Stoppt die Vorratsdatenspeicherung! Jetzt klicken & handeln!Willst du auch bei der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:

six demon bag

Wind, fire, all that kind of thing!

2020-05-23

Shell Patterns (5) - Locking

This is a short series describing some Bash constructs that I frequently use in my scripts.

Sometimes you need to ensure that a script is doing an operation exclusively, to avoid race conditions in case it had been launched several times in parallel. This kind of concurrency control is called mutual exclusion, or mutex for short. In Bash a mutex can be implemented by terminating or suspending execution unless the script is able to create a lock file.

See more ...

Posted 15:33 [permalink]

Barracuda Backup Reports Missing Drive

Barracuda Backup reports show a warning when the Windows agent cannot find a drive that is supposed to be backed up:

A Volume (drive) that was previously backed up is no longer there and being backed up.: Removing volume X: because it no longer exists.

The vendor documentation has an article that describes how to bring the missing drive back online. But what if the drive was removed on purpose and people just forgot to adjust the backup configuration first? You can't simply change the backup configuration to ignore the drive after the fact, since the drive is already absent and thus cannot be de-selected.

See more ...

Posted 11:05 [permalink]

2020-04-30

Shell Patterns (4) - Limiting Execution Time

This is a short series describing some Bash constructs that I frequently use in my scripts.

Sometimes you want a script to give up on what it's trying to do after some period of time. The simplest way for limiting the time a given statement may take for execution is the timeout command.

$ timout 2 ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.031 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.012 ms
$ echo $?
124

However, timeout is only useful for limiting the execution time of a single (blocking) command. Consider for instance a situation where you deployed a VM or an LXD container, and need to wait for cloud-init to complete on that system. Or a situation where you sent an asynchronous request to a REST API. timeout won't help you there. You need to poll the system or API repeatedly until the respective "operation completed" indicator appears.

See more ...

Posted 22:35 [permalink]

2020-03-23

FRITZ!Box Firewall is Broken

AVM's FRITZ!Box routers have builtin packet filtering capabilities that are configured via the parental controls. However, for some unknown reason the vendor deemed it a good idea to hard-link MAC addresses to IPs (hint: it's not) with no option to override it (hint #2: that's an even worse idea).

See more ...

Posted 16:06 [permalink]

Shell Patterns (3) - Structured Output

This is a short series describing some Bash constructs that I frequently use in my scripts.

On Linux (and many other operating systems) it's common to have regular and error output written to stdout and stderr respectively. In shell scripts you'd use the echo or printf commands for displaying messages, and redirect stdout to stderr for having the message displayed on stderr.

echo 'foo'       # output goes to stdout
echo 'bar' 1>&2  # output goes to stderr

There may be different levels of information that you want to separate from each other, though, like having additional debug output that you don't want to pollute stdout or stderr. For that you can use the file descriptors 3 through 9.

See more ...

Posted 15:22 [permalink]

2020-03-06

Shell Patterns (2) - Error Handling

This is a short series describing some Bash constructs that I frequently use in my scripts.

When writing scripts for automation purposes you normally want the scripts to terminate when something goes wrong. Because terminating in a controlled way is usually better than blindly continuing execution when the assumptions subsequent commands are based on aren't valid anymore.

Bash provides several options for controlling error handling, the most commonly used ones being

  • -e (or -o errexit): Exit immediately when a command terminates with a non-zero exit code.
  • -u (or -o nounset): Treat unset variables and parameters (except for $@ and $*) as errors when expanding them. This prevents problems due to misspelled variables.

There are some issues with using just these two options, though:

See more ...

Posted 17:25 [permalink]

2020-02-29

Non-interactive MongoDB Commandline

MongoDB provides an interactive command shell for working with the database. Which is all nice and dandy, but from an admin and automation perspective it's desirable to also be able to run commands non-interactively. The mongo commandline tool does have a parameter --eval that kind of allows you to do that:

--eval <javascript>
Evaluates a JavaScript expression that is specified as an argument. mongo does not load its own environment when evaluating code. As a result many options of the shell environment are not available.

except that it doesn't play nice when you also want to automatically authenticate via the config file .mongorc.js.

See more ...

Posted 01:29 [permalink]

2020-02-24

Shell Patterns (1) - Logging

This is a short series describing some Bash constructs that I frequently use in my scripts.

What do you do when you run fully automated scripts in the background, but still want to keep track of what they're doing and, more importantly, when something goes wrong? The answer is, of course, you log what the script is doing (or is about to do).

There are two commonly used ways of implementing logging in Bash scripts:

Personally, I prefer the latter, since it allows not only for managing log files independently of the process creating the log output, but also for filtering log data and/or forwarding it to a central loghost.

See more ...

Posted 20:47 [permalink]

2019-12-31

Social Justice Overflow

When the statement about my stance on neopronouns was deleted from my Stack Exchange profiles for the first time I posted a question on Meta Stack Exchange asking for the reason of the deletion (since none had been given). In the same question I also documented the abysmal (lack of) responses from both moderators and corporate SE.

This question has now been deleted (on Christmas day no less). Apparently some SJWs don't like being reminded of their own bigotry.

But of course I am willing (and capable) of preserving the question for posteriority. Screenshot below. Click on the image to go to the deleted question on Meta SE (requires 10k+ reputation).

See more ...

Posted 04:39 [permalink]

2019-11-22

Good Riddance Stack Overflow

A while ago Stack Overflow updated their Code of Conduct to mandate the use of user-specified pronouns. To which I had this to say:

Should I ever get suspended over something stupid like using the "wrong" pronoun nobody needs to bother re-enabling my account. I will be gone permanently.

I don't have a problem using gender-neutral language. However, I will not look up someone's "pronoun du jour" just so that I may address them "correctly", and I absolutely refuse to use "neopronouns". How anyone can look at this and not realize the lunacy in it is beyond me. The attempt to enforce the use of made-up pronouns has nothing to do with being inclusive or respectful. It's a power-trip for some social justice warriors that doesn't have any merits at all, and it will be weaponized.

These neopronoun shenanigans are pure unbridled insanity, and future generations will look back and ask "What on Earth were they thinking?"

Today my Meta Stack Exchange account got suspended over my stance on the use of neopronouns. In addition to that the statement cited above was removed from all of my network profiles for the second time, in direct contradiction to what used to be the policy (at least as far as I'm aware).

So, as promised, I'm terminating all of my activity on Stack Overflow and all other Stack Exchange network sites effective immediately. Stack Overflow (the company) seems to be of the mind that they can survive on questions and social justice alone these days. I guess we'll find out how well that's going to work for them.

Goodbye.

Posted 17:56 [permalink]

2019-11-13

Catching Exceptions in PowerShell Default Output Formatting

Yesterday I came across a question on StackOverflow that turned out to be rather interesting. The person asking the question used code similar to the below snippet for validating user credentials:

$user = 'user'
$pass = 'pass'
$path = 'LDAP://' + ([ADSI]'').DistinguishedName

New-Object DirectoryServices.DirectoryEntry ($path, $user, $pass)

which produces errors like this when the computer is not a member of a domain:

See more ...

Posted 20:46 [permalink]

2019-05-06

Run a time server in an LXC container

Running a network time server in an LXC container normally doesn't work even if you run the container in privileged mode. The reason is that containers drop certain capabilities upon startup for security reasons (sys_module, mac_admin, mac_override, sys_time).

See more ...

Posted 21:38 [permalink]

2019-05-05

Firefox extensions disabled due to expired intermediate CA certificate

As most people probably know by now Mozilla fucked up the certificate chain for Firefox extensions. Great. And their proposed (temporary) fix is "just enable telemetry for us, and you'll probably get the fix in the next couple hours". Let me think about that for a moment ...

See more ...

Posted 12:59 [permalink]

2017-09-29

LXD upgrade fails on Ubuntu 16.04 without Systemd

Recently I tried to install LXD (Canonical's container manager) from backports on a Ubuntu 16.04 system (running without Systemd). The version shipping with the system (2.0) doesn't suffice, because I need the new storage API that was introduced with LXD 2.15. However, upgrading to the backports package failed post-install:

invoke-rc.d: initscript lxd, action "start" failed.
dpkg: error processing package lxd (--configure):
 subprocess installed post-installation script returned error exit status 1
Processing triggers for ureadahead (0.100.0-19) ...
Errors were encountered while processing:
 lxd
E: Sub-process /usr/bin/dpkg returned an error code (1)

Which was weird, since the upgrade had worked for me before.

See more ...

Posted 13:57 [permalink]

2017-08-07

Generate a Solr Password Hash

Recent versions of Solr allow restricting access via authentication and authorization plugins, for instance the basic authentication plugin. The documentation shows an example security.json that you can upload into Zookeeper (assuming that you're running SolrCloud).

See more ...

Posted 22:15 [permalink]

2017-08-04

Useful settings for grub on Debian

Boot a kernel just once

If you want to test a new kernel without having access to the console you need to make sure that the system comes back up with the old kernel if the new one panics. Add a setting panic=2 to the kernel commandline in /etc/default/grub to have the system automatically reboot in case of a kernel panic, and tell grub to boot a saved kernel by default:

GRUB_DEFAULT="saved"
GRUB_CMDLINE_LINUX="panic=2"

See more ...

Posted 01:45 [permalink]

IPMI interface network configuration from Linux

Load the relevant modules, either via modprobe or by entering them into /etc/modules (so they're loaded automatically on the next system startup).

modprobe ipmi_devintf
modprobe ipmi_si

See more ...

Posted 00:36 [permalink]

2017-04-01

Reset VSS Writers

VSS writers are application-specific components for Microsoft's Volume Shadow Copy Service, which ensure the consistency of application data when a shadow copy is created. That's quite useful for creating consistent backups of a system. However, some of these writers go into error states more or less frequently. And Microsoft did not deem it necessary to document how to reset writers without rebooting the entire system (or at least I didn't manage to find that piece of information).

See more ...

Posted 16:19 [permalink]

2017-03-21

Verifying checksums on Windows systems - correctly

Posted here, since the Fedora people apparently can't be bothered to fix their documentation.

In January 2016 I came across this question on StackOverflow, asking about an OutOfMemory error when validating the SHA256 checksum of a Fedora ISO image. The Fedora documentation suggested reading the full file and then calculating the checksum from the bytes:

$sha256.ComputeHash([System.IO.File]::ReadAllBytes("$PWD\$image"))

Why anyone would even want to read an entire ISO image into memory for a checksum calculation is beyond me. The recommended way of doing this is to open the file as a stream and calculate the checksum on that stream:

See more ...

Posted 00:24 [permalink]

2016-12-17

Disable AVAHI Daemon on Debian

To prevent the AVAHI daemon on Debian systems from running without actually uninstalling the package avahi-daemon or touching the runlevels do this:

touch /var/run/avahi-daemon/disabled-for-unicast-local
sed -i 's/^#\?\(AVAHI_DAEMON_DETECT_LOCAL\)=.*/\1=1/' /etc/default/avahi-daemon
service restart avahi-daemon

I've seen people suggest putting a line exit 0 into /etc/default/avahi-daemon, but I wouldn't recommend that, because it would prevent not only starting the daemon, but also stopping it.

Posted 13:31 [permalink]