stultifying. Rule 41 is not very 42.

home | blog | Teh Internet | guest blog |rants | political | projects | Gwen and Liam | Citadel patched | Tools | TMBG

21 March 2017, 13:07 UTCHow not to serve a web page:


P.S. Thanks, your crawlers are allowing me to learn new things.


8 March 2017, 16:07 UTCDeployStudio - Inappropriate repository error

Old info that I seem to have forgotten to write down the last time I set up
DeployStudio years ago...

Are you getting "Inappropriate repository" after netboot on clients?
You might have one of 2 things going on:

1. Ensure you are pointed to a valid smb or afp share in the DeployStudio Assistant setup.

Sub Folder: DeployStudio

2. Ensure you have a valid ntp server in the netboot if you are using recent smb clients.
It seems time shifts can make the share not work.


3 March 2017, 15:21 UTCGmail - get your smtp replies fixed - 4.7.0 is not a rejection.

Yes, some people forward to your service from other providers.
Yes, sometimes this content is probably spam...
If you send 4.7.0, and you mean to reject the message, please give a 5.x.x.
If you give a temp fail message, it gives the server the impression you intend
to attempt delivery later.

421-4.7.0 protect our users from spam, the message has been blocked.

4.XXX.YYY Persistent Transient Failure
  A persistent transient failure is one in which the message as sent is valid,
  but persistence of some temporary condition has caused abandonment or delay of
  attempts to send the message. If this code accompanies a delivery failure report,
  sending in the future may be successful.

5.x.x is probably what you mean:
5.XXX.YYY Permanent Failure
  A permanent failure is one which is not likely to be resolved by
  resending the message in the current form. Some change to the message
  or the destination must be made for successful delivery.

Update - Seems you do get it (even if it does take a bit)...
Mar  3 00:36:27 ... submission
Mar  3 00:36:28 421-4.7.0 - gsmtp
Mar  3 00:42:57 421-4.7.0 - gsmtp
Mar  3 00:43:02 421-4.7.0 - gsmtp
Mar  3 01:12:45 421-4.7.0 - gsmtp
Mar  3 01:12:45 550-5.7.1 - gsmtp


10 February 2017, 19:28 UTCCheck your mail servers cert using a tls connection:

See this post by koppor on
If that site or link goes away, here are the gory details:

apt-get install gnutls-bin to have gnutls-cli available.
gnutls-cli -s -p 25 YOURSMTPHOST (starts a session with your mailserver)
ehlo foo
Press CTRL+d (^d)

This one works as well:
Thanks to Dan Andreatta, and Skyhawk (for the edits):
Again, in case that goes away:
openssl s_client -connect -starttls smtp
or standard secure smtp
openssl s_client -connect


1 November 2016, 3:37 UTCWeb programming and n-tier programming:

Web programming is like n-tier programming minus the error logging.
I know it is just about looking in the right log, but finding the log can be fun.


11 October 2016, 19:09 UTCGood old telnet

Need to check for a possible firewall blocking issue with a mail server, but
you have multiple interfaces to check?
telnet -b to the rescue:

telnet -b servertocheck 25
telnet -b servertocheck 25


7 October 2016, 19:29 UTCCold beer and pretzels, takes care of cancer.


24 September 2016, 6:09 UTCSolve peoples problems with technology or perish.

There is no middle ground.

Either you will be a part of the solution, or you will be automated out of the way.


9 September 2016, 4:43 UTCFabric fun.

Full talk here (not me) - thanks Wes Thomas for the info.
And as always (in case the link goes away, here is boiled down points I got from that talk:
I will add my own stuff over time at the bottom of this page - see asdfjklm.

The basics.
fab comand
pip install fabric

Expects that there is a file called that contains the what you want to do.
(don't worry, you can configure this as well - see namespacing below)
Once you have one with python functions in it, you can list via:
fab --list

Use ssh config to define hosts and keys:
In your fab file:

from fabric.api import *

#(this is false by default)
env.use_ssh_config = True

# define hosts for production with
define production():
 # ... or read from external file, db, or whatever - iterable is all it takes!
 env.hosts = ['host1', 'somehost']
# staging
define staging():
  env.hosts = ['stagehost']

- that allows you to pick production or test or whatever sub-sets you define to work on:
fab production runfunction
- or -
fab staging runfunction runanotherfunction


ServerAliveInterval 30

Host somehost
  HostName somehost.somedomain
  User youruser
  ItentityFile ~/.ssh/id_rsa

Host host1
  HostName host1.somedomain
  User youruser
  IdentityFile ~/.ssh/id_rsa

Host stagehost
  HostName stagehost.someotherdomain
  User youruseronathathost
  IdentityFile ~/.ssh/id_rsa

Alternatives to using ssh/config file:
fab -H hostname somecommand
fab -H somehost,host1 someothercommand

cd before run a command?:
def command():
  with cd('~/somedir/somesub/webproject'):
    run('somecommand ...')

Turbo mode! - Decorator @parallel
Does just what you think it does (run in parallel on hosts defined).
Set the pool_size arg if you have many hosts with complex ops. It limits your simultaneous connections - and thus load on your localhost.
# just add @parallel to functions
def someop():
  run('do something')

@parallel(pool_size = 5):
def someoplimited():
  run('do something')

# - things will happen out of order on hosts, so make sure your ops are atomic in your mind first!

Only do it once - @runs_once decorator
If you have a task that only needs to be done once (push files to cdn network, update a back end db, etc...
# note: won't work with @parallel decorator, so don't use both.
def dosomething():

Pile it on with execute()
def dothings():

# where each arg is another function as before, but list allows you to combine steps in one function.

What roles can you apply to servers, and limit the functions to those that are in that role.
env.roledefs = {
    'db' : ['dbserver1', 'dbserver2'],
    'web': ['web1', 'web2', 'web3'],
    'ec2hosts' : ['someec2host', 'anotherec2host', 'blahec2host', 'yetanotherec2host']

def migrate():
  # some db things

def restartapache();
  # web only things

Limit the noise. Your fabfile is full!
# the @task decorator will quiet down the fab --list method

def userallowedfunction():
  #some code

def someinternalthing():
  # othercode

fab --list
- should now only display userallowedfunction
- it also caps the other commands to private (i.e. not runnable via the fab command).
- you need to decorate all allowed functions with @task that the user can get to.

That is too much typing to run that function!
# you can alter the @task decorator - see above
# just add alias = 'tla'
@task(alias = 'rtadse')
def run_this_and_do_something_else();
  # code...

fab --list


namespaces - does the file need to be only
- no, you can import from other files to get the modules and classes and other existing code to that
(remember, it is just python, so the sky is the limit - i.e. batteries included.)

Don't re-invent the wheel. If you need to append to a config file, see append in the docs.
If you need to add an ssh key, that is easy...
If you need to do sed, search and replace, exists (config already has this thingie), comment out line with regex ... line fab contrib items can be fun - not core, but close to it.
If you don't find it in the current docs, search. There are many others sharing fab examples to solve the repetitive issues.
I will post some of mine here later - famous last words.

My stuff to share: asdfjklm

Why use fabric?
Your programmers need answers, not a gate-keeper. Empower them with this as a tool. Things change, why teach everyone to be a sysadmin?
You can tweak a process that is otherwise painfull and make it easy.
It is repeatable, it is automated, it is easy to tweak.
You can share the easy to read fab file, and anyone can tweak it and improve it.
There is no need to cover up the hand waving things that happend on one-off deployments.

Is it hard to use for non-programmers?
You can have them pip install fabric, get the, and then they can just run:
fab sometask

So, no.
No need to explain the black box stuff that happens with sometask.
Think about wrapper it in a simple gui to share tasks and the load.

More to come. - insert test pattern here.
This page intentionally left blank.


10 August 2016, 3:38 UTCE: Problem with MergeList?

Yep, you need to rm them off.

rm -rfv /var/lib/apt/lists/*


29 July 2016, 22:17 UTCNo bvi installed? Give this a spin:
2 May 2016, 20:37 UTCWeb program migration to a new server.
4 April 2016, 2:49 UTCHistory, never repeats... Nah, it does.
18 March 2016, 14:44 UTCHaving DNS issues the last couple of days?
17 March 2016, 0:33 UTCMicrosoft - you suck - How about click and not run?
18 February 2016, 20:06 UTCLong time no bash Microsoft
8 February 2016, 22:25 UTCReboot on blocked task. I.E. Hanging after "INFO: task blahblah:1234 blocked for more than 120 seconds."
2 February 2016, 22:55 UTCHow to embiggen a raw disk partition using libvirt/kvm/qemu
18 January 2016, 20:14 UTCWordpress xmlrpc is efficient.
2 December 2015, 5:05 UTCOuch Google, ouch.
30 November 2015, 17:23 UTCRobotron sort of day today:
17 October 2015, 4:56 UTCRing of trust. I hope.
1 September 2015, 4:58 UTCInteresting crew, what are they up to?:
27 August 2015, 4:28 UTCSSl / TLS / HTTPS fun:
9 July 2015, 21:18 UTCOpenSSL - patched *(Slackware)
1 July 2015, 5:31 UTCHappy Leap Second Day
1 July 2015, 5:28 UTCNoSQL etc.
30 June 2015, 3:20 UTCDouglas C. Engelbart - The Internet (o.k., Intranet) 1969!
13 May 2015, 14:01 UTCVirtual bytes (VENOM) XEN and KVM/Qemu
8 May 2015, 4:30 UTCWow - tig - such commit, very push!

All older entries

[atom feed]