bmon is a monitoring and debugging tool to capture networking related statistics and prepare them visually in a human friendly way.

ncdu (NCurses Disk Usage) is a curses-based version of the well-known du, and provides a fast way to see what directories are using your disk space.

Excerpt from tldr.sh: The tldr pages are a community effort to simplify the beloved man pages with practical examples.

Get more information at tldr-pages at GitHub.

Are you, as I, suffering from Detected Hardware Unit Hang in the kernel log from an e1000e network card? How do you notice it. A transfer goes to zero bytes for around 10 seconds, then restarts, then goes to zero, then restarts and so on…

From the website: The Portable Hardware Locality (hwloc) software package provides a portable abstraction (across OS, versions, architectures, …) of the hierarchical topology of modern architectures, including NUMA memory nodes, sockets, shared caches, cores and simultaneous multithreading. It also gathers various system attributes such as cache and memory information as well as the locality of I/O devices such as network interfaces, InfiniBand HCAs or GPUs.

• Portable Hardware Locality (hwloc)

Install the GUI on Fedora.

Oneliner to list your CPU vulnerabilities and mitigations. Read more about the different vulnerabilities and mitigations at Hardware vulnerabilities.

Installing a small Debian VM from scratch with only one partition. Makes later resizing easier. This was done on Fedora 32.

Preparations

Install software

libvirt is already installed on Fedora 32. It’s used in Gnome Boxes. We will not use that for this. We’ll do it the old fashioned way with virt-install.

sudo dnf install -y virt-manager virt-install

User access to libvirt

Add your user to the group libvirt.

sudo usermod -aG libvirtd $USER

Installation

1. Create a default preseed.cfg file. It contain a random root password for this installation. We change the installation to be atomic layout, just one big partition. This file can be reused to your hearts desire.

   [Read More]

Libvirt is the default toolkit to manage virtualization platforms on Linux. Libvirt and qemu is a great combination with Vagrant. It’s the default combination on most Linux systems, also on my favorite - Fedora.

This combination allows for some awesome features and some restrictions. One of the restrictions is that Ubuntu isn’t available as a box, but Debian is. And Debian is the foundation of Ubuntu, and it’s more open than Ubuntu.

The biggest feature is that it allows for more permanent development environments and direct connection to already existing network bridges.

Vagrant is a great way to script development environments for system administrators. It works with full virtualization and is closer to the real hardware than container systems.

There is a bug in the latest version of Ubuntu (Vagrant Box) that makes it hang during boot. It even hangs the VirtualBox and makes the GUI misbehave. The reason is a missing redirect of the console serial device. Console output fills up a buffer and then just hangs.

The only way to be safe for ransomware, except for keeping a offline backup, is to have a immutable online backup.

restic is a deduplication backup sofware, designed for ease of use and security. Rclone is a versatile program for syncing data between a huge variety of protocols and cloud providers. What is especially nifty is that restic can use rclone as a backend, and by that extend restic destination into most cloud providers.

Your private SSH key is the key for the kingdom. This means always having a password on the key. With YubiKey, you can keep your secret key outside your machine too.

Excerpt from Wikipedia: The YubiKey allows users to sign, encrypt and decrypt messages without exposing the private keys to the outside world.

This is a short how-to to get startet with using Yubikey to SSH into your servers.

YubiKey as private SSH key

Pre requests

1. Install the YubiKey management software.

   [Read More]

I’ve tried to ditch Dropbox for a long time. But the need for synchronizing folders between my computers have held me back. Syncthing solves this for me. It’s decentralized syncrhonization between all my units, including my phone, without the need to go through a 3rd party server.

Excerpt from Syncthings homepage: Syncthing replaces proprietary sync and cloud services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it’s transmitted over the Internet.

From zram documentation: The zram module creates RAM based block devices named /dev/zramID (ID = 0, 1, …). Pages written to these disks are compressed and stored in memory itself. These disks allow very fast I/O and compression provides good amounts of memory savings. Some of the usecases include /tmp storage, use as swap disks, various caches under /var and maybe many more :)

• zram

Example of compressed swap in memory

Write this commands in /etc/rc.local to create a 2G compressed swap partition in memory.

Ever wondered on how to record the audio from one application? Either the browser or a streaming application that don’t have the option to save audio to a file.

The PulseAudio sound server in your desktop makes this quite easy.

I’ve created a small script that captures the current playing sound stream and redirects it to FLAC audio file. After the capture is started, you can start playing sound from other programs. It won’t interfere with the current capture.

If you want to use Vagrant with OpenStack, you need to prepare Vagrant with installing the vagrant-openstack-plugin. I had some problems installing it directly through vagrant plugin install. I had to clone it from Github and install it manually.

One time configuration

Install OpenStack plugin in Vagrant

cd /tmp
git clone https://github.com/cloudbau/vagrant-openstack-plugin
cd vagrant-openstack-plugin
gem build vagrant-openstack-plugin.gemspec
vagrant plugin install vagrant-openstack-plugin-*.gem

Add a dummy box to Vagrant thats needed by the plugin.

vagrant box add dummy https://github.com/cloudbau/vagrant-openstack-plugin/raw/master/dummy.box

Download OpenStack RC file

• Log into OpenStack
• Download OpenStack API RC file
  • Go to Project -> Compute -> Access & Security -> API Access
  • Down RC file by hitting Download OpenStack RC File
  • Put $USER-openrc.sh in your ~/ or somewhere you prefer

Configure a Vagrant VM

Vagrantfile

This is a default generic Vagrant file which starts a m1.tiny flavor image of Ubuntu Utopic. It requires that you already have added your ssh key to OpenStack. Please add your ssh key with the name $USER_ssh_key.

From man page: fio is a tool that will spawn a number of threads or processes doing a particular type of I/O action as specified by the user. The typical use of fio is to write a job file matching the I/O load one wants to simulate.

This example only show how to use fio to make reproduceable test on a file system. For me it’s been useful to catch changes in I/O throughput before and after a system has gone into production. Buy running the same tests on all systems the numbers are comparable.

Notes for power saving on my i5 laptop.

Google now supports Google Earth in Google Maps. As far as I know it works in Chrome and Chromium. If Google Earth isn’t available where the satellite view options is, your graphic card is in the browsers blacklist.

To force enabling WebGL in the browser start it with the following options

chromium-browser --enable-webgl --ignore-gpu-blacklist

Now you can use Google Earth in maps.google.com.

Prototyping and testing configurations and system installations is time consuming on traditional hardware. That is why I started using Vagrant for nearly all development, prototyping and testing. It’s free and really easy to use. If you install VirtualBox sudo apt-get install virtualbox first, you’ll be up and running in no time.

Vagrant do profile itself for developers, but sysadmins has much to gain by using such tools to make life easier for themselves. Automation and reproducibility is key concepts in modern system administration. We need to think more and more like developers, as much as developers need to think more and more like sysadmins.

oSteve Gibson have a nice round-up where he explains how certificate revocation does work and why Chrome and Chromiums certificate revocation scheme doesn’t work. I recommend to read both Steve Gibson’s article on An Evaluation of the Effectiveness of Chrome’s CRLSets and Adam Langley’s in my opinion a bit missplaced answer Revocation still doesn’t work.

• Security Certificate - Revocation Awareness Test

• Listen to Security Now! episode 454 Certificate Revocation Part 2 in which Steve explains about both certificate revocation and Google’s CRLSets.

  [Read More]