I recently had to setup netconsole in order to diagnose some grsecurity-related suspend/resume problems. The idea is to have the broken machine send its kernel messages to a remote machine via the network.

As a prerequisite, the local machine (the one sending the console messages) must have the following kernel options turned on:

• CONFIGFS_FS
• NETCONSOLE
• NETCONSOLE_DYNAMIC

(The first and last ones are required in order to be able to configure netconsole after boot, through the configfs interface.)

Imbattutomi nell’arduo problema di trovare un modo per configurare un autorisponditore sul server di posta di un cliente che usa account virtuali e non di sistema, ho finalmente risolto l’arcano ricordandomi della mitica funzione “pipe” di Postfix, ecco come fare:

Se avete Postfix configurato su mysql dovrete inanzitutto aggiungere un “transport” nella tabella appropriata del tipo:

Dominio: “autoreply.domain.tld” -> Transport: “autoreply:”

La stessa cosa puo’ essere fatta se usate i file invece del db:

/etc/postfix/transport:
autoreply.domain.tld autoreply:

Some weeks ago, I accidentally deleted half of my /usr/lib. I didn't lose anything important and was able to restore everything (thanks to my Ctrl+C'ing the process in time) but that user error did strike me as too easy to make (apparently, I'm not alone). So I started thinking about how I could prevent something like that from happening again.

Monkeytail is a neat little tool which allows web developers and sysadmins to easily watch new additions to their log files by tailing them (i.e. tail -f) and providing helpful vertical spacing after detecting pauses in the output.

What makes monkeytail so useful is its ability to easily tail multiple files together, even when it involves connecting to these machines over ssh and running sudo on them. For example, you could tail all of your load-balanced servers by doing:
mtail @webservers
where webservers is an alias defined in ~/.mtailrc:
<group webservers>
sudo yes
<file>
filename /var/log/apache2/error.log

Laptops are easily lost or stolen and in order to protect your emails, web passwords, encryption keys, etc., you should really think about encrypting (at least) your home directory.

If you happen to have /home on a separate partition already (/dev/hda5 in this example), then it's a really easy process:

1. Copy your home directory to a temporary directory on a different partition:
   mkdir /homebackup
   cp -a /home/* /homebackup
2. Encrypt your home partition:
   umount /home
   cryptsetup -h sha256 -c aes-cbc-essiv:sha256 -s 256 luksFormat /dev/hda5
   cryptsetup luksOpen /dev/hda5 chome
   mkfs.ext3 -m 0 /dev/mapper/chome
3. Add this line to /etc/crypttab:
   
   Average: Select ratingPoorOkayGoodGreatAwesome

Andrew Caudwell's Logstalgia (aka ApachePong) has made it to Debian! It's a fun little Apache access log viewer which replays old logs (or streams live ones) as an OpenGL pong game.

So grab your favourite high-traffic access log and head over to the download page to check it out. There's also a youtube video if you can't find an interesting log file to use it with.

I've been using GMail ever since they decided to allow users to download their mail using POP. I was happy reading my email as usual in mutt. The only problem was that I had to log onto the website once in a while to clear out my spam folder and fish out the false positives.

Even with a fully encrypted system (root and swap partitions), your data is still vulnerable while your computer is on. That's why Bruce Schneier recommends a two-tier encryption strategy.

The idea is that infrequently used files are moved to a separate partition, encrypted with a different key. That way, the bulk of your data files is protected even if your laptop is hijacked or if an intruder manages to steal some files while your main partition is decrypted.