We’re having a fun snow day today in my part of the world. We’re expected to get somewhere between 12″ and 24″ of snow. As I type this, we’re at around 8″ of snow and it hasn’t stopped pouring the snow since around 9 AM this morning.
Now you might be wondering, just what does this have to do with the blog? Well I wanted a way to post some snow pictures to a forum, and didn’t want to use Imgur or Droplr. So I created a directory within /var/www/html on the server, set proper permissions, and started uploading photos from the camera roll on my iPhone. However I didn’t want to post photos with GPS data embedded in them. A quick trip to Google revealed a command line tool that’s perfect for the job. I had no idea exiftool existed, but it does and it does its job well. A quick run of the tool and my photos were metadata free.
Exiftool can be downloaded from your disto’s package system, and the quick example I used on how to use it can be found at Linux Magazine
So you may have noticed that the blog now accepts HTTPS connections! That’s right, https://www.thesysadminlife.com is now a working and valid URL. I joined the beta of Let’s Encrypt, it took about 5 minutes to setup and couldn’t have been easier (especially considering what a pain in the ass SSL certs have typically been).
This site runs on Apache, which is supported web server for Let’s Encrypt client. I got a copy of the latest code from Git, and ran the following command
./letsencrypt-auto --apache -d thesysadminlife.com -d www.thesysadminlife.com
It churned for a few minutes and then asked which Apache config file contains the virtual host settings for my site. I am running Debian on a VPS that was provisioned from scripts, so there were three options to pick from and I wasn’t sure which one was correct. My first attempt failed, so I re-ran the command above and picked the option to re-install the already provisioned cert. With a different choice, it succeeded and everything worked fine. I was also given the choice to redirect HTTP traffic to HTTPS traffic or to accept both. Since this site is just a personal blog, I chose to accept both types (for now).
One thing I didn’t know before starting this was the certificates from Let’s Encrypt are only valid for 90 days. I followed the instructions and easily setup a cron job that renews the cert every 60 days, giving me a month of buffer time in case something goes wrong.
It really was the best experience I’ve ever had when dealing with server certificates. I’m not sure how it could have been easier. I can completely recommend this service to anyone wanting to secure their site (though for an e-commerce site, perhaps a paid cert would be a better choice).
For setup instructions, check out the instructions over at Let’s Encrypt.
I ran into an issue the other day where a file on a network share ended up with its NTFS permissions being hosed in such a way that no one could edit, delete, or even take ownership of it. I’m not sure how it happened, but it did and the ticket ended up with me to get it fixed.
Nothing I did in the GUI could fix the problem. I could see the filesystem security attributes were hosed and nothing, not even taking ownership, would successfully complete. After a quick visit to Google, I found the Technet page for takedown.exe. It’s basically a tool for sysadmin’s to take ownership of a file with borked permissions. Perfect! That’s exactly what I need.
Unfortunately, it didn’t work and failed with a non-helpful generic error. Turns out I was having a case of the stupids and the file was locked by a crashed application. Killing the processes released the lock on the file and then I was able to delete the file and restore it from the previous days backup. On the plus side, I found what looks to be a great tool to keep bookmarked for the future!