Had to setup an FTP server at work (yuck), guides I found elsewhere didn’t do exactly what I was after, so it took some trial and error to achieve the setup I needed.
If you aren’t using StartSSL for your SSL certificate needs, you should take a hard look in the mirror and ask if the outrageous prices aged established Certificate Authorities charge are still justified. After all, it’s the same encryption — what you’re paying for is browser support. Well, from the consumer perspective, rigor of the validation process is even more important — ironically, I found StartCom validation process for their $40 Class 2 certificates to be far more rigorous than the “established” players who charge twenty times that.
When I first took a StartCom cert for a spin a couple of years ago, the issue I had was spotty browser support. Today, I’m happy to report that web browser support for the free StartSSL certificate is excellent. Well, almost…
Boxee folks helpfully host an APT repository (http://apt.boxee.tv/), but, as of this writing, only for Ubuntu 8.04 (Hardy) and 8.10 (Intrepid). But if you happen to run a later version such as 9.04 (Jaunty) or 9.10 (Karmic), you could still install from the Boxee repository through the magic of APT pinning. This method should work just as well with later versions of Ubuntu also.
On CentOS 5.4, the vnstat cron job generates an error:
Error: Unable create database backup "/var/lib/vnstat/.venet0".
By default, vnstat cron job runs as “nobody”, yet the database file “/var/lib/vnstat/venet0″ was owned by root, changing its ownership to “nobody”, fixed the problem:
chown nobody:nobody /var/lib/vnstat/*
I liked Jason’s solution of passing a file list to du via xargs to produce results sorted by size in human readable format, but wanted ability to limit file list by name and age. Combining the find command with du, worked out nicely:
find . -name "*tar.bz2" -mmin -120 -ls | sort -k7rn | awk '{print$NF}' | xargs du -sh
122M ./sls-monitor/830144.tar.bz2 98M ./sls-monitor/830156.tar.bz2 67M ./sls-off1/905895.tar.bz2 50M ./sls-off1/893748.tar.bz2 16M ./sls-off1/893759.tar.bz2 7.3M ./sls-off1/905897.tar.bz2 5.1M ./sls-off1/854850.tar.bz2 4.4M ./sls-monitor/804331.tar.bz2 3.8M ./sls-monitor/804333.tar.bz2 612K ./sls-off1/893755.tar.bz2 512K ./sls-off1/905898.tar.bz2
When syncing files over a trusted network, where speed matters more than someone’s ability to see contents of the transfer, might want to run rsync as a daemon instead of using remote shell as the transport.
In my tests, running rsync as a daemon produces file transfers almost twice as fast as when rsyncing over SSH.
Dec 09 was the first month I had achieved 100% spam catch rate since I started filtering my own mail a few years ago. Thanks, SpamAssassin Bayes plugin! Merry Xmas to you as well!
------------------------------------ Stats for Dec 2009 ------------------------------------ Ham SpamC SpamR SpamM HamC 160 392 1273 0 0 -------------------------------------------------------------- 1825 Total messages 1665 Total Spam (Caught + Missed + Rejected) 91.23% Spam as % of all mail 76.45% % of Spam rejected by Postfix at SMTP time 0% False positive rate (Ham misclassified as Spam) 0% False negative rate (Spam misclassified as Ham) 100.00% Spam catch rate (Spam filter accuracy) --------------------------------------------------------------
Let’s say you’ve got a file with the following lines:
cat file.txt
leave me alone
leave me alone
comment me out
leave me alone
comment me out also
leave me aloneComment out the lines that are begging for it:
sed -i '/comment me out/s/^/#/g' file.txt
Voila:
cat file.txt leave me alone leave me alone #comment me out leave me alone #comment me out also leave me alone
It was time to renew a couple of certs and it turned out that the CSR I had originally used was generated with a 512 bit key. Dynadot, who, by the way, offers a pretty sweet $15/year price on single root RapidSSL certs, suggested that I regenerate with a minimum of 1024 bits.
Indeed, it looks like 1024 bit key length is the minimum currently recommended. In fact, depending on whom you ask, it may already be insufficient.
NIST guidelines are comparatively optimistic, but even according to their 2007 Recommendation for Key Management, time for 1024 bit keys is passing quick.
Once again I did something that changed the host key (like rebuild the host). Now I’m trying to SSH to it and get the usual warning from SSH that the key is different. In the past, I’d open up ~/.ssh/known_hosts with VIM, enter “:” and line number SSH referred to, hit “dd” to delete it, then “:wq” to write and quit VIM, only to get warned again that the key for the IP address host is known by has also changed and do the whole dance over again.
But tonight is different. Tonight I’m gonna give the keyboard a break.
This will delete line 93 from known_hosts:
sed -i 93d ~/.ssh/known_hosts