stultifying. Rule 41 is not very 42.

home | blog | Teh Internet | guest blog |rants | political | projects | Gwen and Liam | Citadel patched | Tools | TMBG

10 February 2017, 19:28 UTCCheck your mail servers cert using a tls connection:

See this post by koppor on
If that site or link goes away, here are the gory details:

apt-get install gnutls-bin to have gnutls-cli available.
gnutls-cli -s -p 25 YOURSMTPHOST (starts a session with your mailserver)
ehlo foo
Press CTRL+d (^d)

This one works as well:
Thanks to Dan Andreatta, and Skyhawk (for the edits):
Again, in case that goes away:
openssl s_client -connect -starttls smtp
or standard secure smtp
openssl s_client -connect


1 November 2016, 3:37 UTCWeb programming and n-tier programming:

Web programming is like n-tier programming minus the error logging.
I know it is just about looking in the right log, but finding the log can be fun.


11 October 2016, 19:09 UTCGood old telnet

Need to check for a possible firewall blocking issue with a mail server, but
you have multiple interfaces to check?
telnet -b to the rescue:

telnet -b servertocheck 25
telnet -b servertocheck 25


7 October 2016, 19:29 UTCCold beer and pretzels, takes care of cancer.


24 September 2016, 6:09 UTCSolve peoples problems with technology or perish.

There is no middle ground.

Either you will be a part of the solution, or you will be automated out of the way.


9 September 2016, 4:43 UTCFabric fun.

Full talk here (not me) - thanks Wes Thomas for the info.
And as always (in case the link goes away, here is boiled down points I got from that talk:
I will add my own stuff over time at the bottom of this page - see asdfjklm.

The basics.
fab comand
pip install fabric

Expects that there is a file called that contains the what you want to do.
(don't worry, you can configure this as well - see namespacing below)
Once you have one with python functions in it, you can list via:
fab --list

Use ssh config to define hosts and keys:
In your fab file:

from fabric.api import *

#(this is false by default)
env.use_ssh_config = True

# define hosts for production with
define production():
 # ... or read from external file, db, or whatever - iterable is all it takes!
 env.hosts = ['host1', 'somehost']
# staging
define staging():
  env.hosts = ['stagehost']

- that allows you to pick production or test or whatever sub-sets you define to work on:
fab production runfunction
- or -
fab staging runfunction runanotherfunction


ServerAliveInterval 30

Host somehost
  HostName somehost.somedomain
  User youruser
  ItentityFile ~/.ssh/id_rsa

Host host1
  HostName host1.somedomain
  User youruser
  IdentityFile ~/.ssh/id_rsa

Host stagehost
  HostName stagehost.someotherdomain
  User youruseronathathost
  IdentityFile ~/.ssh/id_rsa

Alternatives to using ssh/config file:
fab -H hostname somecommand
fab -H somehost,host1 someothercommand

cd before run a command?:
def command():
  with cd('~/somedir/somesub/webproject'):
    run('somecommand ...')

Turbo mode! - Decorator @parallel
Does just what you think it does (run in parallel on hosts defined).
Set the pool_size arg if you have many hosts with complex ops. It limits your simultaneous connections - and thus load on your localhost.
# just add @parallel to functions
def someop():
  run('do something')

@parallel(pool_size = 5):
def someoplimited():
  run('do something')

# - things will happen out of order on hosts, so make sure your ops are atomic in your mind first!

Only do it once - @runs_once decorator
If you have a task that only needs to be done once (push files to cdn network, update a back end db, etc...
# note: won't work with @parallel decorator, so don't use both.
def dosomething():

Pile it on with execute()
def dothings():

# where each arg is another function as before, but list allows you to combine steps in one function.

What roles can you apply to servers, and limit the functions to those that are in that role.
env.roledefs = {
    'db' : ['dbserver1', 'dbserver2'],
    'web': ['web1', 'web2', 'web3'],
    'ec2hosts' : ['someec2host', 'anotherec2host', 'blahec2host', 'yetanotherec2host']

def migrate():
  # some db things

def restartapache();
  # web only things

Limit the noise. Your fabfile is full!
# the @task decorator will quiet down the fab --list method

def userallowedfunction():
  #some code

def someinternalthing():
  # othercode

fab --list
- should now only display userallowedfunction
- it also caps the other commands to private (i.e. not runnable via the fab command).
- you need to decorate all allowed functions with @task that the user can get to.

That is too much typing to run that function!
# you can alter the @task decorator - see above
# just add alias = 'tla'
@task(alias = 'rtadse')
def run_this_and_do_something_else();
  # code...

fab --list


namespaces - does the file need to be only
- no, you can import from other files to get the modules and classes and other existing code to that
(remember, it is just python, so the sky is the limit - i.e. batteries included.)

Don't re-invent the wheel. If you need to append to a config file, see append in the docs.
If you need to add an ssh key, that is easy...
If you need to do sed, search and replace, exists (config already has this thingie), comment out line with regex ... line fab contrib items can be fun - not core, but close to it.
If you don't find it in the current docs, search. There are many others sharing fab examples to solve the repetitive issues.
I will post some of mine here later - famous last words.

My stuff to share: asdfjklm

Why use fabric?
Your programmers need answers, not a gate-keeper. Empower them with this as a tool. Things change, why teach everyone to be a sysadmin?
You can tweak a process that is otherwise painfull and make it easy.
It is repeatable, it is automated, it is easy to tweak.
You can share the easy to read fab file, and anyone can tweak it and improve it.
There is no need to cover up the hand waving things that happend on one-off deployments.

Is it hard to use for non-programmers?
You can have them pip install fabric, get the, and then they can just run:
fab sometask

So, no.
No need to explain the black box stuff that happens with sometask.
Think about wrapper it in a simple gui to share tasks and the load.

More to come. - insert test pattern here.
This page intentionally left blank.


10 August 2016, 3:38 UTCE: Problem with MergeList?

Yep, you need to rm them off.

rm -rfv /var/lib/apt/lists/*


29 July 2016, 22:17 UTCNo bvi installed? Give this a spin:

Good tip for showing hex from within vi. Thanks YorkshireKev!
In case that goes away, just stream with xxd to display hex:


Off again with:
:%!xxd -r

If you are more of a GUI fan, and want to install one without many dependencies, give Jeex a try:
P.S. Thanks Great site for tips and tools.


2 May 2016, 20:37 UTCWeb program migration to a new server.

Moving a Web program to a new server, and having errors with functionality?
Are the logs proving to be less than verbose?
You might want to check for missing host OS packages.
Some applications skip the language built ins in favor of shelling out to an OS utility.
For example:


For Python
os.system Popen


4 April 2016, 2:49 UTCHistory, never repeats... Nah, it does.

So, using the video chip to do the grunt work is unique to the Raspberry Pi?
No, it is not. See Ben Heck's redo of the ZX Spectrum for details:

Notice how the PAL chip is the analog of the RPi boots from the video ram as well:
"The VideoCore IV GPU core is responsible for booting the system"
So, I would guess that history does repeat, and repeat, and... Thanks Split Enz.

P.S. Sorry for making an example of you Ben. You do what you do well. It is just that you were our matched by Clive in your attempts to minimize the economy of the day. I am glad you accepted the challenge and persevered to find a further optimization that works, and will show others the light.


18 March 2016, 14:44 UTCHaving DNS issues the last couple of days?
17 March 2016, 0:33 UTCMicrosoft - you suck - How about click and not run?
18 February 2016, 20:06 UTCLong time no bash Microsoft
8 February 2016, 22:25 UTCReboot on blocked task. I.E. Hanging after "INFO: task blahblah:1234 blocked for more than 120 seconds."
2 February 2016, 22:55 UTCHow to embiggen a raw disk partition using libvirt/kvm/qemu
18 January 2016, 20:14 UTCWordpress xmlrpc is efficient.
2 December 2015, 5:05 UTCOuch Google, ouch.
30 November 2015, 17:23 UTCRobotron sort of day today:
17 October 2015, 4:56 UTCRing of trust. I hope.
1 September 2015, 4:58 UTCInteresting crew, what are they up to?:
27 August 2015, 4:28 UTCSSl / TLS / HTTPS fun:
9 July 2015, 21:18 UTCOpenSSL - patched *(Slackware)
1 July 2015, 5:31 UTCHappy Leap Second Day
1 July 2015, 5:28 UTCNoSQL etc.
30 June 2015, 3:20 UTCDouglas C. Engelbart - The Internet (o.k., Intranet) 1969!
13 May 2015, 14:01 UTCVirtual bytes (VENOM) XEN and KVM/Qemu
8 May 2015, 4:30 UTCWow - tig - such commit, very push!
17 April 2015, 13:29 UTCHTTP.sys issue. DOS for now, exploit probably soon if not already.
31 March 2015, 19:51 UTCApache and fcgid have you down?
12 March 2015, 16:03 UTCMore Cert fun.

All older entries

[atom feed]