RealTechTalk (RTT) - Linux/Server Administration/Related

We have years of knowledge with technology, especially in the IT (Information Technology) industry. 

realtechtalk.com will always have fresh and useful information on a variety of subjects from Graphic Design, Server Administration, Web  Hosting Industry and much more.

This site will specialize in unique topics and problems faced by web hosts, Unix/Linux administrators, web developers, computer technicians, hardware, networking, scripting, web design and much more. The aim of this site is to explain common problems and solutions in a simple way. Forums are ineffective because they have a lot of talk, but it's hard to find the answer you're looking for, and as we know, the answer is usually not there. No one has time to scour the net for forums and read pages of irrelevant information on different forums/threads. RTT just gives you what you're looking for.

  • Linux Mint 18 Screen Goes Dark or Black After Screensaver or even when using the Desktop Solution


    You can search for this bug and it seems like it may be related to ecryptfs and is many years old.

    The symptoms are that you return to the computer and the screensaver was active or the screen was asleep/black and it doesn't seem to come back.  But you check by SSH the computer is running fine and are frustrated you'll lose your running programs and have to reboot.

    There is a simple solution:

    Ctrl + Alt + F1

    Ctrl + Alt + F8

    Basically you are switching to another virtual console/screen and then back to screen 8 which is your Desktop.  This removes the black screen and presents the login prompt and doesn't cause any loss of data or interruption to your session.

    This also works if you are using your computer normally and the screen becomes partially dark or very dark.  It seems related to the above bug.

    It may also be related to a bug in the Intel i915 driver but this issue seems to plague Nvidia and AMD users too.

     

    Some related syslog or dmesg errors you may see:

    mate-screensaver-dialog: pam_ecryptfs: seteuid error
    [    4.825400] [drm] RC6 on
    [15732.058803] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=172171 end=172172) time 100 us, min 894, max 899, scanline start 893, end 900
    [24966.142220] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=54325 end=54326) time 101 us, min 894, max 899, scanline start 893, end 900
    [252173.205297] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=33067 end=33068) time 102 us, min 894, max 899, scanline start 893, end 900
    [266867.040745] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=19806 end=19807) time 102 us, min 894, max 899, scanline start 893, end 900
    [266872.190787] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=20115 end=20116) time 102 us, min 894, max 899, scanline start 893, end 899
    [266873.174149] [drm:intel_pipe_update_end [i915_bpo]] *ERROR* Atomic update failure on pipe A (start=20174 end=20175) time 100 us, min 894, max 899, scanline start 893, end 900
    [370925.989870] [drm] stuck on render ring
    [370925.995049] [drm] GPU HANG: ecode 9:0:0x85dffffd, in Xorg [1562], reason: Engine(s) hung, action: reset
    [370925.995054] [drm] GPU hangs can indicate a bug anywhere in the entire gfx stack, including userspace.
    [370925.995056] [drm] Please file a _new_ bug report on bugs.freedesktop.org against DRI -> DRM/Intel
    [370925.995057] [drm] drm/i915 developers can then reassign to the right component if it's not a kernel issue.
    [370925.995059] [drm] The gpu crash dump is required to analyze gpu hangs, so please always attach it.
    [370925.995061] [drm] GPU crash dump saved to /sys/class/drm/card0/error
    [370925.998026] drm/i915: Resetting chip after gpu hang
    [370928.001884] [drm] RC6 on


  • iptables guide and examples and howto


    iptables allow port 22 example


    Of course change --dport and -s to suit your needs


    #allow certain IP to access port 22
     iptables -A INPUT -p tcp -m tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT


    # block others
    iptables -A INPUT -p tcp --dport 22 -j DROP


  • Postfix How To Change Sending IP Address To Specific IP Binding or Interface


    I thought I'd post this becuase there is some bad information out there.  Some guides tell you to edit /etc/postfix/master.cf (-o smtp_bind_address=) but this doesn't work.  The same guide also says if you don't change it there you end up changing the listening IP/bind interface which is also not true.

    Here is a simple and effective way to change Postfix's sending/binding/outgoing IP address (very important for reverse DNS and so mail servers don't block you):

    vi /etc/postfix/main.cf

    #add this option

    smtp_bind_address=192.168.5.80

    *Obviously change the 192.168.5.80 to the outgoing address you want to use for Postfix


  • How to qemu-kvm enable bridged networking in Debian Ubuntu Linux Mint on KVM containers


    I've read a few guides about this but they didn't work for me.


    sudo apt-get install bridge-utils

    #don't think the above is enough it won't work still even though you have by default an /etc/qemu-ifup that handles it if you have the right tools and setup
    sudo qemu-system-x86_64 -net tap -net nic -enable-kvm -cpu host,vmx=on ~/VirtualBox VMs/vsphere-vcenter/vsphere-vcenter.vdi
    W: /etc/qemu-ifup: no bridge for guest interface found


    vi /etc/networking/interfaces

    Add the following br0 adapter and make sure you replace eth0 with your network adapter name such as "enp3s0"


    auto br0
    iface br0 inet dhcp
    bridge_ports eth0
    bridge_stp off
    bridge_maxwait 0
    bridge_fd 0

     

    #restart your network/networking

    sudo service networking restart


    sudo qemu-system-x86_64 -m 11G -net tap -net nic -enable-kvm -cpu host,vmx=on ~/VirtualBox VMs/vsphere-vcenter/vsphere-vcenter.vdi

    There is no more error or complaint about no bridge interface being found not that we've installed bridge utils and created a br0 bridge.


  • VirtualBox Nested Virtual Machine Containers with KVM Not Working no SVM or VMX module in the guest


    I can't get vmx cpu extensions to show up in Virtualbox guests despite enabling nested paging and

    enable vmx in virtualbox guest but this doesn't help that you check VT-X or the AMD Virtualization SVM it enables it for the guest to use BUT does not pass it through.  This means if you check cat /proc/cpuinfo in the guest you will see the CPU doesn't support virtualization.  It looks like VirtualBox still hasn't implemented this!

    But there is good news I was able to install qemu-kvm and run straight from the VirtualBox .vdi directly and also enable the nested virtualization no problem.

    #it looks like it is just not supported it's just easier to use KVM directly on the .vdi file!

    qemu-system-x86_64 -enable-kvm -cpu host,vmx=on ~/VirtualBox VMs/test/test.vdi

    Virtualbox is a great project and way for virtualizing but it is disappointing that they don't just pass through the virtualization CPU flags for nesting.


  • VSphere InternalServerError - Error When Adding Permissions


    InternalServerError (com.vmware.vapi.std.errors.internal_server_error) => {
    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => {
    id = vapi.bindings.method.impl.unexpected,
    defaultMessage = Provider method implementation threw unexpected exception: com.vmware.vapi.std.errors.InternalServerError,
    args = [com.vmware.vapi.std.errors.InternalServerError]
    }],
    data = <null>
    }

    I was getting the error but it almost seemed delayed as if it were from the previous operation a minute before and not the current.  You can just refresh and try again but it seems like a bug.  The permissions show they have applied but hopefully they really have and nothing is broken!


  • NFS Share Won't Mount Solution - mount: wrong fs type, bad option, bad superblock on 10.10.2.20:/tmp/nfsmount


    nfs mount failed:

    mount 10.10.2.20:/tmp/nfsmount /mnt/nfs/
    mount: wrong fs type, bad option, bad superblock on 10.10.2.20:/tmp/nfsmount,
           missing codepage or helper program, or other error
           (for several filesystems (e.g. nfs, cifs) you might
           need a /sbin/mount.<type> helper program)
           In some cases useful info is found in syslog - try
           dmesg | tail  or so

    In this case the client machine didn't have nfs-utils installed!  You would think that when trying to mount that the error would indicate this!


    yum -y install nfs-utils

    So make sure you have nfs client utilities installed on the machine you are trying to mount the nfs share from!


  • OVF Tool: Error: Task failed on server: This host does not support Intel VT-x. VMWare VCenter install On ESXi ERror


    Intel VT-X is enabled in Virtualbox but it doesn't seem to pass through the needed vmx extension despite the following variables on the host confirming it is enabled:

    cat /sys/module/kvm_intel/parameters/nested
    Y
    cat /sys/module/kvm_intel/parameters/ept
    Y

     

     

    OVF Tool: Disk progress: 99%
    OVF Tool: Transfer Completed
    OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance-
    OVF Tool: Task progress: 0%
    OVF Tool: Task Failed
    OVF Tool: Error: Task failed on server: This host does not support Intel VT-x.
    OVF Tool: Error: Fault cause: vim.fault.InvalidState
    OVF Tool: Completed with errors
    Deployment failed. OVF Tool return error code: 1
    Proceed with certificate thumbprint check...
    The certificate for server '192.168.1.54' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables
    verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified.
    Failed to collect support bundle from appliance because: Cannot gather support logs because the appliance was not power on.
    =========================================================================== [FAILED] Task: Deploying vCenter Server Appliance execution failed at 19:34:28
    ===========================================================================
    ======================================================================================================================================================================================================
    Error message: com.vmware.vcsa.installer.ovf.deploy_appliance: ApplianceDeploymentTask: Caught an exception Deployment failed. O

    VF Tool return error code: 1
    ============================================================================================== 19:34:29 ==============================================================================================
    Result and Log File Information...


  • Install NFS (Network File System) On Debian Linux Ubuntu Mint Howto


    sudo apt-get install nfs-kernel-server  #oops there are no exports so it won't startsudo /etc/init.d/nfs-kernel-server start
     * Not starting NFS kernel daemon: no exports.
    #we will use the /tmp/nfstestshare directory for our NFS share
    

    mkdir /tmp/nfstestshare

    #add it to /etc/exports (basically what NFS checks to determine what to make an NFS share)

    /tmp/nfstestshare 192.168.1.5(rw,sync,no_root_squash)

    As you can see the brackets take 3 variables as follows:

    1. ro (readonly) or rw (readwrite)
    2. sync means no changes to the directory until changes are committed
    3. no_root_squash allows root to access the directory
    sudo /etc/init.d/nfs-kernel-server start

  • Relocating modules and starting up the kernel - VMWare ESXi 6.7 Error and Solution


    I had this error in an unsupported CPU on VMWare 6.7 and apparently this sometimes works especially on older VMWare versions like 6.5 5.5 etc (but in my case it did not).

    1. To make sure it proceed when you see "Loading VMWare"
    2. Hit "Shift+O"
    3. Then add "ignoreHeadless=TRUE"

    See an example below:

    Usually it will get you past the mentioned screen but may fail with other errors such as an Unsupported CPU.


  • VMWare 6.7 VCSA VSphere ESXi Management SSO Install Guide on Linux using the CLI


    #mount the VCSA DVD
    mount /dev/sr0 /mnt/cd
    #alternatively you could mount the iso directly
    mount -o loop vcsa.iso /your/mount/path

    #for this purpose we are using the CLI installer on Linux
    cd /mnt/cd/vcsa-cli-installer/lin64

    #no it's not going to be that easy you can't just run vcsa-deploy like that you need to use a template or configured .json file
    ./vcsa-deploy
    Usage: vcsa-deploy [-h] [--version] [--supported-deployment-sizes]
                       {install,upgrade,migrate} ...
    For descriptions of valid options, use:
        $ vcsa-deploy --help

    vcsa-deploy: error: Too few arguments. The required arguments are not provided. Retry the command following the usage instructions.

    #seriously just telling it to install is not enough

    ./vcsa-deploy install
    Previous versions of this script defaulted to 'install' when no subcommand was specified. Running without a subcommand is no longer allowed. Specify 'install' as a subcommand if you want to run installation. Usage: vcsa-deploy install [-h] [--template-help] [--log-dir LOG_DIR]
                               [--skip-ovftool-verification] [--accept-eula]
                               [--acknowledge-ceip] [--pause-on-warnings]
                               [--operation-id OPERATION_ID] [-v | -t]
                               [--no-esx-ssl-verify | --no-ssl-certificate-verification]
                               [--verify-template-only | --precheck-only]
                               template [template ...]
    For descriptions of valid options, use:
        $ vcsa-deploy install --help

    vcsa-deploy install: error: the following arguments are required: template



    ./vcsa-deploy install --accept-eula --no-esx-ssl-verify /path/to/yourconfig.json

    #there are preconfigured .json templates here:

    ls /mnt/cd/vcsa-cli-installer/templates/install

    embedded_vCSA_on_ESXi.json              PSC_first_instance_on_VC.json
    embedded_vCSA_on_VC.json                PSC_replication_on_ESXi.json
    embedded_vCSA_replication_on_ESXi.json  PSC_replication_on_VC.json
    embedded_vCSA_replication_on_VC.json    vCSA_on_ESXi.json
    PSC_first_instance_on_ESXi.json         vCSA_on_VC.json

    Before getting started make sure your ESXi 6.7 Host Meets The Requirements for RAM, CPU and Storage

    source credit: http://vcdx56.com/2018/04/vmware-vcenter-server-6-7-resource-requirements/

    http://vcdx56.com/2016/12/vmware-vsphere-vcenter-server-6-5-appliance-deployment-using-cli/

    Deployment Size vCPUs RAM (GB)
    Tiny 2 10
    Small 4 16
    Medium 8 24
    Large 16 32
    X-Large 24 48

    Compute requirements per Deployment Size

    The below table lists the ESXi host and VM capacity per vCSA 6.5 deployment size

    Deployment Size ESXi Hosts VMs
    Tiny 10 100
    Small 100 1 000
    Medium 400 4 000
    Large 1 000 10 000
    X-Large 2 000 35 000

    Storage requirements per Deployment Size

    The below table lists the storage requirements per deployment size

    Deployment Size Storage Size Default (GB) Storage Size Large (GB) Storage Size Large (GB)
    Tiny 250 775 1 650
    Small 290 820 1 700
    Medium 425 925 1 805
    Large 640 990 1 870
    X-Large 980 1030 1 910

     

    Here is a description from the VMWare site of what they do:

     

     

    Deployment JSON Templates Included in the vCenter Server Appliance Installer

    Location

    Template

    Description

    vcsa-cli-installertemplatesinstall

    embedded_vCSA_on_ESXi.json

    Contains the minimum configuration parameters that are required for deployment of a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.

    embedded_vCSA_on_VC.json

    Contains the minimum configuration parameters that are required for deployment of a vCenter Server Appliance with an embedded Platform Services Controller on a vCenter Server instance.

    embedded_vCSA_replication_on_ESXi.json

    Contains the minimum configuration parameters that are required for deployment of a vCenter Server Appliance with an embedded Platform Services Controller as a replication partner to another embedded vCenter Server Appliance on an ESXi host.

    embedded_vCSA_replication_on_VC.json

    Contains the minimum configuration parameters that are required for deployment of a vCenter Server Appliance with an embedded Platform Services Controller as a replication partner to another embedded vCenter Server Appliance on a vCenter Server instance.

    PSC_first_instance_on_ESXi.json

    Contains the minimum configuration parameters that are required for deployment of a Platform Services Controller appliance as the first instance in a new vCenter Single Sign-On domain on an ESXi host.

    PSC_first_instance_on_VC.json

    Contains the minimum configuration parameters that are required for deployment of a Platform Services Controller appliance as the first instance in a new vCenter Single Sign-On domain on a vCenter Server instance.

    PSC_replication_on_ESXi.json

    Contains the minimum configuration parameters that are required for deployment of a Platform Services Controller appliance joining an existing vCenter Single Sign-On domain on an ESXi host.

    PSC_replication_on_VC.json

    Contains the minimum configuration parameters that are required for deployment of a Platform Services Controller appliance joining an existing vCenter Single Sign-On domain on a vCenter Server instance.

    vCSA_on_ESXi.json

    Contains the minimum configuration parameters that are required for deployment of a vCenter Server Appliance with an external Platform Services Controller on an ESXi host.

    vCSA_on_VC.json

    Contains the minimum configuration parameters that are required for deployment of a vCenter Server Appliance with an external Platform Services Controller on a vCenter Server instance.


     

    For most people they will probably choose the smartly placed #1 .json option on VMWare's list as it applies to the most use cases I would think:

     

    embedded_vCSA_on_ESXi.json

    Contains the minimum configuration parameters that are required for deployment of a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.

    In plain English you have an ESXi host and want to setup the vSphere/vCenter management off the same server.

    OK think you're ready now?

     

    ./vcsa-deploy install --accept-eula --no-esx-ssl-verify /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json


    Run the installer with "-v" or "--verbose" to log detailed information
    Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-10-od3jvta8/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-10-od3jvta8/workflow_1531375823977/vcsa-cli-installer.log.bak'
    Workflow log-dir
    /tmp/vcsaCliInstaller-2018-07-12-06-10-od3jvta8/workflow_1531375823977
    ====== [START] Start executing Task: To validate CLI options at 06:10:24 ======
    Deprecation Warning: The command parameter '--no-esx-ssl-verify' is deprecated.
    You must use the new parameter '--no-ssl-certificate-verification' in the next
    deployment.
    template
    '/mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json' has
    ceip_enabled set to True, but the command line doesn't have --acknowledge-ceip.
    You must pass in the --acknowledge-ceip command line option to confirm your
    acknowledgement about your VMware Customer Experience Improvement Program (CEIP)
    participation.
    ================ [FAILED] Task: CLIOptionsValidationTask: Executing CLI
    optionsValidation task execution failed at 06:10:24 ================
    ================================================================================
    Error message: com.vmware.vcsa.installer.template.cli_argument_validation:
    template
    '/mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json' has
    ceip_enabled set to True, but the command line doesn't have --acknowledge-ceip.
    You must pass in the --acknowledge-ceip command line option to confirm your
    acknowledgement about your VMware Customer Experience Improvement Program (CEIP)
    participation.
    =================================== 06:10:24 ===================================
    Result and Log File Information...
    WorkFlow log directory:
    /tmp/vcsaCliInstaller-2018-07-12-06-10-od3jvta8/workflow_1531375823977
     

    Let's try it again oops we have used some deprecated stuff since VMWare 6.7 is a new beast!


    ./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json 

     

    What went wrong?

     

    ./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json
    Run the installer with "-v" or "--verbose" to log detailed information
    Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-12-7_cs0okb/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-12-7_cs0okb/workflow_1531375934346/vcsa-cli-installer.log.bak'
    Workflow log-dir /tmp/vcsaCliInstaller-2018-07-12-06-12-7_cs0okb/workflow_1531375934346
    ================================================================= [START] Start executing Task: To validate CLI options at 06:12:14 =================================================================
    Command line arguments verfied.
    ======================= [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 06:12:14 =======================
    ========================================================= [START] Start executing Task: To validate the syntax of the template. at 06:12:14 =========================================================
    Template syntax validation for template '/mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json' succeeded.
    Syntax validation for all templates succeeded.
    ======================= [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 06:12:14 =======================
     [START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard
    at 06:12:15
    Template version processing for template '/mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json' succeeded.
    Version processing for all templates succeeded.
    ====================== [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 06:12:15 ======================
    ============================ [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 06:12:15 ============================
    The entered password for new_vcsa sso password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
    lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
    Section 'new_vcsa', subsection 'network', property 'ip' validation failed: Expected 4 octets in ''
    Section 'new_vcsa', subsection 'network', property 'system_name' validation failed: Given hostname '' is neither IPv4, IPv6 nor an
    FQDN
    Section 'new_vcsa', subsection 'network', property 'dns_servers' validations failed: Expected 4 octets in ''
    Section 'new_vcsa', subsection 'network', property 'gateway' validation failed: Expected 4 octets in ''
    An invalid value was encountered in section 'new_vcsa', subsection 'network', property 'prefix'. The network prefix must be a positive integer
    Cannot obtain a valid ESXi/vCenter hostname from the template. Make sure a valid hostname is provided for the key 'hostname' under the section 'new_vcsa', section 'esxi' or 'vc'.
    Section 'new_vcsa', subsection 'esxi', field 'hostname' validation failed: Given hostname '' is neither IPv4, IPv6 nor an
    FQDN
    The entered password for new_vcsa os password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
    lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
    Template structure validation failed for template /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json.
    The value '******' of the key 'password' in section 'new_vcsa', subsection 'sso' is invalid. Correct the value and rerun the script.
    The value '' of the key 'ip' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
    The value '' of the key 'system_name' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the
    script.
    The value '' of the key 'dns_servers' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
    The value '' of the key 'gateway' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
    The value ' 255.255.255.0, there are 24 bits in the binary version of the subnet mask, so the prefix length is 24. if used, the values must be in the inclusive range of 0 to 32 for ipv4 and 0 to 128 for ipv6.>'
    of the key 'prefix' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
    The value 'ipv4' of the key 'ip_family' in section 'new_vcsa', subsection 'network' is invalid. Correct the value and rerun the script.
    The value '' of the key 'hostname' in section 'new_vcsa', subsection 'esxi' is invalid. Correct the value and rerun the
    script.
    The value '******' of the key 'password' in section 'new_vcsa', subsection 'os' is invalid. Correct the value and rerun the script.
    =========================================================================== [FAILED] Task: StructureValidationTask: Executing Template Structure Validation task execution failed at 06:12:15
    ===========================================================================
    ======================================================================================================================================================================================================
    Error message: com.vmware.vcsa.installer.template.structure_validation: Template structure validation failed for template /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json.
    ============================================================================================== 06:12:15 ==============================================================================================
    Result and Log File Information...
    WorkFlow log directory: /tmp/vcsaCliInstaller-2018-07-12-06-12-7_cs0okb/workflow_1531375934346
     

    We have to edit our .json template first

    cp /mnt/cd/vcsa-cli-installer/templates/install/embedded_vCSA_on_ESXi.json /tmp/


    {
        "__version": "2.13.0",
        "__comments": "Sample template to deploy a vCenter Server Appliance with an embedded Platform Services Controller on an ESXi host.",
        "new_vcsa": {
            "esxi": {
                "hostname": "",
                "username": "root",
                "password": " ",
                "deployment_network": "VM Network",
                "datastore": ""
            },
            "appliance": {
                "__comments": [
                    "You must provide the 'deployment_option' key with a value, which will affect the VCSA's configuration parameters, such as the VCSA's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
                ],
                "thin_disk_mode": true,
                "deployment_option": "small",
                "name": "Embedded-vCenter-Server-Appliance"
            },
            "network": {
                "ip_family": "ipv4",
                "mode": "static",
                "ip": "",
                "dns_servers": [
                    ""
                ],
                "prefix": "",
                "gateway": "",
                "system_name": ""
            },
            "os": {
                "password": "",
                "ntp_servers": "time.nist.gov",
                "ssh_enable": false
            },
            "sso": {
                "password": "",
                "domain_name": "vsphere.local"
            }
        },
        "ceip": {
            "description": {
                "__comments": [
                    "++++VMware Customer Experience Improvement Program (CEIP)++++",
                    "VMware's Customer Experience Improvement Program (CEIP) ",
                    "provides VMware with information that enables VMware to ",
                    "improve its products and services, to fix problems, ",
                    "and to advise you on how best to deploy and use our ",
                    "products. As part of CEIP, VMware collects technical ",
                    "information about your organization's use of VMware ",
                    "products and services on a regular basis in association ",
                    "with your organization's VMware license key(s). This ",
                    "information does not personally identify any individual. ",
                    "Additional information regarding the data collected ",
                    "through CEIP and the purposes for which it is used by ",
                    "VMware is set forth in the Trust & Assurance Center at ",
                    "http://www.vmware.com/trustvmware/ceip.html . If you ",
                    "prefer not to participate in VMware's CEIP for this ",
                    "product, you should disable CEIP by setting ",
                    "'ceip_enabled': false. You may join or leave VMware's ",
                    "CEIP for this product at any time. Please confirm your ",
                    "acknowledgement by passing in the parameter ",
                    "--acknowledge-ceip in the command line.",
                    "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
                ]
            },
            "settings": {
                "ceip_enabled": true
            }
        }
    }

    #after editing the above make sure you run the install again but point to the /tmp .json file:

     

    ./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /tmp/embedded_vCSA_on_ESXi.json
     

     

     

     

     

    Run the installer with "-v" or "--verbose" to log detailed information
    Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-37-r4wnppls/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-37-r4wnppls/workflow_1531377437847/vcsa-cli-installer.log.bak'
    Workflow log-dir /tmp/vcsaCliInstaller-2018-07-12-06-37-r4wnppls/workflow_1531377437847
    ================================================================= [START] Start executing Task: To validate CLI options at 06:37:18 =================================================================
    Command line arguments verfied.
    ======================= [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 06:37:18 =======================
    ========================================================= [START] Start executing Task: To validate the syntax of the template. at 06:37:18 =========================================================
    Template syntax validation for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
    Syntax validation for all templates succeeded.
    ======================= [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 06:37:18 =======================
     [START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard
    at 06:37:18
    Template version processing for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
    Version processing for all templates succeeded.
    ====================== [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 06:37:18 ======================
    ============================ [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 06:37:18 ============================
    The entered password for new_vcsa sso password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
    lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
    The entered password for new_vcsa os password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
    lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
    Template structure validation failed for template /tmp/embedded_vCSA_on_ESXi.json.
    The value '******' of the key 'password' in section 'new_vcsa', subsection 'sso' is invalid. Correct the value and rerun the script.
    The value '******' of the key 'password' in section 'new_vcsa', subsection 'os' is invalid. Correct the value and rerun the script.
    The key 'system_name' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
    The key 'dns_servers' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
    The key 'gateway' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
    The key 'prefix' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.
    The key 'ip' in section 'new_vcsa' subsection 'network' is required. Its value cannot be null or empty.

    =========================================================================== [FAILED] Task: StructureValidationTask: Executing Template Structure Validation task execution failed at 06:37:19
    ===========================================================================
    ======================================================================================================================================================================================================
    Error message: com.vmware.vcsa.installer.template.structure_validation: Template structure validation failed for template /tmp/embedded_vCSA_on_ESXi.json.
    ============================================================================================== 06:37:19 ==============================================================================================
    Result and Log File Information...
    WorkFlow log directory: /tmp/vcsaCliInstaller-2018-07-12-06-37-r4wnppls/workflow_1531377437847
     

    #no luck so far

     

    ./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /tmp/embedded_vCSA_on_ESXi.json
    Run the installer with "-v" or "--verbose" to log detailed information
    Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-45-f3v4sgw5/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-45-f3v4sgw5/workflow_1531377957356/vcsa-cli-installer.log.bak'
    Workflow log-dir /tmp/vcsaCliInstaller-2018-07-12-06-45-f3v4sgw5/workflow_1531377957356
    ================================================================= [START] Start executing Task: To validate CLI options at 06:45:57 =================================================================
    Command line arguments verfied.
    ======================= [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 06:45:57 =======================
    ========================================================= [START] Start executing Task: To validate the syntax of the template. at 06:45:57 =========================================================
    Template syntax validation for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
    Syntax validation for all templates succeeded.
    ======================= [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 06:45:57 =======================
     [START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard
    at 06:45:58
    Template version processing for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
    Version processing for all templates succeeded.
    ====================== [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 06:45:58 ======================
    ============================ [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 06:45:58 ============================
    The entered password for new_vcsa sso password does not meet the requirements. The password must be between 8 characters and 20 characters long. It must also contain at least one uppercase and
    lowercase letter, one number, and one character from '!"#$%&'()*+,-./:;<=>?@[]^_`{|}~' and all characters must be ASCII. Space is not allowed in password.
    Template structure validation failed for template /tmp/embedded_vCSA_on_ESXi.json.
    The value '******' of the key 'password' in section 'new_vcsa', subsection 'sso' is invalid. Correct the value and rerun the script.
    =========================================================================== [FAILED] Task: StructureValidationTask: Executing Template Structure Validation task execution failed at 06:45:58
    ===========================================================================
    ======================================================================================================================================================================================================
    Error message: com.vmware.vcsa.installer.template.structure_validation: Template structure validation failed for template /tmp/embedded_vCSA_on_ESXi.json.
    ============================================================================================== 06:45:58 ==============================================================================================
    Result and Log File Information...
    WorkFlow log directory: /tmp/vcsaCliInstaller-2018-07-12-06-45-f3v4sgw5/workflow_1531377957356
    [root@vsphere-center lin64]# vi /tmp/embedded_vCSA_on_ESXi.json
    [root@vsphere-center lin64]# ./vcsa-deploy install --no-ssl-certificate-verification --acknowledge-ceip --accept-eula /tmp/embedded_vCSA_on_ESXi.json
    Run the installer with "-v" or "--verbose" to log detailed information
    Updating log file location, copying '/tmp/vcsaCliInstaller-2018-07-12-06-46-8qv_x80w/vcsa-cli-installer.log' to desired location as a backup: '/tmp/vcsaCliInstaller-2018-07-12-06-46-8qv_x80w/workflow_1531377985688/vcsa-cli-installer.log.bak'
    Workflow log-dir /tmp/vcsaCliInstaller-2018-07-12-06-46-8qv_x80w/workflow_1531377985688
    ================================================================= [START] Start executing Task: To validate CLI options at 06:46:25 =================================================================
    Command line arguments verfied.
    ======================= [SUCCEEDED] Successfully executed Task 'CLIOptionsValidationTask: Executing CLI optionsValidation task' in TaskFlow 'template_validation' at 06:46:25 =======================
    ========================================================= [START] Start executing Task: To validate the syntax of the template. at 06:46:26 =========================================================
    Template syntax validation for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
    Syntax validation for all templates succeeded.
    ======================= [SUCCEEDED] Successfully executed Task 'SyntaxValidationTask: Executing Template Syntax Validation task' in TaskFlow 'template_validation' at 06:46:26 =======================
     [START] Start executing Task: To check the version of each template, and for each older template that supports CEIP, convert it to the latest template format, and save it to the Template Blackboard
    at 06:46:26
    Template version processing for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
    Version processing for all templates succeeded.
    ====================== [SUCCEEDED] Successfully executed Task 'VersionProcessingTask: Executing Template Version Processing task' in TaskFlow 'template_validation' at 06:46:26 ======================
    ============================ [START] Start executing Task: To validate the template structure against the rules specified by a corresponding template schema. at 06:46:26 ============================
    Template structure validation for template '/tmp/embedded_vCSA_on_ESXi.json' succeeded.
    Structure validation for all templates succeeded.
    ==================== [SUCCEEDED] Successfully executed Task 'StructureValidationTask: Executing Template Structure Validation task' in TaskFlow 'template_validation' at 06:46:27 ====================
     [START] Start executing Task: To create a dependency graph for the provided templates, with an edge pairing two templates that are dependent on each other. Such graph relationships will affect
    whether certain templates can be deployed in parallel, or must be deployed sequentially. at 06:46:27
    Dependency processing for all templates succeeded.
    =================== [SUCCEEDED] Successfully executed Task 'DependencyProcessingTask: Executing Template Dependency Processing task' in TaskFlow 'template_validation' at 06:46:27 ===================
    ================================================== [START] Start executing Task: Validate that requirements are met in the source VCSA. at 06:46:29 ==================================================
    InstallRequirementCollector: Reached gathering requirement
    ============================== [SUCCEEDED] Successfully executed Task 'SrcRequirementTask: Running SrcRequirementTask' in TaskFlow 'embedded_vCSA_on_ESXi' at 06:46:29 ==============================
    ================================================================= [START] Start executing Task: Perform precheck tasks. at 06:46:30 =================================================================
    ========================================== [START] Start executing Task: Verify that the provided credentials for the target ESXi/VC are valid at 06:46:30 ==========================================
    Proceed with certificate thumbprint check...
    The certificate for server '192.168.1.54' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables
    verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified.
    =========================================== [SUCCEEDED] Successfully executed Task 'Running precheck: TargetCredentials' in TaskFlow 'install' at 06:46:31 ===========================================
    ============================================= [START] Start executing Task: Precheck CPU, memory and datastore size requirements for a host. at 06:46:31 =============================================
    Proceed with certificate thumbprint check...
    The certificate for server '192.168.1.54' will not be verified because you have provided either the '--no-ssl-certificate-verification' or '--no-esx-ssl-verify' command parameter, which disables
    verification for all certificates. Remove this parameter from the command line if you want server certificates to be verified.
    The VCSA 'Embedded-vCenter-Server-Appliance' requires hardware virtualization support from the ESXi host 'localhost.localdomain'. You are recommended to check the BIOS settings of the ESXi host for
    hardware virtualization support before proceeding.
    =========================================================================== [FAILED] Task: Running precheck: HostConfigs execution failed at 06:46:37
    ===========================================================================
    ======================================================================================================================================================================================================
    =========================================================================== [FAILED] Task: PrecheckTask: Running prechecks. execution failed at 06:46:37
    ===========================================================================
    ======================================================================================================================================================================================================
    Error message: com.vmware.vcsa.installer.prechecks: com.vmware.vcsa.installer.prechecks.host_configs: The deployment size selected by user's template for the VCSA 'Embedded-vCenter-Server-Appliance'
    is 'small', which requires 4 CPUs while the ESXi host 'localhost.localdomain' has 2 physical CPUs (cores) available. Choose a different deployment option for the VCSA, or use a different ESXi host,
    or provide more CPUs for the ESXi. Deployment size selected by user's template for the VCSA 'Embedded-vCenter-Server-Appliance' is 'small', which requires 16 GB of memory. That exceeds the total
    memory of 4 GB of the ESXi host 'localhost.localdomain'. Choose a different deployment option for the VCSA. The capacity of datastore 'datastore1' (3.0 GB) in host 'localhost.localdomain' is less
    than the minimum size required (25 GB). Use a different datastore, or increase the datastore size above the required minimum.
    ============================================================================================== 06:46:38 ==============================================================================================
    Result and Log File Information...
    WorkFlow log directory: /tmp/vcsaCliInstaller-2018-07-12-06-46-8qv_x80w/workflow_1531377985688
     

     #now the server seems to die or at least the NIC during the install process

     

    OVF Tool: Opening OVA source:
    /mnt/cd/vcsa-cli-installer/lin64/../../vcsa/VMware-vCenter-Server-Appliance-6.7.0.12000-8832884_OVF10.ova
    OVF Tool: Opening VI target: vi://root@192.168.1.54:443/
    OVF Tool: Deploying to VI: vi://root@192.168.1.54:443/
    OVF Tool: Disk progress: 99%
    OVF Tool: Transfer Completed
    OVF Tool: Powering on VM: Embedded-vCenter-Server-Appliance-
    OVF Tool: Task progress: 58%
    OVF Tool: Task Completed
    OVF Tool: Waiting for IP address...Error: Operation was canceled
    OVF Tool: Error: No route to host
    Deployment failed. OVF Tool return error code: 1
     


    It's not so much that it fails to install but rather that once the vcenter appliance starts for some reason the network stops working.  Restarting the network does not help either.

    When starting the Virtual Appliance the last thing on the console I can see is:

    Started Network Time Servce:
    [ *** ] (2 of 2) A start job is running for Initial c...metadata service crawler) (21s /no limit)

     

     


  • Hard Drive Serial Number Examples


    The reason for this article is because a lot of us don't physically see our hard drives they are often remote in a datacenter etc and the actual serial number we see in SMART is not enough to check for some manufacturers.

    A good example is our first one the Toshiba

    === START OF INFORMATION SECTION ===
    Device Model:     TOSHIBA DT01ACA200
    Serial Number:    33FMDW4AS

    If you enter the serial in Toshiba's site above: https://myapps.taec.toshiba.com/myapps/admin/jsp/webrma/addRequest1NoLogin.jsp

    You will get the following result:

      33FMDW4AS     Warranty could not be determined for this Non-HDD serial number. If you have any questions you may contact Toshiba at 1-855-898-1905.

    That is  because you are missing the "TZ5" at the end.  See when you add the TZ5.

    33FMDW4ASTZ5 HDKPC09A0A01S Out Of Warranty Out of warranty. Exp Date: 2015/03/26

    Hard Drive Full Serial List Examples

    The format will be that the extra characters before or after the serial number are what you have to add on your own.

    Device Model:     TOSHIBA DT01ACA200
    Serial Number:    33FMDW4AS
    TZ5

    Device Model:     TOSHIBA MG03ACA200
    Serial Number:    Z4JAK5C8FVD2
     



  • vino server error cannot login


    10/07/2018 03:05:14 PM [IPv4] Got connection from client10.10.25.1
    10/07/2018 03:05:14 PM   other clients:
    10/07/2018 03:05:14 PM Client Protocol Version 3.7
    10/07/2018 03:05:14 PM Advertising security type 18
    10/07/2018 03:05:14 PM Client returned security type 18
    10/07/2018 03:05:14 PM TLS Handshake failed: Could not negotiate a supported cipher suite.
    10/07/2018 03:05:14 PM Client10.10.25.1 gone
    10/07/2018 03:05:14 PM Statistics:
    10/07/2018 03:05:14 PM   framebuffer updates 0, rectangles 0, bytes 0
    10/07/2018 03:05:16 PM [IPv4] Got connection from client10.10.25.1
    10/07/2018 03:05:16 PM   other clients:
    10/07/2018 03:05:17 PM rfbProcessClientProtocolVersion: not a valid RFB client
    10/07/2018 03:05:17 PM Client10.10.25.1 gone
    10/07/2018 03:05:17 PM Statistics:
    10/07/2018 03:05:17 PM   framebuffer updates 0, rectangles 0, bytes 0

     


  • OpenVPN auth-user-pass-verify ENV script error


    Starting with newer versions of OpenVPN I believe 2.2+ you need to have "script-security 3" set or you can't execute a third party script.

    Prior to that you could also use the auth-user-pass-verify like this:

    auth-user-pass-verify ./validate.pl "$username $password $ip" via-env

    Options error: the --auth-user-pass-verify directive should have at most 2 parameters.  To pass a list of arguments as one of the parameters, try enclosing them in double quotes ("").

    However this no longer works.  The way env works no longer gives you the variables as variables that you can pass as arguments.

    It now works as normal so for example in a shell script you call from OpenVPN.

    Just referencing $username and $password gives you the login information the user sent.  This seems to have taken effect in version 2.3 or 2.4 or possibly even 2.2


  • OpenVPN error ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)


    This basically means that you are running as non-root and you need to be root to create the tun0 or tap0 device on OpenVPN.  You could try sudo or adding the openvpn binary to the list of sudoers.


  • Howto install ioncube loader to PHP by Zend


    First of all download the raw .so file from zend:

    Copy the one relevant to your PHP version to  /usr/lib64/php/modules/

    eg.: cp ioncube_loader_lin_5.3.so /usr/lib64/php/modules/

    Then in your /etc/php.d/ directory create the file:

    vi /etc/php.d/zend.ini

    zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.3.so

    After that restart apache/httpd and you'll be good to go!


  • Cannot create gradle for conversations


    The main issue is it looks like Java is not configured to accept the invalid ssl cert that is coming from the download location.

    Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error

     export ANDROID_HOME=/home/user/Downloads/tools/
    Conversations-master$ ./gradlew
    Downloading https://services.gradle.org/distributions/gradle-4.4-all.zip

    Exception in thread "main" java.lang.RuntimeException: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
        at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:78)
        at org.gradle.wrapper.Install.createDist(Install.java:47)
        at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:129)
        at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:48)
    Caused by: javax.net.ssl.SSLException: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1914)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1872)
        at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1855)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1376)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1366)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:263)
        at org.gradle.wrapper.Download.downloadInternal(Download.java:59)
        at org.gradle.wrapper.Download.download(Download.java:45)
        at org.gradle.wrapper.Install$1.call(Install.java:60)
        at org.gradle.wrapper.Install$1.call(Install.java:47)
        at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:65)
        ... 3 more
    Caused by: java.security.ProviderException: java.security.InvalidKeyException: EC parameters error
        at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1024)
        at sun.security.pkcs11.P11Key.equals(P11Key.java:158)
        at java.util.ArrayList.indexOf(ArrayList.java:302)
        at java.util.ArrayList.contains(ArrayList.java:285)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:239)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1459)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:213)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:961)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:897)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1033)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
        ... 13 more
    Caused by: java.security.InvalidKeyException: EC parameters error
        at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:284)
        at sun.security.ec.ECPublicKeyImpl.<init>(ECPublicKeyImpl.java:59)
        at sun.security.pkcs11.P11Key$P11ECPublicKey.getEncodedInternal(P11Key.java:1021)
        ... 28 more
    Caused by: java.security.NoSuchProviderException: no such provider: SunEC
        at sun.security.jca.GetInstance.getService(GetInstance.java:83)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
        at java.security.Security.getImpl(Security.java:697)
        at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:199)
        at sun.security.ec.ECParameters.getAlgorithmParameters(ECParameters.java:279)
        ... 30 more
     


  • not allowed to execute '/usr/bin/apt-get install eclipse' as root linux sudo user permisson issue and solution


    This is most likely to happen on a normal GUI system like Ubuntu or Linux Mint.  If you or the user is meant to have sudo / root privileges it is as simple as editing the following files:

    Now assume your username is "iamtheuser"

    vi /etc/group

    adm:x:4:syslog,iamtheuser
    sudo:x:27:anotheruser,iamtheuser


    Find the above lines and add a comma and "iamtheuser" right after as shown in the example above.  You'll have to log out and login and things will be fine after that.  If you want to stay logged into the GUI you could always just ssh in to localhost and that ssh connection would give you the new privileges.


  • Database Error One or more of the WHMCS database tables appear to be either missing or corrupted. Please check and repair. - WHMCS Solution


    Database Error
    One or more of the WHMCS database tables appear to be either missing or corrupted. Please check and repair.

    This error can be misleading especially if you know you are using a known good backup or restoration of the WHMCS database.  The error can also be that the user lacks permissions to read and write to the database.

    To check to this in MySQL shell:

    GRANT read,write to dbusername@localhost on dbname;

    After that things should work again.


  • postfix errors fatal: no SASL authentication mechanisms /usr/libexec/postfix/smtpd: bad command startup -- throttling solution


    Jul  3 22:12:17mailserver postfix/smtpd[6195]: fatal: no SASL authentication mechanisms
    Jul  3 22:12:18mailserver postfix/master[4881]: warning: process /usr/libexec/postfix/smtpd pid 6195 exit status 1
    Jul  3 22:12:18mailserver postfix/master[4881]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

    This only ever happens in my experience when the authentication method is actually Dovecot.  Usually the problem will be that Dovecot cannot start due to a misconfiguration and or permissions issue. 

    The solution is to try to trace through /var/log/maillog and find out what is wrong with Dovecot (assuming it cannot start).

    After this postfix should work fine.

    You should also enable debug info in dovecot.conf like this:

    auth_debug = yes
    auth_debug_passwords = yes
    auth_verbose = yes

    To give you an idea of what commonly goes wrong after a new Dovecot migration or install:

    dovecot: auth: Error: passwd-file /etc/dovecot.passwd: open(/etc/dovecot.passwd) failed: Permission denied (euid=97(dovecot) egid=97(dovecot) missing +r perm: /etc/dovecot.passwd, euid is not dir owner)

    Solution:

    chmod +x /etc/dovecot.passwd

    Another error:

    dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Connection refused

    In this case you need to make sure /var/run/dovecot/auth-userdb and also /var/mail is set to the correct user id and group id or username/groupname as in your /etc/dovecot/dovecot.conf

    first_valid_gid = 502
    first_valid_uid = 501
    last_valid_gid = 502
    last_valid_uid = 501

     


  • mail command line examples of how to send an email using Linux / Unix and the Bash Shell or Scripting


    A simple way that may work for a lot of people who just need basic output for their scripts or daemons to announce an action is this:

    echo "body or message" | mail -s "realtechtalk.com" user@domain.com

    If you want to send a text file as the body just do this instead:

    mail -s "realtechtalk.com" user@domain.com < /tmp/sometxtfile.txt

    These are some very basic but simple and powerful examples that could assist in basic shell scripting such as taking the output of a command and e-mailing it based on a cronjob etc..

     

    An excellent resource on this is also here.


  • named [FAILED] - zone 1.168.192.in-addr.arpa/IN: not loaded due to errors. - bind error solution


    Centos when copying old files and restarting it seems load everything fine and then says [FAILED] with no log or other message.

    service restart named

    named   [FAILED]

    Check more thoroughly you may have missed the error if you have lots of zones!

     service named restart|grep error
    zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.
    zone 2.168.192.in-addr.arpa/IN: not loaded due to errors.
    zone 3.168.192.in-addr.arpa/IN: not loaded due to errors.
     

    Check the zone file you probably made a mistake that was accepted in an older version of bind/named:

    $TTL 60  ; 172800 seconds
    $ORIGIN 3.168.192.IN-ADDR.ARPA.
    @             IN      SOA   ns1.rtt.com. ns2.rtt.com. (
                                  2003080854 ; serial number
                                  3h         ; refresh
                                  15m        ; update retry
                                  3w         ; expiry
                                  3h         ; nx = nxdomain ttl
                                  )
                    IN NS ns1.rtt.com
                    IN NS ns2.rtt.com

    2       IN PTR testdns.com.
    3       IN PTR dubmail-smart-www.testdns.com.
    4       IN PTR path-mail-vlan20.testdns.com.

    17 IN PTR testdns.com.
    18 IN PTR tehka.testdns.com.
    19 IN PTR khyra.testdns.com.
    20 IN PTR skulda.testdns.com.
    21 IN PTR thehip.testdns.com.
    22 IN PTR ccipe.testdns.com.

    Notice above how the IN NS does NOT have a period at the end of the TLD or .com

    This is a mistake and not allowed and not tolerated in modern versions of bind but clearly in previous ones it was fine and working!

    So just add the dots at the end like below and it will be good.

                    IN NS ns1.rtt.com.
                    IN NS ns2.rtt.com
    .
     

    The above is just a real life example and there was no mention specifically of this being the issue in the output or logs on the server.


  • OpenVPN cannot ping remote IP routing loop issue after connecting


    Sometimes if you have a very basic configuration OpenVPN on the client side for some reason sends all traffic to the OpenVPN server IP through the tun0 which is of course impossible and creates a block or routing loop. 

    This is because you need to use your normal ISP/LAN gateway to hit the OpenVPN server if it is remote/offsite as is usually the case.  So if you are connected to the OpenVPN through say a tun0 device and your routing is set to connect to the OpenVPN server via the tun0 device this breaks everything!

    Example below:

      I am very familiar with OpenVPN servers but I can't seem to ping the gateway or the DNS server for some reason.

        Mon Jul  9 21:46:56 2018 [access] Peer Connection Initiated with [AF_INET]92.85.42.11:1194
        Mon Jul  9 21:46:58 2018 TUN/TAP device tun0 opened
        Mon Jul  9 21:46:58 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
        Mon Jul  9 21:46:58 2018 /sbin/ip link set dev tun0 up mtu 1500
        Mon Jul  9 21:46:58 2018 /sbin/ip addr add dev tun0 local 10.45.100.14 peer 10.45.100.13
        Mon Jul  9 21:46:58 2018 Initialization Sequence Completed


        route looks good but I cannot ping the gateway

        10.0.0.0        10.45.100.13   255.0.0.0       UG    0      0        0 tun0
        92.85.42.11   10.45.100.13   255.255.255.255 UGH   0      0        0 tun0
        142.232.221.0   10.45.100.13   255.255.255.0   UG    0      0        0 tun0

        10.45.0.0      10.45.100.13   255.255.0.0     UG    0      0        0 tun0
        10.45.100.1    10.45.100.13   255.255.255.255 UGH   0      0        0 tun0
        10.45.100.13   0.0.0.0         255.255.255.255 UH    0      0        0 tun0

        ping 10.45.100.1
        PING 10.45.100.1 (10.45.100.13) 56(84) bytes of data.
        ^C
        --- 10.45.100.1 ping statistics ---
        11 packets transmitted, 0 received, 100% packet loss, time 9999ms


    Notice how the route for the VPN server 92.85.42.11 above is going through tun0.  Of course this breaks everything.  How can you connect to the remote IP server when it is going through a tunnel already running to it.  It is basically like a routing loop.  You connect to the Public IP of the OpenVPN server and then you are telling all traffic to that VPN network must first go over the tunnel but really all you've done here is broken the connection to the VPN server!

    tun0 IP: 10.45.58.249

    fix routing loop:

    ip route del 92.85.42.11
     

    Simply just delete the erroneous route to the VPN server IP and this will force traffic to pass properly through the tunnel and allow you to stay connected to the VPN tunnel this way and actually use it.  Alternatively you also could have manually specified that the VPN IP of 92.85.42.11 be specifically routed over a particular interface such as 192.168.1.1 or interface such as eth0 or enp3s0 etc..


  • Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10) Dovecot Solution


    This happens because Dovecot limits the maximum IMAP connections per IP to just 10.  This may be fine for a single client side IP but if an entire office or multiple users are behind one IP or a single heavy user is active then you will get bizarre errors in your e-mail clients such as "Password Incorrect" or similar in Thunderbird.  It won't be obvious on the client side as to what the problem is and they will probably just think the server is misconfigured.

     dovecot: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10): user=<user@domain.com>, method=PLAIN, rip=10.15.12.5, lip=10.15.12.59, TLS
    Jul 10 14:16:21 mailserverdovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [10.15.12.5]


    add this to dovecot.conf:


      mail_max_userip_connections = 50

     

    Restart dovecot and after that you should be good to go.

    Note that some users say you have to put the above in an imap stanza like this (but it was not necessary for me):

    protocol imap {
      mail_max_userip_connections = 50
    }
     


  • No comments are allowed here Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request.


    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.
    Apache/2.2.15 (CentOS) Server at testdomain.com Port 80

    Check your apache log and find something like this:

    .htaccess: No comments are allowed here



    the issue was .htaccess literally not allowing comments after a rule:
     

    deny from 207.114.253.34 #blocked user

    Look at the line above.  Apache certainly didn't help with its cryptic "no comment allowed here".  I wish it would mention what line but it literally meant "no comments allowed at the end of a rule".  This is crazy because it worked fine in a previous version of Apache.  Another caveat and gotcha of upgrading from an older Apache server that what worked before no longer does.

     


  • Linux Mint Black Screen after boot no graphics solution


    This is not the normal "black screen" issue and I was shocked to eventually find out why.  The normal advice of reconfiguring Xorg didn't work.  Even booting into "Recovery Mode" did not help.

    Here is the short end of the stick that fixed it:

    sudo apt-get install mdm mate-desktop-environment

    Yes you got it right, mdm and the mate-desktop-environment / gnome were somehow uninstalled.  This must be when removing a related package sometimes you just say Y and it uninstalls other important and necessary things!  This is just a guess.

    I also couldn't login after that it would kick me right out.  This has something to do with Virtualbox (I wasn't using it) so I just uninstalled it.

    Linux Mint 18 has so far been a very finicky environment compared to the previous 17.

     

    Here is my saga:

     

    sudo service mdm restart

    "Failed to restart mdm.service: Unit mdm.service is masked."

    /usr/sbin/mdm
    -bash: /usr/sbin/mdm: No such file or directory


    strace:

    rt_sigaction(SIGQUIT, {SIG_DFL, ~[RTMIN RT_1], SA_RESTORER, 0x7f96ebba04b0}, NULL, 8) = 0
    rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0
    rt_sigaction(SIGTERM, {SIG_DFL, ~[RTMIN RT_1], SA_RESTORER, 0x7f96ebba04b0}, NULL, 8) = 0
    read(10, "#! /bin/shn### BEGIN INIT INFOn#"..., 8192) = 2340
    geteuid()                               = 1000
    faccessat(AT_FDCWD, "/usr/sbin/mdm", X_OK) = -1 ENOENT (No such file or directory)
    exit_group(0)                           = ?




    sudo apt-get remove mdm

    Reading package lists... Done
    Building dependency tree      
    Reading state information... Done
    Package 'mdm' is not installed, so not removed
    You might want to run 'apt-get -f install' to correct these:
    The following packages have unmet dependencies:
     fglrx : Depends: fglrx-core but it is not installable
    E: Unmet dependencies. Try 'apt-get -f install' with no packages (or specify a solution).




    sudo apt-get -f install

    Reading package lists... Done
    Building dependency tree      
    Reading state information... Done
    Correcting dependencies... Done
    The following packages were automatically installed and are no longer required:
      baloo-kf5 breeze breeze-cursor-theme cheese-common frameworkintegration gjs kde-cli-tools kde-cli-tools-data kde-telepathy-data kde-telepathy-kaccounts ktexteditor-data kwin-style-breeze libcln6
      libdmtx0a libgjs0e libglib2.0-dev libgoocanvas-common libgoocanvas3 libgps22 libjs-underscore libjsoncpp1 libkaccounts1 libkdecorations2-5v5 libkdecorations2private5v5
      libkf5activitiesexperimentalstats1 libkf5baloo5 libkf5balooengine5 libkf5emoticons-data libkf5emoticons5 libkf5js5 libkf5jsembed-data libkf5jsembed5 libkf5kcmutils-data libkf5kcmutils5
      libkf5networkmanagerqt6 libkf5people-data libkf5people5 libkf5peoplebackend5 libkf5peoplewidgets5 libkf5plotting5 libkf5prison1 libkf5pty-data libkf5pty5 libkf5runner5 libkf5screen-bin
      libkf5screen6 libkf5su-data libkf5su5 libkf5sysguard-data libkf5texteditor5 libkf5texteditor5-libjs-underscore libkf5threadweaver5 libkf5xmlrpcclient-data libkf5xmlrpcclient5 libkfontinst5
      libkfontinstui5 libkprintutils4 libksgrd7 libkworkspace5-5 liblmdb0 libmagick++-6.q16-5v5 libmission-control-plugins0 libmozjs-24-0v5 libmusicbrainz5cc2v5 libopenshot-audio5 libopenshot12
      libpackagekitqt5-0 libpcre3-dev libpcre32-3 libpcrecpp0v5 libplasma-geolocation-interface5 libprocesscore7 libqalculate5-data libqalculate5v5 libqimageblitz4 libqrencode3 libqt5clucene5
      libqt5concurrent5 libqt5designer5 libqt5designercomponents5 libqt5help5 libqt5multimedia5 libqt5multimediawidgets5 libqt5test5 libtaskmanager5 libtelepathy-logger-qt5 libtelepathy-logger3
      libtelepathy-qt5-0 libweather-ion7 libxcb-record0 milou oxygen-sounds plasma-desktop-data plasma-look-and-feel-org-kde-breezedark-desktop python-pygoocanvas python3-openshot python3-pyqt5
      python3-pyqt5.qtmultimedia python3-pyqt5.qtopengl python3-pyqt5.qtsvg python3-sip python3-zmq qdbus-qt5 qml-module-org-kde-draganddrop qml-module-org-kde-extensionplugin
      qml-module-org-kde-kcoreaddons qml-module-org-kde-kwindowsystem qml-module-org-kde-solid qml-module-qt-labs-folderlistmodel qml-module-qt-labs-settings qml-module-qtgraphicaleffects
      signon-kwallet-extension telepathy-accounts-signon zlib1g-dev
    Use 'sudo apt autoremove' to remove them.
    The following packages will be REMOVED:
      fglrx
    0 upgraded, 0 newly installed, 1 to remove and 21 not upgraded.
    1 not fully installed or removed.
    After this operation, 175 MB disk space will be freed.
    Do you want to continue? [Y/n] y
    (Reading database ... 294544 files and directories currently installed.)
    Removing fglrx (2:15.201-0ubuntu1) ...
    Processing triggers for libc-bin (2.23-0ubuntu10) ...


    sudo apt-get install mdm

    Reading package lists... Done
    Building dependency tree      
    Reading state information... Done
    The following packages were automatically installed and are no longer required:
      baloo-kf5 breeze breeze-cursor-theme cheese-common frameworkintegration gjs kde-cli-tools kde-cli-tools-data kde-telepathy-data kde-telepathy-kaccounts ktexteditor-data kwin-style-breeze libcln6
      libdmtx0a libgjs0e libglib2.0-dev libgoocanvas-common libgoocanvas3 libgps22 libjs-underscore libjsoncpp1 libkaccounts1 libkdecorations2-5v5 libkdecorations2private5v5
      libkf5activitiesexperimentalstats1 libkf5baloo5 libkf5balooengine5 libkf5emoticons-data libkf5emoticons5 libkf5js5 libkf5jsembed-data libkf5jsembed5 libkf5kcmutils-data libkf5kcmutils5
      libkf5networkmanagerqt6 libkf5people-data libkf5people5 libkf5peoplebackend5 libkf5peoplewidgets5 libkf5plotting5 libkf5prison1 libkf5pty-data libkf5pty5 libkf5runner5 libkf5screen-bin
      libkf5screen6 libkf5su-data libkf5su5 libkf5sysguard-data libkf5texteditor5 libkf5texteditor5-libjs-underscore libkf5threadweaver5 libkf5xmlrpcclient-data libkf5xmlrpcclient5 libkfontinst5
      libkfontinstui5 libkprintutils4 libksgrd7 libkworkspace5-5 liblmdb0 libmagick++-6.q16-5v5 libmission-control-plugins0 libmozjs-24-0v5 libmusicbrainz5cc2v5 libopenshot-audio5 libopenshot12
      libpackagekitqt5-0 libpcre3-dev libpcre32-3 libpcrecpp0v5 libplasma-geolocation-interface5 libprocesscore7 libqalculate5-data libqalculate5v5 libqimageblitz4 libqrencode3 libqt5clucene5
      libqt5concurrent5 libqt5designer5 libqt5designercomponents5 libqt5help5 libqt5multimedia5 libqt5multimediawidgets5 libqt5test5 libtaskmanager5 libtelepathy-logger-qt5 libtelepathy-logger3
      libtelepathy-qt5-0 libweather-ion7 libxcb-record0 milou oxygen-sounds plasma-desktop-data plasma-look-and-feel-org-kde-breezedark-desktop python-pygoocanvas python3-openshot python3-pyqt5
      python3-pyqt5.qtmultimedia python3-pyqt5.qtopengl python3-pyqt5.qtsvg python3-sip python3-zmq qdbus-qt5 qml-module-org-kde-draganddrop qml-module-org-kde-extensionplugin
      qml-module-org-kde-kcoreaddons qml-module-org-kde-kwindowsystem qml-module-org-kde-solid qml-module-qt-labs-folderlistmodel qml-module-qt-labs-settings qml-module-qtgraphicaleffects
      signon-kwallet-extension telepathy-accounts-signon zlib1g-dev
    Use 'sudo apt autoremove' to remove them.
    The following additional packages will be installed:
      gir1.2-webkit-3.0 libwebkitgtk-1.0-0 libwebkitgtk-3.0-0
    Recommended packages:
      zenity
    The following NEW packages will be installed:
      gir1.2-webkit-3.0 libwebkitgtk-1.0-0 libwebkitgtk-3.0-0 mdm
    0 upgraded, 4 newly installed, 0 to remove and 21 not upgraded.
    Need to get 17.2 MB of archives.
    After this operation, 78.9 MB of additional disk space will be used.
    Do you want to continue? [Y/n] y
    Get:1 http://packages.linuxmint.com serena/upstream amd64 mdm amd64 2.0.17+serena [1,932 kB]
    Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 libwebkitgtk-3.0-0 amd64 2.4.11-0ubuntu0.1 [7,593 kB]
    Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 gir1.2-webkit-3.0 amd64 2.4.11-0ubuntu0.1 [60.7 kB]
    Get:4 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 libwebkitgtk-1.0-0 amd64 2.4.11-0ubuntu0.1 [7,587 kB]
    Fetched 17.2 MB in 2s (6,079 kB/s)             
    Preconfiguring packages ...
    Selecting previously unselected package libwebkitgtk-3.0-0:amd64.
    (Reading database ... 294417 files and directories currently installed.)
    Preparing to unpack .../libwebkitgtk-3.0-0_2.4.11-0ubuntu0.1_amd64.deb ...
    Unpacking libwebkitgtk-3.0-0:amd64 (2.4.11-0ubuntu0.1) ...
    Selecting previously unselected package gir1.2-webkit-3.0:amd64.
    Preparing to unpack .../gir1.2-webkit-3.0_2.4.11-0ubuntu0.1_amd64.deb ...
    Unpacking gir1.2-webkit-3.0:amd64 (2.4.11-0ubuntu0.1) ...
    Selecting previously unselected package libwebkitgtk-1.0-0:amd64.
    Preparing to unpack .../libwebkitgtk-1.0-0_2.4.11-0ubuntu0.1_amd64.deb ...
    Unpacking libwebkitgtk-1.0-0:amd64 (2.4.11-0ubuntu0.1) ...
    Selecting previously unselected package mdm.
    Preparing to unpack .../mdm_2.0.17+serena_amd64.deb ...
    Unpacking mdm (2.0.17+serena) ...
    Processing triggers for libc-bin (2.23-0ubuntu10) ...
    Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ...
    Processing triggers for man-db (2.7.5-1) ...
    Processing triggers for ureadahead (0.100.0-19) ...
    Processing triggers for systemd (229-4ubuntu21.2) ...
    Setting up libwebkitgtk-3.0-0:amd64 (2.4.11-0ubuntu0.1) ...
    Setting up gir1.2-webkit-3.0:amd64 (2.4.11-0ubuntu0.1) ...
    Setting up libwebkitgtk-1.0-0:amd64 (2.4.11-0ubuntu0.1) ...
    Setting up mdm (2.0.17+serena) ...
    Upstart detected. Removing rc.d links.
    Linking /usr/bin/gdmflexiserver to /usr/bin/mdmflexiserver
    Processing triggers for libc-bin (2.23-0ubuntu10) ...


    after restarting mdm this works with a weird/different generic looking login screen but then it logs out right away without showing anything except an error message saying to check this:

    ~/.xession-errors

    initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused
    /etc/mdm/Xsession: Beginning session setup...
    localuser:mintuser being added to access control list


    sudo apt-get --reinstall install xserver-xorg-core xserver-xorg

    initctl: Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused


    sudo apt-get --reinstall install mate-desktop-environment

    #after this the normal login screen but after logging in you get kicked out immediately without ever seeing the desktop environment and the message about the xsession-errors

    Your session only lasted less than 10 seconds. 

    =========

    I also believed it was an Xorg issue but I just had to reinstall mdm and the mate-desktop:

     


    [    27.153]
    X.Org X Server 1.18.4
    Release Date: 2016-07-19
    [    27.154] X Protocol Version 11, Revision 0
    [    27.154] Build Operating System: Linux 4.4.0-97-generic x86_64 Ubuntu
    [    27.154] Current Operating System: Linux queenlazina-laptop 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64
    [    27.154] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.4.0-116-generic root=UUID=328e6d8a-529d-4f5e-8d72-16a9f3ec16e1 ro quiet splash vt.handoff=7
    [    27.154] Build Date: 13 October 2017  01:57:05PM
    [    27.154] xorg-server 2:1.18.4-0ubuntu0.7 (For technical support please see http://www.ubuntu.com/support)
    [    27.154] Current version of pixman: 0.33.6
    [    27.154]    Before reporting problems, check http://wiki.x.org
            to make sure that you have the latest version.
    [    27.154] Markers: (--) probed, (**) from config file, (==) default setting,
            (++) from command line, (!!) notice, (II) informational,
            (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
    [    27.154] (==) Log file: "/var/log/Xorg.0.log", Time: Tue May  1 12:25:36 2018
    [    27.154] (==) Using config directory: "/etc/X11/xorg.conf.d"
    [    27.154] (==) Using system config directory "/usr/share/X11/xorg.conf.d"
    [    27.155] (==) No Layout section.  Using the first Screen section.
    [    27.155] (==) No screen section available. Using defaults.
    [    27.155] (**) |-->Screen "Default Screen Section" (0)
    [    27.155] (**) |   |-->Monitor "<default monitor>"
    [    27.156] (==) No device specified for screen "Default Screen Section".
            Using the first device section listed.
    [    27.156] (**) |   |-->Device "Intel Graphics"
    [    27.156] (==) No monitor specified for screen "Default Screen Section".


    (II) [KMS] Kernel modesetting enabled.
    No devices to configure.  Configuration failed.
    (EE) Server terminated with error (2). Closing log file.
     


  • Duplicate entry '2147483647' for key 'PRIMARY' MySQL Error Solution


    This usually happens when you are using something like an INT and try to insert a larger value than the maximum which is larger than "2147483647"

    On a practical term I have seen this and been guilty of this error when using scripts like PHP and generating large random numbers:

      $hash = mt_rand(5,9999999999999);

    Obviously that many 9's are more digits than the maximum of an INT resulting in that error.  Change your code accordingly to avoid the problem:

      $hash = mt_rand(5,2147483647);

     

    More info on MySQL INT sizes here.


  • Mozilla Firefox Address Bar History Not Working places.sqlite corruption solution database repair


    Here is the only solution I found that works in Firefox:

    *Note you could basically just copy all of the commands in bold (the rest just shows the output)

     

    Install sqlite3

    sqlite3 places.sqlite

    sqlite> .clone places.sqlite-fixed
    moz_places... done
    moz_historyvisits... done
    moz_inputhistory... done
    moz_bookmarks... done
    moz_keywords... done
    sqlite_sequence... Error: object name reserved for internal use: sqlite_sequence
    SQL: [CREATE TABLE sqlite_sequence(name,seq)]
    done
    moz_anno_attributes... done
    moz_annos... done
    moz_items_annos... done
    sqlite_stat1... Error: object name reserved for internal use: sqlite_stat1
    SQL: [CREATE TABLE sqlite_stat1(tbl,idx,stat)]
    Error 1: no such table: sqlite_stat1 on [SELECT * FROM "sqlite_stat1"]
    done
    moz_hosts... done
    moz_bookmarks_deleted... done
    sqlite_autoindex_moz_inputhistory_1... done
    sqlite_autoindex_moz_keywords_1... done
    sqlite_autoindex_moz_anno_attributes_1... done
    sqlite_autoindex_moz_hosts_1... done
    sqlite_autoindex_moz_bookmarks_deleted_1... done
    moz_places_hostindex... done
    moz_places_visitcount... done
    moz_places_frecencyindex... done
    moz_places_lastvisitdateindex... done
    moz_historyvisits_placedateindex... done
    moz_historyvisits_fromindex... done
    moz_historyvisits_dateindex... done
    moz_bookmarks_itemindex... done
    moz_bookmarks_parentindex... done
    moz_bookmarks_itemlastmodifiedindex... done
    moz_places_url_hashindex... done
    moz_places_guid_uniqueindex... done
    moz_bookmarks_guid_uniqueindex... done
    moz_annos_placeattributeindex... done
    moz_items_annos_itemattributeindex... done
    moz_keywords_placepostdata_uniqueindex... done
    moz_bookmarks_dateaddedindex... done

    PRAGMA user_version;

    sqlite> PRAGMA user_version;
    41
    sqlite> .exit

    *Note the output "41" or whatever number you will need to use this later *below*

    #Note again in the command "PRAGMA user_version = 41" (substitute 41 with whatever version you got above).

    sqlite3 places.sqlite-fixed

    PRAGMA integrity_check;

    PRAGMA user_version = 41;

    PRAGMA journal_mode = truncate;

    PRAGMA page_size = 32768;

    VACUUM;

    PRAGMA journal_mode = wal;


    SQLite version 3.11.0 2016-02-15 17:29:24
    Enter ".help" for usage hints.
    sqlite> PRAGMA integrity_check;
    ok
    sqlite> PRAGMA user_version = 41;
    sqlite> PRAGMA journal_mode = truncate;
    truncate
    sqlite> PRAGMA page_size = 32768;
    sqlite> VACUUM;
    sqlite> PRAGMA journal_mode = wal;
    wal
    sqlite> .exit

     

    Now restore the "places.sqlite-fixed" to places.sqlite and reopen Firefox

    After doing this my address bar history worked fine and perfectly!  No need to start with a fresh database and lose valuable history and shortcuts to key sites you visit!

     


  • sign_and_send_pubkey: signing failed: agent refused operation - SSH Solution


    sign_and_send_pubkey: signing failed: agent refused operation

    This happens when you don't manually add your ssh key with ssh-add it is some weird new feature in SSH or Ubuntu/Debian that causes this weird problem.
     

    Solution:


    ssh-add
    Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)


  • Centos PXEBoot NetInstall Failure - Pane is dead


    ValueError: new value non-existent xfs filesystem is not valid as a default fs type

    Pane is dead

    From what I read this is misleading and has to do with the fact that the initrd and kernel are mismatched.

    This is a hard situation because for some older hardware I am using the Centos Plus kernel which has modules that I require for an older server/NIC.  This seems to have cropped up in the past few months and there is no simple fix which is quite frustrating.

    I wish RHEL/Centos would provide a CentosPlus kernel for their PXE boot image as this essentially stops things from working and creates a PXEBoot/NetInstall scenario that cannot be relied on because it seems to pull other image data from the Centos repo which ends up breaking in the event that the repo has been updated and your kernel/initrd are mismatched.

    But it worked before the whole time so something unexpected or undesirable has changed upstream unfortunately.  For now I am not sure of the solution short of creating my own PXEBoot initrd image and kernel.


  • Intel NUC J3455 Linux Kernel freeze slowness 4.4.98 errors


    It looks like this has something to do with APIC but I am not sure.  I have similar CPUs with a different MB and BIOS that work fine on the same type of kernel.  A lot of time the issue is because of the C-step setting in the BIOS.

    The same thing happened on the 2.6 kernel with Centos 6 but this is a homebrew 4.4 kernel so I am not sure why it is happening when even Centos 7 (3.2) kernel works OK.

    Solution - It comes down to the BIOS settings:

    *The most critical part is this:

    Boot:

    OS Selection "Linux" (now note this is weird but even if you are booting without UEFI this setting applies still).

    If you don't choose Linux as your OS everything runs snail slow.

    Security:

    Disable "Execute Disable Bit"

    Disable "Intel Platform Trust"

    Power:

    Disable "Enhanced Intel Speedstep Technology"

    Disable "OS ACPI C2 Report"

     

     

     

     


    [72799.017154] INFO: rcu_sched detected stalls on CPUs/tasks:
    [72799.017193]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [72799.017220]     (detected by 0, t=5252 jiffies, g=1775778, c=1775777, q=678)
    [72799.017249] Task dump for CPU 1:
    [72799.017270] swapper/1       R running      0     0      1 0x00200008
    [72799.017301]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [72799.017353]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [72799.017405]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [72799.017458] Call Trace:
    [72799.017486]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [72799.017515]  [] ? apic_timer_interrupt+0x2d/0x34
    [72799.017542]  [] ? mwait_idle+0x68/0x150
    [72799.017568]  [] ? arch_cpu_idle+0x6/0x10
    [72799.017593]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [72799.017618]  [] ? setup_APIC_timer+0x9b/0xb0
    [72799.017645] rcu_sched kthread starved for 5252 jiffies! g1775778 c1775777 f00
    [72862.037828] INFO: rcu_sched detected stalls on CPUs/tasks:
    [72862.037866]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [72862.037893]     (detected by 0, t=21007 jiffies, g=1775778, c=1775777, q=3093)
    [72862.037923] Task dump for CPU 1:
    [72862.037944] swapper/1       R running      0     0      1 0x00200008
    [72862.037975]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [72862.038028]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [72862.038080]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [72862.038132] Call Trace:
    [72862.038161]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [72862.038190]  [] ? apic_timer_interrupt+0x2d/0x34
    [72862.038216]  [] ? mwait_idle+0x68/0x150
    [72862.038242]  [] ? arch_cpu_idle+0x6/0x10
    [72862.038268]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [72862.038293]  [] ? setup_APIC_timer+0x9b/0xb0
    [72862.038320] rcu_sched kthread starved for 21007 jiffies! g1775778 c1775777 f0
    [72925.058501] INFO: rcu_sched detected stalls on CPUs/tasks:
    [72925.058539]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [72925.058566]     (detected by 2, t=36762 jiffies, g=1775778, c=1775777, q=5985)
    [72925.058596] Task dump for CPU 1:
    [72925.058617] swapper/1       R running      0     0      1 0x00200008
    [72925.058648]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [72925.058701]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [72925.058752]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [72925.058805] Call Trace:
    [72925.058834]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [72925.058863]  [] ? apic_timer_interrupt+0x2d/0x34
    [72925.058890]  [] ? mwait_idle+0x68/0x150
    [72925.058915]  [] ? arch_cpu_idle+0x6/0x10
    [72925.058941]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [72925.058967]  [] ? setup_APIC_timer+0x9b/0xb0
    [72925.058993] rcu_sched kthread starved for 36762 jiffies! g1775778 c1775777 f0
    [72988.079176] INFO: rcu_sched detected stalls on CPUs/tasks:
    [72988.079216]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [72988.079243]     (detected by 0, t=52517 jiffies, g=1775778, c=1775777, q=9582)
    [72988.079273] Task dump for CPU 1:
    [72988.079294] swapper/1       R running      0     0      1 0x00200008
    [72988.079325]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [72988.079378]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [72988.079430]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [72988.079482] Call Trace:
    [72988.079511]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [72988.079539]  [] ? apic_timer_interrupt+0x2d/0x34
    [72988.079566]  [] ? mwait_idle+0x68/0x150
    [72988.079592]  [] ? arch_cpu_idle+0x6/0x10
    [72988.079617]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [72988.079643]  [] ? setup_APIC_timer+0x9b/0xb0
    [72988.079669] rcu_sched kthread starved for 52517 jiffies! g1775778 c1775777 f0
    [73051.099850] INFO: rcu_sched detected stalls on CPUs/tasks:
    [73051.099888]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [73051.099915]     (detected by 0, t=68272 jiffies, g=1775778, c=1775777, q=12493)
    [73051.099946] Task dump for CPU 1:
    [73051.099966] swapper/1       R running      0     0      1 0x00200008
    [73051.099997]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [73051.100050]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [73051.100102]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [73051.100154] Call Trace:
    [73051.100183]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [73051.100211]  [] ? apic_timer_interrupt+0x2d/0x34
    [73051.100238]  [] ? mwait_idle+0x68/0x150
    [73051.100264]  [] ? arch_cpu_idle+0x6/0x10
    [73051.100289]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [73051.100315]  [] ? setup_APIC_timer+0x9b/0xb0
    [73051.100341] rcu_sched kthread starved for 68272 jiffies! g1775778 c1775777 f0
    [73114.120521] INFO: rcu_sched detected stalls on CPUs/tasks:
    [73114.120560]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [73114.120588]     (detected by 3, t=84027 jiffies, g=1775778, c=1775777, q=15681)
    [73114.120618] Task dump for CPU 1:
    [73114.120639] swapper/1       R running      0     0      1 0x00200008
    [73114.120670]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [73114.120722]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [73114.120774]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [73114.120827] Call Trace:
    [73114.120856]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [73114.120884]  [] ? apic_timer_interrupt+0x2d/0x34
    [73114.120911]  [] ? mwait_idle+0x68/0x150
    [73114.120937]  [] ? arch_cpu_idle+0x6/0x10
    [73114.120962]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [73114.120988]  [] ? setup_APIC_timer+0x9b/0xb0
    [73114.121014] rcu_sched kthread starved for 84027 jiffies! g1775778 c1775777 f0
    [73177.141194] INFO: rcu_sched detected stalls on CPUs/tasks:
    [73177.141232]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [73177.141259]     (detected by 2, t=99782 jiffies, g=1775778, c=1775777, q=18837)
    [73177.141289] Task dump for CPU 1:
    [73177.141310] swapper/1       R running      0     0      1 0x00200008
    [73177.141340]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [73177.141393]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [73177.141445]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [73177.141497] Call Trace:
    [73177.141525]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [73177.141554]  [] ? apic_timer_interrupt+0x2d/0x34
    [73177.141581]  [] ? mwait_idle+0x68/0x150
    [73177.141607]  [] ? arch_cpu_idle+0x6/0x10
    [73177.141632]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [73177.141658]  [] ? setup_APIC_timer+0x9b/0xb0
    [73177.141684] rcu_sched kthread starved for 99782 jiffies! g1775778 c1775777 f0
    [73240.161868] INFO: rcu_sched detected stalls on CPUs/tasks:
    [73240.161906]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [73240.161934]     (detected by 3, t=115537 jiffies, g=1775778, c=1775777, q=22200)
    [73240.161964] Task dump for CPU 1:
    [73240.161985] swapper/1       R running      0     0      1 0x00200008
    [73240.162016]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [73240.162069]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [73240.162121]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [73240.162173] Call Trace:
    [73240.163521]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [73240.163550]  [] ? apic_timer_interrupt+0x2d/0x34
    [73240.163577]  [] ? mwait_idle+0x68/0x150
    [73240.163603]  [] ? arch_cpu_idle+0x6/0x10
    [73240.163628]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [73240.163654]  [] ? setup_APIC_timer+0x9b/0xb0
    [73240.163680] rcu_sched kthread starved for 115537 jiffies! g1775778 c1775777 0
    [73303.182543] INFO: rcu_sched detected stalls on CPUs/tasks:
    [73303.182582]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [73303.182609]     (detected by 0, t=131292 jiffies, g=1775778, c=1775777, q=24499)
    [73303.182639] Task dump for CPU 1:
    [73303.182660] swapper/1       R running      0     0      1 0x00200008
    [73303.182691]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [73303.182743]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [73303.182796]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [73303.182848] Call Trace:
    [73303.182877]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [73303.182906]  [] ? apic_timer_interrupt+0x2d/0x34
    [73303.182932]  [] ? mwait_idle+0x68/0x150
    [73303.182958]  [] ? arch_cpu_idle+0x6/0x10
    [73303.182984]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [73303.183009]  [] ? setup_APIC_timer+0x9b/0xb0
    [73303.183035] rcu_sched kthread starved for 131292 jiffies! g1775778 c1775777 0
    [73366.203215] INFO: rcu_sched detected stalls on CPUs/tasks:
    [73366.203254]     1-...: (185 GPs behind) idle=832/0/0 softirq=52330/52330 fqs=0
    [73366.203281]     (detected by 3, t=147047 jiffies, g=1775778, c=1775777, q=26783)
    [73366.203311] Task dump for CPU 1:
    [73366.203332] swapper/1       R running      0     0      1 0x00200008
    [73366.203363]  00200086 00000000 00000000 00000000 c1037b90 f34f0000 c147140d 0
    [73366.203416]  00000000 00000000 00000000 00000001 00000000 00000000 0000007b b
    [73366.203468]  f3bb00d8 00000000 ffffff10 c100bc48 00000060 00200246 00000000 a
    [73366.203520] Call Trace:
    [73366.203549]  [] ? smp_apic_timer_interrupt+0x30/0x40
    [73366.203578]  [] ? apic_timer_interrupt+0x2d/0x34
    [73366.203604]  [] ? mwait_idle+0x68/0x150
    [73366.203630]  [] ? arch_cpu_idle+0x6/0x10
    [73366.203656]  [] ? cpu_startup_entry+0x1dd/0x2d0
    [73366.203681]  [] ? setup_APIC_timer+0x9b/0xb0
    [73366.203707] rcu_sched kthread starved for 147047 jiffies! g1775778 c1775777 0

     

    You may also get errors like these:

     

    [  299.955483] mce: [Hardware Error]: Machine check events logged

     

    Other symptoms are that everything seems to run very slow such as basic keyboard input there is a lot of lag even when opening top or waiting for the output of dmesg etc..When typing it basically feels like you are on a dialup modem connecting to a server on the other side of the world with packet loss or that is saturated.


  • named[1525]: error (broken trust chain) resolving 'min-api.cryptocompare.com/A/IN': 173.245.58.78#53 solution


    So you restarted your router/dhcpd server or for some other reason you wonder why DHCP is not working on any of your clients?  You go and check that named is in fact running fine.

    But then you check /var/log/messages and see this error for everything hostname:

    named[1525]: error (broken trust chain) resolving 'min-api.cryptocompare.com/A/IN': 173.245.58.78#53

    I've only ever seen this when the time on the server was off.  It is important to make sure you are running ntpd or ntpdate on boot and at all times.  Once you change your time to the correct time things will work again.


  • Linux Ubuntu Mint Debian cannot play xvid,x264,mp4 or any videos codec issue - xplayer Could not initialize supporting library.


    In xplayer I get the following error "Could not initialize supporting library.".  It actually looks more like a gstreamer issue.

    For those wondering what the default video player is called it is "xvid" and not "totem" anymore like previous versions.

    Basically it looks like some codecs are missing when I uninstalled another program it uninstalled other programs and codecs that it shouldn't have.

    I've tried installing all the gstream packages and other codecs but nothing has helped so far.

     There is also this console output:

    libva info: VA-API version 0.39.0
    libva info: va_getDriverName() returns -1
    libva error: va_getDriverName() failed with unknown libva error,driver_name=(null)

    Solution:

    sudo apt-get remove gstreamer1.0-vaapi


  • wget howto output to terminal or script instead of file


    wget -qO

    You just need the -qO switch and you'll be good to go, the output then goes to your console/screen/script rather than a file.


  • imagemagick convert to chop off top of image


     convert -crop -0-400 image.jpg image.pdf

    The -crop -0-400 is what does it.  The 0 says not to chop anything from the left.  If you want to chop the left of course change 0 to whatever pixels you want chopped from the left.  The 400 says to chop 400 pixels off the top.

    This is useful if you have a bunch of images/scans where the same area at the top needs to be chopped.

    Sometimes the -trim option (such as the case of white space on top) is wrong and ends up cropping the image and losing some text.

    ImageMagick's convert is very useful but tricky to find some things out as I find it to be less than intuitive sometimes.


  • How To Set or Change Useragent in Firefox and Seamonkey


    In your browser go to "about:config"

    Right click and choose "New" -> "String"

    The name should be:

    general.useragent.override

    String Value:

    Mozilla/5.0 (Linux; U; Android 2.2.1; en-ca; LG-P505R Build/FRG83) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1

     

    You don't even have to restart to make this work.


  • How To Turn Any .iso file into a bootable USB drive


    This works for almost all ISO's I find (at least Linux based):

    sudo dd if=CentOS-6.9-x86_64-minimal.iso of=/dev/sdg bs=20M
    20+1 records in
    20+1 records out
    427819008 bytes (428 MB) copied, 118.233 s, 3.6 MB/s
     

    Of course change the .iso filename above and the /dev/sdg to your desired USB drive!


  • Linux Mint Ubuntu Debian How To Disable Webcam Automatically Onboot To Prevent Spying and Privacy Violations


    It is well known hackers, the NSA, CIA and other groups have created malware to secretly turn on your webcam and microphone on your phone, tv etc.. But fortunately on our computers and laptops we have some options.

    Most webcams use the "uvcvideo" kernel module / driver.  You can disable this in two ways on boot. I recommend both just as a failsafe. 

    Disable it on rc.local once your system boots automatically

    Add the following to /etc/rc.local:

    /sbin/rmmod uvcvideo

    Even if the kernel module was loaded during boot this will unload it.

    Disable it from loading at all in blacklist.conf

    Edit /etc/modprobe.d/blacklist.conf

    blacklist uvcvideo
     

    Now of course note a hacker who gains access as root/admin could still load this driver and spy on you but it is a reasonable amount of privacy.  To increase security you should use electrical or duct tape over your microphone and webcam itself.

    As a more invasive mode you could also edit your initramfs and kernel not to even contain the driver (but the issue is that on kernel upgrade the uvcvideo driver will be back).

    You could also use a cronjob like this every minute:

    sudo crontab -e

    */1 * * * * /sbin/rmmod uvcvideo

    This would try to unload the driver every minute just in case something malicious did activate it again. 

     


  • IcedTea Java Web Viewer Config Utility How To Enter


    In at least Ubuntu and Mint there is nothing intuitive about configuring Java.

    Execute it to get to it:

    itweb-settings

    You'll be able to configure different options and variables.

     


  • Debian Linux Mint Ubuntu Disable Automatic apt-get update


    sudo chmod 000 /etc/cron.daily/apt-compat
     

    This is the easiest way to disable the cron without anything more invasive like deleting the file.

    After that you won't have anymore apt-get's starting.

    This can be critical for systems without much extra RAM that is not in use.  I've seen systems that have swapped and crashed over apt-get.


  • How To Install Seamonkey Web Browser on Debian Ubuntu Linux Mint


    It's a little tricky if you are running a 64-bit OS which most people will be.

    The weird thing is that the Seamonkey website for Linux seems to only provide a 32-bit download.

    seamonkey-2.49.2.tar.bz2

    First unpack it

    tar -jxvf seamonkey-2.49.2.tar.bz2
     

    Try to run it

     ./seamonkey
    XPCOMGlueLoad error for file /home/queenlazina/Downloads/seamonkey/libmozgtk.so:
    libgtk-3.so.0: cannot open shared object file: No such file or directory
    Couldn't load XPCOM.


    Seems that libgtk is installed:


    ls /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
    /usr/lib/x86_64-linux-gnu/libgtk-3.so.0

     

    But note it is 64-bit and you need the 32-bit library since Seamonkey is 32-bit.

    We need to enable i386/32-bit architecture and add the libgtk for 32 bit

    sudo dpkg --add-architecture i386
    sudo apt-get install libgtk-3-0:i386

    After that you can run Seamonkey finally!


  • Prevent SSH Bruteforce and Hacks By Disabling Password Authentication


    One simple way to keep your server public but almost impossible to hack via SSH is to disable password authentication over SSH.  This means the only way in is via  your own private key that only you should have.

    Edit your /etc/ssh/sshd.conf file

    Set this option

    PasswordAuthentication no

    Restart your SSH server.

    service sshd restart

     

    Now your server will be much more secure, even if someone has the password they cannot login remotely no matter what (so long as no one has stolen your private key).  This makes bruteforcing absolutely impossible, so long as they don't enter another way, get root access and enable password login again.


  • SMF Forums / Simple Machines Forums Not Displaying Images Theme or Styles Properly using 127.0.0.1


    This is one thing that has me wondering about SMF.  It is apparently a known issue but in the latest version and new install nothing looked right because it was using http://127.0.0.1 to find everything!  How on earth would it ever do this or think it is normal?

    Excerpt of crazy html code it produces that causes the issue:


        <link rel="stylesheet" type="text/css" href="http://127.0.0.1/smf/Themes/default/css/index.css?fin20" />
        <script type="text/javascript" src="http://127.0.0.1/smf/Themes/default/scripts/script.js?fin20"></script>
        <script type="text/javascript" src="http://127.0.0.1/smf/Themes/default/scripts/theme.js?fin20"></script>

            <img id="upshrink" src="http://127.0.0.1/smf/Themes/default/images/upshrink.png" alt="*" title="Shrink or expand the header." style="display: none;" />
                <img id="smflogo" src="http://127.0.0.1/smf/Themes/default/images/smflogo.png" alt="Simple Machines Forum" title="Simple Machines Forum" />
            </div>



    To repair it you need to get a tool from the SMF site: https://wiki.simplemachines.org/smf/Repair_settings.php#Download_the_Repair_Settings_Tool

     

    Get the tool run it and you'll see some output like this:

    Almost always aside from MySQL DB you should change 127.0.0.1 to the domain name of your server.



     URLs
    These are the paths and URLs to your SMF installation, and can cause big problems when they are wrong. Sorry, there are a lot of them.
    Forum URL:    
    Recommended value: "https://forums.domain.com".
    Forum Directory:    
    Recommended value: "/var/www/vhosts/domain.com/httpdocs".
    Sources Directory:    
    Recommended value: "/var/www/vhosts/domain.com/httpdocs/Sources".
    Attachment Directory:    
    Recommended value: "/var/www/vhosts/domain.com/httpdocs/attachments".
    Avatar URL:    
    Recommended value: "https://forums.domain.com/avatars".
    Avatar Directory:    
    Recommended value: "/var/www/vhosts/domain.com/httpdocs/avatars".
    Custom Avatar URL:
    Value not found!    
    Custom Avatar Directory:
    Value not found!    
    Smileys URL:    
    Recommended value: "https://forums.domain.com/Smileys".
    Smileys Directory:    
    Recommended value: "/var/www/vhosts/domain.com/httpdocs/Smileys".






    Paths & URLs For Themes
    These are the paths and URLs to your SMF themes.
    SMF Default Theme - Curve URL:    
    Recommended value: "https://forums.domain.com/Themes/default".
    SMF Default Theme - Curve Images URL:    
    Recommended value: "https://forums.domain.com/Themes/default/images".
    SMF Default Theme - Curve Directory:    
    Recommended value: "/var/www/vhosts/domain.com/httpdocs/Themes/default".
    Core Theme URL:    
    Recommended value: "https://forums.domain.com/Themes/core".
    Core Theme Images URL:    
    Recommended value: "https://forums.domain.com/Themes/core/images".
    Core Theme Directory:    
    Recommended value: "/var/www/vhosts/domain.com/httpdocs/Themes/core".


  • solution mysqldump: Got error: 1044: Access denied for user 'user'@'localhost' to database 'thedb' when using LOCK TABLES


    It is simple the user just needs to be given the "LOCK TABLES" privilege.

    As root run this command:

    GRANT LOCK TABLES ON yourdatabase.* TO yourmysqluser@localhost;


  • MySQL How To Grant Access To ALL Databases For Export and Backup Purposes


    GRANT SELECT, LOCK TABLES ON *.* TO yourmysqluser@localhost;

    All you need to do a full MySQL dump on all databases is the SELECT and LOCK TABLES privileges.  This way you don't have to use the mysql root user.  Data could be compromised this way but at least no harm from manipulation, changes or deletion are possible by locking down the privileges to the minimum for a full MySQL dump and backup.

    Here is a command you could use to dump all databases.


  • mdadm how to stop or start a check


    It's fairly simple to start or stop a check but I do wish mdadm's command had this built in.  Sometimes it will do a check at the worst time causing the server to crawl to a halt.

    Stop check on md126:

    echo idle > /sys/block/md126/md/sync_action

    Start check on md126:

    echo check > /sys/block/md126/md/sync_action

     

    If you don't want to stop everything you can use this guide to set the minimum and maximum sync speed which does help.

     

     


  • vzquota : (error) Quota on syscall for id 4532: No such file or directory vzquota on failed [3] OpenVZ Error and Solution


    Starting container...
    vzquota : (error) Quota on syscall for id 4532: No such file or directory
    vzquota on failed [3]

     

    Solution

    vzquota drop 4532

    Then start the container and it should work.  It actually happened after migrating the VPS manually to another location (very common).

    Another way of doing essentially the same is the following:

    https://realtechtalk.com/vzquota_error_Quota_on_syscall_for_id_42131_No_such_file_or_directory_vzquota_on_failed_[3]-1447-articles


  • Apache htaccess Custom ErrorDocument not working properly for root home page 403 Error Issue and Solution


    So I have a domain "testdomain.com".

    Inside test domain.com's root is the following .htaccess:


    Options +FollowSymLinks -Indexes
    ErrorDocument 403 /launch/index.html

    Order Deny,Allow
    Deny From All
    Allow From 192.168.1.2

    When you visit anything other than root things work fine.  Eg. if you visit http://testdomain.com/somedirfile.html

    It will show the right error in /launch/

    But if you just visit the root you get the standard Apache Test page even though a 403 is returned.  The reason for this is because of an Alias "Error" in /etc/httpd/httpd.conf

    Find this line and comment it out:

    Alias /error/ "/var/www/error/"

    What happens when visiting root is that it checks for a custom 403 error in /var/www/error/ and when it doesn't find one in there it returns noindex.html (the Apache test page).

    However I don't know a better work-around what Apache then does after commenting out that alias is it insists in then looking inside your /www/document_root/error/ folder for a matching custom file.  If not it looks for a noindex.html in there.

    So all I did was create a no index.html in an error folder within my document root.

    This solves the issue but I am not sure of how to make a better solution.  I searched for hours modifying the vhost configuration but nothing worked or helped except the above.

    These URLs below had the same issue:


    https://www.linuxquestions.org/questions/linux-server-73/apache-403-on-root-serves-test-page-instead-of-forbidden-page-4175492016/
    https://www.linuxquestions.org/questions/linux-server-73/apache-denied-ips-getting-test-page-914257/

     


    Here is some of the troubleshooting process I went through:

     

    I have an issue where I am only allowing a few IPs to view a website in .htaccess:


    Options +FollowSymLinks -Indexes
    ErrorDocument 403 /launch/index.html

    Order Deny,Allow
    Deny From All
    Allow From 192.168.1.2


    # Now it works if you go to http://url/somecrap it will take you to /launch/index.html
    But if you just go to the reoot http://url/ or http://url you get the Apache Test page instead:



    https://www.linuxquestions.org/questions/linux-server-73/apache-403-on-root-serves-test-page-instead-of-forbidden-page-4175492016/
    https://www.linuxquestions.org/questions/linux-server-73/apache-denied-ips-getting-test-page-914257/

    solution:
    edit /etc/httpd/httpd.conf

    # Customizable error responses come in three flavors:
    # 1) plain text 2) local redirects 3) external redirects
    #
    # Some examples:
    #ErrorDocument 500 "The server made a boo boo."
    #ErrorDocument 404 /missing.html
    #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
    #ErrorDocument 402 http://www.example.com/subscription_info.html
    #

    #
    # Putting this all together, we can internationalize error responses.
    #
    # We use Alias to redirect any /error/HTTP_<error>.html.var response to
    # our collection of by-error message multi-language collections.  We use
    # includes to substitute the appropriate text.
    #
    # You can modify the messages' appearance without changing any of the
    # default HTTP_<error>.html.var files by adding the line:
    #
    #   Alias /error/include/ "/your/include/path/"
    #
    # which allows you to create your own set of files by starting with the
    # /var/www/error/include/ files and
    # copying them to /your/include/path/, even on a per-VirtualHost basis.
    #

    #Alias /error/ "/var/www/error/"


    [root@serverdev error]# mv noindex.html noindex.html-bad
    [root@serverdev error]# readlink -f .
    /var/www/error


    Alias /error/ "/var/www/error/"


    #Alias /error/ "/var/www/error/"

    <IfModule mod_negotiation.c>
    <IfModule mod_include.c>
        <Directory "/var/www/error">
            AllowOverride None
            Options IncludesNoExec
            AddOutputFilter Includes html
            AddHandler type-map var
            Order allow,deny
            Allow from all
            LanguagePriority en es de fr
            ForceLanguagePriority Prefer Fallback
        </Directory>


    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    log#
    [Sun Apr 08 04:09:43 2018] [error] [client 192.168.1.55] client denied by server configuration: /www/vhosts/vhosttest.com/httpdocs/
    [Sun Apr 08 04:09:43 2018] [error] [client 192.168.1.55] client denied by server configuration: /www/vhosts/vhosttest.com/httpdocs/error
     


  • syslinux / pxelinux how to boot from local drive how to


    Just type the command:

    localboot

    By default it will boot the first local drive "0".  I believe you can specify a different number to boot a different device.

    eg.

    localboot 3

    (will boot the 4th BIOS device)'


  • samba how to listen on specific IP only


    This is useful for security purposes especially on a server which may have a public IP assigned to it but has a second NIC for the LAN.

    Here is how you edit smb.conf:

    [global]

    interfaces = 192.168.1.50
    bind interfaces only = yes

    As you can see above it will only listen on 192.168.1.50 and remind to keep the "bind interfaces only" option.


  • How To Install Windows Server 7 8 10 12 2008 2012 2014 2016 Servers Desktops using Linux tftp, dhcpd and samba


    It has been a big pain for a long-time to install Windows from a Linux environment.  I used to run a windows install server and it never worked right for some reason (the install would fail on most servers).

    Before getting start be sure to setup your samba share so once you boot into WinPE you can mount the install for whatever Windows you want

    /etc/samba/smb.conf

    [smbwinstall]
    path = /tftpboot/images/winstall
    guest ok = yes
    directory mask = 0775

    It's much easier and stable to deploy all OS's using a Linux tftp and dhcpd server:

     

    WinPE Boot with pxelinux
    It requires pxelinux 6.04 or higher so I've included that in winpe-libs.tar.gz

    cd /tftpboot/images
    wget realtechtalk.com/downloads/winpe-tftp.tar.gz
    wget realtechtalk.com/downloads/winpe-tftp-root-libs.tar.gz
    #Extract it into your /tftpboot/

    cd /tftpboot/
    tar -zxvf winpe-tftp-root-libs.tar.gz
    ldlinux.c32
    libcom32.c32
    libutil.c32
    linux.c32
    menu.c32
    pxelinux.0
    wimboot


    cp winpe-libs/* /tftpboot/

    tar -zxvf winpe-tftp.tar.gz
    Edit your /tftpboot/pxelinux.cfg/default

    Add this:

    MENU TITLE WinPE
    label WinPE
    com32 linux.c32
    APPEND wimboot initrdfile=../images/winpe/bootmgr,../images/winpe/bcd,../images/winpe/boot.sdi,../images/winpe/boot.wim

    #the next step is to make sure you have a samba or windows fileshare with the windows install you want

    mkdir -p /tftpboot/images/winstall
    #mount and copy the install you want

    pxeboot the WinPE image then mount the remote share and install windows from it

    Get booting!

    If everything was done right you should be able to boot off your NIC, see the pxellinux menu for winpe and boot into it.

    Once in WinPE type the following command to mount your install share:

    net use z: \192.168.5.20winstall

    z:

     

    Of course change the IP and "winstall" share name to match what you have on your network.
     


    #errors
    linux.c32: not a COM32R image this means your pxelinux is probably trying to open an image like Winpe with wimboot and is too old (upgrade to at least pxelinux 6.04.  The pxelinux.0 file in the winpe-tftp.tar.gz file is from 6.04 so it will automatically update if you overwrite your pxelinux.0 file
     


  • error: Could not locate RPC credentials. No authentication cookie could be found, and no rpcpassword is set in the configuration file Bitcoin Litecoin Error


    error: Could not locate RPC credentials. No authentication cookie could be found, and no rpcpassword is set in the configuration file

    This is usually because the .cookie file cannot be read by the user you are running Litecoin or Bitcoin client/daemon as.

    You can adjust the permissions of the file so that the user or group they are apart of has read permissions.

     


  • OpenVZ Solutions vzquota : (error) Can't open quota file for id 123123, maybe you need to reinitialize quota: No such file or directory


    Error: Unable to apply new quota values: quota not running
    Container start failed (try to check kernel messages, e.g. "dmesg | tail")
    Killing container ...
    Container was stopped
    Error: Unable to apply new quota values: quota not running
    Can't umount /vz/private/123123: Invalid argument


    [root@rtt 123123]# vzquota on 123123
    vzquota : (error) Can't open quota file for id 123123, maybe you need to reinitialize quota: No such file or directory
    You have mail in /var/spool/mail/root
    [root@rtt 123123]# vzquota off 123123
    vzquota : (error) Can't open quota file for id 123123, maybe you need to reinitialize quota: No such file or directory


    problem:

    VE_ROOT="/vz/private/$VEID"
    VE_PRIVATE="/vz/private/$VEID"


    solution = fix VE_ROOT!

    VE_ROOT="/vz/root/$VEID"



     vzctl start 123123
    Starting container...
    Initializing quota ...
    Container is mounted
    Adding IP address(es):
    Setting CPU units: 1000
    Container start in progress...


     


  • curl: (35) Unknown SSL protocol error in connection Solution Centos


    curl: (35) Unknown SSL protocol error in connection

    The main solution is to update curl and nss.  If you are having an issue with curl through Apache/PHP you will need to restart PHP after.

    It's important to remember that this error could mean a lot of things but most often it simply means that curl and openssl may be outdated and only allow newer secure ways of connecting to SSL.

    In general here is how you would fix it in most cases:

    yum -y update curl nss openssl

    *Remember again if your PHP/Apache application is using curl it won't work until you restart Apache


  • sudo: unable to resolve host


    sudo: unable to resolve host yourhostname

    No clue why sudo is doing that when running.

    Solution

     

    Check /etc/hosts

    You will probably find that it doesn't contain "yourhostname" for 127.0.0.1

    Just update the hostname or add a field for your hostname like this:

    127.0.0.1 yourhostname

     


  • "Object of class WP_Term could not be converted to string"


    Normally when I've seen this it's when you are using a variable like a normal string when in fact it's actually an array such as this example:

     

    [Tue Mar 13 04:22:35 2018] [error] PHP Catchable fatal error:  Object of class WP_Term could not be converted to string in /vhost/httpdocs/wp-content/plugins/wp-instagram-post/classes/class-woo-igp.php on line 578


                                    $tags = get_tags($post_id);
                                    foreach ( $tags as $tag )
                                    {
                                       $the_tags=$the_tags. "#". $tag;
                                    }

     

    With the above the $tag variable actually is an array so you would need to reference it like this $tag->name or $tag["name"];

     


  • Wordpress Instagram Post Modify Plugin To Add Tags


    I modified this code after quickly learning how Wordpress plugins actually work, how they're called etc.. was the first trick to modifying the code to add tags.

    Add this code after line 570 in wp-content/plugins/wp-instagram-post/classes/class-woo-igp.php
     


                                    $tags = get_the_tags($post_id);
                                    foreach( $tags as $tag )
                                    {

                                       $the_tags=$the_tags. "#". $tag->name;
                                    }


                                    $message = $message .  "$the_tags";


  • Linux input/output error invalid program cannot read data on some CD-Rs and DVD-Rs on ASUS BW-16D1HT


    I've never seen this before in all of my years.  I have some very old CDs and DVDs 12-15 years old that seem not to work in this BD-R/DVD-R/CD-R Asus drive.

    The discs are fine actually and ironically they even work fine on a normal LG USB based BD-R drive!

    Here are the errors in Linux:
    [2914936.884924] attempt to access beyond end of device
    [2914936.884927] loop1: rw=0, want=730424, limit=688384
    [2914954.556873] attempt to access beyond end of device
    [2914954.556883] loop1: rw=0, want=730328, limit=688384
    [2914954.557225] attempt to access beyond end of device
    [2914954.557230] loop1: rw=0, want=730424, limit=688384
    [2914954.560679] attempt to access beyond end of device
    [2914954.560685] loop1: rw=0, want=730328, limit=688384
    [2914954.666068] attempt to access beyond end of device
    [2914954.666081] loop1: rw=0, want=730072, limit=688384
    [2914969.467216] attempt to access beyond end of device
    [2914969.467231] loop1: rw=0, want=730072, limit=688384


    Mar 12 11:53:13 localhost kernel: [2915064.079511] VFS: busy inodes on changed media or resized disk sr0
    Mar 12 12:55:04 localhost kernel: [2918775.634645] VFS: busy inodes on changed media or resized disk sr0
    Mar 12 12:55:23 localhost kernel: [2918794.508782] VFS: busy inodes on changed media or resized disk sr0
    Mar 12 12:55:40 localhost kernel: [2918811.408231] VFS: busy inodes on changed media or resized disk sr0
    Mar 12 12:55:45 localhost kernel: [2918816.012111] VFS: busy inodes on changed media or resized disk sr0
    Mar 12 12:56:02 localhost kernel: [2918832.911498] VFS: busy inodes on changed media or resized disk sr0
    Mar 12 12:56:16 localhost kernel: [2918847.599010] VFS: busy inodes on changed media or resized disk sr0

    Basically you can read the directory structure and browse it but no actual data from any file even though the discs themselves are fine and 100% working in another drive.

    Drives in question:

    sudo wodim --devices
    wodim: Overview of accessible drives (2 found) :
    -------------------------------------------------------------------------
     0  dev='/dev/sg5'    rwrw-- : 'ASUS' 'BW-16D1HT'
     1  dev='/dev/sg4'    rwrw-- : 'HL-DT-ST' 'BD-RE WP50NB40'
    -------------------------------------------------------------------------
     

    Just to clarify again the Asus has a problem with a lot of my discs whereas the LG works with everything.  I would have thought the USB powered LG would be more likely to have issues.

    I suspect this is some firmware bug in the Asus.  For now I'll use the LG or plugin an old DVD-R SATA based drive.


  • Installing SSL Certificate with Chain Intermediary CA File


    Some of the cheaper or newer SSL suppliers will require this to work properly (otherwise you may be prompted that the cert is invalid when it's not the case but it will certainly scare off your users!).

    In the Apache vhost conf for the domain here is what you add:

    SSLCACertificateFile /path/to/your/cafile.pem

    Here is a full example of an SSL Vhost config in Apache using a CA Certificate file

    <VirtualHost *:443>
    DocumentRoot /www/vhosts/domain.com/httpdocs
    ServerName domain.com
    ServerAlias www.domain.com
    LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"" combined
    CustomLog /www/vhosts/domain.com/stats/access_log combined
    ErrorLog /www/vhosts/domain.com/stats/error_log
    #begin enable SSL
    SSLEngine on
    SSLVerifyClient none
    SSLCertificateFile /www/ssl-certs/www.domain.com-ssl-cert.crt
    SSLCertificateKeyFile /www/ssl-certs/www.domain.com-ssl-private.key

    SSLCACertificateFile /www/ssl-certs/www.domain.com-ssl-ca.crt
    #begin stop SSL
    </VirtualHost>


  • PHP Warning: Cannot load module 'XCache' because conflicting module 'apc' is already loaded in Unknown on line 0


    PHP Warning:  Cannot load module 'XCache' because conflicting module 'apc' is already loaded in Unknown on line 0

    Solution:

    yum remove php-pecl-apc-*


  • Unable to load dynamic library '/usr/lib64/php/modules/module.so' - /usr/lib64/php/modules/module.so: cannot open shared object file: No such file or directory in Unknown on line 0


    Getting this error on Centos 6 with PHP 5.3 when just running "php -v"

     

    PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/module.so' - /usr/lib64/php/modules/module.so: cannot open shared object file: No such file or directory in Unknown on line 0
    PHP Warning:  Cannot load module 'XCache' because conflicting module 'apc' is already loaded in Unknown on line 0

    Solution:

     This is caused by php-mcrypt and usually means your OS doesn't have mcrypt installed and Centos by default doesn't seem to have it.

    The easiest thing to do if you aren't using it is to remove it:

    yum remove php-mcrypt

    You could also edit /etc/php.d/mcrypt.ini and comment the line out and add the module back when and if you get it.


  • How to start screen in bash script or from /etc/rc.local on startup as a specific user


    It takes some tinkering the main thing is that the "-dmS" flag allows screen to start without a session which of course sudo won't have.

    solution:

    /usr/bin/sudo -u user /usr/bin/screen -dmS nameyouchoose /script/start.bash


    this doesn't work at all:

    /usr/bin/sudo -u user "/usr/bin/screen /script/start.bash"


    this doesn't work:

    /usr/bin/sudo -u user /usr/bin/screen /script/start.bash


  • Linux How To Clone One System Harddrive to another remote system


    The easiest way is to use SSH and DD or a combination of netcat.  SSH will be a little slower due to encryption but is the most secure way (on two older systems the average clone speed is about 40-50MB/s).  This is also OS independent as it doesn't matter what the source OS is because you are literallly cloning the drive so you retain the partition table and settings.


     

    Clone HDD using SSH and DD

    dd if=/dev/sourcedrive | ssh user@yourhostname.com "dd of=/dev/destinationdrive"

    However especially in Linux you'll want to do a fsck on all partitions on the remote drive or it probably won't boot because the filesystem recognizes the partitions are not right due to the different drive sizes. More info here.

    Note you will need to use sudo or root on both systems.  I also like to use a live CD/USB/Network on the remote system so that the operation can completely cleanly (especially helpful if that would be the only disk device on the remote system).

     


     

     

    Clone HDD using netcat (nc)

     

    This is the faster but less secure way someone could accidentally or maliciously send random/wrong data to the remote nc causing corruption.  There is of course the risk of eavesdropping where an attacker could essentially have a copy of your cloned hard drive too.

    First setup the remote server.

    Remote Server Setup

    nc -l 29000|dd of=/dev/destinationdrive

    This tells nc to listen on port 29000 and write the data to /dev/destinationdrive

    Now we are ready to push the source drive from the source server.

    Source Server

    dd if=/dev/sourcedrive| nc remoteserver 29000

    This tells dd to take data from /dev/sourcedrive and send it to an nc server at remoteserver on port 29000


  • Ubuntu/Debian/Linux won't boot and drops to Busybox shell after cloning HDD with dd


    I don't recall having this issue in the distant past but nowadays at least Debian seems to be very picky about this.

    I used dd to copy one hard drive to another and tried booting it.  Everything seemed fine with grub working but each time it would drop to the busybox shell.  There is no particular error so this is misleading.

    Normally the first things you would check are to make sure your fstab is correct (that the UUID is correct) and that you've updated grub.  This will not apply or be necessary if you've cloned the entire hard drive (by doing this your partitions still retain the same UUID).

    Part of the issue is likely that the filesystem thinks something is wrong since the partition table is technically going to be incorrect if you clone a 256GB drive to a 3TB for example (as in this case).

    The solution in this case is that you need to fsck the boot and root partitions.  The great news is that this can be done from the same busybox shell that you landed in.

    fsck.ext4 /dev/sda1

    After that reboot and everything should be good!


  • Unable to negotiate with 192.168.1.99 port 22: no matching host key type found. Their offer: ssh-dss Solution


    ssh rtt@192.168.1.199
    Unable to negotiate with 192.168.1.99 port 22: no matching host key type found. Their offer: ssh-dss

    It looks like the DSS option is not considered secure so when connecting from newer Linux systems to an older one you will get the above error.

    It can be fixed (but you should consider upgrading your SSH daemon):

     

    ssh -oHostKeyAlgorithms=+ssh-dss rtt@192.168.1.199 

  • Centos 7 Password Reset


    In Centos 7 the days of editing the "kernel" line and adding "single" are gone.  On top of that sometimes after a new install passwords do not work (possibly because requirements were not met but the installer never mentioned this?).

    1. 1.) On bootup edit the bootline by entering GRUB.
    2. Type e
    3. Find the line that says "linux16 /vmlinuz"
    4. Edit the part that says "ro" and change with "rw init=/sysroot/bin/sh
    5. Hit "Ctrl-X"
    6. Upon bootup type "chroot /sysroot"
    7. password
    8. touch ./autorelabel
    9. exit
    10. reboot

     


  • MySQL Adding New Field to Existing Database Table


    ALTER TABLE existingtable ADD newfieldname VARCHAR(255);


  • MySQL Cannot Update/Write to any database table solution


    This happened on Centos for no apparent reason with no obvious issue in the logs.  Data could be read fine but not written (possibly due to some corruption or out of memory issue in the OpenVZ container is the best guess).

     

    All mysql update and insert queries failed freezing without any error log on any database and table.

    Tried to restart:

    service mysqld restart
    Timeout error occurred trying to stop MySQL Daemon.
    Stopping mysqld:                                           [FAILED]
    MySQL Daemon failed to start.
    Starting mysqld:                                           [FAILED]




    #manually kill mysqld and mysqld_safe

    ps aux|grep mysqld
    root       876  0.0  0.0   3732   584 ?        S     2017   0:00 /bin/sh /usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var/lib/mysql/mysql.sock --pid-file=/var/run/mysqld/mysqld.pid --basedir=/usr --user=mysql
    mysql     1322  2.3  4.2 484384 269240 ?       Sl    2017 12779:34 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib/mysql/plugin --user=mysql --log-error=/var/log/mysqld.log --pid-file=/var/run/mysqld/mysqld.pid --socket=/var/lib/mysql/mysql.sock
    root      2423  0.0  0.0   2360   692 pts/2    S+   13:28   0:00 grep mysqld

    After manually killing everything seemed to work OK after that point.


  • Centos How To Update to Glibc 2.14 Plus


    Centos 6 requires GLIBC 2.12 however a lot of new programs you would want to compile may need a newer glibc.  You can't remove the old glibc since the whole OS is based on it but you can install the updated glibc alongside it and do an export pointing to your updated GLIBC.

    mkdir ~/glibc_install; cd ~/glibc_install

    wget http://ftp.gnu.org/gnu/glibc/glibc-2.14.tar.gz

    tar zxvf glibc-2.14.tar.gz

    cd glibc-2.14

    mkdir build

    cd build

    ../configure --prefix=/opt/glibc-2.14

    make -j4

    sudo make install

    export LD_LIBRARY_PATH=/opt/glibc-2.14/lib

     

    The export should be done in ~/.bashrc or /etc/profile to make it permanent otherwise programs will have unpredictable results.  If you are calling a remote/cron script that needs this GLIBC you should probably do the export in the script itself to be sure.


  • php remove last letters of string


     $title_clean = substr($title,0,-3);

    In the above example the last 3 characters will be removed from the string "$title".  You can of course have the last X removed by changing -3 to -X


  • MySQL Maximum INT Size Truncation Issue/Warning


    MySQL will silently truncate a larger INT than capable.

    Check MySQL's own documentation here:

    As we can see the maximum size of INT (which is the most commonly used) is 2147483647

    A lot of coders make this mistake by using very large values such as 9999999999 but it would actually truncate to 2147483647 which is the maximum size of an INT.  This is dangerous because any value over that would truncate to that exact maximum number causing duplicate or unintended entries.


     

    Type Storage Minimum Value Maximum Value
      (Bytes) (Signed/Unsigned) (Signed/Unsigned)
    TINYINT 1 -128 127
        0 255
    SMALLINT 2 -32768 32767
        0 65535
    MEDIUMINT 3 -8388608 8388607
        0 16777215
    INT 4 -2147483648 2147483647
        0 4294967295
    BIGINT 8 -9223372036854775808 9223372036854775807
        0 1844674407370955161

     


  • MySQL How To Add New Field Column To Existing Table


    ALTER TABLE thetable ADD newfield VARCHAR(255)

    It's very simple just specify "the table" and then the newfield type


  • mysql how to reset passwords with a few commands


    The commands below will help you reset any mysql user password.

    use mysql;

    update user set password=PASSWORD('thenewpass') where User='theusername';

    flush privileges;

     

    1. The first line says to use the "mysql" database which contains all the user info.
    2. the second update line sets the new password "thenewpass" for the user "theusername".
    3. the third line flushes privileges this is necessary otherwise the new password will not work or actually be applied.

  • htaccess apache how deny/allow to block or allow by IP address


    order deny,allow
    Deny From All
    Allow From 8.8.8.8

    A simple and quick way to improve security by only allowing specific IPs to your web application.

    In this case the above allows only the IP 8.8.8.8 to access things and everything else is denied.


  • PHP geoip.so fatal error Solution


    PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib64/php/modules/geoip.so' - /usr/lib64/php/modules/geoip.so: undefined symbol: GeoIP_country_code_by_name_v6 in Unknown on line 0

     Remove the GEOIP from PHP:

    php71w-pecl-geoip-1.1.1-1.w6.x86_64


     

    PHP Fatal error:  PHP Startup: apc_shm_create: shmget(0, 67108864, 914) failed: Invalid argument. It is possible that the chosen SHM segment size is higher than the operation system allows. Linux has usually a default limit of 32MB per segment. in Unknown on line 0
    PHP Fatal error:  PHP Startup: apc_shm_attach: shmat failed: in Unknown on line 0

    Solution

    Already found it earlier just edit sysctl kernel.shmmax

    /apc_shm_attach_shmat_failed_in_Unknown_on_line_0_apc_shm_create_shmget0_67108864_914_failed_PHP_Solution-1804-articles


  • Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/httpd/modules/libphp5.so: cannot open shared object file: No such file or direct


    Stopping httpd:                                            [  OK  ]
    Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/httpd/modules/libphp5.so: cannot open shared object file: No such file or directory
                                                               [FAILED]

     

    I actually installed PHP 7 so the file /etc/httpd/modules in php.conf should be:

    libphp5.so

     

    Apache still won't start:

     

    Stopping httpd:                                            [  OK  ]
    Starting httpd: httpd: Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Can't locate API module structure `php5_module' in file /etc/httpd/modules/libphp7.so: /etc/httpd/modules/libphp7.so: undefined symbol: php5_module
                                                               [FAILED]
     

     

    Solution

    Look carefully at the whole "Load" line to make sure it makes sense.

    LoadModule php5_module modules/libphp7.so

    Although I updated the line to say libphp7.so I didn't notice the "Load Module php5_module" so you have to update it the final solution is this:

     

    LoadModule php7_module modules/libphp7.so


  • GCC 5 on Centos 6 - How To Install


    Install requirements:


    yum -y install gmp-devel mpfr-devel libmpc-devel glibc-devel glibc-devel.i686 zip unzip jar

     

    Download, untar, configure, compile and install GCC



    http://mirrors.kernel.org/gnu/gcc/gcc-5.5.0/gcc-5.5.0.tar.gz
    tar -zxvf gcc-5.5.0.tar.gz
    cd gcc-5.5.0
    ./configure
    make
    make install

    Now you need to cleanup the old GCC by removing it (ironically it was required to make the new GCC and now we have to toss it away!

    yum remove gcc
    rm -rf /usr/bin/gcc
    rm -rf /usr/bin/c++
    rm -rf /usr/bin/cc


    ln -s /usr/local/bin/x86_64-unknown-linux-gnu-gcc-5.5.0 /usr/bin/gcc
    ln -s /usr/local/bin/x86_64-unknown-linux-gnu-c++ /usr/bin/c++
    ln -s /usr/local/bin/x86_64-unknown-linux-gnu-gcc /usr/bin/cc


  • bash find line and replace howto


    First find the line number:

    awk '/what you are searching for/{ print NR; exit }' input-file

    86

    Now use sed to replace it:

    sed -i  86s/.*/"your replacement text"/ $file

     

    Here is a full sample script to automate it:

    file=some/file.txt
    linenum=`awk /'your search query/{ print NR; exit }' $file`
    newline=`echo -e "your new line here")`
    sed -i "$linenum"s/.*/"$newline"/ $file


  • How To Create Apache htpasswd file


    This just simply outputs what you need a username and password that can be used to authenticate from .htaccess

    htpasswd -nb user password
    user:Gnb6uE9Lp4gt2
     

    If you want to write it straight to a file

    htpasswd -cb /tmp/somefile.pw user password

    How To Use This In .htaccess

    AuthUserFile /tmp/somefile.pw
    AuthName GetLost!!
    AuthType Basic

    #make sure you require a user!

    require valid-user 

  • possible SYN flooding on ctid 42131, port 80. Sending cookies. - Solution


    The Linux Kernel interpretated a very high volume of real traffic as a DDOS attack so it basically ends up blocking your web server.

    possible SYN flooding on ctid 42131, port 80. Sending cookies.

    Simple fix edit sysctl values for max_syn_backlog
    sysctl -w net.ipv4.tcp_max_syn_backlog=5000


    To make them permanent edit /etc/sysctl.conf

    echo "net.ipv4.tcp_max_syn_backlog=5000" >> /etc/sysctl.conf


  • Linux last command show login by IP instead of hostname


    In the "last" command in Linux by default it will show the information with the hostname (not very useful at all especially since it normally truncates long hostnames).

    To get last to show the IP address use this:

    last -i

    The -i makes it show the numeric IP instead of hostname.


  • Install Windows From a Linux TFTP Server instead of using WDS Solution


    yum -y install samba
    vi /etc/samba/smb.conf

    https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.zip
    mkdir syslinux;cd syslinux;unzip syslinux-6.03.zip

    mkdir -p /tftpboot/libs/

    cp bios/com32/modules/linux.c32 /tftpboot/libs/
    cp bios/com32/libutil/libutil.c32 /tftpboot/libs/
    cp bios/com32/lib/libcom32.c32 /tftpboot/libs/

    #add lib path
    echo "PATH libs" >> /tftpboot/pxelinux.cfg/default

    cp ./bios/com32/elflink/ldlinux/ldlinux.c32 /tftpboot/

    #now get WIMBoot
    wget http://git.ipxe.org/releases/wimboot/wimboot-latest.zip
    unzip wimboot-latest.zip

    cp -va wimboot*/wimboot /tftpboot/libs/


    mkdir win2012r2
    mkdir -p /tftpboot/images/win2012r2

    mount -o loop windows-2012-r2-eval-9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO win2012r2/
    cd win2012r2/
    [root@evodal01 win2012r2]# ls
    autorun.inf  boot  bootmgr  bootmgr.efi  efi  setup.exe  sources  support


    cp bootmgr /tftpboot/images/win2012r2
    cp boot/bcd  /tftpboot/images/win2012r2
    cp boot/boot.sdi  /tftpboot/images/win2012r2
    cp sources/boot.wim /tftpboot/images/win2012r2/


    label Win2012R2
    com32 linux.c32 libs/wimboot
    APPEND wimboot initrdfile=images/win2012r2/bootmgr,images/win2012r2/bcd,images/win2012r2/boot.sdi,images/win2012r2/boot.wim

     


  • How To Secure Samba NMBD/SMBD to bind to a specific IP address


    By default Samba SMB/NMB listen on ANY and ALL IPs on your system by binding to 0.0.0.0.  Obviously this is a huge security risk if you have a public facing server with both internal and external access.  Usually when a system administrator sets up a samba server their intention is just to share with a LAN.

    To do this you need to the following options under the [global] section in smb.conf

    bind interfaces only = yes
    interfaces = 192.168.1.10
    hosts allow = 192.168.1.

    The "bind interfaces only" tells Samba to only bind to the IP specified under "interfaces".

    hosts allow is there for good measure (normally hosts allow will the only thing stopping people from the outside from accessing your samba server).  The safest way of course is to firewall on the public WAN side and to not bind to any interface or IP that you don't want to have access.

     


  • tftp: client does not accept options - solution if you are using UEFI PXEBoot disable it!


    tftp: client does not accept options

    I spent the good portion of a late evening on this double checking settings that I know always worked right for tftp!

    This error can also happen if you are trying to boot PXE in UEFI mode.  Enter your BIOS and change it to "Legacy PXE" or non-UEFI PXE mode and you'll be good to go!


  • Linux how to view video card make and exact model


    Normally lspci will show you just like this and would suggest they are exactly the same card:

    1a:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)
    1c:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)

    lspci -vnn is the answer

    As we can see one is a Gigabyte and the other is an MSI card.  What's interesting about Linux is that it says what you may not already know bute the RX 470/480/570/580 are essentially the same cards/family.

    1a:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] [1002:67df] (rev e7) (prog-if 00 [VGA controller])
            Subsystem: Gigabyte Technology Co., Ltd Device [1458:22f1]
            Flags: bus master, fast devsel, latency 0, IRQ 33
            Memory at d0000000 (64-bit, prefetchable) [size=256M]
            Memory at e0000000 (64-bit, prefetchable) [size=2M]
            I/O ports at 2000 [size=256]
            Memory at e0300000 (32-bit, non-prefetchable) [size=256K]
            [virtual] Expansion ROM at 000c0000 [disabled] [size=128K]
            Capabilities: <access denied>
            Kernel driver in use: amdgpu
            Kernel modules: amdgpu

    1c:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] [1002:67df] (rev e7) (prog-if 00 [VGA controller])
            Subsystem: Micro-Star International Co., Ltd. [MSI] Device [1462:3418]
            Flags: bus master, fast devsel, latency 0, IRQ 36
            Memory at b0000000 (64-bit, prefetchable) [size=256M]
            Memory at c0000000 (64-bit, prefetchable) [size=2M]
            I/O ports at 1000 [size=256]
            Memory at e0200000 (32-bit, non-prefetchable) [size=256K]
            Expansion ROM at e0260000 [disabled] [size=128K]
            Capabilities: <access denied>
            Kernel driver in use: amdgpu
            Kernel modules: amdgpu

     


  • Authentication refused: bad ownership or modes for directory /home/user SSH Public Key Authentication Failed Solution


    First of all I got this error after accidentally messing up my usergroup by using usermod -G user group

    When I would login using SSH keys it would fail:

    sshd[2020]: Authentication refused: bad ownership or modes for directory /home/one

    No worries, the fix is simple!

    chmod g-w /home/use
    
    

  • How to Update Linux /usr/share/misc/pci.ids


    This works with lspci and if it's outdated may not give you the exact manufacturer and device model.

    For example take these 3 different RX 580's:

    1a:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Device 67df (rev e7)
    1b:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Device 67df (rev e7)
    1d:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Device 67df (rev e7)
     

    You can update it like so:

    sudo wget -O /usr/share/misc/pci.ids http://pci-ids.ucw.cz/v2.2/pci.ids

    Now try again after updating:

    1a:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)
    1b:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)
    1d:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Ellesmere [Radeon RX 470/480/570/580] (rev e7)


  • pcimodules and lspci not working alternative solution


    pcimodules no longer works it produces nothing probably because the format of /sys/bus/pci is different.

    lspci -k doesn't work on older lspci versions.

    pciutils can be compiled but it won't work if you have an old system and compile on a newer glibc.

    iteriate through /sys/bus/pci/devices/*/modalias

    cat /sys/bus/pci/devices/*/modalias
    pci:v00008086d00001237sv00000000sd00000000bc06sc00i00
    pci:v00008086d00007000sv00000000sd00000000bc06sc01i00
    pci:v00008086d00007111sv00000000sd00000000bc01sc01i8A
    pci:v000080EEd0000BEEFsv00000000sd00000000bc03sc00i00
    pci:v00008086d0000100Esv00008086sd0000001Ebc02sc00i00
    pci:v000080EEd0000CAFEsv00000000sd00000000bc08sc80i00
    pci:v00008086d00002415sv00008086sd00000000bc04sc01i00
    pci:v0000106Bd0000003Fsv00000000sd00000000bc0Csc03i10
    pci:v00008086d00007113sv00000000sd00000000bc06sc80i00




    compare it to /lib/modules/4.4.98/modules.alias
    pci:v00008086d00001237sv00000000sd00000000bc06sc00i00
    the part we care about is:
    8086d00001237 (note I now truncate more of the end so try again removing the 7 or even the 73 at the end to be more inclusive or you will have a lower success rate).


    cat /lib/modules/4.4.98/modules.alias|grep 8086d0000123
    alias pci:v00008086d00001234sv*sd*bc*sc*i* pata_mpiix
    alias pci:v00008086d00001230sv*sd*bc*sc*i* pata_oldpiix
    alias pci:v00008086d00001234sv*sd*bc*sc*i* piix
    alias pci:v00008086d00001230sv*sd*bc*sc*i* piix

    So bash to the rescue!

    iteriate through /sys/bus/pci/devices/*/modalias

    compare it to /lib/modules/4.4.98/modules.alias

     bash script that I use in my init

    #use this code to do the same thing as pcimodules
    for device in `ls -1 /sys/bus/pci/devices/`; do
       device=`cat /sys/bus/pci/devices/$device/modalias`
        #specifying 9:11 or 9:14 with 9:11 being less restrictive and presenting more options
        #9:14 drills down and is more strict giving you less chance of getting the wrong driver
       alias=${device:9:14}
       kernversion=`uname -r`
       module=`cat /lib/modules/$kernversion/modules.alias|grep $alias|awk '{print $3}'`
       if [ ! -z "$module" ]; then
         for mod in $module; do
         echo "module for $device $alias =$module"
         modprobe $module
         done
         else
         echo "No module found for $device $alias"
       fi
    done


  • How to disable Google Fonts in Wordpress


    edit theme css:

    Click "Appearance -> Editor -> Stylesheet"

    http://yourblog.com/wp-admin/theme-editor.php?file=style.css&theme=twentysixteen

    textarea {
        color: #1a1a1a;
        /*font-family: Merriweather, Georgia, serif;*/
        font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif





    line 210


    edit wp-content/themes/twentysixteen/functions.php

            //return $fonts_url;
            return 0;

    #another problem is that in the code this shows up still:
    <link rel='stylesheet' id='open-sans-css'  href='https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C300%2C400%2C600&#038;subset=latin%2Clatin-ext&#038;ver=4.4.11' type='text/css' media='all' />


    edit wp-includes/script-loader.php
    line 708:


                    $open_sans_font_url = "https://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,300,400,600&subset=$subsets";
                    $open_sans_font_url = "";


  • Unable to load dynamic library /usr/lib64/php/modules/php_openssl


     Unable to load dynamic library '/usr/lib64/php/modules/php_openssl'

    not sure how to fix this


  • mysqld in Linux hacked


    Check for crap in /var/lib/mysql like this

     

    ls -al /var/lib/mysql/
    total 20888
    drwxr-xr-x 24 mysql mysql     4096 Oct  3 18:30 .
    drwxr-xr-x 20 root  root      4096 Oct  3 04:23 ..

    -rw-rw-rw-  1 mysql mysql    11776 Oct  3 17:10 c:exp.exe
    -rw-rw-rw-  1 mysql mysql    48128 Oct  3 17:10 c:exp1.exe
    -rw-rw-rw-  1 mysql mysql    55296 Oct  3 17:10 c:exp2.exe
    -rw-rw-rw-  1 mysql mysql    33812 Oct  3 17:10 c:tan.exe
    -rw-rw-rw-  1 mysql mysql    45056 Oct  3 17:10 c:tan1.exe
     

    This happened to a client who didn't firewall their port 3306 and had a weak root password.


  • W: GPG error: http://archive.debian.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AED4B06F473041FA NO_PUBKEY 64481591B98321F9


    W: GPG error: http://archive.debian.org squeeze Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AED4B06F473041FA NO_PUBKEY 64481591B98321F9

    No clue how to fix this.


  • cannot mount kvm ntfs image


    guestmount -a kvmuserscra.img -m /dev/sda1 mount
    libguestfs: error: mount_options: /dev/sda1 on / (options: ''): mount: unknown filesystem type 'ntfs'
    guestmount: '/dev/sda1' could not be mounted.
    guestmount: Did you mean to mount one of these filesystems?
    guestmount:     /dev/sda1 (ntfs)
    guestmount:     /dev/sda2 (ntfs)



    yum -y install ntfs-3g

    still doesn't work
     


  • h264 DVR security camera footage cannot be played


    This is not just a Linux issue but a general issue most software or hardware players cannot play the resulting exported/backed up format of .h264 from DVR security camera footage for some silly reason.

    There is a simple solution in Linux using ffmpeg fortunately.

    Convert the .h264 file into mp4


    ffmpeg -i yourfile.h264 -codec copy video.mp4

     

    play dvr .h264 file

     ffplay -f h264 yourfile.h264

     


     


  • dhcpd.conf how to secure so only known and allowed clients will be given dhcpd IP address leases


    It's really simple and just a matter of the following line within the subnet declaration.

      deny unknown-clients;

    See example below:

    subnet 10.25.20.0 netmask 255.255.255.0 {
      range 10.25.20.11 10.25.20.254;
      deny unknown-clients;
      option routers 10.25.20.10;
      option domain-name-servers 208.67.222.222;

       host client05 {
       hardware ethernet aa:bb:cc:dd:ee:ff;

       }

    }

     

    After that only clients with a declared host statement will be able to get a DHCP lease increasing security a little bit.

     


  • Thunderbird E-mail List Blank White but e-mails still clickable and viewable


    In Thunderbird in a very large folder suddenly all of my e-mail list became blank/white even though you could click on the invisible/white/blank lines and it would show the e-mails.  I tried to close and reopen but only going to Folder -> Properties and clicking Repair Folder fixed it (basically it had to redownload/rebuild the entire index and all e-mails).


  • css responsive images


    add this style="background-size: contain;max-width: 100%; height: auto;" to your img code.
    Example: <img style='background-size: contain;max-width: 100%; height: auto;' src="/some/pic.jpg">

    This code is really essential because in responsive mode on a phone it will cause images to be cut off and unviewable past the width of the device.

    Another nice trick is to add this as css to the img tag based on maximum screen width (this way no html code has to be changed):

     

    @media only screen and (min-width: 300px) and (max-width:1024px) {
           img {
            background-size: contain;max-width: 100%; height: auto
               }
    }

     

    If you want to center the image use this:

    margin-left:auto;margin-right:auto

           img {
            background-size: contain;max-width: 100%; height: auto;
    margin-left:auto;margin-right:auto

               }


  • responsive table without changing much code solution


    So you've got a responsive site with tables but it breaks them so anything not viewable on the screen is now cut off.

    Here is a simple solution that will allow users to scroll horizontally so they can see the whole table:

    <div style="overflow-x:auto;">
      <table>
         <tr>

             <td></td>

         </tr>
      </table>
    </div>

     

    Basically just put it inside a div with the 'style="overflow-x:auto;".


  • yum how to install old obsolete packages


    This is important as unfortunately Centos may designate a package obsolete and the replacement breaks everything (eg. you have a config file and the new replacement is not at all compatible with it and it breaks your application).

    This is where disabling obsoletes comes into play, it can be done from yum but it doesn't work at the time I find.

    yum --setopt=obsoletes=0 install someapp  However I find it still installs the new app and not the one you ask for until the second run which is kind of pointless.
    I recommend just turning this feature off from yum.conf

    vi /etc/yum.conf

    obsoletes=0
     


  • PHP Howto Store Value of Included File Output Into Variable


    ob_start();

    include "yourfile.php";

    $stored_value=ob_get_clean();