Great article about how to force RGB mode in Mac OS X.
Also great patch by adaugherity. The only thing missing is the instruction to copy the generated file to
Protocol 2 Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,arcfour128,arcfour KexAlgorithms diffie-hellman-group-exchange-sha256 MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
Host * Ciphers aes256-ctr,aes192-ctr,aes128-ctr,arcfour256,arcfour128,arcfour KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 MACs hmac-sha2-512,hmac-sha2-256,hmac-ripemd160
Writing Robust Bash Shell Scripts, thanks David Pashley.
Finally I came across doing a clean install of my Macbook, this is long due since the system is piling up crap from 2012.
I am a heavy TrueCrypt user despite the announcements the team made a couple of months back so after installing OS X I went to the archive page on GRC to get the latest fully functional binary and upon installing on my Mac I found that there was a version check.
Thanks to the fix on stefansundin.com I was able to be up and running:
First copy the package to your desktop, then open terminal and type:
sed -i '' 's/<installation-check .*>//' 'Desktop/TrueCrypt 7.1a.mpkg/Contents/distribution.dist'
I’ve got asked this question a couple of times already! The process is straight forward now but it didn’t always have been!
At first I named my servers according with their purpose: “HOMESERVER”, “UTORRENT”, etc. This turned out not to work very well when I started to fiddle with virtualization. I needed to give them proper names that were not tied to the main software they were running so I could switch eventually, as I did when I decided to go with FreeNAS instead of Microsoft Windows Home Server.
The solution I took from watching the news about the US tornado season. They always have female names given alphabetically. My wife suggested to use stars since several analogies could be made: Constellations could hold servers that have a common purpose, the size of the star could be related to the given server’s processing power, there are several galaxies or groups of “stars” and the list goes on and on.
Right now I have the following names being actively used:
Alongside with the instructions on creating a customized template, also:
Create the user “ansible”.
adduser ansible mkdir /home/ansible/.ssh echo "YOURSSSHKEYHERE" > /home/ansible/.ssh/authorized_keys chown -R ansible:ansible /home/USERNAME/.ssh chmod 600 /home/ansible/.ssh/authorized_keys
Add it to the sudoer’s list:
cat > /etc/sudoers.d/ansible <<!ENDSUDOERS ansible ALL=(ALL) NOPASSWD: ALL !ENDSUDOERS chmod 440 /etc/sudoers.d/ansible
A couple of months ago I began receiving constant e-mail alerts stating that my FreeNas box was 80% full. My 2-year-old setup had 4 2TB Seagate drives in a Raidz1 pool. After some research and test with new firmware builds I found out that this was not optimal since the Raidz1 should follow the 2*n+1 formula [with n>0] (3, 5, 7 or 9 … drives).
I cannot afford to rebuild the pool at this time and one of the original drives failed and was replaced by a newer 4TB unit.
My approach was to replace every remaining 2TB drive on the pool by a 4TB one and this proved to be very time consuming. My box was taking too long to resilver the pool.
After some more research I came across Allan Jude’s “ZFS Advanced Topics” chapter proposed to the FreeBSD documentation project.
sudo sysctl vfs.zfs.resilver_delay=0 sudo sysctl vfs.zfs.scrub_delay=0
These tunables reduce the wait time between each resilver and scrub IO operation. Client performance was somewhat degraded but getting my pool back into pristine condition was more important.
Thanks to Calomel.org for these tips. I was having network performance issues and my throughput more than doubled now!
# Default is fine for most networks. You may want to increase to 4MB if the # upload bandwidth is greater the 30Mbit. For 10GE hosts set to at least 16MB # as well as to increase the TCP window size to 65535 and window scale to 9. # For 10GE hosts with RTT over 100ms you will need to set a buffer of 150MB and # a wscale of 12. Default of "2097152 = 2*1024*1024" is fine for 1Gbit, FIOS # or slower. # network: 1 Gbit maxsockbuf: 2MB wsize: 6 2^6*65KB = 4MB (default) # network: 1 Gbit maxsockbuf: 4MB wsize: 7 2^7*65KB = 8MB (FIOS 150/65) # network: 10 Gbit maxsockbuf: 16MB wsize: 9 2^9*65KB = 32MB # network: 40 Gbit maxsockbuf: 150MB wsize: 12 2^12*65KB = 260MB # network: 100 Gbit maxsockbuf: 600MB wsize: 14 2^14*65KB = 1064MB kern.ipc.maxsockbuf=4194304 # (default 2097152) # set auto tuning maximums to the same value as the kern.ipc.maxsockbuf above. # Use at least 16MB for 10GE hosts with RTT of less then 100ms. For 10GE hosts # with RTT of greater then 100ms set buf_max to 150MB. The default of # "2097152" is fine for most networks. net.inet.tcp.sendbuf_max=4194304 # (default 2097152) net.inet.tcp.recvbuf_max=4194304 # (default 2097152)
It has been a long time since my last post. My boxes have been working fine so far and up until yesterday I had not noticed any issues. After updating JAVA on my machine I started to get errors concerning invalid certificates. I had previously installed new proper certs on my box so that might have been the cause.
Regarding my certs: I use the built in tools on pfSense to generate and manage all certs that I use on testing units. There I have a Root Certificate Authority setup and its cert is installed on the machines I use to debug my test installations (to avoid paying for temporary and easily disposable certs). On it I had created a server cert for my Proxmox testing node and had it installed a long time ago.
Looking for solutions I came across a post on how installing a intermediate certificate authority on the proxmox node could solve this and here is how I did it:
First I backed up all my old certs:
mv /etc/pve/pve-root-ca.pem /etc/pve/pve-root-ca.pem.bak mv /etc/pve/pve-www.key /etc/pve/pve-www.key.bak mv /etc/pve/priv/pve-root-ca.key /etc/pve/priv/pve-root-ca.key.bak mv /etc/pve/priv/pve-root-ca.srl /etc/pve/priv/pve-root-ca.srl.bak mv /etc/pve/local/pve-ssl.key /etc/pve/local/pve-ssl.key.bak mv /etc/pve/local/pve-ssl.pem /etc/pve/local/pve-ssl.pem.bak
Then I regenerated them and restarted all
pvecm updatecerts --force service pvedaemon restart service pveproxy restart
I proceeded creating a new Intermediate Certificate Authority and a Server Certificate on my pfSense going on
System > Cert Manager > CA > Add. Filled in the details and then
Cert Manager > Certificate > Add and selected the previously intermediate cert authority. Downloaded the server key and cert and the authority cert.
Here came the tricky part:
Restarted the services again and tested:
service pvedaemon restart service pveproxy restart
All working fine now!