DN42 is a wonderful project that allows you to develop your BGP skills without breaking the product environment, without having to have expensive devices to make a lab to do simulations with GNS3. At the same time, it should not be a purely laboratory environment in which there are no real-world problems. I participate with 1 node in the project for about a year. One of the problems in the project is 1:1 with the real world – when someone announces prefixes that they shouldn't announce. Because I'm lazy and I don't write filters by hand all the time, I solved the problem with an elementary bash script that generates a prefix-list named dn42 and I pour the valid prefixes in it.

#!/bin/bash</pre>
vtysh -c 'conf t' -c "no ip prefix-list dn42"; #drop old prefix list

while read pl
do
vtysh -c 'conf t' -c "$pl"; #insert prefix list row by row
done < <(curl -s https://ca.dn42.us/reg/filter.txt | grep -e ^[0-9] | awk '{ print "ip prefix-list dn42 seq " $1 " " $2 " " $3 " ge " $4 " le " $5}' | sed "s_/\([0-9]\+\) ge \1_/\1_g;s_/\([0-9]\+\) le \1_/\1_g");
vtysh -c 'wr' #write new prefix list

The list of valid prefixes is taken https://ca.dn42.us/reg/filter.txt from where the main pipeline + a few modifications on my part to be able to generate prefix sheets. Commands are executed through vtysh.

As you know CentOS 5 е EOL (End-Of-Life) from March 31st 2017. Which leads to the following very interesting problem:

# yum update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
&amp;amp;amp;amp;nbsp;Eg. Invalid release/
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
&amp;amp;amp;amp;nbsp;Eg. Invalid release/
removing mirrorlist with no valid mirrors: /var/cache/yum/extras/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: extras

The problem is short, that lists the CentOS mirrors 5 they are already lost and when we try to take content directly we get the following refusal:

# curl 'http://mirrorlist.centos.org/?release=5&amp;amp;amp;amp;arch=i386&amp;amp;amp;amp;repo=os'
Invalid release

In general, the most sensible idea is to reinstall the tin with a normal distribution., which supports a working distribution upgrade. Unfortunately, this is not the case with me, and this is not an option on the table at all. So we had to play a bit of a gypsy scheme – we start using Vault mirror. In a moment of perfectly clear creature and common sense I know, that I will not receive, any updates that are not the purpose of the exercise, а искаме просто да има работещ yum с, който да инсталирам пакет, който ми е необходим. За целта за коментираме всички mirrorlist променливи и добавяме baseurl в /etc/yum.repos.d/CentOS-Base.repo. Накрая получаваме yum repo от вида на

[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&amp;amp;amp;amp;arch=$basearch&amp;amp;amp;amp;repo=os
baseurl=http://vault.centos.org/5.11/os/i386/
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&amp;amp;amp;amp;arch=$basearch&amp;amp;amp;amp;repo=updates
baseurl=http://vault.centos.org/5.11/updates/i386/
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&amp;amp;amp;amp;arch=$basearch&amp;amp;amp;amp;repo=extras
baseurl=http://vault.centos.org/5.11/extras/i386/
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Finally we play a yum clean all && yum update. If everything ends without getting an error, then we have successfully completed the scheme and we can safely install the obsolete packages.

Mozilla Thunderbird

The idea is identical to my post Firefox databases VACUUM and REINDEX. For some time now, Debian has lost the rebranded versions of Mozilla products. When I migrated from Icedowe to Thunderbird, I thought about it, that I have not defragmented my database, and so far a serious amount of letters have leaked through my email client, email accounts and servers, users and passwords. The script is identical to the one from my previous post only with a slight modification for where to look for the files 🙂

Linux version

for db in $(find ~/.thunderbird/$(grep Path ~/.thunderbird/profiles.ini | cut -d'=' -f2) -maxdepth 1 -name "*.sqlite" -type f)
do
echo "VACUUM ${db}"
sqlite3 ${db} VACUUM
sqlite3 ${db} REINDEX
done

Mac os version

for db in $(find ~/Library/Thunderbird/$(grep Path ~/Library/Thunderbird/profiles.ini | cut -d'=' -f2)  -maxdepth 1  -name "*.sqlite" -type f)
do
echo "VACUUM && REINDEX ${db}"
sqlite3 "${db}" VACUUM;
sqlite3 "${db}" REINDEX;
done

Unlike Firefox's profile folder, Thunderbird's is in a pretty good way (without space) and no change to the delimiter is required.

Ever since google started to love https sites, more mass installation of SSLs is required where possible. In general, in addition to more harassment for servers, we also have a degradation in speed. It's good, that HTTP2 the standard has been integrated in all major http servers and browsers for over a year and a half and its support is stable enough. Unfortunately debian stable does not have packages that support HTTP2 in the main http servers. The versions we need for HTTP2 to work are as follows:

For me the mix is ​​big and depending depends on apache or nginx. I haven't played playing debian's apache http2 yet 8 since I didn't have to but in backports the repo is like that, that won't be a big deal. For nginx has already played it several times. In general, the steps are several and relatively simple:

  1. We add the nginx official repo – in debian the version is 1.6.x 🙄
  2. Installing openssl from backports is currently 1.0.2k – this is what we need for ALPN maintenance so that everything can work and be fast
  3. we install our devscripts – here is the moment to share that we will build our package because the official one is compiled with openssl 1.0.1t where ALPN does not work and the browsers do not respond well and the http2 works only if you force it
  4. we increment the version so as not to hold the gypsies with the packages and when there is a new version only to sync sources

Let's start step by step

Add nginx repo

deb http://nginx.org/packages/debian/ codename nginx
deb-src http://nginx.org/packages/debian/ codename nginx

Adding openssl 1.0.2k and the dev library otherwise we will build it again with 1.0.1t which is not our goal

echo 'deb http://ftp.debian.org/debian jessie-backports main' | tee /etc/apt/sources.list.d/backports.list

apt update && apt install libssl-dev -t jessie-backports

 

Now it remains to add the libraries needed to compile nginx

apt install devscripts

apt build-dep nginx

mkdir nginx-build

cd nginx-build

apt-get source nginx

If you have worked correctly you must have a structure like

~/nginx-build # ll
total 1004
drwxr-xr-x 10 root root   4096 Feb 21 18:37 nginx-1.10.3
-rw-r--r--  1 root root 103508 Jan 31 17:59 nginx_1.10.3-1~jessie.debian.tar.xz
-rw-r--r--  1 root root   1495 Jan 31 17:59 nginx_1.10.3-1~jessie.dsc
-rw-r--r--  1 root root 911509 Jan 31 17:59 nginx_1.10.3.orig.tar.gz

Влизате в папта в която е разархивиран сорса на nginx в моят случай е и nginx-1.10.3 изпълнявате команда с която инкрементирате версията, I personally prefer to add 1 to the current build

debchange --newversion 1.10.3-1

After adding the changelog of your choice, you can proceed to the actual compilation

debuild -us -uc -i -I -b -j6

A little explanation of the command configuration:

-us -uc tell the script not to “signs” .dsc and .changes files. -i and -I cause the script to ignore version control files. -B to generate only a binary package. -j as in make with how many parallel processes to compile 🙂

 

Once the above process is complete, we should install our new packages. If you already have nginx installed, it's a good idea to uninstall it

apt remove nginx nginx-*

It's also a good idea to back up the nginx folder in / etc. Basically when upgrading from 1.6.5 to 1.10.3 I had no dramas but you never know. The new packs are located in the top-level folder and should be installed with a command such as:

dpkg -i ../*.deb

If everything went smoothly, all you have to do is run the nginx process and configure http2, which is no longer the goal of this article..

A clever trick to improve the speed of your firefox browser is by vacuuming its sqlite database. The VACUUM process rebuilds the database, thus defragmenting it, reduces the size and makes searching in it faster, using disk more efficiently may also reduce the load on your disk as it reads in sequence from my sectors. In general, this applies to any database that does not automatically perform vacuum / defrag on itself.

The process of defragmenting the Firefox database itself is quite trivial – we perform sqlite3 db-file VACUUM in the firefox profile directory. In linux, the path to it is usually ~ / .mozilla / firefox / random-name.default. In principle, you should only have 1 directory in .mozilla / firefox if you have more you can check ~ / .mozilla / firefox / profiles.ini for the correct directory in your browser's profile. Since I don't care about doing the process by hand, I wrote an elementary script to defragment the databases.:

for db in $(find ~/.mozilla/firefox/$(grep Path ~/.mozilla/firefox/profiles.ini | cut -d'=' -f2) -maxdepth 1 -name "*.sqlite" -type f)
do
   echo "VACUUM ${db}"
   sqlite3 ${db} VACUUM
   sqlite3 ${db} REINDEX
done

After executing the script, the search in the history and the loading of the fox itself is significantly faster. I guess the script can be used in Mac OS with small modifications.

p.s Here is the option for Mac OS X. – tested on Mac OS X Sierra. We have to force the delimiter to be a new line because of space in the path to the folder that contains the firefox profile

OIFS="$IFS"
IFS=$'\n'
for db in $(find ~/Library/Application\ Support/Firefox/$(grep Path ~/Library/Application\ Support/Firefox/profiles.ini | cut -d'=' -f2)  -maxdepth 1  -name "*.sqlite" -type f)
do
echo "VACUUM && REINDEX ${db}"
sqlite3 "${db}" VACUUM;
sqlite3 "${db}" REINDEX;
done