Category: Technology

December 6, 2025

Expanding a qcow2-backed system disk (host + guest)

Expanding a qcow2-backed system disk (host + guest) — guest volume is lvm and xfs file system

HOST (resize qcow2)

Optional backup:
cp –reflink=auto /vms/fedora02.qcow2 /vms/fedora02.qcow2.bak
Offline resize (VM stopped):
qemu-img resize /vms/fedora02.qcow2 +5G
# Start the VM after resizing.

GUEST (grow partition, PV, LV, filesystem)

Confirm the disk shows the larger size:
lsblk -o NAME,SIZE,TYPE,MOUNTPOINT
#If needed:
#partprobe /dev/sda
Grow the LVM partition (sda2) to the end of the disk:
dnf install -y cloud-utils-growpart
growpart /dev/sda 2
partprobe /dev/sda
Resize the LVM PV and extend the root LV:
pvresize /dev/sda2
lvextend -l +100%FREE /dev/fedora/root
Grow the filesystem:
xfs_growfs /
Verify:
lsblk -o NAME,SIZE,TYPE,MOUNTPOINT
df -h /

December 3, 2025

Exchange SMTP – Sender Reputation DB

Our Exchange server was refusing mail

451 4.7.0 Temporary server error. Please try again later. PRX5

Attempts to send mail would connect, send data, and then hang for a few seconds before returning the tempfail error.

Looks like there’s “sender reputation” data stored at .\Exchange Server\V15\TransportRoles\data\SenderReputation that is used. Since I’m not actually doing filtering on the Exchange server, stopping the transport services, moving the files out of the folder, and then re-starting the services rebuilt the data and allowed mail to send again.

December 2, 2025

LSOF Scoped To Multiple PIDs

You can run lsof -p with a comma-delimited list of PIDs — but you can also transform the pidof output into a comma separated list of PIDs. Which means you can run lsof for all of the PIDs associated with a specific program. In my case, it’s rsync …

lsof -p “$(pidof rsync | tr ‘ ‘ ‘,’)”

November 30, 2025

Python: Partition and RPartition

Found a neat pair of methods that were added in Python 2.5 — it’s like split/index except it handles breaking the string into two elements for you. A tuple is returned with the part before the separator, the separator, and the part after the separator. If the separator is not found, element 0 and 1 are empty strings.

C:\Users\lisa> python
Python 3.13.3
Type “help”, “copyright”, “credits” or “license” for more information.
>>> test = “This is a string | with pipe characters as | delimiters in the string”
>>> print(test.rpartition(“|”)[0])
This is a string | with pipe characters as
>>> print(test.partition(“|”)[0])
This is a string
>>>

November 29, 2025

Linux: Getting Drive Serial Number

[lisa@FVD01 /mnt/lisa/]# smartctl -i /dev/sdc
smartctl 7.5 2025-04-30 r5714 [x86_64-linux-6.15.7-200.fc42.x86_64] (local build)
Copyright (C) 2002-25, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Red (CMR)
Device Model: WDC WD40EFRX-68N32N0
Serial Number: WD-WCC7K4HY5TKD
LU WWN Device Id: 5 0014ee 2b9a3d0c5
Firmware Version: 82.00A82
User Capacity: 4,000,787,030,016 bytes [4.00 TB]
Sector Sizes: 512 bytes logical, 4096 bytes physical
Rotation Rate: 5400 rpm
Form Factor: 3.5 inches
Device is: In smartctl database 7.5/5706
ATA Version is: ACS-3 T13/2161-D revision 5
SATA Version is: SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is: Tue Dec 2 17:24:27 2025 EST
SMART support is: Available – device has SMART capability.
SMART support is: Enabled

2025-12-02 17:24:27 [root@FPP01 /mnt/MythAndZoneminder/]# smartctl -i /dev/sda
smartctl 7.5 2025-04-30 r5714 [x86_64-linux-6.15.7-200.fc42.x86_64] (local build)
Copyright (C) 2002-25, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Red (CMR)
Device Model: WDC WD40EFRX-68N32N0
Serial Number: WD-WCC7K7JZSZ0E
LU WWN Device Id: 5 0014ee 264576d5e
Firmware Version: 82.00A82
User Capacity: 4,000,787,030,016 bytes [4.00 TB]
Sector Sizes: 512 bytes logical, 4096 bytes physical
Rotation Rate: 5400 rpm
Form Factor: 3.5 inches
Device is: In smartctl database 7.5/5706
ATA Version is: ACS-3 T13/2161-D revision 5
SATA Version is: SATA 3.1, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is: Tue Dec 2 17:24:38 2025 EST
SMART support is: Available – device has SMART capability.
SMART support is: Enabled

November 23, 2025

Blender – Applying The Scale

We were playing with Blender this evening to modify a 3d model to mount the mirror on our Ranger — it reminds me a lot of learning vim where there’s just a lot of hidden “type this character and it does magic stuff“. Which, ironically, I love vim because of this … however I’ve also been using vi and vim since 1994. So I know the random character to type. Blender … not so much yet.

Oddity of the day — after scaling an object, you need take an additional step otherwise it’s not really scaled and measurements show up with unexpected values. To reset the scale:

Hit Ctrl + A
Select Scale in Object Mode to apply the current dimensions as the new scale of 1

They call this applying the scale. Which … I expected it did when I entered the scale factor and stuff changed size on the screen. But now I know!

October 30, 2025

Getting Cert Info From Host

An OpenSSL command to retrieve the cert chain from a host and parse out the CN and expiry info

[lisa@linux05 ~]# openssl s_client -connect 10.5.5.75:443 -servername lisa.rushworth.us -showcerts </dev/null 2>/dev/null | sed -n ‘/BEGIN CERTIFICATE/,/END CERTIFICATE/p’ | openssl x509 -noout -subject -startdate -enddate -nameopt RFC2253
subject=CN=lisa.rushworth.us
notBefore=Sep 2 03:28:34 2025 GMT
notAfter=Dec 1 03:28:33 2025 GMT

October 19, 2025

Ender 6

We finally have the Ender 6 printing – you need to keep the fan on any time the hot end is heating (or it clogs up), low retraction (2mm), and adjust the z offset as it prints the skirt (or brim, we’ve switched to using a brim to ensure adhesion)

August 31, 2025

AI and the Entry Level Employee

I’ve long hypothesized that, as companies adopt AI (more accurately LLM’s) in their processes, the skillset required to enter the job market will change. You don’t need an entry level team member – that role is filled by the AI. You need a senior level person who can manage, direct, and oversee the junior “team members”. What that looks like varies by industry – in software development, you don’t need junior developers. You need a senior dev who does quality control on the generated code, integration, and debugging.

There’s now research backing up my expectation — https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5425555

While the number of senior employees has continued to increase, the number of junior employees has actually decreased in the past few years.

August 19, 2025

PingFederate – OGNL Customization of AuthnContext

After a recent merger, we have added federated authentication in our PingFederate environment that allows the incoming company to continue to use their Entra (ADFS) logon process to authenticate through PingFederate. All of the IDs exist in our directory, and contract attributes are populated based on the local account. But the authentication is handled by their existing system. It’s really cool, and works for 99.9% of the applications. One, however, was not happy with the resultant attribute contract. It worked fine for me, logging in directly with PingFederate. Anyone who authenticated through Entra, however, got a very specific error:

AuthenticatingAuthority array contains a value which is not a wellformed absolute uri

And, yes, I concur – there is absolutely an element in the AuthenticatingAuthority array that is not a well-formed absolute URI

Luckily, there appears to be a solution. On the ACS URL tab, select “Show Advanced Customizations”

Use the drop-down to select the message type of “AssertionType” and the expression provided at https://support.pingidentity.com/s/article/OGNL-Examples-Message-Customization#rm-authauthority to remove authenticating authority values when multiple are present (which also works when only one is present)

Now I no longer have authenticating authorities but the AuthnContextClassRef is “urn:oasis:names:tc:SAML:2.0:ac:classes:Telephony” … so, in the assertion creation, we need to add SAML_AUTHN_CTX to the attribute contract

In the attribute contract fulfillment, map this to a static TEXT string – I am using “urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified” which is used as the default in PingFederate

Final Answer! I have an AuthnContext that does not contain any invalid URI strings and a AuthnContextClassRef that is expected.