Linux – the foremind

May 11, 2018May 11, 2018 by Andrew Fore

proxmox-logo-150x150-9332074If you have just installed the most recent release of the virtualization platform Proxmox, you might have noticed the that steps to disable the subscription pop-up dialog have changed, well, other than actually purchasing a subscription, I suppose.  I have chosen to not purchase a subscription for the same reason I don’t have one for VMware’s vSphere Hypervisor, I am not running this in a production setting that requires paid support or premium features. The following steps will disable the subscription pop-up.

Backup the javascript file

The pop-up contents, and whether or not are displayed, are controlled by a function in a javascript file.  The first step should always be to make a backup, just in case Murphy rings your doorbell.

root@pve:~# cd /usr/share/pve-manager/js/
root@pve:/usr/share/pve-manager/js# cp -p pvemanagerlib.js pvemanagerlib.js_backup

Edit the javascript file

Open the pvemanagerlib.js file in your favorite editor.  If this is a vanilla, unmodified installation, skip to line 850.  If this is not the first time that you have edited the file, search for the first occurrence of the following snippet, which will be in the function that we need to alter:

gettext('No valid subscription')

The text of the check for the function should be altered so that the conditional for the check reads as follows:

before

if (data.status !== 'Active') {

after

if (false) {

Notes

As I stated in the original paragraph, the specifics apply to v. 5.1-3 and that the location of the file has changed from previous versions.  A good way to find the file is to use the locate command, which you will have to install first:

root@pve:~# apt-get update
Ign:1 http://ftp.us.debian.org/debian stretch InRelease
Get:2 http://security.debian.org stretch/updates InRelease [94.3 kB]
Get:3 http://ftp.us.debian.org/debian stretch Release [118 kB]
Get:4 http://ftp.us.debian.org/debian stretch Release.gpg [2,434 B]
Get:5 http://security.debian.org stretch/updates/main amd64 Packages [374 kB]
Get:6 http://ftp.us.debian.org/debian stretch/main amd64 Packages [7,122 kB]
Get:7 http://security.debian.org stretch/updates/main Translation-en [165 kB]
Get:8 http://security.debian.org stretch/updates/contrib amd64 Packages [1,776 B]
Get:9 http://security.debian.org stretch/updates/contrib Translation-en [1,759 B]



root@pve:~# apt-get install mlocate
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  mlocate
0 upgraded, 1 newly installed, 0 to remove and 85 not upgraded.
Need to get 96.5 kB of archives.
After this operation, 495 kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org/debian stretch/main amd64 mlocate amd64 0.26-2 [96.5 kB]
Fetched 96.5 kB in 0s (315 kB/s)
Selecting previously unselected package mlocate.
(Reading database ... 40185 files and directories currently installed.)
Preparing to unpack .../mlocate_0.26-2_amd64.deb ...
Unpacking mlocate (0.26-2) ...
Setting up mlocate (0.26-2) ...
update-alternatives: using /usr/bin/mlocate to provide /usr/bin/locate (locate) in auto mode
Adding group `mlocate' (GID 115) ...
Done.
Processing triggers for man-db (2.7.6.1-2) ...
root@pve:~# updatedb
root@pve:~# locate pvemanagerlib.js
/usr/share/pve-manager/js/pvemanagerlib.js
/usr/share/pve-manager/js/pvemanagerlib.js_backup

As you can see the mlocate package makes finding the file so much easier.

Categories Linux, Proxmox, VirtualizationLeave a comment October 5, 2015 by Andrew Fore

One of the tools that I use on a regular basis to test network connectivity updates is the “z” option of netcat.  Apparently when RedHat rolled out the latest version of their distribution of RedHat Enterprise Linux (RHEL) they decided to move to using the nmap-ncat package instead of the nc package.  The command options a very different.

So when attempting to test single port like I would have under previous releases I now use the following syntax:

# echo | nc -w1 $host $port >/dev/null 2>&1 ;echo $?

If the result that is returned is a zero then you have successfully connected to the remote host on the desired port. This also applies to CentOS 7 since it is a “clone” or copyleft port of the RHEL7 binaries.

Categories CentOS, Linux, Tips n Tricks, Uncategorized1 Comment June 10, 2015 by Andrew Fore

While logging into one of the Linux jump boxes at work today, it occurred to me that while I recently got notified about my password expiration from our Active Directory farm, I had no idea when my Linux password would expire or what the password life was.

To find out this information you can easily use the chage command.

Here is what the output looks like:

[code language=”bash”][user@myserver ~]$ chage -l user Last password change : Apr 09, 2015 Password expires : Jul 08, 2015 Password inactive : never Account expires : never Minimum number of days between password change : 1 Maximum number of days between password change : 90 Number of days of warning before password expires : 7

[/code]

It may seem like such a simple thing to do, but knowing when your password expires can be a lifesaver on occasion.

Categories Linux, Tips n Tricks, Uncategorized1 Comment January 8, 2017March 17, 2015 by Andrew Fore cli_img-9516036

In my day job as a Systems Engineer I frequently find myself switching between different UNIX and Linux distributions.  While many of the commands exist on both sides of the aisle, I often find vast differences in the command line parameters that can be consumed by a given command when used in, for example, Linux vs Solaris.

Recently I came upon this again with the need to easily ferret out the majority consumer of drive space on a Solaris 10 system.  While we did have the xpg4 specification support available, the du command was still missing my favorite option “max-depth”.

In Linux I use this to limit the output to only the current directory level so that I don’t have to face to possibility of wading through a tremendously large listing of sub-directories to find the largest directory in the level I am in.  Unfortunately, in Solaris, even with xpg4, the du command doesn’t have this option, so my solution was to pipe the results through egrep and use that to filter out the sub-directories.

Read moreSolaris Tip of the Week: a better du experience

Categories Linux, Solaris, Tips n Tricks, Uncategorized1 Comment

CentOS – the foremind

January 8, 2017August 28, 2016 by Andrew Fore password-3881494

As part of the rebuild on my Plex Media Server using CentOS 7, I had intended to configure Google Authenticator but hadn’t gotten around to doing it yet.  As I got into the process recently I discovered that many of the steps that I had used when configuring my CentOS 6 Digital Ocean droplet were out of date to the point of uselessness.

I also discovered that most of the guides that I found either relied on the older 1.0 code release which was also outdated or used a unknown RPM repo.  As such I decided to write up the process that I followed to use the code downloaded from the official GitHub repository.

NOTE: If you are doing this in an enterprise setting, it is likely that your company has particular settings and restrictions that you may need to adhere to (e.g., not running things as the root user). Also, please note that all of my examples use the CentOS defaults unless specifically noted.

Read moreConfigure Google Authenticator on CentOS 7

Categories CentOS, Google, Security, Tips n Tricks, UncategorizedTags 2FALeave a comment October 5, 2015 by Andrew Fore

One of the tools that I use on a regular basis to test network connectivity updates is the “z” option of netcat.  Apparently when RedHat rolled out the latest version of their distribution of RedHat Enterprise Linux (RHEL) they decided to move to using the nmap-ncat package instead of the nc package.  The command options a very different.

So when attempting to test single port like I would have under previous releases I now use the following syntax:

# echo | nc -w1 $host $port >/dev/null 2>&1 ;echo $?

If the result that is returned is a zero then you have successfully connected to the remote host on the desired port. This also applies to CentOS 7 since it is a “clone” or copyleft port of the RHEL7 binaries.

Categories CentOS, Linux, Tips n Tricks, Uncategorized1 Comment

Security – the foremind

January 8, 2017August 28, 2016 by Andrew Fore password-6368422

As part of the rebuild on my Plex Media Server using CentOS 7, I had intended to configure Google Authenticator but hadn’t gotten around to doing it yet.  As I got into the process recently I discovered that many of the steps that I had used when configuring my CentOS 6 Digital Ocean droplet were out of date to the point of uselessness.

I also discovered that most of the guides that I found either relied on the older 1.0 code release which was also outdated or used a unknown RPM repo.  As such I decided to write up the process that I followed to use the code downloaded from the official GitHub repository.

NOTE: If you are doing this in an enterprise setting, it is likely that your company has particular settings and restrictions that you may need to adhere to (e.g., not running things as the root user). Also, please note that all of my examples use the CentOS defaults unless specifically noted.

Read moreConfigure Google Authenticator on CentOS 7

Categories CentOS, Google, Security, Tips n Tricks, UncategorizedTags 2FALeave a comment January 8, 2017March 18, 2015 by Andrew Fore password-6368422

In many cases your enterprise Active Directory will not involve too many domains, in fact it is quite common for an Active Directory implementation to only include one domain.  In some cases, however, when you have the unfortunate situation of having a username in multliple domains with differing policies on password expiration it is useful to be able to know when your password, or that of another user will expire.  Here is an easy way to accomplish this from the command line.

For the current active user

[code language=”bash”] net user /domain

[/code]

For a different user

[code language=”bash”] net user /domain _username_here_

[/code]

Here is an example of the output:

[code language=”bash”] User name afore Full Name Andrew Fore Comment User’s comment Country code 000 (System Default) Account active Yes

Account expires Never

Password last set 1/29/2015 4:38:37 PM Password expires 4/29/2015 4:38:37 PM Password changeable 1/29/2015 4:38:37 PM Password required Yes

User may change password Yes

Workstations allowed All Logon script User profile Home directory

Last logon 3/18/2015 3:27:55 PM

Logon hours allowed All

Local Group Memberships Global Group memberships *VMWare Admins *Domain Users *Staff

[/code]

If you notice there is a lot of useful information regarding the user account here, but of particular interest in my situation was the value of Password expires since I was trying to ensure that I got my password reset prior to the policy setting so that I would not find myself locked out over the weekend that I went on call when the Helpdesk would be closed.

Categories Security, Uncategorized, WindowsLeave a comment

Home Automation – the foremind

Lately I have been dipping my toe into the pool of home automation and smarthome technologies.  While I have been interested in having a smarthome ever since I watched my first few episodes of the SyFy channel show Eureka.  My interest was advanced even more by Google I/O 2016 and the demo of Google Assistant.

So a few months ago I ventured into this new world of technology (new for me at least) cautiously by purchasing a pair of the LIFX White 800 smart bulbs that were on sale at Walmart due to the release of the LIFX Generation 3 A19.

I found that the Android app was very easy to configure, and that I could easily add the light bulbs to multiple Android devices.  I was disappointed to find that they were not immediately compatible Siri on my wife’s iPhone due to the lack of a suitable homekit bridge/hub.  This was remedied easily enough by configuring the open-source NodeJS server homebridge and a plugin (homebridge-lifx-lan or homebridge-lifx)  to connect the light bulbs to the Apple Home application.

Adding the lightbulbs to the LIFX app on my Pixel was fairly straight forward and went off without a hitch.

I have found the light bulbs easy enough to manage.  The hue range and brightness are quite suitable for the application, namely the nightstand lights in the master bedroom and I would definitely recommend these to anyone that doesn’t have a need for more than just white led light bulbs.

Virtualization – the foremind

proxmox-logo-150x150-1229219If you have just installed the most recent release of the virtualization platform Proxmox, you might have noticed the that steps to disable the subscription pop-up dialog have changed, well, other than actually purchasing a subscription, I suppose.  I have chosen to not purchase a subscription for the same reason I don’t have one for VMware’s vSphere Hypervisor, I am not running this in a production setting that requires paid support or premium features. The following steps will disable the subscription pop-up.

Backup the javascript file

The pop-up contents, and whether or not are displayed, are controlled by a function in a javascript file.  The first step should always be to make a backup, just in case Murphy rings your doorbell.

root@pve:~# cd /usr/share/pve-manager/js/
root@pve:/usr/share/pve-manager/js# cp -p pvemanagerlib.js pvemanagerlib.js_backup

Edit the javascript file

Open the pvemanagerlib.js file in your favorite editor.  If this is a vanilla, unmodified installation, skip to line 850.  If this is not the first time that you have edited the file, search for the first occurrence of the following snippet, which will be in the function that we need to alter:

gettext('No valid subscription')

The text of the check for the function should be altered so that the conditional for the check reads as follows:

before

if (data.status !== 'Active') {

after

if (false) {

Notes

As I stated in the original paragraph, the specifics apply to v. 5.1-3 and that the location of the file has changed from previous versions.  A good way to find the file is to use the locate command, which you will have to install first:

root@pve:~# apt-get update
Ign:1 http://ftp.us.debian.org/debian stretch InRelease
Get:2 http://security.debian.org stretch/updates InRelease [94.3 kB]
Get:3 http://ftp.us.debian.org/debian stretch Release [118 kB]
Get:4 http://ftp.us.debian.org/debian stretch Release.gpg [2,434 B]
Get:5 http://security.debian.org stretch/updates/main amd64 Packages [374 kB]
Get:6 http://ftp.us.debian.org/debian stretch/main amd64 Packages [7,122 kB]
Get:7 http://security.debian.org stretch/updates/main Translation-en [165 kB]
Get:8 http://security.debian.org stretch/updates/contrib amd64 Packages [1,776 B]
Get:9 http://security.debian.org stretch/updates/contrib Translation-en [1,759 B]



root@pve:~# apt-get install mlocate
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  mlocate
0 upgraded, 1 newly installed, 0 to remove and 85 not upgraded.
Need to get 96.5 kB of archives.
After this operation, 495 kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org/debian stretch/main amd64 mlocate amd64 0.26-2 [96.5 kB]
Fetched 96.5 kB in 0s (315 kB/s)
Selecting previously unselected package mlocate.
(Reading database ... 40185 files and directories currently installed.)
Preparing to unpack .../mlocate_0.26-2_amd64.deb ...
Unpacking mlocate (0.26-2) ...
Setting up mlocate (0.26-2) ...
update-alternatives: using /usr/bin/mlocate to provide /usr/bin/locate (locate) in auto mode
Adding group `mlocate' (GID 115) ...
Done.
Processing triggers for man-db (2.7.6.1-2) ...
root@pve:~# updatedb
root@pve:~# locate pvemanagerlib.js
/usr/share/pve-manager/js/pvemanagerlib.js
/usr/share/pve-manager/js/pvemanagerlib.js_backup

As you can see the mlocate package makes finding the file so much easier.

Google – the foremind

January 8, 2017August 28, 2016 by Andrew Fore password-4456292

As part of the rebuild on my Plex Media Server using CentOS 7, I had intended to configure Google Authenticator but hadn’t gotten around to doing it yet.  As I got into the process recently I discovered that many of the steps that I had used when configuring my CentOS 6 Digital Ocean droplet were out of date to the point of uselessness.

I also discovered that most of the guides that I found either relied on the older 1.0 code release which was also outdated or used a unknown RPM repo.  As such I decided to write up the process that I followed to use the code downloaded from the official GitHub repository.

NOTE: If you are doing this in an enterprise setting, it is likely that your company has particular settings and restrictions that you may need to adhere to (e.g., not running things as the root user). Also, please note that all of my examples use the CentOS defaults unless specifically noted.

Read moreConfigure Google Authenticator on CentOS 7

Categories CentOS, Google, Security, Tips n Tricks, UncategorizedTags 2FALeave a comment March 2, 2015 by Andrew Fore

If you are a Safari user then you are likely used to the “reader mode” which disables all the extra graphical stuff and focuses the view on the content of the article.  Thanks to a tip from Google Plus user Francois Beaufort, here’s how to enable it on the desktop (in Windows at the very least, I haven’t tried in any other OS).

If you’re on desktop, playing with it is as easy as running chrome with the –enable-dom-distiller switch. Once it’s done, you’ll notice a new “Distill page” menu item.

Hopefully this will make it to mainstream with a nice icon.

Categories Google, Tips n Tricks, UncategorizedLeave a comment

Networking – the foremind

Recently I acquired an EdgeRouter X from Ubiquiti Networks to handle the routing and firewall functions of my home network.  This was prompted by a desire to separate each of my network functions to individual components and to get a better piece of equipment than the run-of-the-mill Comcast rental gear.

After configuring the equiment and updating to the latest firmware, I decided to also configure my network DNS to flow through OpenDNS instead of Comcast DNS.  This also allowed me to configure content filtering so that my grandchildren wouldn’t accidentally get shuffled into some crazy website instead of Disney Junior.

The steps to configure this are not quit as simple as on some other setups.  OpenDNS didn’t have any instructions on this and sent inquiring users to the Ubiquiti Community Forums.  Here is the method that I used:

Step One – Open main system configuration

In the main windows of the web interface for the EdgeRouter X, click on the System button towards the bottom left of the window. This will bring up the main system configuration screen.

Step Two – Configure the System Name Server values

Add the first OpenDNS IP address in the visible field.  Click the Add New button to add a second field, then enter the second OpenDNS IP address into that field.  Scroll down to the bottom of the System settings and click the Save button.

Step Three – Login to the command line interface

In the upper right section of the admin interface, click on the CLI button to open a window to the command line interface (aka cli).  When the window opens, login using the same username and password you use for the web interface (Security Tip: please take the time to change the password from the default…)

Step Four – Update the DNS Fowarding

After logging into the cli, you need to enter the following commands:

configure
set service dns forwarding system
commit
save
exit
exit

What this does is to alter the functionality of the built-in DNS forwarding service to use the system name server values instead of the values from your ISP source (in my case an Arris SB6190 cable modem connected to Comcast).

After you have completed the above steps, then you can easily control the content filtering on your network using the OpenDNS tools.

Solaris – the foremind

May 15, 2018May 15, 2018 by Andrew Fore

During the installation and setup of my new Solaris 11 Automated Installer host, I ran into a situation where even though I was specifying both the origin to remove AND the origin to add, the OS refused to allow me to perform both options in the same command.  While you should be able do this, I ended up having to remove the default system configured publisher and then adding the new local IPS repository as the publisher.

This is what the default publisher was configured for:

root@qa1jumpstart01:~# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F http://pkg.oracle.com/solaris/release/
root@qa1jumpstart01:~# pkg publisher solaris

            Publisher: solaris
                Alias: 
           Origin URI: http://pkg.oracle.com/solaris/release/
              SSL Key: None
             SSL Cert: None
          Client UUID: 
      Catalog Updated: October  6, 2015 02:41:00 PM 
              Enabled: Yes

Here is the command that was part of the Oracle guide How to Get Started Customizing and Configuring Systems Using the Automated Installer in Oracle Solaris 11.1 which didn’t work for me:

root@qa1jumpstart01:~# pkg set-publisher –G '*' -g http://10.202.46.80 solaris
pkg set-publisher: only one publisher name may be specified
Usage:
        pkg set-publisher [-Ped] [-k ssl_key] [-c ssl_cert]
            [-g origin_to_add|--add-origin=origin_to_add ...]
            [-G origin_to_remove|--remove-origin=origin_to_remove ...]
            [-m mirror_to_add|--add-mirror=mirror_to_add ...]
            [-M mirror_to_remove|--remove-mirror=mirror_to_remove ...]
            [-p repo_uri] [--enable] [--disable] [--no-refresh]
            [--reset-uuid] [--non-sticky] [--sticky]
            [--search-after=publisher]
            [--search-before=publisher]
            [--search-first]
            [--approve-ca-cert=path_to_CA]
            [--revoke-ca-cert=hash_of_CA_to_revoke]
            [--unset-ca-cert=hash_of_CA_to_unset]
            [--set-property name_of_property=value]
            [--add-property-value name_of_property=value_to_add]
            [--remove-property-value name_of_property=value_to_remove]
            [--unset-property name_of_property_to_delete]
            [--proxy proxy to use]
            [publisher]

I tried several different variations of the one line command, however I was met with the same lack of success. In order to achieve the desired result where the local IPS repository was set up for publisher name solaris I had to do an unset of the existing repo and then a set to configure my new repo.

root@qa1jumpstart01:~# pkg unset-publisher solaris
Updating package cache                           1/1 
root@qa1jumpstart01:~# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
root@qa1jumpstart01:~# pkg set-publisher -g http:// solaris
root@qa1jumpstart01:~# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F http:///
root@qa1jumpstart01:~# pkg publisher solaris

            Publisher: solaris
                Alias: 
           Origin URI: http:///
              SSL Key: None
             SSL Cert: None
          Client UUID: 
      Catalog Updated: October  6, 2015 07:45:07 PM 
              Enabled: Yes

Categories Solaris, Tips n TricksLeave a comment January 8, 2017March 17, 2015 by Andrew Fore cli_img-4353175

In my day job as a Systems Engineer I frequently find myself switching between different UNIX and Linux distributions.  While many of the commands exist on both sides of the aisle, I often find vast differences in the command line parameters that can be consumed by a given command when used in, for example, Linux vs Solaris.

Recently I came upon this again with the need to easily ferret out the majority consumer of drive space on a Solaris 10 system.  While we did have the xpg4 specification support available, the du command was still missing my favorite option “max-depth”.

In Linux I use this to limit the output to only the current directory level so that I don’t have to face to possibility of wading through a tremendously large listing of sub-directories to find the largest directory in the level I am in.  Unfortunately, in Solaris, even with xpg4, the du command doesn’t have this option, so my solution was to pipe the results through egrep and use that to filter out the sub-directories.

Read moreSolaris Tip of the Week: a better du experience

Categories Linux, Solaris, Tips n Tricks, Uncategorized1 Comment

General – the foremind

November 20, 2018November 20, 2018 by Andrew Fore

At work we use Atlassian JIRA as our  ticket system internally between the various teams.  I have various widget setup to watch predefined JIRA filters on my dashboard, however I wanted to be able to sort the widget content by multiple columns.

By default the filter only sorts on a single column, however you can add a second sort by using Atlassian query language syntax like so:

assignee = afore AND resolution = Unresolved ORDER BY priority DESC, updatedDate DESC

jira-filter-jql-sort_20180918_162625-6635572 example of the filter after applying the new sort order Categories General, Tips n TricksTags jiraLeave a comment May 12, 2018May 12, 2018 by Andrew Fore

cookiebot_featured_image-e1526150506967-4680308As the whole GDPR craze has hit my place of employment, I decided to look into an easy method for to add a privacy policy and cookie policy to my WordPress site.

Adding a privacy policy is pretty simple, all you have to do is to create a new page with the policy on it.  Simple right? Well, it turns out that the devil is in the details as normal.  After a few minutes of research, I found a nice site with a template-based policy generator.  The site, Privacy Policy Template, is pretty self-explanatory.  The code for the template is very easy to edit after you generate the code.  This provides a great starting point for sites that need more information, but also a nice final product for blogs like this one that don’t really deal with any user data other than the owner.

The other shoe is a cookie policy.  Towards this end I used the CookieBot service and the accompanying plugin.  It is a paid service if you have a large number of pages, but if you have a site with 100 sub-pages or less then the service is free.  Be aware that for the purposes of billing and scanning, CookieBot treats each post or page as a separate item.  The pricing structure is really quite reasonable given the capabilities of the service.  For example, this site has a total of 121 pages and posts, so they automatically upgraded my account from free to a 30-day free trial.  Until I hit 500 pages/posts, the cost is only $10/month, which in the overall scheme of things is not that bad at all.

cookiebot-300x212-8787688 Screenshot of slide-down panel with default settings.

The initial scan can take as long as 24 hours to be generated, however that all depends on the size of the site being scanned.  The cookie categories and reports are automatically created for you, however you can also customize the panel with custom cookies and categories, as well customizing the CSS to control the look and feel of the panel.  I choose to start out with defaults only.  The image to the right is what my site looks like after the initial report was generated.

I also received a report in the inbox configured for the account with details on what was found in the scan and which cookies were treated as falling into the pre-defined categories.  For example, the scan found two cookies that were designated as necessary for the site to function.  There were also items found in the preferences and statistics categories.

While I don’t really feel that it is necessary for me to even have a privacy policy or cookie consent feature, I have decided to do it anyway simply out of an attitude of prevention, due to the political climate surrounding personal data collection and the like. (Thanks, Mark Zukerberg, as well as your friends at Cambridge Analytica.)

While these two services are by no means the only ones out there, I found them to be the easiest and simplest to implement.

(The featured image is copyright of HarperCollins Publishers)

Categories General, WordPressTags cookies, GDPR, privacyLeave a comment January 8, 2017October 4, 2015 by Andrew Fore

Editorial Note: Apparently Comcast really would prefer that people not use the term data cap when referring to the limitations being placed on their customers data usage and would much rather prefer that we use the term data usage plan or data threshold, however, I don’t really care. 🙂

Dear Comcast,

I would like to go on record as saying that you suck.  I recognize that you are a for profit company and that you would like to make a profit on the services that you provide.  I even think that having your company make a profit is a good thing because that enables you to pay your employees so that they can put food on their tables and afford to pay the fees for their children to participate in Little League baseball and other such childhood activities.

Your data usage cap system is bogus.  According to the data available on your own website you have eight (8) different trial markets where you have rolled out data caps since 2012:

  • August 1, 2012: Nashville, Tennessee – 300GB cap
  • October 1, 2012: Tucson, Arizona – 3 tiers (300GB, 350GB, 600GB)
  • August 22, 2013: Fresno, California – Economy Plus option added
  • September 1, 2013: Savannah, Georgia; Central Kentucky; Jackson, Mississippi – 300GB
  • October 1, 2013: Mobile, Alabama; Knoxville, Tennessee.
  • November 1, 2013: Huntsville, Alabama; Augusta, Georgia; Tupelo, Mississippi; Charleston, South Carolina; Memphis, Tennessee – 300GB cap
  • December 1, 2013: Atlanta, Georgia; Maine – 300GB cap
  • October 1, 2015: Fort Lauderdale, the Keys and Miami, Florida – 300GB cap plus $30 option for increasing to  unlimited

In fact, your page on this even refers to these as “trial start dates” which to a reasonably minded person would imply that they have an end date as well, however to the best of my knowledge (as well as the comments made by a customer support representative) there is no plan to end these trials OR any plan to actually collapse them into a single cohesive plan that applies to your entire service.

Read moreDear Comcast: You Suck

Categories General, Personal, UncategorizedTags comcast, usage cap2 Comments

Tips n Tricks – the foremind

November 20, 2018November 20, 2018 by Andrew Fore

At work we use Atlassian JIRA as our  ticket system internally between the various teams.  I have various widget setup to watch predefined JIRA filters on my dashboard, however I wanted to be able to sort the widget content by multiple columns.

By default the filter only sorts on a single column, however you can add a second sort by using Atlassian query language syntax like so:

assignee = afore AND resolution = Unresolved ORDER BY priority DESC, updatedDate DESC

jira-filter-jql-sort_20180918_162625-3786734 example of the filter after applying the new sort order Categories General, Tips n TricksTags jiraLeave a comment May 15, 2018May 15, 2018 by Andrew Fore

During the installation and setup of my new Solaris 11 Automated Installer host, I ran into a situation where even though I was specifying both the origin to remove AND the origin to add, the OS refused to allow me to perform both options in the same command.  While you should be able do this, I ended up having to remove the default system configured publisher and then adding the new local IPS repository as the publisher.

This is what the default publisher was configured for:

root@qa1jumpstart01:~# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F http://pkg.oracle.com/solaris/release/
root@qa1jumpstart01:~# pkg publisher solaris

            Publisher: solaris
                Alias: 
           Origin URI: http://pkg.oracle.com/solaris/release/
              SSL Key: None
             SSL Cert: None
          Client UUID: 
      Catalog Updated: October  6, 2015 02:41:00 PM 
              Enabled: Yes

Here is the command that was part of the Oracle guide How to Get Started Customizing and Configuring Systems Using the Automated Installer in Oracle Solaris 11.1 which didn’t work for me:

root@qa1jumpstart01:~# pkg set-publisher –G '*' -g http://10.202.46.80 solaris
pkg set-publisher: only one publisher name may be specified
Usage:
        pkg set-publisher [-Ped] [-k ssl_key] [-c ssl_cert]
            [-g origin_to_add|--add-origin=origin_to_add ...]
            [-G origin_to_remove|--remove-origin=origin_to_remove ...]
            [-m mirror_to_add|--add-mirror=mirror_to_add ...]
            [-M mirror_to_remove|--remove-mirror=mirror_to_remove ...]
            [-p repo_uri] [--enable] [--disable] [--no-refresh]
            [--reset-uuid] [--non-sticky] [--sticky]
            [--search-after=publisher]
            [--search-before=publisher]
            [--search-first]
            [--approve-ca-cert=path_to_CA]
            [--revoke-ca-cert=hash_of_CA_to_revoke]
            [--unset-ca-cert=hash_of_CA_to_unset]
            [--set-property name_of_property=value]
            [--add-property-value name_of_property=value_to_add]
            [--remove-property-value name_of_property=value_to_remove]
            [--unset-property name_of_property_to_delete]
            [--proxy proxy to use]
            [publisher]

I tried several different variations of the one line command, however I was met with the same lack of success. In order to achieve the desired result where the local IPS repository was set up for publisher name solaris I had to do an unset of the existing repo and then a set to configure my new repo.

root@qa1jumpstart01:~# pkg unset-publisher solaris
Updating package cache                           1/1 
root@qa1jumpstart01:~# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
root@qa1jumpstart01:~# pkg set-publisher -g http:// solaris
root@qa1jumpstart01:~# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris                     origin   online F http:///
root@qa1jumpstart01:~# pkg publisher solaris

            Publisher: solaris
                Alias: 
           Origin URI: http:///
              SSL Key: None
             SSL Cert: None
          Client UUID: 
      Catalog Updated: October  6, 2015 07:45:07 PM 
              Enabled: Yes

Categories Solaris, Tips n TricksLeave a comment January 8, 2017August 28, 2016 by Andrew Fore password-3486044

As part of the rebuild on my Plex Media Server using CentOS 7, I had intended to configure Google Authenticator but hadn’t gotten around to doing it yet.  As I got into the process recently I discovered that many of the steps that I had used when configuring my CentOS 6 Digital Ocean droplet were out of date to the point of uselessness.

I also discovered that most of the guides that I found either relied on the older 1.0 code release which was also outdated or used a unknown RPM repo.  As such I decided to write up the process that I followed to use the code downloaded from the official GitHub repository.

NOTE: If you are doing this in an enterprise setting, it is likely that your company has particular settings and restrictions that you may need to adhere to (e.g., not running things as the root user). Also, please note that all of my examples use the CentOS defaults unless specifically noted.

Read moreConfigure Google Authenticator on CentOS 7

Categories CentOS, Google, Security, Tips n Tricks, UncategorizedTags 2FALeave a comment October 5, 2015 by Andrew Fore

One of the tools that I use on a regular basis to test network connectivity updates is the “z” option of netcat.  Apparently when RedHat rolled out the latest version of their distribution of RedHat Enterprise Linux (RHEL) they decided to move to using the nmap-ncat package instead of the nc package.  The command options a very different.

So when attempting to test single port like I would have under previous releases I now use the following syntax:

# echo | nc -w1 $host $port >/dev/null 2>&1 ;echo $?

If the result that is returned is a zero then you have successfully connected to the remote host on the desired port. This also applies to CentOS 7 since it is a “clone” or copyleft port of the RHEL7 binaries.

Categories CentOS, Linux, Tips n Tricks, Uncategorized1 Comment June 10, 2015 by Andrew Fore

Today when attempting to figure out why Google Hangouts would not start on my Mac after the application was re-enabled due to a permissions change, I noticed a large number of messages like the following:

6/10/15 10:20:14.000 AM kernel[0]: Google Chrome He (map: 0xffffff804da160f0) triggered DYLD shared region unnest for map: 0xffffff804da160f0, region 0x7fff99a00000->0x7fff99c00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

After some research I found that this is a reported issue in the bug tracker for Chromium.  At first I thought that maybe this was the cause of the problem I was having but that turned out to not be the case, simply removing the Hangouts app in Chrome and re-adding it fixed my issue.  However, the sheer number of these errors makes the log a bit unwieldy.  It turns out that there is a way to hide all these messages (thanks to the commenter in the Chromium bug thread!):

[code language=”bash” light=”true”]sudo sysctl -w vm.shared_region_unnest_logging=0[/code]

While it doesn’t help at all with Chrome’s memory issues or other UI issues on Mac OS X, it is rather nice to hide all those spurious messages from the system log.

Categories Mac OS X, Tips n Tricks, UncategorizedLeave a comment June 10, 2015 by Andrew Fore

While logging into one of the Linux jump boxes at work today, it occurred to me that while I recently got notified about my password expiration from our Active Directory farm, I had no idea when my Linux password would expire or what the password life was.

To find out this information you can easily use the chage command.

Here is what the output looks like:

[code language=”bash”][user@myserver ~]$ chage -l user Last password change : Apr 09, 2015 Password expires : Jul 08, 2015 Password inactive : never Account expires : never Minimum number of days between password change : 1 Maximum number of days between password change : 90 Number of days of warning before password expires : 7

[/code]

It may seem like such a simple thing to do, but knowing when your password expires can be a lifesaver on occasion.

Categories Linux, Tips n Tricks, Uncategorized1 Comment January 8, 2017March 17, 2015 by Andrew Fore cli_img-8273551

In my day job as a Systems Engineer I frequently find myself switching between different UNIX and Linux distributions.  While many of the commands exist on both sides of the aisle, I often find vast differences in the command line parameters that can be consumed by a given command when used in, for example, Linux vs Solaris.

Recently I came upon this again with the need to easily ferret out the majority consumer of drive space on a Solaris 10 system.  While we did have the xpg4 specification support available, the du command was still missing my favorite option “max-depth”.

In Linux I use this to limit the output to only the current directory level so that I don’t have to face to possibility of wading through a tremendously large listing of sub-directories to find the largest directory in the level I am in.  Unfortunately, in Solaris, even with xpg4, the du command doesn’t have this option, so my solution was to pipe the results through egrep and use that to filter out the sub-directories.

Read moreSolaris Tip of the Week: a better du experience

Categories Linux, Solaris, Tips n Tricks, Uncategorized1 Comment March 2, 2015 by Andrew Fore

If you are a Safari user then you are likely used to the “reader mode” which disables all the extra graphical stuff and focuses the view on the content of the article.  Thanks to a tip from Google Plus user Francois Beaufort, here’s how to enable it on the desktop (in Windows at the very least, I haven’t tried in any other OS).

If you’re on desktop, playing with it is as easy as running chrome with the –enable-dom-distiller switch. Once it’s done, you’ll notice a new “Distill page” menu item.

Hopefully this will make it to mainstream with a nice icon.

Categories Google, Tips n Tricks, UncategorizedLeave a comment