six demon bag
Wind, fire, all that kind of thing!
Yesterday I came across a question on StackOverflow that turned out to be rather interesting. The person asking the question used code similar to the below snippet for validating user credentials:
$user = 'user' $pass = 'pass' $path = 'LDAP://' + ([ADSI]'').DistinguishedName New-Object DirectoryServices.DirectoryEntry ($path, $user, $pass)
which produces errors like this when the computer is not a member of a domain:
Posted 20:46 [permalink]
Running a network time server in an LXC container normally doesn't work even if you run the container in privileged mode. The reason is that containers drop certain capabilities upon startup for security reasons (
Posted 21:38 [permalink]
As most people probably know by now Mozilla fucked up the certificate chain for Firefox extensions. Great. And their proposed (temporary) fix is "just enable telemetry for us, and you'll probably get the fix in the next couple hours". Let me think about that for a moment ...
Posted 12:59 [permalink]
Recently I tried to install LXD (Canonical's container manager) from backports on a Ubuntu 16.04 system (running without Systemd). The version shipping with the system (2.0) doesn't suffice, because I need the new storage API that was introduced with LXD 2.15. However, upgrading to the backports package failed post-install:
invoke-rc.d: initscript lxd, action "start" failed. dpkg: error processing package lxd (--configure): subprocess installed post-installation script returned error exit status 1 Processing triggers for ureadahead (0.100.0-19) ... Errors were encountered while processing: lxd E: Sub-process /usr/bin/dpkg returned an error code (1)
Which was weird, since the upgrade had worked for me before.
Posted 13:57 [permalink]
Recent versions of Solr allow restricting access via authentication and authorization plugins, for instance the basic authentication plugin. The documentation shows an example
security.json that you can upload into Zookeeper (assuming that you're running SolrCloud).
Posted 22:15 [permalink]
Boot a kernel just once
If you want to test a new kernel without having access to the console you need to make sure that the system comes back up with the old kernel if the new one panics. Add a setting
panic=2 to the kernel commandline in
/etc/default/grub to have the system automatically reboot in case of a kernel panic, and tell grub to boot a saved kernel by default:
Posted 01:45 [permalink]
Load the relevant modules, either via
modprobe or by entering them into
/etc/modules (so they're loaded automatically on the next system startup).
modprobe ipmi_devintf modprobe ipmi_si
Posted 00:36 [permalink]
VSS writers are application-specific components for Microsoft's Volume Shadow Copy Service, which ensure the consistency of application data when a shadow copy is created. That's quite useful for creating consistent backups of a system. However, some of these writers go into error states more or less frequently. And Microsoft did not deem it necessary to document how to reset writers without rebooting the entire system (or at least I didn't manage to find that piece of information).
Posted 16:19 [permalink]
Posted here, since the Fedora people apparently can't be bothered to fix their documentation.
In January 2016 I came across this question on StackOverflow, asking about an OutOfMemory error when validating the SHA256 checksum of a Fedora ISO image. The Fedora documentation suggested reading the full file and then calculating the checksum from the bytes:
Why anyone would even want to read an entire ISO image into memory for a checksum calculation is beyond me. The recommended way of doing this is to open the file as a stream and calculate the checksum on that stream:
Posted 00:24 [permalink]
To prevent the AVAHI daemon on Debian systems from running without actually uninstalling the package
avahi-daemon or touching the runlevels do this:
touch /var/run/avahi-daemon/disabled-for-unicast-local sed -i 's/^#\?\(AVAHI_DAEMON_DETECT_LOCAL\)=.*/\1=1/' /etc/default/avahi-daemon service restart avahi-daemon
I've seen people suggest putting a line
exit 0 into
/etc/default/avahi-daemon, but I wouldn't recommend that, because it would prevent not only starting the daemon, but also stopping it.
Posted 13:31 [permalink]
Recently I was tasked with forwarding logs to a central
log server - in this case JVM garbage collector logs
from Solr instances. Normally not a big deal. Configure log rotation (to
avoid filling the disk), then have rsyslog read the active
log file via an
Sounds simple, right? Until you realize that JVM log rotation
marks the active log with the extension
.current and rotates that
extension instead of actually rotating the logs.
Posted 23:23 [permalink]
If you're using Apache Spark and run into an issue where your workers fail to start, make sure that the workers use the same
SPARK_MASTER_IP value that was used when starting the master. You can see it in the top left corner of the master's web interface:
Posted 21:37 [permalink]
API documentation is nice, and being able to generate it from the code is even nicer. However, unlike Perl, Python, Java, or several other languages, VBScript doesn't have a feature or tool that supports this. Which kinda sucks.
I tried VBDOX, but didn't find usability or results too convincing. I also tried doxygen by adapting Basti Grembowietz' Visual Basic doxygen filter. However, doxygen does a lot of things I don't actually need, and I didn't manage to make it do some of the things I do need. Thus I ended up writing my own VBScript documentation generator.
Posted 16:31 [permalink]
Recently I noticed that I was no longer able to delete scheduled tasks on my Windows 7 test box, even though I created them myself. Deletion attempts failed with the following error:
The user account does not have permission to delete this task.
Deleting my own tasks works fine in a vanilla install of Windows 7 SP1, so the issue must have been introduced by some update along the way. I had to modify the permissions on
C:\Windows\System32\Tasks to get it to work again:
icacls "C:\Windows\System32\Tasks" /grant "Authenticated Users":(RD)
Granting "list folder/read data" on the folder itself was sufficient, since the task files are owned by the user creating them and the
CREATOR OWNER principal has full access to subfolders and files.
Posted 19:51 [permalink]
Barracuda Networks provide agents for their backup appliance for various operating systems. Unfortunately the Linux agent (unlike the Windows agent) does not come with an option for a silent installation, and it doesn't look like the vendor can be bothered to do anything about it.
Instead of being able specify a path on the commandline (or at least force a silent installaton to the default path) you're always prompted for the path where the agent should be installed:
/tmp # tar xzf barracuda_backup_agent-x.x.x.tar.gz /tmp # cd barracuda_backup_agent-x.x.x /tmp/barracuda_backup_agent-x.x.x # ./install Please choose an installation path, or press enter for default. [/usr/local/barracuda/bbs]: _
Posted 01:13 [permalink]
If you have a
DataTable object in PowerShell and you want to persist that object as a file (and restore it back to a
DataTable object sometime later) the naïve approach would be to export the (tabular) data to a (tabular) CSV:
$dt | Export-Csv -Path 'C:\path\to\table.csv' -NoType
However, the problem with this approach is that you lose the type information for the columns of the datatable (the only type information saved by the
Export-Csv cmdlet is about the type of the objects representing the rows). Also, there's no simple way to restore the CSV back to a datatable.
Posted 17:01 [permalink]
If you have a live migration fail with an error like this:
Live migration of 'Virtual Machine VM01' failed.
Virtual machine migration operation for 'scvmm_instance' failed at migration source 'Hypervisor01'. (Virtual machine ID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)
The Virtual Machine Management Service failed to establish a connection for a Virtual Machine migration with host 'Hypervisor02': The specified target is unknown or unreachable (0x80090303).
The Virtual Machine Management Service failed to authenticate the connection for a Virtual Machine migration at the source host: The specified target is unknown or unreachable (0x80090303).
check that both hypervisors have the required SPNs registered.
Posted 17:22 [permalink]
On one of my servers a query for DB2 backups in TSM (
db2adutl query full db DBNAME) failed with the following error:
Error: Initialize environment failed with TSM return code 106
dsmrc.h return code 106 indicates a permission problem:
#define DSM_RC_ACCESS_DENIED 106 /* denied due to improper permission */
which was weird, since the user in question is a member of the DB2ADMNS group that is supposed to have all required permissions.
Posted 23:39 [permalink]
Even for DB2 10.5 the official documentation says to use the
db2cmd command for a Command Line Processor enabled environment on Windows:
On Windows operating systems, db2cmd command opens the CLP-enabled DB2® window, and initializes the DB2 command line environment.
However, being able to use PowerShell instead of
db2cmd would be much nicer, since the former is far more versatile in practically every respect (control structures, output processing, file handling, etc.).
Posted 01:38 [permalink]
As you can see my blog now has a fancy tag cloud. This is my first attempt at a Blosxom plugin, and I'm quite proud of it. *^_^*
I've already been using Gregor Rayman's keywords plugin for auto-generating the keywords meta tag, so I wanted something based on that rather than having to use an additional tag line as required for the tagcloud plugin. The tag cloud is generated from the keywords with the
HTML::TagCloud Perl module, and I'm using Fletcher Penney's find plugin for linking to blog posts that match the respective keyword. The find plugin also gives me a nice search box (another thing I've been wanting to add for a while). Sweet.
The keywords and find plugins are included, since their homepages don't seem to be online anymore. Also included is a patch for
HTML::TagCloud that allows for case-insensitive sorting.
Posted 20:37 [permalink]