tech – Page 3 – .pQd's log

drac5 / 6 with latest java 1.8.60

2015-09-242015-09-24 by .pQd

new java, new headaches. but my colleague figured a way how to get the ip kvm working again with the latest java. here are his findings: ingredients: windows 8.1, j2se 1.8.60, firefox 41 or chrome 45.0.2454.99: go to the Control panel > java in the General tab: Settings > Delete files – mark all the ... Read More

more smaller icons in the windows 8 alt+tab / cool switch

2015-07-242015-07-24 by .pQd

recently i’ve moved from win7 to win8. i tend to have dozens of applications open and the default number of programs displayed after pressing alt+tab in win8 is too low. this registry change brings the win7-alike layout and adds more columns and rows: you might want to log off and log on for all the ... Read More

squid3 no longer working after upgrade to jessie

2015-06-20 by .pQd

on one of the servers i’ve just upgraded to jessie i got my squid3 bricked. i could see the process in ps, yet it did not listen on tcp/3128: restarting it did not give anything interesting in /var/log/squid3/cache.log: after a while of clueless googling i thought – maybe there’s some problem with communication over loopback. ... Read More

audit/access logs in samba

2015-05-07 by .pQd

i’ve ‘convinced’ my samba running under debian wheezy/jessie to provide me access audit logs without being too verbose. here’s how.

upgrade from wordpress 4.1.x to 4.2.x broke my menu editor

2015-05-032015-05-03 by .pQd

i’ve done a routine upgrade of wordpress 4.1.x to 4.2 and later 4.2.1. all seemed fine until the day i wanted to manually adjust the menu structure using wp-admin > appearance > menus. each attempt of saving my menu resulted in it being wiped out completely

openvpn – TLS Error: local/remote TLS keys are out of sync and VPN restarts

2015-04-302015-05-03 by .pQd

one day an openvpn that used to carry traffic for the last 7 years started to misbehave. openvpn’s own built in watchdog was restarting it every few minutes. one of the tunnels endpoints – a- is behind NAT that we don’t control, another – b – is a host with public ip address.

“Error when reading form SSL socket connection” when accessing DRAC5

2015-02-192015-02-19 by .pQd

we still have bunch of servers with DRAC5 cards. after upgrade to java 8u31 java-based kvm console stopped working. it gives: “error when reading from SSL socket connection.” message box during startup and that’s it.

BLKDE3815TYKH0E headaches

2014-11-19 by .pQd

we’re setting up a small computer that will act as vpn end-point. we decided to try something smaller this time – BLKDE3815TYKH0E. as it turned out it’s not as well polished as one would expect from intel. my colleagues had to pull out debian wheezy usb pend-rive with the installer to be able to finish ... Read More

sip-audio-session, new libxml2

2014-11-102015-07-19 by .pQd

i’m using nagios to wake me up. not every day – only when there’s some outage. i have pair of nagios servers – one in Sweden, one in Poland – they cross-check one another and – for the most critical problems – send sms and make a phone call. for sms’es i’m using budgetsms.net, for ... Read More

xwiki, html macro tag and unwanted javascript

2014-11-012014-11-03 by .pQd

xwiki – by default – allows contributors to embed arbitrary html, including javascript. it does not take much effort to include something like: then you just need to lure your victim into visiting given wiki page while being logged – you’ll get a http request containing that person’s cookie that can be re-used to impersonate ... Read More

bridge on vlans on active-backup bonding under debian

2014-10-232017-08-21 by .pQd

the idea: i’d like to run kvm/lxc on debian, have guests bridged to couple of vlans and handle the network failover on the host level. network failure should be detected using arp probes not just the link [ mii ] status. after few attempts i got it working in the test environment.

useful tools for [web] malware removal

2014-10-152014-10-15 by .pQd

http://sitecheck.sucuri.net/ for checking if a live website is referring to some malicious js / having unwanted iframes https://www.rfxn.com/projects/linux-malware-detect/ and http://www.clamav.net/index.html and http://www.eset.com/ for scanning files for unwanted conten from the command line:

debian on dell poweredge 13th gen – r630

2014-10-082014-10-10 by .pQd

i’ve received for testing a new dell r630. before buying few of those i wanted to make sure that debian wheezy has kernel including all the needed drivers. it seems that it has.

lxc under debian: flood of “init: Id “4” respawning too fast: disabled for 5 minutes” in the syslog and large /var/log/wtmp

2014-09-232014-11-04 by .pQd

docker seems to be the new fad… which i don’t use at all; but i’m quite happy with lxc and have it deployed in the production on couple of servers.

UNION instead of OR in MySQL

2014-09-202014-10-10 by .pQd

i have MySQL that is run on arrays of increasing size: i remembered that the query optimizer will not be able to use existing indices for lastModified columns but.. the query execution time was acceptable, so i did not bother. recently much more data was added and query above, repeated quite often, caused a lot ... Read More

fsck on truecrypt

2014-07-102014-07-10 by .pQd

it’s high time to move away from truecrypt [ which i’m doing by moving to luks and btrfs on the top of it for extra thrills ], but i still have bunch of places that were not moved to the alternative full disk encryption. what do do when after unclean shutdown this happens: ?

OVH, failover IPs, IPv6, VMs

2014-06-152014-08-16 by .pQd

at work we rent a dedicated server from OVH; except unexplained openvpn throttling all is working pretty well for the price we pay. besides primary IPv4 address OVH can provide few additional ‘failover’ IPv4 addresses and /64 IPv6 subnet. in our setup some of IPv4s and IPv6s are routed to a KVM VM. below – ... Read More

forcing specific bonding slave network interface to be used as primary

2014-05-172014-05-17 by .pQd

sometimes after few lan failovers linux decides to use different bonding slave than i’d like it to. solution – remove from the bond interface acting as undesired master and then re-add it: … and nagios stops nagging.

timing execution of piped commands

2014-05-072014-05-07 by .pQd

idrac7 + ipmitool stopped working with firmware 1.56.55

2014-04-232014-07-07 by .pQd

i use ipmitool to check health of the poweredge servers from nagios. in essence i execute: and alert if the exist code is non-zero, then i execute and again – i alert on non-zero exit code, i also grep the file in search of lines not containing ok/ns. this was working fine for DRAC 5 ... Read More