Howto...

Here I'll list things I learned while fiddling with UNIX/Linux/MacOS X (which is a BSD derivate).

snmptrapd suddenly processes no traps at all anymore

Newer versions of net-snmp require that you set a community or else it'll refuse everything.
So add to your /etc/snmp/snmptrapd.conf:

authCommunity log,execute,net public

Now all traps with community 'public' will be allowed.
Check this page for more details.

MySQL: removing duplicate rows from a table

First create a temporary table containing the cleaned-up data:

CREATE TABLE without_duplicates_temp SELECT * FROM original_table GROUP BY columns, that, must, be, unique;

and then just delete the original and rename the temporary table:

DROP TABLE original_table;
RENAME TABLE without_duplicates_temp TO original_table;

Force check of all filesystems after reboot (fsck)

touch /forcefsck

Konig CMP-UPS 650 & NUT

When you have a Konig CMP-UPS 650 you would like to connect to NUT, use the 'megatec' driver.

How to clear (and keep empty) the pagecache, dentries and inodes

echo 3 > /proc/sys/vm/drop_caches

Afterwards, echo '0' to this file.

Getting rid of that obsolete delay after password authentication

In Debian, add nodelay to the line with pam_unix.so in /etc/pam.d/common-auth.

Installing Debian 4.0r01 on system with an Intel DG965WH motherboard

System is very slow

The solution is very simple: upgrade the bios! The difference in speed is massive. Oh I also switched on HPET timers in the bios.

CD-ROM player not detected

Do a network install!

use a complete path for the tftp image, e.g.: "/tftpboot/pxelinux.0" (to prevent error messages about absolute path: "Only absolute filenames allowed")
use a dhcp server (bootp doesn't seem to work)
install the tftpd-hpa package, the 'normal' tftpd gives the following error: tftp server does not support the tsize option
install 'stable' or else no kernel modules will be found, upgrade later if you wish
select the 'em64t-smp' kernel package (that is the "intel-amd64")
set the partition on which '/boot' resides to bootable! this is required as else the bios won't boot with a "no bootable device" error

Cannot get access to LUN on a DS3200

When connecting to a LUN on a IBM DS3200 using suse linux 10, all disk i/o gives errors.
This may be caused by the LUN having number 0. Use a different LUN number (1...31) and things will work fine.
This may also apply to redhat linux and/or other DS3x00 storage enclousures.

Reducing disk-access (and thus saving power)

Mount filesystems with parameters:

noatime - do not update inode when a file got accessed or use relatime when it still must be updated somewhat
commit=300 - do not flush buffers to disk every 5 seconds (like ext3 does default) but every 5 minutes - only do this when your system never crashes and is on a UPS or a laptop-battery
async

Enable laptop-mode with this command:

echo 5 > /proc/sys/vm/laptop_mode

Expire dirty buffers only after a day (same warning applies):

echo 864000 > /proc/sys/vm/dirty_expire_centisecs

Displaying .odt-files (OpenOffice) inline in Mutt

First install the odftools, then add the following to .mailcap:

application/vnd.oasis.opendocument.text; odfread %s ; needsterminal

Backspace does not work

Type:

stty erase

after that(!) press ^v and then backspace. Then press enter.

_getpty() fails on IRIX with 'operation not permitted'

Check to see if /usr/sbin/mkpts has mode 4755.

mount -t smbfs gives "smbfs: mount_data version 1919251317 is not supported"

On Debian you then need to install the 'smbfs' package, on RedHat you need 'samba-client'.

Synaptic Touchpad slow on Debian 4.0

Add the following to /etc/X11/xorg.conf (section 'InputDevice', identifier 'Synaptics TouchPad'):

        Option  "MinSpeed"      "1.0"
        Option  "MaxSpeed"      "1.0"
        Option  "AccelFactor"   "0.2"

If it then moves too fast, adjust the 'AccelFactor'.

SpamAssassin 'sa_learn'/updatedb/backups make system unresponsive

Not only can you renice the cpu priority, one can also renice the I/O priority. For this to work you need to use the 'cfq' I/O scheduler and the ionice utility.
Enabling the cfq I/O scheduler:

echo cfq > /sys/block/hda/queue/scheduler

Then create the following script (/usr/local/bin/LP):

#!/bin/sh

/bin/nice -n 40 /usr/bin/ionice -c 3 $*

Now when you want to run some disk-intensive process while not suffering too much, but 'LP ' in front of the command. E.g. 'LP updatedb'.

Force the Linux kernel to re-read a partitiontable

blockdev --rereadpt /dev/device
Do NOT do this on a device where filesystems are mounted from.

Setting the default editor to vi

Current versions of Debian have the nasty habbit of using some non-vi-compatible editor for editing crontabs etc. This can be corrected using "update-alternatives --config editor".

Fixing time-management in vm-instances on VMware

Install the VMware tools in the guest os, then in the .vmx-file set the following parameters to TRUE:

tools.syncTime - sync periodically
time.synchronize.continue - sync after snapshot
time.synchronize.restore - sync after reverting to a snapshot
time.synchronize.resume.disk - sync after resume
time.synchronize.shrink - sync after defragmenting a virtual disk

Do NOT run any other timekeepers in the guest operating system! (like the W32Time service on windows and the NTP daemon on UNIX systems).
Read this pdf (written by VMware) for more details and background information.

X11 forwarding over SSH on a Debian system does not work

Make sure that in the file /etc/ssh/sshd_config the parameter X11Forwarding is set to yes. Also you need 'xauth' which is in the xbase-clients package.

Backup to LTO3 tapestreamer performs very slow

When using cpio the default blocksize is 512 bytes. Now the more or less optimal blocksize for an LTO3 tapestreamer is 256KB. So a better performance can be achieved by adding '--block-size=512': this lets cpio backup using 512 blocks of 512 bytes(!).

During installation of the IBM Websphere application server libXp.so.6 cannot be found

On RedHat, install the xorg-x11-deprecated-libs package.
On Debian, install the libs/libxp6 package.

apt-get (from Debian) suddenly segfaults

Delete the file '/var/cache/apt/pkgcache.bin' and re-run 'apt-get update'.

NAT stopped working after upgrading Linux kernel to 2.6.20

Edit the .config in the kernel source directory and set CONFIG_NF_CONNTRACK_ENABLED to either 'y' or 'm'.
After that, run 'make oldconfig' and rebuild your kernel and its modules.

Optimizing Perl

First run the script with profiling enabled:

perl -d:DProf myscript.pl

then run the profile-dumper:

dprofpp tmon.out

Copy (duplicate) a two-dimensional array in Perl

@target = map [map $_ = $_, @{$_}], @source;

Optimizing a site with Mambo for search engines

The default urls of Mambo are not compatible with search engines. This causes only(!) the front- (first) page of your website to appear in search engines like Google. The following settings solve this.
In the file configuration.php (in the root of your Mambo setup), change the following line:

$mosConfig_sef = '0';

into

$mosConfig_sef = '1';

To make this work you MUST also add the following to the .htaccess file in the root of your Mambo setup:

RewriteEngine On
RewriteRule ^content(.*) index.php
RewriteRule ^component/(.*) index.php

Speeding up Firefox

"Surf to": about:config and set the following parameters:

browser.blink_allowed false
layout.frames.force_resizability true
network.http.pipelining.maxrequests 10
network.http.pipelining true
network.http.proxy.pipelining true
network.http.max-connections 64
network.http.max-connections-per-server 21
network.http.max-persistent-connections-per-server 8

Really slow bittorrent downloads

Sometimes bittorrent downloads go really slow, even when the upload-rate is at its maximum. Now that is also the cause of the slow download: if the upstream is saturated, the acks for the download-packets are delayed enormously. Solution: limit the upload-rate to a few KB below your maximum upload-rate.

Preventing webserver hackers from connecting to IRC servers

Sometimes when a user runs some picture-gallery or forum software, your server gets more or less hacked: a hacker will start under the user with which your webserver runs ('www-run' for example) an ircbot. You can prevent this with this:

iptables -I OUTPUT -m owner -p tcp --destination-port 6660:6669 --uid-owner nobody -j REJECT

This will not work if the hacker runs his/her irc-server on a different portnumber then the ones blocked.

Enabling remote X in Fedora 2/3/4

In /etc/X11/gdm/gdm.conf change the line with DisallowTCP=true in it to DisallowTCP=false.
Then restart X. Don't forget to adjust your firewall.

Allowing remote X

On the server execute this:

/usr/X11R6/bin/xauth list :0 | awk '{ print $NF }'

remember that output then on the client to this:

export DISPLAY=__hostname_of_your_X_server__:0
xauth add __hostname_of_your_X_server__:0 . __output_of_previos_command__

Debugging an application that expects data via STDIN



# create a named pipe:
mkfifo mypipe

# pipe your applications input into that named pipe:
cat data > mypipe &

# run gdb:
gdb application

# then in gdb:
run < mypipe

Disabling the 'accesskey' html-option

Certain sites, like freshmeat.net remap the ALT+F key to their find menu. I find this annoying. To disable this behaviour in firefox, surf to 'about:config' and double click on 'accessibility.accesskeycausesactivation' (which sets it to false).

Using a TER-GX102 S GSM-modem with smstools

In the configurationfile put:

mode = ascii

Leave everything else to default-mode.
Don't forget to enter phonenumber is international format (with countrycode) without the '+'!

Curl always failing with errorcode 52

When curl always fails with errorcode 52 also for sites that are available, add '-A curl' to the commandline.

Letting Firefox open new windows in a new tab instead

In the address-bar, enter "about:config", then search for "browser.tabs.showSingleWindowModePrefs". Double click on that line so that it becomes 'true'.
Then open the preferences menu from the menu-bar. Go to "advanced" and then search for "Tools": below there you can find "Force links that open new windows to open in...", click the radio-button before "a new tab".
With these settings all new windows will go to a new tab unless it has features like different size or no toolbars. If you also want these kind of windows to be opened in a tab, go back to "about:config" and search for "browser.link.open_newwindow.restriction". When found, set it to "0".

VPND across tor

It is possible to have a VPN accross a Tor anonymous network. For that you need vpnd which limits this 'trick' to the platforms supported by vpnd which are currently Linux and FreeBSD. You also need tsocks.
On the server, you have a file vpnd.conf which looks like this:

mode server
server YOUR_SERVER_IP_ADDRESS PORT_NUMBER_TO_USE
client 0.0.0.0
local 192.168.0.1
remote 192.168.1.1
keyfile vpnd.key
randomdev /dev/urandom
autoroute
keepalive 300
pidfile /var/run/vpnd.pid
noanswer 3
mtu 576
sendbuf 3072

The local and remove address are the addresses used in the vpn. You also need to change the 'server'-line.
On the client you have something like this:

mode client
server YOUR_SERVER_IP_ADDRESS PORT_NUMBER_TO_USE
client 0.0.0.0
remote 192.168.0.1
local 192.168.1.1
keyfile vpnd.key
randomdev /dev/urandom
autoroute
keepalive 300
pidfile /var/run/vpnd.pid
noanswer 3
mtu 576
sendbuf 3072

Of course, the portnumber in the server line as well as the ip-address should match with what you configured on the server side. Also make sure that 'local' and 'remote' match!
After that, create a (shared) key which you will need to transport safely from the server to the client. Use an PGP encrypted e-mail for example.
Starting the vpn on the server is only a matter of:

vpnd

and on the client you type:

tsocks vpnd

Don't forget to edit tsocks.conf so that it points to your tor-client!
E.g.:

server = 127.0.0.1
server_type = 5
server_port = 9050

You may need to change the server ip-address (if the tor-client runs on an other box then the box running the vpnd-server) as well as the port-number.
Warning: make sure that you use ip-addresses as long as tsocks doesn't support socks 4a as otherwhise you will still send out a (non-anonymized) DNS request!

Postfix annoyances

Postfix refuses to deliver to a mailbox > 50MB

Set 'mailbox_size_limit' to some other value:

mailbox_size_limit = 2147483648

Postfix refuses e-mails > 10MB

Set 'message_size_limit' to some other value:

message_size_limit = 2147483648

Postfix refuses to deliver mail while there's plenty diskspace left ('452 Insufficient system storage')

Set 'queue_minfree' to some other value:

queue_minfree = 2024000

WARNING: 'queue_minfree' must be at least 1.5 x the 'message_size_limit'!

Changing size of gnuplot images

You for example enter this in your gnuplot script:

set term png

replace that by for example:

set term png size 1024,480

Running minimalist from procmail

create user 'mlist'
in /etc/aliases, set:

minimalist:     mlist
listname:       mlist

in /home/mlist/.procmail put:

:0
* ^To:.*minimalist
* !^FROM_MAILER
* !^X-Loop:.*minimalist
* !^From:.*postmaster
| /usr/local/sbin/minimalist.pl

:0
* ^To:.*listname
* !^FROM_MAILER
* !^X-Loop:.*listname
* !^From:.*postmaster
| /usr/local/sbin/minimalist.pl listname

Run several fetchmail mail retrievals in parallel

Fetchmail doesn't have a standard way of retrieving mail for multiple servers at the same time. With this script you can do so:

#!/bin/sh

cd ~
for i in `grep -e "^ *poll " ~/.fetchmailrc | awk '{ print $2; }' | sort -u` ; do \
	(mkdir -p .$i.fm ; FETCHMAILHOME=.$i.fm fetchmail -f ~/.fetchmailrc $i &) ; done

For it to work, your .fetchmailrc should look like this:

poll servernickname via hostname:

Calculating effective bitrate for ADSL

IP-traffic is tunneled over ATM when using ADSL. So you won't get the exact 2Mbit or what ever your ISP tells you you have.
To find the real bandwitdh: divide by 9.6 and then multiply by 8.

CPAN modules fail to compile

Then you're probably on a RedHat >= v9 system.
Do this:

export LANG=C

and retry.

complaints of grsecurity-kernel about RLIMIT_CORE being 0

If, while running program x, a segmentation fault occurs in program x and syslog outputs the following string:
Apr 17 11:55:06 yyy kernel: grsec: attempted resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 by (x:z) UID(y) EUID(y), parent (y:y) UID(y) EUID(y)
then kernel tried to write a core-file for the program x to disk, BUT the max size of the core file is set to 0.
Growing the maximum size of a core file:

ulimit -S -c 8192

GCC (ld) complains: ld: Undefined symbols: ___gxx_personality_v0

Add the following to the line with LDFLAGS=:

-lstdc++

Enabling root-access on MacOS X

It is o-so-trivial:

passwd root

and enter the new root-password twice.

KDE only using TrueType and Type1 fonts after upgrade to 3.1.3

After upgrading KDE from version 3.1.2 to 3.1.3 (in Debian), KDE suddenly only used TrueType and Type1 fonts. If you have only a limited set of fonts, this is a bit of a nuisance since everything might look a little odd then. If this is the case, check that you have switched off 'Anti Aliasing' in the font-menu of the KDE-control center. If it is off and things look still weird (after restarting KDE!) check the file /etc/fonts/local.conf and uncomment the following line:

  <!-- <dir>/usr/X11R6/lib/X11/fonts</dir> -->

it should then look like this:

  <dir>/usr/X11R6/lib/X11/fonts</dir>

After that, run the following command and restart KDE:

fc-cache -f -v

NFS shares get stale after a while or don't mount at all

This might be caused by the fact that the server really wants to have portnumbers below 1024 for the session. Adding insecure to the exports-file fixes that.
Example:

/home	somehost(rw,insecure)

Postfix (+ fetchmail) complains about mail-loops

When retrieving your e-mail for your domain to your local system with fetchmail via PostFix, mail seems to get bounced.
If the system you're receiving the mail from uses QMail or PostFix to process your mail, add:

dropdelivered

to the end of the line saying something like:

	user 'username' there with password 'password' is * here options ... dropdelivered

'apt-get' (Debian) says "E: Dynamic MMap ran out of room" and bails out

Create a file /etc/apt/apt.conf and put something like:

Apt::Cache-Limit 67108864;

in it. If it still fails, make that number higher.

"Girotel" with Konqueror

When you want to do your banking stuff in Girotel with Konqueror:

Disable Java
In "browser identification", set for the following sites the identity to "Mozilla/4.0 (compatible; MSIE 5.0; Mac_PowerPC)":
- gto.postbank.nl
- postbank.nl

Displaying a man-page in ASCII

man ManName | col -b > ManName.txt

Get a Perl-module from CPAN

The easy way which also automatically fetches all modules needed by the module:

perl -MCPAN -e 'install modulename'

e.g.:

perl -MCPAN -e 'install WWW::Search'

nfs mounts mysteriously failing

When you get the following error:
rpc.mountd: refused mount request from x.x.x.x for /something (/): no export entry
make sure the nfs-server can resolve the hostname of the client-system.

Hard to find bugs in scripts

To switch on tracing:

set -x

`at' not doing anything when running seti@home

Run atrun with -l <number of seti@home instances>.
If you're running for example 2 instances of seti@home (or something similar), do:

atrun -l 2.0

domain lookups returning SERVFAIL

Say you've setup a DNS for your domain. You did everything like the HOW-TO told you.
But for every query you do, you get something like "** server can't find hostname: SERVFAIL".
Then add the following:

$TTL 1D

to the top of your zone-file and restart bind (named).

Handling files > 2GB

In your source, before all the #include-statements, put the following:

#define _LARGEFILE64_SOURCE

Use open64, create64, lseek64, etc.
When you want to printf an offset, use the following:

printf("%lld", offset);

Creating a shared library

First, compile your C-code:

cc -fPIC -O -c file.c -o file.o

Then, create a .a-file:

ar -r libname.a file.o

and finally, create the shared library:

ld -x -shared -soname libname.so.1 -o libname.so.1.0 --whole-archive libname.a

Windows user gets message when printing through Samba

Add the following command to the printer-section:

print command = echo `date` print job queued: %p %s | tee -a /dev/tty11 \
	| smbclient -M %m 2>&1 > /dev/null ; lpr -r -h -P %p %s

Building a Linux-kernel on an Alpha

The magic command is:

make boot modules modules_install

Output-image is in arch/alpha/boot/vmlinux.gz.
Also, see: http://www.cromwell-intl.com/unix/linux-alpha-kernel.html.

System acting funny after updating GLIBC

I found that after updating glibc and things, multiple programs started acting funny: Apache+SquirrelMail denying all logings, nmbd segfaulting, etc. etc. Stopping those processes and restarting them didn't seem to help. The only "solution" I could find was... a reboot! Very very strange. If anyone knows what I forgot to do (yes, I ran ldconfig) please tell me: folkert@vanheusden.com

inetd[xxx]: getpwnam: root: No such user

So you decided to upgrade glibc to the latest and greates version, but now suddenly inetd gives this strange error in syslog and you don't seem to be able to, for example, pick up your mail through pop3. The solution is this: in /etc/nsswitch.conf replace "compat" to "files" for the following three entries:

passwd:         files
group:          files
shadow:         files

Reducing the frequency of disk-writes

I found that my Linux-system was way to noisy for my bedroom: almost every 5 seconds it was writing to disk. I found 2 solutions:
1. use noflushd, but I didn't like that: it also spins down the harddisk which reduces the lifetime of your harddisk
2. fiddle around with mount-options and kernel-parameters
For the last option, I did 2 things: in /etc/fstab I added 'noatime' to the options of the mounted partition:

/dev/hda2       /       ext3    defaults,noatime  1 1

and I set some parameters which make disk-reads occur as soon as (reasonably) possible and disk-writes only when all buffers are at their limits:

echo "90 500 0 0 600000 600000 95 20 0" > /proc/sys/vm/bdflush
/sbin/elvtune /dev/hda -r 2048 -w 131072

Warning: don't use these settings if your PC is not reliable and crashes often or when power-outtages occur frequently!

Comparing files & taking some action based on outcome

Method 1

cmp -s file1 file2 || {
  # do something
}

Method 2

cmp -s file1 file2
if [ $? = 1 ]
then
  # do something
fi

Configuring a WIFI-setup

When you want to change the channel or baudrate or something, first bring down the interface. I found that otherwise the changes are most of the time(!) ignored.

ifconfig ethx down
iwconfig ethx ...
ifconfig ethx up

Configuring TINC for a VPN

Tinc can be kind of hard to setup when you're new to it; the manual is just way to elaborate. For the impatient, I wrote a very small howto. You can find it here: tinc_mini_howto.html

Back to my Linux menu

Last update: April 28, 2008