Apache, PHP 7, FPM & Let’s Encrypt TLS certificates on Debian Stretch

This WP blog is running on a small server accompanied by teamobsession.at, the freerunning & parcour team from my brother. The reasoning for WordPress is Divi, which let’s not-so-experienced users build awesome websites, including family members.

Lately I’ve seen many OOM killer messages which sacrificed the MariaDB in most cases. I investigated over the past months, collecting logs, performance metrics and so on.


Apache, PHP and FPM

At some point, MariaDB tuning wasn’t helpful for memory optimizations. Since this box evolved from Debian Wheezy to Jessie to Stretch, I realized that it may be just Apache and PHP, freed mind after a relaxed vacation. I’m not a friend of limiting connections or debugging the mpm_prefork module (great explanation though in this blog post).

a2query -m mpm_prefork

vim /etc/apache2/mods-enabled/mpm_prefork.conf

Recent times with Icinga Web 2 have shown how easy, fast and reliable PHP FPM works. The PHP module is not directly loaded into Apache’s memory and then forked into child processes. Instead, the Apache processes forward the requests via socket to the FPM daemon which just executes given tasks. More tuning tips in this blog post.

While I figured that my box still runs the EOL PHP5 versions (a good indicator for bad performance or leaks), I did the upgrade in two ways:

  • Go for PHP 7 (
  • Go for PHP FPM

WP needs the mbstring & xml PHP modules as otherwise xmlrpc with Jetpack Publicize breaks, Debug: “https://jetpack.com/support/debug/?url=https://www.legendiary.at”.

Debian makes this upgrade super easy with just a couple of CLI commands enabling this globally. “a2enmod” was btw the inspiration for “icinga2 feature enable” 😉

apt-get update
apt-get install php php-mysql php-mbstring php-xml

apt-get install php-fpm

a2enmod proxy_fcgi setenvif
a2enconf php7.0-fpm
systemctl restart apache2

In order to test this, put a test php file somewhere

vim /var/www/html/p.php

<?php echo phpinfo(); ?>

Open it in the browser to check the “Server API” string. Next, delete it immediately as it exposes internal data which are a security risk these days.

rm /var/www/html/p.php 


TLS with Let’s Encrypt

I’m following the Let’s Encrypt evolution closely but always put it back on the TODO list. Modern times prove us right to only use TLS, and so does Google with marking non-https connections as insecure. Recently I’ve learned that the Let’s Encrypt chain is fully trusted by all major root programs, so you don’t need to provide the full CA chain in your web server’s TLS certificate configuration anymore.

Follow these instructions for Debian Stretch, and enable the backports repository first. Hint: I don’t like polluting the sources.list with custom stuff, I just put the configuration into sources.list.d. Then just install the certbot package.

cat >/etc/apt/sources.list.d/backports.list <<EOF
deb http://ftp.debian.org/debian stretch-backports main

apt-get update
apt-get install python-certbot-apache -t stretch-backports

Run the certbot CLI command and provide the request information. I’m just using the default and enforce HTTPS connections.

certbot --authenticator webroot --installer apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): michael.friedrich@...

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
(A)gree/(C)ancel: a

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
(Y)es/(N)o: n

Which names would you like to activate HTTPS for?
1: legendiary.at
2: web.legendiary.at
3: www.legendiary.at
4: teamobsession.at
5: www.teamobsession.at
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 3 4 5
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for legendiary.at
http-01 challenge for www.legendiary.at
http-01 challenge for teamobsession.at
http-01 challenge for www.teamobsession.at
Input the webroot for legendiary.at: (Enter 'c' to cancel): /var/www/www.legendiary.at/htdocs

Select the webroot for www.legendiary.at:
1: Enter a new webroot
2: /var/www/www.legendiary.at/htdocs
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Input the webroot for www.legendiary.at: (Enter 'c' to cancel): /var/www/www.legendiary.at/htdocs

Select the webroot for teamobsession.at:
1: Enter a new webroot
2: /var/www/www.legendiary.at/htdocs
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Input the webroot for teamobsession.at: (Enter 'c' to cancel): /var/www/www.teamobsession.at/htdocs

Select the webroot for www.teamobsession.at:
1: Enter a new webroot
2: /var/www/www.teamobsession.at/htdocs
3: /var/www/www.legendiary.at/htdocs
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 2
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/www.legendiary.at-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/www.legendiary.at-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/www.legendiary.at-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/www.legendiary.at-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/www.teamobsession.at-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/www.teamobsession.at-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/www.teamobsession.at-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/www.teamobsession.at-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/www.legendiary.at.conf to ssl vhost in /etc/apache2/sites-available/www.legendiary.at-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/www.teamobsession.at.conf to ssl vhost in /etc/apache2/sites-available/www.teamobsession.at-le-ssl.conf

Congratulations! You have successfully enabled https://legendiary.at,
https://www.legendiary.at, https://teamobsession.at, and https://www.teamobsession.at

You should test your configuration at:

- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2018-11-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

The certbot command also automatically installs certificate renewal, so nothing to worry about. One of the domains is not automatically detected, so I needed a small adjustment to fully support the CNAME from www.freerunningacademy.at.

certbot run -d www.teamobsession.at -d teamobsession.at -d www.freerunningacademy.at -d www.legendiary.at -d legendiary.at

Voilà 🙂


Since I am using the Google Drive backup for 4+ years now, I’ve just extended its script to include “/etc/letsencrypt” and “/etc/apache2”. Backups are important 🙂


Future Plans

At one time I might just put everything into containers and let them run on NETWAYS NWS. My feature request with Let’s Encrypt support still stands 🙂 The other one is an A+ rating which involves more TLS configuration fine tuning. But that’s something for another weekend after another vacation 🙂

Upgrade to Fedora 28: nss-pem does not belong to a distupgrade repository

Fedora 28 was released a while ago, and I do not immediately upgrade my workstation from past experience with external repositories needing to catch up.

Starting with

sudo dnf --refresh upgrade
sudo dnf system-upgrade download --refresh --releasever=28

led to this error.

 Problem: nss-pem-1.0.3-6.fc27.i686 has inferior architecture
  - nss-pem-1.0.3-6.fc27.x86_64 does not belong to a distupgrade repository
  - problem with installed package nss-pem-1.0.3-6.fc27.i686

This is coming from steam which is installed via UnitedRPM/RPMFusion repository. There seems to be a package dependency change during the F27 cycle, where right now there’s no explicit dependency or provider is there.

sudo dnf remove nss-pem-1.0.3-6.fc27.i686
Abhängigkeiten sind aufgelöst.
 Paket                                     Arch                        Version                                   Paketquelle                                       Größe
 nss-pem                                   i686                        1.0.3-6.fc27                              @updates                                          215 k
Removing dependent packages:
 libcurl                                   i686                        7.55.1-10.fc27                            @updates                                          581 k
 libdbusmenu-gtk2                          i686                        16.04.0-4.fc27                            @fedora                                            79 k
 libdbusmenu-gtk3                          i686                        16.04.0-4.fc27                            @fedora                                            79 k
 nss                                       i686                        3.36.1-1.0.fc27                           @updates                                          2.4 M
 openldap                                  i686                        2.4.45-4.fc27                             @updates                                          1.0 M
 steam                                     i686                                        @rpmfusion-nonfree-updates                        2.7 M

This bug report and this blog post helped a lot, just pre-install the F28 package prior to the upgrade. In my case I had to force the package update.

sudo dnf update nss-pem --releasever=28 --best --allowerasing

Next, proceed with the upgrade again.

sudo dnf system-upgrade download --refresh --releasever=28

Say hi to Fedora 28 🙂

Clear redirect cache in Chrome

Chrome caches 301 redirects in a certain way. This one caused problems when testing redirects with monitoring-portal.org with / to /woltlab (now removed).

There is no direct configuration setting for this, you need to visit chrome://net-internals/ in Chrome. Then right click on the cursor icon in the right upper corner and select “clear cache”.

A taste of Austria: 5 years Germany & NETWAYS

Time really flies. I still remember my decision to move from Vienna to Nuremberg, like it was yesterday. Lately we’ve been talking about job application interviews at NETWAYS and I made my usual joke “Meet with Bernd, have a coffee and say yes”. I’ve never shown my CV or wrote an application letter.

It was and is a matter of trust and honesty. Bernd invited me to this adventure, and always has guided me when times were hard, or not so super exciting. He’s also the one who made me a more friendly, and calm person with a vision to lead and care about others. Just awesome.

Back at that time I also met Markus who helped me with the move into my Nuremberg located flat. Just 15 minutes walk to NETWAYS, not so far away from Anwanden. Markus and Nicole are the ones where I found my “second” family here in Nuremberg, far away from home. I really feel safe and relaxed when I’m with them. Life is good.

NETWAYS is family and friends. That includes bitching, arguing, joining the conversation and feeling so young when you are going somewhere. Like a trip with your school or student mates. We all have a vision at work – the most important thing is that we do care about each other. You’ll see that when a party is ending, cleaning up together. You’ll recognize that during a conference when everyone pushes the team to the next level. You can feel it, when a small group of crazy Germans, Austrians and Italians moves to a foreign country and is just pure natural and crazy. No-one is left behind and we all go the flow. Just friends.

Speaking of Austria, I tend to visit Linz more often these days. My CX-5 provides me the luxury to just do so, while travelling by train is somewhat “too much stress and plans”. And of course, I found my love with bringing the good Austrian stuff to Nuremberg. Dragee Keksi, Linzer Torte, Manner, and much more. Always honoured and loved, already travelling the world. A taste of Austria.

I did not really change my Austrian dialect to German or Franconia even. At some point, I just don’t care and use “funny” words. Like “the other” Markus is doing with his “Wos? Jetzt glaub i’s oba!” (What? Now I believe it … or something like that). It always has been a good start into a conversation to discuss the different words and meanings of German and Austrian words. It doesn’t matter which country you belong these days, we think global.

Travelling the world with NETWAYS, and Icinga. Made friends and achieved my personal goal: Visit events and give talks about the things I love. I’m also preferring English everywhere I can.  Open source unites.

I’ve seen different cultures, used to learn and communicate. Keeping calm if a discussion is on the run. My past me was reacting emotional when someone said “annoying” or “bad project” about “my” Icinga. These days I see the success of Icinga, how many different people are involved in it, with their different visions and the idea to push each other to the next level. Time to fade away and lean back.

I’ve also started to look into “new” things. Some points in the past have proven that I am running directly into a burn-out. This is the time when I get ill, which I normally don’t. I learned from projects which were huge, and failed. Failure is allowed at NETWAYS, and I am glad that I get the time and resources to keep calm, motivate again, and find my true vision. Lately “Icinga is running on the ISS” just nailed it again. Trust and motivation.

Managing projects and leading teams is a hard job, still my ongoing goal. Be it for Icinga or NETWAYS. I’m not the “perfect” coder, I like to organize things, design and create concepts, write documentation, do support, install all the things, and integrate them with other tools in the stack. There’s also Request Tracker as one of my new projects. And a new software is coming to life soon, all helped with the nice startup days last week at NETWAYS. Most recently I’ve also started to develop Icinga Web 2 modules. Finding new areas of expertise is pure motivation.

Probably I’m doing too many side projects, like Dashing, Vagrant, Plugins and also providing monitoring-portal.org as a community platform. Still, I learned to keep it in the 40 hours a week, and put aside everything when turning on the PS4 (I really love Assassin’s Creed Origins), building LEGO models, or just reading Perry Rhodan, still at 1170. Life is too short to work too much.

Friends married this year. The not-so-typical American-Italian-German wedding in lovely Nuremberg, many days full of love and joy. And the one you only do once in your life: Going to Kosovo, meet a new culture and enjoy life. Next year, some “round” birthdays are coming, and we’ll see where we’re heading. Our “we play offline games and drink a lot” round with Vanessa, Markus and Martin is also in the making again. Family and friends matter.

After all, it is an incredible journey and I don’t want to miss it. I love going to work and see my friends and colleagues. I love going back to Austria and visit my family. I love Nuremberg, Franconia and the country side. I love meeting friends and discussing the latest (LEGO) stuff, or just sitting in the garden having a G&T doing nothing. Tomorrow we’ll party hard at the NETWAYS XMas event, I’ll promise 🙂

Life is good with a taste of Austria 🙂

VLC on Fedora with Wayland: Big Icons, small text problem

I’ve always used VLC as my favorite video player on Linux. Recently they changed releases to 3.0 from Git in Fedora 25 (RPMFusion repository). This also included changes to work with Wayland instead of Xorg. Unfortunately the user interface was broken then – big icons, small text. Just looked like 800×600 on a full HD resolution, 27″ here.

Options described on the net where to create a custom skin, or clear the configuration cache. None of these worked unfortunately.

While looking for a possible bug I’ve found this issue which lead me to a new repository called “United RPMs”.

Thought I’d give it a try, since this issue proposes updated packages which fix the issue entirely.

sudo -rpm --import https://raw.githubusercontent.com/UnitedRPMs/unitedrpms/master/URPMS-GPG-PUBLICKEY-Fedora-24
sudo dnf -y install https://github.com/UnitedRPMs/unitedrpms/releases/download/6/unitedrpms-$(rpm -E %fedora)-6.fc$(rpm -E %fedora).noarch.rpm

sudo dnf makecache

In order to prefer UnitedRPMs over RPMFusion, I’m explicitly setting the repositories on install (I don’t want to fiddle with yum priorities here).

sudo dnf remove vlc

sudo dnf install --repo=unitedrpms --repo=fedora vlc

Voilá, VLC works again.

2016 … what’s next?

Lots of things happened in 2016. Probably way too much as I cannot really recall what I did in which month.

It hasn’t been easy all the time, and being under pressure I also made certain mistakes or acted differently than I demand it from myself.

I’m not really a fan of “1.1.2017 – leave all things behind and start over”. Reality is different and so I am taking a moment to breathe and reflect what really happened in 2016. Things I want to improve, things I loved but also things which went not so good.


Things which I would do different

At some point in late 2016 I realised that I am doing a) core development fixing bugs b) first level support c) community support. This isn’t essentially bad, but b) should be done by co-workers and c) requires a lot of effort to train community members and share knowledge.

Together with a), the actual majority of my daily work, this literally exploded at some point. I’m not proud of the way how it went (story for real life conversation) but I couldn’t help myself in this situation. In the end changes and workflows have been adopted and I am looking forward to see progress here.

Dealing with important bugs, not knowing which one comes first isn’t easy. If the support channels rely on your answer to problems, this has a huge impact on your work load. You can’t focus on the important problems anymore but need to take the chance to analyse the problems by yourself. You loose track of the important bug you’ve been looking into before getting disturbed. Finally you’ll end up with lots of ping-pong and accusations who did it wrong. Many things not even so-called project managers could solve, we’re not big enough for that even.

When your issue dashboard says 400, like 30 urgent and a lot of possible duplicates .. well. I helped myself with getting pen and paper, writing the problems down and pinning them on the wall.

There are still some issues, even many, but one also needs a better voting mechanism than Redmine provides. I am eagerly waiting for the tags and +1 capabilities we’ll be using on GitHub.

After all I consider some situations where my mind said “fix it now” being plain wrong. I should’ve waited and not rushed for solutions. There’s no guarantee for a fix anyhow. Still a problem with freeing your mind in the evening. That’ll be a deal breaker when you’re part of an open source project for many years. You sometimes just cannot stop, or the burnout stops you.

One thing I also learned the hard way – if you help others by accidentally doing their job, they’ll always rely on you. Help them in a way that they learn from you, but are able to take notes and probably never ask again.


The good stuff

Dashing turned from a fun project into an official Icinga 2 integration. I learned a lot about Ruby and Coffeescript and received overwhelming community feedback. I even wrote some development guides to help others.

The Icinga Vagrant Boxes are still on the run, and make my life even more easy. Lately I kept working on an Icinga 1x release but didn’t want to locally install the dev environment. Or by having a FreeBSD test box.

A while back I have forked the Manubulon SNMP plugins because I needed them for my own projects. It gained more attraction and I also added community contributed patches. OpenBSD is already using it, and Debian is probably going to replace the old project as well.Debian is using them already . In order to help everyone, I decided to tag and release v2.0.0.

One of my interests after learning about Graphite, InfluxDB, Grafana as well as Puppet was to gain knowledge about the Elastic Stack. I know Graylog already but getting things done with Elastic being the primary tool at work fascinated me. And of course the Elastic Beats concept. So I went for an Elastic Vagrant box and also looked into the new 5.x release.

I’ve also finally attended the Puppet training courses. I don’t use it on a daily basis, but now can better imagine how monitoring fits into config management. That made PuppetConf 2016 even more joy for me. Since the Icinga 2 Puppet module is currently rewritten I’m waiting for its final release to integrate it inside the Vagrant boxes. I’ve also contributed a small patch for the InfluxDB Puppet module this year and am hoping to contribute even more.

I did write the Git training courses from scratch this year, and have provided 3 trainings already. In mid 2017 we’ll be adding GitLab to it and focus on even more integration possibilities. It is a “new” playground for me and before writing the training material I thought I would know everything about Git. I was wrong – I only know some of the magic practical examples, but there are so many others. And the feedback and questions during the training were also helpful to just try things out and update the training material.

I have a lot of fun doing social media during events. That’s mainly twitter with introductions and topics which interest me, be it with Icinga or NETWAYS. One thing I really love – sharing that knowledge and motivation to colleagues. I am also retweeting interesting tweets, like Icinga regularly got some Grafana stuff, or NETWAYS posts about Elastic, Puppet and so on. Twitter is what >50% of my co-workers are using for also interacting with work stuff, and it has become even more important being part of the “twitter family” – just to know what’s funny or cool these days 😉

NETWAYS also now has its own event location namely “Kesselhaus“. Primarily used for training sessions this has been opened up for employees to host their own parties. And so I did with the generous help of Georg, giving a party for my 33th birthday. Including some firemen, a blonde transformation and lots of G&T (the Saffron Gin is really tasty).

Birthday presents were lots of Lego too 😉 I did not build so many Lego this year, but then decided to go for Big Ben instead of the rather expensive Lego Technic Porsche model. Building a model piece by piece really is more enjoyable than using pre-defined bricks for that. Turns out that 2017 might bring a new addition to that – the Lego Creator Expert series is celebrating their 10th birthday with a new exclusive model, 1,5 of the size of the normal buildings. Hmmmm 😉

Speaking of Lego – we do have a yearly meeting in March where Bernd and Julian are recapping the last year. It is our own pleasure to find enjoyable presents for all their hard work. This year I came up with the idea of creating a NETWAYS logo with Lego. Everyone was excited 🙂

monitoring-portal.org has a new home, generously hosted by NETWAYS. Even HTTPS was possible. The migration from the old WBB3 platform was pretty rough in early 2016, but we made it happen with an upgrade to WBB4. There still is work to do (more categories, better theme) but it is not yet clear if we stick with Woltlab or turn into Discourse. What I really want to improve is that users who help others will get a reward. Similar to Stackoverflow.

I have improved my spoken English and the way I keep presenting Icinga in my talks. Berlin, Amsterdam, Belgrade, San Diego – in the end I already knew what to talk about next. Well, the workshop at Devopsdays wasn’t good but I learned what else to prepare (just use the Vagrant-Boxes and skip the install for example). I also brought a lot of Dragee Keksi with me. They even landed in Australia 😉

I had a lot of fun finding and creating demos for the Icinga 2 API. Depending on the audience I then decided which demos to show. For instance the AWS EC2 demo isn’t that spectacular when you are in Europe. But the Clippy demo did not need any words to make people laugh and smile.


2016 also told that I should focus on more community activities. I do have some ideas like hangouts or webinars. One I already realised was to create the “monthly snap” blog post series. This one collects positive karma and gives insights into current developments. I do see that in a 2 way benefit – users see what’s fresh and new, and developers get positive feedback and motivation.

OSMC was lovely and top notch. Really enjoyed meeting with “Gin tasting crew” on Tuesday after my Git workshop. I was really tired after the 2 days conference … but that’s also the reason when you meet a former colleague from Austria and just keep talking. I also finally met Stéphane Bortzmeyer, one of those people knowing literally everything about DNS (my former workplace). The hackathon was really good, we made a lot of improvements and I finally met Steffen from Elastic, being the Go and Beats guru.

Last but not least I have to admit that road trip #2 in California was really a pleasure and freed my mind from such a hard year. Dirk and I went for Grand Canyon, driving 2000 miles in 7 days. There was a plan to have at least Las Vegas and Death Valley on the track but we changed that a bit. Going from South Rim to North Rim wasn’t planned but hey – a thunderstorm over Grand Canyon and just you in that little car. In the end we’ve also visited spots in Death Valley I haven’t been before, and also decided to visit Sequoia National Park. Just because there was time and we were free. Last but not least – Venice Beach jumping into Tom and a revival at Venice Whaler with Julian 🙂

I took those memories with me and ended up in getting myself a CX-5 with the help of Markus and Nicole. Now I have a similar feeling when driving – free and independent. A mind changer after all.


Wishes for 2017

Don’t rush things. Let others do their job and wait for them to finish.

Turn email conversations into meetings or hangouts. If something pisses you off, do it face to face. Take notes what’s good and bad, and leave things for a day. Re-iterate problems then with a different mindset.

Deal with problems in a relaxed fashion, propose a workaround or hotfix and then focus on realising a bugfix and a software release.

Try to understand what the other one is really thinking. Imagine a real life discussion if it’s online. Don’t push your own opinion as the most important one. Try to rephrase things from “Your attempt isn’t good” to “Think of this in a different way – how would this look like …”.

Share knowledge. At some point you’re the only one knowing about cool things. Write them down and encourage others to improve and add their experience. This also includes enhancing the docs and howtos.

Look for events and talks you’d like to give. Combine it with some days off and explore the cities and surroundings.

Look into a good mix of things you like to work on. It is not only C++ with Icinga 2 or documentation. That could be …

  • RT and extensions (Perl)
  • Icinga Web 2 Modules (PHP)
  • Things with Go (icingabeat, etc.)
  • Development trainings (Git, etc.)
  • Community demos (recordings, hangouts)
  • Enhance monitoring-portal.org and move to a new platform (evaluate Discourse)
  • Contribute documentation and howtos (I still owe Michael Medin one for NSCP)
  • Discover the possibilities of GitHub and GitLab
  • Embedded hardware programming (things I used to learn during my studies)

40 hours a week are enough. Social media such as Icinga twitter might work in the evening, but prefer spare time over it. If there’s no time at work to answer questions in the community channels, do it the next day but not in the evening.

Enjoy life.

Read Perry Rhodan. Build Lego models. Play board games. Do workout and free your mind. Be offline.

Go for a ride with the new CX-5, explore the world.

lldb NameError: name ‘run_one_line’ is not defined

I’m a heavy lldb user during Icinga 2 development. Most recently I got many of those error messages when starting lldb for debugging Icinga 2.

mbmif /usr/local/icinga2/etc/icinga2/tests (master) # lldb -- /usr/local/icinga2/lib/icinga2/sbin/icinga2 console
(lldb) target create "/usr/local/icinga2/lib/icinga2/sbin/icinga2"
Traceback (most recent call last):
  File "", line 1, in 
  File "/Applications/Xcode.app/Contents/SharedFrameworks/LLDB.framework/Resources/Python/lldb/__init__.py", line 98, in 
    import six
ImportError: No module named six
Traceback (most recent call last):
  File "", line 1, in 
NameError: name 'run_one_line' is not defined

Turns out that I have Python2 installed from a dependency in Homebrew. The lldb scripts just use the system path for determining the preferred Python binary.

A sensible workaround is discussed here:

$ /usr/local/bin/pip install six

Works again.

mbmif /usr/local/icinga2/etc/icinga2/tests (master) # lldb -- /usr/local/icinga2/lib/icinga2/sbin/icinga2 console
(lldb) target create "/usr/local/icinga2/lib/icinga2/sbin/icinga2"
Current executable set to '/usr/local/icinga2/lib/icinga2/sbin/icinga2' (x86_64).
(lldb) settings set -- target.run-args  "console"
(lldb) q

Since I wanted to check which package requires python in /usr/local/bin/python I found this command

$ brew list | while read cask; do echo -n "$cask ->"; brew deps $cask | awk '{printf(" %s ", $0)}'; echo ""; done

I can’t get rid of pygtk and macvim, so each new install/update will pull Python again. The reason why they build their own Python is somewhat unsafe C++ functions. Guess I don’t want to dig any deeper here.

Homebrew Caskroom migration

I’m using Homebrew on my Macbook. It is a great addition to installing software when you are used to package managers from the Linux world.

There’s also an extension called Homebrew Cask which allows you to manage MacOS applications, such as Adium or Gimp. This saves you the hassle of manually downloading the package/dmg files and automates the installation/updates.

Lately when doing an update again, there was a notice about a changed Caskroom location.

michi@mbmif ~ $ brew cask list
Warning: The default Caskroom location has moved to /usr/local/Caskroom.
Please migrate your Casks to the new location and delete /opt/homebrew-cask/Caskroom,
or if you would like to keep your Caskroom at /opt/homebrew-cask/Caskroom, add the
following to your HOMEBREW_CASK_OPTS:
For more details on each of those options, see https://github.com/caskroom/homebrew-cask/issues/21913.
apache-directory-studio  filezilla                gimp                     macvim                   vlc                      xquartz
bitbar                   firefox                  java7                    mysqlworkbench           wireshark

Ok, what would I do now? “Migration” could just mean moving the directories. But wait, the installed applications could be symlinked into ~/Applications instead of being moved (#13966).

Looking into the mentioned github issue #21913 shed some light on how to fix it. Moving the directories will make “brew cask list” shut up about the changed location, but later uninstalls will fail due to dangling symlinks. The solution is simple – force an installation again after moving the installed casks.

michi@mbmif ~ $ mv /opt/homebrew-cask/Caskroom /usr/local
michi@mbmif ~ $ brew cask list
apache-directory-studio  filezilla                gimp                     macvim                   vlc                      xquartz
bitbar                   firefox                  java7                    mysqlworkbench           wireshark

michi@mbmif ~ $ for cask in $(brew cask list); do brew cask install $cask --force; done

Done 🙂

LEGO Creator Expert: Brick Bank 10251 Review

IMG_2698A new year and a new LEGO creator modular building – this time a corner model providing a brick bank and a small laundry. I got this model 10251 two weeks ago while visiting the LEGO store in Nuremberg but now found the time and mood to go into building.

The set contains 2380 pieces, four build steps with 267 steps inside the instruction manual. Compared to older modular buildings it isn’t that hard to build and some building techniques have been changed. This one goes more into building bigger spots and putting it together.

When it starts off on the ground plate, the first cool thing you’ll recognise is the lockable vault including the removable ceiling. Building further the vault is still open but once the atrium foyer is finished you’ll find out about another cool surprise – the washing machines provide a hidden chest for actually washing the money and putting them directly into the vault. That’s something you cannot really tell from the package images.

The other part of this building step adds the pull-able cashbox for the transaction counter adding yet another lovely detail to the scene. When it comes to the ceiling there’s a hidden entry for thieves coming from the roof. You may actually change one of the mini figures into a thief outfit and start your own play story.

The first floor seems empty as there is only one room for the bosses office and a spot for the secretary. Though the build is fun and provides lots of details like the coffee vendor or building the fireplace attached to the chimney for the thief entering the bank. The typewriter totally fits my kind of humour.

The rooftop is not much in height but offers many details for making this model good. It also adds a chandelier and a small winch for pulling heavy stuff from the ground. The rounded roof windows use a common building technique already known from the pets store.

There are no stickers – everything is printed, even the window glasses. There could probably be more than 5 minifigures – the laundry seems pretty empty without employees. There are also not that much repetitive build steps except for one, but the look really compensates for that afterwards. What I really missed was building letters/numbers from other bricks (like “AL’S” and “POOL” from the detective’s office).

Sorting the bricks takes quite a while, so I guess this model was like 5-6 hours for building and sorting. Being a corner building it perfectly fits with the detective’s office from last year 🙂


Windows 10 update changes partition table and breaks GRUB

It’s holiday season and so I got a hold of playing some games longly missed on Windows. Booting Windows 10 certainly unveiled several pending updates (Antivirus, Geforce, Windows updates). Since Windows 10 does not explicitly tell about big updates anymore I just did let it reboot several times, waiting for manual grub selection then.

Though this time the update essentially broke GRUB. “error: unknown filesystem. Entering rescue mode…” is certainly not what I expect from a Windows 10 update. After googling a bit I found this thread including an explanation as well as a solution for the problem: The Windows 10 update adds yet another hidden partition, but essentially rewrites the partition table which then breaks GRUB finding the correct /boot partition containing grub2/. Congrats Microsoft!

So, Windows 10 “Upgrade to Windows 10 Home, version 1511, 10586” breaks grub2 because boot block grub2 still thinks it should boot grub2 from (hd0,msdos2) when it now needs to boot from (hd0,msdos3).

The solution is simple but nasty without bash-completion and English keyboard layout on a German keyboard.

First find the boot partition containing the grub2/ directory.windows10_upgrade_dec2015_breaks_grub

grub rescue> ls (hd0,msdos1)/grub2
error: unknown filesystem.
grub rescue> ls (hd0,msdos2)/grub2
error: unknown filesystem.
grub rescue> ls (hd0,msdos3)/grub2
./ ../ themes/ device.map i386-pc/ locale/ fonts/ grubenv grub.cfg

Next set the changed boot prefix and root attributes:

grub rescue> set prefix=(hd0,msdos3)/grub2
grub rescue> set root=(hd0,msdos3)
grub rescue> set
grub rescue> insmod normal
grub rescue> normal

Change from “rescue” to “normal” GRUB mode, and quickly select Fedora from the boot menu. In order to fix GRUB log into Fedora, open a terminal and become root. Now generate a new grub configuration.

sudo -i
grub2-mkconfig -o /boot/grub2/grub.cfg
grub2-install /dev/sda

Reboot and the GRUB menu should be fixed. Now safely choose to continue the Windows 10 upgrade.

LEGO Dimensions

thumb_IMG_1760_1024I’ve played and enjoyed each LEGO game from Telltale (except the Wii-U exclusive City Undercover) starting with LEGO Star Wars and most recently, LEGO Jurassic World.

When I heard about LEGO Dimensions coming up this year, I watched a couple of trailers getting an idea what to expect. Considering that #breaktherules is their slogan, that game supposed to be huge. When I read about level, team and fun packs to be bought in additional waves it felt a bit like a cash printing machine for LEGO instead of a real game.

I’m fairly too much into LEGO to resist in pre-ordering this game, but only the starter pack for now. Furthermore Amazon granted a 15€ pre-order bonus when getting LEGO Jurassic World, so the 100€ starter pack wasn’t too expensive.

thumb_IMG_1761_1024Level packs range from 25€ to 30€ providing additional levels for: The Simpsons, Back to the Future, Portal, Dr. Who (Amazon exclusive available at 5.11.2015), Ghost Busters (available January 2016) and Midway Arcade (March 2016, never heard of that).

Team packs add more figures and vehicles and range at ~25€ each. Fun packs consist of one figure and one vehicle at the price of 15€.

There will be several waves where these packs are released over the next couple of months. According to Warner Bros they will support the game 3 years with updates too.

thumb_IMG_1764_1024Opening the starter pack box unveils the toy bad, the game disc and an additional box containing the bricks for the portal, three characters (Batman, Gandalf, Wyldstyle) and the bat mobile.

thumb_IMG_1766_1024Before starting the build I did start my PS4 and inserted the game disc. It then immediately started to download a 5 GB (!) update to 1.02 which fairly took over an hour even with VDSL50.

While that download lasted, I did build the three characters, the portal itself and well, then I was stuck – the bat mobile instructions are not available inside the printed build instructions. The reason for that is implicitly explained in-game: You may modify and upgrade vehicles and characters inside the game and it holds additional build instructions.

thumb_IMG_1773_1024The toy pad itself is a simple NFC reader attached to the PS4 via USB (cable is pretty long). While the figure stands are printed and reserved NFC tags for each character, the vehicles must be built and then written to the NFC tag. The game will tell you to do so – at first glance this happens when you’re building the bat mobile after completing the portal build.

The light bulbs are using different colours, sometimes blink for giving hints and the three areas can hold 7 characters or vehicles at the same time. At first it was not that clear how the toy pad would be involved in the game – ok, by putting the bat mobile on it it did appear in-game and could be used.

thumb_IMG_1776_1024When going further with the story you’ll experience 5 different purple keystones with different modes: colour puzzles, special character abilities to clear fire, melt ice, enlighten dark rooms, etc. You need to interact with the toy pad and put your characters on it – be it a defined order, or a specific area. Once you’ve completed the first story mode levels you should’ve learnt how to use them. Cool thing: The game tells you to physically attach each keystone to your portal once each level is finished.

thumb_IMG_1777_1024So far I’ve finished 4 of 5 keystones in the story levels and came across Gotham City, Wizard of Oz, Simpsons, Ninjago and Doctor Who. Still curious what else to see. The story itself has an evil boss, the usual suspects supporting him and you, the brave hero fighting your way against them. The level design and story somehow reminded me of Super Mario World, especially the yellow brick road in the Wizard of Oz 😉

If you are familiar with LEGO games you certainly want to achieve the 100% level. This is helped by buying the red bricks with collected studs which help detecting mini kits, gold bricks, 2x studs (no more 4,6,8,10 multipliers though) and a quest detector. The other ones are more or less funny additions.

The “nasty” thing about these red bricks – they are hidden in the adventure worlds. In order to access these adventure worlds you’ll need a character of each world. So you’ll end up buying additional level, team and fun packs. Clever, LEGO, very clever. Which in return means you cannot complete LEGO dimensions just by getting the starter pack.

Once you’ve completed the first levels you are allowed to use the lift to move up and access all adventure worlds – and there are quite a few. The main three figures allow you to access the DC Comics, LEGO Movie and The Lord Of the Rings adventure worlds instantly. The rest – well, first the story mode, then buy additional adventure world characters, collect red bricks, finish story mode free play and then work towards the 100%.

Conclusion: Apart from the money it will cost you, it is a definitive must buy. The gameplay is better (not so much different characters in the main story, if you don’t want to) and the toy pad integration really adds a new special feature to just sitting on the couch with the controller. Solve puzzles or just transform your character into the level and play with it. Typically you’ll find plenty of LEGO humour and sarcastic references 🙂 And yet, there’s offline LEGO to build!



Settlers 2 Gold on OSX

The Settlers 2 was the first game I bought, and it is still one of my all time favourites. No wonder I was looking getting it to work on OSX too. I know that there’s DOSBox for Mac, but dealing with graphical installers from GOG.com and so on, I was looking for an easier method making this work out of the box as OSX application.

I found this nifty howto and did these steps for a German version:

Get the game on GOG.com and download the installer.

Install and run WineBottler. Select “Advanced” and create a new custom prefix. Select the downloaded Settlers 2 exe file. Furthermore tick one of the directx dlls for Winetricks. Then save it somewhere.


WineBottler will then run the installer inside a Wine environment. Click through the installer but do not run the game in the end.


Once completed check the location on disk where the app was saved into. Right click on it and select “Show Package Content”.


Navigate to “Contents” – “Resources” – “wineprefix” – “drive_c” – “GOG Games” and select to copy “Settlers 2 Gold”. I’ve chosen “Downloads” and copied it over there.

finder_settlers_tree finder_downloads_copied_to

Optional: I’ve been using a small trainer from the 90ies to add 5k resources for long endless games against all enemies. Download the s2edi and extract the file called “s2edi.exe” to the main tree.

Now install Boxer and run it. Note: You can run any DOS game with Boxer, it’s more like Docker containers for separated DOS environments.


Now select “Import a new game” and drag&drop the “Settlers 2 Gold” folder into it. If the icon does not show up, select the goggame-1207658786.ico and drag&drop it again.


Boxer stores all DOS Games in the very same directory in your home directory from where you can start them.


Run “Settlers 2 Gold”. The prompt will allow you to run several programs – choose “S2.exe” for the main game, “s2edit.exe” being the map editor and “s2edi.exe” for modifying existing save games.


Launch “S2.exe” and enjoy an old time classic! 🙂



w+i+n+t+e+r and ALT 1-6 for speeding the game up

s+c for descriptions

space for yellow build helpers

LEGO WALL•E 21303 Review

I’ve read plenty of rumors about this build, even that the head would not stay put. Strangely enough, LEGO did not do any promotion for this lovely set coming out on 1st of September 2015. Although it does not matter – the LEGO store in Nuremberg is on the lunch route in town, so I just went there with a friend on Tuesday.

I was not the first to buy LEGO WALL•E 21303, and I guess it will be sold out pretty soon – shop.lego.com already lists it as bestseller. The model is rather tiny, but with 677 bricks I did not expect it to take that long to build. If you are fast builder sorting the bricks beforehand, you can watch the movie on bluray while building the model – fits perfectly fine.

The instruction booklet consists of a nice intro into both, the movie and the designer who was actually involved in the animation team at Pixar and built the model iteratively in his spare time over a decade. Then 178 build steps follow. Some steps are repetitive but overall they are short and the whole model is fun to build. Its origin is LEGO Ideas – chime in there and support future community built models! Many details from the model now in stores can be found in the original submitted LEGO idea.

One special thing – NO STICKERS. The logo is printed and looks perfectly fine. Thanks LEGO.

Conclusion – WALL•E is one of the cutest models I’ve ever built, and anyone who loves the movie will certainly love this model 🙂


Upgrade to Windows 10 on dual-boot systems

Upgrading Windows 10 on a dual-boot system is not that easy. After fetching KB3035583 and KB2952664 and reserving my upgrade copy on Windows 7 Professional x64 the setup still said “Something happened. We can’t tell if your PC is ready to continue installing Windows 10. Try restarting setup.”

The reason for this seems to be dual-boot installations only. First off, change the default boot entry to Windows.

windows7_mark_partition_as_activeAfterwards I did not want to override Grub with my Fedora 22 installation, but was looking into alternative solutions for error 800703ed. This tip about marking the C: partition as active partition did the trick – the Windows Update is now downloading Windows 10.





Getting ready for installing my Icinga 2 development environment 🙂

Change default boot entry in Grub2 on Fedora 22

Upgrading Windows 7 to 10 does not like dual-boot systems where Windows is not the default (likely due to automated reboots during upgrade). In order to fix this problem, we’ll need to change the boot order (or, the default entry).


# grep "submenu\|^\menuentry" /boot/grub2/grub.cfg | cut -d "'" -f2
Fedora (4.1.6-200.fc22.x86_64) 22 (Twenty Two)
Fedora (4.1.3-201.fc22.x86_64) 22 (Twenty Two)
Fedora (4.1.3-200.fc22.x86_64) 22 (Twenty Two)
Fedora, with Linux 0-rescue-46724b4128e8471db41e1e7efe9c8aeb
Windows 7 (loader) (on /dev/sda1)
Windows 7 (loader) (on /dev/sde1)

# grub2-editenv list
saved_entry=Fedora (4.1.6-200.fc22.x86_64) 22 (Twenty Two)

# grub2-set-default "Windows 7 (loader) (on /dev/sda1)"
# grub2-editenv list
saved_entry=Windows 7 (loader) (on /dev/sda1)

Adventures with Windows 10 Upgrade

Holiday season means calming down from daily work, being offline whilst enjoying family and friends in Austria. Some stuff I normally do as well after relaxing a bit – fix their hardware and software.

I’ve been digging into Windows 10 updates lately with Virtualbox, and decided to give it a go with the current rather old hardware. There’s a mix of Windows 7 and 8 home and professional installations around on HP, Lenovo and Acer notebooks. All of them remain slow, sometimes bloated with lots of unwanted software and startup injections.

At first glance, I had the pleasure to fix the HP Protect Tools Security Manager and their fingerprint “security” for USB sticks even. Some glitch prevented the user question asking for authorization so usb sticks remained unreadable. Other than that the HP Probook 450 G0 was not much to prepare to the Windows 10 Upgrade (the connection manager was already removed causing trouble with wifi connections and hibernation in the past).

The “get windows 10” application only let reserve the upgrade (and also fails in Virtualbox not detecting the hardware properly), and being tired of enforcing the updater with a script, I just used the media creation tool to create an ISO file. This is good for 2 reasons: First, you can just burn a recovery media and second, mount it inside the operating system and run the Windows 10 setup wizard.

windows10_infoThere’s two options you’ll get: Windows 7 Ultimate/Enterprise turns into Windows 10 Professional, while Windows 7/8 Home will be upgraded to the Windows 10 Home edition.
Note: You’ll need to open the link to the Media CreationTool on your Windows platform! Otherwise you’ll directly get the ISO download – which works in this case too, but the creation tool also allows you to just download the setup files and run the installer without iso creation.

Reading about Windows 10 being incompatible with HP Security Tools, and only some Windows 8.1 with latest BIOS update working I decided to remove this bloated software collection. Note: HP Security Tools have quite a lot of dependencies, you’ll need to uninstall them one by one from the system’s control panel before actually removing the security tools.
Furthermore I’ve upgraded all drivers using the HP SoftPaq Client manager – that way you’ll fetch all required updates automatically instead of downloading them one by one from the support website.

windows10_info_centerLenovo’s G585 worked pretty well with Windows 8.1 already, only had to remove the start menu addons after upgrading to Windows 10 as there’s a better implementation now being shipped natively again. Windows 10 also integrates a better notification system on the right side, and re-adds the native desktop after login.

windows10_updates_p2pOne thing next to the “send them all information” thingy you may opt-out right after install I really don’t like is the idea to use the client’s upstream bandwidth for sharing Windows updates. This becomes a pain fast with not-so-fast connections over here in Austria/Germany. Navigate to “Settings” – “Update & Security” and choose “Advanced Settings” with “Choose how updates are delivered”. Tick off “From more than one place” (more here).

The Acer Aspire 5250 upgrade process with a clean system is pretty much a pain: Clear.fi being a multimedia streaming suite slows down boot time and eats memory, AMD Quick Stream provides “quality of service” for end user’s internet connection (aka unwanted traffic shaping and connection losses) … apart from the usual suspects sitting in your autorun. Going in the hard way with HiJackThis, Spybot Search & Destroy, AdwCleaner and Anti-Malware. CCleaner does not necessarily help as registry fixes won’t be needed later on with Windows 10 – only a clean system is required before doing an upgrade. Analyzing the startup process was also required but I already removed the real bottlenecks before.

windows10_upgrade_setup_updateApart from cleaning up the software mess, Windows Update ran into “WindowsUpdate_800040040” which led to the Windows Update Troubleshooter. Luckily the Windows 10 setup does not care much, but proceeds to fetch its own updates. Although the first and second check for updates takes pretty much time (over 2 hours now), so get yourself something else to do in the meantime.

Driver updates were not necessary as Acer does not provide any recent drivers for the Aspire 5250, and Windows 10 obviously ships its own more recent versions for such hardware. Removing the “Acer Updater” application is therefore also safe, as it can be removed to autorun as well.

Windows 10 goes the app way even more – several applications such as media players or games are now external apps to pay for (or at least have in-app payments) unless you had them installed before. Luckily there are open source alternatives such as VLC as media player or 7zip for archives 🙂

windows10_start_task_managerSince Windows 10 runs smoothly and solves plenty of my “remote” problems (even a nicer task manager), it is safe to finally install Teamviewer 10 everywhere before leaving Austria again 😉

May the 4th be with you

11188245_951345114898038_3242923167258976802_nLEGO recently announced the “May the 4th be with you” campaign offering various reduced prices on LEGO Star Wars models and other exclusives (LEGO Star Wars film poster, Admiral Yularen mini figure, etc). Starting on the 2nd of may lasting one week guess who joined the LEGO store in Nuremberg on Saturday 🙂

While it’s tremendously hard to look at all the fine stuff being reduced by 10% it’s even harder to resist against buying all the bigger models – I personally prefer the bigger ones of the smaller play sets, I love to build LEGO, but I don’t play with it 😉 Being at the LEGO store also answers the questions when models won’t be produced anymore and go off stock. One of them clearly is the VW “Bully” being terminated later this year. “Star Wars”-wise rumors do tell that the Red-Five X-Wing Starfighter 10240, Ewok Village 10236 and the Death Star 10188 won’t survive 2015.

The original price of 420€ for the Death Star is a lot of money, given a discount of 10% and lots of VIP points collected from previous store visits, it was tough, but in the end LEGO won (again). It seems they’ve removed it from the online store in Germany (probably sold-out) but the international version is still available.

While I won’t play with it, I’m really in love with the scenes from the films in each “quarter” – certainly you’ll need to be a Star Wars fan to recognize all of them. Laser sword fight between Darth Vader and Luke Skywalker accompanied by the emperor, adjustable guns and the super laser, and even the jail scene with some 3d view (!) where princess Leia will be freed by Chewbacca, Han Solo and Luke Skywalker – directly jumping into the trash compactor.

Even a view onto the hidden rebels base, or vice versa, Alderan, brings the original film scenes to mind. This model really got many many details you won’t see on the box design or any reviews on the net, you need to build them and have the aha-effect 🙂

The build steps are repetitive only on the ground floors (building them in quarters) but then have their own lovely style and details. There’s an elevator in the middle connecting all floors and scenes together, which can be lowered by a cord, similar to a goods lift implemented in the Tie-Advanced parking lot.  There’s also the famous door with an open-close mechanism looking at another laser sword fight between Obi-wan Kenobi and Darth Vader. Before that you may adjust the scene for Obi-wan disabling the power plant (which actually hides the blue-transparent bricks simulating the power when pulling off the knobs).

Check the images from the build process below – 4 boxes, unpacked into 7 build sections and 192 build steps, it took me ~11 hours to build it on the weekend. This time on the couch again, it does not really fit on a small table. The instructions book is pretty big and connected with rings, bringing all the details onto each page. Some build steps must be done twice, but that’s not that many compared to the rest (e.g. two laser cannons). I would’ve replaced the Tie-Advanced with a small version of the millenium falcon but that probably did not fit into the model which already is rather complex to build.

Once you’ve finished it half way, you’ll just build and build and oversee the time 🙂


Logitech K800 wireless not working on dm-crypt passphrase

This bug did bite me in the past with Kernel 3.2 and Debian testing too, and I consider the Logitech wireless keyboard drivers in a similar tested fashion such as NVIDIA proprietary drivers – pretty much exotic and hard to maintain all the changes.

It’s not fun once you’ve chosen the grub entry and are prompted to enter your password for the encrypted LVM in order to boot your entire system – and nothing happens on the Logitech K800 wireless keyboard. But before it did work on selecting the correct grub entry.

Some googling for the error unveiled several threads providing insights and workaround fixes. This one told me that dracut is the root cause being responsible for loading the logitech kernel module before cryptsetup would prompt for the password. Which totally makes sense.

So how to convince dracut to load the logitech driver? It actually tries to do so already. So the initial workaround below did not work.


# vim /etc/dracut.conf

add_drivers+=" hid-logitech-dj "

# dracut -f

In a different manner, it came up that the kernel module had been renamed recently from “hid-logitech-dj” to “hid-logitech-hidpp”. Renaming something normally breaks all other dependencies, but looking at this fix – well, hardcoding everything somewhere in a shell script, oh my.

While waiting for an updated dracut, either patch the module-setup.sh – which might break on dracut package update again.


imagine ~ # yum install dracut
imagine ~ # cp /usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh /usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh.orig
imagine ~ # vim /usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh
imagine ~ # diff -ur /usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh.orig /usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh
--- /usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh.orig	2015-04-03 12:45:32.779223333 +0200
+++ /usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh	2015-04-03 12:45:45.843129483 +0200
@@ -45,7 +45,7 @@
         instmods yenta_socket scsi_dh_rdac scsi_dh_emc \
             atkbd i8042 usbhid hid-apple hid-sunplus hid-cherry hid-logitech \
-            hid-logitech-dj hid-microsoft firewire-ohci \
+            hid-logitech-dj hid-logitech-hidpp hid-microsoft firewire-ohci \
             pcmcia usb_storage nvme hid-hyperv hv-vmbus \

Or fix the dracut configuration for loading the correct additional driver. Note: Only rebuild the image for 3.19.x – the renamed driver does not exist in 3.18.x and below. (I did boot the old kernel allowing me to drecrypt the system).


# vim /etc/dracut.conf

add_drivers+=" hid-logitech-hidpp "

# dracut -f /boot/initramfs-3.19.1-201.fc21.x86_64.img 3.19.1-201.fc21.x86_64

Fix pre tags not wrapping text in Divi WP theme

Using the Divi WordPress theme is pretty nice, but sometimes you’ve gotta deal with custom css and fixes. The pre tag uses the entire page width which looks pretty ugly with the menu on the right. Reading over here says that text wrap is not enabled by default.

Thanks Bernd providing me a fix for that!

Add the following to your Divi Theme Options as “Custom CSS” and save it.

pre {
   white-space: pre-wrap;

Resize encrypted LVM on Fedora 21

It’s not about resizing the actual logical volume’s partition, but the mapped /dev/dm-XX device mounted inside /etc/fstab as /home.

Failed attempts:

# lvextend -L100G /dev/luksvg/home

# resize2fs /dev/luksvg/home
resize2fs 1.42.11 (09-Jul-2014)
resize2fs: Das Gerät oder die Ressource ist belegt beim Versuch, /dev/luksvg/home zu öffnen
Es kann kein gültiger Dateisystem-Superblock gefunden werden.

# lvresize --resizefs --size 100G /dev/luksvg/home 
fsck von util-linux 2.25.2
  Size of logical volume luksvg/home unchanged from 100,00 GiB (25600 extents).
  Logical volume home successfully resized
fsadm: Filesystem "crypto_LUKS" on device "/dev/mapper/luksvg-home" is not supported by this tool
  fsadm failed: 1


# lvextend -L100G /dev/luksvg/home

# ls -la /dev/disk/by-label/home
lrwxrwxrwx. 1 root root 11  6. Feb 14:56 /dev/disk/by-label/home -> ../../dm-12

# resize2fs -p /dev/dm-12
resize2fs 1.42.11 (09-Jul-2014)
Dateisystem bei /dev/dm-12 ist auf /home eingehängt; Online-Größenänderung ist
old_desc_blocks = 5, new_desc_blocks = 7
Das Dateisystem auf /dev/dm-12 is nun 26213888 Blöcke lang.

Online resizing works in a similar fashion with the root filesystem.

LEGO SHIELD Helicarrier 76042 Review

IMG_0356Spending 350€ for a LEGO model seems pretty much money, and I had a hard time convincing my self to actually buy the LEGO SHIELD Helicarrier 76042. I have been reading the build series on BrickFanatics and also watched this review video by the Brick Show.

In the end it turns out that I’m busy during the weeks (Icinga 2 Trainer, Icinga 2 2.3 release, CeBit, etc), and it’s a nice present building LEGO on the weekend. Further this had been an exclusive pre-order for LEGO VIPs, and I already know that such UCS models are sold out at last (remember the Star Wars Slave I model). So, Bernd also invested into important things in 2015, and got his one even sooner. Though, mine also arrived on 2nd of March, then Icinga 2 training and finally on Sunday I got my hands dirty on this one.

The 76042 model consists of 2996 pieces and 12 build sections with one to four bags to sort and build. Those build sections take less than an hour each, and can be easily sorted on a small table (not the couch version). The instructions book is huge – 151 build steps and 448 pages. Without the power addon stuff of course. You might actually use power functions to make the rotors move, and also add some led light in front. Looking at the reviews, I didn’t like it much as the cables destroy the inner good looking, the bridge and computers.

IMG_0487The scale is not for mini-figures, although there’s a stand adding 5 of them: Nick Fury, Black Widow, Captain America, Hawkeye und Maria Hill. In order to make this model more playable and lively they have added micro-figures: Nick Fury, Hawkeye, Captain America, Iron Man and 8 SHIELD agents. They fit on a single nob, and you’ll certainly recognize Iron Man by its transparent hover 😉

Additionally there’s lots of lovely details with 3 quin jets, 3 fighter jets, lift trucks, tank wagon, etc – the helicarrier looks like there’s a lot of stuff going on currently. From the inside, there’s lots of Technic bricks and building involved – also space for the power functions. The front features the command bridge where the scene play with Nick Fury and lots of transparent computers could be seen.

In terms of building sections you’ll start with the eagle stand for the minifigures – though, you’ll get them later on during the build. After that, the black UCS stand including the sticker (god, I hate stickers) is built. It’s pretty robust and it has to be since this model is very heavy.

IMG_0426Starting with the base you’ll be reminded of the pirates ship’s body, but in a long scale. Plenty of LEGO Technic items are used to make this model robust at last. Furthermore you are building the command bridge directly inside. On top, the mechanism for moving the rotors is already integrated. That one is a bit tricky to adjust the gears so they fit, but there are instructions for that as well. On the side, you’ll hide many of the ugly technic bricks with on top base plates and the famous 64 logo (again stickers).

IMG_0447The repetitive and boring part are the four wings with the rotors – they are not the same, but quite similar being built. It’s not as much pain as with the Star Wars XWing but still not that much fun to build. In the end, the water-transparent bricks used for the rotor are the most enjoyable since they are unique to this model. Afterall there are some building techniques used again which are not the standard way.

Once the wings are done, you’ll add the propulsion in the back including some nice building techniques as well. Putting the runway in place unveils the first new thing – the long black plates are printed, no need for any stickers. The ceiling of the command bridge can be removed which adds some playable ground for later.

IMG_0463The front needs to be added – but that design decision to use a mix of printed plates and stickers which don’t really fit together on the runway – dear LEGO Designers, WHY BUT WHY? The stickers are way too small and make the runway look ugly, if you’re close to the model.

In the end, build section 11 introduces the skew runway which can be removed later on as well. There’s a nifty build technique used here, and it’s fun to add all the details to it. Section 12 finishes the modul with adding a small command bridge with transparent glass on top of it – that one must be removed to remove the skew runway later (although there’s no real reason to do so, because the floor below is boring, just black plates).

IMG_0488One of the quin jets can be put into the air with a transparent holder, while the others stay in starting position. Two of the SHIELD soldiers are hidden in the mini command bridge, Nick Fury and Hawk Eye are put inside the huge command bridge. The other SHIELD soldiers as well as Iron Man and Captain America are placed somewhere on the runway. Additional packages and petrol tanks complete the scene.

Putting the model on the UCS stand is a bit tricky – it is really heavy and the stand does not fit. I made it work, but I think it could be done better by fitting smaller parts, not the entire lane (which is hard to find with that huge model to hold). You cannot turn the model to the bottom and make it fit, unless you have three arms – holding the model in the middle with just one hand will make the skew runway go away, and so on.

IMG_0443Conclusion: Apart from various repeating build steps, stickers and the not so good designed stand I really like this model. I won’t add the power functions, there’s no real benefit with this model and I don’t want to see cables anywhere in the scenes. What I really like about this model – I generally like carriers and their level of detail (remember the Revell models, Bismarck and so on). In combination with the cool Avengers story, as well as having played the video game “LEGO Marvel Super Heroes” where you’ll run and fly on the helicarrier as basis – just awesome & pure imagination joy.

I’ve been watching the Lord of the Rings Special Extended Edition blurays (which is ~11h) while building this model. In the end, it took me ~9 hours to build which is not that bad for nearly 3000 pieces. On the other hand – imagine how many pieces and time this would take if it would be in mini-figures scale? 🙂


Lego Star Wars Slave I 75060 Review

IMG_0125I’ve been in the LEGO store Nuremberg on the 2nd of January in the afternoon, looking if the Ultimate Collectors Series model Star Wars Slave I is already available. An employee told me that the “zombies” were waiting at 10 am, and so there are no items left to sell. Well, too bad. But the detective’s office was available, so I got that one instead.

Still, I couldn’t stand it and so I went there again and pre-ordered it (could’ve done it online too, but I like the Lego store‘s atmosphere, always something new and special :)). I had to wait until the end of January, but at least I got one – the online shop says it can be delivered by the end of March currently.

Right on the weekend before going to FOSDEM, I started to unpack this baby. 1996 pieces doesn’t sound much, but when you’ll open the box, you’ll see that it’s a lot of steps to build. There are certain pieces which are just big, but also lots of small-ish ones. One good thing about the new 2015 models: You’ll have one big instructions book referencing the different bags step by step. Previous models had 2, 3 or even 4 instruction booklets which made the “instructions library” a bit chaotic. The UCS models also provide an introduction to the model itself, its background and also an interview with the designer – challenges, ideas, vision. I enjoy reading their story before actually starting the build process every time 🙂

IMG_0129Building the Slave I requires 13 separate build sections with one or two bags on each step. This is solved better than the Creator buildings where you’ll normally need the entire couch for sorting all the pieces. Slave I actually did fit on a small table (better sitting position!). The instructions are split into 115 build steps which took me ~6 hours to build (including some breaks for taking photos and refreshments ;)).

The building process starts with the front base “plate” which is tied together by Technic pieces making it very robust. The round shape is actually done in an interesting way of using orthogonal items to connect to the plate below. Oh well, then something starts what I don’t like about Lego models – stickers. And this models contains many stickers. Although the Lego designers learnt from the past – the stickers are now numbered, similar to what you know from Revell models. The only problem with those stickers – put them into the right place on the round lego bricks surface. Take a break and breath before continuing!

IMG_0137You are actually building both bottom parts in red, and then combining both with more Technic bricks. The good thing is that you’ll see your model evolve step by step which keeps the motivation flowing. At this point there were no repeating build steps (which is one of the most annoying things with Lego models). You’ll also build a detailed bottom with the engines and one good thing to mention – there are transparent bricks for creating an hover effect when the model is standing on the ground 🙂

IMG_0140Build bag 6 introduces a nifty build idea – integrate the frozen Han Solo into the ship, helped with Technic items to actually remove it easily later on when playing. You can even stash the minifigure into the frozen “mask” which is really cool. Another really magnificent idea are the two wings – Slave I is one of the few Star Wars models which has two modes – landing and flying position can be reached by turning the model by 90 degrees. So the wings must be adopted based on how the model is positioned. The designers realized that by making the wings “free flowing” and they always keep the right place, depending how you turn the model. Awesome!

IMG_0149When it comes to building the cockpit, you can even adjust the pilot’s position depending on how the model is put (landing or flying position). Additionally there are some surprising building steps involved with the green bricks where you’ll see the result only in the end. You’ll have to repeat that for both sides, but that’s not really an issue here as the building steps are rather short (10 each). After the cockpit, the “nose” is being built in section 10. There are some interesting building techniques involved as well (find out yourself) which make the model even more robust.

IMG_0168One bad thing – transparent cockpit glass with two stickers on it. But – building the side parts with a mixture of green and gray sounded like building the same parts again. Actually this does not happen – they look the same, but the model uses different coloring on both sides. Also the weapon slots differ – one side with laser cannons, the other one fires a missile.

All in all, the model is pretty heavy but therefore robust. Therefore the stand must be pretty robust as well. It does not look like it, but the black Technic bricks really create one which keeps the model in flying mode. Except for the stickers building the Star Wars Slave I 75060 really was a blast. And it’s really big in minifigure scale compared to the Red Five X-Wing Starfigher 😉


Lego Creator Expert: Detective’s Office 10246 Review

IMG_0069I basically got all these nifty creator houses by the end of 2014. Although I enjoyed building them there was already a new model announced for 2015 – the detective’s office. I made it to the Lego store on 2nd of January with friends visiting Nuremberg, and got the model (Slave I was sold out, but I got that one later hehe).

One good thing when opening the box – there’s only one big instructions “book” containing all the build sections and referenced bag numbers. Less chaos in the instructions library then. There are 4 sections with plenty of bags each – which requires plenty of space when sorting the bricks. Enlarge the couch and get refreshments 😉 They’ve also added a new “Expert” logo into the model’s box and instruction manual. The model itself consists of 2262 bricks which is fairly average amount other houses in the Creator series.

IMG_0077The first build step builds the left bottom part including a pool house, with darts and a hidden storage for smuggling stuff into it (they advertise that as play feature, which is cool but actually a bit hard to play with). Other then it looks like, this house is not split into 2 sides (like the pets store 10218)  Look at all the details when building this part – from billard queue extensions to a ceiling fan, there are many.

IMG_0082Next up: Al’s hairdresser which includes building a way for smuggling stuff into the main pool house. The coolest thing I’ve ever seen – a mirror plate without any stickers, directly attached into the hairdresser’s room. And again – lots of lovely details, even a minifigure taking off his heat for getting the hair cut. And you’ll know it from the previous Creator models – you’ll build the letters “A L ‘ S” from combining Lego bricks.

IMG_0097The third build section builds the entire first floor which is tied together with stairs from the ground. The left part features the detective’s office while the right room is more or less for the staircase and a restroom. The brick colors are pretty cool here – the detective’s office looks like made of brick, while the room at the right mixes light with more dark blue and white. The outside features a firefighter ladder which can be used to chase smuggler’s by the detective.

IMG_0106The first floor leads to the second floor with an additional staircase on the right. The interior fits as kitchen including a cat. Although it’s been a bit small for that. I would’ve found it better using the remaining space on the left side. Although building the water container is one of the coolest build techniques I’ve ever seen 😉

The build is finished by putting together the letters “P O O L” in a top-down logo for each side, similar to the Creator Palace Cinema‘s logo. All minifigures are integrated into the various scenes already so no mess with putting them “somewhere”.

It took me ~5 hours to build this nice model, and I can definitely recommend it. There are no repetitive steps, stickers but only joy when building the model, brick by brick 🙂

From cassette tapes, CDs, Google Play Music to Spotify and beyond

Found at http://motleynews.netStarting with cassette tapes, either recorded from radio shows or audio cds, I figure that I am already that old to know why a pencil is important 😉 Once in a while I switched to using audio cds and a huge set of playlists (DJ Winamp was calling) during my studies. While I’ve started listening to pop and rock tracks (Deep Purple, Led Zeppelin, etc) that taste changed over time.

Writing my diploma thesis back in 2006 required a change in music which is kind of similar to work-out music: beats, not too much house involved, not that many vocals. Just keep pushing forward while writing text and hacking Linux. Tiesto – Live on Trance Airwaves 2004 was one of those mixes found on the net, after a while I’ve spotted Armin van Buuren’s A State of Trance radio show, starting with 288. Tiesto’s Club Life radio show also got my attention.

I did not really change my music taste though – depending on the mood, I prefer to listen whatever comes to mind, and I am fairly certain I’ve tried new movements as well. Some don’t play well (I don’t like black metal that much for instance), others get my attention (the deep house / electric movement). And some are just a fun fact when your group likes it – as we do at NETWAYS with Helene Fischer or any other “Après Ski” hit. Not that I generally like that kind of music, but going out and enjoying life together is what matters 😉

IMG_0114Afterall I did not really catch up with charts or other “current” music although I tend to know quite of lot of tracks by hearing just the first seconds. Querying Youtube for such tracks and keeping them organized doesn’t work well if you’re moving from Austria to Germany – most of these tracks are either blocked (GEMA-wise) or get deleted by their uploader once in a while. But I wanted some sort of “Listen to whatever I like” stuff. So I looked into the various streaming offers around. I did not like Spotify in the first place, as it required a Facebook login to stream free media (and Android/Linux wasn’t supported that well). Using the Nexus 7 tablet, Google Play Music was doing a good job and I liked the idea of organizing playlists and tracks.

Although I have to admit that Google Play Music is just yet another service by Google (and there are too many of them). They overhauled the interface quite a bit in past year, but the app still crashed when you were navigating from authors to suggestions, adding stuff to playlists, going deeper. Sadly this happened to often, and also the navigation was not as intuitive as it could be. By the end of 2014 I decided to switch from Android to iOS and try something new. I’m not going into details here what’s better on these operating systems, it’s just – how much is Google Play Music optimized for iOS?

IMG_0222After some weeks of trying to keep up with it, I must say – it does not really fit into iOS, and you’re better with alternatives. It sure scales better than on the old Nexus 7 or Galaxy S3 hardware, but when you’ve learnt the Apple iOS way of doing things, it somehow feels borked. It’s the same with Gmail and Chrome, they do not integrate well into Apple stuff. Further you cannot quit the subscription on iOS – the app store forwards you to the website (mobile) which tells you to open the app! (inside the Android app store it’s perfectly integrated and you can quit. Workaround: Switch Safari to Desktop mode and then Google let’s you quit the subscription).

I then looked into Spotify – mainly because many of my colleagues at Netways use it as well and I like to share playlists with them. Installing Spotify and opening the application, getting an account and browsing all the stuff was tremendously easy. The app integrates well into iOS and is rather fast in navigation and search. And it does not burn your bandwidth that much, nor the offline storage is exceeded. I was a bit surprised when comparing that to Play Music, but I don’t have any comparison numbers – only a feeling that it’s less. I do use wifi at home, and have Telekom LTE on the road, so not really an issue.

IMG_0115IMG_0128What I really like about Spotify is that it’s just one service, and it’s perfect for what it is and does. Even if Tiesto’s Club Life is exclusive to TheFuture.fm (their iOS app is magnificant too), I even get to listen to Armin van Buurens ASOT exclusively. And looking at Bernd’s playlists I feel confident that mine fit perfectly in there. Including my strange taste for every mood.

Besides, if you’re wondering which music I’m playing when hacking Icinga – that’s currently Club Life 404 and 400 (4h best of!) and a Minimal // Deep House playlist. Icinga wouldn’t have happened without this kind of music, I’m fairly certain about that 🙂


Git sub modules push creates remote error

When using git submodules it’s sometimes necessary to push local changes directly to the upstream origin. In older git versions it was possible to just edit the main `.git/config` file and change the git submodule origin from ‘git://’ to ssh.

michi@imagine ~/coding/icinga/icinga-core/docbook (master) $ grep -A 1 docbook ../.git/config
[submodule "docbook"]
url = git@git.icinga.org:icinga-doc.git

michi@imagine ~/coding/icinga/icinga-core/docbook (master) $ git push origin master
fatal: remote error: access denied or repository not exported: /icinga-doc.git

But apparently this does not work anymore. So where’s the problem? Check the remote push origin:

michi@imagine ~/coding/icinga/icinga-core/docbook (master) $ git remote -v
origin git://git.icinga.org/icinga-doc.git (fetch)
origin git://git.icinga.org/icinga-doc.git (push)

Ok, nothing has changed. Googling leads to this thread.

Editing the git submodule config fixes the problem.

michi@imagine ~/coding/icinga/icinga-core/docbook (master) $ grep -B 1 icinga-doc ../.git/modules/docbook/config
[remote "origin"]
url = git@git.icinga.org:icinga-doc.git