umask per directory

I’ve been working with Puppet some time now, and we are configuring our way through a lot of hosts, with 6 persons, all working in the same Puppet master directory. This should work fine with all UNIX/Linux groups and setgid directories. But simple problem arose with the git version control stuff. Once in a while the complete git repo was destroyed and quite a lot of searching revealed the reason why. [Read More]

New MySQL backup

I was playing around and configuring the MySQL backup on a customers database server and I ran into little problems. One of the defaults was not parsed correctly and a configuration setting made things run amok. So I decided to streamline things and create some extra program options to set and show the default settings and the settings after the configuration file. The help now shows: mysqlbackup version 1.50 Syntax: mysqlbackup [ -h|-v|-s|-c|-d|] -h Display this help and exit -v Display the version number and exit -s Show the defaults and their values -d Show a description of the defaults and their values -c Show a default configuration file -a Show settings after the config file is processed configfile Use this file as the configuration file instead of the default. [Read More]

No more WikiLeaks?

The WikiLeaks site cannot be reached. This is because their free DNS provider removed the DNS records.

![wikileaks DNS ended](/images/wikileaks.png)

The last IP address was, but nobody is answering the http requests.

Looks like they where shutdown.

news secured with DNSSEC

Last week I wrote that I asked the .nl TLD maintainers to add the DS records for to the .nl zone.

And yesterday the big moment was there.

Have a look.

![Secure DNS for](/images/pa1ton-dnssec.png)

I just verified this with SIDN and I am number 7 on the list of DNSSEC secured domains in the Netherlands.

Wow, that’s really quick! ;-)



Some time ago I blogged that my zones are signed and now it’s possible to add the DS key to the .nl zone. This still is a manual process, but I opted in with my domain. The .com TLD isn’t signed yet, so the is still to be done. I also updated some scripts and things to make it work better ;-) First I need the ZSK and KSK and I generate them like this: [Read More]


It took some time, but I did manage to make a new version of It has some errors corrected and some extra features.

And now it comes with its own, shiny, new man page. (

Come and g[ei]t it. It’s in the files section or on github.

Or clone it with:

git clone

HP's newest invention

HP has got something new again: HP ePrint. This surely comes from the ‘Useless inventions department’. What is ePrint? This lets you print from virtually everywhere. One of the ways that ePrint works is to assign an email address to your printer. To print, simply send an email containing your document to your printer’s address. You can print images, Microsoft Word, Excel* and PowerPoint documents, PDFs, and photos. You can view and manage print jobs sent to your printer using your printer Job History that is available on HP ePrintCenter. [Read More]

Being bored

Every once in while everybody gets bored a bit. And what does a nerd/geek do when bored? Yes, he will write a bogus man page for some non-existing Linux feature. Read my man page about the happy yes device. The yes device Appendix A: The "yes device" man page A.1 NAME yes - The yes device A.2 SYNOPSIS The yes device (and it's ascendants) produces a constant flow of positive answers. [Read More]

Bugfix in Mysqlbackup

Harry Sappe reported a bug in Mysqlbackup.

When only dumping one database the program gives an “unbound variable”.

I repaired id an a new version is now online. It’s in the Files section or on Github.


First North Korean website online

Today the first First North Korean website is online and if you want to see it, go to They do not have DNS yet.

A second server is up and running and this one can be reached at The certificate is a nice and funny one.


To bad they did’t get a real one.


I'm on Github

As I develop some scripts and other things for fun I decided to make some of these more public.

The following projects can be found on Github, with this URL

  • Header
  • MySQL backup

Have fun ans let me know what you think.


Buy nice packaging

On the German eBay i found a lot of these.

Buy my iPod/iPhone/etc packaging. Nothing in it, just the box.

I still have got a lot of them in the attic, so maybe I should open an eBay account ;-)

First shot

Second shot

humor  news 

My first IPv6 webside visitor

Last night I had my first genuine visitor with IPv6. It seems it’s a webcrawler from the Erlangen University in Germany. The IPv6 address is 2001:638:a00:4f::83bc:4e1e and this results in ; <<>> DiG 9.7.1-P2 <<>> -x 2001:638:a00:4f::83bc:4e1e ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33203 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ; IN PTR ;; ANSWER SECTION: e. [Read More]

No more git RPM's

I, for some time now, created RPM’s for git. I will not do that anymore, because Dag Wieers RPMForge now has them and even up-to-date ones as well.

I also removed the git archive RPM’s.


Stupid web user

As blogged before I had my first IPv6 visitor, but of course the first IPv6 type that tried to enter my network could not be far of. Yep and there he/she is. It’s IP address 2002:4e6d:8112::1 and that does not resolve to something useful, yet, because it’s a 6to4 network address. Recalculating to an IPv4 address this gives me: and digging that results in ; <<>> DiG 9.6.0-APPLE-P2 <<>> -x 78. [Read More]

Also known as pa1ton

I’ve been running this blog for some time now and for the IPv6 certificate I needed this site to be IPv6 capable. Therefore I had to run my own nameserver and stuff like that and so I decided that it would be nice if you could reach me at as well.

Well, you can. Just click here.

Some URL’s need some tweaking, but the first hurdles have been taken.


IPv6 certification level 'Sage' reached

It took me some time and some tweaking of nameservers, webservers and mailservers, but I finally got it. I got the Hurricane Electric IPv6 Certification nailed for the “Sage” level. This is the highest level, so only a simple test to go and a daily submission of some logs for maximum points. the maximum points you can get is 1500, so I’m well on my way. As an extra HE gives you a nice, nerdy T-Shirt, stating that you are an IPv6 guru. [Read More]

DNSSEC for and

Last night (Aug. 22 2010 at 00:25:47) SIDN signed the Dutch .nl zone and made it public. This is, of course, reason for a party and calls for the signing of my own zones. Unfortunately it’s not possible to use secure delegation, but that’s something for the future. I do have two domains up and running and I signed them both. This is what I did: First you need a Zone Signing Key (ZSK) and a Key Signing Key (KSK) and these can be made with [Read More]

Deploying IPv6

It took me some time, but now I have it up and running. My home network runs IPv6 and my server can be reached on an IPv6 address. Unfortunately I don’t have a native IPv6 address and my provider (UPC/Chello) will not supply one. So I had to use a tunnel broker. After experimenting a bit I got stuck on the Tunnel Broker of Hurricane Electric. My m0n0wall firewall supports the Tunnelbroker IPv6/IPv4 tunnels and after configuring some firewall rules everything is up and running. [Read More]

Compiling OpenSSL and OpenSSH

My server at home runs CentOS 5 and this has OpenSSH version 4.3. Running updates doesn’t update this version, because RedHat keeps the version number stable. But I wanted a newer OpenSSH because of some nice new features. But when I do compile a new version I’m still stuck with old OpenSSL, and that’s not what I want. Well, you can guess it by now, this is what I did. [Read More]

Back to m0n0wall

Some time ago I switch from m0n0wall to pfSense and I did like it a lot. But a problem with PPTP tunneling made me think again. Was pfSense the way to go? Well, it wasn’t. When I was trying to get IPv6 up and running it turned out that pfSense doesn’t support IPv6 out of the box. And m0n0wall does. There where some answers on the internet, but I was not willing to hack the pfSense box if that was not needed. [Read More]

My new Internet connection

About a month or two ago I was contacted by my ISP asking if I would like a lot faster internet connection and a lower price. Well, you have to be nuts to deny such an offer, so I decided to comply.

About a week later the new internet modem showed up and I connected everything up.

Running speedtest made me very happy.


Not bad at all :-)



I had heard of it before, but someway it has slipped my mind. But purely by accident I came across BrainFuck again.

Maybe a nice project for a sunny afternoon.


New MySQL backup

It’s been a while, but now there is a new version of the MySQLBackup script. This version (1.42) has a few enhancements and some configuration options were added. The main new feature is that it now supports multiple dumps per day and database checks. The old backups will be removed, of course, but only when they are over a day old. An added configuration option is that it’s now possible to choose whether you want the databases locked during the backup. [Read More]