Posts tagged ‘linux’

Sometimes, you want to manually alter the caching behaviour of linux. Making sure all data is committed to disk can be done by the sync command. If you want to flush the caches for reads as well, you need to go deeper into the system.

echo 3 > /proc/sys/vm/drop_caches

Writing 1 only clears the pagecache; 2 clears the dentries and inodes; 3 clears all.

TBF or Token Bucket Filter is a tool from the linux kernel. It can be inserted as a “queueing discipline” for an Ethernet device. TBF is usually employed to limit the bandwidth.

I tried to configure TBF on my Ubuntu 9.10 VMware box, but I got disappointing results: I only got around 100kbps, no matter what I configured. I tried the same setup on a physical server, with the same results.

Continue reading ‘How to get TBF back to work’ »

Sometimes it’s really useful to prepend a timestamp to every output line of a command. This can be done fairly easily:

$command | \
perl -pe '@now=localtime();printf "%04d-%02d-%02dT%02d:%02d:%02d ",$now[5]+1900,$now[4]+1,$now[3],$now[2],$now[1],$now[0];'

The perl command reads in every line, prints the current time in the default format (or in whatever format you specify), followed by the read line.

When hosting multiple sites on a single IP, HTTP1.1 has the necessary items on board to route the request to the correct site. This works because an HTTP 1.1 request includes a Host: header, which indicates to the server which site the client wishes to access.

When using SSL-secured connections, this doesn’t work anymore. The problem is similar to the situation in HTTP1.0: The server needs to know to which SSL-host the connection is addressed. SNI introduces a similar solution: It specifies an extension to the SSL negotiation to indicate which server the client wishes to access.

Continue reading ‘SSL vhosts with Apache’ »

I sometimes pipe a command to less to study it’s output. If it’s interesting enough, I re-run the command and redirect the output to file. This approach has some limitations: the command is run twice, possibly with different output.

Obviously, I should use tee to send the output to both less and the file, but I regularly forget this. That where this hint comes in: you can save the current less-buffer to file!

In short, to save the buffer that is being displayed by a session of `less’, use its pipe-to-shell-command capability by scrolling to the top of the file and press `|’ followed by `$’ as well as entering `tee DESTINATION_FILE’ when prompted for the shell command.

This is probably something everybody knows, but I’ve been Googling for this answer for over an hour:

  • BASEDIR=/whatever
  • cp $DEBs $BASEDIR/.
  • mkdir -p $BASEDIR/dists/$DIST/$COMPONENT/binary-amd64
  • cd $BASEDIR
  • apt-ftparchive packages . > dists/$DIST/$COMPONENT/binary-amd64/Packages
  • echo “deb file:$BASEDIR $DIST $COMPONENT” >> /etc/apt/sources.list
  • apt-get update

$BASEDIR is whatever directory you have space in (preferably an empty directory); $DIST and $COMPONENT are “jaunty-backports” and “main” in my setup, but you can vary.

You also might need to add the following line to /etc/apt/apt.conf to get rid of the “untrusted source” warning:

APT::Get::AllowUnauthenticated “true”;

rsync is a very nice tool to synchronize two directories, especially if they are on different machines. If you require confidentiality of the transferred data, rsync works great over ssh.

Besides the standard password authentication, ssh also supports public key authentication. This key-based authentication has the added bonus of having per-key options:

  • you can restrict the source IP from which this key may be used
  • you can force a command to be executed instead of allowing the connecting side to specify one

Continue reading ‘Restricted rsync over ssh’ »

It is perfectly possible to configure a linux server (or workstation if you wish) to talk IPsec. The Linux Advanced Routing & Traffic Control site has a page describing it. Since IPsec is a standard protocol, I wanted to get a tunnel up and running between a linux host and a Cisco router: with success! Here are the config files that I used in this test:

Continue reading ‘IPsec under Linux’ »

IPsec is becomming the Internet standard for securing IP packets. Instead of manually configuring all the encryption parameters, the keys are usually negatiated between the peers using an ISAKMP (Internet Security Association and Key Management Protocol)/Oakley protocol: IKE (Internet Key Exchange). This post goes into its details.

Continue reading ‘IPsec/ISAKMP negotiation opened up’ »

I got another toy to play with: A digital multimeter with RS232 interface and True RMS power measurement. Sadly, it comes with Windows-only software, which I interpreted as a challenge!

Continue reading ‘VoltCraft VC-940 protocol reverse engineered’ »