Today I checked my IPv6 connectivity in the [IPv6 test]\{http://ip6.nl/test} and this resulted in
and as a result both domains are now in the Hall of Fame
Nothing really special, but nice to have.
I was working on a customers project and I had to change a lot of files.
This could easily be done with the sed and find commands, but I
wanted these changes to be checked in into git as well. And I also
wanted the git keywords expanded.
There was always the trick to edit all the files with sed, then edit
them again with git.vi and just press ZZ for all files. This would
be tedious, I know.
Some users insist on using bash. This is a good shell, but not as good
as zsh. But, I do want them to be able to use the per directory
umask as well as all the zsh users.
So I started digging, as the bash shell does not support a chpwd
hook.
This is what I came up with:
chpwd()
{ # Set the initial umask
case "${PWD}/"
in
/etc/puppet/*)
um=$(umask)
umask 007
;;
*)
[[ x"${um}" != x"" ]] && umask ${um}
;;
esac
}
function cd()
{
builtin cd "${@}"
chpwd
}I’ve been working with Puppet some time now, and we are configuring our way through a lot of hosts, with 6 persons, all working in the same Puppet master directory.
This should work fine with all UNIX/Linux groups and setgid
directories. But simple problem arose with the git version control
stuff.
Once in a while the complete git repo was destroyed and quite a lot of
searching revealed the reason why.
The WikiLeaks site cannot be reached. This is because their free DNS provider everydns.com removed the DNS records.
The last IP address was 213.251.145.96, but nobody is answering the
http requests.
Looks like they where shutdown.
Some time ago I blogged that my zones are signed and now it’s possible
to add the DS key to the .nl zone.
This still is a manual process, but I opted in with my pa1ton.nl
domain. The .com TLD isn’t signed yet, so the tonkersten.com is
still to be done.
I also updated some scripts and things to make it work better ;-)
First I need the ZSK and KSK and I generate them like this: ~ \{.bash} dnssec-keygen -e -a NSEC3RSASHA1 -3 -b 2048 -n ZONE pa1ton.nl dnssec-keygen -a NSEC3RSASHA1 -3 -b 2048 -n ZONE -f KSK tonkersten.com ~
It took some time, but I did manage to make a new version of git.vi.
It has some errors corrected and some extra features.
And now it comes with its own, shiny, new man page. (git.vi.1).
Come and g[ei]t it. It’s in the files section or on github.
Or clone it with: ~ git clone https://github.com/tonk/git.vi.git ~
HP has got something new again: HP ePrint.
This surely comes from the `Useless inventions department'.
What is ePrint?
[Read More]This lets you print from virtually everywhere. One of the ways that ePrint works is to assign an email address to your printer. To print, simply send an email containing your document to your printer’s address. You can print images, Microsoft Word, Excel* and PowerPoint documents, PDFs, and photos. You can view and manage print jobs sent to your printer using your printer Job History that is available on HP ePrintCenter.
Every once in while everybody gets bored a bit. And what does a nerd/geek do when bored? Yes, he will write a bogus man page for some non-existing Linux feature.
Read my man page about the happy yes device.
The yes device
Appendix A: The yes device man page
A.1 NAME
yes - The yes device
A.2 SYNOPSIS
The yes device (and it’s ascendants) produces a constant flow of positive answers.
Today the first First North Korean website is online and if you want to see it, go to http://175.45.176.68. They do not have DNS yet.
A second server is up and running and this one can be reached at https://175.45.176.7. The certificate is a nice and funny one.
To bad they did’t get a real one.
As I develop some scripts and other things for fun I decided to make some of these more public.
The following projects can be found on Github, with this URL
Header
MySQL backup
git.vi
Have fun ans let me know what you think.
On the German eBay i found a lot of these.
Buy my iPod/iPhone/etc packaging. Nothing in it, just the box.
I still have got a lot of them in the attic, so maybe I should open an eBay account ;-)
As blogged before I had my first IPv6 visitor, but of course the first IPv6 type that tried to enter my network could not be far of. Yep and there he/she is.
It’s IP address 2002:4e6d:8112::1 and that does not resolve to
something useful, yet, because it’s a 6to4 network address.
Recalculating to an IPv4 address this gives me: 78.109.129.18 and
digging that results in
; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 78.109.129.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31228
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;18.129.109.78.in-addr.arpa. IN PTR
;; ANSWER SECTION:
18.129.109.78.in-addr.arpa. 3600 IN PTR 18.static.ppp.dianet.info.
;; AUTHORITY SECTION:
129.109.78.in-addr.arpa. 172799 IN NS ns3.netcorp.ru.
129.109.78.in-addr.arpa. 172799 IN NS ns1.netcorp.ru.
;; Query time: 694 msec
;; SERVER: 192.168.63.4#53(192.168.63.4)
;; WHEN: Mon Aug 30 21:06:50 2010
;; MSG SIZE rcvd: 129</pre>I’ve been running this blog for some time now and for the IPv6
certificate I needed this site to be IPv6 capable. Therefore I had to
run my own nameserver and stuff like that and so I decided that it would
be nice if you could reach me at http://pa1ton.nl as well.
Well, you can. Just click here.
Some URL’s need some tweaking, but the first hurdles have been taken.
It took me some time and some tweaking of nameservers, webservers and mailservers, but I finally got it.
I got the Hurricane Electric IPv6 Certification nailed for the Sage level. This is the highest level, so only a simple test to go and a daily submission of some logs for maximum points. the maximum points you can get is 1500, so I’m well on my way.
As an extra HE gives you a nice, nerdy T-Shirt, stating that you are an IPv6 guru. I can’t wait to put it on ;-)
Last night (Aug. 22 2010 at 00:25:47) SIDN signed the Dutch .nl zone and made it public. This is, of course, reason for a party and calls for the signing of my own zones. Unfortunately it’s not possible to use secure delegation, but that’s something for the future.
I do have two domains up and running and I signed them both.
This is what I did:
First you need a Zone Signing Key (ZSK) and a Key Signing Key (KSK) and these can be made with
It took me some time, but now I have it up and running. My home network runs IPv6 and my server can be reached on an IPv6 address.
Unfortunately I don’t have a native IPv6 address and my provider (UPC/Chello) will not supply one. So I had to use a tunnel broker. After experimenting a bit I got stuck on the Tunnel Broker of Hurricane Electric.
My m0n0wall firewall supports the Tunnelbroker IPv6/IPv4 tunnels and after configuring some firewall rules everything is up and running.
My server at home runs CentOS 5 and this has OpenSSH version 4.3. Running updates doesn’t update this version, because RedHat keeps the version number stable.
But I wanted a newer OpenSSH because of some nice new features. But when I do compile a new version I’m still stuck with old OpenSSL, and that’s not what I want.
Well, you can guess it by now, this is what I did.
I first got the newest version of OpenSSL and compiled it with
But a problem with PPTP tunneling made me think again. Was pfSense the way to go?
Well, it wasn’t. When I was trying to get IPv6 up and running it turned out that pfSense doesn’t support IPv6 out of the box. And m0n0wall does. There where some answers on the internet, but I was not willing to hack the pfSense box if that was not needed. And the pfSense website states that IPv6 support will come after the release of 2.0. I’m not going to hold my breath that long. And the PPTP tunneling problem can only be solved when you have a dual external IP address. My provider won’t give me a static one, so two statics is completely out of the question.
About a month or two ago I was contacted by my ISP asking if I would like a lot faster internet connection and a lower price. Well, you have to be nuts to deny such an offer, so I decided to comply.
About a week later the new internet modem showed up and I connected everything up.
Running speedtest made me very happy.
Not bad at all :-)
Today is the last Friday of Juli. This means that today is System Administrator Appreciation Day and being a real nerd, I support this day.
Let’s hoot the SysAdmin.
It’s been a while, but now there is a new version of the MySQLBackup script.
This version (1.42) has a few enhancements and some configuration options were added.
The main new feature is that it now supports multiple dumps per day and database checks. The old backups will be removed, of course, but only when they are over a day old.
An added configuration option is that it’s now possible to choose whether you want the databases locked during the backup.
It’s been a while, but now there is a new version of the MySQLBackup script.
This version (1.42) has a few enhancements and some configuration options were added.
The main new feature is that it now supports multiple dumps per day and database checks. The old backups will be removed, of course, but only when they are over a day old.
An added configuration option is that it’s now possible to choose whether you want the databases locked during the backup.