Jane Doe on The Gnu Pit

Linux Mint Freezing

Sun, 15 Feb 2026 19:26:42 -0600

I recently installed Linux Mint 22.3 Zena on a brand new ASUS ROG Strix G815LP laptop. The installation went smoothly, or so I thought. Booted up after the install and everything was working, even bluetooth connecting to my Airpods Pro 3 after changing to ControllerMode = bredrin /etc/bluetooth/main.conf.

About an hour into customizing the settings and adding some software, the system freezes. The keyboard, usb wireless mouse and touchpad were unresponsive. The only thing to do was a hard reset. I checked all the logs and reports. Nothing.

Deleting files from Dropdox

Mon, 18 Aug 2025 14:25:17 -0500

Dropbox, if you pay for it, will keep deleted files for 30 days. Since a lot of my clients use Dropbox, I do, too. It just makes life easier when dealing with the clients. I use it to keep files synced between Linux Mint and Windows on my dual-boot laptop. I’ve never had to recover a deleted file before.

I recently did a reorganization of my Dropbox folders when I was using Linux Mint. I moved some folders around, renamed a few, and deleted about 16,000 old files. When I next booted to Windows, for some reason, Dropbox decided that, rather than deleting/rearranging the files to reflect what my Linux Mint Dropbox had, it wanted to merge everything from Windows and Linux Mint. All of the deleted files were now back and some of the folders were duplicated in two different places. For example, I had a MyMusic folder with all my music in it. I renamed it Music and now Dropbox has put both Music and MyMusic on my Windows drive.

Dynamic DNS script to update Linode.com domain records

Sat, 16 Aug 2025 10:44:37 -0500

My Macbook pro died and I decided a get a shiny new Windows laptop that I could convert to a Linux laptop. I partitioned the disk and created a dual boot with Linux Mint and Windows. Linux Mint installled like a champ and has been running happily ever since. I don’t think I have booted to Windows but twice in the last year.

Moving to a new OS did mean that I needed to rewrite some of the scripts I use on a regular basis. One of the scripts updates DNS records at Linode with my current IPv4 and IPv6 WAN addresses and is run as a cron job. It’s a bash script I first wrote about in this entry. The updated script can be found in this gist.

RIP LinuxChix

Wed, 13 Aug 2025 19:12:15 -0500

It’s a sad, sad day. An online institution, LinuxChix, has shuttered its mailing lists and websites. In its heyday, LinuxChix had over 2500 mailing list members on a variety of mailing lists, from programming to newchix for newbies to linux, I asked a lot of questions on their lists and always got great, considered and considerate answers. Small wonder since the rules for membership were simple - be helpful, be polite. It was a safe space to display my ignorance. I will forever be grateful for it.

Upgrading to Debian 13 Trixie

Tue, 12 Aug 2025 07:12:15 -0500

Ah, the trials and tribulations of upgrading Debian 12 Bookworm to Debian 13 Trixie! I learned a valuable lesson this weekend with the update - always read the apt listchanges email. Always.

The upgrade itself went smoothly with no errors during the packages upgrading/installing. I run three main services on my server - nginx, exim, and dovecot. On reboot, all three had issues with the upgraded packages.

nginx

I received the following error in my nginx error.log:

Hugo .Site.Params.Author

Sun, 10 Aug 2025 07:12:15 -0500

I dusted off the site and was going to write about my experience updating Debian 12 Bookworm to Debian 13 Trixie on two servers. I use Hugo with the Mainroad theme and I hadn’t updated the site in quite a while. I updated Hugo to the latest stable version and tried to rebuild the site to include the new content. I ran into an error.

The error was:

Site.Author was deprecated in Hugo v0.124.0 and subsequently removed.
Implement taxonomy 'author' or use .Site.Params.Author instead.

I grepped the files in the theme and found .Site.Author in two files - author.html and authorbox.html. I replaced all the instances of “.Site.Author” with “.Site.Params.Author”. I also changed the “Site.Params.Author.avatar” to “Site.Params.Author.image”. Authorbox was now activated but nothing was displaying. So I looked at a couple of other newer themes to see what parameter names in config.toml needed to be changed. The “[Author]” section I renamed to [Params.author]" and changed “avatar” to “image”.

Atom Uninstall

Tue, 28 Aug 2018 07:12:15 -0500

No, the Atom text editor does not have an uninstaller. On Mac OS X, to completely uninstall, remove the following files and directories:

~/.atom
/usr/local/bin/atom (NB only present if command line tools installed)
/usr/local/bin/apm (NB only present if command line tools installed)
/Applications/Atom.app
~/Library/Application Support/com.apple.sharedfilelist/com.apple.LSSharedFileList.ApplicationRecentDocuments/com.github.atom.sfl
~/Library/Preferences/com.github.atom.plist
~/Library/Application Support/com.github.atom.ShipIt
~/Library/Application Support/Atom
~/Library/Caches/com.github.atom.ShipIt/
~/Library/Saved Application State/com.github.atom.savedState
~/Library/Logs/Atom/
~/Library/Preferences/com.github.atom.helper.plist
~/Library/Preferences/com.github.atom.LSSharedFileList.plist
~/Library/Preferences/ByHost/com.github.atom.ShipIt.<letters/numbers>.plist
~/Library/Saved Application State/com.github.atom.savedState
```text
*NB:* The `<letter/numbers>` in the file name located in `~/Library/Preferences/ByHost` appear to be a unique string per machine.

*NB:* Some of these files/directories may not be present. Older installations are likely to have all of them. Some of them aren't on my system with a new Atom install.

**DO NOT, UNDER ANY CIRCUMSTANCES, COPY AND PASTE THE CODE ABOVE INTO THE TERMINAL WITH `rm`.** The code contains spaces and cannot be used on the command line without escaping the spaces.

Thoughts on the Atom Editor

Mon, 27 Aug 2018 14:54:03 -0500

I installed the Atom text editor quite a while ago and didn’t have much time to play around with it. Last week a friend of mine brought it up in conversation. She was extolling its virtues. I decided now would be a good time to try it out. I was moving a site to Hugo and it has a plugin for Hugo syntax.

So I fired it up and, my word, a decade later an editor window opened. What took it so long to open? I poked around a bit and noticed that I had installed a bunch of packages when I first downloaded it. So I disabled the vast majority of them, then restarted. A minor improvement. Disabled the rest. Restarted. Another minor improvement. Then I disabled some core packages for languages I wouldn’t use. No help for the incredibly slow start time.

Deprecated nf_conntrack automatic helper assignment

Thu, 21 Dec 2017 22:26:24 -0500

For quite a while, I’ve been getting the “nf_conntrack: automatic helper assignment is deprecated and it will be removed soon” warning at boot. So I can’t say I was too surprised when I started getting “kernel: nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.”

Back in January/February 2017 there was a post on the Linux-Kernel mailing list submitting a patch to print out the warning so firewall admins would at least have notice. As best as I can tell from reading a ton of stuff, the warning is logged if a packet which would have otherwise traversed your firewall didn’t because there was no helper available. More information can be found at Secure use of iptables and connection tracking helpers.

Nginx, OCSP stapling, booting, systemd and Debian 9

Sun, 10 Dec 2017 18:26:24 -0500

Noticed these lines in journalctl when nginx didn’t start after a reboot:

Dec 10 17:43:30 mail1 nginx[3485]: nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "ocsp.int-x3.letsencrypt.org" in the certificate "/etc/letsencrypt/live/www.example.com/fullchain.pem"
Dec 10 17:43:30 mail1 nginx[3485]: nginx: [emerg] bind() to [<IPv6 address>]:80 failed (99: Cannot assign requested address)
Dec 10 17:43:30 mail1 nginx[3485]: nginx: configuration file /etc/nginx/nginx.conf test failed
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Control process exited, code=exited status=1
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Unit entered failed state.
Dec 10 17:43:30 mail1 systemd[1]: nginx.service: Failed with result 'exit-code'.
Dec 10 17:52:35 mail1 systemd[1]: nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument

Hmmm…

Script: Update Linode DNS Records with WAN IPs (Dynamic DNS)

Mon, 27 Nov 2017 10:30:24 -0500

Either of these scripts will grab both the IPv4 and IPv6 (if any) addresses assigned to any WAN I’m behind, and, using Linode’s DNS API, will update my DNS records with same and log changes/errors using logger. In effect, it’s a homemade Dynamic DNS updater. Linode’s developing a new API so that’s why two versions exist.

Download from Bitbucket

To use the script, you need:

A Linode API key (for version 3 of Linode’s DNS API) or Personal Access Token (for version 4 of Linode’s DNS API),
the domain ID, and
the resource (called record in v4) IDs of the DNS records you want to update.

The IDs don’t change, whether you’re using version 3 or version 4.

Drush cron's not so quiet --quiet flag

Thu, 09 Nov 2017 18:26:24 -0500

I use drush to execute cron on my Drupal sites. After upgrading drush from version 5 to version 8, I started receiving empty emails from cron each time drush was executed. Checked my cron entries and everything looked fine. Researched a whole bunch on the Internet. Couldn’t find much of anything about empty emails related to drush so I redirected the output to a log. Sure enough, even with the –quiet option, drush cron still outputs a blank line. Why? I’ve no clue.

One-Liners

Fri, 19 May 2017 18:26:24 -0500

Handy One-Liners

This page is a collection of random one-liners I’ve used and wanted to keep track of.

list contents of all crontabs

for user in $(cut -f1 -d: /etc/passwd); do crontab -u $user -l; done

Let's Encypt SSL Certificates with Exim, Dovecot & NGINX

Fri, 19 May 2017 14:32:24 -0500

I ran into two issues when setting up Let’s Encrypt SSL certificates on two of my servers - permission issues for Exim and the certbot cron job supplied by the package doesn’t handle the renew very well for nginx, exim or dovecot.

Resolving Exim’s Permission Problems

1. Create a new group. I named it sslcerts. Add the exim user to that group. If you’re not using Debian, adjust the user in the command below.

Boot issue with systemd and NGINX

Mon, 08 May 2017 21:11:24 -0500

I ran into a problem with NGINX failing to start on boot/reboot on my Debian 8 (Jessie) server. After reviewing what seemed like a hundred sites to try to find a fix, I stumbled across one solution that worked, but was incredibly inelegant. This was to add:

RestartSec=30s
Restart=on-failure

to nginx.service in the [Service] section using the override.conf. It worked but didn’t fix the underlying problem.

A quick look using journalctl -u nginx showed that the service was failing because the IPv6 address hadn’t been assigned to the network adaptor yet. This caused nginx to fail because it couldn’t bind to the IPv6 port. Here are the log lines:

Script: Assemble NGINX Configuration Files

Fri, 12 Sep 2014 19:19:24 -0500

merge-ngx-conf.pl is a perl script used to assemble a set of nginx configuration files for one site. It has a number of options. See the bitbucket page or the help documentation in the script itself.

In its simplest form, it’s called by issuing this command:

merge-ngx-conf.pl /path/sites-available/filename

The output is an assembled nginx configuration file with all the includes inserted. Using nginx.conf and domain.conf (or just domain.conf depending on the options selected), the script iterates through the include directives in the files and inserts the text from the referenced file. The script handles wildcard masks and follows include directives down multiple levels (i.e. nested levels). It will also follow referenced files in directories external to the nginx configuration directory.

Script: Parse Mail Headers

Wed, 07 Nov 2012 19:51:24 -0500

Here’s a perl script I put together that uses Email::Simple to extract the headers from a message. See link below.

I’m using it to examine spam. It parses all the headers, with a focus on the Received headers. It should be easy to alter it to examine any header you want. As it is currently written, it:

finds all the Received headers
finds the first Received header that was added to the mail (presumably the header added by the first MTA that received it)
extracts the IP from that header
does an rDNS lookup
if there’s a hostname, it looks up the nameservers for the base domain.

By “base domain” I mean that if the rDNS returns a hostname like “1234.my.example.domain.com”, the base domain would be “domain.com”.

Possible Android Botnet and Yahoo! Mail

Mon, 09 Jul 2012 21:43:24 -0500

I’ve read a number of articles over the past few days about the possible Android botnet and Yahoo! mail. No consensus yet but that’s not necessary to stop the spam at the server level, at least in my case. Of the spam I received so far, these characteristics stand out:

Only one of my mail accounts is receiving the spam. It’s not an account that usually receives spam. My long-time mail addresses that seem to have made it to most of the spam lists don’t get this spam. Makes me wonder where they picked up this address from.

Fighting Spam and Malicious Attacks

Mon, 09 Jul 2012 18:26:24 -0500

Geez.

I’m feeling somewhat frustrated in dealing with an ISP that has a clearly compromised IP. I’ve been getting dictionary attacks on my mailserver for the past four days from the same IP. It’s assigned to a domain name. So I did what I normally do at first - let CSF (ConfigServer Security & Firewall - a fantastic free piece of software) handle it. The IP gets blocked for an hour. Usually, that’s all it takes for the attacker to go away and generally not come back. Not in this case. Four days into it, I decide to do an IP lookup and find out who it belongs to. So I find out the website URL and head over to it to see if I can find any contact information. I find a webmaster address, compose my e-mail telling them to check their server, that it’s probably compromised and that I’m blocking the IP permanently in my firewall. E-mail bounces - unknown address. So then I go to the contact form, fill that out and press send - page not found. Find another address and send an e-mail off to that address. Success. Notice that the web site doesn’t seem to have been updated since 2008 so I decide to do a whois and find out who the isp is. Send a message to the NOC. They send a message back and say report it to abuse. I forward my message to abuse and get the standard reply that you seem to get from abuse addresses - Sorry, but we get so much mail at abuse@whoever that we can’t respond personally to each one. If you’re writing about spam…blah, blah, blah.

Virtual Memory Overcommit Explained

Sat, 16 Jun 2012 13:21:24 -0500

Ran across these posts today on virtual memory overcommit in linux. Interesting reading and I learned quite a few things.

Thanks to Chris Siebenmann for helping me to understand things a bit better.

Originally published 2012-06-16

nginx core module: worker_rlimit_nofile

Sat, 16 Jun 2012 00:54:24 -0500

Configuration file: nginx.conf
Block: main
Value type: number
Default: none - system determined (see notes section below)
What it does: sets the value for the maximum file descriptors
 that can be opened by a single worker process
Example: worker_rlimit_nofile 1024;

NOTES:

When any program opens a file, the operating system (OS) returns a file descriptor (FD) that corresponds to that file. The program will refer to that FD in order to process the file. The limit for the maximum FDs on the server is usually set by the OS. To determine what the FD limits are on your server use the commands ‘ulimit -Hn’ and ‘ulimit -Sn’ which will give you the per user hard and soft file limits. To determine the maximum number of FDs available, use the command ‘sysctl fs.file-max’ or ‘cat /proc/sys/fs/file-max’.

Legitimate Companies Who Market by E-Mail - Food For Thought

Fri, 15 Jun 2012 18:26:24 -0500

I’ve just gone through a boatload of “pseudo”-spam. Pseudo-spam is what I call legitimate e-mail that, when using a vanilla installation of Spamassassin, is marked as spam solely through the e-mail creator’s carelessness, thoughtlessness, whatever adjective you want to use (I refrained from using stupidity although I desperately wanted to). This morning, 25% of the number of e-mails that were classified as spam were actually legitimate. After analyzing the Spamassassin rules that were triggered, many rules were needlessly fired. Had the creator taken the time to format the html properly, many of the rules wouldn’t have been triggered.

HTML Email

Fri, 15 Jun 2012 11:52:24 -0500

I loathe HTML email for many reasons. Privacy and security are two. A Google search for “html email security” returned about 328,000,000 results and “html email privacy” returned about 2,010,000,000 results. That’s billions, folks.

For me, it’s one of those “just because you can doesn’t mean you should” things. I just analyzed a corpus of 4267 messages, a mixture of personal and marketing, looking for image references. One message contained 343 references to images. Seriously? I have less images of my wedding, one of the most important events of my life. The size of the message, without the images downloaded - 188K. I don’t have the time to download all the images and come up with a true size.