Redesign for Github Pages

Gergely Polonkai 9 years ago
parent c76175799b
commit 1501da4d18

@ -0,0 +1,14 @@
# Site settings
title: Gergely Polonkai
description: "developer, systems engineer and administrator"
baseurl: ""
url: ""
timezone: Europe/Budapest
name: Gergely Polonkai
paginate: 10
paginate_path: "/blog/page/:num"
# Build settings
markdown: kramdown
permalink: pretty

@ -0,0 +1,20 @@
Gergely Polonkai is a systems engineer of a telco company, and
also a freelancer developer.
He is learning about different IT subjects since the late
1990s. These include web development, application building,
systems engineering, IT security and many others. He also dug his
nose deeply into free software, dealing with different types of
Linux and its applications,
while also writing and contributing to some open source projects.
On this site he is writing posts about different stuff he faces
during work (oh my, yet another IT solutions blog), hoping they
can help others with their job, or just to get along with their
brand new netbook that shipped with Linux.

@ -0,0 +1,29 @@
<article class="col-sm-5 col-md-6 blog_post">
<ul class="list-inline">
<li class="col-md-8">
<h4><a href="{{post.url | prepend: site.baseurl}}">{{post.title}}</a></h4>
<div class="pull-left">
<span>Posted by : <a class="link_orange" href="mailto:{{}}"><span class="txt_orange">{{}}</span></a></span>
<div class="pull-right">
<span class="post-date">{{ | date: "%b %-d, %Y"}}</span>
<span class="post-time">{{ | date: "%H:%M" }}</span>
<div class="clearfix"> </div>
<p class="blog_text">{{post.excerpt}}</p>
<p class="article-tags">
{% for tag in post.tags %}
<span class="blog-tag"><a href="{{tag | prepend: '/blog/tag/' | prepend: site.baseurl}}">{{ tag }}</a></span>
{% endfor %}
{% if counter == 'even' %}
<div class="clearfix"></div>
{% endif %}

@ -0,0 +1,14 @@
<div id="disqus_thread"></div>
<script type="text/javascript">
var disqus_shortname = 'gergelypolonkai';
(function() {
var dsq = document.createElement('script');
dsq.type = 'text/javascript';
dsq.async = true;
dsq.src = '//' + disqus_shortname + '';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
<noscript>Please enable JavaScript to view the <a href="">comments powered by Disqus.</a></noscript>
<a href="" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>

@ -0,0 +1,14 @@
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="keywords" content="{{ page.keywords }}">
<meta name="description" content="Personal page of Gergely Polonkai">
<title>Gergely Polonkai{% if page.title %}: {{ page.title }}{% endif %}</title>
<link rel="icon" type="image/x-icon" href="{{site_url}}/favicon.ico">
<link href=",300,300italic,400italic,600,600italic,700,700italic,800,800italic" rel="stylesheet" type="text/css">
<link rel="alternate" type="application/rss+xml" title="Gergely Polonkai's Blog - RSS Feed" href="{{site.url}}/blog/atom.xml">
<link rel="stylesheet" type="text/css" href="//">
<script type="text/javascript" src="//"></script>
<script src="//"></script>

@ -0,0 +1,44 @@
<div class="navbar navbar-inverse">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#gp-navbar">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<a class="navbar-brand" href="{{site_url}}/"><img src="{{site.baseurl}}/images/profile.svg" alt="Gergely Polonkai" style="background-color: white; height: 45px; margin-top: -13px;"></a>
<div class="collapse navbar-collapse" id="gp-navbar">
<ul class="nav navbar-nav">
<li><a href="{{site_url}}/about">About me</a></li>
<li><a href="{{site_url}}/blog">Blog</a></li>
<li><a href="{{site_url}}/resume">Resume</a></li>
<ul class="nav navbar-nav navbar-right">
<li><a href="{{site_url}}/disclaimer">Disclaimer</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><span class="glyphicon glyphicon-pencil"></span> Contact me <span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="" target="_blank"><img src="{{site_url}}/images/email_16.png" alt="" /> E-mail</a></li>
<li><a href="" target="_blank"><img src="{{site_url}}/images/linkedin_16.png" alt="" /> LinkedIn</a></li>
<li><a href="skype:gergely.polonkai" target="_blank"><img src="{{site_url}}/images/skype_16.png" alt="" /> Skype</a></li>
<li><a href="" target="_blank"><img src="{{site_url}}/images/facebook_16.png" alt="" /> Facebook</a></li>
<li><a href="" target="_blank"><img src="{{site_url}}/images/google_plus_16.png" alt="" /> Google+</a></li>
<li><a href="gtalk:chat?" target="_blank"><img src="{{site_url}}/images/googletalk_16.png" alt="" /> Hangouts</a></li>
<li><a href="" target="_blank"><img src="{{site_url}}/images/twitter_16.png" alt="" /> Twitter</a></li>
<li><a href="" target="_blank"><img src="{{site_url}}/images/tumblr_16.png" alt="" /> Tumblr</a></li>
<li><a href="" target="_blank"><img src="{{site_url}}/images/deviantart_16.png" alt="" /> deviantArt</a></li>
<li><a href="{{site_url}}/blog/atom.xml"><img src="{{site_url}}/images/rss_16.png" alt="" /> RSS Feed</a></li>
<div class="jumbotron">
<h1 class="text-right">
Gergely Polonkai<br>
<small>developer, systems engineer and administrator</small>

@ -0,0 +1,17 @@
<ul class="pagination">
<li{% if paginator.previous_page == null %} class="disabled"{% endif %}>
<a href="{{ paginator.previous_page_path | prepend: site.baseurl | replace: '//', '/' }}" aria-label="Previous page">
<span aria-hidden="true">&laquo;</span>
{% for page in (1...paginator.total_pages) %}
<li{% if == page %} class="active"{% endif %}><a href="{% if page == 1 %}{{ '/blog' | prepend: site.baseurl }}{% else %}{{ site.paginate_path | prepend: site.baseurl | replace: '//', '/' | replace: ':num', page }}{% endif %}">{{ page }}</a></li>
{% endfor %}
<li{% if paginator.next_page == null %} class="disabled"{% endif %}>
<a href="{{ paginator.next_page_path | prepend: site.baseurl | replace: '//', '/' }}" aria-label="Next page">
<span aria-hidden="true">&raquo;</span>

@ -0,0 +1,43 @@
<!DOCTYPE html>
{% include head.html %}
<div class="container">
{% include header.html %}
{% if != 'about.html' %}
<div class="well well-sm small">
<div class="pull-left"><img src="{{'/images/profile.png' | prepend: site.baseurl}}" alt=""></div>
{% include about.html %}
<div class="clearfix"></div>
{% endif %}
<script type="text/javascript">
$(document).ready(function() {
$('#tagcloud-button').click(function() {
(function() {
var po = document.createElement('script');
po.type = 'text/javascript';
po.async = true;
po.src = '';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(po, s);
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//','ga');
ga('create', 'UA-43569023-1', '');
ga('send', 'pageview');

@ -0,0 +1,14 @@
layout: default
<div class="post">
<header class="post-header">
<h2>{{ page.title }}</h2>
<article class="post-content">
{{ content }}

@ -0,0 +1,36 @@
layout: default
<div class="post">
<header class="post-header">
<h3>{{ page.title }} <div class="plusone-container"><div class="g-plusone" data-annotation="inline" data-size="small" data-width="300"></div></div></h3>
<p class="meta">{{ | date: "%b %-d, %Y :: %H:%M" }}{% if %} • {{ }}{% endif %}{% if page.meta %} • {{ page.meta }}{% endif %}</p>
<article class="post-content">
{{ content }}
<p class="article-tags">
{% for tag in page.tags %}
<a href="{{tag | prepend: '/blog/tag/' | prepend: site.baseurl}}" class="label label-default">{{ tag }}</a>
{% endfor %}
<div class="g-plus" data-action="share" data-height="15"></div>
<ul class="pager">
{% if page.previous %}
<li><a href="{{page.previous.url | prepend: site.baseurl}}">&larr; {{page.previous.title}}</a></li>
{% endif %}
{% if %}
<li><a href="{{ | prepend: site.baseurl}}">{{}} &rarr;</a></li>
{% endif %}
{% include disqus.html %}

@ -0,0 +1,13 @@
layout: default
<h3>Articles under this tag</h3>
{% if site.tags[page.tag] %}
{% for post in site.tags[page.tag] %}
{% include blog-post-list.html %}
{% endfor %}
<div class="clearfix"></div>
{% else %}
No posts with this tag.
{% endif %}

@ -0,0 +1,31 @@
#! /bin/sh
# Find all tags in all posts under _posts, and generate a file for
# each under blog/tag. Also, if a tag page does not contain the tag:
# or layout: keywords, the script will include them in the front
# matter.
for tag in `grep -h ^tags: _posts/* | sed -e 's/^tags: \[//' -e 's/\]$//' -e 's/, /\n/g' | sort | uniq`
if [ ! -f $tag_file ]
cat <<EOF > $tag_file
layout: posts_by_tag
tag: $tag
if ! grep "^tag: ${tag}$" $tag_file &> /dev/null
sed -i "0,/---/! s/---/tag: $tag\\n---/" $tag_file
if ! grep "^layout: " $tag_file &> /dev/null
sed -i "0,/---/! s/---/layout: posts_by_tag\\n---/" $tag_file

@ -0,0 +1,29 @@
layout: post
title: "Ethical Hacking 2012"
date: 2011-05-12 20:54:42+00:00
tags: [conference]
permalink: /blog/2011/5/12/ethical-hacking-2011
published: true
name: Gergely Polonkai
Today I went to the Ethical Hacking conference with my boss. It was my first
appearance at such conferences, but I hope there will be more. Although we
just started to redesign our IT security infrastructure with a 90% clear goal,
it was nice to hear that everything is vulnerable. I was thinking if we should
sell all our IT equipments, fire all our colleagues (you know, to prevent
social engineering), and move to the South Americas to herd llamas or sheep,
so the only danger would be some lurking pumas or jaguars. Or I simply leave
my old background image on my desktop, from the well-known game, which says:
Trust is a weakness.
Anyways, the conference was really nice. We heard about the weaknesses of
Android, Oracle, and even FireWire. They showed some demos about everything,
exploited some free and commercial software with no problem at all. We have
seen how much power the virtualisation admin has (although I think it can be
prevented, but Im not sure yet). However, in the end, we could see that the
Cloud is secure (or at least it can be, in a few months or so), so Im not
totally pessimistic. See you next time at Hacktivity!

@ -0,0 +1,88 @@
layout: post
title: "Gentoo hardened desktop with GNOME 3 Round one"
date: 2011-05-12 20:32:41+00:00
tags: [gentoo, gnome3, selinux]
permalink: /blog/2011/5/12/gentoo-hardened-desktop-with-gnome-3-round-one
published: true
name: Gergely Polonkai
After having some hard times with Ubuntu (upgrading from 10.10 to 11.04), I
decided to switch back to my old friend, Gentoo. As Im currently learning
about Linux hardening, I decided to use the new SELinux profile, which
supports the v2 reference policy.
Installation was pretty easy, using the [Gentoo x86
Handbook]( This profile
automatically turns on the `USE=selinux` flag (so does the old SELinux
profile), but deprecated `FEATURE=loadpolicy` (which is turned on by the
profile, so portage will complain about it until you disable it in
For the kernel, I chose `hardened-sources-2.6.37-r7`. This seems to be recent
enough for my security testing needs. I turned on both SELinux, PaX and
grsecurity. So far, I have no problem with it, but I dont have X installed
yet, which will screw up things for sure.
After having those hard times with Ubuntu mentioned before, I decided not to
install Grub2 yet, as it renders things unusable (eg. my Windows 7
installation, which I sometimes need at the office). So I installed Grub 0.97
(this is the only version marked as stable, as I remember), touched
`/.autorelabel`, and reboot.
My first mistake was using an UUID as the root device on the kernel parameter
list (I dont want to list all the small mistakes like forgetting to include to
correct SATA driver from my kernel and such). Maybe I was lame, but after
including `/dev/sda5` instead of the UUID thing, it worked like…
Well, charm would not be the good word. For example, I forgot to install the
lvm2 package, so nothing was mounted except my root partition. After I
installed it with the install CD, I assumed everything will be all right, but
I was wrong.
udev and LVM is a critical point in a hardened environment. udev itself
doesnt want to work without the `CONFIG_DEVFS_TEMPFS=y` kernel option, so I
also had to change that. It seemed that it can be done without the install CD,
as it compiled the kernel with no problems. However, when it reached the point
when it compresses the kernel with gzip, it stopped with a `Permission denied`
message (although it was running with root privileges).
The most beautiful thing in the hardened environment with Mandatory Access
Control enabled) is that root is not a real power user any more by default.
You can get this kind of messages many times. There are many tools to debug
these, I will talk about these later.
So, my gzip needed a fix. After digging a bit on the Internet, I found that
the guilty thing is text relocation, which can be corrected if gzip is
compiled with PIC enabled. Thus, I turned on `USE=pic` flag globally, and
tried to remerge gzip. Of course it failed, as it had to use gzip to unpack
the gzip sources. So it did when I tried to install the PaX tools and gradm to
turn these checks off. The install CD came to the rescue again, with which I
successfully recompiled gzip, and with this new gzip, I compressed my new
kernel, with which udev started successfully. So far, so good, lets try to
Damn, LVM is still not working. So I decided to finally consult the Gentoo
hardened guide. It says that the LVM startup scripts under `/lib/rcscripts/…`
must be modified, so LVM will put its lock files under `/etc/lvm/lock` instead
of `/dev/.lvm`. After this step and a reboot, LVM worked fine (finally).
The next thing was the file system labelling. SELinux should automatically
relabel the entire file system at boot time whenever it finds the
`/.autorelabel` file. Well, in my case it didnt happen. After checking the
[Gentoo Hardening]( docs, I realised that the `rlpkg` program does exactly the same
(as far as I know, it is designed specifically for Gentoo). So I ran `rlpkg`,
and was kind of shocked. It says it will relabel ext2, ext3, xfs and JFS
partitions. Oh great, no ext4 support? Well, consulting the forums and adding
some extra lines to `/etc/portage/package.keywords` solved the problem (`rlpkg`
and some dependencies had to have the `~x86` keyword set). Thus, `rlpkg`
relabelled my file systems (I checked some directories with `ls -lZ`, it seemed
good for me).
Now it seems that everything is working fine, except the tons of audit
messages. Tomorrow I will check them with `audit2why` or `audit2allow` to see if
it is related with my SELinux lameness, or with a bug in the policy included
with Gentoo.

@ -0,0 +1,35 @@
layout: post
title: "Zabbix performance tip"
date: 2011-05-13 19:03:31+00:00
tags: [zabbix, monitoring]
permalink: /blog/2011/5/13/zabbix-performance-tip
published: true
name: Gergely Polonkai
Recently I have switched from [MRTG]( + [Cacti]( + [Nagios]( + [Gnokii]( to [Zabbix](, and I
must say Im more than satisfied with it. It can do anything the former tools
did, and much more. First of all, it can do the same monitoring as Nagios did,
but it does much more fine. It can check several parameters within one
request, so network traffic is kept down. Also, its web front-end can generate
any kinds of graphs from the collected data, which took Cacti away. Also, it
can do SNMP queries (v1-v3), so querying my switches port states and traffic
made easy, taking MRTG out of the picture (I know Cacti can do it either, it
had historical reasons we had both tools installed). And the best part: it can
send SMS messages via a GSM modem natively, while Nagios had to use Gnokii.
The trade-off is, I had to install Zabbix agent on all my monitored machines,
but I think it worths the price. I even have had to install NRPE to monitor
some parameters, which can be a pain on Windows hosts, while Zabbix natively
supports Windows, Linux and Mac OS/X.
So I only had to create a MySQL database (which I already had for NOD32
central management), and install Zabbix server. Everything went fine, until I
reached about 1300 monitored parameters. MySQL seemed to be a bit slow on disk
writes, so my Zabbix “queue” filled up in no time. After reading some forums,
I decided to switch to PostgreSQL instead. Now it works like charm, even with
the default Debian settings. However, I will have to add several more
parameters, and my boss wants as many graphs as you can imagine, so Im more
than sure that I will have to fine tune my database later.

@ -0,0 +1,29 @@
layout: post
title: "Gentoo hardened desktop with GNOME 3 Round two"
date: 2011-05-18 10:28:14+00:00
tags: [gentoo, gnome3, selinux]
permalink: /blog/2011/5/18/gentoo-hardened-desktop-with-gnome-3-round-two
published: true
name: Gergely Polonkai
After several hours of `package.keywords`/`package.use` editing and package
compiling, I managed to install GNOME 3 on my notebook. Well, I mean, the
GNOME 3 packages. Unfortunately the fglrx driver didnt seem to recognise my
ATI Mobility M56P card, and the open source driver didnt want to give me GLX
support. When I finally found some clues on what should I do, I had to use my
notebook for work, so I installed Fedora 14 on it. Then I realised that GNOME
3 is already included in Rawhide (Fedora 15), so I quickly downloaded and
installed that instead. Now I have to keep this machine in a working state for
a few days, so I will learn SELinux stuff in its native environment.
When I installed Fedora 14, the first AVC message popped up after about ten
minutes. That was a good thing, as I wanted to see `setroubleshoot` in action.
However, in Fedora 15, the AVC bubbles didnt show up even after a day. I
raised my left eyebrow and said thats impossible, SELinux must be disabled.
And its not! Its even in enforcing mode! And it works just fine. I like it,
and I hope I will be able to get the same results with Gentoo if I can get
back to testing…

@ -0,0 +1,41 @@
layout: post
title: "Citrix XenServer 5.5 vs. Debian 5.0 upgrade to 6.0"
date: 2011-05-27 17:33:41+00:00
tags: [citrix-xenserver, debian]
permalink: /blog/2011/5/27/citrix-xenserver-vs-debian-5-0-upgrade-to-6-0
published: true
name: Gergely Polonkai
Few weeks ago Ive upgraded two of our Debian based application servers from
5.0 to 6.0. Everything went fine, as the upgraded packages worked well with
the 4.2 JBoss instances. For the new kernel we needed a reboot, but as the
network had to be rebuilt, I postponed this reboot until the network changes.
With the network, everything went fine again, we successfully migrated our
mail servers behind a firewall. Also the Xen server (5.5.0, upgrade to 5.6
still has to wait for a week or so) revolted well with some storage disks
added. But the application servers remained silent…
After checking the console, I realised that they dont have an active console.
And when I tried to manually start them, XenServer refused with a message
regarding pygrub.
To understand the problem, I had to understand how XenServer boots Debian. It
reads the grub.conf on the first partitions root or `/boot` directory, and
starts the first option, without asking (correct me, if Im mistaken
somewhere). However, this pygrub thing can not parse the new, grub2 config.
This is kinda frustrating.
For the first step, I quickly installed a new Debian 5.0 system from my
template. Then I attached the disks of the faulty virtual machine, and mounted
all its partitions. This way I could reach my faulty 6.0 system with a chroot
shell, from which I could install the `grub-legacy` package instead of grub,
install the necessary kernel and XenServer tools (which were missing from both
machines somehow), then halt the rescue system, and start up the original
Next week I will do an upgrade on the XenServer to 5.6.1. I hope no such
problems will occur.

@ -0,0 +1,25 @@
layout: post
title: "Oracle Database “incompatible” with Oracle Linux?"
date: 2011-05-27 17:53:31+00:00
tags: [linux, oracle]
permalink: /blog/2011/5/27/oracle-database-incompatible-with-oracle-linux
published: true
name: Gergely Polonkai
Today I gave a shot to install [Oracle
Linux]( I thought I could easily install
an Oracle DBA on it. Well, I was naive.
As only the 5.2 version is supported by XenServer 5.5, I downloaded that
version of Oracle Linux. Installing it was surprisingly fast and easy, it
asked almost nothing, and booted without any problems.
After this came the DBA, 10.2, which bloated an error message in my face
saying that this is an unsupported version of Linux. Bah.
Is it only me, or is it really strange that Oracle doesnt support their own

@ -0,0 +1,30 @@
layout: post
title: "Proxy only non-existing files with mod_proxy and mod_rewrite"
date: 2011-06-10 14:20:43+00:00
tags: [apache]
permalink: /blog/2011/6/10/proxy-only-non-existing-files-with-mod-proxy-and-mod-rewrite
published: true
name: Gergely Polonkai
Today I got an interesting task. I had to upload some pdf documents to a site.
The domain is ours, but we dont have access to the application server that is
hosting the page yet. Until we get it in our hands, I did a trick.
I enabled `mod_rewrite`, `mod_proxy` and `mod_proxy_http`, then added the following
lines to my apache config:
{% highlight apache %}
RewriteEngine on
RewriteRule ^/$ [QSA,L,P]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$1 [QSA,L,P]
Order allow,deny
Allow from all
{% endhighlight %}
Im not totally sure its actually secure, but it works for now.

@ -0,0 +1,30 @@
layout: post
title: "Inverse of `sort`"
date: 2011-09-18 14:57:31
tags: [linux, command-line]
permalink: /blog/2011/9/18/inverse-of-sort
published: true
name: Gergely Polonkai
Im using \*NIX systems for about 14 years now, but it can still show me new
things. Today I had to generate a bunch of random names. Ive create a small
perl script which generates permutations of some usual Hungarian first and
last names, occasionally prefixing it with a Dr. title or using double first
names. For some reasons I forgot to include uniqueness check in the script.
When I ran it in the command line, I realized the mistake, so I appended
`| sort | uniq` to the command line. So I had around 200 unique names, but in
alphabetical order, which was awful for my final goal. Thus, I tried shell
commands like rand to create a random order, and when many of my tries failed,
the idea popped in my mind (not being a native English speaker): “I dont have
to create «random order», but «shuffle the list». So I started typing `shu`,
pressed Tab in the Bash shell, and voilà! `shuf` is the winner, it does just
exactly what I need:
shuf - generate random permutations
Thank you, Linux Core Utils! :)

@ -0,0 +1,16 @@
layout: post
title: "Why you should always test your software with production data"
date: 2011-12-11 12:14:51+00:00
tags: [development, testing, ranting]
permalink: /blog/2011/12/11/why-you-should-always-test-your-software-with-production-data
published: true
name: Gergely Polonkai
Im writing a software for my company in PHP, using the Symfony 2 framework.
Ive finished all the work, created some sample data, it loaded perfectly. Now
I put the whole thing into production and tried to upload the production data
into it. Guess what… it didnt load.

@ -0,0 +1,29 @@
layout: post
title: "PHP 5.4 released"
date: 2012-03-20 13:31:12+00:00
tags: [php]
permalink: /blog/2012/3/20/php-5-4-released
published: true
name: Gergely Polonkai
After a long time of waiting, PHP announced 5.4 release on 1 March (also,
today they announced that they finally migrate to Git, which is sweet from my
point of view, but it doesnt really matter).
About a year ago we became very agressive towards a developer who created our
internal e-learning system. Their database was very insecure, and they didnt
really follow industry standards in many ways. Thus, we forced them to move
from Windows + Apache 2.0 + PHP 5.2 + MySQL 4.0 to Debian Linux 6.0 + Apache
2.2 + PHP 5.3 + MySQL 5.1. It was fun (well, from our point of view), as their
coders… well… they are not so good. The code that ran “smoothly” on the
old system failed at many points on the new one. So they code and code, and
write more code. And they still didnt finish. And now 5.4 is here. Okay, I
know it will take some time to get into the Debian repositories, but its
here. And they removed `register_globals`, which will kill that funny code again
at so many points that they will soon get to rewrite the whole code to make it
work. And I just sit here in my so-much-comfortable chair, and laugh. Am I

@ -0,0 +1,34 @@
layout: post
title: "Fast world, fast updates"
date: 2012-03-27 06:18:43+00:00
tags: [linux]
permalink: /blog/2012/3/27/fast-world-fast-updates
published: true
name: Gergely Polonkai
We live in a fast world, thats for sure. When I first heard about Ubuntu
Linux and their goals, I was happy: they gave a Debian to everyone, but in
different clothes. It had fresh software in it, and even they gave support of
a kind. It was easy to install and use, even if one had no Linux experience
before. So people liked it. Ive even installed it on some of my servers
because of the new package versions that came more often. Thus I got an up to
date system. However, it had a price. After a while, security updates came
more and more often, and when I had a new critical update every two or three
days, Ive decided to move back to Debian. Fortunately I did this at the time
of a new release, so I didnt really loose any features.
After a few years passed, even Debian is heading this very same way. But as I
see, the cause is not the same. It seems that upstream software is hitting
these bugs, and even the Debian guys dont have the time to check for them. At
the time of a GNOME version bump (yes, GNOME 3 is a really big one for the
UN\*X-like OSes), when hundreds of packages need to be checked, security bugs
show off more often. On the other hand however, Debian is releasing a new
security update every day (I had one on each of the last three days). This, of
course, is good from one point of view as we get a system that is more secure,
but most administrators dont have maintenance windows this often. I can think
of some alternatives like Fedora, but do I really have to change? Dear fellow
developers, please code more carefully instead!

@ -0,0 +1,28 @@
layout: post
title: "Wordpress madness"
date: 2012-06-14 06:40:12+00:00
tags: [wordpress, ranting]
permalink: /blog/2012/6/14/wordpress-madness
published: true
name: Gergely Polonkai
Im a bit fed up that I had to install [MySQL]( on my
server to have [Wordpress]( working, so Ive Googled a
bit to find a solution for my pain. I found this:
[]. I dont know when
this post was written, but I think its a bit out of date. I mean come on, PDO
is the part of PHP for ages now, and they say adding a DBAL to the dependencies
would be a project as large as (or larger than) WP itself. Well,
yes, but PHP is already a dependency, isnt it? Remove it guys, its too
Okay, to be serious… Having a heavily MySQL dependent codebase is a bad
thing in my opinion, and changing it is no easy task. But once it is done, it
would be a childs play to keep it up to date, and to port WP to other
database backends. And it would be more than enough to call it 4.0, and
raising version numbers fast is a must nowadays (right, Firefox and Linux
Kernel guys?)

@ -0,0 +1,28 @@
layout: post
title: "SSH login FAILed on Red Had Enterprise Linux 6.2"
date: 2012-06-18 18:28:45+00:00
tags: [linux, selinux, ssh, red-hat]
permalink: /blog/2012/6/18/ssh-login-failed-on-red-hat-enterprise-linux-6-2
published: true
name: Gergely Polonkai
Now this was a mistake I should not have done…
About a month ago I have moved my AWS EC2 machine from Amazon Linux to RHEL
6.2. This was good. I have moved all my files and stuff, recreated my own
user, everything was just fine. Then I copied my
[gitosis]( account (user `git` and its home
directory). Then I tried to log in. It failed. I was blaming OpenSSH for a week
or so, changed the config file in several ways, tried to change the permissions
on `~git/.ssh/*`, but still nothing. Permission were denied, I was unable to
push any of my development changes. Now after a long time of trying, I
coincidently `tail -f`-ed `/var/log/audit/audit.log` (wanted to open `auth.log`
instead) and that was my first good point. It told me that `sshd` was unable to
read `~git/.ssh/authorized_keys`, which gave me the idea to run `restorecon` on
`/home/git`. It solved the problem.
All hail SELinux and RBAC!

@ -0,0 +1,35 @@
layout: post
title: "Upgrades requiring a reboot on Linux? At last!"
date: 2012-06-22 20:04:51+00:00
tags: [linux]
permalink: /blog/2012/6/22/upgrades-requiring-a-reboot-on-linux-at-last
published: true
name: Gergely Polonkai
Ive recently received an article on Google+ about Fedoras new idea: package
upgrades that require a reboot. The article said that Linux guys have lost
their primary adoo: “Haha! I dont have to reboot my system to install system
upgrades!” My answer was always this: “Well, actually you should…”
I think this can be a great idea if distros implement it well. PackageKit was
a good first step on this road. That software could easily solve such an
issue. However, it is sooo easy to do it wrong. The kernel, of course, can not
be upgraded online (or could it be? I have some theories on this subject,
wonder if it can be implemented…), but other packages are much different.
From the users point of view the best would be if the packages would be
upgraded in the background seemlessly. E.g. PackageKit should check if the
given executable is running. If not, it should upgrade it, while notifying the
user like “Hey dude, dont start Anjuta now, Im upgrading it!”, or simply
denying to start it. Libraries are a bit different, as PackageKit should check
if any running executables are using the library. Meanwhile, PK should also
keep a notification somewhere telling the users that some packages could be
upgraded, but without stopping this-and-that, it can not be done.
I know these things are easier said than done. But I think (a) users should
tell such ideas to the developers and (b) developers (mostly large companies,
like Microsoft or Apple) should listen to them, and at least think of these
ideas. Some users are not as stupid as they think…

@ -0,0 +1,80 @@
layout: post
title: "Some thoughts about that dead Linux Desktop"
date: 2012-09-05 09:01:31+00:00
tags: [linux]
permalink: /blog/2012/9/5/some-thoughts-about-that-dead-linux-desktop
published: true
name: Gergely Polonkai
There were some arguments in the near past on [What Killed the Linux
Desktop]( After reading many
replies, like [Linus
I have my own thoughts, too.
I know my place in the world, especially in the online community. Im a Linux
user for about 15 years and a Linux administrator for 10 years now, beginning
with WindowMaker and something that I remember as GNOME without a version
number. I have committed some minor code chunks and translations in some minor
projects, so Im not really into it from the “write” side (well, until now,
since I have began to write this blog, and much more, but dont give a penny
for my words until you see it).
Im using Linux since 2.2 and GNOME since 1.whatever. Its nice that a program
compiled years ago still runs on todays Linux kernel, especially if you see
old DOS/Windows software failing to start on a new Windows 7 machine. I
understand Linus point that breaking external APIs is bad, and I think it can
work well on the kernels level. But the desktop level is much different. As
the Linux Desktop has such competitors (like OS/X and Windows Aero and Metro),
they have to give something new to the users almost every year to keep up with
them. Eye candies are a must (yes, of course my techy fellows, they are
worthless, but users *need* it), and they can not be created without extending
APIs. And the old API… well, it fades away fast. I dont really understand
however, why they have to totally disappear, like
in Gtk3. It could be replaced with a 0 value (e.g: it wont do anything). This
way my old Gtk2 program could compile with Gtk3 nicely. Also, there could be a
small software that goes through your source code and warn you about such
deprecated (and no-doer but still working) things. Porting applications between
Gtk (and thus, GNOME) versions became a real pain, which makes less enthusiast
programmers stop developing for Linux. Since Im a GNOME guy for years, I can
tell nothing about Qt and KDE, but for the GNOME guys, this is a bad thing. As
of alternatives, there is Java. No, wait… it turned out recently that [it has
several security
Also its not that multiplatform as they say (I cant find the article on
that at the moment, but I have proof). Also, the JVMs out there eat up so much
resources, which makes it a bit hard and expensive to use.
Also, I see another problem: those blasted package managers. RPM, DPKG,
Portage, whatever. What the hell? Why are there so many? Why do developers
reinvent the wheel? The nave is too small or there are to few spokes? Come on…
we live in an open source world! Contribute to the one and only package manager
(which one is that I dont actually care)! Im sure the two (three, many)
bunches of develoeprs could make a deal. Thus, it could become better and
“outsider” companies would be happier to distribute their software for Linux
And now that we get to the big companies. I dont really understand them.
nVidia and ATI made their own closed source drivers for Linux. Some other
hardware vendors also write Linux drivers, and as the kernel API doesnt really
change, they will work for a long time. But what about desktop
application vendors? Well, they try to stick to a desktop environment or two,
and if they change too frequently, they stop developing for Linux, like Skype
did (OK, maybe Skype has other reasons, but you see my point). But why? The
main part for Linux programs is the Linux kernel and the basic userland like
libc/stdlib++. If you write graphical software, it will have to use X-Windows.
Yes, its much different in many ways, mostly because they have a… well… pretty
ugly design by default. But still, its the same on every Linux distributions,
as it became somewhat an industry standard, as it was already on the market
back in the old UN\*X days. The protocol itself changed just like the Linux
kernel: almost no change at all, just some new features.
So what kills the Linux desktop in my opinion is these constant wars inside,
and the lack of support from the outside. Open Source is good, but until these
(mostly the first) problems are not resolved, Linux Desktop can do nothing on
the market. Its a downward spiral hard to escape.

@ -0,0 +1,76 @@
layout: post
title: "How to start becoming a web developer"
date: 2012-09-07 18:12:12+00:00
tags: [development, technology]
permalink: /blog/2012/9/7/how-to-start-becoming-a-web-developer
published: true
name: Gergely Polonkai
A friend of mine asked me today how to become a web developer. It took me a
while, but I made up a checklist. Its short, but its enough for the first
#### First of all, learn English
Well, if you read this, maybe this was a bad first point…
#### Choose a language and stick to it!
For the UN\*X/Linux line, there is PHP. Its free, easy to learn, and has many
free tools and documentations available. It can be used in a functional or an
object-oriented way.
C# is another good way to start, but for the Windows line. Its fully object-
oriented, and the web is full of tutorials, how-tos and other resources.
#### Learn the basics of the system you are working on
To become a good developer, learn at least the basics of the system you are
working on. Basic commands can always come in handy. Debugging (yes, you will
do tons of bugs for sure) can become much easier if you know the huge set of
tools provided by your OS. You should also try to develop in the chosen
environment. Chose PHP? Get a Linux desktop! ASP.NET? Get a Windows.
Everything will be much easier!
#### Learn the basics of the web server you are using
PHP can run on [Apache]( (as a module), or any
CGI-capable webserver, like [lighttpd]( or
[nginx]( (well, it can also run on IIS, but trust me: you
dont want that). ASP.NET is designed for IIS, and although some scripts can
be run under a mono-capable server, it should still stay there.
Whichever you choose, learn the basics! How to start and stop the service,
basic configuration methods, modules/extensions, and so on. Its more than sure
that you will face some issues while developing, so it can never hurt.
#### Keep your versions under control
Version control is critical nowadays. It gives you a basic backup solution,
can come in handy with debugging, and if you ever want to work in a team, you
will badly need it.
Subversion is a bit out of date now, and its kind of hard to set up.
Git is no easy. You will have to learn a lot of stuff, but basicly its just
another version control system. Just choose if you want to stick to
merge-then-commit or rebase-then-commit, get a client, and get on the run.
Microsofts Team Foundation is another good way if you are working in a team.
It provides several other features besides version controlling, and is well
integrated into Visual Studio, which is highly recommended for Windows based
#### Choose an environment to work in
There are so many good tools out there. You should choose according to the
language and OS on what you are working on. [Zend
Studio]( or
[Netbeans]( are both good tools for PHP development,
while [Visual Studio]( is a best buy for Windows
development. Both of these have many ups and downs, but once you get in touch
with their deeper parts, you will like them.

@ -0,0 +1,19 @@
layout: post
title: "Do-Not-Track in IE10 vs. Apache"
date: 2012-09-10 20:22:32+00:00
tags: [apache, technology]
permalink: /blog/2012/9/10/do-not-track-in-ie10-vs-apache
published: true
name: Gergely Polonkai
[Apache developer decided not to accept Do-Not-Track headers from IE10
because its enabled by default. So… if I install a plugin that hides the
fact from the web server that Im using IE10, I become eligible of using
it. But if I do this, I simply became eligible because I consciously installed
that addon, so I could actually use it without hiding the fact. Sorry if
Im a bit Philosoraptorish…

@ -0,0 +1,78 @@
layout: post
title: "Symfony 2 Create role- and class-based ACLs with your roles coming from the ORM"
date: 2012-09-16 18:39:25+00:00
tags: [php, symfony]
permalink: /blog/2012/9/16/symfony-2-create-role-and-class-based-acls-with-your-roles-coming-from-the-orm
published: true
name: Gergely Polonkai
During the last weeks I had some serious issues with one of my private Symfony
2 projects. One of my goals was to create a dynamic security system, e.g my
administrators wanted to create roles, and grant these roles access to
different object types (classes) and/or objects.
So I have created a `User` entity, which implements `UserInterface` and
`AdvancedUserInterface`, the latter for the possibility to enable/disable
accounts and such. It had a `$roles` property, which was a `ManyToMany` relation
to the `Role` entity, which implemented `RoleInterface`. Also I have created my
own role hierarchy service that implements `RoleHierarchyInterface`.
So far so good, first tests. It soon turned out that if `User::getRoles()`
returns a `DoctrineCollection` as it does by default, then the standard
{% highlight php %}
{% endhighlight %}
doesnt work. I know, it should not be hard coded, as my roles and permission
tables are dynamic, I have just tested. So I fixed my `User` entity so
`getRoles()` returns an array of `Role` objects instead of the
`DoctrineCollection`. Also I implemented a `getRolesCollection()` method to
return the original collection, but I think it will never be used.
After that, I had to implement some more features so I put this task away.
Then, I tried to create my first ACL.
{% highlight php %}
$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
$objectIdentity = new ObjectIdentity('newsClass', 'Acme\\DemoBundle\\Entity\\News');
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
{% endhighlight %}
I was about to check if the user who is logged in has an `OWNER` permission on
the `User` class.
{% highlight php %}
$this->objectIdentity = new ObjectIdentity(self::OBJECT_ID, self::OBJECT_FQCN);
if ($this->securityContext->isGranted('OWNER', $this->objectIdentity) === false) {
throw new AccessDeniedException('You dont have the required permissions!');
{% endhighlight %}
The ACL was defined based on a role, so everyone who had the `ROLE_ADMIN` role
should gain access to the user listing page. But they didnt. It took several
weeks to find the cause, I have put it on
and the Symfony Google Group, but no usable answers.
Then I went off for debugging. Setting up NetBeans for xdebug-based PHP
debugging was real fun under Fedora, but thats another story. After a while I
have found that Symfonys basic access decision manager checks for
`$role->getRole()` only if `$role` is an instance of
`Symfony\Component\Security\Core\Role\Role`, instead of checking if the object
implements `Symfony\Component\Security\Core\Role\RoleInterface`. So Ive
checked if the bug is already reported. It turned out that it was, and my
solution was available in a specific commit about a year ago, but as [Johannes
Schmitt commented, it would introduce a security
so it was reverted. Unfortunately neither Johannes Schmitt, nor Fabien
Potencier (nor anyone else) could (or wanted) to tell about this issue. So the
final (and somewhat hack-like) solution was to extend
`Symfony\Component\Security\Core\Role\Role`. And boom! It worked.

@ -0,0 +1,25 @@
layout: post
title: "SmsGateway and SmsSender"
date: 2012-10-07 00:10:26+00:00
tags: [development, php, symfony]
permalink: /blog/2012/10/7/smsgateway-and-smssender
published: true
name: Gergely Polonkai
I have just uploaded my SmsGateway, SmsSender and SmsSenderBundle packages to
[GitHub]( and
[Packagist]( I hope some of you will find it useful.
* SmsGateway
* [GitHub](
* [Packagist](
* SmsSender
* [GitHub](
* [Packagist](
* SmsSenderBundle
* [GitHub](
* [Packagist](

@ -0,0 +1,26 @@
layout: post
title: "Changing the session cookies name in Symfony 2"
date: 2012-10-13 12:49:28+00:00
tags: [symfony, development]
permalink: /blog/2012/10/13/changing-the-session-cookie-s-name-in-symfony-2
published: true
name: Gergely Polonkai
I have a development server, on which I have several Symfony 2.x projects under
the same hostname in different directories. Now Im facing a funny problem
which is caused by that the cookies Symfony places for each of my projects have
the same name.
To change this, you will have to modify the `config.yml` file like this:
{% highlight yaml %}
name: SiteSpecificSessionName
lifetime: 3600
{% endhighlight %}
I hope it helps some of you.

@ -0,0 +1,56 @@
layout: post
title: "Symfony 2 Configuration Array of associative arrays"
date: 2012-12-20 12:03:23+00:00
tags: [php, symfony]
permalink: /blog/2012/12/20/symfony-2-configuration-array-of-associative-arrays
published: true
name: Gergely Polonkai
Few days ago I have struggled with a problem using Symfony2 configuration. I
wanted to add the following kind of configuration to `config.yml`:
{% highlight yaml %}
- { hc_cba: 180 }
- { cba_hc: -1 }
{% endhighlight %}
The problem was that the stuff under `transitions` is dynamic, so those
`hc_cba` and `cba_hc` tags can be pretty much anything. After hitting many
errors, I came to the solution:
{% highlight php %}
->then(function($values) {
$ret = array();
foreach ($values as $value) {
foreach ($value as $transition => $time) {
$ret[] = array('transition' => $transition, 'time' => e);
return $ret;
{% endhighlight %}

@ -0,0 +1,14 @@
layout: post
title: "Development man pages on Fedora"
date: 2013-01-05 18:20:41+00:00
tags: [development, fedora]
permalink: /blog/2013/1/5/development-man-pages-on-fedora
published: true
name: Gergely Polonkai
If you use Fedora (like me), and cant find the development manual pages for
e.g. `printf(3)` (like me), just `yum install man-pages` (like me).

@ -0,0 +1,99 @@
layout: post
title: "Registering an enum type in GLibs type system"
date: 2013-01-06 02:34:03+00:00
tags: [c, development, glib]
permalink: /blog/2013/1/6/registering-an-enum-type-in-glib-s-type-system
published: true
name: Gergely Polonkai
I faced a problem in my [GLib]( self-teaching
project, [wMUD]( today. I wanted to
register a signal for a `GObject`, whose handler should accept two `enum`
parameters for which I had to register a new `GEnum` type in the `GObject` type
system. However, the [documentation on this
(thanks for pointing out goes to hashem on `#gnome-hackers`) is not… uhm…
obvious. Making the long story short, I have checked with the `GIO` sources for
an example, and using that, I have created this small, working chunk:
{% highlight c %}
#include <glib-object.h>
* WmudClientState:
* @WMUD_CLIENT_STATE_FRESH: Client is newly connected. Waiting for a login
* player name
* @WMUD_CLIENT_STATE_PASSWAIT: Login player name is entered, waiting for a
* login password
* @WMUD_CLIENT_STATE_MENU: Authentication was successful, player is now in the
* main game menu
* @WMUD_CLIENT_STATE_INGAME: Character login was successful, player is now
* in-game
* @WMUD_CLIENT_STATE_YESNO: Player was asked a yes/no question, and we are
* waiting for the answer. client.yesNoCallback MUST be set at this point!
* TODO: if wmudClient had a prevState field, and there would be some hooks
* that are called before and after the client enters a new state, this
* could be a three-state stuff, in which the player can enter e.g ? as
* the answer, so they would be presented with the question again.
* @WMUD_CLIENT_STATE_REGISTERING: Registering a new player. Waiting for the
* e-mail address to be given
* @WMUD_CLIENT_STATE_REGEMAIL_CONFIRM: E-mail address entered séms valid,
* waiting for confirmation
* Game client states.
typedef enum {
} WmudClientState;
GType wmud_client_state_get_type (void) G_GNUC_CONST;
#define WMUD_TYPE_CLIENT_STATE (wmud_client_state_get_type())
#endif /* __WMUD_CLIENT_STATE_H__ */
{% endhighlight %}
{% highlight c %}
#include "wmudclientstate.h"
wmud_client_state_get_type (void)
static volatile gsize g_define_type_id__volatile = 0;
if (g_once_init_enter(&g_define_type_id__volatile)) {
static const GEnumValue values[] = {
{ 0, NULL, NULL }
GType g_define_type_id = g_enum_register_static(g_intern_static_string("WmudClientState"), values);
g_once_init_leave(&g_define_type_id__volatile, g_define_type_id);
return g_define_type_id__volatile;
{% endhighlight %}
Still, it can be made more perfect by using the
tool. I will read through the GLib Makefiles tomorrow for some hints on

@ -0,0 +1,17 @@
layout: post
title: "git rm --cached madness"
date: 2013-01-14 21:38:00+00:00
tags: [development, git]
permalink: /blog/2013/1/14/git-rm-cached-madness
published: true
name: Gergely Polonkai
I have recently learned about `git rm --cached`. Its a very good tool, as it
removes a file from tracking, without removing your local copy of it. However,
be warned that if you use `git pull` in another working copy, the file will be
removed from there! If you accidentally put the configuration of a production
project, and remove it on your dev machine, it can cause a lot of trouble ;)

@ -0,0 +1,52 @@
layout: post
title: "JMS\\DiExtraBundles GrepPatternFinder grep exits with status code 2 on Fedora 18"
date: 2013-01-17 00:32:12+00:00
tags: [fedora, selinux, symfony]
permalink: /blog/2013/1/17/jms-diextrabundle-s-greppatternfinder-grep-exits-with-status-code-2-on-fedora-18
published: true
name: Gergely Polonkai
Yesterday Ive upgraded my development machines from Fedora 17 to Fedora
18. Although it went well, my [Symfony]( projects stopped
working with a message like this:
RuntimeException: Command "/usr/bin/grep --fixed-strings --directories=recurse --devices=skip --files-with-matches --with-filename --color=never --include=*.php 'JMS\DiExtraBundle\Annotation'
'/var/www/html/gergelypolonkaiweb/vendor/sensio/generator-bundle/Sensio/Bundle/GeneratorBundle'" exited with non-successful status code "2".
After getting through my logs and such, Ive finally found out that the new
SELinux policy is causing the trouble together with git. Eventually, my
`.git/logs` directory is tagged as `unconfined_u:object_r:httpd_log_t:s0`.
`httpd_log_t` type is not readable by the `system_u:system_r:httpd_t:s0` user,
which makes `/usr/bin/grep` throw an access denied error. To fix this, I needed
to do
semanage fcontext -a -t httpd_sys_content_t '/var/www(/.*)?/\.git/logs(/.*)?'
as root. This makes `.git` directories readable for the httpd process, thus,
for `grep`. The optimal solution would be to tell `GrepPatternFinder` to ignore
version control stuff, so the `httpd` process would have no access to them at
all. Also, in production, removing the `.git` or `.svn` directories could be a
good idea.

@ -0,0 +1,32 @@
layout: post
title: "mount: device or resource busy after enabling multipath"
date: 2013-02-19 23:09:05+00:00
tags: [linux, heartbeat-cluster]
permalink: /blog/2013/2/19/mount-device-or-resource-busy-after-enabling-multipath
published: true
name: Gergely Polonkai
We have a heartbeat cluster with two nodes. It has been running for several
months without problems. The shared storage is on an IBM DS3400, on which we
have a large volume formatted with ext4.
Today I decided to reboot the active node for security reasons. So Ive
switched to the passive node, which failed at the first step: it was unable to
mount the storage (`/dev/sda1`). After whining for a few moments, I tried to
mount it by hand, which told me
/dev/sda1 already mounted or /data is busy
Ive quickly made sure that none of that was true. After checking
this-and-that, it turned out that the passive node had `multipathd` running, so
I looked under `/dev/mapper`, and found two symlinks there, `<long-long WWN>`
and `<long-long WWN>-part1`. As the partition table and the disk size was the
same as on `/dev/sda`, I tried to
mount /dev/<long-long WWN>-part1 /data
and voilà! It worked like charm!

@ -0,0 +1,27 @@
layout: post
title: "Why I stopped using annotation based routing in Symfony today"
date: 2013-02-27 23:10:24+00:00
tags: [development, symfony]
permalink: /blog/2013/2/27/why-i-stopped-using-annotation-based-routing-in-symfony-today
published: true
name: Gergely Polonkai
I have read several opinions about routing configuration in Symfony. I stayed
with annotation based routing as it was convinient for me to see the URL right
above the controller action. This was because by just checking the URL, I
remembered the controlling code, as they always were fresh ones. Well, until
I had to take a look into an old (Sf 2.0, last commit was about 3 months ago)
project of mine. In the same run Ive upgraded the whole project to 2.2 (it was
a fast one, thanks for [JMikola@GitHub]( for the
quick reply on my issue with
again!). After that I went on to the requested change. Now, finding a route in
about 40 controller files spread between 3 bundles can really be a pain! So
Ive finished with annotation based routing. Its still a nice feature, its
simply not for me.

@ -0,0 +1,67 @@
layout: post
title: "Programming, as I see it"
date: 2013-03-01 23:32:35+00:00
permalink: /blog/2013/3/1/programming-as-i-see-it
published: false
name: Gergely Polonkai
Since my age of around 11, I write code. I began with BASIC, which is, well,
the most basic language I have ever seen. Simply writing
{% highlight basic %}
10 PRINT "Hello World!"
{% endhighlight %}
does the job (with Assembly it would be tens of lines as I recall). Then I
moved to Pascal, then Delphi (which is basically the same thing). The next step
was a bit longer, as I started learning more languages after this, like Perl
(for dynamic web pages), C (for desktop applications), TCL (for eggdrop
programming. Yes, I might have been a weird kid), PHP (again, for dynamic web
pages. It was becoming mainstream back then).
Many of my classmates looked down on me, as they thought I was a geek (hell I
was, but I wouldnt have confessed it then), and called me a nerd. For a few
months maybe I was depressed, but after that I realised that this is the thing
I want to do in my life, this is the thing Im good at.
Most people I ask why dont they code say “its too hard”. Ive attended some
courses (both online and offline, and I was like “Whoa! Coding is extremely
hard! What the hell! I will never learn it!”, but right after the course I
realised that everything is just fine, I can still write programs, and its
eeeeasy. So then, whats the problem?
After looking through many course papers, I found that most teachers do it
totally wrong. A programming language is just that: a language. You dont start
learning Spanish by going into a classic literature conference in Madrid and
doing a speech, but learn the basic vocabulary and grammar. The same goes for
coding. You learn the vocabulary (the basic commands or keywords) and grammar
(syntax). I had several ideas how this could be taught, just didnt have the
background to do it.
The idea of teaching programming lingers in my head for years now, and a few
days ago, Ive bumped into [this
video]( So it seems that
technology superstars like Bill Gates and Mark Zuckerberg wants to do the same.
Maybe they dont have enough high quality coders at hand. Well of course,
if teachers make it awfully hard to learn it! So a bunch of guys sat together
and created []( to achieve my old dream. I like
the idea. And although I have almost no visitor on this blog of mine, allow me
to give you a few points on how I see programming.
#### Great learning process
When you write programs, especially during the first years, you adapt a new way
of thinking and learning. If you learn it as an adult, it can be a bit of a
pain, but as a child, its easy as learning how the wheels of those little cars
#### A job
#### Art
#### Magic

@ -0,0 +1,38 @@
layout: post
title: "Fedora cant change Active Directory password via kpasswd"
date: 2013-03-05 08:55:04+00:00
tags: [fedora, kerberos, active-directory]
permalink: /blog/2013/3/5/fedora-can-t-change-active-directory-password-via-kpasswd
published: true
name: Gergely Polonkai
I wanted to change my AD password today. As the AD is actually a Kerberos
server, I was pretty sure that `kpasswd` will do the trick. However, `kpasswd`
output looked like this:
$ kpasswd
Password for polonkai.gergely@EXAMPLE.LOCAL:
Enter new password:
Enter it again:
kpasswd: Cannot find KDC for requested realm changing password
Ive checked `kinit` and `klist`, everything looked fine. After a while it came
to my mind that password changing is done through the kadmin server, not
through the KDC. It seems that when I set up the Active Directory membership,
the `admin_server` directive is not get written to `krb5.conf`. So all I had to
do was to put
admin_server = ad.example.local
in that file, and voilà!
$ kpasswd
Password for polonkai.gergely@EXAMPLE.LOCAL:
Enter new password:
Enter it again:
Password changed.