Adventures in Red Hat Enterprise Linux, CentOS, Fedora, OpenBSD and other open source solutions.

Linux is so ...

Linux is so that ! By .
  1. Linux is so old that she was a waitress at the Last Supper! (by Robert de Bock)
  2. Linux is so stupid that she sold her car to get the tank filled! (by Henkie)
  3. Linux is so ugly that they push her face into dough to make gorilla cookies! (by Robert)
  4. Linux is so fat that she sat on the beach and Greenpeace threw her in! (by Robert de Bock)
  5. Linux is so poor that your family ate cereal with a fork to save milk! (by Robert de Bock)
  6. Linux is so fat that she has a small moon in orbit around her! (by me)
  7. Linux is so stupid that you have to dig for her IQ! (by Robert de Bock)
  8. Linux is so pretty that all people wants to look her tits! (by fab)
  9. Linux is so fat that I missed a whole season of "Lost" when she walked by the TV set! (by Robert de Bock)
  10. Linux is so connarde that chaque fois que toi lui dis connarde elle reponde : oui!! (by fab)

UNIX/Linux commands with the longest man pages

Here are some UNIX/Linux commands that have really long man pages.

By the way, technically you will find the biggest man page (in bytes) with this command:

$ find /usr/share/man/ -type f -ls | sort -k 7 -r -n | head -n 10

But things like gcc, g++, cc, c++, perltoc don't warm me up very well...

  • lsof My what a book this is! A great command; for example to find out what application uses port 53 (UDP): lsof -iUDP:53
  • tcpdump Wahoo, this manual is easier to understand as the lsof one, but still takes some time to understand. To find out what traffic is going over eth0 port 53 UDP: tcpdump -i eht0 udp dst port 53
  • ulimit quite impressive, ulimit -a will help you.
  • ksh What did you thing, a whole shell described! That takes some space. Difficult to read by the way.
  • sudoers And that surprises me; how difficult is a sudoers file? Exactly, not that difficult.

Manpages are absolutely required. Some software projects considder a missing man page a bug. They are quite right.

Ping is a crapy tool for testing

I see many colleagues using ping to test if a machine is up. Ping does not tell you if a machine is up, it send an ICMP echo request to a machine and might receive an ICMP echo reply.

Besides that, many people use ping to check the IP address of a machine. Use nslookup, or even better; use host. Those tools are designed to find out a the IP address of a hostname. (or the other way around.)

Here is why you should not use ping to test a machines availability.

  • Ping tests ICMP resonses, not application availability. Even if your machine is pingable, that does not say the application is running.
  • Many networks don't allow ICMP. Big chance your crappy ping test will not work.
  • Ping gives back timing information, it's not application response. Better write a test the opens a port, send some commands and closes it.
  • Ping is being used by Windows administrators alot. Show you are a real man and use proper tools!

Using PXEboot to install Linux in Parallels Desktop on Mac OS X

So, you bought Parallels and now want to test PXE booting. Tough luck as PXE is not supported by Parallels. There is a workaround, as described here. You can also use this guide when your network card does not support PXE booting, but you require it anyhow. Using etherboot, rom-o-matic, SYSLINUX and a few "generic" components, like DHCP, TFTP, and so on, you'll be up and running in an hour or so.

Here is the ingredients for a receipt to reinstall or boot a machine that does not have PXE support:

  1. A DHCP server. You will have to reconfigure it a bit, so that the client will have a "next-server" where it can find a "filename" to boot.
  2. A TFTP server. This server will provide the files "pxelinux.cfg/default", "pxelinux.0", "vmlinux" and "initrd.img".
  3. An HTTP server. When using kickstart, all files ("ks.cfg" and all RPMS) are provided over HTTP. This section is not described in detail here.

Let's put all ingredients into a working solution!

  1. Setup the DHCP server. I hope you already have a DHCP server somewhere, otherwise, install one, it shouldn't be extremely difficult. I have just one (very simple) DHCP server running, the configuration looks like this:
    shared-network LOCAL-NET {
            option  domain-name "";
            option  domain-name-servers;

            filename "pxelinux.0";

            subnet netmask {
                    option routers;


    The only things that are special, is the "next-server" and "filename". This tells the client, that when it wants to boot, it should get "pxelinux.0" from over tftp from machine We'll put that pxelinux.0 in place later.
  2. Setup the TFTP server. I have an OpenBSD machine that functions as a TFTP server. Setting it up was very ease:
    1. open /etc/inetd.conf, uncomment the tftp-line(s)
    2. run "mkdir /tftpboot"
    3. Run "pkill -HUP inetd"

    If you have another system running, you might need to install a tftp-server first, and then configure it accordingly.

  3. Filling the /tftpboot area. The components that need to be in /tftpboot:
    1. pxelinux.0 Get it from the SYSLINUX Project. You can find a directory "core" in the tar.gz file, that's where you need to be.
    2. pxelinux.cfg/default Create one, the contents will need to be something like this:
      label linux
              kernel vmlinuz
              append initrd=initrd.img ks=
    3. vmlinuz and initrd.img You will find this one on your Linux distribution CDs, first CD, directory "images/pxeboot"
  4. Create a bootable CD/floppy/grub or lilo image. This is the actual replacement of your PXE network card. The image is very small, only half a megabyte or so. Got to the rom-o-matic website, select etherboot. Now choose your network card, for Parallels use "ns8390:rtl8029". Then choose the image to create, I used a "ISO bootable image without legacy floppy emulation (.iso)". Click "Get ROM". Now tell parallels to boot a CD, connect the downloaded .iso file and start the virtual machine.

If you would like to upgrade an existing Linux system using PXE, but your network card does not support PXE, follow the same steps, but download the "LILO/GRUB/SYSLINUX loadable kernel format (.zlilo)" and refer to if from /etc/grub.conf like this:

root (hd0,0)
kernel /etherboot.zlilo

The 3 most important "kill" signals on the Linux/UNIX command line

Most Linux or UNIX users know that there is a kill(1) command to stop processes, but what are the options, what do they mean?

These options are called signals, which can be expressed in either numbers or words. Some known once are "-1" or "-HUP". Also well known is "-9" (aka "-KILL")

  • -1 or -HUP - This argument makes kill send the "Hang Up" signal to processes. This probably originates from the modem/dial-in era. Processes have to be programmed to actually listen to this process and do something with it. Most daemons are programmed to re-read their configuration when they receive such a signal. Anyway; this is very likely the safest kill signal there is, it should not obstruct anything.
  • -2 or -SIGINT - This is the same as starting some program and pressing CTRL+C during execution. Most programs will stop, you could lose data.
  • -9 or -KILL - The kernel will let go of the process without informing the process of it. An unclean kill like this could result in data loss. This is the "hardest", "roughest" and most unsafe kill signal available, and should only be used to stop something that seems unstoppable.
  • -15 or -TERM - Tell the process to stop whatever it's doing, and end itself. When you don't specify any signal, this signal is used. It should be fairly safe to perform, but better start with a "-1" or "-HUP".

To figure out how a program should respond to kill signals, check the man(1) page of the process you are trying to kill. For example the process init(8) has a man-page that explains:

Has the same effect as telinit q.
Q or q tell init to re-examine the /etc/inittab file.

By the way, there are many signals:

:) [[email protected] ~]$ kill -l

Free access to every internet page from Iran (or any other regulated location)

Imagine you would want to surf the web and be able to visit any page you would like to visit, but your government or company policy does not allow you to. N.B. These access limitation policies are in place for a reason, be sure to not threaten security of you company/government.

You can get access to any page on the internet using these steps.

Webpage showing internet access is not allowed.Requirements:

  • A Windows, Linux or Mac OS X workstation with limited access to the internet.
  • Ability to access an ssh server that can access a proxy server outside of the restricted area.
  • Ability to change the proxy setting in your workstations browser.

1. Get a free SSH account outside of the regulated area.

Not difficult, try to get an account at some location expected to have unrestricted access to the internet. There could be ssh servers that don't allow you to setup tunnels, avoid them, they don't work for this article.

2. Setup a tunnel from your PC, via that free SSH server to a proxy outside of the regulated area.

Windows users - Download Putty. It has a capability to create tunnel.

  1. Open Putty. We are going to make a new profile, so be sure to save it.
  2. Fill in the "Host name (or IP address)". This is the machine your are connecting to.
  3. Click "Connection" - "SSH" - "Tunnels".
  4. The source port is the entry of the tunnel, for example you could use "8080" or "8888".
  5. The destination is where the tunnel is sent to. This should be a proxy server outside of the regulated area. To find these (freely available) proxies when you don't have one, download this proxy.pac file and select a proxy. The format is "machinename:portnumber". An example could be: "". The list of freely available proxy server changes all the time, better try to get a (paid) proxy server that is stable.
  6. Click "Add". Be sure to save this session, so you don't have to type this all again.
  7. Click "Open" to start the connection and the tunnel.

You now have a tunnel setup from localhost:8080, via the ssh-server, to the proxy server.

Linux - (Open-) SSH is most likely installed on your system already, just put this configuration into your homedirectories .ssh/config.

LocalForward 8080

Now start the connection and the tunnel by typing:
$ ssh

Mac OS X - Same as Linux, so read the steps above.

3. Make your browser use that tunnel.

Open the preferences of your browser. You need to tell it to use a proxy, but this proxy is actually the entrance to your tunnel, so http://localhost:8080 This varies from browser to browser, so find these steps out yourself.

You should now be able to surf the internet freely through that tunnel and through that proxyserver.


  • Check to see if the ssh server can actually reach the proxy. "$ telnet 8080" on the ssh server will verify this.
  • Check to see if a port is locally listening. "$ netstat -rn | grep 8080" should show a line that tells you the tunnel is running from your machine. Works on Mac OS X and Linux, for Windows your will have to search through the list yourself, "netstat -rn" does work.
  • Use "$ ssh -v sshserver" on Linux and Mac OS X. This shows more details of what is going on.

Managing your freelance organization

I am a freelance UNIX/Linux Consultant and enjoy it alot. When I started it was quite challenging to organize all the extra things that are required when you run a small business.

Here are the tools/resources/tricks I use:

  • Directly store all receipts. If you temporarily store these papers in a basket, you will loose chronological data and the general overview. I order them in a couple of tabs: receipts, bank-account-overviews, invoices, contracts and everything else
  • Get an accountant. You will need to send you directly stored receipts to him once in a while. I check the receipts once more before sending it. That takes about 30 minutes each 3 months.
  • Insure yourself. Find a man-in-the-middle to help you a bit. It takes a couple of hours to setup, from then on just pay the bills.
  • logo for freshbooks.comMake invoices using Freshbooks. This tool is great! It lets you add customers, products (like "consultancy") and lets your track time for different projects. By the end of the month, select "create invoice based on hours" and your's done. It even send a physical letter to your customer. Believe me, Microsoft Excel is not better.
  • Use Google Apps as your online office. This (free) tools has everything; email, documents, calendar, etc! All for free unless you want to store more than a couple of gigabytes.
  • Get yourself a website to promote yourself. Just like a business card, but then digital and more extensive. Drupal has helped me keeping my website up and running.

I try to solve everything online. It help you access information from wherever you are, plus you can't loose all the information.

Using your OpenSSH private key in Putty

When you are working with private (and public) keys generated by OpenSSH, you will have files called id_dsa and These files can't be used in Putty directly. Instead they need to be converted to something else using PuTTYgen, also available from the Putty page. To do this, follow these simple steps. Lets assume you already have Putty installed on your Windows machine.

  1. Download PuTTYgen.
  2. Load your key, mine is called id_dsa. Enter your passphrase.
  3. Save the private key, I saved mine as id_dsa.ppk.

Your original private key (id_dsa) is now converted and saved as a putty private key. (id_dsa.ppk) There are now two things you might want to do, using it directly, or using it with an agent.

Using the converted key directly in Putty

This is the simplest, but requires you to type your passphrase each time you are connecting to a machine.

  1. Start Putty.
  2. Go to Connections - SSH - Auth to Browse for the newly generated key. (id_dsa.ppk)
  3. Optionally save this session and Open the connection.

Using the converted key in Pagent

You might want to use an SSH Agent like Pagent to store your key over multiple sessions. This will make your life easier when you connect to multipple machines. In order to do so:

  1. Download Pagent.
  2. Start the agent by double clicking it.
  3. Double click the terminal-with-hat icon in the right bottom taskbar area.
  4. Add Key. Enter your passphrase just once for this whole session.
  5. Close the Pagent, it will remain active in the taskbar.

One final note; on the machines you are connecting to, you don't need to change/convert any keys, simply use the public key ( as generate by OpenSSH in ~/.ssh/authorized_keys.

Using grep to grep for processes

Most administrators have seen this problem; you do a ps -ef | grep ssh and find your ssh commands, and your grep. Grep basically found itself in the process list.

Until now, I used this (ugly) trick: ps -ef | grep ssh | grep -v grep. Not very beautiful, but it works.

Now Jacek Artymiak told my this little, more efficient trick:

$ ps -ef | grep [s]sh

This "[s]" thing means a range, starting at "s" and ending at "s". (Effectively: no range, just "s".) The shell interprets the argument "[s]sh" and replaces it with "ssh".

What a great piece of magic, thank you Jacek!

Regenerating your (lost) public SSH key (

There is actually no real reason to protect your public SSH key; the more people "steal" your public key, the more machines you could login to.

But, for some unknown (likely stupid/invalid) reason I discovered that my public key was not installed on my laptop. OpenSSH has options to regenerate this public key using the -y switch. From the man-page:

    -y      This option will read a private OpenSSH format file and print an
            OpenSSH public key to stdout.

Okay, so run ssh-keygen -t dsa -y > ~/.ssh/ to safe the output generated in a file called

Now distribute this file to all machine you want to login to, add it to the authorized_keys file. You don't need to re-distribute the key to all machines that had your "old" public key.

Here is a website with loads of useful SSH tips

Syndicate content