IT notes

add subtitles

Add subtitles to a mkv file: ffmpeg -i input.mkv -f srt -i -map 0:0 -map 0:1 -map 1:0 -c:v copy -c:a copy -c:s srt output.mkv

rds slave from external master

Setup AWS MySQL RDS instance as slave of an external master Configure external mysql to become master: server-id=1 binlog-format= mixed log-bin=mysql-bin binlog-do-db=databasename Setup the master replica user: mysql> create user `replica`@`%` identified by 'PASSWORD'; mysql> grant replication slave on *.* to 'replica'@'%'; Use the following command to ensure that nothing can write to the master database during a database dump. Also note the filename and position of the binary log because you will need these values to complete the replication configuration:


HAproxy + HTTP auth + IP SRC Use HTTP Auth when source IP is not from an allowed source: userlist TestUsers user guest insecure-password secret backend test-node acl network_allowed src acl AuthOK http_auth(TempUsers) http-request auth realm Test if !network_allowed !AuthOK server test test.server.tld:80 maxconn 50 check HAproxy + mysql First setup mysql by creating a HAproxy to do the checks: USE mysql; INSERT INTO user (Host,User) values('%', 'haproxy'); FLUSH PRIVILEGES; In case you are here because you ran out of connections you can do:

ssh proxy

SSH SOCKS5 proxy Route web traffic securely without a VPN using a SOCKS tunnel with ssh: $ ssh -D 8080 -f -C -q -N [email protected] -D 8080 tells ssh to launch a SOCKS server on port 8080 locally. -f Forks the process to the background. -C Compresses the data before sending it. -q Uses quiet mode. -N Tells SSH that no command will be sent once the tunnel is up.


http://… will chagne to https://… If you own a site that you would like to see included in the preloaded HSTS list you can submit it at verify HTTP Strict Transport Security (HSTS) header with curl $ curl -Is | grep -i stric Strict-Transport-Security: max-age=15552000; includeSubDomains Remove domain from chrome Search for the domain in: chrome://net-internals/#hsts and delete it. HTTP Strict Transport Security The issue that HSTS addresses is that users tend to type http:// at best, and omit the scheme entirely most of the time.

ssh escape sequences

While using ssh your connection may become idle or unresponsive in any case instead of waiting you can simple terminate the connection by sending a escape sequence: ~. SSH escape sequences sequence description ~. terminate connection (and any multiplexed sessions) ~B send a BREAK to the remote system ~C open a command line ~R request rekey ~V/v decrease/increase verbosity (LogLevel) ~^Z suspend ssh ~# list forwarded connections ~& background ssh (when waiting for connections to terminate) ~?

perfomance checklist

Perfomance checklist for SRE’s Linux Perf Analysis in 60s uptime load averages dmesg -T | tail kernel errors vmstat 1 overall stats by time mpstat -P ALL 1 CPU balance pidstat 1 process usage iostat -xz 1 disk I/O free -m memory usage sar -n DEV 1 network I/O sar -n TCP,ETCP 1 TCP stats top check overview Linux Disk Checklist iostat -xz 1 any disk I/O?

forward proxy

nginx forward proxy Server configuration: server { listen 8080; location / { resolver; proxy_pass http://$http_host$uri$is_args$args; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } } Client side On the browser configure the HTTP Proxy and port. Test by checking the the IP:

leap second

A leap second is an ad-hoc one-second correction to synchronize atomic timescales with Earth rotation. It is possible to test whether a leap second will be used. Due to the nature of NTP, the test might work up to 24 hours before the leap second. Some major reference clock sources only announce leap seconds one hour ahead of the event. Query the NTP daemon: ntpq -c 'rv 0 leap' To update/sync:

vm tools

vmware tools guest FreeBSD While running FreeBSD as a guest on VMWARE the vm-tools can be installed with this: $ pkg install open-vm-tools-nox11 Later enable them on /etc/rc.conf: vmware_guest_vmblock_enable="YES" vmware_guest_vmhgfs_enable="YES" vmware_guest_vmmemctl_enable="YES" vmware_guest_vmxnet_enable="YES" vmware_guestd_enable="YES"