Do you use let's encrypt?

1005 votes ~ 8 comments


XML Logo

Posted by emeitner on Tue 22 Feb 2011 at 23:50
Tags: none.

We have a two server cluster connected via a gigE crossover cable for Heartbeat and DRBD traffic. One of the nodes has developed a problem where the on-board ethernet interface is not available to the system after a crash....

One day one of the nodes crashed and didn't seem to come back. Dead? Not sure. It certainly was not reachable. I was at home and unable to go to the server a timely manner. Upon looking at the crossover traffic on the working node I saw the "dead" one ARPing for the default gateway( That meant that for some reason what was eth1 was now eth0 on the problematic machine. How do I get into the machine when one machine's interface( was connected to the other was on a different( subnet?

To get to the messed up server( I created a script:

ifconfig eth1:20 netmask
ip rou add dev eth1
arp -d
ssh me@
ip rou del dev eth1
ifconfig eth1:20 down

Run it, log in and issue "sudo reboot". Wait. Be happy. The only problem was that this may have interrupted any traffic that was going to/from the server via the default gateway.


Posted by emeitner on Wed 28 Apr 2010 at 18:51
Tags: none.

I recently upgraded the backup server at work. I was running Etch with BackupPC 3.1.0 from It is now running Lenny with BackupPC 3.1.0 from the Debian Lenny repository.

We do a daily dump of a number of backups to an external eSATA disk for sending off site. The backups are created using BackupPC_archiveHost wrapped in a script I wrote. The backups are written gzip compressed and encrypted with GnuPG.

Ever since the upgrade the writing of the off site backups has been taking up to 50% longer with a very noticeable increase in system load. Something has become inefficient as a result of the upgrade.

* Booted the box on the previous Etch kernel. No change. Must be in userspace.
* Tested the performance of current and Etch versions of gzip and gpg. not much difference

Still investigating.....


Posted by emeitner on Sun 21 Mar 2010 at 00:53
Tags: none.
I wanted to reset a USB device without manually unplugging and replugging it so that I could see if the newly compiled modules would load OK. Someone suggested:
echo suspend >/sys/bus/usb/devices/5-2/power/level
echo auto >/sys/bus/usb/devices/5-2/power/level
This did not work for me. This did:
echo 0 > /sys/bus/usb/devices/5-2/authorized
echo 1 > /sys/bus/usb/devices/5-2/authorized


Posted by emeitner on Thu 21 Dec 2006 at 16:46
Tags: none.

I am looking for some feedback from people running Linux on HP Proliant hardware, specifically the ML110 G3. I have heard from Wouter V.( ) that he has installed Debian on ML100 servers using the kernel provided at . This was required for full SATA support.

The Debian Wiki notes that the ML110G4 works on the D-I from 2006-11-21.(Even mentions that the RAID works with the cciss drivers.

Has anybody run the HP Lights-Out Drivers and Agents (hprsm) on the ML100 hardware with a LO100c card?? Any information would be greatly appreciated.


Posted by emeitner on Wed 4 Oct 2006 at 16:31
Tags: none.
VMWare Server Console on Edgy Eft(beta) would just hang and consume a lot of CPU time when run. I found(here) how to get it to run:
LD_PRELOAD=/usr/lib/$LD_PRELOAD vmware-server-console


Posted by emeitner on Sun 4 Jun 2006 at 05:09
Tags: none.

On my IBM T42 work laptop running Ubuntu "Drake"(FGLRX drivers from the xorg-driver-fglrx package) I found that the GPU temperature was at 120F when idle. First, I did not like that the fan was running all the time(now that it is summer) just to cool an idle chip. Second, I did not like this additional drain on the batteries.

Using info gleaned from here[] I did the following:

Created /etc/acpi/ac.d/


if [ -x $ATICONFIG ] ; then
        su $user -c "($ATICONFIG --set-powerstate=2)"

And /etc/acpi/battery.d/

if [ -x $ATICONFIG ] ; then
        su $user -c  "($ATICONFIG --set-powerstate=1)"
It helps somewhat. The fan still runs continuously but now the GPU only runs at 115F when idle. There is always Rovclock[]. Maybe I'll try that later.(it seems to me that a "powernowd" for the GPU is what we need. How would one gauge the load on the GPU though?)


Posted by emeitner on Wed 1 Mar 2006 at 03:35
Tags: none.
This is a question relating to packaging and un/installation scripts.

Assume that a user wants to install an application, lets call it 'GFoo', and s/he runs a point and click installer and it says one needs to also install the dependency 'tBar' - the hard to use command-line application that GFoo is a GUI for. The user just says 'Ok' and has the application installed.

Now when the user no longer wants 'GFoo' and removes it, s/he will most likely end up with tBar just laying around taking up disk space.

So with the perspective of packaging applications for the ordinary desktop user - where we don't want to bother them with concepts of dependencies and orhpans - can the packager also prompt the user if s/he wants to remove 'tBar' when uninstalling GFoo? Is there a Debian Policy legal way of doing this?


Posted by emeitner on Thu 19 Jan 2006 at 03:15
Tags: none.

So I found myself with the results a bad choice: "Hey, THAT bleeding edge package update will suit my needs perfectly!" Well it did not. So I downgraded:

$ sudo $EDITOR /etc/apt/sources.list
[ disable the repository that I got the package from]
$ sudo apt-get update
$ sudo dpkg -P --force-depends the-package
[insert various warnings here]
$sudo apt-get install the-package

Carefull here. Note the '-P' switch meaning 'PURGE config'. Backup your valued configs first! I needed to purge the configs because I knew that they may not have been compatible between versions.

Ok, now what about the numerous dependencies that I did not pay any attention to during the upgrade? I want to make sure they are back to their original versions also. What I really wanted was a way to list all installed packages that have version numbers greater that what is in the APT cache(in the repository). Enter 'apt-show-versions'.

$ sudo apt-get install apt-show-versions
$ apt-show-versions | grep ' newer '
lib-the-package 3.1415-9 newer than version in archive

Excellent. Now just remove and reinstall.


Posted by emeitner on Tue 17 Jan 2006 at 23:31
Tags: none.

A quick little script to automatically enable Firestarter[1] when Network Manager[2] enables an interface. This is for Ubuntu/Breezy or bleeding edge Debian. Put it in /etc/NetworkManager/dispatcher.d


source /etc/firestarter/configuration 2>&1

# Check to see if the interface that changed is the one currently
# protected by firestarter. If not, quit.
[ "$1" != "$IF" ] && exit

# Check the current status of Firestarter
[ -e /var/lock/subsys/firestarter -o -e /var/lock/firestarter ]

case "$2" in
                [ "$fs_status" -gt 0 ] && /etc/init.d/firestarter start
                ## Uncomment the following line to allow this script to
                ## turn off the firewall when the interface goes down.
                #[ "$fs_status" -eq 0 ] && /etc/init.d/firestarter stop

By default it does not disable the firewall when the interface goes down because I prefer to do that myself. [1],
[2] ,


Posted by emeitner on Tue 27 Dec 2005 at 22:11
Tags: none.
I'm running:
INITRD_OK=yes make-kpkg \
        --initrd \
        --revision=1 \
yet no initrd image is created in the package. There is no indication that it is even trying. Of course I can create one manually, but I would prefer to have it in the same package for our internal package repository.