Hey Flickr …

May 23rd, 2013

Hello Flickr,

next time that you remember that I did set up an account in 2006 and send me an email please make sure that your stuff, actually, well, how I can put this: works.

I knew about you. All along. I didn’t us you. Many reasons. Now there is 1TB of storage. That’s great. Just that I was unable to upload anythings since your uploader is broken.

Maybe wait another 7 years, and content me again if you have something else worth looking at. You had my attention. Bummer that you were not ready for it.

- your truly

May 23rd, 2013

When installing opendkim on a Centos 5.7 or 5.9 system following the wonderful howto by Steven Jenkins mail stops going out and the maillog shows:

May 23 12:55:53 her9 postfix/cleanup[4836]: warning: cannot receive milters via service cleanup socket socket
May 23 12:55:53 her9 postfix/smtpd[4832]: warning: premature end-of-input on public/cleanup socket while reading input attribute name
May 23 12:55:53 her9 postfix/smtpd[4832]: warning: cannot send milters to service public/cleanup socket
May 23 12:55:53 her9 postfix/smtpd[4832]: 8DBDB4D48004: client=localhost.localdomain[]
May 23 12:55:53 her9 postfix/master[4824]: warning: process /usr/libexec/postfix/cleanup pid 4836 killed by signal 11
May 23 12:55:53 her9 postfix/master[4824]: warning: /usr/libexec/postfix/cleanup: bad command startup -- throttling

The syslog is even scarier:

May 23 12:55:53 her9 kernel: cleanup[4836]: segfault at 0000000000000008 rip 00002b152350db10 rsp 00007fff855746e8 error 6

Yes, a segfault. Things work better when SELinux gets disabled.
Without going deeply into the reason of this incompatibility the following commands make opendkim work while SELinux is still active.

This command will show you what did cause trouble today, and convert it already in to the syntax for an ‘allow’:

ausearch -m avc -ts today | audit2allow
If what you see is indeed only about opendkim you then can go ahead and install this:
ausearch -m avc -ts today | audit2allow -M yourdesiredmodulename
semodule -i yourdesiredmodulename.pp

Things work much better then.

The Centos SELinux How To is a helpful resource for this kind of thing.

infinite sar display - neat option

May 21st, 2013

wanting watch sar run in a terminal in linux indefinitely one can start it with

sar 1 0

The first number indicates the sampling time in seconds. The second number is usually the number of samples you like ot see.

If this number is 0 then sar will not stop. And as another bonus will look at how large the terminal is and will display a new header

Command line can be user friendly. I really like those little gems that show up in all software: People spending their time to make something better. It is like a little gift to the world. With software the value of even a little detail can potentially be significant. Which is an awesome thing.

For all we know it might very well be that the feature described here will please people in a hundred years from now.

I don’t think that mankind will manage to drop unix at this point. Neither can it give up on the use of steel. Yes there might be new systems, much like there have been new materials.

The new gets all the attention. But in many cases the new will not replace the old entirely. Only journalists tend to think that way. In reality the findings of Mr Newton help Boeing and Airbus today to build tubes with wings that shuttle people around the globe close to the sound of speed.