Mar 262014

The last 2 weekends were quite busy especially as the week before I got married. Fortunately my wife didn’t mind me going to the CLT2014 and the Augsburger Linuxinfotag so I took advantage of that. It was the first time I got a chance to visit them and it was great to see familiar faces. At the CLT2014 I had a brief chat with Jan Dittberner who organized the Debian booth which was well prepared and hope to repeat on the Linuxtag 2014 in Berlin again. Apart from looking at the booths I visited a few talks like nftables and kernel news but missed Deciphering kernel oopsies which was down to poor organization from my end. Despite I stayed just for a few hours at the CLT2014 the overall atmosphere was very nice.

Feb 022014

If you use ssh agent forwarding in combination with screen and disconnect from the screen session just to reconnect later to maybe connect to another host you are asked for the password. The reason is quickly explained. When you start a screen session for the first time it sets the SHELL variables for the current SSH session:

root@test1:~# export | egrep 'TERM|SSH'
declare -x SSH_AUTH_SOCK="/tmp/ssh-XFKYAHW930/agent.930"
declare -x SSH_CLIENT=" 10841 22"
declare -x SSH_CONNECTION=" 10841 22"
declare -x SSH_TTY="/dev/pts/0"
declare -x TERM="screen"
declare -x TERMCAP="SC|screen|VT 100/ANSI X3.64 virtual terminal:\\

When you disconnect from the host and reconnect later, the SHELL variables were already set in the existing screen session. Below the variables direclty after reconnecting to the host:

root@test1:~# export | egrep 'SSH|TERM'
declare -x SSH_AUTH_SOCK="/tmp/ssh-oPRczk7046/agent.7046"
declare -x SSH_CLIENT=" 10875 22"
declare -x SSH_CONNECTION=" 10875 22"
declare -x SSH_TTY="/dev/pts/0"
declare -x TERM="xterm"

And the variables after reconnecting and within the screen session:

root@test1:~# export | egrep 'TERM|SSH'
declare -x SSH_AUTH_SOCK="/tmp/ssh-XFKYAHW930/agent.930"
declare -x SSH_CLIENT=" 10841 22"
declare -x SSH_CONNECTION=" 10841 22"
declare -x SSH_TTY="/dev/pts/0"
declare -x TERM="screen"
declare -x TERMCAP="SC|screen|VT 100/ANSI X3.64 virtual terminal:\\

The solution is quite easy and can be found on a number of pages, e.g. or (as I just noticed) even more comfortable by linking the SSH_AUTH_SOCK variable.

I might give the linking SSH_AUTH_SOCK variable a go, though in the past I used the PROMPT_COMMAND variable, which get’s called prior running a command in bash, for zsh you can use the precmd (man zshmisc) function.

Add the following to the ~/.bashrc

if [ $TERM != "screen" ]; then
PROMPT_COMMAND=". ${HOME}/tmp/fixssh"

Create 2 directories in your home directory:

# mkdir -p ~/{tmp,bin}

Place the below script (original from in ~/bin/


for x in ${SSHVARS} ; do
    (eval echo $x=\$$x) | sed  's/=/="/
                                s/^/export /'
done 1>$HOME/tmp/fixssh

Whenever you reconnet to the host it will run the scrip and sets the SSH variables for the current session. In the screen session you have to run one command before (or just hit “return”) to source the values from ~/tmp/fixssh.

Aug 202013

This year I attended my first Debconf in Varmarcus, Switzerland. I spent the week before in Italy, close to Ravenna at at small place called Porto Cosini where Lisa, Sofia and I had rented a appartment. Though the original plan was to spent there 2 weeks together I could convince Lisa beforehand to “allow” me to head off for Debconf – which I very much appreciated.

I arrived on Monday late evening and have to admit the first 2 days were not quite as productive as I had hoped for. Wheras Wednesday wasn’t much chance to do much anyway due to the daytrip to CERN. Big thanks to Cate again to for organizing this unofficial trip. I posted some pics below which I took with my mobile phone so they are not great quality.

One of the original Next computers used by  Tim Berners-LeeOne of the original Next computers used by Tim Berners-Lee

CERN DCCERN datacenter

LHC controll roomLHC controll room

LHC controll centerLHC controll room

CERN symbolCERN symbol

ATLAS paintingPainting of ATLAS experiment

The way back took a bit longer with the result that we missed our ship where we were suppose to have dinner on. Thanks god they had mercy and collected us eventually



Thursday morning I sat in a few talks like Introduction to git-dpmWoman in Debian and MariaDB. In the afternoon I took the chance for my first ghostification as Assassin with the result being of ghostified 10 minutes later myself.

Friday I  followed up regarding bugfixes for the Sympa packages and got hold of Jonas for a while so he could explain me about the bugfixing process. Late afternoon was an interesting talk about Paths into Debian where one conclusion was to have more local groups which would allow interested people  personal contacts beside IRC or mailinglists. And indeed it definitely would be nice to see more local city groups, which I take as a little challenge to follow up on after I had a chat with Moray, Asheesh and Sorina.

So looking back Dbconf2013 was my first Debconf and for sure not my last.

May 302013

A few weeks ago we had a problem with a higher number of aborted connects at work. Looking at a few suggestions from the web none of them worked. (e.g. to search tcpdump for string). Eventually enabling logging gave away the issue. Here the steps to enable logging to see what’s causing aborted connects for mysql 5.1.

root@dbslave:~# mysql -A -uroot -p -e'SHOW GLOBAL VARIABLES LIKE "general_log%"'
| Variable_name    | Value              |
| general_log      | ON                 |
| general_log_file | /var/log/mysql.log |

root@dbslave:~# mysql -A -uroot  -p -e'SHOW GLOBAL VARIABLES LIKE "%warning%"'
| Variable_name | Value |
| log_warnings  | 2     |
| sql_warnings  | OFF   |
| warning_count | 0     |

SET GLOBAL log_warnings=2;
SET GLOBAL general_log_file=’/var/log/mysql.log’;
SET GLOBAL general_log=on;

Once done logging should be disabled again as the logs can get huge on a busy server.

Mar 242013

Last week I got the chance to attend the Hadoop Summit 2013 in Amsterdam. As my experience with hadoop is still quite new it’s nice to
get a chance to see how other people deal with challenges in their infrastructure.

The most interesting sessions were from Mahadev Konar about Ambari and Allan Wittenau about linkedIn operations.

Actually I just joined Mahadev Birds of a Feather session on Day1 where he gave an overview about Ambari as I couldn’t make it to the actual talk. The 1.3.0 release could be a an early stage alternativ to Cloudera Manager. It still requires work but the first impression looks promising. A big benefit to Cloudera Manager is probably the rest-API which allows you to combine external applications/tools (e.g. config mgmt, etc.).

Allen Wittenau from LinkedIn who works as an Architect on their hadoop infrastructure gave a good insight into the operations at linkedIn. Nice was also to get a chance for a follow up chat the day after. with Allen,  Owen,  Avik and Bence

Mar 032013

A fairy tale.

For the past 4 years I used to host this site on a VPS with server4you but last month I dedcided to get a dedicated root server with them. Mainly as the VPS was causing issues with open file handles which I could narrow down (maybe down to the the virtualization technology they use) and being more of control of the HW. As an existing customer you can upgrade your existing server / contract without bigger hassle. For a small fee they even offer you the option to transfer all your data to the new server. You just have to mention it on the upgrade form which you should request after you ordered it.

As I was quite happy with them I ordered the smallest root entry server for 18,99 Euro a month. The provision is just a matter of a few hours and you get your credentials through their administration panel. Moving the data wasn’t a problem as the daily offsite backups came in handy to setup most of the new server. As you have 30days to for the move I wasn’t too much in rush and wanted to have a closer look at the configuration. At this point almost everything was done and only a final sync of my mails and settings the DNS entries was left.

So I was looking through their administration panel to find the option for the PTR but couldn’t spot it. I recalled they offered a PremiumReverse option, which allows you to set it yourself but you have to pay for it – 5 Euro monthly. As you don’t set your reverse DNS on a weekly basis (at least I don’t tend to) I didn’t bother to order it.

My thinking was that you have to use the less convenient way through their support, which could take a bit longer but once set it’s done. Hence a quick mail to their support with the request to set the PTR. They responded quite quickly saying that PTR is only available with PremiumReverse. Um… Just to be sure that I got it right I emailed them, asking if I have to pay 5Euro monthly to set a PTR records once. As the reply seemed to take a bit longer I also rang up their 24×7 hotline. Which actually confirmed the statement in their support email.

Having a dedicated server which you want to use for sending emails too but without a correct PTR is a quite bad idea. Of course it’s possible but most MTAs reject emails if domain and PTR don’t match. Unwilling to pay additional 5 Euro a month I send a polite email to their support explaining my understanding of the additional package. Considering that the VPS had the possibility to set PTR for free and you pay less I found this a bit cheeky to charge me for it.

I didn’t expect an answer straight away so I looked a bit around for alternatives in the same price range. I have to admit there are not many who offer similar low prices for dedicated server but one which looked quite promising was . It’s a site where Hetzner sells old servers for a low price. Obviously the HW is not the latest one and you have to be quick to get a good deal. Definitely worth a look.

This story wouldn’t be a fairy tale without a happy end. Two days later I received a mail from their support saying that I am not charged for the addOn PremiumReverse and I get it for free. Not sure if my 4yrs relationship with server4you or my points in the email made the difference.

Anyway I would like to say that it should be stated clearer or at least explicitly mentioned in the options for PremiumReverse that it is not available at all. As I am sure I am not the only one who had this problem. The brand server4you is obviously positioned in the lower hosting segment compared to the other brands of the PlusServer AG. But first time customers might get a bad impression if they have to pay for IMO basic features or have “hidden” fees.

To be sure my praise and the critics receive them I will drop by at their stand on the Cebit 2013.

Jan 112013

I was configuring my work laptop and ran into the problem that I used the caps lock key as modifier in awesome. Most of my personal computers are setup in this way as I it’s quite convenient. Considering that caps lock is barely used for the intended purpose. Unfortunately I didn’t document it the last time hence changes below:

[@digdug: ~]$ cat /etc/default/keyboard 

# Consult the keyboard(5) manual page.


Nov 062012

From time to time it happend that my keyboard behaved in a funny way, although I were not aware that I pressed any specific keys.
In the past I resolved the issue with a restart of the X server but as it started to bug me I had a closer look and the solution was actually quite easy.

A look into the /var/log/Xorg.0.log showed the following line:

(II) XKB SlowKeys are now enabled. Hold shift to disable.

A quick search on the net showed a good few bug reports. Though it’s a feature and not a bug.

To disable it was just a matter to install the package “xkbset” and to add the following line into ~/.zshrc.

xkbset exp -accessx
Jun 172012

When setting up port forwarding to a web server, request were failing and command line returned:

channel 3: open failed: administratively prohibited: open failed

There were no firewalls blocking requests and curl just replied with “curl: (52) Empty reply from server”

After reestablishing ssh with -v as argument, the message came a bit clearer:

debug1: channel 3: new [direct-tcpip]                                                                                                                                                 
channel 3: open failed: administratively prohibited: open failed                                                                                                                      
debug1: channel 3: free: direct-tcpip: listening port 8000 for port 80, connect from port 38887, nchannels 4 

Looking into sshd man page and checking sshd options, showed the potential issue straight away:

 AllowTcpForwarding no 

After setting above to yes and a sshd reload all worked smoothly.

 Tagged with: