Skip to content

"Fixing" Firefox

For quite some time now Firefox has a shitty behaviour regarding the address bar, which may be OK for grandma, but it gets in the way of power users.
I was too lazy to do anything about it until now, but it's 2015, I am getting old and less tolerant, so here are my pet peeves:
A - modify urls that do not look like traditional addresses and add a www prefix and .com suffix
B - send a single word address to a google search instead of opening it (kills internal addresses such as "http://wiki")
C - the protocol gets hidden, but when you copy/paste the url from the address bar it gets included, e.g. I copy "www.nux.ro", but when I paste it in an editor it actually comes up as "http://www.nux.ro"


So here's how to fix it - open a new tab, go to "about:config" and:
- to fix A search for "browser.fixup.alternate.enabled" and double click it so the value changes to "false"
- to fix B search for "keyword.enabled" and double click it so the value changes to "false"
- to fic C search for "browser.urlbar.trimURLs" and double click it so the value changes to "false"


That's it. Now you can enjoy a better browsing experience! ;-)

Changing an AD password from CentOS Linux

Changing the AD password from linux is surprisingly straighforward.
Just run the passwd command as you would normally!
If that doesn't do it, then just issue this command, replacing of course the variables with your own values:
smbpasswd -r $AD-server -U $AD-username

Voilà, enjoy!

Nested virt - Xenserver on KVM

At openvm.eu we need to test templates on Xenserver and KVM, however the basic OS for the build environment is CentOS 7 (with KVM).
In order to test the templates on Xenserver we had to run this HV as a KVM guest (gotta love virtualisation!); however by default Xenserver will complain that you can't run any HVM guests, only paravirt ones (PV). This sucks because PV is used less and less with HVM being in the spotlight.

Luckily with KVM we can forward the VMX CPU flag to a guest and as such make it available to Xenserver, for it's HVM mode.

There are a few things to be aware of though:
1 - in libvirt do give the Xenserver VM a good CPU profile (I used Core2duo) and make sure the VMX flag is set on "require"
2 - stock CentOS 7 kernel has a problem with nested virt at the moment, do use a newer kernel[1] (I'm using kernel-ml from elrepo-kernel)
3 - make sure the kvm_intel module is loaded with the option nested=1. For this to happen I reload/rebooted with this in /etc/modprobe.d/kvm-intel.conf:
options kvm-intel nested=1

Now enjoy docker on centos, in xenserver on kvm on centos. :-)


[1] - https://bugzilla.kernel.org/show_bug.cgi?id=45931 - this will likely be fixed in future CentOS/RH kernel updates, I hope

Stella 6.6 released

As a result of CentOS 6.6 release we have bumped up the version as well, so enjoy all the goodies of CentOS + extra desktop stuff with the new Stella.

Download it from the usual locations and let us know if you run into any issues!


Nux!

The poodle bites the web

Heartbleed is not even cold in its grave and here comes another SSL vulnerability: Poodle.
You can read more about it here and there, tl;dr it exploits a weakness in SSLv3 to allow MITM attacks:
https://www.imperialviolet.org/2014/10/14/poodle.html (local copy)
http://googleonlinesecurity.blogspot.co.uk/2014/10/this-poodle-bites-exploiting-ssl-30.html
http://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability

To fix this in Apache HTTPD edit your ssl configuration file (eg /etc/httpd/conf.d/ssl.conf in CentOS) to have this SSLProtocol line:
SSLProtocol all -SSLv2 -SSLv3
If you're running CPanel there's more you need to do:
- go in "Home » Service Configuration » cPanel Web Services Configuration" and add ":-SSLv3"
- go in "Home »Service Configuration »Apache Configuration»Include Editor", add the following in "Pre Main Include":
SSLProtocol All -SSLv2 -SSLv3
- be warned than on older CPanel installations (CentOS 5), removing SSLv3 (:-SSLV3) from the cipher list might cause Apache not to start at all.


- If you are running Webmin/Virtualmin:
echo ssl_version=10 >> /etc/webmin/miniserv.conf
service webmin restart
- also be warned that these changes may affect some older browsers, such as IE6, test before you change.

Install Skype on CentOS 7 (and other RH clones)

Hello there. CentOS 7 is a fresh and major release, but fear not, Skype works well on it.
As usual, just yum install skype if you have my nux-dextop repo installed or just grab the latest RPM from here http://li.nux.ro/download/nux/dextop/el7/x86_64/ and install it.

Don't be shy and let me know if you encounter any issues - rpm at li.nux.ro !

512k routes ought to be enough for everyone

Today someone announced some more IPv4 classes on the Internet, nothing new here, but this meant the global routing table has exceeded 500k entries (501,525 as we speak).
This has caused a lot of very popular Cisco router models to go belly up because their default value for the IPv4 table size is 512k which in this case was not enough to hold the global table.[1]
Here in UK I noticed a lot of companies had problems, from smaller ones like Coreix to bigger ones like BT, the impact was pretty large. I imagine this problem was felt globally.

This default value can be changed easily[2], but it requires a reboot of the router which in the network engineering world is a big thing as it is one of the most critical pieces of infrastructure; everyone should plan their maintenance windows accordingly.






[1] - Theoretically the table should hold up to 512k entries, but the memory is not exclusively used for it, some of it goes to IPv6, some to maintaining various sessions, MPLS etc, so it crapped out at around 500k.
[2] - http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/117712-problemsolution-cat6500-00.html

New Shutter packages for EL6 & EL7

Shutter is a wonderful project which started as a screenshot tool, but I find myself using its editing capabilities more and more. I barely touch GIMP nowadays!
I have updated the Shutter packages for EL6 and EL7 the other day. You may notice some improvements and a few UI changes (nice icons).
To install it you need EPEL and nux-dextop repos on your system. Check this page for how to do that if you do not have them already:
http://li.nux.ro/repos.html

Once that's done, just:
yum install shutter

Enjoy!

Bucium

Horn from my country.

Openvm.eu - the first Cloudstack "market place"

This week I have launched OpenVM.EU.
OpenVM is a repository of templates and appliances for various Linux distributions, made specifically for Apache Cloudstack.
So far it is very much work in progress, but images will start pouring in shortly.

Thanks go to Ian for being willing to help with creating the Debian/Ubuntu images!