Ok, so far I’ve created a cfengine setup that works. On my main host ‘elektron’ I’ve created a /export/nfsroot/x86 directory. This holds the general files for the x86 Ubuntu lazy clients. With 2 scripts (see below) I can easily create a whole new x86 from scratch. Bringing up new lazy clients is even more easy, once the groundwork is there. I only need to do three things: fix the DNS (forward and reverse) fix the DHCP and add an ip address.

In my ongoing effort to make my lazy client work I’ve embarked on the next phase of the project: Making a client boot from a generic NFS mounted root partition and then giving it its own /etc on a ramdisk. This way I’m saving disk space and administration overhead on my server. The virtual /etc is provisioned by cfengine. This allows for small changes between the lazy clients while they still share the bulk of the rest of the files.

while playing with cfengine I kept seeing these messages: Cfengine input file had no explicit version string Well, I greped in the source of cfengine and this has helped me find the solution, in the file install.c we have the following: 3359 void VersionAuditFile() 3360 3361 { char *sp; 3362 3363 if (sp = GetMacroValue(CONTEXTID,"cfinputs_version")) 3364 { 3365 AUDITPTR->version = strdup(sp); 3366 } 3367 else 3368 { 3369 Verbose("Cfengine input file had no explicit version string\n"); 3370 } 3371 } (Line numbers are from VIM).

I want to quiet, full blown PC, without fans nor a harddisk in my living room. See my other blog about this subject Currently I’m thinking about the following setup: NFS4 root some sort of configuration management I wanted to use puppet, but after seeing it use more than 30% of my main memory – This is on a AMD64 Ubuntu server – I was ready to ditch it.

Some older presentations I have given can be found here. The all deal with DNSSEC - note that most of them have been written a few years ago.

Google is always helpful of course, so I’ve found this blog entry on how to set the background in xfce. It boils down to setting a jpg in XFCE’s backdrops.list and then reloading xfdesktop. Crude, but it works. This can de done with the following command: cat <<EOF > ~/.config/xfce4/desktop/backdrops.list # xfce backdrop list background.jpg EOF And then xfdesktop --reload However when running from CRON it is more easy to do a killall -USR1 xfdesktop.

Working on backup programs for almost a decade now, I’ve had plenty of time to think about file system wrt backups. Basically I want the following properties in a file system online snapshots in a .snapshots directory (for instance). the possibility to say the all those .snapshot directories must be mounted on a separate mount point. to ability so say the .snapshot directories should be encrypted and send to remote server.

After some switching I have now settled on XFCE. With Ubuntu XFCE sometimes does not start, this is a dbus issue in combination with gnome-screensaver (a race condition between the two). This sucks, but can be resolved easily with apt-get remove gnome-screensaver (There aren’t any interesting option anyway…) So my XFCE is now up and running, time for some tweaking. In the quest for precious vertical pixels (especially on the EeePC 701 I own) I decided I must remove those pesky title bars.

Grrrrr cd rm -rf Desktop mv Documents docs I don’t want desktop environments messing with MY home directory. Thank you.

I’ve battled with amavis too often and I started to dislike it a little. So when I wanted to configured my postfix setup to scan for viruses and spam and needed a solution which would work without amavis. This is what I came up with. debian administration was kind enough to do the hard work, but this is only the setup for clamav and I also want to spam scan.

Just came by this, an article I wrote for Cisco (Internet Protocol Journal) back in 2004. The article

DSA 1617-1 a security update from Debian says they forgot to update the SE Linux policy that would allow BIND9 to randomize its source ports… I always found SE Linux to be too complex for my needs, but now it turns out you can actually be more vulnerable when you run SE Linux. I know enough.

.nl employs a system for registering a domain name that works as follows: you setup a zone you register the zone name .nl checks the zone from your nameservers if the zone is found to be OK, your name is registered if it is not ok, you have to fix your zone or the name is already claimed (you can check that before hand) This conflicts with how most ISPs work.

I’m trying to move my noisy server to the cellar I’m left with the question how do I cater for my desktop computer needs. I would be nice to have a thin client, but then you have the problem that local devices do not work: because you are actually working on the server, it needs to “know” somehow that you have locally inserted an USB disk. This sucks. So how about a thick client, a client with enough power to run a full blown Linux distro.

Small script which display “teletekst” pages from the Dutch teletext (or the Belgium, but I’ve never used that). I’m not the original author, but feel free to grab your copy. #!/usr/bin/perl # # Dit scriptje laat de NOS teletext zien # # (c) 2001, 2002, 2003 by Bas Zoetekouw <bas@debian.org> # All rights reserved. # # Naar een idee van Wouter Bergmann-Tiest # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1.

This is an older article that I’ve brought back to live This was original written at the time of Linux 2.6.0 So be ware! update As it turns out, the script below never did work correctly (see the bottom of this page for an updated version). The reason it did work for me was that sshn INET_2 never blocked outgoing port 25…until October the 8th. This was at the same time I was experimenting with linux2.

This info can also be found on the Internet, but I thought I compile it here too. Problem You want to save something (say passwords) in a file and protect the file with a master password (say with your PGP/GPG key). This can be cumbersome unless you have vim. The following examples will handle *.gpg files differently, vim will decrypt the file when opening it and encrypt the file when writing it.

Well, after giving Xmonad a chance I’ve reverted back to XFCE. This time with a 1-pixel wide window decoration. Short story: I really like the tiling of Xmonad (or any other tiling window manager). But you do miss some flexibility if you really want to move a window. Also I needed a panel and system tray, which are available as third-party tools, but aren’t the real deal. So back to XFCE.

Every now and then I get the ‘prompt-itch’ and then I need to tweak my prompt again :) Of course I’m very happy with the way my prompt was. My idea of a good prompt is to be as short as possible and still be informative about your environment: Only tell stuff I’m really interrested in and for the rest SHUT THE HELL UP! So no date output in my prompt, If I want to know the time I will type date myself.

I’ve created a new latex style to mimic some old school UNIX manuals I’ve been reading the past few months. It’s a very plain style that keeps out of your face. This in contrast with the blockbook style This is how it looks: You can read about it a small howto doc. To use it, you will also need the class file. UPDATE I’ve updated the style file so that the description lists will be indented with the same amount of space, no so more

Hmmm, this is the second time in 1 year that I had a corrupt filesystem on my raid partition. I saw no other option than mke2fs -j /dev/md7. My first problem with XFS started on my fileserver, which only had 256 MB of memory. Turns out XFS was OOM-ing inside the kernel, this in turned messed up the filesystem. xfs_repair was also running out of memory. When I finally got enough virtual memory in this box xfs_repair was kind enough to segfault.

The GNOME decadence thread got me thinking. What does GNOME give me? (I consider myself a hardcore UNIX user). Well… it gives a nice interface with a nice terminal implementation (gnome-terminal). Further more with the recent Ubuntu 8.04, it also provides PulseAudio, never got that working btw, went back to ALSA. Tracker, what the hell was ever wrong with locate? Never got that working, and when I did, it was dog slow.

I’m publishing this for my own future reference. A short usage guide on git for an ex-svn addict. goal client server init .git repo git init git init start remote repo git clone ssh://server add a file git add $file git add $file commit the file git commit -a -m"log" git commit -a -m"log" upload to server git push origin master import remote changes git reset --hard get changes from server git pull

Note: this is an older article that I’ve revived. Also note: in todays email flood I don’t know if such a popup is something you want to use… #intro I’ve used gnubiff, xbiff and God knows what to provide a simple notify when receiving mail. But I wanted more. I want to be able to tweak certain settings, without going in to the source code of the application. Also the way mail notifiers mess with your mailbox is not something I particularly like.

On Jun the 7th I gave a little presentation about DNSSEC at the NLLGG meeting. The presentation is in Dutch and the title is: “DNSSEC, wat is het? Komt het er ooit nog van?” (DNSSEC, what is it? Does it ever happen?) the pdf of the presentation

I’ve been using git for some time now, but as mentioned elsewhere the learning curse for this ‘stupid content tracker’ is quite steep. Right now I finally seem be getting the hang of it and can use it in a svn like manner. So we have: adding a file to a reposity: git add <file> committing it to the local branch: git commit -a -m"log" uploading it to the remote master: git push origin master And the one that took about 2 months to find:

Hmmpf, those Ubuntu guys are good. If just finished a painless upgrade to the new Ubuntu: Hardy Heron. Some subtile differences; better Gnome (new metacity with composer). And some other stuff that I’m discovering right now. :-)

The default VIM7 install is equipped with the English dictionary, but as I’m Dutch I wanted to use the Dutch spelling, unfortunately these spell files are not included in Ubuntu. The following article is a short howto on how to add this wonderful feature to your VIM. Dutch spelling Download your language from the debian experimental archive. I needed Dutch so I downloaded: /main/v/vim-spellfiles/vim-spellfiles-nl_20060604-1_all.deb Install this with: dpkg -i vim-spellfiles-nl_20060604-1_all.deb This will put some files in /usr/share/vim/addons.

Vim tip 21 allows you to copy text between VIM session running in different terminals! No more using your mouse to copy, just yank in one terminal and paste in another! Put this in your .vimrc: set clipboard=unnamed set go+=a

Usually people use SSH as a replacement for rsh, which is of course a good thing. SSH uses encryption to transport your password to the remote server for authentication. But SSH can do more, you can use a public/private key pair and set it up in such a way (google around for howto’s), that SSH will only transport a public key over the Internet. This way no passwords are transported, so even if someone breaks the encryption, no harm is done.