Paul's Blog

The articles below are on various topics, though the majority are focused on some aspect of systems administration.

oVirt Engine 3.4.4 Interoperability with Fedora 21 · December 19, 2014

At work, we maintain a cluster of a dozen hosts dedicated to running virtual machines. The cluster is managed by oVirt version 3.4.4. Version 3.5 is current, but for a variety of reasons we’re sticking with 3.4.4 for a while yet.

The cluster nodes and the oVirt Engine, essentially the cluster controller, currently run Fedora 19. The standard Fedora life cycle is that “Release X is supported until one month after the release of Release X+2.” Since Fedora 21 was release earlier this month, Fedora 19 is near the end of its lifecycle.

So I thought it was time to try using Fedora 21 on a cluster node, the nodes being easier to update than the server running the Engine.

Getting Fedora 21 to work with Engine 3.4.4 took some work! The short version of the process is outlined below.

Read more...

Dueling fail2ban and ipset timeouts · December 10, 2014

Quick background: Fail2ban scans system logs looking for entries that indicate network connections with malicious intent. When it finds enough such entries from a given IP address, it adds a firewall rule that blocks connections from that address for a given period of time.

In CentOS and Debian, Fail2ban is normally configured with a ban time of 600 seconds (10 minutes). That’s a safe default if you’re worried about locking yourself out of your system, but I don’t think it’s long enough to ward off persistent or obnoxious attackers.

Read more...

IT Operations on TV Shows · November 25, 2014

A recent thread on a technical mailing list I frequent was started by someone observing (perhaps complaining) that many television show plots rely on ridiculous IT operations.

I agree, but I don’t really care. I even approve.

Read more...

Great Utilities: pbcopy · November 20, 2014

This is the first of what I hope will become a series of posts that highlight useful command-line computing utilities. Sometimes (like this post), the focus will be on what I consider to be relatively obscure programs; at other time, I’ll focus on obscure features of commonly used utilities.

This post is dedicated to a pair of Mac OS X utilities: pbcopy and pbpaste. The “pb” is both stands for “pasteboard”: they are command-line programs to getting content to and from the Mac clipboard.

Read more...

ALL CAPS at NWS · November 11, 2014
I remain amused at the National Weather Service’s insistence on retaining its bulletin style of all-uppercase letters. Kevin Drum at Mother Jones, Will Oremus at Slate, Robinson Meyer at The Atlantic, and even the NWS itself have given answers, but none answers the real unspoken question. Teletype machines are still used…where, exactly?
Running ssh-add on a Remote Host · November 6, 2014
I learned something new today. It’s not earth-shattering, but it was news to me. I have a standard SSH authorized_keys file that I install on all the machines I manage or use. That file contains a couple different public keys, one corresponding to the private key on my work laptop and one to that on my Mac at home. Today, I was working at home, so I was using my home Mac, with its SSH private key loaded into the SSH agent.

Read more...

The Evolution of Flushing DNS Cache in Mac OS X · October 24, 2014

I recently updated both my work and home Macs to OS X 10.10, aka Yosemite. As with most OS upgrades, little changes have accompanied the marquee upgrades. In particular, Yosemite has yet another way to flush the local DNS cache.

Read more...

IPv6 Autoconfiguration · October 22, 2014

A friend sent me a message recently asking about the advisability of assigning a DNS AAAA record (for an IPv6 address) to a computer’s current IPv6 address. He wrote, One thing that I wasn’t certain about with IPv6 was whether or not this address could/would change in the future. As such, I wasn’t sure if I should create the AAAA record using it. Fun!

I knew that machine in question runs Linux and that it acts as a server, always running on the same firewall-protected network.

His question gets to an interesting thing, and configurable too.

Read more...

Installing Haskell Platform 2014.2.0.0 on CentOS 6 · October 7, 2014

I was recently asked to assist someone install the newest Haskell Platform on a CentOS 6 machine. Mind you, the point of the Haskell Platform releases is to make it easier to get a complete Haskell development environment. I suppose it’s easier if you’re running a Linux distribution for which there are pre-built Haskell Platform binary releases. CentOS 6 is not one of those favored distributions, however, and the procedure was much, much harder than it should have been.

Read more...

Warding Off IP-based Web Scans · October 2, 2014

Like any other web server on the Internet, mine is frequently the target of IPv4-based scanning attacks. The scanner just polls address after address and starts looking for vulnerabilties (or whatever) as soon as it sees signs of life on TCP port 80.

Apache has a quirk that allows you to mostly ignore these scanners, as long as you’re willing to use a virtual host for your web service.

Read more...

Launch oVirt 3.3 VNC consoles in OS X · September 26, 2014
I recently ran into obstacles getting oVirt 3.3 VNC console sessions to launch in Mac OS X. I posted a description of the problem and a workaround solution on GitHub.
Steven Soderbergh on Raiders of the Lost Ark · September 24, 2014
Steven Soderbergh has done a really cool experiment. He stripped the color, score, and dialog from Raiders of the Lost Ark to study its staging. He writes, I’m just saying this is what I do when I try to learn about staging, and this filmmaker forgot more about staging by the time he made his first feature than I know to this day (for example, no matter how fast the cuts come, you always know exactly where you are—that’s high level visual math shit).

Read more...

Using SOCKS5 Over SSH for Web Browsing · September 24, 2014

You’re on the road, connected to a wi-fi network you don’t trust, and you want to do some web browsing without having your traffic sniffed. A VPN connection would solve the problem, but all you really want is to keep your web session from prying eyes.

If you have three things, you’re in luck:

  • OpenSSH installed on your local system
  • A remote system to which you can establish an SSH connection
  • Firefox

Read more...

Re-reading Mistress of the Art of Death · September 23, 2014
I’m currently re-reading Ariana Franklin’s very entertaining historical mystery novel Mistress of the Art of Death. Both Goodreads and Amazon have plot summaries, which I won’t provide here. My first time through the book, about two years ago, I spent most of my reading energy wrapping my head around the setting (England, in the realm of Henry II) and the various characters. Consequently, I failed to notice a crucial point: Ms.

Read more...

Xcode License Requires Admin Privileges · September 19, 2014
Early this morning, I installed on my MacBook Pro at work Apple’s latest software updates, including Xcode 6.0.1. The update went smoothly. Later, I needed to work in my local copy of a Subversion repository, so as usual I grabbed the latest changes from the central copy of the repo before starting to work. [heinlein@macbook trunk]$ svn update Agreeing to the Xcode/iOS license requires admin privileges, please re-run as root via sudo.

Read more...