A variety of mail address change protocols

I'm currently in the process of phasing out one email address and going through accounts I have on websites. In the process I've encountered a lot of variations on protocol and praxis. I'll start with the most secure examples:

• Confirmation required on both the old and new addresses.
• Confirmation required on the new address and notification to the old one, or vice versa.
• Can just edit and save, perhaps with notification afterwards. This is bad, anybody who gains access to the account can change it. Also what if you make a typo, then you're locked out.
• No way to edit, have to ask support to change it. Surprisingly some large sites require this. One asked me to create a new account, then they would migrate the history to it.
• There is a user initiated process but there is a glitch such as the contact email can be changed but the login ID is still the old email. Have to contact support again.
• The user initiated process doesn't work. Have to contact support.

And a lot of websites have no way to delete the account. All you can do is hope that your password is unique and encrypted securely, and that their database doesn't get stolen some day.

Don't halt boot if loopback mount fails

I mount the installation DVD image for my distribution with loopback mount so that I don't have to download packages if they are on the ISO image and up to date. To do this I have a line in /etc/fstab that looks like this:

/home/data/software/opensuse/openSUSE-Leap-42.2-DVD-x86_64.iso /srv/www/htdocs/42.2 iso9660 auto,ro,loop

The problem with this is that if for some reason the mount fails, say the ISO file has been renamed, or somehow the directory of the image or mountpoint are inaccessible, the boot process fails.

Enter the nofail option of systemd.mount. If the line is changed to this:

/home/data/software/opensuse/openSUSE-Leap-42.2-DVD-x86_64.iso /srv/www/htdocs/42.2 iso9660 auto,ro,loop,nofail,x-systemd.device-timeout=10

this prevents failure to mount from affecting the boot process. The problem can then be investigated after the machine has started up. The option x-systemd.device-timeout=10 specifies a shorter timeout than the default.

Another reason for 500 Server Error from Wordpress 4.7

I tried to login to my local installation of Wordpress last night and while the home page worked, the login page resulted in a blank screen and a HTTP 500 error in error_log.

I thought it might be the move to PHP 7 by Wordpress, although I was puzzled why since it worked the last time I used it. No luck, even after upgrading my PHP packages to PHP 7, the error persisted.

So I did what I should have done in the first place, I set display_errors = On in /etc/php7/apache2/php.ini. The error was then obvious:

PHP Fatal error:  Uncaught Error: Call to undefined function gzinflate()

An install of the php7-zlib package fixed that.

I think the reason why it stopped working was that my web browsers started requesting gzip compression. That was why when I browsed the page with w3m, it worked.

There are lots of reasons why Wordpress might result in a HTTP 500 error. The takeaway lesson is that you should enable display_errors to get more clues. Remember to set it back after you have fixed the problem.

Batch service load threshold too low

In openSUSE Leap 42.2, the batch service doesn't start a job if the load average is above a threshold. This defaults to 0.8 in the source. This means that even if you have a multi-core multi-thread CPU which can handle the load, a job will not start until the CPU is fairly quiet.

Fortunately there is a command line setting to raise this threshold, see man 8 atd. What you have to do is

systemctl edit atd

and enter these lines:

[Service]
ExecStart=
ExecStart=/usr/sbin/atd -f -l 2

Then do

systemctl restart atd

A ps ax should show atd running with the new threshold. The first ExecStart resets the command line, and the second is the one that overrides the service that will be started by systemd. I have 4 cores so I chose 2. You might choose a different load threshold.

If you are running another distro that uses systemd, you should get the ExecStart command from the existing unit file, probably /usr/lib/systemd/system/atd.service and add the -l load to suit.

It would be nice if openSUSE could provide a setting for the threshold in /etc/sysconfig/atd in future.

Declaring the correct OS type to VMWare Player/Fusion matters

I built a pair of CentOS 6 VMs.

The first was constructed from an OVA file exported from VirtualBox. When it was booted, there was no network adapter detected. A little search showed that I had to add the line:

ethernet0.virtualDev = "e1000"

to the .vmx file. After that it worked.

The second was built from the installation DVD. I expected to have to edit the .vmx file again, but an e1000 network adapter was provisioned for the VM.

Looking at the two VMs the major difference was the first had an OS type of Other, while the second was declared as RHEL 6 (which CentOS 6 is equivalent to). This was probably because I had imported from an OVA file.

It seems that Player/Fusion is smart enough to provide a virtual e1000 adapter with the correct OS type declaration.

I expect that I will discover other aspects, such as the client tools, that will depend on this declaration when I continue with the configuration next week, so I will be fixing up the OS type of the first VM.

How to rerun @reboot crontab entries without a reboot

Vixie cron and its descendants have a feature where an entry with the special time specification @reboot in place of the first five date and time fields indicates a one-shot action to be run when the machine is first booted.

But how do you test such entries without actually having to reboot the machine? My thinking was that somewhere crond must note the information that it already has been run once at boot.

Indeed a quick search of the filesystem found the zero length file /var/run/cron.reboot used as a flag that @reboot jobs have already been done.

So, to rerun @reboot jobs:

rm -f /var/run/cron.reboot

followed by:

systemctl restart crond

for systemd systems or

/etc/init.d/crond restart

for SysVinit systems.

Configure Postfix to relay to Gmail with noanonymous

I am the only user on my home machine, so although I could configure my mail user agents, Thunderbird and alpine, to relay to Gmail directly, I preferred to set up Postfix as a relay.

There are many tutorials on how to do this, for example this one from Howtoforge so I will not go over familiar territory. However if you find that Gmail is giving you an authorization required error in your Postfix logs, you need this setting:

smtp_sasl_security_options = noanonymous

A lot of tutorials fail to mention this.

Also if you find in the logs that Postfix is attempting to connect to the IPv6 address of Gmail, and you don't have a IPv6 capable connection with your ISP, then you might want to set this:

inet_protocols = ipv4

You may not notice this without looking at the logs because Postfix retries with IPv4 after giving up on IPv6, so there will be a delay relaying the mail.