Note to self: explore FreeIPA. Someone on Serverfault suggested it and said it was what AD is for Windows. If it is, it would relieve me of LDAP hell. Too long for this blog post, but I spent about a week (or more) full-time to get an LDAP setup working, with all security measures in place. It involved diving into source code, discovering and reporting Ubuntu documentation bugs, etc. An experience I don’t care to repeat.
Author: halfgaar (Page 6 of 26)
Halfgaar is Wiebe. Wiebe is a contributing author on this weblog. He also has a lot of stuff (such as long, in-depth articles) on his personal website.
Wiebe's day job is as a senior software developer and system administrator at YTEC.
In his free time, he built the free, open-source FlashMQ software. Together with Jeroen and Rowan, he is now building a managed MQTT hosting business around his open masterpiece.
I’ve had some issues with my Blackberry Enterprise Server. Some users say their mail is not synced. Others are reporting calendars being messed up. Just jotting down some memory aids.
First, I had this error in the BBAS log:
org.jboss.remoting.CannotConnectException: Can not get connection to server. Problem establishing socket connection for InvokerLocator [sslsocket:
This KB article suggests it would fix itself after 24 hours, but that was not the case. I have about a month worth of BBAS logs full of that error. The log files grow to about 100 MB per day. It started around May 23.
Restarting the Blackberry Administrator Services (two services) seemed to have fix that, but in turn, I got this error in the BBAS log:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
It is explained in this KB article. It mentions two causes: one is different server pool name across your servers. That can’t be, because I only have one. The other was still being investigated, and there was no time frame available for a solution:
This is a previously reported issue that is being investigated by our development team. No resolution time frame is currently available.
I tried logging into the webconsole at “https://hostname.domain.com:3443/webconsole/login”, but it always said my password was wrong. I had this before, so I once again restarted the Blackberry Administration Services (two of them), but this time by stopping them both and starting them manually (not using the restart function). I could log in again.
Also, it seems there is no more flooding of errors in the BBAS log. There are still exceptions occurring, but that seems to be a common thing with BES. The errors above are gone.
I don’t know if this is a permanent solution, because I had to restart these services once before, but for now it works.
Also, I started out looking at this because users reported calendar issues (appointments disappearing, being canceled, etc). But I doubt this has anything to do with it. Some users also still had e-mail syncing problems. Because that first KB article mentioned device reconciliation (Blackberry term for device syncing), maybe those errors are related to that. But, it’s very hard to test, because my own test phone worked fine.
A RAID controller hides the physical disks from the operating system, so it’s harder to query the SMART data. Luckily, smartctl has a way to do it:
smartctl -a -d 3ware,1 /dev/twa0
Change the 1 to the drive number in question, starting at 0.
In an earlier post I made, I described how to manually create the SQL schema, because it didn’t itself. When I installed Power DNS 3.1-4 on a Raspberry Pi, I noticed it had created the scheme itself this time. However, it did not make the foreign key constraints. This is dumb. I regularly need to remove domains from the DB and I don’t want stale or incorrect references as a result.
To create them by hand:
alter table records add foreign key (domain_id) references domains(id) on delete cascade; alter table cryptokeys add foreign key (domain_id) references domains(id) on delete cascade; alter table domainmetadata add foreign key (domain_id) references domains(id) on delete cascade;
It must be a bug that this was omitted, because I got the original scheme from the PowerDNS website. Question is, is this a bug in the Rasbian/Debian package, or in PowerDNS?
Our Xen VM’s crashed at some point. This had to do with network traffic, apparently. My source link is dead. Only posting the workaround:
/sbin/ethtool -K eth0 tso off gso off
When the printing press was invented, we had the understanding that text is best read when contrast is high. They didn’t use black ink on paper for nothing. I bet they didn’t even consider any other color.
Then came the mass legions of web designers, and these self-anointed experts of visual attractiveness keep no HTML element from their rightful aesthetic salvation, regardless of pragmatic considerations. In other words, do these designers even read? Or is everything just a shape with a color?
I was again confronted with this when reading the Mozilla site. It uses a white background, with text in the color “rgb(109, 117, 129)”. In other words, not even gray, but lighter than gray.
So, when you’re reading a privacy policy, which would you choose? This:
or this:
Time to install Blacken: “It seems to be fashionable these days to use faded text on many web sites. Some sites are so faded that they are unreadable. This extension will change the colour of grey text back to black so that it is easier to read.”
I would really like to know what the designers at Creative Labs have in mind when they design sound cards. Their cards seem to be broken by design. The Live card was bad enough with its random collection of DACs and DPS’s, but the Audigy 2 ZS seems no better. Aside from the fact that it’s advertised as 96 kHz and 24 bit, which it isn’t, it has serious design issues. I had some sound anomalies, so I decided to measure and test. I found:
- The output for LFE and center actually should output LFE and center on separate channels, but it outputs them mono, in the center channel… This makes it impossible to connect to an external amplifier and have it apply the proper 10 dB boost on the LFE signal.
- The LFE and Center channel distort at maximum gain (or minimum attenuation: 0 dB), which is easily heard by sine testing. I had to reduce all channels by 3.2 dB to avoid distortion.
- The center and LFE channels are 6 dB quiter than the other channels when they’re all the same in the mixer. With a test tone, all channels measured 0.78V, while LFE or center measured 0.39V. That is, LFE measured 0, center measured 0.39V with both center and LFE signal.
- The LFE/center output has a significantly louder noise floor than the other channels.
Really, what monkey designs this?
CISPA allows the U.S. government to request information from private corporations about you without a warrant, without ever telling you. Furthermore, it protects these corporations against any legal recourse.
The world being distracted by the Boston bombing, the bill passed the U.S. house of representatives on April the 18th. It’s not signed into law yet, however.
When you want to use your IMAP account as authentication for Postfix, you can set the SASL mechanism to “rimap”. However, by default, it will not supply the realm (domain) and therefore will authenticate with an incomplete username (john instead of john@bla.com).
To fix that, you need to add “-r” to the options in /etc/default/saslauthd (in Debian based distro’s):
OPTIONS="-r -c -m /var/run/saslauthd"
Recent Comments