Recent Articles

WAR_STORIES: bash goes recursive

One day you are trying to copy a file to a remote host, but something goes terribly wrong: $ scp /tmp/foo user@example.com: lost connection In fact, after you run scp it just hangs there for good 5 seconds, and then bails out. Meanwhile, ssh for this user works as expected - you can log in to that host, move around, and the host looks perfectly healthy. Oh well, what can it be?
Apr 5, 2018   #Linux  #core  #gdb 

Howto: make OpenVPN ignore default routing

You are using OpenVPN for accessing single resource on the remote network, and you do not want all of your traffic to be routed through VPN. To achieve this, add the following directives into OpenVPN client config: route-nopull route 192.168.2.0 255.255.255.0 In this example I am routing only 192.168.2.0/24 through VPN, and everything else will use my normal routes.
Aug 7, 2016   #OpenVPN  #network  #howto 

Howto: make bluetooth device to always connect in A2DP mode

Recently I got a very nice bluetooth speaker from Bose. When I paired it with my smartphone, the sound quality was much better than when paired with my laptop. It turns out, my laptop was for some reason picking HSP/HFP profile instead of more advanced A2DP. I changed this setting, but after each reconnect it was disregarded. The simplest fix is to make Ubuntu ignore HSP by adding this line to [General] section of /etc/bluetooth/audio.
Jul 17, 2016   #Ubuntu  #bluetooth  #fix  #a2dp 

OpenVPN fails to register remote DNS server

You are starting your OpenVPN client and constantly getting an error message: openvpn --config myconfig.ovpn openvpn Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:23: register-dns (2.3.2) Also, remote DNS server is not registered in your /etc/resolv.conf. To fix this: add these lines to your OpenVPN config (myconfig.ovpn): up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf add –script-security 2 as a parameter to OpenVPN: openvpn --config myconfig.ovpn --script-security 2
Jul 16, 2016   #openvpn  #fix  #dns 

Let's Automate Let's Encrypt

This article was featured and first appeared in June 2016 Issue of Linux Journal Introduction HTTPS is a small island of security in this insecure world, and in this day and age, there is absolutely no reason to not have it on every website you host. Up until last year there was just a single last excuse: purchasing certificates was kind of pricey. That probably was not a big deal for enterprises; however, if you routinely host a dozen of websites, each of them with multiple subdomains, and have to pay for each certificate out of your own dear pocket - well, that could quickly become a burden.
Jul 3, 2016   #SSL  #Let's Encrypt  #HTTPS  #nginx  #docker  #Linux Journal 

vagrant ansible local

The other day I was using ansible_local provisioning for Vagrant. After the usual vagrant up it gave me this obsure error: ==> myserver: Running provisioner: ansible_local... myserver: Installing Ansible... The Ansible software could not be found! Please verify that Ansible is correctly installed on your guest system. If you haven't installed Ansible yet, please install Ansible on your Vagrant basebox, or enable the automated setup with the `install` option of this provisioner.
Jun 26, 2016   #linux  #vagrant  #ansible  #ansible_local  #fix 

Google Chrome freezes graphic system in fullscreen mode

I was playing fullscreen youtube video, and all of a sudden graphic system died: sound goes on, but system does not respond to keyboard and the image is frozen. Of course, quick fix is to switch to TTY with Ctrl-Alt-F2, log in, and issue: sudo service lightdm restart Fix, but not workaround. I want my fullscreen youtube back! Turns out, it is a regression in a recent version of Google Chrome.
Apr 3, 2016   #Ubuntu 14.04  #Google Chrome  #fix  #workaround  #youtube  #bug 

HOWTO: fix garbled output in terminal after dumping a binary

You tried to output a binary file, and now your terminal is garbled with nonsense. It is unreadable now! Been there, done that… $ cat /boot/initrd.img-* Yes! Boom! What was that and how to fix this?.. Turns out, there are many binary sequences that can harm the way your terminal prints things. Also, it is quite easy to fix: If you are running my favorite tmux press Ctrl-b x y (you will kill current pane)
Mar 28, 2016   #unix  #linux  #cli  #tty 

SSL Part 1: How to set up nginx SSL/TLS to get "A+" grade on ssllabs.com

In this series of articles we will configure nginx for getting the highest score from SSLLabs. We are going to use free certificates provided by trusted CA LetsEncrypt. And what is even more fun, we will make it automatically renewable every month. After configuration is finished it should look like this:

Mar 24, 2016   #SSL  #nginx  #ssllabs  #A+ 

add virtual memory for one-off task

Has it ever happened to you that you are lacking “just 4 more gigs of RAM” for running a memory-hungry process? You can add more swapspace without rebooting or changing volume size.

Mar 23, 2016   #linux  #workarounds  #memory