Friday, December 17, 2010

ssh, socks, and selinux

Trying to use ssh's -D option to setup a SOCKS proxy and getting the error below?

channel 3: open failed: administratively prohibited: open failed

If you are running SELinux (e.g. Fedora), you need to run:

# setsebool -P sshd_forward_ports on

Monday, August 2, 2010

Confirm your dns recursive resolver

I just encountered this elegant implementation for a service that confirms what dns resolver is performing your recursive queries. Just go to

The implementation details are at

Monday, July 26, 2010

VirtualBox rocks

I used VMware Server 1 for the longest time to run several Linux virts. I needed to reinstall virtualization software on a new PC, but VMware Server version 2 is horrible, just awful. So instead of reinstalling the old version 1, which is a dead end, I decided to try VirtualBox. I tried it last year, but I didn't have a good experience. This time I'm very impressed. It has exactly the right set of features to quickly and simply create virts, without extra bloatiness.

Nice work, Sun, er, Oracle.

Saturday, July 3, 2010

Windows 7 shortcut arrow is too big

The Windows 7 shortcut indicator arrow is way too big. It covers a fourth of the actual icon.

Here's a procedure that worked for me to switch to the smaller XP overlay arrow:

Tuesday, June 29, 2010

iTunes auto delete won't work -- fixed

I upgraded to a new computer with Windows 7 and moved my iTunes library to it. Right away I noticed that podcast auto delete was not working, even when I right-clicked on specific podcasts and made sure that "Allow Auto Delete" was on.

The fix was to open the podcast settings dialog and change the "episodes to keep" option. The problem is that in the latest iTunes, it's not obvious where to find that dialog box. It's not in the main preferences dialog. Instead find it by going to the podcasts view. Then look at the bottom of the window. You'll find "Unsubscribe" and "Settings..." buttons. Click "Settings...", then change the "Settings for:" field to "Podcast Defaults". Set "Episodes to keep:" to "All unplayed episodes".

Wednesday, June 16, 2010

Fedora, Postfix, and SELinux

Getting these types of errors in /var/log/maillog?

Jun 16 09:47:14 myhostname postfix/local[25474]: C269521F8C: to=, relay=local, delay=0.07, delays=0.02/0/0/0.04, dsn=5.2.0, status=bounced (cannot update mailbox /var/mail/root for user root. unable to create lock file /var/mail/root.lock: Permission denied)

You're running into SELinux denials for local mail delivery. In Fedora, correct that with:

# togglesebool allow_postfix_local_write_mail_spool

EDIT: I just realized that togglesebool only changes the running config and does not survive reboots. The permanent fix is:

# setsebool -P allow_postfix_local_write_mail_spool 1

Saturday, February 6, 2010


YM845VKM3QX - Serial number of my son's iPod Nano stolen from Newport High School in January 2010... :(