Add timestamps to the Bash history

I have to admit that I use my bash history as my personal journal. Of course it will never replace a ‘proper’ documentation, but it is still pretty useful since I can easily find all commands that are relevant for a particular system. Especially regardings some maintenance that you only need to do once in a while it is hard for me to remember the correct syntax without consulting the manuals or some other external documentation.

Theres one drawback though: By default, the bash history helps you finding the command itself, but not when it was issued for the last time. A quick modification in the bash profile resolves this issue.

Read More “Add timestamps to the Bash history”

Ubuntu 22.04: Packages have been kept back

A while ago, I updated my remaining Ubuntu 20.04 VMs to 22.04.

The upgrade process itself finished without any issues, but things started to fall apart when regular packages rolled in after a couple of days: Suddenly, apt started to complain about packages that have been kept back during the upgrade process. Seeing some seemingly broken packages on a clean system without any third-party repositories is quite unusual.

The following packages have been kept back:
fwupd grub-efi-amd64 grub-efi-amd64-bin grub-efi-amd64-signed libfwupd2 libfwupdplugin5 php8.1-cli php8.1-common php8.1-gd php8.1-mbstring php8.1-mysql php8.1-opcache php8.1-readline php8.1-xml qemu-guest-agent snapd tzdata
0 upgraded, 0 newly installed, 0 to remove and 17 not upgraded.
Read More “Ubuntu 22.04: Packages have been kept back”

Gentoo: freetype, harfbuzz and circular dependencies

Somtimes, building the freetype library failes due to circular dependencies between the harfbuzz and the freetype libraries depending on the set USE flags. This can be solved by the following order of installation:

USE="-harfbuzz" emerge -1 media-libs/freetype
emerge -1 media-libs/harfbuzz
emerge -1 media-libs/freetype

Future updates should work without any further issues though.

Immersive slowness or why I added artificial loading times for Myst to ScummVM

Ever since I discovered the Myst series back in 2005, I’m in love with it. To me, the Myst series feels like an immersive trip to another world – it is truly something different compared to your average point-and-click adventure game. Needless to say that especially the first entries in the series – the original Myst and its successor Riven – are truly remarkable games.

In my opinion, the immersion these games provide is partially created due to technical limitations. The original Myst was released in 1993 on this incredible new format called ‘CD-ROM’, allowing for a whopping 650 Megabytes of storage.

Read More “Immersive slowness or why I added artificial loading times for Myst to ScummVM”

rsync: Modify file ownership during transfers

A couple of weeks ago, I had to merge two seperate Linux systems into a single one. Obviously, I had to keep and migrate all the home directories as well. Therefore, I added all missing users on the ‘target system’ and simply restored the home directories from a backup (which was way easier due to my configuration). Since there were no recent changes, I could simply ignore the ‘gap’ of a couple of hours between the last backup run and the current time.

The problem: Since the primary purpose of the backup is to allow a full restore of the system, it is being created with the --numeric-ids parameter. This lead to a mismatch of the file permissions on the ‘target system’ since I didn’t match the user and group IDs beforehand.

Read More “rsync: Modify file ownership during transfers”

WordPress: Limit article and page revisions

Each time you edit a page or a post and store the current draft, WordPress saves the current state as an additional revision. Those revisions allow returning to a previous version of your posts, e.g. in case you made a mistake while editing.

The number of revisions stored this way is not limited by default. Especially on larger pages or blog posts with frequent changes this leads to unnecessary growth of the WordPress database. Since I never used the revisions on my own, I was looking for a way to at least limit the number of revisions created while writing new articles.

Read More “WordPress: Limit article and page revisions”

Using qemu-guest-agent as interface between VMs and Proxmox host systems

Since virtual machines created with KVM/QEMU are not simple containers but quite isolated from the hosts environment, QEMU offers a companion service called qemu-guest-agent for Linux guests. qemu-guest-agent acts as an interface between the VMs and the host system.

Some features like passing ACPI information for a clean guest shutdown are pretty well-known. However, did you know that you can even send commands to your VMs directly from your Proxmox host system?

Proxmox Virtual Environment uses KVM/QEMU as virtualization technology. Since calling the qemu-guest-agent interface is not very intuitive by itself, Proxmox provides the qm guest command which acts like a bridge between the host system and the VMs.

Read More “Using qemu-guest-agent as interface between VMs and Proxmox host systems”

Apache2: Restrict access based on file extensions

The following ruleset in Apache 2.4’s vHost or server configuration allows us to only grant access to some specific file extensions. All files not covered by the following rule are not accessible via the web server:

# Restrict access to allowed file extensions
<FilesMatch ".+\.(?!(php|css|js|png|jpg|jpeg)$)[^\.]+?$">
        Require all denied

In this case, we only allow the extensions .php, .css, .js, .png, .jpg and .jpeg. This rule first prevents access to all file types. Then, it explicitly allows access to some files by excluding them from the general rule.

Since these rules will also work in an .htaccess file, full access to the server configuration is not required.

Proxmox: Throttled backups for better performance

On a Proxmox node managed by myself, I’m relying on Proxmox’s integrated backup function as part of my backup concept. Since the server is mostly used for storage purposes, it’s equipped with ‘traditional’ HDDs instead of SSDs.

The VMs are running on a RAID10 on ZFS, the backups are stored on a seperate RAID1 on the same machine. In the beginning this worked very well, but with an increasing load on the Proxmox node due to a growing number of VMs, I ran into more and more problems caused by high I/O load.

Read More “Proxmox: Throttled backups for better performance”

Disaster recovery using the GitHub Events API

Last sunday, an unknown individual compromised the libretro project. First, the attacker hijacked and wiped the project’s buildbot server. After gaining access to the server, he took over a GitHub account of a highly ranked member of the libretro team. Using this account, the attacker destroyed multiple repositories managed by the libretro organization by force-pushing a blank initial commit into each affected repository.

Such attacks are not exactly uncommon and happened multiple times before. At first glance, force-pushing an empty commit into a repository means that any data stored in this repository is lost.

Read More “Disaster recovery using the GitHub Events API”