Facebook Twitter
Linkedin LJ
Git Instagram
IPv6

My blog

I write mostly about security, mail, web and linux. My contacts are: me@andreybondarenko.com, skype andrey.bondarenko, facetime shaman007@me.com, Telegram, FB chat, WhatsApp, +420-773-591-443 or you can find me in the  Red Hat BRQ office. I am not using abondarenko@gmail.com and +7-903-7929724 any more and you will not find me in Moscow, Russia. My CV. This site can use cookies.

Ctrl + ↑ Later

Opera Neon

Funny browser: mouse multitouch, gestures, extensions, settings import, vpn, turbo, profile login – that’s all does not work. No Linux version. But tab management is really neat!

Strange things: there are 3 search engines pre-configured: google, Yandes and mail.ru. I am not located in the Russia though!

2017   desktop   mac   opera   opera neon

Google group calendars in Evolution Mail

If your organization uses Google Apps as mail service but you are using Evolution, there is no evident way to view and edit shared group calendars until recent versions. To add group calendar you need:

  1. go to calendar settings on web
  2. Calendar Address: -> ID (somenting like example.com_1d32345331343234213832@resource.calendar.google.com)
  3. Evolution -> New Calendar -> Google
  4. User name -> this ID
  5. Auth with usual name-pass or other means you use (Kerberos, OTP) in the window appear.
  6. Allow Evolution to use the Google’s resources.
2017   desktop   IT   linux

DKIM=temperror

Recently I have checked my messages headers of the mail that comes from the andreybondarenko.com MX and found that Google shows that my DKIM signature is invalid:

Authentication-Results: mx.google.com; dkim=temperror (no key for
 signature) header.i=@andreybondarenko.com;

In the spam score section:

DKIM_SIGNED,T_DKIM_INVALID

However the header itself is present:

DKIM-Filter: OpenDKIM Filter v2.10.3 andreybondrenko.com CE25780BAC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=andreybondarenko.com; s=default; t=1483634085;
        bh=w00tuUhwty0/5n/YHiopiY3PpnqKT5BLK9l6TkDNUUk=;
        h=Subject:From:Reply-To:To:Date:From;
        b=J5qB5RF9lrOho1wBpLyLi5a6CwIHZK1sugCr2wpwnPKwEg76RFv2/y8xaiwquqftX
         VhTJH9NLJXcPdu8k8/zN/sc8P1RksNR9EvDw6k2YNEKoeMsKMGgyMC4kAAhcT31IgX
         eqnIqWxhVTVdjRqrqzNPn0wuBbGJgO2bwmFcVsy8=

I have found that it’s quite common configuration error of the OpenDKIM, the selector you choose to store key can be chosen randomly, but the TXT record should match /etc/opendkim.conf. In my case:

##  Defines the name of the selector to be used when signing messages.
Selector   default

But the DNS record:

[user@andreybondarenko ~]$ dig TXT mail._domainkey.andreybondarenko.com

;; ANSWER SECTION:
mail._domainkey.andreybondarenko.com. 1800 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdGRWtWPPZVIg0fy7Pr0+rsBsoL6Imt1GBE/QRd3X5Izv1iAJFUsOtea
f9TI9EO/YFwoLLahzuoZM1oUU4ED3fHlItEnqXCKQhX8Zripi7gfIO+DRFEhGuQtG6OIuA6+c3ivao7DTPk/IFqY7MG5M3wMvAfV+
eIBf1VjmajSwe3wIDAQAB"

Changing ‘Selector’ to ‘mail’ and restating opendkim (it’s faster then change DNS):

Authentication-Results: mx.google.com; dkim=pass
 header.i=@andreybondarenko.com;

In the spam score section:

DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU
2017   dkim   linux   mail   security

Let’s encrypt cert updates

Let’s encrypt is wonderful, but certificate are getting expired every 3 months. Since it’s a first time I need to renew them, I have done it manually. The tool authenticates you (by default) with special file created in the .well-know/acme-challenge directory of the root, so the blog engine should not interfere or rewrite anything and should not return it’s own 404 page. Historically my nginx.conf has lots of existing redirects and rules, I am too lazy to correct and simplify it, so simple

localtion ~ .well-known {
        allow all;
    }

does not work. And I am too lazy to figure out why it is so (bad for me). So the most simple way to renew certs for me is to switch to minimal config. Putting it here for the future reference.

user  nginx;  
worker_processes  1;
error_log  /var/log/nginx/error.log;
pid        /run/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    server_names_hash_bucket_size 128;
    index   index.html index.htm;
    server { listen 80;
        listen [::]:80;
        server_name andreybondarenko.com;
location / {
                 root   /var/www/;
        }

    }
}
2016   IT   linux   nginx
2016   apple   awk   bash   IT

Moving iTunes Account to the other contry

If you are changing the country you may need to change the location of your online services as well. May be if you are moving from US to EU it’s not that important, but if you are moving from Russia to EU keeping old setting would be painful. First, payment can be only done from Russian card. Second, by Russian regulations “Russian” users’ data must be located in Russia. It’s far. And I don’t like the idea of keeping my data there.

Switching the region in the iTunes is not that easy. You need pre-requisites:

  1. You need to have address and the payment card that is issued in the same country.
  2. You need to cancel all your subscriptions. And that’s not that easy. “iTunes Music” had per-month payment basis. But “iTunes Match” is purchased for one entire year and you cannot terminate it. That made me wait 5 months!
  3. “iCloud Storage”, however, may be active.

Than you need to go to the account settings, change the store, add new credit card, re-login on all devices. Applications on the phone are working without problems (seems like this, though I didn’t have any update yet, but it’s x-mas). But not the music! You need to re-enable Match and Music subscriptions and reload all music back to the cloud. A lot of duplicated may appear in process, be prepared for that.

2016   apple   ios   IT   itunes   music

TOC and collapsible block samples

I am writing some tool for my daily work that produces fancy HTML page from RHEL, CentOS or Fedora log and config files, so it would be more easy to read them. Nothing special, just some bash scripts with sed, grep and awk that produce HTML with some CSS and JQuery.

  1. TOC I really liked: http://projects.jga.me/toc/ It’s very easy to use and implement, it just looking through the document for h1, h2, etc tags. Scope and what tags to look can be customized.
  1. Collapsible blocks sample: https://codepen.io/peternguyen/pen/hICga/

May be it would be yet another “log2html” framework in the end.

2016   bash   IT   jquery   js   linux   work

How to sort messages log

If you need to sort out what is reporting to the /var/log/messages to array in case of Red Hat Enterprise Linux or Fedora, you need to do flowing manipulations:

  1. read log;
  2. get 5th column from the log, it’s daemon name;
  3. get rid of all digits, so the daemons with different PIDs would be counted as one;
  4. get rid of all ‘/’ and replace ‘[’ and ‘]’ with ‘\[’ and ‘\]’ to keep things both readable and usable for future scripting;
  5. sort unique stuff.

in my case this gets look like:

cat /var/log/messages | awk '{ print $5 }'| sed 's/\[[0-9].*$//'|sed 's/\[/\\\[/g' | sed 's/\]/\\\]/g'| sed 's/://g' |sed 's/\///g' |sort -u``

the result is usable as array for example. My host’s result:

abrt-hook-ccpp
at-spi-bus-launcher
audit
avahi-daemon
blueman.desktop
blueman-mechanism
bluetoothd
chronyd
cinnamon-killer-daemon
cinnamon-session
com.redhat.imsettings
...
skip
...
tracker-store.desktop
udisksd
usrlibexecgdm-x-session
vmware-user.desktop
wpa_supplicant
2016   awk   bash   centos   fedora   IT   rhel   scripting
Ctrl + ↓ Earlier