loc2log

Intel i7-10750H, i7-9750H are very potent CPUs but laptops with them tend to run on the hot side. Did Intel meant H for Hot? Of course you may need some time to cool off from gaming or rendering or whatever demanding tasks are. For casual web-browsing, watching Youtube videos, simple office works, you probably don't need all the computation power, nor all that noise and heat. In case of those H-series laptops switching Power mode to "Better battery life" unfortunately is not enough. The solution I found for myself is to addition to going with the "Better battery life" even on AC, is to reduce maximum processor frequency, let Windows park more cores, and stick to the Passive cooling policy. Reducing max frequency, also may reduce coil whine as a nice bonus :-)

Convertibles like Lenovo Yoga 940, HP Spectre x360 have Processor power management disabled by default. The reason is unknown to me, but necessary adjustments still work, and that's all that matter.

Here comes the usual disclaimer, that whatever you do with your computer is on your own risk, and I am not responsible for anything you get using instructions below. Please make sure you do have backup of your MS Windows registry, you will need it to revert your changes.

1. Make sure you are not running high performance mode in HP settings: In "HP Command Center" select "HP Recommended"

2. Make sure the Power mode is set to "Better battery life": On Windows taskbar click battery icon, select "Best battery life"

3. To enable Power profile adjustments for CPU just download and launch registry file - http://loc2log.ucoz.com/power_management.reg. It will enable parameters discussed below, but it will not set any values - that is totally up to you, how much performance to cut for sake of quietness and temps.

4. After the registry file execution, on in taskbar, right click on battery icon, select "Power options", "Create a power plan".

5. Put whatever you like in plan name, e.g. "Cool", click "Create".

6. On the newly created plan, click "Change plan settings", then "Change advanced plan settings".

7. Locate, "Processor power management" and tweak enabled parameters to your liking.

The following configuration pretty much eliminated heat and noise in my case on both HP Spectre x360 with i7-10750H and Lenovo Yoga c940 15.6" UHD (all for both, "On battery" and "Plugged in"). The Yoga was not as quiet as the Spectre though.

• Processor power management
  • Processor performance core parking min cores: 50%
  • Maximum processor frequency: 1600
  • System cooling policy: Passive

8. Click "Apply", give the computer some time to cool-off, then try some of your "non-demanding" tasks. Adjust parameters as necessary

9. Click "Ok" to keep the parameters.

Now you should be able to run cool and quiet with just switching to the newly created power profile: On the taskbar right click on battery and select your "Cool" profile. Enjoy the silence ;-)

 

So you've got a bigger and better card than an existing one in your Android 7.1.1 phone. You may have already copied files form your old card to the new one, but some apps are failing to find their files in the new card. The reason is that mount point for the new card is different from the old one so the actual path the app is different from what is expected by the app. The trick is, to change your new SD card's Volume Serial Number. Here is what I did to upgrade SD card in storage mode using MS Windows 8:

Prerequisite: Download VolumeId tool from VolumeId at MS KB. Unzip it.

Full procedure steps for Android 7.1.1 SD storage card

1. Take a note of existing path used by your apps. E.g. Fast Notepad -> Settings -> Storage location /storage/XXXX-XXXX/fastnote. Where XXXX-XXXX - some HEX value. e.g. 01FB-8899
2. Unmount ("Eject") the old SD card. Power off your phone and remove your old card.
3. Insert the old card to your MS Windows PC and copy all the data from old SD card to PC
4. Insert new SD card to the phone. Power on your phone
5. Format the new SD card using your Android phone
6. Unmount ("Eject") the new formatted SD card. Power off your phone and remove your new card from it.
7. Using volumeid tool change your new SD card's volume id to math of the old one.
   In MS Windows Command Line (cmd) cd to your unzipped VolumeID location. E.g. volumeid is unzipped to Downloads\VolumeID; and your new SD card is available on MS Windows as drive "E:":

   cd Downloads
   cd VolumeId
   C:\Users\MyUser\Downloads\VolumeId64 E: XXXX-XXXX
   
   VolumeId v2.1 - Set disk volume id
   Copyright (C) 1997-2016 Mark Russinovich
   Sysinternals - www.sysinternals.com
   
   Volume ID for drive e: updated to XXXX-XXXX

8. Copy all the backed-up data to the new card. Safely eject the new SD card from your PC
9. Insert the new card to your phone
10. Power on your phone. Mount the new card if necessary (my phone mounted it automatically).

Congratulations, your apps should see all their files now, as nothing happened :-)

tower-cli job_template list tower-cli job_template get -n -f yaml or tower-cli job_template get -n -f json

sudo awx-manage print_settings | grep '^DATABASES'

When I entered one of my server instances on DigitalOcean via ssh I was shocked to discover there were almost half-million unsuccessful login attempts. That was definitely a cracking attempt going on. And I must confess my setup was not the strongest. So here are the remedy options:

1. Just in case: Make sure you have non-ssh way of accessing your server console. DigitalOcean provides its own console to each Droplet. To get there: Click on your Droplet, Access, - big green button "Launch Console". Once you get to your box via non-ssh console (aka VNC), you are free to experiment because you do not depend on the ssh as your only life-line anymore.

   Now, from the VNC terminal, logged in as root, you may stop the sshd - an attacker won't be able to brute force a service which is not running.
   sudo service sshd stop - DO NOT DO THIS COMMAND UNLESS YOU HAVE NON-SSH ACCESS.

2. If you've got an attack on a particular user name, then disable password access for that user, make it auth-key only, and limit number of access attempts.

   Better yet, create a new user instead, with less trivial name for the future access, so it has less chance of being in attacker's dictionary.

   Edit sshd config as necessary /etc/ssh/sshd_config

3. To slow them down you may also throttle auth requests in the firewall, e.g. iptables.

   # sample configuration for iptables service
   # you can edit this manually or use system-config-firewall
   # please do not ask us to add additional ports/services to this default configuration
   *filter
   :INPUT ACCEPT [0:0]
   :FORWARD ACCEPT [0:0]
   :OUTPUT ACCEPT [0:0]
   -N SSHATTACK
   -A SSHATTACK -j DROP
   -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
   -A INPUT -p icmp -j ACCEPT
   -A INPUT -i lo -j ACCEPT
   -A INPUT -p tcp -m state --dport 80 --state NEW -m tcp -j ACCEPT
   -A INPUT -p tcp -m state --dport 22 --state NEW -m recent --set
   -A INPUT -p tcp -m state --dport 22 --state NEW -m recent --update --seconds 120 --hitcount 4 -j SSHATTACK
   -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
   -A INPUT -j REJECT --reject-with icmp-host-prohibited
   -A FORWARD -j REJECT --reject-with icmp-host-prohibited
   COMMIT
   

Useful links:

• http://serverfault.com/questions/275669/ssh-sshd-how-do-i-set-max-login-attempts
• http://serverfault.com/questions/470287/how-to-enable-iptables-instead-of-firewalld-services-on-rhel-7-and-fedora-18

I have CentOS 7.0 iso set used as CD/DVD in VMWare, and wanted to use the image as the source to install rpms to my VMWare instance. It appeared quite easy to do:

1. Even though the iso is used as the CD/DVD in the virtual machine and is "inserted", you still have to mount on the CentOS:
   sudo mount -t iso9660 /dev/sr0 /mnt
2. Now create a repo file in /etc/yum.repos.d/. E.g. sudo vi /etc/yum.repos.d/CentOS-Media.repo:
   

   [CentOS-Media]
   name=CentOS-Media
   baseurl=file:///mnt/
   enabled=1
   

3. You may have to clean all the caches to make sure the new repo is hooked up properly:
   sudo yum clean all

That is pretty much it, yum shall be able to pick up your "CD/DVD" iso just as the other repositories.

Recently I was debugging quite a convoluted bunch of daemons. That was an integration task with the goal to set proper permissions on temporary files used by them. I had to know what daemon is trying to access a certain file, and what user and group memberships are active for the daemon. There is a bunch of ways how to check what is accessing a file on Linux. The audit seemed to be the the most suitable one, as I did not know the exact timing for the access events.

Get things going I had to hook up a non-core repo on my CentOS 6.8 machine. Then to install audit with:

Then start the daemon:

Checked the audit daemon is actually running:

Added the monitored rule:

The -w parameter sets which file or dir to monitor. If a directory is given, then all files and sub-dirs are going to be monitored.

The -p parameter enforces what exactly to monitor. I threw it all: r - for read, a - for append, w - for write, x - for execute.

The output can be found in /var/log/audit.log

Interestingly enough, there were no access events for that file until cut access permission down to just execute and set ownership to root:root. The idea was to proveke access error, and I knew the file is going to be read or written. Then the auditd threw an event of interest, so I could see what process tried to access file and the daemon's UID and GID among other info.

Another method could have been using inotify command line utility, which comes with the incron package. Will try it some other time. And last, but not least, all that goodness is available from kernel 2.6 and up, you maybe out of luck if you are running an older kernel.