Autor(en): Daniel

12.04.14

Bleeding heart fixed

xkcd.com/1354 provides a very nice explanation of the „OpenSSL Heartbleed“ bug that has been discovered a few days ago:

FWIW I have re-newed the SSL certificates for my services (and revoked the old ones).

By Daniel in Ankündigungen, computer, Security04/12/14 English (US) Email

05.09.12

Deploying a website using Git via SSH remote

Git has a concept of "remotes" (tracked repositories), which allows to have
arbitrary alternate remote locations besides the typical "origin" remote, like "web".

The basic idea is to setup a user on the remote server ($SSH_DEPLOYUSER) which
is allowed to login via SSH (e.g. by adding your public SSH key to the deploy
user's ~/.ssh/authorized_keys file) and will be used to checkout what you want
to deploy.

To accomplish this you have to setup the Git working directory on the server and
add a "post-receive" hook, which will be invoked by Git after you have pushed
to the repository:

Code:

$ mkdir /path/to/repo-checkout
$ cd /path/to/repo-checkout
$ git init
# Create the post-receive file/hook (Ctrl-D to end the input to "cat"):
$ cat > .git/hooks/post-receive
#!/bin/sh
export GIT_DIR=$(pwd)
cd ..
git checkout -f
git submodule update --init --recursive
$ chmod +x .git/hooks/post-receive
$ git config --add receive.denyCurrentBranch ignore
$ chown $SSH_DEPLOYUSER -R .

On the local side you have to add a "remote" (named "web" in this case):

The final step is to initially push to it (which requires to specify the "refspec" once - following deployments can be done by just doing a "git push web"):

Code:

$ git remote add web ssh://$DEPLOYUSER@host.example.com/path/to/repo-checkout/.git
$ git push web +master:refs/heads/master

These instructions are based on the howto at toroid.org/ams/git-website-howto, but the main difference is that I am not using a "bare" repository here, which would not allow to use Git submodules; submodules require a "full" Git working directory and having a checkout of the repository requires the receive.denyCurrentBranch=ignore setting.

03.06.12

Use hybrid suspend method by default with pm-utils/Linux (suspend to RAM and disk)

There is this nice method of suspending a computer to RAM (which is quick to suspend and resume, but still uses some battery) and after a given amount of time to disk, if it has not been waken up since then (e.g. after 15 minutes).

Ubuntu (and any other distribution using pm-utils) supports this via the pm-utils package and its pm-suspend-hybrid script.

Unfortunately this is not used by default (even hibernation is not available from the menu by default), but only normal suspend.

The following configuration snippet will make pm-utils use the "suspend_hybrid" method instead of "suspend" when being invoked:

You have to create a file like /etc/pm/config.d/00-use-suspend-hybrid and add the following code (e.g. via sudo -e /etc/pm/config.d/00-use-suspend-hybrid):

Code:

# Always use suspend_hybrid instead of suspend
if [ "$METHOD" = "suspend" ]; then
    METHOD=suspend_hybrid
fi

I came up with this solution after having asked for a method to do so at Ask Ubuntu.

This way hybrid suspend will be used automatically if you select e.g. "Suspend" from the menu or close your laptop's lid (both actions call pm-suspend which then gets remapped).

You can configure the amount of time before hibernation (Suspend To Disk) is being invoked with the PM_HIBERNATE_DELAY variable (in seconds), which you can just configure in the same file, too:

Code:

# Always use suspend_hybrid instead of suspend
if [ "$METHOD" = "suspend" ]; then
    METHOD=suspend_hybrid
fi
PM_HIBERNATE_DELAY=300  # invoke hibernation to disk after 5 minutes (300 seconds)

You might want to make sure that the hybrid method is supported on your system via the following code. If it says "0" it should work:

Code:

sudo pm-is-supported --suspend-hybrid && echo $?

Happy suspending.

Update (2013-10-09): I have updated my own answer at AskUbuntu with another (really hybrid, often preferred method), which you can use with Linux 3.6+.

15.09.11

Disable disk cache in Chromium / Google Chrome

There is no user interface in Google's browser Chrome yet to disable the disk cache, or control its size (version 14 appears to have something in the developer tools section).

But it can be done using command line options when starting the browser, and you can configure this globally for Ubuntu.

The following command line flags will use /dev/null ("the sink") as cache dir, and additionally limits it to 1 byte:

--disk-cache-dir=/dev/null --disk-cache-size=1

(I have tried just --disk-cache-size=0 or 1, but it did not appear to work as expected)

On Ubuntu/Debian, you can just add these flags to the CHROMIUM_FLAGS variable in /etc/chromium-browser/default and it will be used every time when starting Chromium.

The motivation to do this comes from me using a local (intercepting) HTTP proxy with its cache on a RAM disk. Therefore I do not want Chromium to store quite the same retrieved files on disk again.
Additionally, this is a SSD, which is not that happy about being written to in general.
Therefore /tmp is a tmpfs mount already, and the same should be the case for temporary browser files.

By Daniel in Ubuntu, Debian, Snippets2011-09-15 English (EU) Email

25.08.11

Marian - Only Our Hearts To Lose

Offenbar auch ein sehr schönes Album, wo Marek Hemmann mit involviert ist..

Marian - Only Our Hearts To Lose by marekhemmann

Von Daniel in music25.08.11 German (DE) E-Mail
Schlagworte: ,

24.08.11

Marek Hemmann - In Between

Alleine wegen des Tracks `Gemini` lohnt sich der Kauf dieses Albums schon sowas von..

Nachdem ich es (aufgrund dieses Tracks) heruntergeladen habe, merkte ich auch, dass sich noch mehr meiner last.fm loved tracks darunter befinden.

Kurzum Geilomat!

Selbst wenn man dann beim MP3-Download feststellt, dass aktuelle Linux-Versionen von Amazon nicht mehr unterstützt werden (man kann dann die Tracks einzeln herunterladen).

Von Daniel in music24.08.11 German (DE) E-Mail
Schlagworte: , ,

15.03.11

Script to double/halve OpenVZ resources

The following script allows you to easily double or halve resources in an OpenVZ container.

You would install this script as "/usr/local/bin/vz-double-resources" and also create a symlink named "vz-half-resources" to it (probably also in /u/l/b).

This then allows you to just call "vz-double-resources 123 shmpages" in case you've been notified that there have been shmpages beancounter failures (resource limit has been hit).
This outputs the command to double the bean counter limit, and allows for easy execution by just forwarding the output to "sh", as in "vz-double-resources 123 shmpages | sh -".

Here's the script (available and maintained as/at Gist):

Code:

# cat =vz-double-resources
#!/bin/bash
 
VZ="$1"
RESOURCE="$2"
 
if [ -z $VZ ] || [ -z $RESOURCE ]; then
    echo "Usage: $0 VZ RESOURCE"
    exit 1
fi
 
case $0 in
  *-double-*) OPERATION="*2" ;;
  *-half-*)   OPERATION="/2" ;;
  *) echo "Invalid: $0" ; exit 1;;
esac
 
echo "# Operation: $OPERATION"
 
# get failures:
# awk '$NF ~ /[0-9]*[1-9]$/' /proc/bc/*/resources
 
if [ -f /proc/bc/$VZ/resources ] ; then
# uid  resource                     held              maxheld              barrier                limit              failcnt
 
  resource=$(echo $RESOURCE | tr '[:upper:]' '[:lower:]')
  awk /$resource/ /proc/bc/$VZ/resources | {
    read resource held maxheld barrier limit failcnt
    if [ -n "$resource" ]; then
      cmd="vzctl set $VZ --$resource $(($barrier $OPERATION)):$(($limit $OPERATION)) --save"
      echo $cmd
      exit
    fi
  }
fi
[[ -n "$cmd" ]] && exit
if [ -f /etc/vz/conf/$VZ.conf ] ; then
  value=$(grep -i "^$RESOURCE=" /etc/vz/conf/$VZ.conf)
  eval $value
  RESOURCE=$(echo $RESOURCE | tr '[:lower:]' '[:upper:]')
  resource=$(echo $RESOURCE | tr '[:upper:]' '[:lower:]')
  value=$(eval echo \$${RESOURCE})
  echo $value | {
    IFS=: read barrier limit
    cmd="vzctl set $VZ --$resource $(($barrier $OPERATION)):$(($limit $OPERATION)) --save"
    echo $cmd
  }
else
  echo "ERROR: container $VZ not found."
  exit 1
fi

This is a script I've been using since quite a while (otherwise it would use zsh instead of bash), and have not looked into after creating it.
I just noticed that it is quite useful in general and therefore wanted to make it public.

Seitenleiste