Jacques Marneweck's Blog

OpenSolaris and VMWare boot issues

2010-05-18T19:41:01Z

When running OpenSolaris SX:CE >= snv_100 on different flavours of VMWare (Fusion, ESX, etc.) one needs to change edit the grub menu to include "disable-pcieb=true" at the end of the kernel line. To do this you will need to hit "e" to edit on the grub menu item, and then "e" on the line for the kernel. At the end of the line if there is no "-B" with options after that, add the "-B disable-pcieb=true". Once you have installed OpenSolaris, you can go ahead and edit your /boot/grub/menu.lst and add this there as well.

How many drafts do you have in your blog software?

2009-12-22T21:07:34Z

I currently have 43 draft entries in my blog software (movable type) that I've not yet published as I have not gotten round to posting some of the posts.

Google "Public DNS" to compete against OpenDNS

2009-12-03T17:36:28Z

Google have launched their "Public DNS" service - a similar service to the OpenDNS public dns resolvers. It is going to be interesting to see how much competition occurs. It is usually faster to use the OpenDNS public dns resolvers than one's upstream ISP's one. Not sure when Google will start adding additional features like OpenDNS like blocking access to malware sites, ability to see how many DNS queries you are making, etc.

If you want a non-filtered service at this point in time use the Google Public DNS servers (they are using Level3 for their upstream connectivity):

8.8.8.8 and 8.8.4.4

And if you like filtered DNS results you would want to use the OpenDNS ones:

208.67.222.222 and 208.67.220.220

UPDATE:

Quick stat from doing DNS queries against Google, IS and OpenDNS's cache servers:

Google: 546ms and 243ms
IS: 303ms and 36ms
OpenDNS: 432ms and 297ms

Looks like all three cache the results on their anycast clusters.

How do you use MySQL as a DBA?

2009-12-03T17:18:21Z

Interesting question for MySQL DBA's: do you prefer using the mysql cli interface and know the SQL statements to execute in order to do your admin work like creating databases or do you prefer using the mysqladmin interface? Personally I prefer using the mysql cli interface and executing things like 'CREATE DATABASE foo' rather than 'mysqladmin create blah' - I suppose I like the SQL queries over remembering the other way of doing things.

Upgraded Movable Type

2009-11-08T22:12:13Z

Finally managed to get round to upgrading movable type - need to hack my wpcp function to add files that haven't been added with svn add for some odd reason. I must admit that I like the cleaner appearance of the admin interface.

Added bonus is not having to spend a few hours upgrading the templates - it seems that they've fixed that broken feature this time around.

jot gotcha

2009-08-11T19:24:17Z

Seeing that I run into this jot gotcha every couple of months while writing shell scripts, I thought I would add a reminder for myself here (and so that google can pick this up for me next time).

On FreeBSD, by default you don't get access to the seq command to generate sequences, so you naturally will use jot for your shell scripting needs for generating number sequences.

So for example, we want to start with 0 and increment to 4 (one cannot use variables in the bash sequence generator, so {0..$max} won't work here. So for example we have 5 logfiles that we want to grok on a server and another has 6 so instead of hardcoding the varible on each server like {0..4} where we have 4, {0..6} where we have 6, we use jot and some nasty piping commands to get that number.

root# jot 4     
1
2
3
4

Okay so misread the manual very quickly and try:

root# jot 0 4
4
5
6
7
8
9
10
*snip*
93211
93212
93213
93214

Pass the number of iterations (5), start (0) and where it ends (4):

root# jot 5 0 4
0
1
2
3
4

Firefox 3.5 Regression issues with wildcard SSL certificates

2009-07-04T14:30:31Z

I really hate educating people how to do the following, but a bit of an explanation around this. Mozilla Firefox 3.5 now does not play nice with wildcard SSL certificates where you do things like service.servername.example.com when you only have a wildcard SSL certificate for *.example.com - the guys at Mozilla have marked the bug as "Won't Fix" which basically means that one now needs to teach people how to bypass this warning.

The latest version of Mozilla Firefox 3.5 has issues with wildcard SSL certificates and is giving warnings that "This Connection is Untrusted" when visiting https://service.servername.example.com/ - this is unfortunately an issue with the Mozilla Firefox 3.5 web browser. You will need to click on the "Add Exception..." link, ignore the warning about "You are about to override how Firefox identifies this site. Legitimate banks, stores, and other public sites will not ask you to do this.". Click on "Get Certificate" and then click on "Confirm Security Exception". A bug is being filled with Mozilla about this regression in their software.

Hopefully Mozilla can release a patch Firefox 3.5.1 which reverts this regression in their software.

Anyway here is the list of bugs I'm going to be keeping an eye on for this issue:

Deploying sites in seconds

2009-07-03T18:48:32Z

Currently playing around with the private beta of the Smart Platform from Joyent - took less than 2 minutes to deploy their hello world app (apart from me getting a bit annoyed with git). Need to still work on getting git to not warn me about:

$ git push
warning: You did not specify any refspecs to push, and the current remote
warning: has not configured any push refspecs. The default action in this
warning: case is to push all matching refspecs, that is, all branches
warning: that exist both locally and remotely will be updated.  This may
warning: not necessarily be what you want to happen.
warning: 
warning: You can specify what action you want to take in this case, and
warning: avoid seeing this message again, by configuring 'push.default' to:
warning:   'nothing'  : Do not push anything
warning:   'matching' : Push all matching branches (default)
warning:   'tracking' : Push the current branch to whatever it is tracking
warning:   'current'  : Push the current branch
Everything up-to-date

A basically static site took a while longer as I misread a page in the documentation and then had files sitting in the incorrect location. One still needs a bootstrap.js file even if you intend on just serving up static files.

Seems like one needs to tell git to only attempt to push the currrent branch using the following command gets rid of the warning when using git push in future:

$ git config push.default current

FreeBSD vr network card issues

2009-04-18T21:38:37Z

Sort of a note to self for the next time I bump into a very annoying issue with network cards that use the VIA Technologies Rhine I/II/III controller chips on network cards like the quite popular dlink (shows up under vrX in ifconfig -a) is that when you start binding multiple IP addresses on a vr card a few seconds later the card stops working.

Turns out there is a bug of sorts with the FreeBSD vr driver which needs some fixing so moral of the story for the moment is not using vr based network cards till this is fixed.

Twitter Search the posterchild for 500's

2009-03-04T20:20:52Z

One of my pet peeves is currently when Twitter Search is down - there goes being able to zone into conversations on any given topic from bsdisms, following cloud computing, etc.

Tired of seeing:

Status: 500 Internal Server Error Content-Type: text/html 500 Internal Server Error

How difficult is it to fix something that was not broken when it was Summize?

This is what a reply from twitter looks like:

HTTP/1.1 200 OK Date: Wed, 04 Mar 2009 20:52:44 GMT Server: hi Content-Type: text/html; charset=UTF-8 Cache-Control: max-age=300 Expires: Wed, 04 Mar 2009 20:57:44 GMT Vary: Accept-Encoding X-Varnish: 1089043412 Age: 0 X-Cache-Svr: searchweb008.twitter.com X-Cache: MISS Via: 1.1 varnish, 1.1 bc1-rba Content-Length: 122 Connection: Keep-Alive Set-Cookie: _search_twitter_sess=*snipped*; path=/

Status: 500 Internal Server Error
Content-Type: text/html

500 Internal Server Error

UPDATE:

Okay it's up if I go via reverse proxy in the USA - so it's just down for South Africans.

UPDATE:

IS have added some rules to their netcaches and search.twitter.com is working again.

No Smarty

2009-02-22T17:38:42Z

If you've not heard about it yet, there is now a website advocating not using Smarty. The time for using smarty has gone - but makes one wonder if Flickr, Facebook, etc. are still using it.

Happy New Year!

2009-01-01T21:44:33Z

Just a quick blog post to say Happy New Year! 2008 seems to have flow by quite quickly and at the start of 2009 I've made a resolution to not make any resolutions as I never tend to be able to keep any of my new years resolutions. Hopefully this year I can get round to blogging more often which is something which I've not been following through on.

MRTG missing SNMP_util

2008-10-26T20:14:32Z

One of the joys of installing ports on FreeBSD is the odd occasion that the dependencies list is missing a dependency. is not installed you get nice perl errors in the case of the following

# cfgmaker public@127.0.0.1
Can't locate SNMP_util.pm in @INC (@INC contains: /usr/local/bin/../lib/mrtg2 /usr/local/bin /usr/local/lib/perl5/5.8.8/BSDPAN /usr/local/lib/perl5/site_perl/5.8.8/mach /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.8/mach /usr/local/lib/perl5/5.8.8 .) at /usr/local/bin/cfgmaker line 105.

Turned out SNMP_util is missing and required a quick install of SNMP_Session to make cfgmaker work.

cd /usr/ports/*/p5-SNMP_Session
make install clean

One can see that the dependency list for mrtg excludes SNMP_Session:

# pkg_info -rR mrtg-2.16.2,1 Information for mrtg-2.16.2,1:

Depends on:
Dependency: perl-5.8.8_1
Dependency: p5-Socket6-0.22
Dependency: p5-Pod-Parser-1.35_2
Dependency: p5-IO-Socket-INET6-2.56
Dependency: p5-Digest-SHA1-2.11
Dependency: p5-Digest-HMAC-1.01
Dependency: p5-Crypt-CBC-2.30
Dependency: p5-Crypt-DES-2.05
Dependency: p5-Net-SNMP-5.2.0
Dependency: png-1.2.32
Dependency: jpeg-6b_7
Dependency: pkg-config-0.23_1
Dependency: freetype2-2.3.7
Dependency: libiconv-1.11_1
Dependency: gd-2.0.35,1

Anyways I need to send-pr a patch for the port to get this fixed in the ports tree.

Patches to update rails 2.1.0 to 2.1.1

2008-09-07T23:04:13Z

I've made some patches to update Ruby On Rails version 2.1.0 to 2.1.1 where you make use of the unpacked gems and a subversion repository (running 'rake rails:freeze:gems' has a bad habit of leaving your working copy in a mess as it blows away your 'vendor/rails' directory and recreates it).

Download the patch files by using the following script and apply them into each directory under vendor/rails by running rails-updater.sh.

If you have issues with patching files (like when using svn eol-style:native for files) you may need to grab the failed files by doing 'gem unpack component' and copying those files over and removing the reject files. I've tested the patches on a couple of open source apps and it applied cleanly except to one working copy.



patching file CHANGELOG

patching file Rakefile

patching file lib/action_mailer/base.rb

patching file lib/action_mailer/vendor/text-format-0.6.3/text/format.rb

Hunk #1 FAILED at 1.

1 out of 1 hunk FAILED -- saving rejects to file lib/action_mailer/vendor/text-format-0.6.3/text/format.rb.rej

patching file lib/action_mailer/vendor/tmail-1.2.3/tmail/parser.rb

Hunk #1 FAILED at 12.

1 out of 1 hunk FAILED -- saving rejects to file lib/action_mailer/vendor/tmail-1.2.3/tmail/parser.rb.rej

patching file lib/action_mailer/version.rb

patching file test/abstract_unit.rb

Another way to fetch the files is to fetch them from the github website using url's like:

http://github.com/rails/rails/tree/v2.1.1//?raw=true

i.e. for the failed lib/action_mailer/vendor/text-format-0.6.3/text/format.rb mentioned above we would fetch it from the following URL - http://github.com/rails/rails/tree/v2.1.1/actionmailer/lib/action_mailer/vendor/text-format-0.6.3/text/format.rb?raw=true.

Exim gotcha with SMTP Auth

2008-09-03T12:35:06Z

One gotcha when using exim to do authenticated SMTP one wonders why you keep seeing the following:

Return-path: <"email@add.re.ss"@server.host.name>
*snipped*
Sender: "email@add.re.ss"@server.host.name
*snipped*

One needs to modify your acl for acl_check_rcpt for authenticated SMTP connections to contain the sender_retain bit like below:

  accept  authenticated = *
          control       = submission/sender_retain

Restart your exim (in my case on FreeBSD I used /usr/local/etc/rc.d/exim restart) and send a email:

Return-path: 
*snipped*
Sender: email@add.re.ss
*snipped*