Installing Cisco AnyConnect VPN on Ubuntu 16.04

Oracle, Unix and the world at large

I was struggling setting up a new VPN to connect to my servers at the office as was failing

# ./ 
Installing Cisco AnyConnect Secure Mobility Client...
Extracting installation files to /tmp/vpn.0Zgby3/vpninst625702875.tgz...
Unarchiving installation files to /tmp/vpn.0Zgby3...
Starting Cisco AnyConnect Secure Mobility Client Agent...
Failed to start vpnagentd.service: Unit vpnagentd.service not found.

I found a bunch of articles on the internet saying that this was due to missing libraries so started with the first batch of recommendations…

# apt install -y lib32z1 lib32ncurses5

This still didn’t work.

So I tried the next one, which was to also install the network-manager-openconnect package and reload the daemons

# apt install network-manager-openconnect

# systemctl daemon-reload


# ./ Installing Cisco AnyConnect Secure Mobility Client... Removing previous installation... mv: cannot stat '/opt/cisco/vpn/*.log': No such file or directory Extracting installation files to /tmp/vpn.yUyv15/vpninst922924093.tgz... Unarchiving installation files to /tmp/vpn.yUyv15... Starting Cisco AnyConnect Secure Mobility Client…

View original post 13 more words


Second Skype on Mac

open -na /Applications/ --args -DataPath /Users/$(whoami)/Library/Application\ Support/SecondSkype

Thanks to Myroslav “StoneEvil” Rys for the hint.

Docker with xHyve on Mac – access stopped container files

I had a problem with Docker on Mac OS X – nowadays it comes with xHyve VM instead of VirtualBox, and the VM uses cow2 format for it’s disk image, so it wasn’t clear how can one access files in /var/lib/docker on the VM.

Why does one even have to access the files? Well, there can be number of reasons. In my case it was Mosquitto container where Mosquitto MQTT broker is a PID 1 process, and when it’s not running – the container isn’t running either. So while changing a config file for Mosquitto I had to do some experimenting, which caused Mosquitto to fail on startup due to bad configuration.

As you can probably guess, it wasn’t possible to fix Mosquitto config otherwise than via /var/lib/docker, because I could not start the container anymore. So it was either this, or start from scratch with new container.

Anyhow, I did not find any working way to mount cow2 image, but I have found a solution on Docker forums to get terminal into xHyve VM when docker was started:

screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty

The username is root with no password.

Thanks to Rohinton Kazak for posting that answer.

S3 mock endpoint

This post is incomplete and more of a note for oneself – be advices.

Here’s the way I’ve been trying to mock S3 for local testing, using Ruby FakeS3 app:

In order to make S3 endpoints point to localhost I had to create custom regions override XML and debug AWS Java SDK to figure out it’s format.

I also have to pass path of that file as system property in order for AWS Java SDK to use it:


I could not find a way to disable SSL (switch from HTTPS to HTTP) in Amason AWS SDK without modifying the code of apps (which I can’t do – otherwise I’d just set endpoint manually), thus I ran FakeS3 configured with some random certificates, and pass disableCertChecking property. Also RegionUtils.disableRemote property is included to reduce number of helper calls to actual AWS.

Still, I did not find any possibility to make AWS SDK use path style access – thus bucket name is prepended to my localhost:9000 URL configured in .aws-regions-override.xml file, and thus I still had to add some entries to /etc/hosts to make it point to localhost. But at least I did not break any real AWS URLs with that.

UPD: Also, in order for endpoint URI to change one has to call setRegion in code at least once. This works for Spring wrapper over AWS S3 SDK, but may not work for custom code, that instantiates S3 client without setting region.

The content of .aws-regions-override.xml is this (the “whatever” tag can have any name):


Paho MQTT client, max in-flight messages for QoS > 0

Working with MQTT protocol in Java usually means using Eclipse Paho FOSS library as a client (it’s even used by Spring for MQTT support in Spring Messaging).

Using Paho to send messages with Quality of Service (QoS) bigger than zero though might result in error/exception “Too many publishes in progress” in case many messages are sent in short period of time.

The straightforward fix to that is of-course not to use QoS other than zero, but there are other ways to remedy that problem.

Continue reading

ActiveMQ disable Diffie-Hellman ciphers to avoid “KeyUsage does not allow digital signatures” errors

Here’s how to do it:


Add this parameter to URI in mqtt transportConnector (in your conf/activemq.xml config).

The need for this? I had a set of keys+certificates that were working perfectly fine on RabbitMQ, but on ActiveMQ I was getting “KeyUsage does not allow digital signatures” errors on client when it was validating server’s certificate.

I had no idea why this happened, googling revealed some fragmented info, in general I understood that my server’s certificate had “extension” “key usage” that indicated it didn’t allow (support?) digital signatures.

Screen Shot 2016-05-31 at 11.50.27 PM

Continue reading

Raspberry Pi Raspbian Jesse – free serial port ttyAMA0

I’ve posted the answer at stackexchange.

In short, disabling terminal on serial via raspi-config (advanced->Serial) should do the trick.

It it doesn’t for some reason – commenting out ttyAMA0 from /boot/cmdline.txt and disabling serial-getty via sudo systemctl mask serial-getty@ttyAMA0.service should definitely free the port.

But still one must manually set pins 15 and 16 into ALT0 state. Command-line “gpio” utility can be used for that:
gpio mode 15 ALT0
gpio mode 16 ALT0

Don’t do the manual pin ALT0 mode setting – enable UART in /boot/config.txt instead (find enable_uart=0 and change to enable_uart=1).
This will ensure /dev/ttyAMA0 will exist. Otherwise it may not exist.