The tempdb database often won’t just shrink when you ask it to, through SSMS or otherwise. Apparently, Sql Server holds on to it for its cache entries.
To shrink the table anyway (and have the cache reload), this should do:
DBCC FREEPROCCACHE
DBCC FREESYSTEMCACHE ('ALL')
DBCC SHRINKDATABASE ('tempdb', 0)
Enjoy 🙂
This happened on a few machines I am responsible for, after the upgrade to Windows 10.
You click “Start”, type “updates”, it suggests “Check for Updates” in the “Settings” app, you click <enter> and it opens an empty settings window with no search results. Great.
After looking around for a while, I stumbled over the fix, detailed by winaero.com and rchived here.
In short:
Hooray! Search works.
W: [pulseaudio] authkey.c: Failed to open cookie file '/home/user/.config/pulse/cookie': No such file or directory W: [pulseaudio] authkey.c: Failed to load authorization key '/home/user/.config/pulse/cookie': No such file or directory
I had this problem on an embedded box, with no X11, or even a screen. Turns out that at least some versions of Debian have an issue where not all programs agree on where the cookie file should be stored. Doing ls -la in my home directory revealed I had a ~/.pulse-cookie file, but I didn’t, as the warning message stated, have a ~/.config/pulse/cookie file.
I made this warning go away by symlinking where one program was looking for the cookie to where the cookie actually was.
mkdir -p ~/.config/pulse cd ~/.config/pulse ln -s ../../.pulse-cookie cookie
..and Bob’s your uncle. No more warnings.
So, you need the private key for a certificate on Windows, for some innocent snooping around with Wireshark, but someone marked it as not exportable. Now what?
Cue Gentil Kiwi and his tool Mimikatz.
The following commands will extract the certificates from the local store:
crypto::capi crypto::certificates /systemstore=CERT_SYSTEM_STORE_LOCAL_MACHINE /export
The password for the pfx files is “mimikatz” (no quotes).
To convert a pfx to a pem file, you can do something like this:
openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_nicecert.pfx -out cert.pem -nodes
If it’s for use in Wireshark, you also need to add -nocerts:
openssl pkcs12 -in CERT_SYSTEM_STORE_LOCAL_MACHINE_nicecert.pfx -out cert.pem -nodes -nocerts
Just rebuild the font cache:
# fc-cache -f
You’re welcome 🙂
Here are some of the things I did to make Kali Linux 2016.1 suit my taste, mostly intended as a note to myself, but posted here in case it helps anyone else.
apt-get -y install \ dconf-editor \ gnome-power-manager \ autossh \ vim \ screen \ iotop \ iftop \ virtualbox \ torbrowser-launcher \ aptitude
Edit /etc/gdm3/daemon.conf
AutomaticLoginEnable = true AutomaticLogin = root
Edit /etc/default/smartmontools
start_smartd=yes
Note: shutdown option missing as of 2016-05-16
gsettings range org.gnome.settings-daemon.plugins.power power-button-action gsettings set org.gnome.settings-daemon.plugins.power power-button-action 'shutdown'
For separate partitions, use the existing guide for Debian.
For swap files in encrypted filesystems, do this:
dd if=/dev/zero of=/.swap bs=1G count=16 chmod 600 /.swap mkswap /.swap swapon /.swap echo "/.swap none swap sw 0 0" >>/etc/fstab
gsettings set org.gnome.desktop.session idle-delay 0
apt-get -y install qemu-kvm virt-manager systemctl enable libvirtd.service
I now use the default environment, but it’s here in case anyone finds it interesting anyway
apt-cache search kali-desktop apt-get -y install kali-desktop-xfce update-alternatives --config x-window-manager update-alternatives --config x-session-manager
I have my taskbar set to “Use small taskbar buttons” and “Never combine”, probably as much out of habit as anything else. This means that when I pin programs to the taskbar, opening one of them, suddenly making it display a title for one or more windows, will push any pinned programs to its right further towards the right edge of the screen. In turn, this means that my pinned programs are almost never where I expect to find them, and I have to look around. Annoying.
The classic “Quick Launch” solved this by only displaying a launch shortcut, and never turning into the actual taskbar entry for the program it launched. Thus they all stay neatly in place next to the start button.
Like this:
Not like this:
Well, Windows 10 can do this too, though it is slightly harder to enable than on previous editions of the operating system.
In short:
A more detailed description can be found here. I archived a copy here.
I have to admit this is cargo cult SQL to me, but here’s how to find running queries, sorted by their total elapsed time:
SELECT [sqltext].[TEXT], [req].[session_id], [req].[status], [req].[command], [req].[cpu_time], [req].[total_elapsed_time] FROM [sys].[dm_exec_requests] [req] CROSS APPLY [sys].[dm_exec_sql_text](sql_handle) AS sqltext ORDER BY [req].[total_elapsed_time] DESC
To kill a given query, use:
kill <session_id>
..without the brackets <>, where session_id is the corresponding column output from the query above
If you want to kill all long running queries in a single go, try something like this:
DECLARE @cmd varchar(8000) = ''; SELECT @cmd = @cmd + 'kill ' + CONVERT(varchar(5), req.session_id) + ';' FROM sys.dm_exec_requests req CROSS APPLY sys.dm_exec_sql_text(sql_handle) AS sqltext where req.total_elapsed_time > 15000 SELECT @cmd; EXEC(@cmd);
Adjust the ‘15000’ (milliseconds) timeout to a reasonable time for your application.
You’re welcome.
In the bronze age, messages came in, signed bob@lamuella.com, and you’d simply have to assume they were from the Almighty Bob. Today, email is still technically in the iron age, but at least we have SPF.
In a nutshell, when lamuella.com enables SPF for their domain, they can be sure that other people, which mail servers check those records, will not receive spam mail with forged senders @lamuella.com. This also means email that passes this sort of check can be rated as slightly less spammy in automated spam filters.
To further elaborate on that, here’s what SPF is, does, it not and does not:
That said, SPF is easy to enable on Postfix, and I strongly urge you to do so if you haven’t already.
I found this handy guide, for Ubuntu, but it works just as well on Debian, and I archived it here in case the link is dead at the time you read this.
pfSense, as of 2016-03-01, does not support OpenConnect out of the box. However, it’s in the FreeBSD repository, and relatively easy to add:
# pkg # pkg update -f # pkg install openconnect # rehash
You can now play around with the openconnect command and test your connection.
Next step: Autostart, and adding the tun interface to the pfSense GUI. The GUI will, by default, ignore any interface named “tun*”, while openconnect will refuse to work with any interface not named “tun*”. Brilliant. The easiest workaround for this special case seems to be renaming the VPN interface after creation.
I made a script that automates checking if the connection is up, and (re-)starting it if it is not.
Replace the options in the “settings” section with appropriate values for your setup, and you should be good to go.
The “test” field should be a command that returns 0 when the connection is up, and anything else when it’s broken. I used netcat’s port testing feature on the remote desktop port of a server I needed to be able to connect to, but you can just as easily use things like ping with a limited count or similar.
#!/bin/sh
# settings
user="vpnuser"
pass="P4ssw0rd"
host="vpn.server.here.com"
test="nc -v -w 10 -z 172.16.0.4 3389"
tmpif="tun69"
iface="ocvpnc1"
pidfile="/tmp/${iface}.pid"
script="/usr/local/sbin/vpnc-script"
# env
openconnect="/usr/local/sbin/openconnect"
ifconfig="/sbin/ifconfig"
# func
ifkill()
{
$ifconfig "$1" down 2>/dev/null || :
$ifconfig "$1" destroy 2>/dev/null || :
}
# check if we're already running
if [ -n "$test" ] && $test; then
echo "Connection is already up"
exit 0
fi
# clean up previous instance, if any
if [ -e "$pidfile" ]; then
read pid <"$pidfile"
echo "Killing previous pid: $pid"
kill -TERM "$pid"
rm "$pidfile"
fi
ifkill "$tmpif"
ifkill "$iface"
# open vpn connection
echo "$pass" |\
$openconnect \
--background \
--pid-file="$pidfile" \
--interface="$tmpif" \
--user="$user" \
--passwd-on-stdin \
--script="$script" \
"$host"
# rename the interface
if [ "$iface" != "$tmpif" ]; then
echo "Renaming $tmpif to $iface"
$ifconfig "$tmpif" name "$iface"
fi
Next, use crontab -e and add an entry to run the script regularly.
*/5 * * * * /root/openconnect-vpn >/dev/null 2>&1
Again, replace the path and timing with your own preferred values.
With the connection established, you can now go ahead and add the interface in the “assignment” tab of the GUI and set up appropriate rules for it.
CAUTION: Adding an interface that’s not available at boot time to the GUI will cause pfSense to think something is wrong on subsequent reboots and ask you to configure interfaces. I am not currently aware of a workaround for this, other than to not add the interface, controlling rules directly from the script instead. Please use the workaround below to avoid this issue, and make sure to verify that it works before leaving a pfSense box at a remote site unattended.
The following workaround was offered by “DJC” in the comments section: