Howard's questions

To tail a file over ssh, I can use

ssh  -t remotebox "tail -f /var/log/remote.log"

However, it is possible to sync the tail with a local file? So a file automatically mirror the update of the tail command?

I want to log a multiline message into the system logger via the commabnd

echo -e "foo\nbar" | logger

But it appear as 2 logs.

Is it possible to log as a single log?

I usually config my ubuntu via

sudo locale-gen --purge en_US.UTF-8

And I've the installed locales

# locale -a
C
C.UTF-8
en_US.utf8
POSIX

Is it okay since I am missing en_US?

We've setup a L2TP VPN server with this tutorial, everything works like a charm.

The only issue is

1. We don't want client to route all traffic using this VPN, only a particular subnet, e.g. 10.0.0.0/20

2. On Mac, we need to set the route manually using command, but for mobile devices, seems there is no way to do so?

So, it is possible to configure for the client automatically for the subnet "10.0.0.0/20"?

We want to check the number of active connections without the module HttpStubStatusModule being installed.

What would be the equivalent Linux command?

As a base line, we test on a machine with HttpStubStatusModule installed first, e.g.

Active connections: 6146 <-- from HttpStubStatusModule

# netstat -an | grep :80 | wc -l
1266

# netstat -an | grep :443 | wc -l
25082

It seems to me that none of the above netstat give me the correct figure.

Any idea?

According to this post, it was said that if I am using PHP/Nginx, for better security, I should either

cgi.fix_pathinfo = 0

or

if ( $fastcgi_script_name ~ \..*\/.*php ) {
  return 403;
}

In other tutorial it recommend the style of

fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;

Are they contradictive to each others? Any security recommendation?

Thanks.

In one of my KVM guest, when I typed the following command, I get the following

/sbin/lsmod | grep vi
virtio_balloon          3692  0 

So does it mean I am using virtio?

Update:

When I type

cat "/boot/config-`uname -r`" | grep -i vir

I can see

CONFIG_PARAVIRT_GUEST=y
CONFIG_PARAVIRT=y
CONFIG_PARAVIRT_SPINLOCKS=y
CONFIG_PARAVIRT_CLOCK=y
# CONFIG_PARAVIRT_DEBUG is not set
CONFIG_VIRT_TO_BUS=y
CONFIG_NET_9P_VIRTIO=m
CONFIG_VIRTIO_BLK=y
CONFIG_VIRTIO_NET=y
CONFIG_VIRTIO_CONSOLE=m
CONFIG_HW_RANDOM_VIRTIO=m
CONFIG_REGULATOR_VIRTUAL_CONSUMER=m
# CONFIG_FB_VIRTUAL is not set
CONFIG_SND_VIRMIDI=m
CONFIG_SND_VIRTUOSO=m
# CONFIG_DEBUG_VIRTUAL is not set
CONFIG_VIRTUALIZATION=y
CONFIG_VIRTIO=y
CONFIG_VIRTIO_RING=y
CONFIG_VIRTIO_PCI=y
CONFIG_VIRTIO_BALLOON=m

So sound like I am using virtio already?

I am using Godaddy cert, normally I would concat the cert and make into a chained cert

cat www.example.com.crt sf_bundle.crt > chained.cert

And in my nginx.conf,

ssl_certificate chained.cert

In the browser I see the chain as below:

www.example.com
  Starfield Secure Certification Authority
    Starfield Technologies Inc.

That is fine, everything is working.

Today, I read a blog post form CloudFlare [1], it said:

The lowest hanging fruit in terms of reducing 
the size of these certificates was to remove the 
root certificates from the certificate bundle. 
There's no reason to include these since they should already be 
present in browsers and, even if they're not, the browser won't trust them.

So, does it mean I can remove the Starfield Technologies Inc. without affecting the validaity of my SSL cert and I can have a better performance?

[1] http://blog.cloudflare.com/what-we-just-did-to-make-ssl-even-faster

There is only one network interface in EC2 instance, and in the CloudWatch metric, I can only see "Max Network In" and "Max Network Out".

As you know external traffic is billed (actually only outbound), is it possible to check my out bound traffic so I can easily compute the cost?

In nginx I can use set to define a variable, but is it possible to define a default?

e.g.

set $foo bar if $foo is not defined

I see from many place the follow command is used to check if a process exists, e.g.

killall -0 nginx

But from the documentation I can't see anything related to this argument, can anyone explain?

From the doc , it said

"For best performance, the majority of your active set should fit in RAM."

So for example, my db.stats() give me

{
"db" : "mydb",
"collections" : 16,
"objects" : 21452,
"avgObjSize" : 768.0516501957859,
"dataSize" : 16476244,
"storageSize" : 25385984,
"numExtents" : 43,
"indexes" : 70,
"indexSize" : 15450112,
"fileSize" : 469762048,
"ok" : 1
}

Which value is the working set size?

1. The pem file is generated by AWS console
2. I was able to connect using the EC2 remote web interface, using the same pem file
3. The permission of pem is 600 already

Error..

ssh -i ~/test.pem -v [email protected]

debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/john/test.pem
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/john/test.pem':

Anyone can help?

I have the following lines in my recipe

service "apache" do
  action :stop
end

# Do something..

service "apache" do
  action :start
end

I found that the 2nd block is not executed. Any reason?

No matter how I test using different value of Accept-Encoding, it always returned as gzip.

curl -I -H  'Accept-Encoding: gzip' http://www.example.com
Content-Encoding: gzip


curl -I -H  'Accept-Encoding: deflate' http://www.example.com
Content-Encoding: gzip

So how to force deflate?

When use sudo -i I will simulate login as root, and current working directory will be jumped to /root.

Is it possible not to jump and keep the working directory unchanged?

What is the difference between commands sudo -i and sudo su -?

Are they the same?

I am using AWS Elastic Beanstalk, it is easy to start with deploying Java based web app, which is great.

However, I want to install Memcached on every instance locally so they can be used for caching, but seems it validated the principle of Elastic Beanstalk?

Is it possible to deploy memcached locally and automatically, together with Elastic Beanstalk's auto scale feature?

(I know I can use Elastic Cache but want to save some money but still take the advantage of auto scaling)

Thanks.

1. Does Optimize include repair table or vice versa internally?
2. Is it possible to execute repair table only if found corrupt, any tools can support this?

(I am using MyISAM table engine)

Some clients in the subnet has cached the IP with old MAC address, I want them to update the new value by doing a ARP broadcast, is it possible in Linux?