IT notes

Bhyve Ubuntu

In /etc.rc.conf: cloned_interfaces="lo1 bridge0 tap0" config_lo1="inet" autobridge_interfaces="bridge0" autobridge_bridge0="tap* igb0" ifconfig_bridge0="addm igb0 addm tap0 up description bhyve" In /boot/loader.conf: vmm_load="YES" nmdm_load="YES" Check that you have: sysctl Create the volume: zfs create -V100G -o volmode=dev tank/ubuntuvm Install: pkg install uefi-edk2-bhyve this will create /usr/local/share/uefi-firmware/BHYVE_UEFI.fd Setup and install: bhyve -AHP -w \ -s 1:0,lpc \ -s 2:0,virtio-net,tap0 \ -s 3:0,ahci-cd,/tank/iso/ubuntu-20.04.2-live-server-amd64.iso \ -s 4:0,virtio-blk,/dev/zvol/tank/ubuntuvm \ -s 29,fbuf,tcp=,w=800,h=600,wait \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.


When using AWS SES if trying to send mail to root you could get something like: 554 Transaction failed: Missiong final '@domain' AWS requires that the FROM and TO have a @domain so need to modify /etc/mail.rc and add the alias like: alias root root<[email protected]>

vultr shutdown -o -n -r now

To prevent the system to hang on “detaching uhub0” reboot using the flag -n: shutdown -o -n -r now

pip upgrade

Upgrade using: pip list --outdated --format=freeze | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip3 install --upgrade --user

gpg: selecting card failed: Operation not supported by device

If using a yubikey and getting this: gpg: selecting card failed: Operation not supported by device gpg: OpenPGP card not available: Operation not supported by device Add to ~/.gnupg/scdaemon.conf disable-ccid To debug you could use: reader-port Yubico Yubi debug-all debug-level guru disable-ccid log-file /tmp/scd.log

Pipenv Pyinstaller

Create a basic hello world using flask: mkdir /tmp/project cd /tmp/project Create from flask import Flask app = Flask(__name__) @app.route("/") def hello(): return 'Hello World!' if __name__ == '__main__':'') Instal flask:  pipenv install flask test the app: pipenv shell python Install pyinstaller: pipenv install pyinstaller Create the requirements.txt: pipenv run pip freeze > requirements.txt Create the binary:  pyinstaller --onefile app.

ZFS encryption

Create an encrypted file system: zfs create -o encryption=on -o keyformat=passphrase -o keylocation=prompt tank/test-enc Check encryption: $ zfs get encryption tank/test-enc NAME PROPERTY VALUE SOURCE tank/test-enc encryption aes-256-gcm - Check status: zfs get -p encryption,keystatus,keyformat,keylocation,encryptionroot

ssh comment

Create a new pair of ssh keys RSA with a custom comment: ssh-keygen -C "monkey" -t rsa -b 4096 -o -a 100 -f /tmp/monkey


To remove a user from the login screen when booting and login from the first time: sudo fdesetup remove -user monkey The user will not be listed any more in the login screen, but you will need first logging with a user that can decrypt the disk and then switch to your user. Note this will not delete or remove the user account

ssh only password

When using ssh if you only need to use password (no keys): ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no <host>


To download rpms for using them in an offline environment, install first yumdownloader: yum install yum-utils Create a directory to store the rpm's: mkdir /tmp/rpms Download the rpms: yumdownloader --destdir=/tmp/rpms --resolve MariaDB-server galera-4 MariaDB-client MariaDB-shared MariaDB-backup MariaDB-common


To install PostgreSQL client on macOS: brew doctor brew update brew install libpq Test: $ psql -V psql (PostgreSQL) 13.2

Flush DNS

To flush DNS on macOS: sudo killall -HUP mDNSResponder;sudo killall mDNSResponderHelper;sudo dscacheutil -flushcache

Centos Disable Ipv6

Edit file /etc/default/grub and add ipv6.disable=1, example: # cat /etc/default/grub GRUB_TIMEOUT=5 GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="ipv6.disable=1 crashkernel=auto rhgb quiet" GRUB_DISABLE_RECOVERY="true" Then regenerate and reboot: grub2-mkconfig -o /boot/grub2/grub.cfg And reboot Using sysctl (no need to reboot), append below lines in /etc/sysctl.conf: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 Then run: sysctl -p


Setup up and configure your jail, then create user storj: pw useradd -n storj -m Clone and get and install latest version: git clone -b v1.14.7 storj cd storj go install -race -v Create a dir to contanin the identity and storage: mkdir /mnt/storj chown -R storj:storj /mnt/storj In the main host create the file system to be used in the jail: zfs create tank/storj Create fstat.


To reduce/compress a video size you could use: ffmpeg -i -vcodec libx265 -crf 28 output.mp4 Be aware that libx265 is not supported in many players so you can always fallback to H.264: ffmpeg -i output.mp4


Create a favicon from a .png using imagemagick convert: convert favicon.png -define icon:auto-resize=64,48,32,16 favicon.ico

Import large dump

To import a large dump (~300GB) you could do: Split your file first: csplit -s -ftable dump.sql "/-- Table structure for table/" {999} You could also use the pattern {*} but you need the gcsplit: pkg install coreutils BSD csplit don’t support {*} Then try: gcsplit -s -ftable dump.sql "/-- Table structure for table/" {*} Create small INSERT chunks: gsplit -a 3 -d -n l/200 table05 x_ l/N split into N files without splitting lines/records

Delete in chunks

To delete a big/huge table in chunks, you could create this store procedure, but the performance at the end depends of how good/normalized is your database (indexes): A stored procedure is a prepared SQL code that you can save, so the code can be reused over and over again. Such procedures are stored in the database data dictionary. Connect to the database and select the database: mysql> \u my_database Database changed To list stored procedures

Bypass AllowTcpForwarding

To bypass AllowTcpForwarding no try using socat and nc: socat TCP-LISTEN:<local port>,reuseaddr,fork "EXEC:ssh <server> nc localhost <remote port>" For example from your desktop run: socat TCP-LISTEN:8080,reuseaddr,fork "EXEC:ssh nc 3000" This will listen on local port 8080 connect via ssh to and use nc to connect