As mentioned before, when switching to IPv6 (or more realistically, to dual stack) one of the things that might not work out of the box is VPNs. I decided to put some effort in it to get it to work anyway.
Posts tagged ‘linux’
Together with most of the internet, we tested IPv6 on World IPv6 day last week. I won’t go into details on what IPv6 is and why it’s important. Although IPv6 has been tested intensely in isolated networks, this is the first time it was tested on such a large scale. Technically, the participants would just add AAAA-records for their websites to DNS. This small change causes a huge effect. Since most browsers are configured to prefer IPv6 AAAA-records over IPv4 A-records, this causes all IPv6-connected users to suddenly connect over IPv6 instead of IPv4.
For the most part, this major changeover happened without as much of a hitch. In fact, if I hadn’t known it was World IPv6 day, I wouldn’t have noticed anything. But I’m not a normal web-user, so I did notice some issues.
Continue reading ‘World IPv6 day – lessons learned’ »
I regularly watch log files in real time using the highly appreciated tail -f command. But I usually find myself manually inserting newlines to give a visual clue of which log-lines happened together. Obviously the timestamps in the lines tell you the full story, but it’s not that visually appealing.
I assume I don’t have to introduce the concept of spam. Fighting spam can be done on different levels. A first line of defense is the mail server receiving them. There are several checks it can perform. Here is my configuration of Postfix.
Sometimes, you want to manually alter the caching behaviour of linux. Making sure all data is committed to disk can be done by the sync command. If you want to flush the caches for reads as well, you need to go deeper into the system.
echo 3 > /proc/sys/vm/drop_caches
Writing 1 only clears the pagecache; 2 clears the dentries and inodes; 3 clears all.
TBF or Token Bucket Filter is a tool from the linux kernel. It can be inserted as a “queueing discipline” for an Ethernet device. TBF is usually employed to limit the bandwidth.
I tried to configure TBF on my Ubuntu 9.10 VMware box, but I got disappointing results: I only got around 100kbps, no matter what I configured. I tried the same setup on a physical server, with the same results.
Sometimes it’s really useful to prepend a timestamp to every output line of a command. This can be done fairly easily:
$command | \ perl -pe '@now=localtime();printf "%04d-%02d-%02dT%02d:%02d:%02d ",$now[5]+1900,$now[4]+1,$now[3],$now[2],$now[1],$now[0];'
The perl command reads in every line, prints the current time in the default format (or in whatever format you specify), followed by the read line.
When hosting multiple sites on a single IP, HTTP1.1 has the necessary items on board to route the request to the correct site. This works because an HTTP 1.1 request includes a Host: header, which indicates to the server which site the client wishes to access.
When using SSL-secured connections, this doesn’t work anymore. The problem is similar to the situation in HTTP1.0: The server needs to know to which SSL-host the connection is addressed. SNI introduces a similar solution: It specifies an extension to the SSL negotiation to indicate which server the client wishes to access.
I sometimes pipe a command to less to study it’s output. If it’s interesting enough, I re-run the command and redirect the output to file. This approach has some limitations: the command is run twice, possibly with different output.
Obviously, I should use tee to send the output to both less and the file, but I regularly forget this. That where this hint comes in: you can save the current less-buffer to file!
In short, to save the buffer that is being displayed by a session of `less’, use its pipe-to-shell-command capability by scrolling to the top of the file and press `|’ followed by `$’ as well as entering `tee DESTINATION_FILE’ when prompted for the shell command.
This is probably something everybody knows, but I’ve been Googling for this answer for over an hour:
- BASEDIR=/whatever
- cp $DEBs $BASEDIR/.
- mkdir -p $BASEDIR/dists/$DIST/$COMPONENT/binary-amd64
- cd $BASEDIR
- apt-ftparchive packages . > dists/$DIST/$COMPONENT/binary-amd64/Packages
- echo “deb file:$BASEDIR $DIST $COMPONENT” >> /etc/apt/sources.list
- apt-get update
$BASEDIR is whatever directory you have space in (preferably an empty directory); $DIST and $COMPONENT are “jaunty-backports” and “main” in my setup, but you can vary.
You also might need to add the following line to /etc/apt/apt.conf to get rid of the “untrusted source” warning:
APT::Get::AllowUnauthenticated “true”;
