mount –bind vs symbolic link

With mount –bind, a directory tree exists in two (or more) places in the directory hierarchy. This can cause a number of problems. Backups and other file copies will pick all copies. It becomes difficult to specify that you want to copy a filesystem: you’ll end up copying the bind-mounted files twice. Searches with find, grep -r, locate, etc., will traverse all the copies, and so on.

You will not gain any “increased functionality and compatibility” with bind mounts. They look like any other directory, which most of the time is not desirable behaviour. For example, Samba exposes symbolic links as directories by default; there is nothing to gain with using a bind mount. On the other hand, bind mounts can be useful to expose directory hierarchies over NFS.

You won’t have any performance issues with bind mounts. What you’ll have is administration headaches. Bind mounts have their uses, such as making a directory tree accessible from a chroot, or exposing a directory hidden by a mount point (this is usually a transient use while a directory structure is being remodelled). Don’t use them if you don’t have a need.

Only root can manipulate bind mounts. They can’t be moved by ordinary means; they lock their location and the ancestor directories.

Generally speaking, if you pass a symbolic link to a command, the command acts on the link itself if it operates on files, and on the target of the link if it operates on file contents. This goes for directories too. This is usually the right thing. Some commands have options to treat symbolic links differently, for example ls -L, cp -d, rsync -l. Whatever you’re trying to do, it’s far more likely that symlinks are the right tool, than bind mounts being the right tool.

it’s worth noting that some utilities might consider a bind-mounted directory to be a separate file system. This may have performance or functionality implications if the program can no longer assume that the same inode number refers to the same file (which it doesn’t, if they are on different file systems), a move cannot be optimized as link-at-target-then-unlink-source, etc.

Author: Gilles

Time zones

Dirty script to show times in different places in the world

echo -n -e "World Times:\n\tTokyo\t\t"; TZ=":Asia/Tokyo" date | cut -d " " -f4; echo -n -e "\tShanghai\t"; TZ=":Asia/Shanghai" date | cut -d" " -f4;echo -n -e "\tMoscow\t\t"; TZ=":Europe/Moscow" date | cut -d" " -f4;echo -n -e "\tRome\t\t"; TZ=":Europe/Rome" date | cut -d" " -f4;echo -n -e "\tLondon\t\t"; TZ=":Europe/London" date | cut -d" " -f4;echo -n -e "\tNew York\t"; TZ=":America/New_York" date | cut -d" " -f4;echo -n -e "\tLos Angeles\t"; TZ=":America/Los_Angeles" date | cut -d" " -f4

find your preferred places in /usr/share/zoneinfo
then place the script in your .bashrc


Quick way to setup swap

fallocate -l 4G /swapfile
ls -lh /swapfile
sudo chmod 600 /swapfile
ls -lh /swapfile
mkswap /swapfile
swapon /swapfile
free -m

vim /etc/fstab
At the bottom of the file, you need to add a line that will tell the operating system to automatically use the file you created:
/swapfile none swap sw 0 0

Windows 7: regaining disk space

net stop wuauserv
ren %systemroot%\SoftwareDistribution SoftwareDistribution.old
net start wuauserv
rd /s/q %systemroot%\SoftwareDistribution.old

DISM.exe /online /Cleanup-Image /spsuperseded

bear in mind that above command is super-case-sensitive
sfc /scannow

Unfortunately in Windows 7 you cannot get rid off update packages in WINSXS folder (this can reach 12GB). You can clear it up in Windows 8.1 and later.

Security clearance in UK

Types of national security clearance

There are four main types of Security Clearance – Baseline, Counter Terrorist, Security Check and Developed Vetting. Below is an outline of each type of Security Clearance, along with information on the process, how long it takes, and the types of IT jobs it applies to.

The important thing to remember is that Security Clearance checks are conducted in line with a specific IT job role, and need to be requested by a company not an individual. So while Security Clearance may require some time and paperwork, if successful it will lead to a new IT job – as well as career rewards such as a good salary, role security and plenty of opportunity.

Baseline Security Clearance

There are two types of check in this category: Baseline Personnel Security Standard (BPSS) (Formally Basic Check) and Enhanced Baseline Standard (EBS) (formerly Enhanced Basic Check or Basic Check +). A BPSS or EBS aims to provide an appropriate level of assurance as to the trustworthiness, integrity, and probable reliability of prospective employees.

What is BPSS?
BPSS is an entry level security check, and will take one or two days to complete. Not technically a security clearance, it uses the Police National Computer (PNC) to make sure a candidate has no convictions. The check returns evidence of any current criminal record and un-spent convictions under the Rehabilitation of Offenders Act 1974.

A BPSS acts as a pre-employment check, signaling good recruitment and employment practice in general. The check is carried out by screening identity documents and references. Continue reading Security clearance in UK

VirtualBox and networking between guests

For this to happen you have to enable a secondary network adapter that is set as Internal Network (make sure you assign both guests to the same Internal Network, default is “intnet”)
The next step is to enable DHCP server on that network by this command:
VBoxManage dhcpserver add –netname intnet –ip –netmask –lowerip –upperip –enable

CyanogenMod for Sony device

1. To get to the service menu type this code in your dialer:
This way you can check if you can unlock your bootloader, it is 50/50 chance, it depends on the production batch.
If a bootloader is allowed to be unlocked you can install custom ROM, if not you will not be able to proceed any step further
2. find the right device on CM website
3. download the right build image (stable or nightly) and corresponding recovery image
4. download Open Google Apps from here
As you can see I would go for NANO build which is below 100MB in size
5. unlock bootloader:
6. PLEASE NOTE: you will need ADB and FASTBOOT applications and correct Sony drivers to be able to flash recovery image once the bootloader is unlocked
PLEASE NOTE that ADB and FASTBOOT uses different drivers to access the device
device is accessible using ADB when it is in normal mode
adb devices
device is accessible using FASTBOOT only from recovery mode
fastboot devices
fastboot flash boot boot.img
fastboot reboot

7. follow the instructions from an email they are going to send you
adb reboot bootloader - this is effective way to get to recovery mode for fastboot
fastboot -i 0x0xxx oem unlock 0xDxxxxxxxxxxxxx

8. flash custom ROM
adb sideload (from this moment you will not be able to access service menu anymore as it is not included in custom ROM)
9. install Google Apps
adb sideload
10. go trough initial device setup, sign up to Google Play
11. enable Root access within Developers option -> Root access for Apps and ADB
12. install TWRP ROM manager
13. flash TWRP recovery image
You definitely want to read this: as you will be presented with a question that your have to check prior flashing recovery image, you risk bricking the device so double check.
14. once custom TWRP image is flashed you can boot to it and perform a first backup

Thin or thick provisioning?

This is good explanation why not to use thin provisioning especially in small business where we cannot afford any vm redundancy.

expected survival rate after one year:
Windows 2008 system installed on certified hardware: 98%
same system on thick provisioned eagerzeroed vmdk running on ESXi: 97%
same system on thin provisioned vmdk running on ESXi: 60%
same as before plus automatic backup by Veeam or similar: 50 %

I dont think those numbers are completely off but I dont have statistics to backup such a claim.
Continue reading Thin or thick provisioning?

Amazon Lumberyard and GameLift

We’re excited to introduce Amazon Lumberyard and Amazon GameLift to game developers using AWS.

Amazon Lumberyard is a free, cross-platform, 3D game engine for developers to create the highest-quality games, connect their games to the vast compute and storage of the AWS Cloud, and engage fans on Twitch. This game engine helps developers build beautiful worlds, make realistic characters, and create stunning real-time effects.

Amazon Lumberyard is available for download in beta for PC and console game developers, with mobile and virtual reality (VR) platforms coming soon. Amazon Lumberyard is free to use, including source. There are no seat fees, subscription fees, or requirements to share revenue. Developers pay standard AWS fees for any AWS services they choose to use. Download the game engine here.

AWS is also releasing Amazon GameLift, a new service for deploying, operating, and scaling session-based multiplayer games, reducing the time required to create multiplayer back-ends from thousands of hours to just minutes. Learn more here.

With Amazon GameLift and Amazon Lumberyard, developers can create multiplayer back-ends with less effort, technical risk, and time delays that often cause developers to cut multiplayer features from their games.


So the read/write speeds of SSD comparing to SSHD on SATA II is about 4.5 times faster giving about 460MB/s to previous 110MB/s.

Timing cached reads: 5260 MB in 2.00 seconds = 2633.81 MB/sec
Timing buffered disk reads: 1476 MB in 3.00 seconds = 491.58 MB/sec

4096000000 bytes (4.1 GB) copied, 9.02934 s, 454 MB/s

MacOSX: Office for Mac 2011 glitches

Read Only and the Disk wasn’t correcting it.
Staring with ~/Library/Preferences/Microsoft and its subfolders, make sure they are all Read/Write for your profile.
Also check ~/Library/Application Support/Microsoft.
If the problem is not related to Read/Write permissions then my guess is that the problem is in your preference files or an office cache file. I would start with the preference files. To do this ALL office applications must be shutdown completely, not closed.
Open ~/Library/Preferences (paste that path and include the ~ symbol into Finder > Go > Go to folder) and make sure the list of files and folders are in alphabetical order. Locate all files that start with “” and drag them to the trash. Then in the same Preference folder locate the Microsoft subfolder. In this folder you will see a few more “” file, drag them to the trash.
Final step is to go to ~/Library/Application Support/Microsoft/Office/User Templates and locate your Normal.dotm file. Rename this file to oldNormal.dotm. The reason you rename it versus trashing it is to save former AutoText, Styles, Macros, etc that you might want to bring over to the new template that gets generated.
This should clear any glitches that Office for Mac 2011 can experience.

MacOSX reset VNC and LMI

sudo /System/Library/CoreServices/RemoteManagement/ -restart –agent
sudo ps auxwww | grep loginwindow | grep -v grep | awk ‘{print $2}’ | xargs sudo kill -9

CISA is coming into Force, dark side of the Force

If you missed this important news check this out:

Eric Schmidt (Google) said:
“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

“In the world of pattern recognition, we talk about “feature extraction”. That’s the process whereby we measure things, so if we were interested in classifying motor vehicles, one of the features we might extract is “number of axles”. Another might be “number of wheels”, and still another might be “number of doors”.

The idea, of course, is to use those features to figure out what kind of vehicle we’ve got. But not all features are equally useful: if we’re trying to tell the difference between a Mercedes sedan and a Toyota sedan, “number of wheels” won’t help.

So the next step is “feature selection”: what’s actually useful? Which features will enable us to make decisions?

And the step after that is “feature weighting”, because even if we’ve decided that there are 22 features useful for decision-making, they’re almost certainly not all equally useful.

There is no doubt that by now extensive theoretical and experimental analysis has been carried out on the Facebook data corpus and that algorithms have been written which perform this process, at scale, and quickly. Facebook themselves have no doubt done this because processing the data in this fashion yields saleable output, and we all know that Facebook sells everything that it can to anyone with cash in hand. And any government in possession of Facebook’s data has undoubtedly done the same thing — with their own purposes in mind.

The combination of this approach with machine learning yields code that cuts right through the “5,000 friends” problem like it isn’t even there.” author: Anonymous

Can you imagine yourself browsing the Internet without being logged into Facebook or Google at the same time?

Feel free to share any non US based alternatives to those technology moguls.

The Best non-US Based Email Providers you can Trust your Privacy on
Free Webmail and Email by
GMX in Germany
La Poste in France
Lycos Mail in South Korea (slow page load) in Germany in Russia in India
Yandex in Russia

Cable colour coding?

Blue – network, PC connections (network cabinet)
Red – IP phones (network cabinet)
Orange – interconnections between switches
Grey – Phone connection (desk)
Black – PC connection (desk)
Green – Tills
Yellow – PDQs

Dell XPS 13

This laptop looks very promising to me however without this Thunderbolt adapter there is no way to connect to HDMI.
I think I have to wait a little bit for the price to go down and also so they can release other relevant peripherals.

Intel AMT

Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers. Almost all AMT features are available even if PC power is off, the OS is crashed, the software agent is missing, or hardware (such as a hard drive or memory) has failed.

A Ring -3 rootkit was demonstrated by Invisible Things Lab for the Q35 chipset; it does not work for the later Q45 chipset as Intel implemented additional protections.[38] The exploit worked by remapping the normally protected memory region (top 16 MB of RAM) reserved for the ME. The ME rootkit could be installed regardless of whether the AMT is present or enabled on the system, as the chipset always contains the ARC ME coprocessor. (The “-3” designation was chosen because the ME coprocessor works even when the system is in the S3 state, thus it was considered a layer below the System Management Mode rootkits.) For the vulnerable Q35 chipset, a keystroke logger ME-based rootkit was demonstrated by Patrick Stewin.

Another security evaluation by Vassilios Ververis showed serious weaknesses in the GM45 chipset implementation. In particular, it criticized AMT for transmitting unencrypted passwords in the SMB (small business) provisioning mode when the IDE redirection and Serial over LAN features are used. It also found that the “zero touch” provisioning mode (ZTC) is still enabled even when the AMT appears to be disabled in BIOS. For about 60 euros, Ververis purchased from Go Daddy a certificate that is accepted by the ME firmware and allows remote “zero touch” provisioning of (possibly unsuspecting) machines, which broadcast their HELLO packets to would-be configuration servers. Source: Wikipedia

whatever you do or fix please test it afterwards, better however do not fix things that work, wait until they break otherwise feel the wrath of dummy users.