Listed on

Systems Administation

OSX High Sierra - the missing utils

The missing utilities


Following the official demise of PPTP a few updates ago Apple seems to have continued retiring features in High Sierra. In particular High Sierra has dropped a couple of utilities that we dinosaurs still use:
  • telnet
  • ftp
Whilst old and not supporting the shiniest security models they are still needed for debugging and ensuring that backward compatible systems remain that way. Read More...

SCM Manager on a Mac with a Letsencrypt certificate

SCM Manager



SCM Manager (https://www.scm-manager.org) manages source code repositories. It support GIT, Mercurial and SVN. Whilst initial installation on OS X was simple there were a number of difficulties in getting to a best practice installation. In particular using external certificates from Lets Encrypt (https://letsencrypt.org) was non-trivial. Read More...

Proxying internal websites via OS X Server

Proxying internal websites via OS X Server



After rearranging my network to use an OS X server for my main web server there were a few web based systems that I need to expose to the outside world. The advice on Reverse Proxy with macOS Server (http://stationinthemetro.com/2017/05/02/reverse-proxy-with-macos-server) by Mark Boszko worked for me. Read More...

Real SSL Certificates for OS X Server

Real SSL Certificates for OS X Server



LetsEncrypt (https://letsencrypt.org) has a mission of moving unencrypted Internet traffic to encrypted Internet traffic. They do this through relatively short lived SSL certificates. So an automated process for setting up and maintaining them is vital.

On shifting my web site to OS X server I also adopted LetsEncrypt and its Certbot. Read More...

OS X Server

OS X Server



While configuring OS X server (Sierra) I had to gather together a fair number of additional facts to finish configuration:
  • Port forwarding
  • Disabling default wiki

Read More...

IPSec between a FRITZ!Box and a Mikrotik

Due to the death of my FreeBSD router out at the farm a replacement was required. A Mikrotik Router was purchased (because of its compatibility with IPv6) and then the IPSec tunnel adventure began… Read More...

P2V a Linux box into VMWare

This really should be obvious and easy … after all everyone does it … but my Google Fu kept leading me to solutions that relied on having access to old versions of VMWare Converter.

But it really is easy by combining:
  • netcat; and,
  • qemu
P2V is simple.
Read More...

FRITZ!Box VPN to FreeBSD

I recently acquired a FRITZ!Box 7272 with the aim to replace my m0nowall firewall and ADSL router. The original idea was to simplify and hence improve my IPv6 connection to Internode and use the FRITZ!Box’s phone and Fax services on my fixed line. The catch is that I run a permanent LAN to LAN VPN connection between my house and the farm … and the FRITZ!Box was going to have to do this. Read More...

Lacie 2Big NAS



I purchased a Lacie 2Big NAS to act as backup storage - it was quiet and nicely designed - it fitted into a home environment. Unfortunately, the device only offered email notifications of failure - which didn’t fit well against my Nagios based monitoring approach. A bit of protocol reverse engineering and studying their released sources resulted in a Nagios plugin that could monitor the NAS’s health.

Read More...

FSCK instructions for Rasperry Pi

It is trivially easy to shut your Pi down incorrectly and it still seems that this has not been addressed well in the Raspberian repository. Here is a summary of http://www.raspberrypi.org/forums/viewtopic.php?t=64843 which describes how to fix the dreaded:

FAT-fs (mmcblk0p1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.



problem Read More...

Internet Woes: Delivering the mail in spite of the weather

My ADSL connection is having difficulties at home ... one of the few services I really care about is getting email ... and without a working externally accessible IP address it is hard to deliver mail to your mail server. Many large telcos’ NAT mechanisms make it extremely difficult to connect to services behind their 3G dongles; fortunately with the help of ssh, inetd and socket a solution can be temporarily cobbled together. Read More...

PostgreSQL CLI utility with SSL

The Postgres CLI utility can sometimes prove a little painful to use when trying to connect to a server. In this case the sticking point was require SSL on the server. Read More...

IPv6 on Internode using Monowall (Update)

In my previous article on using Monowall to connect to Intenode I made an observation that turning router advertisements on on the WAN interface was necessary. Further experimentation showed that this was not the case. Read More...

IPv6 on Internode using Monowall

As a previously happy SixXS (https://www.sixxs.net) user with a Monowall firewall (http://m0n0.ch/wall/) I thought that I would move one of my IPv6 services to something a little more local than England. Internode (http://www.internode.on.net) have an IPv6 over PPPOA / PPPOE ADSL2+ service so after much trying I persuaded Monowall to provide access to Internode’s IPv6 service. Read More...

Computer Security Isn't an Afterthought

Computer security must be built in to every application, it is almost impossible to add it on at the end. Read More...

Why NAT is not a security mechanism

All too frequently I see articles that refer to Network Address Technology (NAT) as a security mechanism. Let us be clear NAT has nothing to do with strengthening security and an awful lot to do with weakening it. Read More...

UPS on FreeBSD

Last night my long serving brick of a UPS died ... and to put it bluntly I feel almost naked without a UPS protecting my home server. This left the question of what to acquire. Top of my list of priorities was to have a serial interface - USB is just too painful to contemplate after the last time I configured a UPS on FreeBSD (Another CyberPower I blogged about in January 2013) and it would be nice if it worked with Network UPS Tools (NUT).

I ended up acquiring a CyberPower Value1200eLCD - and managed to get it working on FreeBSD ... but not with NUT apparently the people at CyberPower have backed away from the openness that they once embraced and also changed their protocols.
Read More...

Mavericks

I just completed my upgrade to OS X Mavericks and so far have hit 3 glitches:
  • Install hung
  • Can’t search contacts
  • Realmac Clear for Mac goes non-responsive
Apart from these issues so far so good.
Read More...

Java and Embedded devices

Java has such promise for use in embedded devices: Just download the JVM on the client device and access the embedded device from whatever client OS or platform you wish. Unfortunately the truth is rather less than the promise. Read More...

Do you have Foxtel ...

The power saving power board people have been around … yet another piece of equipment fails due to their poor training.

There is an Australian government program which allows electricity users to receive standby power saving power boards in exchange for the carbon credits the devices are estimated to deliver. Unfortunately, the training given to the people who deliver the boards is poor. The only question they appear to ask is “Is that device for Foxtel?”, and that is the only device they plug in to an outlet that stays on all the time. Read More...

Prowl as a Nagios Notifier

Prowl (@ProwlApp) works now (Apple it seems has finally sorted out its developer portal issues in relation to certificates) and notifications are flowing. All in all the presentation and configuration of alerts is great. Read More...

Prowl

As part of improving my reporting of Nagios alerts I decided to try using the Growl framework via Prowl to my iPhone. This was precisely the wrong time to do so as Apple is having an extended down time on their developer centre and a certificate renewal and hence his push notifications are not working. I have to praise the developer of Prowl as in spite of his obvious frustrations he has used Twitter to keep his users informed in a humorous and effective way. This is one of the best examples of handling a fault that is out of your control and crippling to your business that I have seen. Read More...

Goodbye Postini, Hello SpamHero

With the impending doom of Google’s mail filtering service (the service formerly known as Postini) I have been searching for alternatives. The front runner is SpamHero. My business partner at Clarinet Internet Solutions, Daniel O’Callaghan made the transition easy and came up with an interesting hybrid solution for further enhancing its operation. Read More...

Was the BOFH sleep deprived?

Is your systems admin irritable? Could it be sleep deprivation? The BOFH (Bastard Operator from Hell) is a classic figure from computer science fiction (http://bofh.ntk.net/BOFH/) famed for his low tolerance for users disturbing his ‘work’ schedule and doing exactly what they asked but rarely what they wanted. His quick wit probably means that he wasn’t sleep deprived but I am starting to ask how prevalent are the effects of sleep deprivation and what we need to do about them. Read More...

Android on the Desktop - If the plug fits

One thing I didn’t expect when I deployed a bunch of Android based boxes in a call centre was that operators would start plugging their iPhones etc in. Apparently, if the plug fits … Read More...

Head in the Clouds

If you open any computing trade journal you could be forgiven for believing we had all moved to New Zealand and were looking out on a marvellous vista - the land of the long white cloud. Unfortunately, in spite of the great work being done by the marketing people, the world hasn’t actually changed that much. Cloud is still virtualised servers and remote hosting. The new and exciting bits are rapid on demand deployment and tear down. In this article I take a look at who and why you should use cloud from an economic management point of view.
Read More...

Fear of Command Lines

Anyone know if there is a psychological term for fear of command lines and configuration files? A name for this phobia would be incredibly useful as I keep bumping in to circumstances where supposedly technical users downgrade a tool just because it doesn’t have a GUI and assume it must be “hard to use” if it is not driven by a point and click interface. Read More...

Low cost LeoStick based Serial Switch

The farm is connected to the Internet by a WiMax based wireless service which occasionally has a problem which needs the WiMax modem / router to be rebooted.

A low cost USB powered switch connected to one of the computers at the farm solved the problem nicely.

Read More...

Android on the Desktop - Keyboard adventures

Having deployed our Android boxes we encountered a couple of interesting issues relating to the origins of the platform. Read More...

Android on the Desktop

Currently I am speccing a call centre and one of our key requirements is to reduce our software administration and maintenance overheads. We are currently trialling Android STBs as terminals for the agents. Our hope is that their browser is sufficient to work with our bespoke web site and we will not have to do any major maintenance on the boxes as they are locked down to just the browsing app. Read More...

Contact sense in 24 Hours

Lots of quite expensive equipment used in telecommunications, television and security still use contact sens outputs for reporting error conditions.This project was put together in the space of 24 hours to allow Nagios to
monitor some contact closures.

Read More...

It is better when it is green

Monitoring systems are central to my happiness as a systems administrator. They tell me when things go wrong … hopefully before the phone rings … warn me when things are getting close to failing and can provide more directly useful information than direct customer reports. The major problem with monitoring systems is getting the information from the system to the human. Nagios’s web page will make noises and can provide a text based display; but sometimes you need a simple display that prompts you to go look for a problem. This is where traffic lights and other visual indicators are useful. Read More...

The IO Blender

At the VMUG Regional User Conference (#MVMUG Feb 7, 2013), Stephen Foskett (@sfosckett, http://blog.fosketts.net) presented on the IO Blender. The essential idea was that there was a great loss of information that was exploited by the storage arrays because the data was hidden behind the hypervisor. This reminded me about some information theory and compression. Read More...

Getting rwho to work under Solaris SMF

Solaris (10+) and OpenSolaris use a relatively new mechanism for starting daemons the SMF (Service Management Framework). Adding a new entry to a manifest is surprisingly easy. We use rwhod as an example. Read More...

Wierd behaviour of Cyberpower UPS

After finally getting sick of watching RAID rebuilds I bit the bullet and installed a Cyberpower BR850ELCD UPS on my FreeBSD monitoring box. Given I bought what I could find at the instant - there was an immediate threat to the stability of my power - and there were no available serial ports on the monitoring server we took the best available compromise especially as there we could also detect power failures via the network. Naturally, things did not go smoothly... Read More...

Oops - Undeleting a file on Freebsd

A perfect storm of filename completion and inattention resulted in the deletion of a C source code file yesterday (.core starts with .c). As a result I had to find a way to “undelete” a file from a FreeBSD system. Read More...

Change management

There is a wide range of change management practices employed by companies ranging from none through to fairly rigid and long documents that need to be completed before any change can be made - no matter how trivial. Not having change management invites both disaster and avoidable errors; excessive change management is usually a reaction to too many of the former problems. Read More...

FTP on an EMC NS20 Celerra

The EMC NS20 Celerra NAS is a small enterprise grade NAS that we use to support a VMWare Cluster and Office CIFS. It seemed like to obvious candidate to provide an external FTP service; this turned out to be a little less easy than was expected. Read More...

Why sysadmins hate it when it rains …

It rained today … and rain equals pain in the world of systems administration and telecommunications. Bad things happen when it rains ... Read More...

Rsync on Windows

Rsync is probably one of the most useful tools for moving / synchronising files at reasonable bandwidth speed.

One particularly useful trick to reduce down time for daemons when moving their storage is to initially copy their file store while the daemon is running, take the daemon down, then sync the file store before bringing the daemon up. The down time of the daemon is vastly reduced as you only need to copy the changed data.

Thanks to Cygwin this tool can be enjoyed on Windows as well as Unix, FreeBSD, Linux, MacOSX etc the only trick is how do you access windows drives in a Unix like way. Read More...