Usefull insigths
Print Accounting with Kyocera and Linux
Getting Rid of Gomobile in plone
I used wildcard.fix-perisitent-utilities. Wenn started for the site root it crashed with a type error in line 185 (get set descriptor as argument for encodeb64). It could be started from the plone root and I manually requested to remove the gomobile interface class (the one that shows up in the error message when trying to modify extensions). Then it could be started from the site root and actually re-added that class (and some more) as a fake class.
Now suddenly everything works normal (I hope it stays that way).
Wake Nexus 4 from deep hibernation & battery empty
Google asks to hold "volume down" and "power" to hard-reset your mobile. If the battery is realy empty. you have to:
deconnect charger
hold the keys and while holding them
reconnect charger
Free HD Space Windows 7,8
have a look into
<every user folder> -> AppData -> Local -> VirtualStore
many deinstallers forget data there.
Zyxel NWA 1123 repeater mode and VLANs
Seemingly the repeater cannot tag packets. It is not possible to use several IDs on the repeater. Disable VLAN on the repeater or (almost) nothing will work. (12/22/2014, hope Zyxel fixes that)
If you want the data from the repeater put into a VLAN you have to set that ID in the SSID offered for repeating by the Root-AP on the RootAP. All packets from the repeater will receive that ID.
To remotely manage the Repeater it will need a LAN-IP Address supported by that one VLAN-ID (no VLAN meens no managment-VLAN).
The repeater does not repeat other SSIDs defined on the Root-AP. All SSIDs have to be defined locally and cannot be defined on the band used for repeating. This band is effectively "lost" for the repeater, wich is not a bug but a smart decision considering throughput.
Caveat: If you do not specify other SSIDs on the (other band of the) repeater it will offer access to the SSID used for repeating WITHOUT SECURITY; seems to be some fallback mechanism.
dnssec and (vs) ntp
Otherwise if system time is too different from real time, dnssec will prevent ntp from resolving names as all certificates are outdated.
Thus NTP cannot set the time and the problem will not be resolved automatically.
nginx map breaks positional parameters in rewrite
This seems to be a known problem and might be fixed in the future.
using $1,$2 in rewrites that take place after map has matched something fails.
so use named parameters instead
rewrite a(.*) yolo$1
becomes
rewrite a(?<myname>.*) yolo$myname
openssl 0.9.8 to openssl 1.0.x CA certificates stop working
You will _not_ have this problem if you completely reinstall everything.
Using a binary linked to libssl 1.x in an 0.9.8 environment will show all certificates as invalid. This is because the root certificates are hashed with a different hash function in 1.x.
You have to download the 1.x distro from openssl.org, Then call the included c_rehash as "c_rehash -n <the certs directory>". You must use the one from the download, not the default one AND make sure the OPENSSL environment variable points to a 1.x openssl binary. Then -n will prevent the old links from beeing deleted, so your 0.9.8 software will continue to operate.
Identical computers some have net some don't
You are probably using trunking on on of your switches. Some switches implement "load balancing" by distributing packets to the different ports according to some hash value of the MACs involved. A part of the trunk has lost connection, so some MACs effiently are blocked.
Watch for identical MACs
Computers in the same broadcast domain work perfectly one used alone, but fail when used simultaneously: Check their MAC addresses! Some vendor managed it to deliver four computers with identical MACs to us. This happens when you set the MAC by software (why ever) an then clone the drives.
Plone language translation not working anymore
The symptoms are these: 3d party pinned stuff is still translated. Stuff from new packages is not translated although the content language is set correctly.
Whith Plone 4 the .po files are not automatically compiled to .mo files. You have to add this to your buildout:
VLAN Mikrotik Switch
To match only untagged packets in Mikrotik ingress-vlan-translation you have to set a customer-vid of 0. This cannot be done from the graphical interface in 6.32 (bug). You have to use the ssl/telnet interface.
freeradius primary ldap gid per client
The client is known to the outer (default) session, but the gid is only known to the inner (inner-html).
->add new dictionary entries
ATTRIBUTE williGID 3000 integer
ATTRIBUTE williAllowedGID 3001 integer
->add list of allowed gids in hints
DEFAULT NAS-IP-Address == 192.168.72.3
williAllowedGID = 1003,
williAllowedGID += 101
->get gid assigned in ldap module
control:williGID := 'gidNumber'
->check it in authorize part of inner.tunnel
if (&outer.request:williAllowedGID){
if (&outer.request:williAllowedGID[*] == &control:williGID){
noop
}
else{
reject
}
Selinux audit2allow comes up with new rules
Kernel/Audit are dropping stuff.
read this:
http://blog.siphos.be/2015/05/audit-buffering-and-rate-limiting/
flush before fork
If you use a buffered output function like fprintf you have to flush the associated filedescriptor/stream before calling fork, otherwise the buffer will be duplicated by fork an the output is written twice.
Mikrotik switch acl invert
This is about the ACL part of the switch part. This is not for general RouterOS, but as in the cheaper switches the RouterOS part is connected with 1Gb/s to the switch while the switch works at 10Gb/s per SFP+ Port, you have to use vlan/acl from this menu.
Seemingly "invert" in the "new ACL" dialog does not only invert matching for ports (as suggested by the surroundig box) but for everything, so you mostly end up matching way more than you want,
I wanted to match all dhcp server packets not from the uplink port, but it matched all not (dhcp server packets from the uplink port) and completely locked me and everybody out. So I hat to connect to the serial port (only other choice: full reset) to fix this.
Btw. the pinout for the serial cable on the mikrotik website is flipped. Check out pinouts for "Cisco serial" to see better descriptions. And finally: a speed of 115200 worked for me.
Selinux transitions on nosuid mounted partitions
-> selinux does not transition to entry-points on nosuid partitions unless the contexts are nested by typebounds.
You will find long stories about why in the web.
use openssl engine pre command
In order to use a parent key with a password you have to run openssl als single command and issue the sub-commands interactively
openssl
> engine ... -pre PID:mysecret
> req ...
Selinux blocks instruction and audit2allow says "already allowed"
Anything allowed in the "lower" class must be allowed in the "upper" too, in order to be executed.
Audit2allow / Audi2why will always blame the "lower" class for this although the change needs to be done in the "upper".
Different Memory Allocation in Magickcore ImageInfo struct
filename has pre-allocated space (4096 chars)
extract etc. have not.
https://imagemagick.org/api/MagickCore/struct__ImageInfo.html
Restore Office365 onpremise synchronisation
Windows associates on premise Accounts with Azure AD by comparing the ObjectGUID from the local Account to the immutableID of Azure.
The following scripts use the email address as unique identifier to rejoin local and remote accounts:
Get the ObjectGUIDs ( example on linux, can be windows too):
ldapsearch -h <host> -p 3268 -D "cn=<admin>" -b "ou=<where the users are>" -W -x -s sub sAMAccountName objectGUID > /tmp/immutables
Format and create Email-Adresses:
cat /tmp/immutables | awk '/^objectGUID/{a=$2;}/^sAMA/{print$2"@<company.com>",a}' > /tmp/match
Now we switch to a Windows computer.
Copy the /tmp/match file to that computer
Start Powershell
Install-Module -Name AzureAD
Connect-AzureAD
Login with administrator credentials
set-executionpolicy remotesigned
Create Backup of old immutableIDs (max 2000)
Get-AzureADUser -top 2000 | Select-Object userprincipalname,immutableid > C:\users\public\BackupImmutable.txt
Set new immutables:
cat <wherever match is> | ForEach-Object{$mail,$immut=$_.split("");Set-AzureADUser -ObjectId "$mail" -immutableid "$immut"}