Log in

Agnus Dei's Journal

> recent entries
> calendar
> friends
> profile
> previous 20 entries

Friday, May 13th, 2016
3:39 pm - Back in Facebook Jail... again.

This has now happened to me TWICE.

I was just suspended from Facebook AGAIN.  And again, it's because someone reported one of my photos. A photo which contains NO NUDITY, and yet Facbeook removed it for "Nudity" and I'm suspended from Facebook again.


And yet I was suspended from Facebook for this.

(comment on this)

Monday, May 2nd, 2016
2:38 pm - How to get crons to work with EDT vs EST on a Ubuntu
Since Ubuntu does not recognize the CRON_TZ varaible in cron, I wrote this little test to make it so this cron will always run at the same time everyday at 7:01am.

#This crons runs at 7:01am every day regardless of EDT or EST.
1 11 * * * root test `TZ=America/New_York date +"\%Z"` = "EDT" && my_script_here
1 12 * * * root test `TZ=America/New_York date +"\%Z"` = "EST" && my_script_here

(comment on this)

Thursday, April 14th, 2016
11:51 am - How to run crons that are unaffected by EDT/EST time change.

The problem with running crons with UDT is that if you want them to run at the same time relative to East Coast time, you'll have to change all your crons when EST<->EDT time switches. And that's a real pain.

For example, I have a cron that runs at 7 AM every morning. I convert that to UTC and put in my cron as 11 UTC.
Then the clocks change, and guess what? 11 UTC is no longer 7am. It's now 6am instead. And I dont' want my cron to run at 6am. I want it to run at 7am. So I have to go change all my crons to change the hour when EDT<->EST happens.

I found a way around that, that allows me to keep my systems in UTC AND not be affected by EDT<->EST time change.

For example, if you want a cron to run at 11:43AM every day no matter what, he's how:

Example 1 (date prints in UTC):

[root@XXXXXX]# cat /etc/cron.d/cron_test 
# this should run at 11:43 am East Coast time regardless of EDT/EST
43 11 * * * root date >> /var/log/cron-test.out

Example 2 (force date to print in EDT/EST time):

[root@XXXXXX]# cat /etc/cron.d/cron_test 
# this should run at 11:43 am East Coast time regardless of EDT/EST
43 11 * * * root TZ="America/New_York" date >> /var/log/cron-test.out

(comment on this)

Tuesday, March 29th, 2016
10:54 pm - Google is BLOCKING DNS for www.thepiratebay.se
This is interesting. Google is BLOCKING DNS for www.thepiratebay.se

$ nslookup www.thepriatebay.se

** server can't find www.thepriatebay.se: NXDOMAIN

(comment on this)

Sunday, March 20th, 2016
4:49 pm - How to run processes in parallel in bash and use pipelining.
This one's even better than the last.

The last one would wait until the last process in the batch was finished before starting a new batch.

This one starts a new process as soon as one exits up until the limit of the max allowed.


(comment on this)

Friday, March 18th, 2016
3:41 pm - How to do Rate Limiting on While Looped Backgrounded/Forked Processes in Bash For Parallelism
MAX_BATCH_FILES_COUNT=5    # how many log files to work at the same time
for i in `find /x/FILES -name "*gz" |sort`; do
        let "open_files++"  # increment open files count
        # echo $i
        print_errors_count $i &  # this function does all my heavy work, and is forked into background
        if [[ "$open_files" -ge "$MAX_BATCH_FILES_COUNT" ]]; then
                echo "WAITING NOW.  open files=$open_files"
                open_files=0   # Reset back to zero
                for pid in ${pids[*]}; do
                        wait $pid;   # this will wait for them all to exit before starting the next batch
                echo "open_files=$open_files"

(comment on this)

Thursday, February 11th, 2016
2:25 pm - bash script for telling you when your Kerberos password is going to expire (freeipa)


if [[ "$USER" == "root" ]];then

LDAPDATA=`ldapsearch -N -Y GSSAPI -h $LDAPSERVER -b "cn=users,cn=accounts,dc=XXXXX,dc=XXXXX,dc=com" uid=$USER krbPasswordExpiration 2>&1`
if [[ $? -ne 0 ]]; then
    echo "ldapsearch command failed. Do you have valid Kerberos tickets for $USER?"
EXPIRE_DATE_TIME=`/bin/echo $LDAPDATA |grep "krbPasswordExpiration:"`
if [[ $? -ne 0 ]]; then
    echo "ldapsearch command failed. No krbPasswordExpiration data returned for $USER"
EXPIRE_DATE_TIME=`/bin/echo $EXPIRE_DATE_TIME |sed -r "s/.*krbPasswordExpiration: ([0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9])([0-9][0-9][0-9][0-9]).*/\1 \2/"  `
NOW_DATE_EPOCH=`date +%s`
DAYS=`expr $DATE_DIFF / 86400`
echo "Your Kerberos Password expires in $DAYS days ($USER, `date -d @${EXPIRE_DATE_EPOCH}`)"

(comment on this)

Tuesday, February 9th, 2016
1:54 pm - undocumented flag in mtr
MTR has a --first-ttl (or -f) option that does NOT show up in the man page for mtr.

The default for this value is 1.

/usr/sbin/mtr --first-ttl 5 --report-wide --report --report-cycles 10 www.google.com

(comment on this)

Monday, February 1st, 2016
10:15 am - Using associative arrays in bash (Example)
Example of using associative arrays in bash.

declare -A ELB_REGION=(

# Test for each ELB
for ELB in "${!ELB_REGION[@]}"
        RESULTS=`/usr/local/bin/check_elb_health.sh -r  ${ELB_REGION[$ELB]} -c ${ELB_CRITIALLIMIT[$ELB]}  $ELB`
        # RETURNCODE=2  # set for debugging
        track_worst_result $RETURNCODE  # External function

        # Capture the results for any bad checks
        if [[ "$RETURNCODE" -gt "0" ]]; then

(comment on this)

10:12 am - Using standard arrays in bash (Example)
Example of using standard arrays on bash.

# ELB's to check
ELBARRAY[0]="AAAA-ELB"     # dev

#Matching regions to the above

#CRITICAL LIMIT - Set to -1 for dev servers so they can't alarm critical
CRITLIMIT[0]="-1"  # dev ELB

# Test for each ELB
for foofoo in "${ELBARRAY[@]}"
    RESULTS=`/usr/local/bin/check_elb_health.sh -r ${REGION[$INDEX]} -c ${CRITLIMIT[$INDEX]}  ${ELBARRAY[$INDEX]}`
    # RETURNCODE=2  # set for debugging
    track_worst_result $RETURNCODE  # external function

    # Capture the results for any bad checks
    if [[ "$RETURNCODE" -gt "0" ]]; then

(comment on this)

Sunday, January 31st, 2016
10:20 am - Converting mkv to m4v/mp4 for use with Connect 360

This is a how to for converting mkv files to mp4 on a mac for use with Xbox360 (Connect 360).


I've been doing the same thing for years using "video passthrough" with ffmpeg.   Here's my script for that using ffmpeg:

$ cat ~/bin/convert-2-m4v.sh

echo $1
NAME=`echo $1| rev | cut -d. -f2- |rev`
echo $NAME

/opt/local/binary_downloads/ffmpeg -i $1 -vcodec copy -acodec copy $NAME.m4v

(comment on this)

Friday, January 29th, 2016
3:01 pm - Mac OS X's "new" default firewall is Packet Filter ("pf")
A good read on PF for Mac OS X:


(comment on this)

Wednesday, January 13th, 2016
3:37 pm - Daisy Chaining SSH Tunnels

This allows me to connect to a remote database from my desktop by daisy chaining ssh tunnels through a jump host to the remote database.

This way the data is moved over the network encrypted and secure.   In my case all logins are done using GSSAPI (kerberos ticket forwarding).

In a terminal:

# export RANDOMPORT=$RANDOM ; ssh brad.allison@hostname-1.com -L3308:0:$RANDOMPORT RANDOMPORT=$RANDOMPORT ssh brad.allison@hostname-2.com -L$RANDOMPORT:0:3306

OR MUCH EASIER (use ProxyCommand, requires netcat though):

# ssh -o "ProxyCommand ssh brad.allison@hostaname-1.com nc %h %p" -l brad.allison hostname-2.com -L3308:0:3306

Then on my local desktop, run the mysql client (I bound the tunnel to port 3308 locally):

# mysql -uroot -p -h0 -P3308

(comment on this)

Tuesday, January 12th, 2016
11:39 am - Linux: How to find process not releasing disk space back to the OS

Super cool trick to see what process is holding up disk space for a file handle for a file that's already been deleted.

This is wonderful.

An example would be seeing disk utilization at 80% and you clean out all the disk space and the utilization is still at 80%.

This happens when a process is holding a file handle open for a file who's content has been removed.

Here's how you find the PID of the process holding open file handles for deleted files:

lsof | grep deleted

(comment on this)

Saturday, January 9th, 2016
1:14 am - COMCAST SUCKS!
$ traceroute
traceroute to (, 64 hops max, 52 byte packets
 1 (  1.939 ms  2.573 ms  1.246 ms
 2  XXXXXXXXX (XXXXXXXXX)  14.551 ms  11.536 ms  9.963 ms
 3 (  9.462 ms  12.051 ms  132.984 ms
 4  xe-8-0-1-0-sur06.pompanobeach.fl.pompano.comcast.net (  10.924 ms
    xe-11-0-0-0-sur06.pompanobeach.fl.pompano.comcast.net (  12.395 ms
    xe-11-1-2-0-sur06.pompanobeach.fl.pompano.comcast.net (  10.251 ms
 5  te-0-3-0-20-ar01.pompanobeach.fl.pompano.comcast.net (  10.476 ms
    te-0-3-0-22-ar01.pompanobeach.fl.pompano.comcast.net (  10.363 ms
    te-0-3-0-23-ar01.pompanobeach.fl.pompano.comcast.net (  10.483 ms
 6  * * *
 7  * * *
 8  * * *
 9  * *^C

(comment on this)

Tuesday, December 29th, 2015
12:24 am - Review of "The Final Girls"
I watched "The Final Girls" last night and really enjoyed it. It's part of this new genre of what I'm calling "meta-horror" movies that are not really horror movies but more thoughtful post-modern (if you will) views on classic horror movies.
Examples of "meta-horror" movies would be "Cabin in the Woods", "It Follows", "The Final Girls", and even back to "Scream." Some are more self aware than others. For example, "The Final Girls" is completely self aware that it's breaking down the components of a class horror movie and using them to the advantage of the heroes. The heroes know they are trapped in a horror movie.
"Cabin in the Woods" was completely meta-horror. You have to be a fan of horror movies to even understand all the references in the movie. Plus like the board in the control room is a list of horror movie archetypes.
Even "Scream" was meta-horror as they broke down for you the plot points of a horror movie.
But "It Follows" was different. "It Follows" was meta-horror, but it didn't throw it in your face. The characters were not aware they were in a horror movie. But it was meta-horror because it was playing on the archetypes of a classic horror movie. For example, a person who has sex in a horror movie is going to die. Well that's like the whole plot line of "It Follows."
So did I like "The Final Girls." Yes. Very enjoyable for a horror movie fan. Would everyone like "The Final Girls?" Probably not. But I'd still watch it again.

(comment on this)

Friday, December 25th, 2015
2:23 pm - I'm in Facebook Jail

I'm in Facebook Jail... but why I'm in Facbeook Jail is a bit infuriating.  Especially given that there's no human being to talk to about it.

I posted the same photo twice on facebook.   The original was uneditted.  The second time, I had adjusted the shadows and contrast a little on my phone via Photoshop Express app.

The photo is below.  It's a photo of me standing next to the pool.  The statue does not count according to the Community Standards on nudity.  Artwork, statues and figurines are allowed.

1- First the original was flagged for "nudity" on Facebook.  Even though there's no nudity in it.

2- The the contrast adjusted one was flagged for "nudity".   The contrast adjusted one was then removed by Facebook for "nudity" even though there's no nudity in the photo.

3- Then the original was reviewed by Facebook and deemed to contain NO COMMUNITY VIOLATIONS, and was NOT removed because there was NO community standards violations:

4- So then I took a screenshot of the photo being removed above along with the "We removed the content" and posted it on Facebook ALONG WITH the screenshot showing that it had been reviewed and found to contain NO violation.  I posted the question, "If it's the same photo both times, and it's reviewed to contain no violations, then why was it removed?"

5- Well that got flagged for "nudity" (even though again, there's no nudity in the photo).   That was then removed and now I'm in Facebook Jail for 24 hours.... On Christmas day.  For a photo that did NOT violate any Facebook standards!

(comment on this)

Thursday, November 19th, 2015
2:38 pm - How to reroute all TCP track to a given port to another server using iptables.
[root@fdsfdsfds ~]# cat /tmp/foo.sh

REMOTEIP=  # external IP for remove server

iptables -F
iptables -t nat -F
iptables -X

iptables -t nat -A PREROUTING  -p tcp -m tcp --dport $LOCALPORT -j DNAT --to-destination $REMOTEIP:$REMOTEPORT
iptables -t nat -A POSTROUTING -j MASQUERADE

(comment on this)

10:35 am - bash code to tail a file and return the lines, but if you hit a given line, execute a function
My code blocks the tomcat port when we start up tomcat because I don't want tomcat answering web request until it's 100% up.

At the end of the rc script it tail catalina.out for you and returns the lines to your screen.

I have it wait for the "Server startup" line and when it sees the server startup line it calls the function to remove all the 
iptables block lines I've created.

removing_all_iptables_blocks() {
   # List all the current iptables rules
   #  grep just the INPUT/OUTPUT chain DROP's
   #  ignore any ipsets ('match-set')
   #  loop through them and remove them
    iptables-save |egrep -o 'INPUT.*DROP|OUTPUT.*DROP' |grep -v match-set | while read a
            /sbin/iptables -D $a


      tail -f /usr/local/tomcat/default/logs/catalina.out | while read LOGLINE
               echo "${LOGLINE}"
               [[ "${LOGLINE}" == *"Server startup in"* ]] && removing_all_iptables_blocks
      echo "Tomcat is started"

(comment on this)

Tuesday, November 3rd, 2015
10:01 pm - The true definition of Generation-Y (wikipedia is wrong)

The wikipedia definition for "Generation-Y" is simply wrong.  Wikipedia says that "Generation-Y" == "Millennials" and that's simply wrong.

See I was born in 1973 and I've always referred to myself as Generation-Y.  My brother who is 3 years older than me
is Generation-X (the "do nothing generation.")

You say, "So what's the difference?"  Simple.   Generation-Y were the pineers of the internet.  My brother just missed
the internet explosion because he's 3 years older than me.  He's Generation-X.

I'm Generation-Y.  I had one of the first 10,000 "home pages" on the internet.

But I'm not a Millennial.  So no, Generation-Y does NOT equal a Millennial.   Wikipedia is wrong.

So the clearify this once and for all:

Born in the 1960's = Generation-X
Born in the 1970's = Generation-Y
Born in the 1980's to 1990's = Millennials.

(comment on this)

> previous 20 entries
> top of page