firewalld and network interfaces

I have to say, firewalld and firewalld-cmd really sucks. But, since it's the default on a bunch of installations I use, and I try to "drink the koolaid", I've had the misfortune to try to set it up. Now, it mostly works, except when it doesn't, and then it really fails hard. Case in point, I wanted to reassign some network interfaces to a different zone, and naïvely thought that e.g. this would work:

$ sudo firewall-cmd --permanent --zone=public --remove-interface=eth2
$ sudo firewall-cmd --permanent --zone=internal --add-interface=eth2


Yeah, not so much ... What does instead work is adding lines like this to /etc/sysconfig/network-scripts/ifcfg-eth2:




tmux and SSH agents

I use tmux a fair amount, together with iterm2's support for control channels, it's amazing. However, when restoring sessions, and you rely on SSH agents, it can sometimes get wonky. The issue being that the shell sessions under the tmux session loses the agent connectivity. So I wrote this little shell script, which I run as part of logging in and starting (or restoring) a tmux session:

rm -f $MY_AGENT
tmux has-session > /dev/null 2>&1
if [ 0 -eq $? ]; then
    exec tmux -CC attach
    exec tmux -CC


It might not be perfect, I'm sure it could be automated better in some ways. But with this, naming the script "mux", I simply just run this command every time I want to connect to my tmux session. It'll figure out if it should attach to an existing session, or create a new one as well.


International characters on OSX

NOTE: this is collected from some sites I can no longer find, so I can not take credit for this.


Longtime Mac users know that you can type characters with diacritical marks— for example, â, é, ì, ü, and ñ—by first typing the diacritic (which usually requires the use of the Option key) and then typing the letter. For example, to get ä, you press Option-U (to get the umlaut, or diaeresis) and then press A.

If you can’t remember all those key combos, you could use Mac OS X’s Keyboard Viewer to figure out which ones do what. But it can be a hassle to summon and then hide the Keyboard Viewer whenever you want a special character. Or you could try PopChar X (4.0/5.0;, the utility that lets you choose special characters from a drop-down menu; however, it’s probably overkill for most users.

An easier way is built right into Snow Leopard (Mac OS X 10.6). Launch System Preferences, open the Language & Text pane, and then open the Input Sources tab. In the list of input methods on the left, scroll down and enable U.S. International – PC. To make it easier to switch to this input method, choose Show Input Menu In Menu Bar.

That done, when you want to insert a character with a diacritic, choose U.S. International – PC from the Input menu on the menu bar and then create the character by typing a standard punctuation character followed by the letter:

  • To Get an Acute Accent (´) Type ’ (apostrophe) plus the letter; for example, ’e gives you é.
  • To Get an Accent Grave (`) Type ’ (accent grave, or backtick) plus the letter; for example, ’o gives you ò.
  • To Get an Umlaut, or a diaeresis (¨) Type "(quotation mark) plus the letter; for example, "u gives you ü.
  • To Get a Caret (ˆ) Type ^ plus the letter; for example, ^a gives you â.
  • To Get a Tilde (˜) Type ~ plus the letter; for example, ~n gives you ñ.

To type a stand-alone diacritic followed by a vowel without creating a character with a diacritic on top of it, follow the diacritic with a space; that will disable the automatic replacement.



Seting up sudo access with PAM and ssh-agent

For Fedora, first install the following package:

$ sudo yum install pam_ssh_agent_auth

Then edit /ets/sudoers, and add the following line:

Defaults    env_keep += "SSH_AUTH_SOCK"
Defaults    timestamp_timeout  = 0  # Not necessary, but turns off caching

Finally, edit /etc/pam.d/sudo, and add something like this (this should be adjusted to your preferences):

auth       sufficient file=~/.ssh/authorized_keys


Compiling nghttp2 on OSX with HomeBrew

I was going to compile nghttp2 on my MBP, using homebrew, but ran into issues right off the bat. In particular, the XML2 and zlib installations were causing me grief, and I had to do some brew shenanigans to get it to work:

$ brew tap homebrew/dupes
$ brew install homebrew/dupes/zlib
$ brew link --force zlib
$ brew install libxml2
$ brew link --force xml2

After this, build worked as expected:

$ autoreconf -if
$ ./configure --prefix=/opt/local # or some such
$ make && sudo make install


Adding spacers to the OSX Dock

This is a nifty little hack, to make the Dock have some spacers in it. Mine looks like

To do this, run the following commands inside a terminal, one for each spacer you want added to the Dock:

% defaults write persistent-apps -array-add '{"tile-type"="spacer-tile";}'

Now, these only become visible and, more importantly, movable after you restart the Dock. E.g.

% killall Dock


Recovering software RAID boot drive

My main file server uses software RAID, primarily RAID1 (mirroring), for both data and boot disk. I started having problems with one of the boot mirror's lately, and smartctl -t clearly shows failures. I was a little worried about pulling it out, since it also was the first disk (sea/hd0) that was failing. I followed the following steps to assure that it kept booting from the surviving mirror:

$ sudo grub

# root (hd0,0)
# setup (hd0)
# root (hd1,0)
# setup (hd1)


This of course assumes that your first two disks are the boot disks, in my case, /dev/sda and /dev/sdb. Also, the boot disk is the first partition, of course (/dev/sda1 and /dev/sdb2). Note that I did not edit anything in grub.config, once the bad disk is removed, the surviving mirror will be hd0, and it should boot just like this. Once you've replaced the bad disk, and installed a replacement, update the partition table, and then re-add the partitions normally. E.g.

$ sudo mdadm --manage /dev/md0 --add /dev/sdb1
$ sudo mdadm --manage /dev/md1 --add /dev/sdb2
$ sudo mdadm --manage /dev/md2 --add /dev/sdb3


I take no responsibilities for failures here, for some additional details also see



Subscribe to RSS