here’s what i did to get dbeaver 7.3.2 + oracle’s JDBC mysql-connector-java-8.0.17.jar work with manticoresearch 3.5.4: /etc/manticoresearch/manticore.conf, under searchd: in dbeaver – new connection using oracle’s JDBC driver as above, under data editor – set ResultFetchSize to 0 to prevent errors like this: when i initially tried to get it working with JDBC driver from …
Continue reading ‘letting dbeaver talk with manticoresearch’ »
let’s say you have KVM VM with Linux and you’d like to resize its qcow2-backed disk without shutting down VM.
UDP packets sent from specific source port, with public source IP address do not reach specific destination port of the public destination IP address. changing any of the parameters [ usually source port ] – fixes the issue. i’ve observed this phenomenon multiple times for long-running OpenVPN and Wireguard VPNs encapsulating encrypted traffic in UDP …
Continue reading ‘black hole, somewhere in the internet, swallowing UDP packets’ »
i’ve spent most of the last week investigating spooky HTTP request that we’ve found in access logs of few production servers. very likely that traffic was replayed by mail content scanners used by messagelabs and mimecast.
UPC turns your cable modem into WiFi hot-spot available for others. outrageous! and i’ve been using it for quite a while – it generally works. below – how to connect OpenWRT or Mikrotik to such connection.
4 months ago i’ve started renting a dedicated server at https://www.hetzner.com/ and – so far – i’m quite happy with the service. i’ve picked cheapest suitable hardware from their auctions, after a month of trouble-free usage i’ve switched to quarterly billing. then server has crashed few times with “shutting down cpus with nmi” kernel messages. …
one of my KVM VMs keeps data on BTRFS on top of encrypted LUKS drive. that drive is a block device passed from virtualization server to VM… a block device which is mdadm software RAID10. below – steps taken to resize it.
while going down the rabbit hole of bed network performance at work we’ve narrowed the problem cause to duplicate packets showing up on a specific segment of leased metro Ethernet service. tshark filter helped us to see when duplicates occurred on monitored link we’ve got pair of computers – A and B connected at both …
Continue reading ‘detecting duplicate network packets from linux command line’ »
recently we needed to expand storage space available on one of our servers. originally it was using RAID10 on 4 4TBSSD drives handled by Dell’s PERC h730p controller, we wanted to add 2 more 4TB drives and go from 8 to 12TB array. we’ve decided to be brave and use RAID10 -> RAID10 array expansion. …
in one context i need to pull backup from server C to server A. normally i’d use rsync with direct ssh connection as a transport method. in this particular case C is not directly reachable from A, so i need to use ssh tunneling to connect from A to C via jump-host B: public ssh …
recently i woke up to this: “Hi, some of our employees are using your application. This morning they have received an upgrade notification (in yellow banner) to get the latest version of your app. Our anti-virus/malware has triggered on your module called “somefile.exe” detected at risk being a “Trojan.Gen.MBT “. below few resources that i’ve …
Continue reading ‘fighting a false-positive flagging by multiple antivirus vendors’ »
i needed to set up apache2 as a reverse proxy that will forward requests to few backends. yes – i know that there are better tools to do it – like haproxy or nginx – but in this case apache2 was preferred for the simplicity of the setup. requirements: sticky sessions – in normal conditions …
Continue reading ‘apache2 – reverse proxy with sticky sessions and fail-over’ »
Apache Guacamole is a clientless remote desktop gateway – with it you can access RDP-enabled Windows PC using ordinary web browser and HTTP[S]. below – notes taken while setting it up under Debian 10.
internet-wide scanners: https://censys.io/ https://www.shodan.io/ ssl: https://www.ssllabs.com/ smtp: https://www.mail-tester.com/ dns: http://dns.squish.net/
fetch Intel_SSD_Data_Center_Tool from here. the zip archive contained, among other, .deb for 64 bit OS – that worked for me under debian stretch. to see drives run: to upgrade the firmware where 0 corresponds to the Index of drive returned by the first command the same likely works for other LSI/Avago cards – no matter …
Continue reading ‘upgrading firmware on Intel’s SATA SSD drives behind Dell’s h730p RAID’ »
after an upgrade to debian buster i’ve noticed that both iostat -x 1 and munin’s diskstats_utilization report that NVMe drives are busy most of the time. some empirical tests showed that disks are actually idle, performance did not drop. upgrade to 5.2 kernel resolved the miss-reporting issue.
another thing to adjust after upgrade to Buster. on openvpn endpoint that in it’s config – /etc/openvpn/whatever.conf – had: dh dh1024.pem the vpn service did not start. tail -f /var/log/syslog showed: apparently the new version of openssl no longer accepts 1024 Diffie Hellman group. solution: and change in /etc/openvpn/whatever.conf – from dh dh1024.pem to dh …
i’ve done a routine upgrade to Buster on some server and all went fine… except bind9 no longer started. every attempt to restart it ended up with long waiting and an error message: logs did not contain anything interesting – actually they showed that bind would start and then after ~ a minute was shut …
Continue reading ‘bind9 fails to start after an upgrade to Debian Buster’ »
WordPress restricts types of files you can upload. it not only checks the extension of what you’re adding to the media library but also its mime type. so you cannot fool it by uploading .exe renamed to .jpeg – if you try it, you’ll get an error saying: “Sorry, this file type is not permitted …
Continue reading ‘allowing custom file extensions to be uploaded to wordpress’ »
debian buster brings apparmor. apparmor brings problems – eg it’s too restrictive for libvirt KVM guests and does not allow KVM to create snapshot-related files in VM’s folders. so far i did not find a clean and generic way to address it so i had to disable apparmor for libvirt by adding security_driver = “none” …