How old are Official Docker images?

TL;DR CentOS base images sucks! They’re old, not updated for months! As a professional DevOps I concern about a lot of things… but security is always close to the top of the list. With Docker build environments and deployments became much more stable, which often is a result of just being stale ;/ I’ve been talking about this for long time but it’s still hard for people to believe it....

2021-01-28 · 2 min

Bye Bye Wordpress!

I started my blog on custom (written by my) engine, but as I didn’t had enough time to enhance it I switched to Wordpress. I’ve been using Wordpress as an engine of my blog for past 8~9 years. I have small VPS with PHP + Nginx and you can find a lot of configuration examples from my config on this site 😄 There was a time, when I was really satisfied by what it provides....

2020-10-24 · 2 min
[Photo by Paul IJsendoorn from Pexels](https://www.pexels.com/photo/antelope-canyon-33041/)

Moving from Linux to MacOS – first steps

Few years ago I moved from Linux desktop to MacOS for my business, day to day work. There were 2 main reasons for that: Corporations don’t like Linux - they can’t manage it, they can’t support it, so they blocked it with “Security policy”, ISO20001, or other nonsense. Actually they’re partially right but in different place - many business collaboration applications don’t work well on LInux (or they don’t work at all) Skype for Business - there’s open source alternative but to get full support you have to pay for additional codecs (as far as I remember) - it’s not working stable even in paid version Outlook and calendar support - I love Thunderbird and I use it for years, but calendar invitations didn’t work nice (honestly, they didn’t work nice even between different Outlook versions…) Corporate VPN apps - Christ, I always was able to get it working eventually, but… why bother I’m older, maybe lazier, maybe smarter - I don’t like to spend my time resolving problems that don’t give me any value....

2020-01-04 · 7 min

Debuging commands running on memcached

I had stragne statistics on one memcached servers. I had to look what it’s doing there. I found such commands that may be used to sniff, extract and make statistics from running memcached server. Debug GET commands tcpflow -c dst port 11211 | cut -b46- | grep ^get cut command will remove 46 bytes at beginning of every string (src, dst, port). You may need to adjust numeric parameter for cut to leave commands only....

2016-07-13 · 1 min

How to stole ssh session when you’re root

It happen to me all the time that one of developers notifies me about some kind of problem that I can’t confirm from my account. Sometimes it was because of bad ssh keys configuration, other times file permissions, mostly such stuff. It’s sometimes convenient to “enter into someone’s shoes” to see what’s going on there. If you’re root on machine you may do that like this: su developer - Easy one but that’s not enough for all cases....

2016-04-27 · 1 min

pip - uninstall package with dependencies

Virtualenvs in python are cheap but from time to time you will install something with pip on your system and when time comes removing all this crap could be difficult. I found this bash snippet that will uninstall package with all dependencies: for dep in $(pip show python-neutronclient | grep Requires | sed 's/Requires: //g; s/,//g') ; do sudo pip uninstall -y $dep ; done pip uninstall -y python-neutronclient Source: http://stackoverflow....

2016-04-26 · 1 min

Daily MySQL backups with xtrabackup

I’ve been using standard MySQL dumps as backup technique on my VPS for few years. It works fine and backups were usable few times when I needed them. But in other places I’m using xtrabackup. It’s faster when crating backups and a lot faster when restoring them - they’re binary so there is no need to reevaluate all SQL create tables/inserts/etc. Backups also include my.cnf config file so restoring on other machine should be easy....

2016-04-23 · 3 min

Use bastion host with Ansible

When you deploy your application in cloud you don’t need and don’t want your hosts exposed via SSH to the world. Malware scans whole network for easy SSH access and when find something will try some brute force attacks, overloading such machines. It’s easier to have one exposed, but secured host, that doesn’t host anything and is used as proxy/gateway to access our infrastructure- it’s called bastion host. Ansible is quite easy to integrate with bastion host configuration....

2016-04-22 · 3 min

Tweaking ASUS Zenbook UX305CA on Linux

Lately I was searching for mobile notebook that I could use for remote work. I checked f ThinkPad series but they were huge bricks that have nothing in common with ‘mobile’ word. Then I saw ASUS Zenbook that I didn’t take into account before and it was exactly what I was searching for. Configuration of Skylake based notebook right now is not straightforward - there are still glitches and small bugs that are waiting to be fixed....

2016-04-21 · 11 min

Prefer IPv4 over IPv6

I try to use IPv6 where it’s available but it’s sometimes so hard… It happen quite often that I can’t download packages from repos because they weren’t configured on IPv6 vhosts even when host is available via IPv6 address. For APT you may use this trick to force IPv4 connections only: echo 'Acquire::ForceIPv4 "true";' > /etc/apt/apt.conf.d/99force-ipv4 If you need more than that, then gai.conf will allow you to filter where you will be connecting via IPv4 and where via IPv6 - in example bellow you will prefer IPv4 whenever it’s available:...

2016-03-29 · 1 min