NOTE: Please, check this updated post about this topic.
I have configured a IPsec server in my OpenWrt router to use it from my Android device when I am connected to an untrusted network. Previously I’ve used OpenVPN, but it drains too much battery, so I want to test if this solution, which is integrated in Android, works better.
I have taken the configuration from the OpenWrt Wiki.
[Read More]I had a server with a very big difference in the disk usage report of df and what du said I was actually using. The cause was that Apache had many open file descriptors to deleted log files. You can see all the deleted file descriptors with:
# ls -ld /proc/*/fd/* 2>&1 | fgrep '(deleted)'
Or using lsof: # lsof +L1 # lsof -a +L1 /home
Seen in: http://www.noodles.net.nz/2011/07/27/df-not-reporting-correct-disk-usage/ and: https://mradomski.wordpress.com/2007/01/08/finding-an-unlinked-open-file-and-other-lsof-uses/
I have connected my computer to the TV via HDMI and wanted to play audio simultaneously in the PC speakers and in the home cinema. You can see this solution in the Arch wiki, I just have added the device description for easier identification.
At the beginning of /etc/pulse/default.pa, add:
load-module module-alsa-sink device="hw:0,0" sink_name=analog_output_stereo channels=2
update-sink-proplist analog_output_stereo device.description="PC Speakers - Stereo"
load-module module-alsa-sink device="hw:0,7" sink_name=hdmi_output_surround channels=6 channel_map=front-left,front-right,rear-left,rear-right,front-center,lfe
update-sink-proplist hdmi_output_surround device.description="Home theater - 5.1"
load-module module-combine-sink sink_name=analog_hdmi_surround slaves=analog_output_stereo,hdmi_output_surround channels=6 channel_map=front-left,front-right,rear-left,rear-right,front-center,lfe
update-sink-proplist analog_hdmi_surround device.description="Home theater and PC Speakers - 5.1"
You can get the device id with aplay. “hw:0,7” means the card 0, device 7.
In recent versions of PostgreSQL there are replication capabilities built-in, but for older versions I’ve been using Slony-I. I’m going to describe how I’ve replicated a database running on PostgreSQL 8.4 with Slony 1.2. For more info, you can read the official documentation.
CREATE ROLE slony WITH SUPERUSER LOGIN PASSWORD 'mipassword';
CLUSTERNAME=db_cluster MASTERDBNAME=mydb SLAVEDBNAME=mydb MASTERHOST=psql01.example.com SLAVEHOST=psql02.example.com REPLICATIONUSER=slony DBUSER=user export CLUSTERNAME MASTERDBNAME SLAVEDBNAME MASTERHOST SLAVEHOST REPLICATIONUSER DBUSER
In a computer which is in a isolated network, I have experienced a long delay while logging in via SSH. This is because a DNS timeout. It’s possible to disable the DNS lookups of sshd, modifying this setting in /etc/ssh/sshd_config:
UseDNS no
After installing Unbound in a OpenWrt router, I noticed that afer a reboot, the DNS was not working. I saw many of these errors in the log:
failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN
I have discovered that the system date was wrong. As this device lacks a hardware clock, when the machine boots, it cannot synchronize the time by NTP because there is no resolver (Unbound doesn’t start because the date validation of the ICANN certificate fails). It’s a chicken or the egg problem.
[Read More]After realizing that my ISP (ONO) was hijacking the NXDOMAIN DNS responses, I decided to improve the security of the DNS queries for my entire LAN using DNSSEC.
I choosed to replace dnsmasq for unbound in my OpenWrt router. These are the steps I followed.
First I installed the required packages:
# opkg update # opkg install unbound unbound-anchor unbound-control unbound-control-setup unbound-host
As dnsmasq is also the DHCP server, I’m not going to disable it, only change the DNS port to 5353. In /etc/config/dhcp
In my OpenWrt box I have two internal networks,one for my LAN and other for the wifi guests. I have configured a proxy server, and to distribute the configuration to the clients, I did a little script to generate a proxy.pac file dependent on the client IP.
I have this in /www/cgi-bin/proxy.pac:
#!/bin/sh
mynetmask="255.255.255.0"
eval $(/bin/ipcalc.sh $REMOTE_ADDR $mynetmask)
if [ "$NETWORK" = "192.168.10.0" ]; then
proxy=""PROXY 192.168.10.1:3128; DIRECT""
else
proxy=""PROXY 192.168.11.1:3128; DIRECT""
fi
echo Content-Type: application/x-ns-proxy-autoconfig
echo ""
echo "function FindProxyForURL(url, host)
{
return $proxy;
}"
Make it executable, you can test it in command line passing the client IP:
[Read More]En algunas máquinas, cuando seleccionas texto con el ratón en Vim, se activa el modo visual, lo que me resulta muy incómodo, para deshabilitarlo, podemos ejecutar el comando:
:set mouse-=a
O configurarnos en el archivo ~/.vimrc
set mouse-=a
Fuente: www.varesano.net
Últimamente he estado investigando un proceso Java que fallaba por falta de memoria y he visto unas cuantas técnicas de monitorización bastante útiles.
Los parámetros para el control de memoria de la máquina virtual Java se pueden ajustar por línea de comandos. Hay muchos parámetros disponibles, pero cabe destacar -Xms y -Xmx. Podéis consultar las opciones más importantes en la documentación oficial.
Para tener un volcado de la heap en caso de error, son muy útiles las opciones -XX:+HeapDumpOnOutOfMemoryError y -XX:HeapDumpPath=/dir.