2018
Workaround blocked attempt to grant extra privileges on GKE due to RBAC
While attempting to deploy an awesome set-it-and-forget-it volume snapshot solution for my GKE cryptocurrency mining pool empire, I stumbled across the following error when trying to create the necessary RBAC ClusterRoleBinding:
How I removed a file from my git repo history
While making my most recent commit to my blog, I discovered (after the fact) that I’d accidentally committed a screenshot from a customer project, into my /images/ subdirectory.
In appreciation of bare (naked) double-D(ashes)
Today I was trying to grep through a directory structure full of PHP code, looking for a function which, inexplicably, returned -6.
Bookmarks of note / August 16, 2018
- Automatically install build dependencies prior to building an RPM package → A handy tip re quickly installing all the dependencies for a .SPEC file
Bookmarks of note / July 23, 2018
- How do I figure out my Google OpenID URL? → Useful if you have an old app (hello, crofflr) which still has your account tied to your Google account via OpenID
OpenStack LBAASv2 failed connection debugging
I deployed Load-Balancer-As-A-Service (LBAAS) in my lab OpenStack deployment early on, and it worked (setup in Horizon) as advertised (load-balancing inbound HTTP connections to multiple docker swarm nodes), until I broke the stack by fiddling with MTU settings.
GPU transcoding with Emby / Plex using docker-nvidia
How to use nvidia-docker to transcode with Emby / Plex using your GPU
Should you do microcode updates?
A colleague and I were discussing my recent rant re a RedHat-issued kernel update breaking VMs on all my AMD systems. Notwithstanding the fact that my RedHat bug report about the issue is set to “private” and Bugzilla (1990 called wants its UI back, to hang out with Miranda IM) won’t let me change it, he asked me “we’ve applied the latest microcode, right?”
Wife-friendly script to transfer media to USB from linux server
KVM VMs on kernel-2.6.32-696.30.1.el6.x86_64 on AMD-based hypervisor fail to boot
At DayJob(tm), we run several older AMD-based KVM VM hosting platforms, running AMD FX 8150 CPUs on Gigabyte 990FXA-D3 motherboards.
What is TurtleCoin and why do I care?
What is this silly-named coin and why are you mining it?
A 2-Year Stanford Study Shows the Astonishing Productivity Boost of Working From Home →
A gratifying result on a study re the benefits of remote work. Mirrors my own experience. I deal with the “isolation problem” by doing video calls with colleagues where possible (vs phone calls).
Bookmarks of note / May 13, 2018
Post-mortem review : DayOne sync outage and private data exposure
Lessons from a series of predictable, avoidable failures
2017
AutoPirate : SABnzbd and friends in a docker swarm
Here’s a recipe for SABnzbd and friends (Radarr, Sonarr, Mylar, NZBHydra, Ombi) in a docker swarm
OpenVPN client under docker
How to get openvpn client in a docker container
The geekiest thing I’ve done in 2017
I was recently asked what the geekiest thing I’ve done recently is…
NAT on pfsense with multilple OpenVPN instances
Accessing older iDRAC virtual consoles on MacOS
I recently inherited some 2012-era Dell servers for development purposes. I wanted to use remote console to reinstall the OS, but ran into two problems:
Miniflux, lightweight self-hosted rss reader
Tiny Tiny RSS vs Miniflux
Bookmarks of note / August 19, 2017
DigitalOcean vs. Linode vs. Vultr vs. OVH vs. Scaleway
→ A thorough comparison of popular VPS providers
Archive blog to DayOne using RSS
Create DayOne journal entry for every new item on RSS feed
Getting started visualizing IOT data with Grafana
Getting started with Grafana
Bookmarks of note / July 15, 2017
Bookmarks of note / July 13, 2017
Bookmarks of note / July 12, 2017
Bookmarks of note / July 11, 2017
Two-factor authentication is a mess - The Verge
→ Illustrating how usability is a critical component in “security”
Recovering from ‘_nova_to_osvif_vif_binding_failed’
Or how to catastrophically break (and recover) your nova compute node with a failed live-migration
Bookmarks of note / July 05, 2017
MySQL skip duplicate replication errors - MDLog:/sysadmin
→ This came in handy today, to eliminate the pain caused by an application updating both the master and the replicated slave database. Fixing these is normally a huge PITA involving table-level locking on the production database. No longer!
The Busier You Are, the More You Need Quiet Time →
It’s about taking a temporary break from one of life’s most basic responsibilities: Having to think of what to say.
Bookmarks of note / July 02, 2017
The SR-71 speed check story - SR71
→ A positive story, even better since it’s true. I bet the book (mentioned in the comments) would be really interesting
Bookmarks of note / July 01, 2017
The following are interesting links I’ve stumbled across recently:
PC rebooted every time user flushed the toilet →
A funny illustration that familiarity with a broad set of disciplines improves overall results
Implicit 2TB limit breaks Instapaper for 31 hours →
What you don’t know can hurt you
Revealed: Facebook exposed identities of moderators to suspected terrorists →
This should have better thought through
How to Make $80,000 Per Month on the Apple App Store →
An analysis of scam apps on the Apple App Store
Mastodon with nginx-gen and letsencrypt
Speedbumps setting up a mastodon instance
A Year of Google Maps & Apple Maps →
A great analysis of incremental changes to the Google Maps UI, and exposition of the strategy behind it
LVM-backed devicemapper for Docker on CentOS 7.3
Changing from overlay to devicemapper
1Password adds travel mode for protection from border seizures →
Sadly, a very sensible precaution
How Basic Performance Analysis Saved Us Millions - Heap Blog →
The significant saving in money and performance that can be gained by questioning assumptions.
12 Ways Your Phone Is Changing You →
A Christian perspective on the effects (good and bad) our tech is having on us
Is My Password Secure? NIST Advises Against Periodically Changing Passwords →
Enforcing password aging encourages poor security practices
How to Opt Out of Twitter’s New Privacy Settings →
Et tu, Twitter?
IBM tells thousands of remote employees to come back to office or find new jobs →
New wine (remote work) doesn’t work well in old wineskins (IBM)
Being a Dev Dad →
Dev work and dad work doesn’t work
Let’s Encrypt is down →
Stupidly simple solutions snowball stressfully
Let them paste passwords →
Why preventing pasting passwords is dumb
Errors when installing OpenStack Newton on CentOS7 with packstack
Openstack neutron could not load … InterfaceDriver warnings are.. mostly harmless
Unless they’re a CRITICAL error, ignore the damn red herrings
DRBD on RHEL/CentOS 6 fails to sync with UnknownMandatoryTag error
Because error messages just ruin the surprise!
Why you suffer from “attention residue”
Do you find it hard to switch to a new task, leaving the previous task incomplete? There’s a term for that, and it’s got to do with how your brain works.
The impotence of social media
Your tweet… is a fart in a crowded room
Sabnzbd docker container updated, now includes sickbeard_mp4_automator
Easily post-process downloaded media for Plex Direct Play, subtitles, sorting, etc.
Export highlights and notes from side-loaded Kindle documents
Turn those highlights into something meaningful without text-formatting pain
AWS in Plain English
What Amazon should have called all those services
2016
You don’t learn from watching the news
Are you really better informed?
Putting in extra work is lazy and makes you less effective
Think you’re extra-committed by working late to catch up? It’s actually self-sabotage
Manual processes fail to scale.
Puny humans are puny.
Don’t let your judgement be clouded
Lessons learned from overreliance on cloud infrastructure
Disaster Recovery success story for Westpac NZ
There’s something satisfying about actually surviving the disaster you prepared for
Spacecraft and IT systems fail for the same reasons
Surprisingly common factors affect the failure of both
How instant messaging makes my life miserable
The pros and cons of always-on instant messaging
Lazy monitoring breaks stuff
Lack of planning in establishing monitoring can increase unreliability
Speak to the face
How human connection improves company culture
Separate production and dev
VMs are cheap. Outages are expensive.
Buy experiences, not gadgets
Your loot won’t make you happy, long-term
Electricity is hard. Test failure rigorously
In the Summary of the AWS Service Event in the Sydney Region, I read:
The importance of pre-proven communication channels during an emergency
Is anybody out there?
Humanitarian aid should be open sourced
Free as in speech
How FaceBook avoids office politics
Management is not a promotion
Why I won’t post about my kids on social media
Kids don’t appreciate your tweets
Why you need a guest wifi
This is a copy of a post I made at Medium.com, an experiment in distribution and exposure. It wasn’t very successful, so I’ve brought it back home to my blog.
Perl missing on CentOS 7 minimal install
When trying to install some Nagios plugins on my minimal CentOS 7 host, I was frustrated for a while when the plugins failed to run with errors about:
Book Review - Reclaiming Conversation - The Illusion of Multitasking
I recently completed reading Reclaiming Conversation: The Power of Talk in a Digital Age, by Sherry Turkle. Sherry’s position is that the classic, face-to-face conversation is critical to our personal development and communication, but we are dangerously close to abandoning conversation for the lure of digital efficiency and control.
Book Review - Reclaiming Conversation - Professional Development
I recently completed reading Reclaiming Conversation: The Power of Talk in a Digital Age, by Sherry Turkle. Sherry’s position is that the classic, face-to-face conversation is critical to our personal development and communication, but we are dangerously close to abandoning conversation for the lure of digital efficiency and control.
Book Review - Reclaiming Conversation - Family Development
I recently completed reading Reclaiming Conversation: The Power of Talk in a Digital Age, by Sherry Turkle. Sherry’s position is that the classic, face-to-face conversation is critical to our personal development and communication, but we are dangerously close to abandoning conversation for the lure of digital efficiency and control.
Book Review - Reclaiming Conversation - Personal Development
I recently completed reading Reclaiming Conversation: The Power of Talk in a Digital Age, by Sherry Turkle. Sherry’s position is that the classic, face-to-face conversation is critical to our personal development and communication, but we are dangerously close to abandoning conversation for the lure of digital efficiency and control.
2015
Allocate the same OpenVPN client IP across multiple OpenVPN server instances
Background
EQ (vs IQ) is important in tech leaders too
Assholery is not the only path to success
Deduplication with bacula using base jobs
Deduplicating common files across your bacula backups, using base jobs
Proxy one virtual host to another virtual host in Apache
We’ve had several reasons to use Apache’s ProxyPass features in the past, and a basic configuration (to redirect one website to another) is easy to find online.
Enable VLAN on WAN interface for Cisco SRP527W
Several years ago, I advised a friend of mine to buy the Cisco SRP527W, a SME DSL router with built-in voice capabilities. At the time, it was one of the supported devices for his broadband provider’s VOIP services.
openssl-1.0.1e-30 broke sendmail, mysql on rhel/centos 5/6
After being abruptly awakened on Saturday morning at 4am (nightly cron job for yum updates), we found that an upstream RHEL/CentOS update had changed the minimum acceptable length of DH keys to 768 bits.
Make mediawiki page names case insensitive, including semantic queries
Automatically create VLAN bridge interfaces for KVM on RHEL 5-6
At Prophecy, we make extensive use of KVM Virtualization on CentOS6. A VM host can have multiple bridge interfaces (each on a separate VLAN) on which we can run virtual machines.
Merge git forked repo with upstream changes
Merging upstream improvements into my forked repo turned out to be easier than I expected
Dockerized HTPC Suite (sabnzbd, couchpotato, nzbdrone, plex)
A “One Ring” to control a dockerized suite of HTPC apps, each in their own isolated container
Perform L3 adoption with UniFi Controller v4 (Dockerized)
Not quite as straightforward as it should be
Activating Windows Server Evaluation
No, you can’t just “activate” an Evaluation version
2014
Addons to improve Thunderbird (and make it less annoying)
My organization standardizes on Mozilla Thunderbird as our mail client of choice (partly because Mail.app is so deficient on OSX). It’s a bit crusty since Mozilla halted further development in 2012, but better the devil you know, right…?
IT Monitoring lessons learned from FCC report into 911 outage
IEEE Spectrum highlighted an FCC report into a 911 outage in April 2014, which resulted in over 11 million Americans.. or about three and half percent of the population of the United States, being at risk of not being able to reach emergency help through 911.
MacBook Air recommendation for cost-conscious newlyweds
A friend who recently got married asked for advice (below) on purchasing a MacBook Air, and I thought it might be useful to record my response here:
Do less to be more productive
In “Your organization sucks at innovating”, Shane Parrish discusses innovation (or lack thereof) within an organisation:
Engineers make poor managers
Update: after a back-and-forth with Lindsay, this post should more accurately be titled “Good engineer != good manager”
Working late (consistently) is a sign of failure
I recently enjoyed this article, in which Jeff Sutherland describes how working longer hours actually makes you less productive.
Bought a pebble watch, saved my brain
In “Buy a watch, save your brain”, I wrote about how I hoped to buy a wrist watch (at the time, it was the rumoured “iWatch”), and reduce the amount of distraction I caused myself each time I checked the time on my iPhone.
In defense of traditional work-life balance
I enjoyed Rian van der Merwe’s first column on A List Apart, in which he defends a traditional view of work-life balance. The following echoes my own policy - I try to be 100% at work during work hours, but afterwards, I’m 0% at work (crises and extraordinary circumstances excluded)
Watching video is harder than reading
This video complains that we’re getting ever worse at focusing our attention
Automatically reboot multiple Cisco 79xx phones
We’re upgrading our Asterisk PABX at the office soon, as as part of the preparation, I needed a way to automatically reboot about 20 Cisco 79xx IP phones.
Grab any of Packts geekbooks for $10 until July 5th
The folks at Packt Publishing asked me to mention that they’re having 10 years $10 special, to celebrate their 10-year anniversary. Their entire range of books (geared towards niche geek topics) are available for $10 each. This is a good opportunity to brush up on some rusty areas, or establish a new skillset.
Stumbling into what you love
You can’t be prepared enough for life before living it
Using a Foscam Pro and FI8909W as an iOS baby monitor
Review of Packt Publishing’s ESXi Cookbook
Because I previously authored a book on PHPList, I was asked by the folks at Packt Publishing to review their latest book, VMWare ESXi Cookbook. Review follows.
Carving your own path
I liked this point in the story of the development of Circa, my favorite news app:
Why financial incentives aren’t the optimal way to motivate your knowledge workers
In “The 6 Rules for Rewards”, Jurgen Appelo points out that extrinsic motivators (bonuses, etc) are far less powerful than intrinsic ones. He makes the bold statement that employee bonus schemes can actually reduce effectiveness.
Buy a watch, save your brain
Jeremy Vandehey points out in “This is your brain on mobile” that buying a watch can reduce the amount of time you spend distracted on your smartphone, since you won’t be whipping it out to check the time, only to repeat a few min later because you’ve forgotten. (this totally happens to me!) I’m holding out for the rumored iWatch before making any purchasing decisions though.
Making postie work with cron jobs, fails with wp-config.php outside of web root
I use the excellent Postie plugin to post to this blog via email. I’ve been battling for days to get it to automatically check the mailbox for new message though, and while I still haven’t got it working using WP-Cron (WordPress’ “pseudo-cron”), I’ve finally managed to get it working via a direct cron job.
The illusion of speed
An excerpt from the excellent Farnam Street Blog (below). I’m trying to be more intentional about how I spend my time, and be more “present in the moment”. I especially liked the following, re the difference that it makes to slow down, not considering all hours to be equal:
Confirmation Bias
I read Shane Parrish’s mental model on confirmation bias this evening, and found it resonated with me. I’ve notice that once I’ve struggled with a decision and come to a conclusion, then I find myself coming up with more and more reasons why my decision was the right one.
On the joys of Actually Reading
Against the author’s wishes, I’m sharing the article titled “Actually Reading”, a comment on the fact that we (I’m guilty of this) often appreciate an article for it social “sharability” rather than the value it adds to us.
Restart VRRP on JUNOS to fix master/master issues
I spent about 30 min this evening chasing a non-existing VRRP issue between 2 JUNOS SRX devices after a hardware drop-in replacement. One was configured as master, one as backup. Both were in the master status (normally indicating a lack of L2 connectivity), but each could ping the other on their interface address. The solution, ultimately, was to run restart vrrp gracefully on each router, which restored the expected master / backup behavior.
What we imply to our kids by the way we live
I enjoyed Minimalism with Kids, finding several point re minimalism and life in general which I intend to apply.
Copying SSH host private keys between JUNOS devices to when replacing hardware
A certain customer of mine is (rightly or wrongly) pedantic about security warnings. Recently, we did a hardware replacement of a JUNOS device (an SRX240 firewall). While the config was a drop-in replacement, users who tried to SSH to the host post-migration would normally see an SSH “host key has changed” warning. In this environment, we wanted to eliminate this friction (and stop training our users to ignore security warnings), so we copied the following from the old device:
Importing existing RAID devices into new Linux installation
Recently I had to rebuild a CentOS5 VM host as CentOS6. My VMs were stored on a RAID1 pair (seperate from the OS disks). To avoid any possibility of impacting the VM data during the re-installation, I removed the VM data disks from the host during the reinstall.
Sending tasks to Things.app via email
I stumbled across this useful hint on the Things forums which adds a feature to my workflow which I felt important enough to record here.
Monitoring OSX with Icinga / Nagios using NRPE
I have a fairly comprehensive Icinga monitoring platform monitoring my various linux hosts, but one area which has been lacking until now is the monitoring of the OSX Mavericks Mac Mini that I use for a home media center. Considering this is used by my family to watch TV/Movies, play music, and manage iPhoto, it’s arguably one of the most important hosts to monitor carefully. Of course, I could monitor its state (up or down) by pinging it from Icinga, but I wanted to know more than that. I’ve had issues in the past with running out of disk space on the host, and I’m all to familiar with the risks of 4-year-old hardware using spindled disks. This solution enables me to monitor the following on OSX with Icinga:
Monitoring Veeam Backup and Replication 7 with Icinga / Nagios
We’ve recently deployed a Veeam Backup and Replication 7 platform, and needed to monitor the ongoing success of the backup / replication jobs. I identified a plugin which does most of what’s required, but seems to have 2 current shortcomings: 1. In-progress jobs trigger false warnings 2. Date calculation doesn’t always work, and produces false warnings
Easy squid tricks and pranks with Vagrant
For April Fools this year, I decided to update my 2011 squid prank, and gain some experience using Vagrant at the same time. I rebuilt the entire environment using a Vagrantfile, which permits anybody to check out a few files and reproduce it. See https://github.com/funkypenguin/squidprank for the code.
2013
Solving vsftpd’s unsupported record version unknown 48.48 error
I use FTPS with vsftpd to update my WordPress plugins. This means that the wordpress files don’t need to be writeable by the webserver user, which adds another layer of protection and separation. I make FTPS available to localhost only, and force SSL encryption end-to-end.
Postfix config on OSX Mountain Lion (Server) not where you expect
I spent the better part of an hour wondering why my postfix main.cf config changes didn’t apply on a OSX Mountain Lion server. Turns out that because “OSX Server” no longer exists (it’s just Server.app now), the postfix files specific to the Mail component of the server now live at:
How to setup a Tor Relay (and why you should)
I just jumped in at the end of a conversation on App.net about the latest NSA revelation, the undermining of worldwide encryption standards for the benefit of the self-appointed world-police. @isaiah pointed out that we (geekdom in general) don’t get as excited about civilian casualties in Iraq, or unsanctioned drone strikes.
Allowed memory size of xxx bytes exhausted with WordPress on Debian
My Debian Squeeze host started having trouble performing WordPress 3.5 core or plugin updates – in the error logs, I’d see messages like:
2012
Fixed Cacti not displaying interfaces for HP 1810G switch
While implementing a new network for a customer, we took an existing HP 1810G 48-port switch under management. As per normal, we setup monitoring (Icinga) and graphing (Cacti), but while the switch responded to Cacti sysname polls (leading us to believe it was happy), it didn’t return any interface details, so we weren’t able to graph anything.
Workaround for the Cacti segmentation fault on CentOS5
Seems a little dumb, and I’m not sure how other distributions deal with it, but if you install Cacti from RPM on CentOS, and then browse to your /cacti/ directory via HTTP, you’ll find that it dies with a segmentation fault. You know this is you if every other website on your host works, but everytime you go to your /cacti/ URL, your browser reports that the site is totally unavailable (as if apache weren’t even running).
Clearing static nat on Cisco router
I was asked to change a incoming NAT translation on a Cisco router for a customer today - however since this NAT was used to deliver all their internal email, it was never not in use, and I got the standard message below when trying to clear it:
2011
April Fools Pranks with a Squid Proxy Server
Use Squid to turn the internet upside-down, change Google to Klingon
phpList 2 Email Campaign Manager
Tired of an e-mail BCC list that scrolls off the page, or fiddly and hard-to-manage bulk mailing systems? You need phpList – a high-powered, robust, feature-packed mailing system that will get out of your way and get the job done!
2009
Convert (liberate) Audible AAC files to MP3
I was an Audible subscriber for over 2 years, and although I’m no longer active on a plan, I still have 50+ books that I’ve legitimately purchased. Each of them, however, is locked to my Audible username and password. I don’t tolerate DRM where possible, and I’ve done enough system reloads / iPod upgrades to be frustrated at the need to authorize my new devices, and de-authorize my old ones. (and get Audible to reset my devices, since it’s impossible to de-authorize a dead computer!)
2008
Convert a .BIN file to .TRX for OpenWRT / DD-WRT
I recently had reason to convert the latest DD-WRT firmware .bin file to .trx format, so that I could manually flash my WRT54GL. Not wanting to risk it, I first converted the .bin image with the following command:
WP-PHPList
The WP-PHPlist plugin integrates PHPList into your Wordpress blog, giving you all the mailing list power of PHPList, within the beautiful styling, theme, and widgets of your Wordpress theme.
Protect your website with htaccess
While allowing individual IP addresses unrestricted access
Generate logs from your jabberd2 server using Bandersnatch
This tutorial attempts to guide the reader through the process of installing Bandersnatch for use with an existing Jabberd2 server.
Bandersnatch - The Jabber Logger
Bandersnatch is tool to log Jabber instant messaging traffic, and to generate meaningful usage statistics. Bandersnatch is designed for a corporate intranet environment. It is designed for administrators who wish to monitor the use / abuse of their Jabber servers.
2003
JACJ Manual
In preparing an author bio (harder than it sounds!) for a PHPList book I’ve been authoring, I dug up this old copy of a JAJC (a win32 jabber client) manual I wrote in 2003, using Docbook XML.