A False Sense of Security

Creating self signed certs is straight forward:

umask 277

openssl genrsa 1024 > host.key

openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert

cat host.cert host.key > host.pem


You then import the generated cert in a client; e.g. with php/curl, the incantation is:

curl_setopt($ch, CURLOPT_CAINFO, '.../ssl/host.pem');

Et Voilà! we have a 'secure' communication path between client and server...

The hunt for AFK's

qcheck(1) is the key to looking for inconsistencies between what portage installed and a live system: qcheck -aTC

or with nice colour: qcheck -aT

Filtering out python, ... etc false positives (AFK appears to be qcheck code for missing files):

#!/bin/sh
DATE=`date +%Y%m%d`
OUT=${DATE}.log

qcheck -aTC >$OUT 2>&1

filter='/usr/lib/python2.4|/usr/lib/gimp/2.0/python|\
/usr/share/javatoolkit/pym|\/usr/kde/3.5/share/doc|\
/usr/share/icons/hicolor|/usr/share/webapps/phpmyadmin'

grep AFK $OUT | egrep -v $filter | sort >${DATE}-afk.log
grep MD5-DIGEST $OUT | egrep -v $filter | sort >${DATE}-md5.log

Slowly going faster

An old/slow gentoo box:

/etc/conf.d/rc:svcmount="yes"

sticks the service deps into a tmpfs

Filesystem   Size  Used Avail Use% Mounted on
svcdir       2.0M  188K  1.9M  10% /var/lib/init.d

Any speedup isn't noticable, but its one step closer to running root fs out of a pseudo-SSD
(pcmcia memory card adapter + old SD card).  Going ro is painful from quick glance.

Anyway usage rises to 344k on a reasonably well configured box, so 2MB is fine.

tmpfs is a real gain for emerges with an fstab including:

shm  /dev/shm  tmpfs  noatime,size=4G,nr_inodes=200k  0 0

and linking /var/tmp to /dev/shm - 4GB is comfortable for building openoffice.