible role since I delivered a talk about it last month at the OpenStack Summit in Austin.Troubleshooting OpenStack network connectivity, 17 May 2016 02:43:41 +0000 This post is a work in progress.Getting started with gertty, 11 May 2016 13:45:53 +0000 you&rsquo;re ready to commit code in an OpenStack project, your patch will eventually land in a Gerrit queue for review.Preventing Ubuntu 16.04 from starting daemons when a package is installed, 05 May 2016 15:54:27 +0000;ve gone on some mini-rants in other posts about starting daemons immediately after they&rsquo;re installed in Ubuntu and Debian.802.1x with NetworkManager using nmcli, 03 May 2016 19:23:24 +0000 to a wired or wireless network using 802.Talk Recap: Automated security hardening with OpenStack-Ansible, 26 Apr 2016 21:19:02 +0000 is the second day of the OpenStack Summit in Austin and I offered up a talk on host security hardening in OpenStack clouds.Lessons learned: Five years of colocation, 22 Apr 2016 13:30:52 +0000 in 2011, I decided to try out a new method for hosting my websites and other applications: colocation.Thunderbird opens multiple windows, 20 Apr 2016 13:31:56 +0000 I started Thunderbird today, it opened three windows.Enable IPv6 privacy in NetworkManager, 17 Apr 2016 16:35:57 +0000 most IPv6-enabled networks, network addresses are distributed via stateless address autoconfiguration (SLAAC).Automated Let’s Encrypt DNS challenges with Rackspace Cloud DNS, 31 Mar 2016 19:39:50 +0000;s Encrypt has taken the world by storm by providing free SSL certificates that can be renewed via automated methods.Mouse cursor disappears in GNOME 3, 11 Mar 2016 15:36:25 +0000 The fixed version of mutter is now in the Fedora updates repository.Recovering deleted Chrome bookmarks on Linux, 26 Feb 2016 15:31:15 +0000 getting a bit overzealous with cleaning up bookmarks in Chrome, I discovered that I deleted a helpful Gerrit filter for OpenStack reviews.Fight cynicism with curiosity, 17 Feb 2016 15:30:14 +0000;m always interested to talk to college students about technology and business in general.Segmentation faults with sphinx and pyenv, 09 Feb 2016 14:09:44 +0000;m a big fan of the pyenv project because it makes installing multiple python versions a simple process.Enabling kwallet after accidentally disabling it, 28 Jan 2016 16:27:44 +0000 I use GNOME 3 as my desktop environment, I prefer KDE&rsquo;s kwallet service to gnome-keyring for some functions.Tinkering with systemd’s predictable network names, 20 Jan 2016 19:46:52 +0000;ve talked about predictable network names (and seemingly unpredictable ones) on the blog before, but some readers asked me how they could alter the network naming to fit a particular situation.Updating Dell PowerEdge BIOS from Linux, 18 Jan 2016 20:53:38 +0000 Dell PowerEdge firmware from Linux is quite easy, but it isn&rsquo;t documented very well.Nobody is using your software project. Now what?, 15 Jan 2016 17:35:48 +0000 with open source software is an amazing experience.Custom keyboard shortcuts for Evolution in GNOME, 28 Nov 2015 05:33:29 +0000;ve been a big fan of Thunderbird for years, but it lacks features in some critical areas.Talking to college students about information security, 10 Nov 2015 14:50:52 +0000 was recently asked to talk to Computer Information Systems students at the University of the Incarnate Word here in San Antonio about information security in the business world.systemd-networkd and macvlan interfaces, 26 Oct 2015 13:50:36 +0000 spent some time working with macvlan interfaces on KVM hypervisors last weekend.GRE tunnels with systemd-networkd, 16 Oct 2015 23:54:52 +0000 to systemd-networkd for managing your networking interfaces makes things quite a bit simpler over standard networking scripts or NetworkManager.What I learned while securing Ubuntu, 14 Oct 2015 20:53:12 +0000 blog posts have slowed down a bit lately because I&rsquo;ve been heads down on a security project at work.Customizing systemd’s network device names, 29 Sep 2015 02:08:22 +0000 today, I wrote a post about my first thoughts on the Supermicro 5028D-T4NT server.First thoughts: Linux on the Supermicro 5028D-TN4T, 28 Sep 2015 12:55:51 +0000;ve recently moved over to Rackspace&rsquo;s OpenStack Private Cloud team and the role is full of some great challenges.systemd in Fedora 22: Failed to restart service: Access Denied, 18 Sep 2015 19:43:35 +0000 you&rsquo;re running Fedora 22 and you&rsquo;ve recently updated to systemd-219-24.Time Warner Road Runner, Linux, and large IPv6 subnets, 11 Sep 2015 21:08:44 +0000 Time Warner Cable is now Spectrum and wide-dhcpv6 is quite old, this post is still what I&rsquo;m using today (in 2019)!Chronicles of SELinux: Dealing with web content in unusual directories, 10 Sep 2015 13:40:35 +0000;ve decided to start a series of posts called &ldquo;Chronicles of SELinux&rdquo; where I hope to educate more users on how to handle SELinux denials with finesse rather than simply disabling it entirely.Impostor syndrome talk: FAQs and follow-ups, 02 Sep 2015 15:34:34 +0000;ve had a great time talking to people about my &ldquo;Be an inspiration, not an impostor&rdquo; talk that I delivered in August.Build a network router and firewall with Fedora 22 and systemd-networkd, 27 Aug 2015 12:38:43 +0000 post originally appeared on the Fedora Magazine blog.Slides from my Texas Linux Fest 2015 talk, 22 Aug 2015 19:42:52 +0000 to all of the people who attended my &ldquo;Be an inspiration, not an impostor&rdquo; talk at Texas Linux Fest 2015.Understanding systemd’s predictable network device names, 21 Aug 2015 21:15:36 +0000 talked a bit about systemd&rsquo;s network device name in my earlier post about systemd-networkd and bonding and I received some questions about how systemd rolls through the possible names of network devices to choose the final name.Using systemd-networkd with bonding on Rackspace’s OnMetal servers, 21 Aug 2015 14:00:46 +0000;ve written about systemd-networkd in the past and how easy it can be to set up new network devices and tunnels.Research Paper: Securing Linux Containers, 14 Aug 2015 20:45:50 +0000 seems like there&rsquo;s a new way to run containers every week.Fedora Flock 2015: Keynote slides, 14 Aug 2015 15:10:08 +0000 Flock 2015 is still going here in Rochester, New York, and I kicked off our second day with a keynote talk about overcoming impostor syndrome.Automated testing for Ansible CIS playbook on RHEL/CentOS 6, 05 Aug 2015 13:13:52 +0000 started working on the Ansible CIS playbook for CentOS and RHEL 6 back in 2014 and I&rsquo;ve made a few changes to increase quality and make it easier to use.Live migration failures with KVM and libvirt, 03 Aug 2015 13:13:30 +0000 decided to change some of my infrastructure back to KVM again, and the overall experience has been quite good in Fedora 22.Very slow ssh logins on Fedora 22, 27 Jul 2015 12:09:44 +0000;ve recently set up a Fedora 22 firewall/router at home (more on that later) and I noticed that remote ssh logins were extremely slow.Restoring wireless and Bluetooth state after reboot in Fedora 22, 19 Jul 2015 22:14:30 +0000 upgrade to Fedora 22 on the ThinkPad X1 Carbon was fairly uneventful and the hiccups were minor.Aruba access points, EAP, and wpa_supplicant 2.4 bugs, 17 Jul 2015 12:29:29 +0000 stumbled upon a strange bug at work one day and found I couldn&rsquo;t connect to our wireless access points any longer.Allow new windows to steal focus in GNOME 3, 06 Jul 2015 12:36:05 +0000 3 generally works well for me but it has some quirks.Stumbling into the world of 4K displays [UPDATED], 01 Jul 2015 04:33:43 +0000 suckered me into buying a 4K display at a fairly decent price and now I have a Samsung U28D590D sitting on my desk at home.Fedora 22 and rotating GNOME wallpaper with systemd timers, 23 Jun 2015 17:25:02 +0000 older post about rotating GNOME&rsquo;s wallpaper with systemd timers doesn&rsquo;t seem to work in Fedora 22.Book Review: Linux Kernel Development, 21 Jun 2015 15:26:54 +0000 picked up a copy of Robert Love&rsquo;s book, Linux Kernel Development, earlier this year and I&rsquo;ve worked my way through it over the past several weeks.Improving LXC template security, 18 Jun 2015 19:52:11 +0000;ve been getting involved with the Fedora Security Team lately and we&rsquo;re working as a group to crush security bugs that affect Fedora, CentOS (via EPEL) and Red Hat Enterprise Linux (via EPEL).Time for a new GPG key, 11 Jun 2015 19:14:03 +0000 an unfortunate death of my Yubikey NEO and a huge mistake on backups, I&rsquo;ve come to realize that it&rsquo;s time for a new GPG key.Chrome 43 stuck in HiDPI mode, 10 Jun 2015 12:36:03 +0000 ran some package updates last night and ended up with a new version of Google Chrome from the stable branch.cups.service start operation timed out in Fedora 22, 09 Jun 2015 14:35:48 +0000 on my Fedora 22 system kept stalling when I attempted to print.PulseAudio popping with multiple sounds in Fedora 22, 08 Jun 2015 13:37:24 +0000 transition from Fedora 21 to 22 on the ThinkPad X1 Carbon was fairly uneventful even with over 2,400 packages involved in the upgrade.Adventures with GRE and IPSec on Mikrotik routers, 27 May 2015 13:46:28 +0000 recently picked up a RB850GX2 from my favorite Mikrotik retailer, r0c-n0c.Xen 4.5 crashes during boot on Fedora 22, 27 May 2015 12:33:21 +0000 you&rsquo;re currently running a Xen hypervisor on a Fedora release before 22, stay put for now.You have a problem and isn’t one of them, 20 May 2015 12:50:41 +0000 really enjoy operating icanhazip.Keep old kernels with yum and dnf, 18 May 2015 14:22:56 +0000 you upgrade packages on Red Hat, CentOS and Fedora systems, the newer package replaces the older package.Automatic package updates with dnf, 12 May 2015 01:22:10 +0000 Fedora 22&rsquo;s release date quickly approaching, it&rsquo;s time to familiarize yourself with dnf.Tweetdeck’s Chrome notifications stopped working, 08 May 2015 13:55:55 +0000 the last few weeks, I noticed that Tweetdeck&rsquo;s notifications weren&rsquo;t showing up in Chrome any longer.HOWTO: Mikrotik OpenVPN server, 01 May 2015 15:33:35 +0000<p><a href=""><img src="" alt="RB850Gx2 mikrotik" width="300" height="300" class="alignright size-medium wp-image-5543" srcset=" 300w, 150w, 800w" sizes="(max-width: 300px) 100vw, 300px" /></a>Mikrotik firewalls have been good to me over the years and they work well for multiple purposes. Creating an OpenVPN server on the device can allow you to connect into your local network when you&rsquo;re on the road or protect your traffic when you&rsquo;re using untrusted networks.</p> <p>Although Miktrotik&rsquo;s implementation isn&rsquo;t terribly robust (TCP only, client cert auth is wonky), it works quite well for most users. I&rsquo;ll walk you through the process from importing certificates through testing it out with a client.</p>Rackspace::Solve Atlanta Session Recap: “The New Normal”, 15 Apr 2015 14:00:56 +0000<p><em>This post originally appeared on the <a href="" target="_blank" rel="noreferrer">Rackspace Blog</a> and I&rsquo;ve posted it here for readers of this blog. Feel free to send over any comments you have!</em></p> <hr> <p><a href=""><img src="" alt="solve-logo-1" width="300" height="300" class="alignright size-medium wp-image-5519" srcset=" 300w, 150w, 640w" sizes="(max-width: 300px) 100vw, 300px" /></a>Most IT professionals would agree that 2014 was a long year. Heartbleed, Shellshock, Sandworm and POODLE were just a subset of the vulnerabilities that caused many of us to stay up late and reach for more coffee. As these vulnerabilities became public, I found myself fielding questions from non-technical family members after they watched the CBS Evening News and wondered what was happening. Security is now part of the popular discussion.</p> <p>Aaron Hackney and I delivered a presentation at Rackspace::Solve Atlanta called &ldquo;The New Normal&rdquo; where we armed the audience with security strategies that channel spending to the most effective security improvements. Our approach at Rackspace is simple and balanced: use common sense prevention strategies, invest heavily in detection, and be sure you&rsquo;re ready to respond when (not if) disaster strikes. We try to help companies prioritize by focusing on a few key areas. Know when there&rsquo;s a breach. Know what they touched. Know who&rsquo;s responsible. Below, I&rsquo;ve included five ways to put this approach into practice.</p>Run virsh and access libvirt as a regular user, 11 Apr 2015 15:30:54 +0000<p><a href=""><img src="" alt="libvirt logo" width="300" height="241" class="alignright size-medium wp-image-5474" srcset=" 300w, 344w" sizes="(max-width: 300px) 100vw, 300px" /></a><a href="" target="_blank" rel="noreferrer">Libvirt</a> is a handy way to manage containers and virtual machines on various systems. On most distributions, you can only access the libvirt daemon via the root user by default. I&rsquo;d rather use a regular non-root user to access libvirt and limit that access via groups.</p>Review: Lenovo X1 Carbon 3rd generation and Linux, 30 Mar 2015 14:15:52 +0000<p> <figure><img src="" alt="1" class="mx-auto my-0 rounded-md" /> </figure> </p> <p>After a <a href="">boatload of challenges</a> with what I thought would be my favorite Linux laptop, the <a href="" target="_blank" rel="noreferrer">Dell XPS 13 9343</a>, I decided to take the plunge on a new <a href="" target="_blank" rel="noreferrer">Lenovo X1 Carbon (3rd gen)</a>. My late-2013 MacBook Pro Retina (MacbookPro11,1) had plenty of quirks when running Linux and I was eager to find a better platform.</p>Share a wireless connection via ethernet in GNOME 3.14, 30 Mar 2015 02:31:19 +0000<p>There are some situations where you want to do the opposite of creating a wireless hotspot and you want to share a wireless connection to an ethernet connection. For example, if you&rsquo;re at a hotel that offers only WiFi internet access, you could share that connection to an ethernet switch and plug in more devices. Also, you could get online with your wireless connection and create a small NAT network to test a network device without mangling your home network.</p>Creating a bridge for virtual machines using systemd-networkd, 26 Mar 2015 13:17:08 +0000 are plenty of guides out there for making ethernet bridges in Linux to support virtual machines using built-in network scripts or NetworkManager.Test Fedora 22 at Rackspace with Ansible, 24 Mar 2015 13:55:08 +0000 22 will be arriving soon and it&rsquo;s easy to test on Rackspace&rsquo;s cloud with my Ansible playbook:Xerox ColorQube 9302 and Linux, 16 Mar 2015 02:23:07 +0000 do a bunch of Linux-related tasks daily.Using play/pause buttons in Chrome with GNOME 3, 20 Feb 2015 14:21:44 +0000 wrote a post last summer about preventing Chrome from stealing the media buttons (like play, pause, previous track and next track) from OS X.Rotate GNOME 3’s wallpaper with systemd user units and timers, 11 Feb 2015 14:23:03 +0000 This works in Fedora 21, but not in Fedora 22.Lessons learned from a kernel bisection, 09 Feb 2015 14:39:08 +0000;m far from being a kernel developer, but I found myself staring down a [peculiar touchpad problem][2] with my new Dell XPS 13.Using ZoneMinder with a Logitech C270 webcam, 08 Feb 2015 04:04:08 +0000 those of you in the market for a cheap webcam for videoconferencing or home surveillance, the Logitech C270 is hard to beat at about $20-25 USD.Linux support for the Dell XPS 13 9343 (2015 model), 03 Feb 2015 15:23:24 +0000;M ALL DONE: I&rsquo;m not working on Linux compatibility for the XPS 13 any longer.Helpful, low-FUD information security sites, mailing lists, and blogs, 08 Jan 2015 13:55:43 +0000![1]Try out LXC with an Ansible playbook, 17 Dec 2014 13:50:26 +0000 world of containers is constantly evolving lately.Install sysstat on Fedora 21, 12 Dec 2014 17:55:57 +0000 of the first tools I learned about after working with Red Hat was sysstat.Send weechat notifications via Pushover, 05 Dec 2014 16:11:13 +0000 is my main communication mechanism and I&rsquo;ve gradually moved from graphical clients, to irssi and then to weechat.Trust an IP address with firewalld’s rich rules, 24 Nov 2014 14:44:09 +0000 firewall rules with iptables can be tricky at times.Test Fedora 21 at Rackspace with Ansible, 03 Oct 2014 20:24:19 +0000 21 reached Alpha status last month and will reach beta status at the end of October.Apache’s mod_proxy, mod_ssl, and BitTorrent Sync, 28 Sep 2014 02:08:18 +0000 Sync allows you to keep files synchronized between multiple computers or mobile devices.HOWTO: Time Warner Cable and IPv6, 11 Sep 2014 14:43:03 +0000 Maximus VI Gene – Error 55, 22 Aug 2014 14:20:23 +0000;s been quite a while since I built a computer but I decided to give it a try for a new hypervisor/NAS box at home.Start Jenkins on Fedora 20, 13 Aug 2014 14:39:52 +0000 Jenkins on Fedora 20 is quite easy thanks to the available Red Hat packages, but I ran into problems when I tried to start Jenkins.httpry 0.1.8 available for RHEL and CentOS 7, 13 Aug 2014 13:20:28 +0000 Hat Enterprise Linux and CentOS 7 users can now install httpry 0.Quickly post gists to GitHub Enterprise and github.com, 08 Aug 2014 21:13:07 +0000 predictable network naming with systemd, 06 Aug 2014 21:09:34 +0000 using a Dell R720 at work today, we stumbled upon a problem where the predictable network device naming with systemd gave us some unpredictable results.Play/pause button stopped working in OS X Mavericks, 30 Jul 2014 14:31:04 +0000 play/pause button mysteriously stopped working in iTunes and VLC mysteriously this week on my laptop.Adventures in live booting Linux distributions, 29 Jul 2014 13:05:54 +0000;re all familiar with live booting Linux distributions.X11 forwarding request failed on channel 0, 24 Jul 2014 19:24:32 +0000 X over ssh is normally fairly straightforward when you have the correct packages installed.Etsy reminds us that information security is an active process, 22 Jul 2014 13:06:23 +0000;m always impressed with the content published by folks at Etsy and Ben Hughes&rsquo; presentation from DevOpsDays Minneapolis 2014 is no exception.AVC: denied dyntransition from sshd, 03 Jul 2014 19:52:51 +0000;ve been working with some Fedora environments in chroots and I ran into a peculiar SELinux AVC denial a short while ago:Install Debian packages without starting daemons, 26 Jun 2014 20:39:44 +0000 work at Rackspace has involved working with a bunch of Debian chroots lately.Get colorful ansible output in Jenkins, 25 Jun 2014 21:32:18 +0000 with ansible is enjoyable, but it&rsquo;s a little bland when you use it with Jenkins.Getting Dell’s racadm working in Fedora 20, 20 Jun 2014 14:39:19 +0000 provides the racadm software on Linux that allows you to manage Dell hardware from a Linux system.Fixing broken DNS lookups in spamassassin, 20 Jun 2014 13:20:56 +0000 talked about the joys of running my own mail server last week only to find that my mail server was broken yesterday.Configure remote syslog for XenServer via the command line, 03 Jun 2014 17:55:59 +0000 has some helpful documentation online about configuring remote syslog support for XenServer using the XenCenter GUI.Evade the Breach, 24 May 2014 18:36:48 +0000 post appeared on the Rackspace Blog last week and I copied it here so that readers of this blog will see it.Switching to systemd on Debian jessie, 20 May 2014 13:47:33 +0000 seems like everyone is embracing systemd these days.Text missing in chrome on Linux, 18 May 2014 04:33:14 +0000;m in the process of trying Fedora 20 on my retina MacBook and I ran into a peculiar issue with Chrome.Helpful Linux I/O stack diagram, 30 Apr 2014 15:03:46 +0000 one of my regular trips to reddit, I stumbled upon an amazingly helpful Linux I/O stack diagram:Configure static IP addresses for Project Atomic’s KVM image, 23 Apr 2014 15:14:39 +0000 all of the Docker buzz at the Red Hat Summit, Project Atomic was launched.Launch secure LXC containers on Fedora 20 using SELinux and sVirt, 22 Apr 2014 04:11:00 +0000 started with LXC is a bit awkward and I&rsquo;ve assembled this guide for anyone who wants to begin experimenting with LXC containers in Fedora 20.DevOps and enterprise inertia, 17 Apr 2014 17:46:25 +0000 I wait in the airport to fly back home from this year&rsquo;s Red Hat Summit, I&rsquo;m thinking back over the many conversations I had over breakfast, over lunch, and during the events.openssl heartbleed updates for Fedora 19 and 20, 08 Apr 2014 01:18:19 +0000 openssl heartbleed bug has made the rounds today and there are two new testing builds or openssl out for Fedora 19 and 20:Docker, trusted builds, and Fedora 20, 26 Mar 2014 05:17:58 +0000 is a hot topic in the Linux world at the moment and I decided to try out the new trusted build process.Show originating IP address in Apple Mail, 18 Mar 2014 14:20:13 +0000;ve received some very sophisticated phishing emails lately and I was showing some of them to my coworkers.Annoying security requests highlight company silos, 10 Mar 2014 13:39:53 +0000 stumbled upon this video earlier today via Tripwire&rsquo;s Twitter feed:virt-manager: ‘NoneType’ object has no attribute ‘cpus’, 06 Mar 2014 18:44:58 +0000 upgrading my Fedora 20 Xen hypervisor to virt-manager 1.Installing Xen on Fedora 20, 28 Feb 2014 03:43:27 +0000;ve written about installing Xen on Fedora 19 and earlier versions on this blog before.Puppy Linux, icanhazip, and tin foil hats, 10 Feb 2014 04:04:27 +0000 figured that the Puppy Linux and icanhazip.Be an inspiration, not an impostor, 05 Feb 2014 03:44:18 +0000 of the non-technical posts on the blog are inspired by the comments of others.Hierarchy of DevOps Needs from DevOps Weekly, 03 Feb 2014 02:30:40 +0000;ve made posts about the DevOps Weekly mailing list before.nf_conntrack: table full, dropping packet, 07 Jan 2014 20:22:01 +0000 was doing some testing with apachebench and received some peculiar results:Learn octal file permissions easily with stat, 10 Dec 2013 13:41:40 +0000 SANS classmates were learning how to set and recognize file permissions on a Linux server and we realized it would be helpful to display the octal value of the permissions next to the normal rwx display.Information security nuggets from DevOps Weekly #150, 17 Nov 2013 21:31:10 +0000 an eye out for the DevOps Weekly email is something I&rsquo;ve enjoyed since it started at the end of 2010.One year in information security, 13 Nov 2013 15:15:12 +0000 to the dark side.Speed up your Fedora PXE installations by hosting the stage2 installer locally, 03 Nov 2013 17:04:33 +0000 my previous post about installing Fedora via PXE, I forgot to mention a big time saver for the installation.Guide to securing apache, 22 Oct 2013 12:30:51 +0000 stumbled upon a helpful guide to securing an apache server via Reddit&rsquo;s /r/netsec subreddit.One month using a Linux laptop at work: Back to the Mac, 23 Sep 2013 02:38:59 +0000 post has been a bit delayed, but I want to follow up on the post I wrote last month about moving from OS X to Linux at work.Keeping bwm-ng 0.6 functional on Fedora 19, 20 Sep 2013 02:51:31 +0000 you run bwm-ng and you&rsquo;ve run a yum upgrade lately on Fedora 19, you have probably seen this:Need an edge at work? Learn accounting and finance., 17 Sep 2013 04:06:18 +0000 spent two days last week in a class called &ldquo;Accounting and Finance for Non-Financial Managers&rdquo; at UT Austin&rsquo;s Texas Executive Education program.Moving from OS X to Linux: Day One, 27 Aug 2013 03:05:46 +0000 thought of using Linux as a manager in a highly Windows- and Mac-centric corporate environment isn&rsquo;t something to be taken lightly.Get a rock-solid Linux touchpad configuration for the Lenovo X1 Carbon, 24 Aug 2013 20:28:35 +0000 X1 Carbon&rsquo;s touchpad has been my nemesis in Linux for quite some time because of its high sensitivity.PXE boot Fedora 19 using a Mikrotik firewall, 23 Jul 2013 21:47:33 +0000 of the RHCA exams, I haven&rsquo;t configured a PXE system for my personal needs.A humble farewell to Seth Vidal, 10 Jul 2013 02:58:36 +0000 was shocked to see Robyn Bergeron&rsquo;s email today about Seth Vidal&rsquo;s passing.Boot VM’s with virt-manager and libvirt with ISO’s stored remotely via samba/cifs, 07 Jul 2013 01:51:10 +0000 virt-manager with KVM makes booting new VM&rsquo;s pretty darned easy.Confine untrusted users (including your children) with SELinux, 05 Jul 2013 18:50:43 +0000 confined user support in SELinux is handy for ensuring that users aren&rsquo;t able to do something that they shouldn&rsquo;t.Supermicro X9SCI/X9SCA server does a shutdown rather than a reboot, 03 Jun 2013 14:45:34 +0000 of my websites run on a pair of Supermicro servers that I purchased from Silicon Mechanics (and I can&rsquo;t say enough good things about them and their servers).Installing the Xen hypervisor on Fedora 19, 03 Jun 2013 04:27:43 +0000;s been a little while since I last posted about installing Xen on Fedora, so I figured that Fedora 19&rsquo;s beta release was as good a time as any to write a new post.Presentation: Demystifying SELinux, 29 May 2013 01:01:09 +0000 rolling through my RSS feeds, I found a great presentation by David Quigley titled &ldquo;Demystifying SELinux&rdquo;.Migrate KVM virtual machines from CentOS 6 to Fedora 18 without the luxury of shared storage, 22 May 2013 15:15:36 +0000;ve converted one of my KVM hypervisors from CentOS 6 to Fedora 18 and now comes the task of migrating my virtual machines off of my single remaining CentOS 6 hypervisor.Handling terminal color escape sequences in less, 22 May 2013 02:33:00 +0000 post is a quick one but I wanted to share it since I taught it to someone new today.Changing your ssh server’s port from the default: Is it worth it?, 15 May 2013 04:43:41 +0000 my ssh port from the default port (22) has been one of my standard processes for quite some time when I build new servers or virtual machines.Automate CentOS 6 deployments with CIS Security Benchmarks already applied, 26 Apr 2013 14:15:24 +0000 coworker heard me grumbling about Linux system administration standards and recommended that I review the CIS Security Benchmarks.Limit access to the su command, 26 Apr 2013 04:05:46 +0000 wheel group exists for a critical purpose and Wikipedia has a concise definition:Reprint: Stop Disabling SELinux!, 19 Apr 2013 05:52:23 +0000 article appeared in SC Magazine and I&rsquo;ve posted it here as well.Seriously, stop disabling SELinux, 16 Apr 2013 04:40:10 +0000 many discussions with fellow Linux users, I&rsquo;ve come to realize that most seem to disable SELinux rather than understand why it&rsquo;s denying access.Remove sensitive information from email headers with postfix, 15 Apr 2013 02:59:34 +0000;m in the process of moving back to a postfix/dovecot setup for hosting my own mail and I wanted a way to remove the more sensitive email headers that are normally generated when I send mail.virt-manager won’t release the mouse when using ssh forwarding from OS X, 20 Mar 2013 05:26:56 +0000 latest versions of virt-manager don&rsquo;t release the mouse pointer when you&rsquo;re doing X forwarding to a machine running OS X.Late night virtualization frustration with kvm, 20 Mar 2013 05:07:21 +0000 dragged out an old Aopen MP57-D tonight that was just sitting in the closet and decided to load up kvm on Fedora 18.Survive the Google Reader exodus with Tiny Tiny RSS, 17 Mar 2013 21:27:38 +0000;s no secret that Google Reader is a popular way to keep up with your RSS feeds, but it&rsquo;s getting shelved later this year.Controlling sensitive company data means losing some control of it, 03 Mar 2013 17:18:13 +0000 year&rsquo;s RSA Conference was full of very useful content but the most useful session for me was a peer to peer discussion regarding BYOD on mobile devices.Quick access to OpenPGP tasks with GPGTools in OS X, 08 Feb 2013 19:05:30 +0000;ve been a big fan of the GPGTools suite for Mac for quite a while but I discovered some neat features when right-clicking on a file in Finder today.What my toddler taught me about information security, 13 Jan 2013 17:15:47 +0000 new role has caused me to look at information security in a different way.Fixing the Lenovo X1 Carbon’s washed out display, 08 Jan 2013 16:30:54 +0000 the X1 Carbon has a much better looking display than the T430s, it still looked a bit washed out when I compared it to other monitors right next to it.Handy settings for the touchpad/clickpad in the Lenovo X1 Carbon, 28 Dec 2012 16:15:42 +0000 I&rsquo;ve found a better configuration via another X1 Carbon user and there&rsquo;s a new post with all the details.Launch applications quickly with dmenu in XFCE, 27 Dec 2012 21:09:43 +0000 since I saw QuickSilver for the first time, I&rsquo;ve been hooked on quick application launchers.Relocating a python virtual environment, 25 Nov 2012 21:27:47 +0000;s virtual environment capability is extremely handy for situations where you don&rsquo;t want the required modules for a particular python project to get mixed up with your system-wide installed modules.Fixing finicky Bluetooth on the Samsung Galaxy S III, 20 Nov 2012 13:47:51 +0000 biggest gripe I have about my Android phone is that the Bluetooth connectivity is very finicky with my car.Log Android events remotely to a syslog server, 04 Nov 2012 20:47:39 +0000;m still quite pleased with my Samsung Galaxy SIII but there are some finicky Bluetooth issues with my car that I simply can&rsquo;t figure out.Using git clean to remove subdirectories containing git repositories, 24 Oct 2012 20:44:59 +0000 had a peculiar situation today where I cloned a repository into a directory which was inside another repository.Lenovo ThinkPad T430s review, 21 Oct 2012 21:15:44 +0000 post covers the second half of my experience moving back to a Linux desktop but I figured it was a good opportunity to focus on the ThinkPad T430s itself as well as the Lenovo ordering experience.Proud to be a part of OpenStack at Rackspace, 18 Oct 2012 03:34:37 +0000 Toman delivered a great keynote this morning about OpenStack and how Rackspace uses it:Going back to Linux as a desktop, 12 Oct 2012 13:43:01 +0000 I&rsquo;ve been exclusively using a Mac for everything but servers since about 2008, I found myself considering a move back to Linux on the desktop after seeing how some people were using it at LinuxCon.Automatic package updates in CentOS 6, 21 Sep 2012 13:21:01 +0000 package updates in CentOS 6 is a quick process and it ensures that your system receives the latest available security patches, bugfixes and enhancements.One week with Android, 07 Sep 2012 03:53:42 +0000 getting Android-envy at LinuxCon, I decided to push myself out of my comfort zone and ditch my iPhone 4 for a Samsung Galaxy S III.Monitoring and protecting your reputation online, 06 Aug 2012 14:00:50 +0000 a recent issue I had with some users in the Puppy Linux forums, I thought it might be prudent to write a post about how to monitor and protect your reputation online.Building vpnc with openssl support via MacPorts on Mac OS X, 01 Aug 2012 04:16:09 +0000 you install vpnc via MacPorts on OS X, you&rsquo;ll find that you have no openssl support after it&rsquo;s built:DNS Service Review: Luadns, 22 Jul 2012 20:31:16 +0000 Cherpec contacted me back in May about his new hosted DNS offering, Luadns.Boot the Xen hypervisor by default in Fedora 17 with GRUB 2, 16 Jul 2012 15:00:44 +0000 GRUB 2 does give us some nice benefits, changing its configuration can be a bit of a challenge if you&rsquo;re used to working with the original GRUB for many, many years.Mounting an LVM snapshot containing partitions, 15 Jul 2012 20:11:38 +0000 snapshots can be really handy when you&rsquo;re trying to take a backup of a running virtual machine.X forwarding over ssh woes: DISPLAY is not set, 14 Jul 2012 19:56:09 +0000 problem came up in conversation earlier this week and I realized that I&rsquo;d never written a post about it.SELinux, Xen, and block devices in Fedora 17, 10 Jul 2012 05:05:33 +0000 you try to run Xen without libvirt on Fedora 17 with SELinux in enforcing mode, you&rsquo;ll be butting heads with SELinux in no time.Great guide for using traceroute and understanding its results, 13 Jun 2012 12:40:47 +0000 who has been a system administrator for even a short length of time has probably used traceroute at least once.What installing a ceiling fan can teach you about administering servers, 11 Jun 2012 16:00:57 +0000 feedback from my last lengthy post (Lessons learned in the ambulance pay dividends in the datacenter) about analogies between EMS and server administration was mostly positive, so I decided to do it again!Keep tabs on OpenStack development with OpenStack Watch on Twitter, 08 Jun 2012 12:19:26 +0000;s no secret that I&rsquo;m a fan of Twitter and OpenStack.Lessons learned in the ambulance pay dividends in the datacenter, 31 May 2012 15:00:47 +0000 cleaning up a room at home in preparation for some new flooring, I found my original documents from when I first became certified as an Emergency Medical Technician (EMT) in Texas.Lesser-known but extremely handy Linux tools, 11 May 2012 21:28:58 +0000óf Kovács has a fantastic post about some lesser-known Linux tools that can really come in handy in different situations.Performance and redundancy boost for icanhazip.com, 18 Apr 2012 23:30:06 +0000;s been a few years since I started a little project to operate a service to return your IPv4 and IPv6 address.Getting a Technical Job at Rackspace, 09 Apr 2012 14:00:56 +0000;ve probably noticed that the blog has slowed down a bit recently.Why technical people should blog (but don’t), 30 Mar 2012 14:30:45 +0000 originally wrote this post for the Rackspace Blog but I decided to post it here in case some of my readers might have missed it.mysql-json-bridge: a simple JSON API for MySQL, 29 Mar 2012 02:34:53 +0000 quest to get better at Python led me to create a new project on GitHub.Compare commits between two git branches, 15 Mar 2012 15:00:24 +0000 found myself stuck in a particularly nasty situation a few weeks ago where I had two git branches with some commits that were mixed up.New Fedora and EPEL package: httpry, 14 Mar 2012 14:00:29 +0000 fellow Racker showed me httpry about five years ago and I&rsquo;ve had in my toolbox as a handy way to watch HTTP traffic.Installing XenServer 6.0.2 on an AOpen MP57, 12 Mar 2012 17:00:56 +0000 XenServer installed on some unusual platforms takes a bit of work and the AOpen MP57 is a challenging platform for a XenServer 6.Handy hints for using dtrace on the Mac, 10 Mar 2012 18:49:59 +0000;m a big fan of Linux tools which allow you to monitor things in great detail.Preparing for Red Hat Exams, 28 Feb 2012 21:35:28 +0000 originally wrote this post for the Rackspace Blog but I&rsquo;ve posted it here just in case anyone following my blog&rsquo;s feed finds it useful.Looking back at the long road to becoming a Red Hat Certified Architect, 13 Feb 2012 15:00:41 +0000 grades came back last Friday and I&rsquo;ve passed the last exam in the requirements to become a Red Hat Certified Architect (RHCA).Installing Fedora 16 in XenServer, 12 Feb 2012 03:39:11 +0000 Fedora 16 working in XenServer isn&rsquo;t the easiest thing to do, but I&rsquo;ve put together a repository on GitHub that should help.Using OpenSSL’s s_client command with web servers using Server Name Indication (SNI), 07 Feb 2012 14:07:41 +0000 of the handiest tools in the OpenSSL toolbox is s_client.The Kerberos-hater’s guide to installing Kerberos, 05 Feb 2012 21:03:52 +0000 promised in my earlier post entitled Kerberos for haters, I&rsquo;ve assembled the simplest possible guide to get Kerberos up an running on two CentOS 5 servers.Get notifications instead of automatic updates in Scientific Linux, 04 Feb 2012 19:01:54 +0000 Linux installations have a package called yum-autoupdate by default and the package contains two files:Kerberos for haters, 03 Feb 2012 04:29:32 +0000;ll be the first one to admit that Kerberos drives me a little insane.Create a local PyPi repository using only mod_rewrite, 01 Feb 2012 04:02:49 +0000 users of Python&rsquo;s package tools like pip or easy_install are probably familiar with the PyPi repository.Getting started with SELinux, 26 Jan 2012 04:28:41 +0000 used to be one of those folks who would install Fedora, CentOS, Scientific Linux, or Red Hat and disable SELinux during the installation.XenServer 6: Storage repository on software RAID, 16 Jan 2012 15:00:21 +0000 Citrix recommends against using software RAID with XenServer due to performance issues, I&rsquo;ve had some pretty awful experiences with hardware RAID cards over the last few years.XenServer 6: Disable GPT and get a larger root partition, 13 Jan 2012 15:00:10 +0000 6 is a solid virtualization platform, but the installer doesn&rsquo;t give you many options for customized configurations.Native IPv6 connectivity in Mikrotik’s RouterOS, 11 Jan 2012 13:30:07 +0000;s no secret that I&rsquo;m a big fan of the Routerboard devices and the RouterOS software from Mikrotik that runs on them.SELinux and .forward files, 02 Jan 2012 22:44:43 +0000 you want to forward e-mail from root to another user, you can usually place a .Getting online with a CradlePoint PHS-300 and an AT&T USBConnect Mercury, 16 Dec 2011 07:07:08 +0000 who has used a 3G ExpressCard or USB stick knows how handy they can be when you need internet access away from home (and away from Wi-Fi).Automatically upgrading to new point releases of Scientific Linux, 23 Nov 2011 13:20:12 +0000 you install Scientific Linux, it will keep you on the same point release that you installed.DisplayLink USB to DVI issues in OS X Lion, 17 Nov 2011 13:38:48 +0000 added a DisplayLink USB to DVI adapter to my MacBook Pro a while back and it occasionally has some issues where it won&rsquo;t start the display after connecting the USB cable.Live upgrade Fedora 15 to Fedora 16 using yum, 15 Nov 2011 04:37:39 +0000 we get started, I really ought to drop this here:Tracing a build through OpenStack Compute (Nova), 07 Nov 2011 15:05:42 +0000 work at Rackspace has changed a bit in the last few weeks and I&rsquo;ve shifted from managing a team of engineers to a full technical focus on OpenStack Nova.Installing irssi via MacPorts on OS X Lion 10.7.1, 30 Sep 2011 13:24:44 +0000;ve floated back and forth between graphical IRC clients and terminal-based clients for a long time.Getting back to using eth0 in Fedora 15, 25 Sep 2011 22:08:20 +0000 15 was released with some updates to allow for consistent network device names.Receive e-mail reports for SELinux AVC denials, 16 Sep 2011 04:17:04 +0000 isn&rsquo;t a technology that&rsquo;s easy to tackle for newcomers.Getting apache, PHP, and memcached working with SELinux, 08 Sep 2011 03:55:00 +0000;m using SELinux more often now on my Fedora 15 installations and I came up against a peculiar issue today on a new server.How to write e-mails to nerds (that they will actually read), 26 Aug 2011 13:00:06 +0000 e-mail etiquette is pretty obvious to most of us and if you&rsquo;re good at it, you&rsquo;ll get your point across more often without stepping on toes or causing unneeded confusion.Contest winners from the “Inspire a sysadmin” contest, 22 Aug 2011 12:43:53 +0000 I get started, I&rsquo;d like to give a big thanks to all of the visitors who dropped by and participated in the contest last week.Inspire a sysadmin, get a ThinkGeek gift certificate, 17 Aug 2011 12:36:52 +0000 THE STAKES ARE RAISED!Highlight IP addresses with a double click in Firefox, 16 Aug 2011 12:46:07 +0000 daily work involves working with a large number of servers and one of my frustrations with Firefox is that it&rsquo;s not possible to select an entire IP address with a double click with the default settings.Xen 4.1 on Fedora 15 with Linux 3.0, 06 Aug 2011 04:34:06 +0000 you haven&rsquo;t noticed already, full Xen dom0 support was added in the Linux 3.Success with stress, 22 Jul 2011 01:50:34 +0000 is a copy of a post I wrote for the Rackspace Talent blog.Keep all old kernels when upgrading via yum, 16 Jun 2011 12:50:46 +0000 might call me paranoid, but I get nervous when my package manager automatically removes a kernel.Measure traffic flows with Mikrotik’s RouterOS and ntop on Fedora 15, 05 Jun 2011 14:58:26 +0000;s no secret that I&rsquo;m a big fan of the RouterBoard network devices paired with Mikrotik&rsquo;s RouterOS.Handy networking cheat sheets from Packet Life, 25 May 2011 13:38:45 +0000 you find yourself forgetting bits and pieces about network topics, Packet Life&rsquo;s cheat sheets should be a handy resource for you.Do your homework before a technical interview, 03 May 2011 02:05:05 +0000 you work for a growing company like I do, it&rsquo;s inevitable that you&rsquo;ll have to do your fair share of interviewing.How to survive as a technical manager, 29 Mar 2011 14:25:59 +0000 who says management is easy obviously hasn&rsquo;t done it for very long or they&rsquo;re not doing their job very well.Strategies for detecting a compromised Linux server, 10 Mar 2011 02:52:16 +0000 are few things which will rattle systems administrators more than a compromised server.Dual-primary DRBD with OCFS2, 14 Feb 2011 02:12:58 +0000 promised in one of my previous posts about dual-primary DRBD and OCFS2, I&rsquo;ve compiled a step-by-step guide for Fedora.Gearing up for FUDCon 2011, 29 Jan 2011 15:01:20 +0000 2011 in Tempe hasn&rsquo;t even fully started yet, but it&rsquo;s been well worth the trip already.Single boot Linux on an Intel Mac Mini, 26 Jan 2011 13:32:53 +0000 reading the title of this post, you might wonder “Why would someone pay for a Mac Mini and then not use OS X with it?Sending binary e-mail attachments from the command line with mutt, 11 Jan 2011 01:10:58 +0000 a binary e-mail attachment from a Linux server has always been difficult for me because I never found a reliable method to get it done.Strategies for storing backups, 10 Jan 2011 01:20:44 +0000 it&rsquo;s not a glamorous subject for system administrators, backups are necessary for any production environment.Using GNU sort to sort a list by IP address, 06 Jan 2011 13:52:58 +0000 daily work requires me to work with a lot of customer data and much of it involves IP address allocations.Mounting a raw partition file made with dd or dd_rescue in Linux, 15 Dec 2010 01:07:24 +0000 situation might not affect everyone, but it struck me today and left me scratching my head.Locate RPM packages which contain a certain file, 09 Dec 2010 02:30:00 +0000;s not easy remembering which RPM packages contain certain files.Tap into your Linux system with SystemTap, 08 Dec 2010 02:27:02 +0000 of the most interesting topics I&rsquo;ve seen so far during my RHCA training at Rackspace this week is SystemTap.Keep web servers in sync with DRBD and OCFS2, 03 Dec 2010 02:01:12 +0000 guide to redundant cloud hosting that I wrote recently will need some adjustments as I&rsquo;ve fallen hard for the performance and reliability of DRBD and OCFS2.Monitor MySQL restore progress with pv, 24 Nov 2010 16:43:28 +0000 pv command is one that I really enjoy using but it&rsquo;s also one that I often forget about.Throwing thoughtful “403 Forbidden” responses with apache, 17 Nov 2010 13:47:19 +0000 you offer a web service that users query via scripts or other applications, you&rsquo;ll probably find that some people will begin to abuse the service.Accessing Rackspace Cloud Servers and Slicehost slices privately via OpenVPN, 16 Nov 2010 13:52:53 +0000 OpenVPN to Rackspace Cloud Servers and SlicehostUpgrading Fedora 13 to Fedora 14 on Slicehost and Rackspace Cloud Servers, 03 Nov 2010 20:02:45 +0000 most systems, using Fedora&rsquo;s preupgrade package is the most reliable way to update to the next Fedora release.Do professional certifications belong in your e-mail signature?, 16 Oct 2010 15:53:25 +0000 a discussion amongst coworkers about professional certifications in e-mail signatures yesterday, I decided to throw the question out to Twitter to gather some feedback:Securing your ssh server, 12 Oct 2010 22:39:15 +0000 of the most common questions that I see in my favorite IRC channel is: “How can I secure sshd on my server?Installing Xen 4 on Fedora 13, 10 Sep 2010 13:56:49 +0000 Xen can be a bit of a challenge for a beginner and it&rsquo;s made especially difficult by distribution vendors who aren&rsquo;t eager to include it in their current releases.A nerd’s perspective on cloud hosting, 25 Aug 2010 13:03:52 +0000;s go ahead and get this out of the way: The following post contains only my personal opinions.Very unscientific GlusterFS benchmarks, 13 Aug 2010 20:55:24 +0000;ve been getting requests for GlusterFS benchmarks from every direction lately and I&rsquo;ve been a bit slow on getting them done.One month with GlusterFS in production, 11 Aug 2010 13:29:02 +0000 many of you might have noticed from my previous GlusterFS blog post and my various tweets, I&rsquo;ve been working with GlusterFS in production for my personal hosting needs for just over a month.Adding comments to iptables rules, 26 Jul 2010 15:00:52 +0000 I wrote a recent post on best practices for iptables, I noticed that I forgot to mention comments for iptables rules.A modern implementation and explanation of Linux Virtual Server (LVS), 27 Jun 2010 16:03:27 +0000 configuration for a proxy-type load balancerParsing mdadm output with paste, 14 Jun 2010 14:05:57 +0000 curiosity is always piqued when I find new ways to manipulate command line output in simple ways.GlusterFS on the cheap with Rackspace’s Cloud Servers or Slicehost, 28 May 2010 00:34:10 +0000 This post is out of date and is relevant only for GlusterFS 2.How to sell: a guide for technical people, 27 May 2010 02:12:39 +0000;ll admit it right now: I love engaging customers and learning more about how what we do at Rackspace can help their business or ideas take flight.Idiot’s guide to OAuth logins for Twitter, 20 May 2010 01:26:07 +0000 certainly shouldn&rsquo;t be difficult, but I always have a tough time with OAuth.Legacy tty1 and block device support for Xen guests with pvops kernels, 14 May 2010 13:24:34 +0000 discussions about the paravirt_ops, or &ldquo;pvops&rdquo;, support in upstream kernels at Xen Summit 2010 last month really piqued my interest.Best practices: iptables, 12 Apr 2010 13:35:31 +0000 who has used iptables before has locked themselves out of a remote server at least once.Adjusting tty’s in Fedora 13 with upstart, 26 Mar 2010 14:09:13 +0000 13 has quite a few changes related to upstart, and one of the biggest ones is how terminals are configured.Why I’m a Racker, 26 Mar 2010 13:38:07 +0000 normally try to keep my work-related items separate from this blog, but I felt that I needed to break tradition for a moment.Testing network throughput with iperf, 20 Mar 2010 21:38:07 +0000 you need to measure network throughput and capacity, I haven&rsquo;t found a simpler solution than iperf.SIGTERM vs. SIGKILL, 18 Mar 2010 13:25:59 +0000 signals to processes using kill on a Unix system is not a new topic for most systems administrators, but I&rsquo;ve been asked many times about the difference between kill and kill -9.Sticky shift key with synergy in Fedora 12, 04 Mar 2010 02:44:12 +0000 synergy setup at work is relatively simple.Private network interfaces: the forgotten security hole, 02 Mar 2010 00:55:07 +0000 of the type of hosting you&rsquo;re using - dedicated or cloud - it&rsquo;s important to take network interface security seriously.System Administration Inspiration: If it’s broken, break it a little more, 28 Feb 2010 16:47:16 +0000 this year, I started a series of posts to encourage systems administrators to refine their troubleshooting abilities.MySQL: The total number of locks exceeds the lock table size, 16 Feb 2010 18:00:29 +0000 you&rsquo;re running an operation on a large number of rows within a table that uses the InnoDB storage engine, you might see this error:MySQL: The total number of locks exceeds the lock table size, 29 Jan 2010 13:12:21 +0000 problem has cropped up for me a few times, but I&rsquo;ve always forgotten to make a post about it.Switching between audible and visual bells in screen, 21 Jan 2010 14:37:09 +0000 a year ago, I was introduced to the joys of using irssi and screen to access irc servers.Crash course in dsh, 20 Jan 2010 14:47:56 +0000 to a recommendation from [Michael][1] and [Florian][2], I&rsquo;ve been using [dsh][3] with a lot of success for quite some time.Change the escape keystrokes in screen, 07 Jan 2010 14:11:23 +0000 of my favorite (and most used) applications on any Linux machine is screen.A New Year System Administrator Inspiration, 04 Jan 2010 02:53:53 +0000 New Year!Parse changelogs with wget and grep, 15 Dec 2009 23:14:47 +0000 try to keep up with the latest kernel update from kernel.Upgrading Fedora 11 to 12 using yum, 08 Dec 2009 02:28:06 +0000 with the Fedora 10 to 11 upgrade, you can upgrade Fedora 11 to Fedora 12 using yum.Disable acceleration for Apple’s Magic Mouse, 03 Dec 2009 13:55:41 +0000 After further research, I found that this fix only adjusts the speed at which your mouse moves.Automatically loading iptables rules on Debian/Ubuntu, 17 Nov 2009 04:39:52 +0000 you want your iptables rules automatically loaded every time your networking comes up on your Debian or Ubuntu server, you can follow these easy steps.Changing the time zone in irssi, 03 Nov 2009 14:34:42 +0000 usually set the time zone on my servers to UTC, but that makes it a bit confusing for me when I use irssi.Fix MacFusion on Snow Leopard, 28 Aug 2009 16:21:23 +0000 OS X 10.Fedora 11 httpd: alloc_listener: failed to get a socket for (null), 14 Aug 2009 17:14:02 +0000 you use Fedora 11 in a virtualized environment, you may have seen this error recently if you&rsquo;ve updated to apr-1.Installing the mysql gem in Fedora 11 64-bit, 07 Aug 2009 18:57:22 +0000 some systems, getting the mysql gem to build can be a little tricky.Graphical representation of Cisco’s BGP issues this morning, 04 Aug 2009 14:45:45 +0000 you haven&rsquo;t checked out bgplay, it&rsquo;s pretty handy.Get the public-facing IP for any server with icanhazip.com, 31 Jul 2009 13:41:38 +0000 are a ton of places on the internet where you can check the public-facing IP for the device you are using.Rotating rails logs when using Phusion Passenger, 26 Jun 2009 15:09:54 +0000 found a great post on Overstimulate about handling the rotation of rails logs when you use Phusion Passenger.Deleting all e-mail messages in your inbox with mutt, 19 Jun 2009 17:37:58 +0000, I&rsquo;ll end up with a mailbox full of random data, alerts, or other useless things.Two great signals: SIGSTOP and SIGCONT, 15 Jun 2009 18:16:19 +0000 best uses I&rsquo;ve found for the SIGSTOP and SIGCONT signals are times when a process goes haywire, or when a script spawns too many processes at once.Upgrading from Fedora 10 (Cambridge) to Fedora 11 (Leonidas), 11 Jun 2009 17:48:39 +0000 are two main ways to upgrade Fedora 10 (Cambridge) to Fedora 11 (Leonidas):Simple SOCKS proxy using SSH, 26 May 2009 19:29:55 +0000 we find ourselves in places where we don&rsquo;t trust the network that we&rsquo;re using.Comparing MySQL result sets quickly, 05 May 2009 15:51:09 +0000 found a really helpful tip on Xaprb for comparing result sets in MySQL:Re-scan the SCSI bus in Linux after hot-swapping a drive, 23 Apr 2009 17:00:54 +0000 with hot swappable drive bays are always handy.Piping log files to a syslog server, 21 Apr 2009 22:59:21 +0000 you have a centralized syslog server, or you use Splunk for log tracking, you may find the need to get older log files into a syslog port on that server.PHPMyAdmin 3.x hides the table indexes, 04 Apr 2009 00:51:48 +0000 of PHPMyAdmin 3.Enabling VNC as a pseudo-KVM with VMWare Server, 25 Mar 2009 01:28:59 +0000 users feel a little left out when it comes to VMWare Server clients.Compare the RPM packages installed on two different servers, 10 Mar 2009 23:31:49 +0000 up new servers can be a pain if you&rsquo;re not able to clone them from a server that is known to be working.Prevent gnome-keyring from asking for a password when NetworkManager starts, 27 Feb 2009 00:21:21 +0000 recently tossed Ubuntu 8.Upgrade Debian etch to lenny, 18 Feb 2009 13:28:39 +0000;ve tested this Debian etch to lenny upgrade process a few times so far, and it seems to be working well.Linux: emergency reboot or shutdown with magic commands, 30 Jan 2009 02:07:06 +0000 linux distributions use some type of mechanism to gracefully stop daemons and unmount storage volumes during a reboot or shutdown.Linux: Adjust storage kernel module load order, 26 Jan 2009 20:40:01 +0000 set up a system at home that has two SATA controllers: one is on the motherboard (nvidia chipset), while the other is on a Silicon Image SATA card that has three eSATA ports.Writing a Ruby on Rails application without using a database, 09 Jan 2009 17:00:44 +0000 of you may be wondering “why would you want to use Rails without a database?CPAN: Automatically install dependencies without confirmation, 02 Jan 2009 01:44:51 +0000 enjoy using CPAN because it installs Perl modules with a simple interface, fetches dependencies, and warns you when things are about to end badly.Reducing inode and dentry caches to keep OOM killer at bay, 04 Dec 2008 00:44:20 +0000 it comes to frustrating parts of the Linux kernel, OOM killer takes the cake.Simple server monitoring with xinetd, 03 Dec 2008 00:13:10 +0000 can use the simple but powerful xinetd on your Linux server to monitor almost anything on the server.Importing Excel files into MySQL with PHP, 07 Nov 2008 19:42:45 +0000 you have Excel files that need to be imported into MySQL, you can import them easily with PHP.Plesk: Upgrade to 8.4 causes “no such user” error in maillog, 06 Nov 2008 17:04:08 +0000 you have a Plesk server where short mail names are enabled, upgrading to Plesk 8.Viewing documentation for your ruby gems, 06 Nov 2008 00:14:57 +0000 stumbled into this four line ruby script that will serve up all of the rdoc documentation for your server&rsquo;s currently installed gems:What is ‘steal time’ in my sysstat output?, 04 Nov 2008 17:19:08 +0000 running sar on my new slice from SliceHost*, I noticed a new column called steal.Syncing an iPhone with a new Mac without hassles, 02 Nov 2008 16:56:23 +0000 know I usually talk about Linux server related topics on this blog, but I&rsquo;m pretty proud of what I&rsquo;ve figured out this morning on my Mac.Installing Microsoft’s TrueType fonts on Linux servers, 24 Oct 2008 00:31:23 +0000 the idea of putting something from Microsoft on a Linux box might sound awful at first, you may find a reason to use Microsoft TrueType fonts on a Linux server.ext3_dx_add_entry: Directory index full!, 13 Oct 2008 17:00:51 +0000 found a server last week that was having severe issues with disk I/O to the point where most operations were taking many minutes to complete.Apache 2.2: internal dummy connection, 24 Sep 2008 01:42:21 +0000 working with some RHEL 5 servers fairly regularly, I noticed a reduction in Apache 2.Compress your web content for better performance, 19 Sep 2008 17:00:47 +0000 web developers expend a lot of energy optimizing queries, reducing the overhead of functions, and streamlining their application&rsquo;s overall flow.SquirrelMail: 127 Can’t execute command, 08 Sep 2008 17:16:00 +0000 found a Plesk 8.Listing of VMWare configuration parameters, 05 Sep 2008 17:09:54 +0000 a recent project, I needed to automatically provision VM&rsquo;s for testing.CentOS/RHEL x86_64 + VMWare: Use of uninitialized value in string, 03 Sep 2008 17:06:20 +0000 was working with a CentOS 5 x86_64 installation running VMWare server last week when I stumbled upon this error:Encrypted filesystems and partitions on RHEL 5, 02 Sep 2008 01:55:36 +0000 spoke with a customer last week who was curious about enabling encrypted partitions on a DAS connected to their server.Basic procmail configuration with spamassassin filtering, 13 Aug 2008 17:00:48 +0000;ve used this extremely basic procmail configuration a million times, and it&rsquo;s a great start for any server configuration.Enabling Ruby on Rails support for a domain in Plesk, 12 Aug 2008 01:16:18 +0000 you have Plesk 8.Reduce disk I/O for small reads using memory, 07 Aug 2008 17:00:27 +0000 applications that are used on a standard server perform quite a few of small writes to the disk (like MySQL or Apache).Automatically starting synergy in GDM in Ubuntu/Fedora, 30 Jul 2008 17:00:09 +0000 you follow this guide, be sure to read about the issue I had in Fedora 12 with this strategy.Plesk 8.4.0: Unable to use short names for POP3/IMAP, 28 Jul 2008 16:08:50 +0000 you recently upgraded to Plesk 8.MySQL: ERROR 1040: Too many connections, 24 Jun 2008 17:00:47 +0000 you run a fairly busy and/or badly configured MySQL server, you may receive something like this when attempting to connect:Rebuilding statistics from previous months on Plesk 8.3, 20 Jun 2008 17:00:06 +0000 was a bug in versions of Plesk prior to 8.Why I interviewed at Google and stayed at Rackspace, 19 Jun 2008 17:00:10 +0000 some of you might know, I interviewed for a position at Google in April of this year.Remove backticks from MySQL dumps, 18 Jun 2008 17:00:01 +0000 found myself in a peculiar situation last week.Adjusting CPAN mirror list, 16 Jun 2008 17:00:01 +0000 of the most frustrating aspects of CPAN is connecting to mirrors via FTP.HP Servers: hwraidinfo and hwraidstatus in Linux, 13 Jun 2008 17:09:31 +0000 with the RAID configurations on Linux can be a little involved if all you have is hpacucli.MySQL: Can’t drop one or more of the requested users, 11 Jun 2008 23:59:37 +0000 has quite a few cryptic error messages, and this one is one of the best:Backing up MySQL to Amazon’s S3, 06 Jun 2008 00:18:49 +0000 received an e-mail from Tim Linden about a post he made in his blog about backing up MySQL data to Amazon&rsquo;s S3.Forcing qmail to process e-mail in the queue, 02 May 2008 17:00:51 +0000, qmail will be able to process the mail queue without any interaction from the system administrator, however, if you want to force it to process everything that is in the queue right now, you can do so:After Plesk upgrade, “Cannot initialize InnoDB”, 01 May 2008 17:00:09 +0000 Plesk from 7.Best PHP and MySQL development book, 29 Apr 2008 17:00:54 +0000 finally remembered this book when someone asked me about how to get started with PHP and MySQL development.Plesk: Disabling TRACE/TRACK methods globally, 23 Apr 2008 23:40:50 +0000 The TRACE/TRACK methods are disabled in Plesk 8.Reducing locking delays in MySQL, 16 Apr 2008 17:32:50 +0000 getting started, it&rsquo;s important to understand why MySQL uses locks.mchk: Unable to initialize quota settings for someuser@somedomain.com, 14 Apr 2008 17:00:21 +0000 you&rsquo;re working in Plesk and you receive this error:Small Companies: How to hire and fire a technical person, 02 Apr 2008 18:00:06 +0000 Okay, technical folks - I&rsquo;m doing this as a favor to the general community of people that aren&rsquo;t very technical, but they need to know some tips for ridding themselves of a technical person that is harming their business.Setting the maximum mail size in qmail, 24 Mar 2008 18:54:35 +0000 a Plesk server, the maximum size for an individual e-mail sent through qmail is unlimited.Importing MySQL dumps made on 64-bit servers, 21 Mar 2008 17:51:56 +0000;s tough to find examples of dumps that can&rsquo;t be properly reimported on other servers.Reduce iowait in Plesk: put qmail’s queue on a ramdisk, 14 Mar 2008 18:16:57 +0000 really dislike qmail.Plesk Professional Website Editor hangs at login, 13 Mar 2008 18:11:57 +0000 of my biggest Plesk gripes is dealing with the Plesk Professional Website Editor.What is the difference between file data and metadata?, 12 Mar 2008 18:01:59 +0000 in case some of you out there enjoy nomenclature and theory behind Linux filesystems, here&rsquo;s some things to keep in mind.Hunting down elusive sources of iowait, 11 Mar 2008 18:00:18 +0000 question I&rsquo;m asked daily is “How can I find out what is generating iowait on my server?Strange error with Horde 3.1.3 and Plesk 8.1.1, 11 Mar 2008 02:49:05 +0000 saw a ticket the other day where a customer received this error from Horde when trying to expand items on the left pane of the interface:ntpd_initres: ntpd returns a permission denied error, 20 Feb 2008 18:30:02 +0000 recently came across a server that was throwing this error into its message log:sendmail: savemail panic, 18 Feb 2008 18:56:37 +0000 you see a large mail queue and your system&rsquo;s I/O is increasing, you may find messages like these in your syslog:High iowait on RHEL 4 with Plesk and SpamAssassin, 31 Jan 2008 18:38:58 +0000 of my biggest complaints on RHEL 4 is the large resource usage by the version of SpamAssassin that is installed.Plesk and MySQL 5, 30 Jan 2008 18:29:18 +0000 of the questions I receive the most is: &ldquo;What version of Plesk works with MySQL 5?Limiting which commands are kept in the bash history file, 29 Jan 2008 18:33:55 +0000 setting a certain bash environment variable, you can limit which commands are kept in the .Rebuilding the initial ram disk (initrd), 28 Jan 2008 18:23:39 +0000 new hardware may mean that new kernel need to be loaded when your server boots up.Can’t enable DNSBL/RBL in Plesk because it’s greyed out, 25 Jan 2008 17:11:27 +0000 you have a new Plesk installation and the following option is greyed out in Server -&gt; Mail:ip_conntrack: table full, dropping packet, 24 Jan 2008 18:26:40 +0000 Linux kernel 3.qmail: This message is looping: it already has my Delivered-To line, 23 Jan 2008 18:20:27 +0000 stumbled upon this peculiar bounce message recently while working on a server:Dovecot: failed to map segment from shared object: Cannot allocate memory, 22 Jan 2008 18:47:21 +0000 may catch this error when you attempt to start dovecot on a Red Hat Enterprise Linux 5.Removing news feeds in Horde, 21 Jan 2008 18:36:49 +0000 you&rsquo;ve used newer versions of Horde with Plesk, you have probably noticed the news feed that runs down the left side of the screen.MySQL Replication: Wrap-up, 15 Jan 2008 18:20:02 +0000 a couple of weeks, my MySQL replication series has come to a close.MySQL Replication: Slave Performance, 14 Jan 2008 18:26:40 +0000;s a few final configuration options that may help the performance of your slave MySQL servers.MySQL Replication: Upgrading the MySQL server, 11 Jan 2008 23:44:54 +0000 you want to make a DBA nervous, just let them know that they need to upgrade MySQL servers that are replicating in a production environment.MySQL Replication: Across an external network, 10 Jan 2008 18:51:39 +0000 many people might find replicating over an external network to be an odd concept, it does have some uses.MySQL Replication: Breakdown, 09 Jan 2008 18:24:03 +0000 some occasions, MySQL replication can break down if an statement comes from the master that makes no sense to the slave.MySQL Replication: Delayed Slaves, 09 Jan 2008 03:11:11 +0000 a perfect world, slaves will contain the same data as the master at all times.MySQL Replication: Horizontal Data Partitioning, 07 Jan 2008 17:57:56 +0000 you have a master with multiple slaves, you can get some performance and save money on hardware by splitting data horizontally among your servers.MySQL Replication: Backups & Data Integrity, 04 Jan 2008 19:39:12 +0000 often overlooked benefit of MySQL replication is the ability to make reliable backups without affecting the integrity of the MySQL data.MySQL Replication: Redundancy, 04 Jan 2008 02:39:11 +0000 performance is a much larger benefit of replication, it provides some redundancy for your application as well.MySQL Replication: Performance, 02 Jan 2008 18:20:05 +0000 replication can increase performance by allowing developers to spread queries over two servers.Seven Step MySQL Replication, 31 Dec 2007 17:51:03 +0000 replication may sound complicated, but it can be done easily.Plesk and qmail: 421 temporary envelope failure (#4.3.0), 04 Dec 2007 18:21:23 +0000 stumbled upon a server running Plesk 8.Table ‘mysql.proc’ doesn’t exist, 29 Nov 2007 18:37:55 +0000 I was asked to create a stored procedure on a MySQL 5.Fixing Horde problems in Plesk 8.1.x/8.2.x with PHP 5.2.5, 28 Nov 2007 18:33:37 +0000;s a few issues with PHP 5.Sort e-mail in Plesk with procmail, 27 Nov 2007 18:27:26 +0000 of my biggest beefs with Plesk&rsquo;s e-mail handling is the lack of server-side filtering.EXT3-fs error (device hda3) in start_transaction: Journal has aborted, 20 Nov 2007 18:23:40 +0000 your system abruptly loses power, or if a RAID card is beginning to fail, you might see an ominous message like this within your logs:Red Hat Perl Issues: unable to call function somefunction on undefined value, 19 Nov 2007 18:19:12 +0000, a recent Red Hat Enterprise Linux update for ES3, 4 and 5 caused some Perl applications to throw errors like these:clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem, 16 Nov 2007 18:11:05 +0000 few days ago, I stumbled upon a server running qmail with qmail-scanner.Change the default Apache character set, 15 Nov 2007 18:09:01 +0000 default, Red Hat Enterprise Linux 4 sets the default character set in Apache to UTF-8.Plesk authorization failed: HTTP request error [7], 14 Nov 2007 18:05:24 +0000 found myself wrestling with a server where the Plesk interface suddenly became unavailable without any user intervention.OpenSSL Tricks, 07 Nov 2007 18:26:24 +0000 a strong CSR and private keyAttractive aterm/rxvt .Xdefaults configuration, 04 Nov 2007 18:04:27 +0000;ve struggled at times to get a decent-looking terminal on my desktop, and I believe I&rsquo;ve found a good one.Enforcing mode requested but no policy loaded. Halting now., 17 Oct 2007 18:17:22 +0000;s a pretty weird kernel panic that I came across the other day:Installing package groups with up2date, 17 Oct 2007 01:14:53 +0000 few days ago, I began to install a group of packages with up2date, and the person next to me was surprised that up2date even had this functionality.Enabling Dr. Web virus scanning for new accounts, 12 Oct 2007 18:35:06 +0000 you&rsquo;re using Plesk 8.mysqldump: Got packet bigger than ‘max_allowed_packet’ bytes, 12 Oct 2007 01:28:17 +0000 you dump table data from MySQL, you may end up pulling a large chunk of data and it may exceed the MySQL client&rsquo;s max_allowed_packet variable.BIND: ‘RRset exists (value dependent)’ prerequisite not satisfied (NXRRSET), 10 Oct 2007 18:13:22 +0000 was recently working on a server where a user on the server was concerned with these log messages:Dovecot: mbox: Can’t create root IMAP folder, 10 Oct 2007 01:05:52 +0000 some situations with dovecot running on your server, you may receive a message from your e-mail client stating that the &ldquo;connection was interrupted with your mail server&rdquo; or the &ldquo;login process failed&rdquo;.Plesk: Error opening /var/lib/squirrelmail/prefs/default_pref, 09 Oct 2007 00:44:48 +0000 brand new Plesk 8.Slow Horde login process with Plesk, 05 Oct 2007 18:35:33 +0000;ve seen quite a few situations where the Horde login process can take upwards of 45 minutes to log a user into the webmail interface.Preventing Plesk 8.2.x from adding up2date sources, 04 Oct 2007 18:29:14 +0000 of the most annoying (and explosive) changes in Plesk 8.Convert MyISAM tables to InnoDB, 04 Oct 2007 03:29:13 +0000 you want to convert a MyISAM table to InnoDB, the process is fairly easy, but you can do something extra to speed things up.Plesk: There is incorrect combination of resource records in the zone, 03 Oct 2007 03:21:19 +0000 another weird Plesk error with terrible grammar popped up on a server that I worked with this week:Plesk 7.5.4: Error: HTTPD_INCLUDE_D not defined, 02 Oct 2007 02:56:20 +0000, this error will pop up when you attempt to restart a Plesk-related service, like httpsd, psa-spamassassin or qmail:Parsing HTML through PHP in Plesk, 28 Sep 2007 18:17:00 +0000 users will want to parse HTML through the PHP parser because one of their applications requires it, or because they think it&rsquo;s a good idea.Session problems with Horde in Plesk with AOL, 28 Sep 2007 02:06:52 +0000 AOL sends their users&rsquo; traffic through proxy servers, this can cause problems with Horde&rsquo;s session handling in Plesk.Counting open files per user, 26 Sep 2007 17:13:44 +0000 the event that your system is running out of file descriptors, or you simply want to know what your users are doing, you can review their count of open files by running this command:Adjusting postfix queue time / lifetime, 18 Sep 2007 22:55:38 +0000 you want to adjust how long postfix will hold a piece of undeliverable mail in its queue, just adjust bounce_queue_lifetime.Yum equivalents of up2date arguments, 17 Sep 2007 22:50:01 +0000 RHEL 5 ditching up2date for yum, many Red Hat users might find themselves confused with the new command line flags.Testing SpamAssassin with GTUBE, 15 Sep 2007 17:14:24 +0000 you have SpamAssassin installed, but you want to make sure that it is marking or filtering your e-mails, simply send an e-mail which contains the special line provided here:Check the modulus of an SSL certificate and key with openssl, 14 Sep 2007 17:13:51 +0000 you create a CSR and private key to obtain an SSL certificate, the private key has some internal data called a modulus.Slow IMAP and POP3 performance with large mailboxes on RHEL 2.1, 12 Sep 2007 13:00:32 +0000 default, Red Hat Enterprise Linux 2.RHEL limitations cheat sheet, 12 Sep 2007 01:01:49 +0000 you find yourself in a pinch, and you don&rsquo;t know the limits of a certain Red Hat Enterprise Linux version, you can find this information in one place.Getting GrowlMail working with Apple Mail in Growl 1.1, 10 Sep 2007 04:44:10 +0000, this is not really related to the normal system administration topics discussed here, but it&rsquo;s Sunday, so I feel like something different.Hunting down annoying web spiders, 08 Sep 2007 22:16:07 +0000 all enjoy having the GoogleBot and other search engine robots index our sites as it brings us higher on search engines, but it&rsquo;s annoying when some user scrapes your site for their own benefit.MySQL binary log rotation, 07 Sep 2007 22:07:17 +0000 you&rsquo;ve run MySQL in a replication environment, or if you&rsquo;ve enabled binary logging for transactional integrity, you know that the binary logs can grow rather quickly.Low priority Plesk backups, 06 Sep 2007 03:27:09 +0000 hear a lot of complaints about Plesk&rsquo;s backup routines and how they can bring a server to its knees.MySQL and InnoDB: Orphaned .frm files, 02 Sep 2007 01:52:00 +0000 an .Postfix: 554 Relay access denied, 31 Aug 2007 01:06:02 +0000;s say you have a user who can&rsquo;t receive e-mail.Apache: Disable TRACE and TRACK methods, 29 Aug 2007 00:27:59 +0000 of PCI Compliance and vulnerability scan vendors will complain about TRACE and TRACK methods being enabled on your server.Use a different IP for sending mail, 28 Aug 2007 03:13:21 +0000 you find yourself in a pinch and you need a temporary fix when your primary IP is blacklisted, use the following iptables rule:Apache: No space left on device: Couldn’t create accept lock, 24 Aug 2007 21:55:30 +0000 error completely stumped me a couple of weeks ago.MySQL couldn’t find log file, 24 Aug 2007 00:24:28 +0000 error will pop up when binary logging is enabled, and someone thought it was a good idea to remove binary logs from the filesystem:POP3 server disconnects immediately after login, 23 Aug 2007 03:54:52 +0000 connecting to your server&rsquo;s POP3 service, your client might provide this error just after authentication:Qmail-smtpd spawns many processes and uses 100% of CPU, 22 Aug 2007 02:47:18 +0000;s not abnormal for qmail act oddly at times with Plesk, and sometimes it can use 100% of the CPU.Change Plesk back to short mail names, 21 Aug 2007 00:46:50 +0000 you have to use short e-mail usernames in Plesk (which is a bad idea), and someone accidentally sets the server to use full usernames, you can force Plesk to go back.MySQL: Errcode: 24 when using LOCK TABLES, 20 Aug 2007 03:07:30 +0000 running into MySQL&rsquo;s open files limit will manifest itself into various error messages, this is the standard one that you&rsquo;ll receive during a mysqldump:Issues with mysqldump and views in Plesk, 18 Aug 2007 17:40:00 +0000 default, views in MySQL 5.MySQL unauthenticated login pile-up, 16 Aug 2007 12:14:21 +0000 MySQL&rsquo;s process list will fill with unauthenticated login entries that look like this:It’s on Digg: Automated MySQL Performance Tuning Script, 15 Aug 2007 03:22:29 +0000 me out!Huge MySQLTuner overhaul, 12 Aug 2007 23:51:05 +0000;ve been flooded with requests for MySQLTuner and I&rsquo;ve answered them this weekend.Using wildcard subdomains in Plesk, 11 Aug 2007 02:19:09 +0000 some situations, you may want to have domain.Correcting Horde problems after upgrading to PHP 5 on Plesk 7.5.x, 11 Aug 2007 02:08:49 +0000 Plesk 7.Urchin: Unable to open database for writing since it has been archived, 10 Aug 2007 01:43:55 +0000 sometimes takes it upon itself to do some weird things, and this is one of those times.MySQL’s query cache explained, 09 Aug 2007 01:42:58 +0000 often misused and misunderstood aspect of MySQL is the query cache.Reset the Urchin admin password, 09 Aug 2007 00:50:45 +0000 you find yourself in the situation where you&rsquo;ve forgotten the Urchin admin password, don&rsquo;t worry.Urchin: Warning! Task scheduler disabled., 09 Aug 2007 00:48:20 +0000 Urchin&rsquo;s task scheduler fails, you&rsquo;ll notice big gaps in your data within Urchin.Adding IP aliases in FreeBSD, 09 Aug 2007 00:35:44 +0000 question I hear quite often is &ldquo;how do I add IP aliases in FreeBSD?MySQL: Missing *.ibd files, 09 Aug 2007 00:22:40 +0000 the InnoDB engine can be tricky due to the ibdata files&rsquo; rather untraditional behavior.Obscure MySQL variable explained: max_seeks_for_key, 03 Aug 2007 22:01:33 +0000 documentation can be awfully flaky - extremely verbose on issues that don&rsquo;t require such verbosity, and then extremely terse on issues that need a lot of explanation.Add custom rules to the Plesk firewall, 03 Aug 2007 02:54:01 +0000 has a (somewhat annoying) default firewall configuration that you can adjust from within the Plesk interface.Generate self-signed certificate and key in one line, 03 Aug 2007 02:48:25 +0000 you need a quick self-signed certificate, you can generate the key/certificate pair, then sign it, all with one openssl line:Plesk: Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start, 03 Aug 2007 02:43:35 +0000 error means that Plesk attempted to make a DNS change and reload named, but it failed.Freeing up file descriptors in Plesk 8.2 with piped Apache logs, 03 Aug 2007 02:39:45 +0000 you&rsquo;ve used Plesk with a large amount of domains, you know what a pain running out of file descriptors can be.Add spam filtering for all users in Plesk, 30 Jul 2007 02:46:10 +0000 two commands will enable SpamAssassin for all users on a Plesk 8 server:Disable X support in FreeBSD, 18 Jul 2007 15:12:40 +0000 to /etc/make.Installing Lighttpd + PHP + FastCGI on FreeBSD, 18 Jul 2007 15:12:06 +0000 portinstall:Upgrading FreeBSD remotely, 18 Jul 2007 15:10:59 +0000 can be best to upgrade FreeBSD in an offline state, but if you do it online, you can do it like this:Importing existing keys and certificates into java keystore files, 18 Jul 2007 15:05:37 +0000 Java keystores at the same time as you create a CSR and key is pretty easy, but if you have a pre-made private key that you want to throw into a keystore, it can be difficult./bin/tar: Argument list too long, 06 Jul 2007 03:11:43 +0000 you find yourself stuck with over 30,000 files in a directory (text files in this example), packing them into a tar file can be tricky.Automatic Plesk login, 06 Jul 2007 03:09:27 +0000 you want to make a quick bookmark that will automatically log yourself into Plesk, make this bookmark:Enable submission port 587 in Postfix, 05 Jul 2007 00:29:36 +0000 submission port support for Postfix is really easy.Check available entropy in Linux, 01 Jul 2007 16:46:11 +0000 servers just have the weirdest SSL problems ever.Active FTP connections through iptables, 01 Jul 2007 16:42:01 +0000 of the main reasons people like passive FTP is that it&rsquo;s easier to get through firewalls with it.Redirect e-mails in postfix based on subject line, 01 Jul 2007 16:37:31 +0000 on your situation, it may be handy to redirect e-mails that have a certain subject line before it even reaches a user&rsquo;s inbox.Repair auto_increment in MySQL, 01 Jul 2007 16:34:03 +0000 corruption in MySQL can often wreak havoc on the auto_increment fields.Enable SSL support in Postfix, 01 Jul 2007 16:31:01 +0000 you have postfix installed with OpenSSL support compiled in, you can enable SSL connections by editing two configuration files.MySQL time zone different from system time zone, 01 Jul 2007 16:29:11 +0000 some situations, the system time zone will be different than the one in MySQL, even though MySQL is set to use the system time zone.Plesk and PHPMyAdmin: Non-static method PMA_Config::isHttps() should not be called statically, 01 Jul 2007 16:27:21 +0000 this situation pops up in Plesk, it means that a user has changed their MySQL password outside of Plesk.Remove all open_basedir restrictions in Plesk, 30 Jun 2007 15:54:49 +0000 you want to remove all of the open_basedir restrictions for all sites in Plesk, simply create a file called /etc/httpd/conf.Basic SNMP Configuration, 27 Jun 2007 23:06:21 +0000 you want to get a really basic, wide-open for localhost setup for SNMP, just toss the following into /etc/snmp/snmpd.Corrupt /dev/null, 19 Jun 2007 02:49:56 +0000 you find that /dev/null is no longer a block device, and it causes issues during init on Red Hat boxes, you will need to follow these steps to return things to normal:500 OOPS error from vsftpd, 14 Jun 2007 23:14:51 +0000 you find yourself with the ever-so-peculiar 500 OOPS error from vsftpd when you attempt to login over SSH, there could be a few different things at play.Adjusting qmail queue time / lifetime, 14 Jun 2007 22:58:01 +0000 you want to adjust how long e-mails will spend in the qmail queue before they&rsquo;re bounced, simple set the queuelifetime:Adjusting sendmail queue time / lifetime, 14 Jun 2007 22:56:27 +0000 default, sendmail will keep items in the queue for up to 5 days.PHP CLI memory limit is different between users and root, 14 Jun 2007 22:53:33 +0000 you find that memory limits differ between root and other users when PHP scripts are run from the command line, there may be an issue with your php.Send Plesk e-mail to /dev/null or blackhole, 14 Jun 2007 22:42:22 +0000 you find yourself needing to send e-mail destined for a certain account to a blackhole or to /dev/null, you&rsquo;ll find very little information from Google.Rebuild RPM file permissions and ownerships, 14 Jun 2007 22:36:47 +0000 you find that someone has done a recursive chmod or chown on a server, don&rsquo;t fret.Replace Urchin license key / serial number, 07 Jun 2007 04:47:52 +0000 something horrible happened to your Urchin license key or you need to replace it with something else, just run this command to change the key:Postgres process listing, 07 Jun 2007 04:44:39 +0000 you&rsquo;re used to SHOW PROCESSLIST; or mysqladmin processlist in MySQL, you might be searching for this same functionality in postgresql.FreeBSD: Limiting closed port RST response, 07 Jun 2007 04:42:13 +0000 of the nifty things about FreeBSD&rsquo;s kernel is that it will limit closed port RST responses, which, in layman&rsquo;s terms, just means that if someone repeatedly hits a port that&rsquo;s closed, the kernel won&rsquo;t respond to all of the requests.Arrow keys in iTerm not working in vi/vim, 01 Jun 2007 03:28:58 +0000 found myself pretty darned frustrated when my arrow keys didn&rsquo;t work in iTerm in vi/vim or other ncurses-based applications.Cisco PIX: Cannot select private key, 28 May 2007 02:10:13 +0000 you receive the following error, your PIX does not have a key set up for use with SSH:Install snort and BASE on FreeBSD, 27 May 2007 22:23:17 +0000 snort from ports on FreeBSD is pretty straightforward, but there are some &lsquo;gotchas&rsquo; that you need to be aware of.Install mysql-server from ports on FreeBSD, 27 May 2007 21:47:13 +0000 mysql on FreeBSD from ports is one of the oddest installations I&rsquo;ve ever completed.Errors with ifup regarding MAC addresses, 27 May 2007 16:44:55 +0000 Redhat, CentOS, Fedora, or any other similar OS provides the following error:Forward e-mail sent to non-existent users in Postfix, 27 May 2007 16:43:08 +0000, Postfix will reject e-mail sent to non-existent users if a catchall isn&rsquo;t present for the specific domain that is receiving mail.rpmdb: Lock table is out of available locker entries, 27 May 2007 16:38:32 +0000 up2date throws some horrible Python errors and rpm says “rpmdb: Lock table is out of available locker entries”, you can restore your system to normality with the following:Remove PHP’s open_basedir restriction in Plesk, 23 May 2007 17:21:58 +0000 you have an open_basedir restriction that is causing issues with a domain, you can remove the restriction easily.Changing the default SSL certificate in Plesk, 22 May 2007 02:16:57 +0000 Plesk is installed, the default certificate for the Plesk interface itself is a self-signed certificate that is generated during the installation.Enable submission port 587 in Sendmail, 21 May 2007 16:08:34 +0000 enable submission access on port 587 in sendmail, add the following to the sendmail.Postgresql not listening on network, 21 May 2007 15:04:12 +0000 some operating systems, postgresql is not configured to listen on the network.Speeding up MySQL, 21 May 2007 03:44:33 +0000 there&rsquo;s one question I get a lot, it would be &ldquo;Hey, how can I speed up MySQL?MySQL connections in sleep state, 21 May 2007 03:26:11 +0000 some servers, you may notice that MySQL is consuming CPU and memory resources when it&rsquo;s not processing any queries.Joomla and Plesk permissions, 21 May 2007 03:13:23 +0000 to a highly awesome technician on my team, we&rsquo;ve discovered the perfect permissions setup for Joomla and Plesk:Remove query strings from URL’s with mod_rewrite, 18 May 2007 14:07:37 +0000 you need to strip query strings from a URL with mod_rewrite, you can use a rewrite syntax such as the following:Relay access denied, 18 May 2007 03:16:06 +0000 you&rsquo;re checking through your mail logs, or you catch a bounced e-mail with &ldquo;554 relay access denied&rdquo; in the bounce, the issue can be related to a few different things:Show hidden dot files in proftpd, 17 May 2007 01:46:59 +0000 you can&rsquo;t see hidden files in proftpd (the files beginning with a dot, like .Add SSL/TLS support to proftpd, 17 May 2007 01:45:37 +0000 enable SSL/TLS support in proftpd, add the following to the proftpd.Plesk submission port (587) for outbound mail, 15 May 2007 14:28:17 +0000 you can&rsquo;t send mail via port 25 due to blocks imposed by your ISP, you can enable the submission port within Plesk pretty easily.Horde refreshes when logging in, 07 May 2007 21:20:51 +0000 you find that Horde (with Plesk) keeps refreshing when you attempt to log in, and there are no errors logged on the screen or in Apache&rsquo;s logs, check the session.Plesk SQL Statements, 27 Apr 2007 15:52:17 +0000 you need to find information about anything in Plesk, here&rsquo;s some SQL statements that you can use:Adding chrooted FTP users outside of Plesk, 27 Apr 2007 15:51:59 +0000 add a chrooted FTP user outside of Plesk properly, you need to:Install PayFlowPro for PHP on RHEL, 26 Apr 2007 22:06:35 +0000 install PayFlowPro, you will need a few things:Add SPF records to all domains in Plesk, 24 Apr 2007 16:28:31 +0000 you find yourself in the situation where you need to bulk add SPF records to every domain in Plesk, you can use this huge one-liner:Can’t find file: ‘horde_sessionhandler.MYI’, 19 Apr 2007 16:38:49 +0000 you get this error, you&rsquo;ve most likely done a file-based MySQL backup restore, and the InnoDB files are hosed.Too many languages – can’t upgrade Plesk license, 19 Apr 2007 13:40:12 +0000 Plesk throws an error that it can&rsquo;t upgrade your license key because of languages, you need to remove the extra locales:Telnet POP3 Commands, 17 Apr 2007 22:28:19 +0000 you ever need to communicate with a POP3 server via telnet to test it, here&rsquo;s some commands you can use:SSL connection to a non-secure port, 17 Apr 2007 22:27:12 +0000 you have weird SSL errors and this one appears, you are trying to speak SSL to a daemon that doesn&rsquo;t understand it:Disable SSH timeouts, 12 Apr 2007 16:15:02 +0000 pretty much completely disable SSH timeouts, simply adjust the following directives in /etc/ssh/sshd_config:Pre-upgrade Plesk Backup, 10 Apr 2007 18:55:06 +0000 you upgrade Plesk, it&rsquo;s always a good idea to make a backup and also make your ip and shell maps:Disable SSLv2 in Lighttpd, 08 Apr 2007 23:26:07 +0000 with most things, turning off SSLv2 in Lighttpd is much easier than in Apache.WordPress permalinks in Lighttpd, 08 Apr 2007 23:21:17 +0000 uses .Lighttpd proxy to Tomcat, 06 Apr 2007 04:41:05 +0000 seems like lighttpd and Tomcat are at the forefront of what is ‘hot&rsquo; these days.Disable reverse lookups with qmail in Plesk, 05 Apr 2007 16:00:53 +0000 disable reverse lookups in qmail with Plesk, simply add -Rt0 to the server_args line in /etc/xinetd.451 Could not complete sender verify callout, 29 Mar 2007 14:17:06 +0000 is one of Exim&rsquo;s more cryptic errors:Setting the hostname in Sendmail, 27 Mar 2007 21:01:26 +0000 you need to change the hostname that Sendmail announces itself as, just add the following to sendmail./bin/rm: Argument list too long, 26 Mar 2007 17:16:55 +0000 you have too many files to remove, try this trick:Reset MySQL root password, 26 Mar 2007 03:27:33 +0000 you&rsquo;ve forgotten the root password for a MySQL server, but you know the system root, you can reset the MySQL root password pretty easily.Apache’s mysterious trailing slash, 23 Mar 2007 13:20:27 +0000 may find that some sites do not work well if you omit a trailing slash on the URL.Adjust max_execution_time for Horde in Plesk, 23 Mar 2007 13:15:41 +0000 times, the wonderful webmail application known as Horde will spin out of control and cause unnecessary resource usage and often cause defunct Apache processes to appear.Exporting SSL certificates from Windows to Linux, 23 Mar 2007 13:11:16 +0000, you have to get the certificate and key out of Windows in a pfx (PKCS #12) format.Forcing HTTPS (SSL) with mod_rewrite, 21 Mar 2007 15:00:15 +0000 you can&rsquo;t use PHP to force HTTPS, you can use mod_rewrite instead.Forcing HTTPS with PHP, 21 Mar 2007 14:27:35 +0000 force HTTPS with a PHP script, just put this snippet near the top:AWStats icons don’t appear in Plesk 8.1, 18 Mar 2007 19:17:26 +0000 AWStats package in RHEL4/Centos4 and Plesk 8.Quick and fancy mail blacklist checking, 12 Mar 2007 00:53:57 +0000 rarely try to toot my own horn, but I&rsquo;ve created a pretty handy site.Stopping Double Bounces in Plesk, 05 Mar 2007 22:50:41 +0000 stop those evil double bounce e-mails in Plesk, just do:Change Primary IP Address in Plesk, 28 Feb 2007 15:36:19 +0000 you need to change to a different primary IP in Plesk, here&rsquo;s the easiest way:Disabling SSLv2 in Plesk, 27 Feb 2007 18:17:02 +0000 disable SSLv2 server-wide on a Plesk server, add this in your /etc/httpd/conf.Disable Dr. Web Notifications in Plesk, 27 Feb 2007 16:10:56 +0000 can edit /etc/drweb/drweb_qmail.Hide Apache Version, 23 Feb 2007 21:07:48 +0000 you want to hide the current version of Apache and your OS, just replaceProFTPD shows incorrect GMT time with Plesk, 21 Feb 2007 19:13:01 +0000 really really strange issue randomly appears with ProFTPD and Plesk occasionally.Chmod and the mysterious first octet, 14 Feb 2007 04:00:52 +0000 you&rsquo;ve ever worked on a linux system, chances are that you&rsquo;ve used chmod many times.Understanding LVM, 14 Feb 2007 03:34:06 +0000 is handy when you want additional flexibility to grow or shrink your storage space safely without impacting filesystems negatively.Measuring raw shell bandwidth, 12 Feb 2007 04:20:06 +0000, so we know it&rsquo;s easy to measure web, ftp and mail traffic, right?Bulk IP update in Plesk, 12 Feb 2007 01:41:49 +0000;s lots of situations where you&rsquo;d want to use a bulk IP change in Plesk:Move domain between clients in Plesk, 12 Feb 2007 01:29:18 +0000 domains from client to client in Plesk is pretty quick from the command line.Finding compromised mail accounts in Plesk, 10 Feb 2007 16:35:23 +0000 odd bounced e-mails are coming back to the server or the server is listed in a blacklist, some accounts may be compromised on the server.Delete single iptables rules, 09 Feb 2007 19:03:18 +0000 can delete them based on what they&rsquo;re doing:Enabling SSL in ProFTPD, 08 Feb 2007 23:28:18 +0000 you need to enable SSL in ProFTPD, try this out:Rewrite for certain IP addresses, 08 Feb 2007 18:26:45 +0000 to redirect all users except for yourself to another site until yours is live?Fighting DDOS attacks in Linux, 07 Feb 2007 13:45:43 +0000 for a SYN flood:Getting the SMTP Auth ID with Plesk, 07 Feb 2007 12:54:29 +0000 you think an e-mail account has been hacked in Plesk, use this to hunt down which one it could be:Cisco Logging to RHEL, 06 Feb 2007 21:48:54 +0000 you have a Cisco device logging to RHEL, here&rsquo;s all that&rsquo;s necessary:Get Plesk e-mail addresses and passwords, 01 Feb 2007 14:33:59 +0000 a handy way to list all the email accounts and their passwords?Treason Uncloaked, 31 Jan 2007 21:58:48 +0000 Treason uncloaked!Wave the Plesk magic wand, 31 Jan 2007 16:01:22 +0000 Plesk ever appears to be out of sync with the configuration files, or if there&rsquo;s a Plesk issue that&rsquo;s occurring that makes no sense at all, just stand back and wave the Plesk magic wand:Make Apache logs mimic IIS, 29 Jan 2007 17:45:22 +0000 make Apache write logs similar to IIS, toss this into your Apache configuration:Moving mail between some Plesk servers, 27 Jan 2007 18:29:24 +0000 you&rsquo;re migrating a domain, sometimes their mail will go to the old server for a while after you&rsquo;ve changed the DNS.Enabling CGI in Apache virtual hosts, 26 Jan 2007 17:12:34 +0000 this to the Apache configuration:Finding usernames and passwords in Plesk DB, 26 Jan 2007 15:12:22 +0000 a username and password from the Plesk DB?Increase MySQL connection limit, 24 Jan 2007 17:21:37 +0000;s default configuration sets the maximum simultaneous connections to 100.Verify that SSLv2 is disabled, 24 Jan 2007 15:57:51 +0000 you&rsquo;re looking to get PCI/CISP compliance, or you just like better security, disable SSL version 2.Plesk admin user can’t login, 24 Jan 2007 15:35:37 +0000, so you&rsquo;ve verified that the correct admin password is being used, but you still can&rsquo;t login?Can’t upload large files in PHP, 24 Jan 2007 15:35:29 +0000, check max_upload_size in php.Argument list too long, 24 Jan 2007 15:35:24 +0000 you have a ton of files in a directory and you need to remove them, but rm says that the &ldquo;argument list [is] too long&rdquo;, just use find and xargs:Strip off www from URLs with mod_rewrite, 15 Jan 2007 19:45:55 +0000 you need to remove subdomains from the URL that users enter to visit your website, toss this into your VirtualHost directive:Sum Apache Bandwidth From Logs, 15 Jan 2007 15:33:09 +0000 you&rsquo;re not a fan of scientific notation, use this to calculate the apache bandwidth used from log files in MB:Repairing the qmail queue, 11 Jan 2007 22:37:07 +0000 are three main things to remember when it comes to the qmail queue:Securing MySQL, 05 Jan 2007 01:46:19 +0000 you work on enough servers, you discover that a lot of people put the security of their MySQL server on the back burner.MySQL Row & Data Limits, 05 Jan 2007 01:24:17 +0000 most folks know, by default, MySQL limits the size of a MyISAM table at 4GB.About Sticky Bits, 31 Dec 2006 03:35:26 +0000 bits help you take file permissions to the next level.Can’t Kill Sendmail Processes, 29 Dec 2006 00:35:18 +0000 you find yourself in the sticky situation where kill -9 still won&rsquo;t kill a sendmail process, check the process list.PHPLive Has No session.save_path, 27 Dec 2006 17:29:52 +0000 this to the virtual host configuration if PHPLive says it has no session.Raising MaxClients? Change ServerLimit., 27 Dec 2006 14:36:40 +0000, if you raise MaxClients for an MPM in Apache, you must raise the ServerLimit directive, which is normally set to 256 on most servers.Rootkit Checks on RHEL, 27 Dec 2006 04:01:45 +0000 you think you have a rooted RHEL box, you&rsquo;ll want to run the usual rkhunter, chkrootkit, and you will want to inspect for rogue processes.Group Editing With FTP, 27 Dec 2006 03:44:55 +0000 you have multiple users that need to read and write to certain files on the filesystem?Fixing Invalid HELO’s, 27 Dec 2006 03:02:40 +0000 your server is spewing an invalid HELO, you could be blacklisted pretty quickly.Postfix – Forwarding Virtual Mailboxes, 27 Dec 2006 02:47:46 +0000 up Postfix to handle mail for a virtual domain and forward it to external mailboxes is pretty easy.