After commuting close to 1000kms a week for 6 years, I have decided to the the leap and move to Toronto. After all, I was here around 4 nights a week, and having to commute back and forward between Mississauga and Toronto had become a hassle. This would also increase my work drive (from 85kms each way to 115kms), but luckily my client agreed for me to work remote 4 days of the week, with made my move even more possible.

Seeing how I would be working from home most of the week, and how my office would be in the living room of our new place, I needed a space that not only was functional, but that could hold my three 27” monitors have have a clean look. I also wanted a standing desk because I can no longer get used to sitting the whole day.

After searching pinterest and online for ideas, I finally had a plan and knew what parts I would need.

And here’s the final work:

The Wall

The space I had was perfect. The back wall has the length of 64”, with 4 wood studs distributed evenly with 16” of space. The side wall had a stud 13” away from the corner, and another stud 16” away from it. I needed to leave space for the cabling since I did not want to bring it through the wall. Space was needed on the left for my NAS cables to go through, and in the middle for the cables coming down from the monitors, LEDs and keyboard and mouse.

The Monitor Mount

For the monitors I purchased the 3x mounts below on Amazon. I have the two main monitors mounted to a piece of plywood, which is in turn attached to the wall.

Support

I’m using 3x pieces of 2x4 over 4 wood studs, and an Ikea’s Gerton extendable leg

Table Top

The table is solid wood and also from Ikea - GERTON Table top, beech. It measures 61” L by 29” ½ W.

Because this is a stand-up desk, the top of table sits at 42” from the floor.

Lighting

I’m using the cheap 12v LEDs that you can buy anywhere.

For behind the monitors, I have cut the strips and I’m connecting them with also cheap LED connectors.

The table LEDs go through an aluminum channel.

Cabling

I’m using Ikea’s Signum Cable management under the desk and the Uppleva Cord cover strip, white to hide the cables on the wall.

Controlling the Lighting

I’m using a custom bash script running on the background that checks if my monitors are on or off, and turns on the lights via curl commands to a Wemo Switch:

• wemo_control.sh
• desktop-led.sh

Other Stuff on My Desktop

• Case (FreeNAS) - Lian Li, PC-Q25
• Speakers - Edifier, Exclaim
• Linux plush
• Suse plush
• Dyzplastic Android Mini Collectible Figure
• RioRand ligh cube

Have you ever had the need to create a web server to perform a test? Well, here are a few quick options on how to do this.

Got Netcat?

If you have Netcat on the server (which is pretty easy to get), then you can do this.

Example 1: Display the date and the text “It works”

nc -kl 10001 -c 'echo -e "HTTPS/1.1 200 OK\r\n\r\n$(date)\r\n\r\nIt works"'

Example 2: Display an index.html file

nc -kl 10001 -c 'echo -e "HTTPS/1.1 200 OK\r\n\r\n$(cat index.html)"'

Example 3: Using HTTPS

a. First get a set of self-signed certificate and key (either generate or download here - http://www.selfsignedcertificate.com/)

b. Add the certificate to the server and run netcate with the following parameters

nc -l -p 10001 -k --ssl --ssl-cert ca.crt --ssl-key ca.key -c 'echo -e "HTTP/1.1 200 OK\r\n\r\n$(date)\r\n\r\nIt works"'

Python

This is the easiest one, as long as you have Python on that system. Just run the commands below and you are set. If you have an index file on that folder, Python will display, otherwise it will do a directory listing.

$ python -m SimpleHTTPServer 8888
Serving HTTP on 0.0.0.0 port 8888 ...

Using HTTPS/SSL

And you can also create aN SSL enabled listener with Python. For this test, you will need to have the certificate and key in pem format.

Pyton 3

from http.server import HTTPServer, BaseHTTPRequestHandler
import ssl


httpd = HTTPServer(('localhost', 4443), SimpleHTTPRequestHandler)

httpd.socket = ssl.wrap_socket (httpd.socket,
        keyfile="path/to/key.pem",
        certfile='path/to/cert.pem', server_side=True)

httpd.serve_forever()

Python 2.x

import BaseHTTPServer, SimpleHTTPServer
import ssl


httpd = BaseHTTPServer.HTTPServer(('localhost', 4443),
        SimpleHTTPServer.SimpleHTTPRequestHandler)

httpd.socket = ssl.wrap_socket (httpd.socket,
        keyfile="path/tp/key.pem",
        certfile='path/to/cert.pem', server_side=True)

httpd.serve_forever()

So you are trying to load GitLab inside another page via iframe, and you are not able to. Due to security reasons, this is default behavior for GitLab, and as per the project (see issue 2347, this will not change, and I agree).

However for some internal users this might not be the best approach, so here’s how to enable it.

Browse to your install directory and go to your ‘nginx’ folder. If you are not sure where it is, with your GitLab instance running, use the following command (assuming you are using port 8888).

# netstat -anp | grep 8888
tcp        0      0 0.0.0.0:8888                0.0.0.0:*                   LISTEN      19761/nginx

Now use the PID to find where ‘nginx’ is running:

# ps -ef | grep 19761
root     19761  1029  0 13:12 ?        00:00:00 nginx: master process /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx

Browse to the config folder and edit the ‘gitlab-http.conf’

# cd /var/opt/gitlab/nginx/conf

# vim gitlab-http.conf

Add the line proxy_hide_header X-Frame-Options;in thelocation /` code block

 location / {
     ## Serve static files from defined root folder.
     ## @gitlab is a named location for the upstream fallback, see below.
     try_files $uri $uri/index.html $uri.html @gitlab;
   }


   proxy_hide_header X-Frame-Options;

Comment the line proxy_hide_header X-Frame-Options; if present

location @gitlab {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.


    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header   X-Frame-Options   SAMEORIGIN;
    #proxy_hide_header X-Frame-Options;

    proxy_pass http://gitlab;
  }

Restart GitLab

# gitlab-ctl restart
ok: run: logrotate: (pid 31748) 1s
ok: run: nginx: (pid 31752) 0s
ok: run: postgresql: (pid 31757) 1s
ok: run: redis: (pid 31766) 0s
ok: run: sidekiq: (pid 31774) 0s
ok: run: unicorn: (pid 31786) 0s

That should be it!!!

We had the need at work to monitor DNS calls made by an application in a RHEL system in order to stabilish if a connection pool config change had taken full effect, or if we had missed any configuration file. And the solution was to use SystemTap for this task.

SystemTap (stap) is a scripting language and tool that simplifies the gathering of information about the running Linux system. It allows you to monitor and trace the operation of a Linux kernel.

It should be present on most RHEL server installs, but for other desktop based distros (like Arch), you might need to install it.

Overview

The image below shows you the sript working and recording DNS lookup from Firefox (note the difference on the amount of connections between Google/Yahoo vs DuckDuckGo).

Installation

Install systemtap and linux-headers:

pacman -Syu systemtap linux-headers

Initial Config and Test

Because we are trying to figure out how the application makes DNS calls, we need to find where our libc6 library lives so we can probe it for requests (most likelly /usr/lib/libc.so.6 for Arch).

pacman -Ql glibc | grep '/libc.*so'
glibc /usr/lib/libc-2.26.so
glibc /usr/lib/libc.so
------------------------
glibc /usr/lib/libc.so.6
------------------------
glibc /usr/lib/libcidn-2.26.so
glibc /usr/lib/libcidn.so
glibc /usr/lib/libcidn.so.1
glibc /usr/lib/libcrypt-2.26.so
glibc /usr/lib/libcrypt.so
glibc /usr/lib/libcrypt.so.1

To test it, make sure the string probe process("/usr/lib/libc.so.6") has the location for libc6 on your system and run the command below:

sudo /usr/bin/stap -e 'probe process("/usr/lib/libc.so.6").function("getaddrinfo") { log(execname()) }'

You may get the following warning when running the script:

WARNING: Kernel function symbol table missing [man warning::symbols]

This is because Systemtap may need a linux-build style System.map file to find addresses of kernel functions/data. Try the command below to create it by hand:

sudo cp /proc/kallsyms /boot/System.map-`uname -r`

Running It

You can run the script below (or just the code) as root to monitor the connections. Output will be displayed on your current terminal, or you can choose to save it to a file.

_#!/bin/bash


system_stap="/usr/bin/stap"

_getaddrInfo () {
  /usr/bin/stap -e 'probe process("/usr/lib/libc.so.6").function("getaddrinfo")
{
  printf("| %-15s| %-7d| %-35s |\n", execname(), pid(), kernel_string(pointer_arg(1)))
}'
}

echo ""
printf "| %-15s| %-7s| %-35s |\n" "Process" "PID" "Destination Name"
echo "|----------------|--------|-------------------------------------|"


while true ; do
  _getaddrInfo
done

probe
  process("/lib64/libc.so.6").function("__gethostbyname_r").call,
  process("/lib64/libc.so.6").function("gethostbyname").call,
  process("/lib64/libc.so.6").function("__gethostbyname2_r").call,
  process("/lib64/libc.so.6").function("gethostbyname2").call,
  process("/lib64/libc.so.6").function("__new_gethostbyname2_r").call
{
	printf("[%s][%d]->%s(%s)\n", execname(), pid(), user_string(pointer_arg(1)), kernel_string(pointer_arg(1)))
}

Output:

$ sudo ./getAdreessInfo.sh
[sudo] password for victor:           

| Process        | PID    | Destination Name                    |
|----------------|--------|-------------------------------------|
| WorkerPool/5863| 5104   | adservice.google.ca                 |
| WorkerPool/6005| 5104   | apis.google.com                     |
| WorkerPool/1335| 5104   | clients5.google.com                 |
| WorkerPool/5823| 5104   | notifications.google.com            |
| WorkerPool/1856| 5104   | lh3.googleusercontent.com           |
| WorkerPool/5297| 5104   | ogs.google.com                      |
| WorkerPool/5823| 5104   | www.google.com                      |
| WorkerPool/1335| 5104   | www.gstatic.com                     |
| WorkerPool/5863| 5104   | uaswitcher.org                      |
| WorkerPool/6005| 5104   | fonts.gstatic.com                   |
| WorkerPool/5823| 5104   | play.google.com                     |

Closing Notes

The uses for SystemTap are very wide and diverse. You will be able to find great tutorials and documentation online. I’m also providing a few links below to some great documentation to get you started.

• Red Hat Enterprise - SystemTap Beginners Guide
• Arch Linux Wiki - SystemTap
• IBM Developerworks - Linux introspection and SystemTap
• Ubuntu Wiki - SystemTap

Special parameters are set by the shell to store information about aspects of its current state, such as the number of arguments and the exit code of the last command. Special parameters can only be referenced and cannot have it’s value assigned.

Special parameters are: $*, $@, $#, $$, $!, $?, $0, $-, $_