svn to git without history

#assumes existence of gituser which has to be added manually.
mkdir /opt/git/newrepo.git
cd /opt/git/newrepo.git
git --bare init
cd /opt/git
chown -R gituser.gituser newrepo.git
cd ~
mkdir svnrepo-export
cd svnrepo-export
svn export <path-to-svn-repo>
git init
git add .
git commit -m "initial commit"
git remote add origin gituser@localhost:/opt/git/newrepo.git
git push origin master
<move old real svn repo out of the way>
git clone gituser@localhost:/opt/git/newrepo.git <directory>

Perl to Python RSS Conversion

For quite some time, I’ve had my own personal homepage containing commonly used links, server status, subject lines of e-mails, and RSS news feeds.  Nothing exciting there.  The RSS feeds are retrieved by a program that runs every N minutes through cron and places the entries into a MySQL table.  Again, nothing exciting.  However, recently the Perl program that I’ve been using to retrieve the RSS has been consuming a bigger percentage of the available resources on the server.  More appropriately, the server on which the RSS retriever is hosted is more heavily utilized now thus when the RSS parser runs it became noticeable on the load average of server.

Of course, one way to solve it is to throw more hardware at it, like more CPU and RAM.  However, that would be too easy.  Instead I threw together a python program using feedparser just to see the difference in performance between the two for this purpose.  The results were surprising.  Python took about 2.8 seconds in real time and used significantly less system resources to do so.  Perl took ~11 seconds for the same feeds at roughly the same time.

I’m not writing this to be a knock against Perl; more likely the methods that I used to parse the RSS in Perl (and my general Perl programming skills?) are the issue.

Timings below.


real 0m2.868s
user 0m1.808s
sys 0m0.072s


real 0m11.016s
user 0m4.108s
sys 0m0.144s



Windows Password Expiration

When writing books I typically find myself needing to use Windows servers in various forms.  However, I don’t need the password to expire.  I always forget how to disable that, erm, feature.  So here it is.  Nothing groundbreaking here, just me writing it down so I can find it later.

For local password expiration:


Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy | Maximum Password Age

For domain password expiration:

Group Policy tab is missing in Active Directory Users and Computers (ADUC) so I went about it like this (there’s probably a different way):

Open “Group Policy Management” from the Tools menu in Windows Server 2012.

Click on Default Domain Policy within the domain that you’re working on.  Ignore the warning, if it comes up.  Click on the Settings tab.  Drill down through Policies -> Windows Settings -> Security Settings -> Account Policies/Password Policy.  Right-click Maximum password age.  This will open Group Policy Management Editor.

Within Group Policy Management Editor:  Policies -> Windows Settings -> Security Settings -> Account Policies -> Password Policy.


Possibly run gpupdate /force on clients.

Watch out that this doesn’t apply for domains:;EN-US;269236

The beauty of e-mail aliases and vanity domains

I use the domain as my own personal domain (as you can see by visiting this site).  I also use it for e-mail.  When providing an e-mail address through an online form, I typically create an e-mail alias for that site.  Doing so enables me to track if that site sells my e-mail address or, as happened the last couple weeks, starts sending out a ton of advertising.  Just today I deleted two e-mail aliases because the sites have become more aggressive when trying to solicit their wares.  I won’t bother to mention the sites or companies; they did nothing wrong other than start sending out multiple e-mails per week.

Could I have unsubscribed?  Sure, probably, maybe?  It’s not clear that I would’ve received less garbage from them though and doing so would’ve required more time than simply deleting the e-mail aliases.

Lesson learned for me (and you):  Use e-mail aliases liberally when signing up for services or filling out forms.

Lesson learned for companies:  Stop sending so much junk mail.  You may really, really think that what you’re offering is important and, if you send just one more e-mail, I might come back to your site.  But get some self-control.  Sending out an e-mail every now and again is fine.  Sending multiple e-mails in the same week over the course of a couple weeks is too much.

iOS 7: First Impressions

After getting through some unexpected activation issues last night I spent some time with iOS 7 today and this evening.  First impression:  If this is the UI that Jony Ive designed then he should be fired and be sent to a deserted monochrome island.  There is simply not enough contrast for, well, anything in the UI. The tiles blend together and the new fonts don’t do anything to help the situation.

Everything seems to blend together, there’s no texture or feel for any of the buttons or any of the UI within apps.  It’s not even clear which way to slide to unlock – the arrow/slider is missing (or at least I can’t see it).  What is clear is that Apple has taken minimalist somewhat too far.  If this is an evolution in minimalist then I expect the next iteration will just be a blank white screen where you poke at the UI with the hope that it will do something.

For now, I’ve reverted back to iOS 6.  I’m sincerely hoping that this early beta doesn’t capture the true iOS 7 look and feel or user experience.  I hope I can write an update to this post later saying how wonderful iOS 7 is (and some of the features appear to be nice).  But for now, the UI needs fixing.  Tempted to file a bug about the UI…

Windows Activation Problems

I do a fair amount of writing involving Microsoft products.  As such I’m constantly re-installing Windows into virtual machines.  One of the items that catches me off guard is Windows activation with multi-activation keys (MAK) from Technet.  Here’s my friendly reminder on what needs to be done in order to activate when Windows indicates there’s an activation problem:

slmgr.vbs /ipk <WINDOWS KEY HERE>

Windows activation will work after that command completes successfully.

Update: Raspberry Pi Firewall

The firewall built on Raspbian with a Raspberry Pi has been running for a couple weeks, rather flawlessly I might add.  I’ve ordered additional Pi’s (Pis?) from Adafruit.  I’ve had great luck with Adafruit; shipping is quite fast (same day!) and their tutorials are good too.

The overall layout of the firewall includes a Plugable USB-Ethernet USB2-E100 adapter, a Cisco/Linksys USB200M, and the native ethernet port on the Raspberry Pi.  Rather than tax the native USB ports on the Pi I hooked up a Plugable USB2-HUB-AG7 7-port USB hub.  I also added a Cable Matters Active HDMI/VGA adapter for console access.  The console still had a blink so I added the following to /boot/config.txt on the Pi:


Uncommenting those lines in the file removed the HDMI/VGA blink on the console and now all is well.

The total cost for the entire rig was a bit under $150.  While this is somewhat higher than I would’ve hoped, the savings will come from electricity usage (or lack thereof) with the Pi.  I hooked up a Kill-a-Watt to the entire rig (Ethernet adapters, Pi, HDMI/VGA adapter) and can predict that it will use between 4 and 4.5KwH per month.  The current KwH rate is about 12.5 cents, so it should cost less than 75 cents to run the firewall per month.  That’s much less than the server that it replaced.

Overall I’m happy with the performance of the Raspberry Pi thus far.  Next update will be for the Raspberry Pi phone server running asterisk.

Total Cost: $141.09

Raspberry Pi: $39.95

CY Raspberry Pi Case: $17.49

Power Adapter: $5.95

USB A to Micro B Cable: $3.95

USB2-E100: $13.95 (x2 if you don’t have a USB200M laying about) = $27.90

HDMI/VGA Adapter: $19.95

Power Adapter for HDMI/VGA Adapter: $5.95

Plugable 7 Port USB Hub: $19.95

Transcend 8GB Class 10 SDHC: $8.95



Raspberry Pi Firewall with iptables

I recently ordered a Raspberry Pi kit from Adafruit with the goal of making a motion detector.  However, after receiving it, I started to think about other uses for the board.  Specifically, I’d like to get asterisk with an external ATA to PSTN working (that’s a story for another day) and also get a firewall running on it.  Granted, this will end up being multiple Pis but for now it’s all more proof of concept.

The first challenge, which shouldn’t have been all that challenging, was getting a valid image onto the SDHC card.  From what I can tell (sha1sum/shasum), the images that I downloaded were corrupt, so no amount of me trying different methods of writing to the card were going to save me.

What I learned:

-Run shasum (Mac) or sha1sum (Linux) right away.  Don’t mess around until you know that the downloaded file is valid.

-Macs put some cruft like .DS_Store, etc, on the card even when writing with dd.   I ended up using ImageWriter in Ubuntu Linux to write the image.

-The USB console connector from Adafruit is worth its weight in gold.  It needs special drivers which is a bummer.  Tip:  Always unplug it from the USB end, even if you’ve unplugged it from the Pi.  I hard locked my Mac when I didn’t do that, though who knows if that was the true cause.

Once I got it to boot, the familiar Debian-based Raspbian operating system made life easy.  However, the next challenge was getting the network working correctly for the firewall.  I have what is apparently a complex setup, at least according to the lack of finding anyone else who does it.  My firewall has one ethernet connection to the Internet, one to the internal network and then one to a DMZ.  All three ethernet ports are connected to different networks.

To accomplish this I’m using two Cisco/Linksys USB200M’s that I had laying around and a Cables To Go powered USB hub.  eth0 is connected to the Internet, eth1 to internal network and eth2 to the DMZ.

What I found:

-The interfaces connected through the USB hub need to have static IPs set in /etc/network/interfaces.  allow-hotplug also seems to be helpful here.

-The lack of console access to the Pi in my server room made this more difficult.  I ordered an HDMI to DVI cable to I could get video for the the Pi into the KVM in the server room.

What I haven’t solved:

-On boot, the USB-based interfaces don’t seem to work at first.  I haven’t yet been able to figure this out but it seems like unplugging them, waiting a few seconds, and then plugging them back in wakes them up.  So far (a whopping 5 hours in) the interfaces haven’t died; if you’re reading this it was posted through the Pi-based firewall running iptables.


Debian Upgrade to Wheezy: MySQL & Dovecot Problems

Upgraded to Debian Wheezy last night.  Followed the official upgrade instructions.  Things went generally well and I’m amazed by how well major upgrades go with Debian.  Wheezy is the second major release for this particular server and it had an uptime of 476 days before today’s upgrade.

A couple problems were noted, specifically with the upgrade of the mysql server and dovecot.  Both seem to have breaking changes.  For MySQL, the breaking change is that in MySQL server 5.5 the master-host and other master-* options are no longer supported.  See the MySQL manual for more details.  I commented out the various replication-related options in /etc/mysql/my.cnf for now and will need to fix that quickly.

The other break-change on this computer was with dovecot.  Looks like all of the dovecot options are now split into multiple files in /etc/dovecot/conf.d with the traditional dovecot.conf now being a shell that refers to other files.  For this particular server I needed to change the path to the SSL certificates; now dovecot wants them in the /etc/dovecot hierarchy and I needed to change the mail_location to be Maildir rather than mbox (not sure why that was the new default now) and add mail_privileged_group of mail.  Dovecot’s working now.

Among the fun things that I’ve already discovered is that I can mount a Synology SMB share without “file exists” problems and airprint finally works for me (though we’ll see for how long).

Once I get comfortable with the stability of the new system I’ll begin migrating other, more mission-critical, servers.