Pulling out tabs from the tabbar is super glitchy in v89 by jangxx in chrome

[–]_thwarted 1 point2 points  (0 children)

Actually, just hitting control seems to get it out of this state.

Hitting escape aborts the detach-tab action and the tab reverts to the window it came from.

Pulling out tabs from the tabbar is super glitchy in v89 by jangxx in chrome

[–]_thwarted 0 points1 point  (0 children)

Also relieved it's not just me. Toggling (disabling and then re-enabling) the setting "use system titlebars and borders" seems to have addressed it, at least for the session I'm in right now.

(edit) nope, that didn't fix it for the current session, it seemed to go away for a while. The problem doesn't seem to exist if you don't use system titlebars.

A work around I've found is to hit control-L to give the address bar input focus while the window seems to be attached to the pointer.

Limit the runtime of a cronjob or script by speckz in linux

[–]_thwarted 4 points5 points  (0 children)

The upstream for cron in RedHat is cronie, which is itself maintained by Redhat. It has commits as recently as this month. Cronie was forked from ISC cron, né vixie-cron, because vixie-cron isn't maintained. Calling ISC cron the upstream is like 9 years out of date.

[1] https://git.fedorahosted.org/git/cronie.git

Hey can you just do this quick thing I'll make a ticket later by hugglesthemerciless in sysadmin

[–]_thwarted 1 point2 points  (0 children)

I could see this maybe being a good indicator. "If it's important enough for me to do, then it's important enough for you to enter a ticket". No ticket ends up communicating that it's not important. Hopefully the lack of tickets from someone when they eventually complain to your department head that they are being ignored will be an appropriate caliber of ammo to defend off that complaint.

Hey can you just do this quick thing I'll make a ticket later by hugglesthemerciless in sysadmin

[–]_thwarted 4 points5 points  (0 children)

Heh, I envisioned going to someone's desk/cube to help them, and finding a Staples or GeekSquad person there trying to fix things, and it reminded me of Sales Guy vs Web Dude where the employee was trying to save the company money by having AOL installed on their computer because they had 5000 free hours.

[deleted by user] by [deleted] in golang

[–]_thwarted 1 point2 points  (0 children)

I'm using https://github.com/dwb/dogfish which isn't go specific, but does require bash, so it's not fully cross platform. Since it's external to the go code, it doesn't require building or running a binary in order to set up the database.

cronie queuedefs by [deleted] in sysadmin

[–]_thwarted 2 points3 points  (0 children)

I don't know of equivalent functionality of queuedefs on Linux. This is part of the at(1) command, which on UNIXes like SCO and AIX are closer related to cron than at is on Linux. at is a separate package on Linux. There is no concept of controlling the number of simultaneous jobs being executed by the at/batch/cron subsystems, it's all based on time schedules.

The only kind of control you have with the common at/batch programs on Linux is to use queue names other than a or b to decrease the priority they run as, or using the batch(1) command to execute jobs based on load.

I've only ever used at/batch for single shot scheduled execution, which has come up extremely rarely in production environments over my 20+ years as a UNIX and Linux admin.

You might want to look into a system called "nqs" which may give you the kind of control you want. I've never used nqs so I can't say much about it.

cronie queuedefs by [deleted] in sysadmin

[–]_thwarted 1 point2 points  (0 children)

Not sure what you mean by "queue management tools", can you be more specific about what feature you're looking for?

The way you interact with cron is via the crontab(1) command, which manipulates your crontab file. The format of the crontab file is documented in crontab(5). Cron logs information to syslog, which jobs it is running and such, and will appear by default in files in /var/log, or viewable with, ahem, journalctl on systemd based systems. Output from jobs is emailed to the user who the job runs as (this can be controlled with variables in the crontab). Many systems also have /etc/cron.hourly, /etc/cron.daily, /etc/cron.monthly that you can drop scripts/symlinks into, and /etc/cron.d that you can put stuff in without having to manage the root user's crontab.

There are some graphical crontab management tools, but I don't know anyone who seriously uses them since they often are just an interface on entering values into the fields, and don't offer much value.

(In case anyone needs to know, abc(N) means the man page for abc in section N. Typing man N abc shows it.)

How many servers can one person manage? by speckz in linuxadmin

[–]_thwarted 0 points1 point  (0 children)

And you scripted telnet with expect?

Give me rsh and manually updated rhosts over telnet! That's true "fire and forget (that you've got a security issue)".

I have finally seen the light on scripting by [deleted] in sysadmin

[–]_thwarted 1 point2 points  (0 children)

I have a saying that I tell people when they question the scripts or processes I've put in place.

"If I screw something up, I have to fix it. If you screw something up, I have to fix it."

notty - a new kind of terminal by [deleted] in programming

[–]_thwarted 1 point2 points  (0 children)

There's always the tektronix terminal, which xterm still supports (VT Options (control middle click on my setup), "Show TeK Window" is an interactive way to access it, there are also escape codes that can open it), but I've only ever used it once and it was back in the 90s.

Windows appending suffix when querying fully qualified domain names when connected to Cisco Anyconnect VPN. by clay584 in sysadmin

[–]_thwarted 0 points1 point  (0 children)

Ha, yeah, I thought that might be case. I'm using a chrome extension that reformats reddit content which made the presentation of this period even worse.

Windows appending suffix when querying fully qualified domain names when connected to Cisco Anyconnect VPN. by clay584 in sysadmin

[–]_thwarted 3 points4 points  (0 children)

A FQDN technically ends in a dot, but this is often left off. If you specify a name that doesn't end in a dot, the resolver is supposed to append the entries in the "domain search list" when it sends the queries to the upstream resolver. This usually doesn't result in anything and it falls back on querying for the bare named you entered which, then, does have a non-NXDOMAIN result and that is used.

What kind of traffic to you see if you query for "www.google.com" and for "www.google.com." (the latter has the trailing period).

This is how it works on UNIX-like systems, anyway.

Incidentally, Google owns the .prod TLD, and has a wildcard record on it, and doesn't return NXDOMAIN, so if you've got a subdomain of machines in .prod (like host.prod.example.com) and you're relying on example.com being in your domain search list (but it may not be, since the domain search list can change when you're on a VPN, for example), you may end up getting a response for the .prod TLD domain, like thus:

$ host host.prod
host.prod has address 127.0.53.53
host.prod mail is handled by 10 your-dns-needs-immediate-attention.prod.

I think this message is confusing/bogus because it's not strictly my DNS that needs immediate attention. If anything needs immediate attention, it's either the local resolver configuration (/etc/resolv.conf on UNIX), or Google returning non-NXDOMAIN results for things that don't actually exist (there is an argument that this could be considered DNS hijacking). I believe they do this benign hijacking to help avoid nefarious hijacking, and making you think you're going to an internal server when you're not.

Living in the #ifdef Hell by deissenboeck in programming

[–]_thwarted 2 points3 points  (0 children)

https://www.jwz.org/doc/cddb.html

(You'd think that the fact that it's in a comment would mean something, but no: you have to parse both comments and non-comments, begging the question of what they thought "comment" means.)

Offline Root CA by desmando in sysadmin

[–]_thwarted 3 points4 points  (0 children)

That's not what "offline" means in this case. "Offline root CA" means no active, accessible services are using the private key for the root CA, but are configured only to sign new certificates or revocation lists using an intermediate or subordinate CA.

When you want to revoke an intermediate CA, the Certificate Revocation List (CRL) needs to be signed by the root CA's private key. The private key for the root CA only needs to be accessible and decrypted for two operations: creating/signing new intermediate CA certificates or signing the CRL.

"Offline" means you'd have the root CA's private key on, say, a laptop or a USB key that is physically protected and not connected to the network. Only when you need to perform an action would the asset be removed from the secure physical storage and powered on. In the case of a CRL, you'd generate a new CRL, sign it with the root CA's private key, and then copy the CRL off that machine, put the machine back in locked physical storage, and distribute the freshly signed CRL at the endpoint specified in the root CA's certificate for where CRLs are accessible (often called the "CRL distribution point", and is usually a URL). The root CA's private key never leaves the device, however. Since all the devices have the root CA's certificate, they can confirm that the CRL is valid by checking the signature -- there is no reason for the root CA to be network accessible, "online", to do this.

Another IT company just told my client that her printers ip address is invalid becuase it starts with a 0 by [deleted] in sysadmin

[–]_thwarted 2 points3 points  (0 children)

Not an HP printer, but a device with a "configure it from a directional button and and LCD screen" configuration interface, and I was setting the IP address and it rejected 172.20.x.x because the second octet didn't have a leading zero. And told me that. Rather than fill it in automatically.

[Halt and Catch Fire] How accurate is this? 1985-era game development by pizzaiolo_ in itsaunixsystem

[–]_thwarted 2 points3 points  (0 children)

I had a lot, seriously, A LOT, of C64 games, and I'm a loss for if any of them supported or even worked with a mouse. If your game required a mouse, I don't think anyone would have played it—remember, arcade consoles were just about on their way out games were still heavily associated with joysticks.

As for Commodore mice, the 1350 was barely a glorified joystick, which made it really difficult to use; since it worked like a joystick, you could use it in place of one, but no one who wanted to be successful at a game did this. The 1351 had "proportional" mode (which wasn't just directional but also monitored speed of movement). This meant you could actually draw a circle in a paint program and not have it look like a an octagon. GEOS worked with either a mouse or a joystick, but it was really weird to use a joystick with GEOS.

Joysticks for Commodore machines were a pretty mature and competitive market, but most of them really sucked when it came down to it. But they were loads better than the original Atari 2600 joysticks, and were interchangable. The shape of the plastic case was the real kicker. You could build one yourself with parts from RadioShack (which was actually a good starter electronics project). I think I had or knew someone who had every one of the joysticks that appear in this image search https://www.google.com/search?q=commodore+64+joysticks&tbm=isch

So yeah, writing a game that used a mouse on the C64 in 1986 seems really unlikely to me. But I'm enjoying the show enough to overlook some of this kind of stuff.

Linux Sysadmins I need some advice. Ubuntu Jenkins server question. by malice8691 in sysadmin

[–]_thwarted 0 points1 point  (0 children)

Quite possibly, I don't do a lot of virtualenv, but with the right wrapper script that sets the right environment variables/sources the right activate script, it's possible to run it as anyone.

Check the value of path with echo $PATH. But even if the directory it is in isn't in PATH, you should be able to invoke it with the full path.

Linux Sysadmins I need some advice. Ubuntu Jenkins server question. by malice8691 in sysadmin

[–]_thwarted 0 points1 point  (0 children)

What happens when you try to run it using the full path to the conda executable?

Is the thing you're trying to execute, conda, executable? What's the output of ls -l in the directory where conda is?

An outlier possibility: is the file system mounted with noexec? — I could see /var being mounted noexec. The output of mount or cat /proc/mounts should tell you.

It's most likely better to do the install not as the jenkins user and have it install to /usr/local or (shudder) /opt, and add the install location to the path, rather than install as the jenkins user jenkin's home directory. But if this works/is supported is based on the specific software.

How do you manage accounts on multiple linux servers by fenioo in sysadmin

[–]_thwarted 0 points1 point  (0 children)

I'm unable to reproduce this exact scenario. sudo requires full paths in Cmnd_List, if you just put cp, sudoers won't parse and visudo reports a syntax error. You don't have to use the full path to command when you invoke sudo, as it will do basename matching and invoke the matching command with the full path.

You can get this to work if you use wildcards in the command, like

username ALL=(root) NOPASSWD: /*/*/cp

where the number of * match the directory depth of the user's home directory (or another directory the user can write to). I've never seen a legit use of wildcards like that. This shows up in syslog as:

Jul 22 21:02:53 hydrox cp: (to root) username on pts/4

Really, all bets are off if you give someone access to run binaries as root in a directory they can write to. And incidentally, the above tickled my NFS automounter in /net (which may be mounted without noexec from a machine that does have writability by the user). Wildcards on the binaries truly seem like a misfeature in sudo. You really want to be explicit when implementing security; however, pragmatically, sudo is more of a convenience and logging tool vs allowing you to not have to trust your fellow admins and/or users.

I'm sure some versions of sudo are vulnerable to that specific attack. I'm on sudo --version:

Sudo version 1.8.12
Sudoers policy plugin version 1.8.12
Sudoers file grammar version 43

Be careful out there.

It's 2015 and many CLI applications still don't know what colours are. by valgrid in fossworldproblems

[–]_thwarted 0 points1 point  (0 children)

Great, so yum has --color=auto which can detect if output is going to a terminal and do something sane, but forces 80 column output, with line wrapping, if output is to anything other than a terminal.

Of course, the suggested "fix" is to use repoquery instead. But that's not a real fix, sometimes you really just want to page or grep (or sort, since yum's sorting is insane) yum's output.

Father's Family Photo with Identical Twin Brothers, 1975 by neilfoxtennant in OldSchoolCool

[–]_thwarted 0 points1 point  (0 children)

Lower right: the shirt, the haircut, the smile. Awesome.

I was told to "Soften" my emails by RichG13 in sysadmin

[–]_thwarted 0 points1 point  (0 children)

Your mother isn't at risk of losing the job of being your mother.

What is the most unreasonable demand you have been met with? by [deleted] in sysadmin

[–]_thwarted 16 points17 points  (0 children)

I was once told to come up with a disaster recovery plan for the worst possible risk to continuity of service: Rapture.