|
|
Sat, 15 Mar 2003 12:54:17 -0800
|
|
............... Normally, the kernel maintains an internal cache which maps IP addresses to hardware addresses on the local network, so that Ethernet/Token Ring/ etc. frames are sent to the proper address on the physical networking layer. For small networks having a few hundred directly connected hosts or less, keeping this address resolution (ARP) cache inside the kernel works well. However, maintaining an internal ARP cache does not work well for very large switched networks, and will use a lot of kernel memory if TCP/IP connections are made to many machines on the network. If you say Y here, the kernel's internal ARP cache will never grow to more than 256 entries (the oldest entries are expired in a LIFO manner) and communication will be attempted with the user space ARP daemon arpd. Arpd then answers the address resolution request either from its own cache or by asking the net. ............... |
Then you have to go fetch and install an ARP daemon. Under Debian that would be as simple as: apt-get -f install arpd
Out of Space and Other Errors
Fri, 11 Jul 2003 15:27:34 +0800
Kamal Syah b. Mohd Sharif (kamal from centurysoftware.com.my)
Answer by Jim Dennis and Dan Wilder
I'm having problems where I when I tried to view a file I got this error message:
E303: Unable to open swap file for "/tmp/ERRLOG", recovery impossible.
[Dan Wilder] How did you try to view the file?
[JimD] Sounds like a vi/vim error message --- it's trying to create a backup or recovery copy of the file.
I'm also having problems whereby I always got an error telling me that no space left on device ... but when I look at my filesystems there are actually lots of space available.
Regards
[Dan] What's the output from;
df
...look like? How about:
ls -ld /tmp
??
Please post the actual text of the error message, and tell us what you were doing when you encountered the error.
[JimD] Also check 'df -i' --- check the inode utilization. Basically it's possible for a filesystem to be completely out of inodes even when there's plenty of disk space available. That would happen on filesystems with a very large number of tiny files (USENet news spools, qmail-style maildir, and MH are examples of applications that generate these sort of things).
Other possible causes:
- Make sure the filesystem is mounted read-write (rw).
- Run fsck manually (boot into single user mode or from a BBC or other rescue medium)
Some filesystems are set to remount in read-only mode if the kernel (filesystem driver) detects errors while the system is up and running. Other tune2fs settings are: "panic" and "continue" there are also mount (/etc/fstab) options that relate to this "on-error" behavior.
Check to see if you have quotas enabled and if the user in question has them. Also check the reserved space settings reported by tune2fs since it's possible (though extremely unlikely) that someone set that up to reserve more than the usual 5%, and that configured it to reserve for some user or group other than root). Other filesystems may have alternatives to tune2fs (but tune2fs also works on ext3, of course).
filename.tar failing to untar
Fri, 18 Jul 2003 11:05:52 -0700
Steven (steven from poiema.org)
Answer by Faber Fedor
Hello
I've been searching high and low for any information that might help me restore from a backup tar file that is being difficult for some reason.
The file is just your basic tar file without any compression.
[Faber Fedor] Then that means the files that are in the tarball are 'simply' concatenated (with some header information in between).
Here is the command I'm typing:
tar xvf 2003-07-17.tar
And here is the last few lines from the result:
/DP/ /DP/PDEF.DP000000 /DP/PDEF.DP010000 /DP/RDEF.DP010000 tar: Skipping to next header tar: Error exit delayed from previous errors [root@lucia root]#
Here is the version of tar we are running:
tar (GNU tar) 1.13.25
The filesize of the backup file is consistant with the other files that have worked fine.
Does anyone know what options I have? Is there some way to look into the file to see what may be wrong?
Thanks so much in advance,
Steven
[Faber] You don't say if the files are binary or not. I assume so. Either way, you can use hexedit to view/edit the file, or maybe just vi/less to view (NOT edit) the file, then compare this file to one that worked.
Good luck!
LJWNN Tech Tips
Mon, 27 Jan 2003 15:41:22 -0800
LJWNN (Linux Journal Weekly News Notes)
Wireless but Wary - Print Safely
If your main home network is a wireless network, you don't want to wake up in the morning and find some joker has printed many pages of stuff to your networked printer. Put the printer on a wired, private network segment, and print to it with ssh.
To do this, install this script as lpr on your wirelessly connected laptop:
away from your e-mail. You can see who received your message with
vacation -l | cut -d ' ' -f 1 - > people_who_got_vacation_message
Spring Cleaning For Continuous Upgrades
If you have an easy-to-upgrade Linux system, you end up with a system that's been upgraded many times instead of backed up and reinstalled.
To get rid of all the unused libraries from your Debian system, try the deborphan utility: http://www.tribe.eu.org/deborphan
or, of course:
apt-get install deborphan
It finds all the libraries that no longer have anything depending on them.
To purge unused libraries, simply do this:
deborphan | sudo xargs apt-get -y --purge remove
Faster Web Service? Use that CPU
Want to make your web server faster without getting a faster connection? All common browsers will transparently download content with gzip compression, but your out-of-the-box Apache probably doesn't have mod_gzip installed and turned on. Get the source from: http://www.schroepl.net/projekte/mod_gzip
...and add the following lines to your httpd.conf to turn it on:
LoadModule gzip_module /usr/lib/apache/1.3/mod_gzip.so mod_gzip_on Yes mod_gzip_maximum_file_size 0 mod_gzip_keep_workfiles No mod_gzip_temp_dir /tmp mod_gzip_item_include mime ^text/.*
We don't use it for images, which are already compressed, but it compresses most of the HTML pages on one test server by 50 to 80 percent.
Cure Num Lock Madness
When you boot Linux, the kernel turns off Num Lock by default. This isn't a problem if, for you, the numeric keypad is the no-man's-land between the cursor keys and the mouse. But if you're an accountant, or setting up a system for an accountant, you probably don't want to turn it on every single time.
Here's the easy way, if you're using KDE. Go to K --> Preferences --> Peripherals --> Keyboard and select the Advanced tab. Select the radio button of your choice under NumLock on KDE startup and click OK.
If you only run KDE and want Num Lock on when you start a KDE session, you're done. Otherwise, read on.
To set Num Lock on in a virtual console, use:
setleds +num
If you choose to put this in a .bashrc file to set Num Lock when you log in, make it:
setleds +num &> /dev/null
...to suppress the error message you'll get if you try it in an xterm or over an SSH connection.
Finally, here's the way to hit this problem with a big hammer--make the numeric keypad always work as a numeric keypad in X, no matter what Num Lock says. This will make them never work as cursor keys, but you're fine with that because you have cursor keys, right? Create a file called .Xmodmap in your home directory, and insert these lines:
(from a Usenet post by Yvan Loranger: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=3BFD087F.2000300%40iquebec.com&rnum=3+)
Dramatis personae
dmarti: example user name
bilbo: your desktop system
frodo: host running sshd
linuxjournal.com: some web site
Port forwarding also is called tunneling, so I'll call the key "tunnel". cd to your .ssh directory and create the key:
dmarti@bilbo:~/.ssh$ ssh-keygen -t dsa -f tunnel Generating public/private dsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in tunnel. Your public key has been saved in tunnel.pub. The key fingerprint is: 77:b4:02:d9:32:c2:cc:18:58:c3:23:0a:13:46:a7:fa dmarti@capsicum
Now edit tunnel.pub and add the following options to the beginning of the line:
command="/bin/false",no-X11-forwarding,no-agent-forwarding,no-pty
That means this key is no longer any good for anything but port forwarding, because the only command it will run is /bin/false, and it won't forward X or agent commands.
sshd understands the options only when reading the key from authorized_keys, but if you put the options into the original .pub file, they'll stay with the key wherever it goes.
Now copy tunnel.pub to the end of your .ssh/authorized_keys at all the hosts to which you want to tunnel, and try it:
dmarti@bilbo:~$ ssh -i ~/.ssh/tunnel frodo Connection to zork.net closed.
No errors, nothing runs; that's what you want. If you get errors, you may have mangled the authorized_keys file on the server end; if you get a shell you need to check and fix the options.
Another possibility is that if you're running with ssh-agent and have the SSH_AUTH_SOCK environment variable set, you could be using a key provided by ssh-agent instead of the one on the command line. Put env -u in front of the command line to be sure not to use the agent.
Tunnel time! Let's use the long-suffering linuxjournal.com web server as a guinea pig and make a tunnel:
dmarti@bilbo:~$ ssh -i ~/.ssh/tunnel -N -L 8000:linuxjournal.com:80 frodo
To review that command line:
- -i ~/.ssh/tunnel to use our tunnel-only ssh key
- -N to not run a command (this is necessary, otherwise SSH will run only /bin/false and exit)
- -L 8000:linuxjournal.com:80 to forward local port 8000 to port 80 on linuxjournal.com.
- And finally, the hostname to which we're making the connection--it doesn't have to be the same as the host to which we're tunneling.
Snip those extra quotes with vim
It's always inconsiderate to quote more of someone's posting than you have to in a mailing list. Here's how to bind a key in Vim to delete any remaining quoted lines after the cursor:
map . j{!}grep -v ^\>^M}
...where . is whatever key you want to bind.
Train your anti-spam tools
If you want to train a Bayesian spam filter on your mail, don't delete non-spam mail that you're done with. Put it in a "non-spam trash" folder and let the filter train on it. Then, delete only the mail that's been used for training. Do the same thing with spam.
It's especially important to train your filter on mail that it misclassified the first time. Be sure to move spam from your index to your spam folder instead of merely deleting it.
To do the training, edit your crontab with crontab -e and add lines like this:
6 1 * * * /bin/mv -fv $HOME/Maildir/nonspam-trash/new/* $HOME/Maildir/nonspam-t rash/cur/ && /usr/local/bin/mboxtrain.py -d $HOME/.hammiedb -g $HOME/Maildir/no nspam-trash 6 1 * * * /bin/mv -fv $HOME/Maildir/spam/new/* $HOME/Maildir/spam/cur/ && /usr/ local/bin/mboxtrain.py -d $HOME/.hammiedb -s $HOME/Maildir/spam
Finally, you can remove mail in a trash mailbox that the Bayesian filter has already seen:
2 2 * * * grep -rl X-Spambayes-Trained $HOME/Maildir/nonspam-trash | xargs rm - v 2 2 * * * grep -rl X-Spambayes-Trained $HOME/Maildir/spam | xargs rm -v
Look for more information on Spambayes and the math behind spam filtering in the March issue of Linux Journal.
Who knows what time it really is?
It's easy to see what timeserver your Linux box is using with this command:
ntptrace localhost
But what would happen to the time on your system if that timeserver failed? Use
ntpq -p
to see a chart of all the timeservers with which your NTP daemon is communicating. An * indicates the timeserver you currently are using, and a + indicates a good fall-back connection. You should always have one *, and one or two + entries mean you have a backup timeserver as well.
Tell cd how to get there
In bash, you can make the cd command a little smarter by setting the CDPATH environment variable. If you cd to a directory, and there's no directory by that name in the current directory, bash will look for it under the directories in CDPATH. This is great if you have to deal with long directory names, such as those that tend to build up on production web sites. Now, instead of typing:
cd /var/www/sites/backhoe/docroot/support
...you can add this to your .bash_login:
export CDPATH="$CDPATH:/var/www/sites/support/backhoe/docroot"
...and type only:
cd support
This tip is based on the bash section of Rob Flickenger's Linux Server Hacks.
Make the most of Mozilla
In order to store persistent preferences in Mozilla, make a separate file called user.js in the same directory under .mozilla as where your prefs.js file lives.
You can make your web experience seem slower or faster by changing the value of the nglayout.initialpaint.delay preference. For example, to have Mozilla start rendering the page as soon as it receives any data, add this line to your user.js file:
user_pref("nglayout.initialpaint.delay", 0);
Depending on the speed of your network connection and the size of the page, this might make Mozilla seem faster.
To each their own - window features in Sawfish
If you use the Sawfish window manager, you can set window properties for each X program, such as whether it has a title bar, whether it is skipped when you Alt-Tab from window to window and whether it always appears maximized. You even can set the frame style to be different for windows from different hosts.
First, start the program whose window properties you want to customize. Then run the Sawfish configurator, sawfish-ui. In the Sawfish configurator, select Matched Windows and then the Add button.
Published in Issue 93 of Linux Gazette, August 2003