warn of SSL certificate expiry

So you have been tasked to write a cron job to warn when your site's SSL certificate(s) will soon expire and send email to the responsible person. An expired SSL certificate is at best embarrassing and at worst can cause significant business disruption. There are various ways to do this task.

Nagios has a plugin to check and warn about imminently expiring certificates.

If you have the openssl tools installed you can do it from the command line as shown in this blog post. You should be able to parse the returned date string with the GNU date command and convert it to a number of seconds since the Unix epoch for comparison with the current date to check if expiry is imminent.

I preferred to use Perl. There is a very useful Perl module Net::SSL::ExpireDate by Masaaki Hirose which provided exactly what I wanted. The example is self-explanatory.

On a Debian system other CPAN modules are required, fortunately all of them already in Debian so you only have install those with apt-get, then build, test and install Net::SSL::ExpireDate. Here are the modules I had to install, however there may be other dependencies that were already installed on my system, so this list may not be exhaustive.

libclass-accessor-perl
libcrypt-openssl-x509-perl
libdatetime-perl
libtimedate-perl
libtime-duration-parse-perl
libuniversal-require-perl

The Perl script I wrote was 13 lines long.

enable ext4 for RHEL/Centos 5.6+ installs

This tip doesn't get enough publicity so I'm repeating it here:

Installing on ext4

Note the limitation on boot filesystems. I used it for the /home filesystem for better performance.

And if you forget during install time, you can still convert ext3 to ext4 afterwards, a search will find you many pages on how to do this.

vncserver won't start on CentOS 5

CentOS/RHEL has a vncserver script which is configured to start instances for users specified in /etc/sysconfig/vncservers. The format is documented in the comments in that file.

I copied this from a host that I was making a copy of, ran /etc/init.d/vncserver start and it failed. Running the script again with sh -vx /etc/init.d/vncserver start showed me that it was failing on the first user at this line:

runuser -l ${USER} -c "cd ~${USER} && [ -f .vnc/passwd ] && vncserver :${DISP} ${VNCUSERARGS}"

Of course! I had forgotten to copy the .vnc/passwd file for each user across so the servers were failing to start. If this is a new machine, then you need to create passwords for each user first. It's a pity that the script doesn't inform you what really happened.

As an aside, I modified this line:

[ "$RETVAL" -ne 0 ] && break

to:

[ "$RETVAL" -ne 0 ] && echo "Warning: ${USER}:${DISP} not started"

so that the script would not die at the first user that caused an error.

But the script is not very sophisticated and doesn't allow for example starting VNC for a single user that you've added to the configuration.

You don't need iTunes

Well, with a provocative title like that I should explain that I have tricked you a bit. You don't need iTunes to reset a first generation iPod Shuffle (gumstick) if it has gone out of its mind. Mine was flashing the green and orange LEDs alternately.

The usual advice is to install iTunes and to repair the iPod filesystem. However if you don't mind resetting everything, and there is little to lose on a 512MB or 1GB Shuffle, you can go straight to this reset utility from Apple and not have to download and install the big iTunes software package. At the same time this will update the software to the final version released. As the article states, you may need to try a few times. Mine worked on the second attempt.

I don't think this tip has a large audience as most first generation Shuffles are dead now as those models were released in 2005. Mine's still going strong though. I wonder when the flash memory and rechargeable cells will wear out.

Incidentally I can highly recommend the open source shuffle DB software. With this Python script installed in the Shuffle, and a Python interpreter on the host, you don't need complicated tune management software. Just copy the files onto the Shuffle and then run the program to build a playlist that the Shuffle will understand.

Is Trackerbird maxing out your CPU? Here's how to remove it

After my recent OS upgrade I found that Thunderbird would pop up a dialog box every now and then saying that a script had stopped responding. A top command showed Thunderbird was consuming all of one CPU. I have multiple cores but this would be a problem for people with a single core, and in addition isn't good for power consumption. Also the status bar at the bottom showed either thousands of items remaining to be indexed, or Initializing...

A search showed somebody with the same issue. My situation was worse. Even though I disabled Trackerbird from the Addons Manager, I could not shut Thunderbird down properly to run without this addon. Every time I started up Thunderbird, it said I had to restart to disable Trackerbird. In addition, there was no Remove button. A search showed that the addon is a system one, and comes from tracker-miner-thunderbird. Removing the package with zypper fixed the problem once and for all. No more items remaining to index, no more maxing out one CPU. The package may be named different in your distro; mine is openSUSE.

I surmise that some of my mailboxes, being POPS or IMAPS connections that are not always connected, caused Trackerbird to spin its wheels trying to index the mailboxes.

As a personal gripe, why do Linux desktops foist indexing tools upon me without asking me if I want my data indexed or not? I have no use for indexing since I know where my documents are. I've also disabled akonadi, nepomuk and strigi because they were eating up CPU for no benefit to me. Answers to me on the back of a postage stamp.

sox, rec, and play stopped working with ALSA?

I upgraded my openSUSE installation from 12.1 to 12.2 recently and to my chagrin, my audio recording script stopped working. I use references to ALSA devices such as hw:1. The error message was cryptic:

rec FAIL formats: can't open output file `hw:1': can not open audio device: Invalid argument

After a lot of searching, I found the answer. The base cause is that in libsox2, which openSUSE 12.2 uses instead of libsox1, has separated out the Linux specific ALSA support into a separate shared object which is not loaded unless you set the environment variable AUDIODRIVER=alsa. So this is what I had to do in my script:

export AUDIODRIVER=alsa
export AUDIODEV=hw:1
rec ... program.wav

You are supposed to be able to use -t alsa in the options of rec but I had no luck with that.

Similarly for the play command which is just a link to sox like rec.

If you are just using the default sound device, you may not hit this bug as it may fall back to pulseaudio support. It's only when you must target a specific ALSA sound card that this bug manifests itself.

Here is the bug report that was the crucial clue.

Blacklist a command in bash

I have an alias called nf. Sometimes due to fat fingers I end up typing mf and this starts up Metafont, which is installed because I use TeX, then I would have to exit it. I got tired of this and added this alias to $HOME/.alias:

alias mf='echo "Use \\mf if you really want metafont"'

If I really want to run mf, which is rarely, I can type \mf at the command line as the \ stops alias expansion. Invocations from shell scripts and Makefiles are not affected as $HOME/.alias is only read in by interactive shells.

BTW, please do not use this technique to block shell users from executing certain commands by aliasing them to something else. It's trivial to bypass in just the way I've shown.