System clock losing several seconds per minute permalink
Note to self. If this happens again, shut the computer down, turn off the power supply and hold the power button down for several seconds to totally drain any voltage. Most interesting thing in the log:
APIC calibration not consistent with PM-Timer: 0ms instead of 100ms APIC delta adjusted to PM-Timer: 1440271 (1022)[Update] adding tsc=unstable to the kernel boot command line in grub sorted the problem.
Creating an encrypted backup on a USB stick permalink
USB sticks are 1) slow to write and 2) wear out. I've previously ruined a stick by creating a LUKS encrypted filesystem on one and then rsync'ing my home directory to it.
My work-around has been to create the filesystem in a Logical Volume on my hard disc and then dd it
However, this doesn't work (anymore?). cryptsetup luksOpen of the USB stick fails:
Jul 26 14:40:57 frodo kernel: device-mapper: table: 254:29: crypt: Device size is not multiple of sector_size feature (-EINVAL) Jul 26 14:40:57 frodo kernel: device-mapper: ioctl: error adding target to tableThis can be further worked around by mapping a loop filesystem of the correct size onto the LV:
losetup --show --sizelimit 123730388992 -f /dev/vg1/templv
## what is the size of the USB stick? lsblk -b /dev/sdd # NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS # sdd 8:48 1 123730388992 0 disk ## create LV of that size lvcreate -n temp -L123730388992b vg1 ## but it's too big lsblk -b /dev/sdd /dev/mapper/vg1-temp # NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS # sdd 8:48 1 123730388992 0 disk # vg1-temp 254:15 0 123731968000 0 lvm ## so set up a loop device losetup --show --sizelimit 123730388992 -f /dev/vg1/temp cryptsetup luksFormat /dev/loop0 cryptsetup --verbose --debug luksDump /dev/loop0 | grep "Device size" # Device size 123730388992, offset 16777216. cryptsetup luksOpen /dev/loop0 enc-usb mkfs.f2fs /dev/mapper/enc-usb mount /dev/mapper/enc-usb /mnt/usb # now rsync the files to /mnt/usb umount /mnt/usb/ cryptsetup luksClose enc-usb losetup -d /dev/loop0 # copy to USB dd if=/dev/vg1/temp of=/dev/sdd bs=4M status=progress
Unable to sign up to UPS using IPv6 permalink
I've got an IPv6 tunnel from he.net Trying to sign up to UPS "My Choice" failed repeatedly with the message
Sorry, we're unable to process this request. Please check your information and try againDisabling IPv6 in the browser config made it work.
OBD USB interface permalink
- Windows 10: Need to install "Silicon Labs CP210x UART Bridge" / "CP210x USB to UART Bridge" device driver from this link
- Right clicking on a ".inf" file doesn't show the "Install" option, if Explorer is showing the contents of a ".zip" file. Extract it first.
Confusing error message: permalink
$ ping -6 frodo ping: frodo: Address family for hostname not supportedIs trying to say that there is an entry in
/etc/hostsfor frodo's IPv4 address, but not one for its IPv6 address.
Apache, PHP and "EROFS" permalink
Trying to install Nextcloud, I had failures with PHP not being able to write into the config directory.
"message":"Cannot write into \\"config\\" directory! This can usually be fixed by giving the webserver write access to the config directory.. Or, if you prefer to keep config.php file read only, set the option \\"config_is_read_only\\" to true in it
access("/usr/share/webapps/nextcloud/20.0.4/htdocs/config/config.php", W_OK) = -1 EROFS (Read-only file system)
I finally tracked down the meaning of the "EROFS" error - it was because I had this systemd config for the apache2 service:
See "man systemd.exec":
If true, mounts the /usr directory ... read-only for processes invoked by this unit
I solved it by setting "config_is_read_only" as suggested, but also needed to
make sure that the "data" directory was under "/var/www". I also had to set
"'writable' => false," in the "apps_paths" setting of "config.php".
How to load the co-ordinates of caves into OsmAnd permalink
(Updated 06-May-2019). .gpx files, and other formats, can be found at http://cavemaps.org/data/
(Updated 16-Dec-2018. Since the death of Professor Charles Read, his website at Leeds University has disappeared, however parts of it, but not the .gpx/.gpi files are is available at archive.org, as well as at https://solocavediver.com/ )
(As an aside, I note that he has an Erdős number of 4)
OsmAnd is a free map app for Android.
To overlay the co-ordinates of caves:
* Use the Chrome browser
* scroll down, then long click on a link to a GPX file.
* save to the Downloads directory
* In OsmAnd, tap on the three bars at the bottom left to open the menu
* "My places", "My Tracks", "Import"
* Tap on the icon for a file, it changes to a tick, then "Open"
* for subsequent imports, click on the "+" at the bottom left.
* Finally, on the "My tracks" page, tap on the three dots to the right of a file and "show on map".
About me: permalink
I'm a computer hacker (in the original meaning of the word), a caver, a fell-walker, and cyclist.
mail me at email@example.com
Note that sending unsolicited marketing e-mail to an individual in the UK is an offence under the Privacy and Electronic Communications (EC Directive) Regulations 2003 and that the collection and processing of personal information is regulated by the Data Protection Act.
I started seeing repeated delivery failure messages from the Linux Kernel Mailing list: permalink
postfix/cleanup: 2819B22313: info: header Subject: Do You Need A Hand? from vger.kernel.org[126.96.36.199]; opendkim: too much header dataA quick Google suggested that this was because the header size was greater than the default of 65536 that OpenDKIM accepts. I tried increasing this to 262144, but this didn't help. I then set
On-Security acceptin opendkim.conf. This caused the mail to be accepted. I then had a look inside the mail:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sego.es; s=default; <snip> $ grep DKIM-Signature msg.5SAz | wc -l 1000 $ sed -n '1,/^$/p' msg.6SAz | wc -c 396117What on earth are sego.es playing at?
If postfix isn't delivering mail and you have this message in your log file permalink
amavis: (!!)TROUBLE in pre_loop_hook: config: no rules were found! Do you need to run 'sa-update'?check the permissions on subdirectories under
/var/lib/spamassassin/3.004001/If root has a restrictive umask of 0077, then files need to be set world readable
chmod -R a+rX /var/lib/spamassassin/3.004001/
"Opening '/proc/net/rpc/nfs4.nametoid/channel' failed: errno 2" permalink
If you get the above error, make sure that you have CONFIG_NFSD_V4 enabled in your kernel config.
After seeing Greg K-H's comments permalink
about old Long Term Support kernels, I updated a couple of servers from 4.4 to 4.14. I ran into a problem with named (BIND) failing to start.
kernel: mmap: named (6332): VmData 35500032 exceed data ulimit 2097152. Update limits or use boot option ignore_rlimit_data.It seems that having the line
datasize 2M;in named.conf is the cause. Just remove that line. It seems that it's commonly been copied for donkeys' years: I can first find it in a config from September 2003.
With systemd 235, playing "Black Mesa" in a systemd-nspawn container stopper working: permalink
Running glxinfo gave the error
libGL error: failed to open drm device: Operation not permittedand strace showed:
open("/dev/dri/card0", O_RDWR|O_LARGEFILE|O_CLOEXEC) = -1 EPERM (Operation not permitted)The fix is to add
--property='DeviceAllow=/dev/dri/card0 rw'to the systemd-nspawn command line
Solved: pcap errors permalink
# iftop -i eth0 interface: eth0 pcap_open_live(eth0): eth0: socket: Address family not supported by protocol # dmesg | tail [595841.213279] iftop uses obsolete (PF_INET,SOCK_PACKET)Make sure that CONFIG_PACKET and CONFIG_PACKET_DIAG are enabled in your kernel config
$ diff .config.old .config 3c3 < # Linux/x86 4.4.70 Kernel Configuration --- > # Linux/x86 4.4.89 Kernel Configuration 635c635,636 < # CONFIG_PACKET is not set --- > CONFIG_PACKET=m > CONFIG_PACKET_DIAG=m $
umount: /mnt/tmp: device is busy permalink
If you are trying to unmount a device, you get the error "device is busy", but lsof/fuser don't show any process holding the device open, it could be that a file on the device is associated with a loop device.
# losetup -a /dev/loop/0: :25280514 (image) offset=55273881600 # losetup -d /dev/loop0 # umount /mnt/tmp(updated, 2016-11-01)
dmsetup info | grep loop dmsetup remove loop0p2 dmsetup remove loop0p3may help too
More hints on unmounting a filesystem: permalink
# ls -l /dev/mapper/ # dmsetup ls # dmsetup info loop0p2 # dmsetup remove loop0p2 # losetup -a # losetup -d loop0 # umount /mnt/tmp
Windows Security Applications (2007-12) permalink
(updated for Malwarebytes, 2016-02-04) When working with friend's PCs, here are some applications I install:
- Secunia PSI Personal Software Inspector (updated 2018-03-14 - this will soon be discontinued)
- (Added 2013-03-04) Filehippo Update Checker
Colleagues also recommend Ninite
reviewed at The Register
- Grisoft AVG free anti-virus
Lavasoft Ad-AwareNot any more - see this article (2011-11-13)
- (added 2008-02-10) And one more link: Windows Sysinternals
- (Added 2011-12-27) SANS ISC recommend MalwareBytes free anti-virus, OTOH: security issues,
- (Added 2013-03-04) The UK government's advice
Hints on running a well-configured outgoing mail server. permalink
If you do not have a static IP address, use your ISP's
mail relay (smarthost).
Make sure that there is a reverse DNS (PTR) record for your
IP address. Make sure that it is not generic (e.g. wylie.me.uk,
rather than client-12-34-56-78.adsl.example.org). You will need
to contact your ISP to do this. (See RFC1912 section 2.1)
Make sure that doing a PTR lookup, then doing an A lookup on that domain name gives the original IP address, e.g.
$ host 188.8.131.52 184.108.40.206.in-addr.arpa domain name pointer wylie.me.uk. $ host wylie.me.uk wylie.me.uk has address 220.127.116.11
Get your ISP to SWIP your IP allocation, so that a whois lookup shows
that it is allocated to you.
Make sure that your ISP has not listed your IP address as dynamic with
any DNSBL, e.g. dul.dnsbl.sorbs.net. If necessary, get your ISP to contact
the DNSBL maintainers and ask for your IP address to be delisted.
- Make sure that your HELO/EHLO string is a FQDN (Fully Qualified Domain Name), e.g. "wylie.me.uk", rather than "NTSERVER", as required by RFC 2821 section 18.104.22.168
Spamhaus reverse DNS
Spamhaus Dynamic IP lists
Yahoo mail help
AOL Technical Standards for E-mail Delivery
AOL Reverse DNS
Messaging Anti-Abuse Working Group Sender Best Communications Practices
If you get errors trying to nfsmount your root partition during a PXE boot permalink
VFS: Unable to mount root fs via NFS, trying floppy. VFS: Cannot open root device "nfs" or unknown-block(2,0): error -6 Please append a correct "root=" boot option; here are the available partitions: Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(2,0)try adding "nfsvers=3" to your kernel command line
LABEL alan KERNEL alan/bzImage APPEND root=/dev/nfs nfsroot=192.168.21.1:/work/netboot/alan/nfsroot,nfsvers=3 \ ip=dhcp nfsrootdebug vga=0x323 firstname.lastname@example.org/,@192.168.21.2/
Gentoo, bash, xmalloc errors permalink
In Gentoo, after turning on the bash use-flag "mem-scramble", I got emerge errors for icu and nmap:
bash: xmalloc: shell.c:1596: cannot allocate 10 bytes (0 bytes allocated)