using dedicated server hetzner

4 months ago i’ve started renting a dedicated server at https://www.hetzner.com/ and – so far – i’m quite happy with the service. i’ve picked cheapest suitable hardware from their auctions, after a month of trouble-free usage i’ve switched to quarterly billing. then server has crashed few times with “shutting down cpus with nmi” kernel messages. …

Continue reading ‘using dedicated server hetzner’ »

detecting duplicate network packets from linux command line

while going down the rabbit hole of bed network performance at work we’ve narrowed the problem cause to duplicate packets showing up on a specific segment of leased metro Ethernet service. tshark filter helped us to see when duplicates occurred on monitored link we’ve got pair of computers – A and B connected at both …

Continue reading ‘detecting duplicate network packets from linux command line’ »

fighting a false-positive flagging by multiple antivirus vendors

recently i woke up to this: “Hi, some of our employees are using your application. This morning they have received an upgrade notification (in yellow banner) to get the latest version of your app. Our anti-virus/malware has triggered on your module called “somefile.exe” detected at risk being a “Trojan.Gen.MBT “. below few resources that i’ve …

Continue reading ‘fighting a false-positive flagging by multiple antivirus vendors’ »

apache2 – reverse proxy with sticky sessions and fail-over

i needed to set up apache2 as a reverse proxy that will forward requests to few backends. yes – i know that there are better tools to do it – like haproxy or nginx – but in this case apache2 was preferred for the simplicity of the setup. requirements: sticky sessions – in normal conditions …

Continue reading ‘apache2 – reverse proxy with sticky sessions and fail-over’ »

upgrading firmware on Intel’s SATA SSD drives behind Dell’s h730p RAID

fetch Intel_SSD_Data_Center_Tool from here. the zip archive contained, among other, .deb for 64 bit OS – that worked for me under debian stretch. to see drives run: to upgrade the firmware where 0 corresponds to the Index of drive returned by the first command the same likely works for other LSI/Avago cards – no matter …

Continue reading ‘upgrading firmware on Intel’s SATA SSD drives behind Dell’s h730p RAID’ »

openvpn – “OpenSSL: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small” after upgrade to Debina Buster

another thing to adjust after upgrade to Buster. on openvpn endpoint that in it’s config – /etc/openvpn/whatever.conf – had: dh dh1024.pem the vpn service did not start. tail -f /var/log/syslog showed: apparently the new version of openssl no longer accepts 1024 Diffie Hellman group. solution: and change in /etc/openvpn/whatever.conf – from dh dh1024.pem to dh …

Continue reading ‘openvpn – “OpenSSL: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small” after upgrade to Debina Buster’ »

bind9 fails to start after an upgrade to Debian Buster

i’ve done a routine upgrade to Buster on some server and all went fine… except bind9 no longer started. every attempt to restart it ended up with long waiting and an error message: logs did not contain anything interesting – actually they showed that bind would start and then after ~ a minute was shut …

Continue reading ‘bind9 fails to start after an upgrade to Debian Buster’ »

allowing custom file extensions to be uploaded to wordpress

WordPress restricts types of files you can upload. it not only checks the extension of what you’re adding to the media library but also its mime type. so you cannot fool it by uploading .exe renamed to .jpeg – if you try it, you’ll get an error saying: “Sorry, this file type is not permitted …

Continue reading ‘allowing custom file extensions to be uploaded to wordpress’ »

“error: internal error: unable to execute QEMU command ‘transaction’: Could not create file: Permission denied” when creating a snapshot under KVM

debian buster brings apparmor. apparmor brings problems – eg it’s too restrictive for libvirt KVM guests and does not allow KVM to create snapshot-related files in VM’s folders. so far i did not find a clean and generic way to address it so i had to disable apparmor for libvirt by adding security_driver = “none” …

Continue reading ‘“error: internal error: unable to execute QEMU command ‘transaction’: Could not create file: Permission denied” when creating a snapshot under KVM’ »

let’s encrypt via proxy server under debian

i prefer to have strict DROP policy for the outgoing traffic from production servers. let’s encrypt API endpoint is behind Akamai’s CDN and IP address to which acme-v02.api.letsencrypt.org resolves changes frequently. i don’t like playing whack-a-mole every 3 months so i’ve: set up a squid-based proxy server that allows for filtering based on domain names: …

Continue reading ‘let’s encrypt via proxy server under debian’ »

“Your IT department has turned off signup for Partner Center” when migrating to new Action Pack / Microsoft Partner Center

i got stuck on that one while trying to migrate action pack account to the new MS Partner Center. without the migration it would not let me renew. after 3 attempts i ended up talking with someone competent who found that this error might occur for users who have o365-hosted mails for domain used in …

Continue reading ‘“Your IT department has turned off signup for Partner Center” when migrating to new Action Pack / Microsoft Partner Center’ »