Definite's Extractor

My findings on Life, Linux, Open Source, and so on.

HOWTO: Configure Time (NTP) for Windows Server 2016 Using Command Line (cmd)

This is aimed to be complete steps for configuring the time service (NTP) for Windows Sever 2016. This is especially useful should you want to setup your own Active Directory Domain Controller (ADDC).

0. Networking Check

Ensure you can reach the NTP server. Assuming you are using :


1. Set the Time Zone

By default, windows just assume a time zone and show you the system clock. However, the default time zone is not necessary correct.

1.1. Check the Current Timezone

tzutil /g

1.2 (Optional) Query Available Time Zone

tzutil /l

1.3 (Optional) Set Time Zone

tzutil /s "E. Australia Standard Time"

2. Set the w32time service

2.1 Configure NTP Service

w32tm /config /manualpeerlist:"" /syncfromflags:manual /reliable:no /update

2.2 Confirm that NTP Configuration

List the peers

w32tm /query /peers
The result looks like:
#Peers 3
State: Active
Time Remaining: 123.4567890s
Mode: 1 (Symmetric Active)

List the time source

w32tm /query /source
The result looks like:

2.3 Resync

w32tm /resync
The result looks like:
Sending resync command to local computer
The command completed successfully.

2.4 Indicate that NTP service is now reliable

w32tm /config /reliable:yes /update

2.5 Confirm status

w32tm /query /status
The result should looks like:
Leap Indicator: 0(no warning)

This should be it.

Build in epel8 branch with fedpkg

This article assumes you have commit right to the package, but you don’t have the epel8 branch in

  1. PKG=<YourPackage>
  2. fedpkg clone $PKG # if you have not done this
  3. cd $PKG # if you have not done this
  4. git branch epel8
  5. # Make the branch work with epel8
  6. git commit
  7. git push –set-upstream origin epel8
  8. fedpkg build
  9. Go to bodhi and create -> New update


To make Windows server 2016 time service unreliable to make it reliable

I was trying to resolve How do I force sync the time on Windows Workstation or Server?, and surprise! You need to make it “unreliable”!

Let’s make sure the w32time service is already configure to use external NTP. If not, run following to configure w32time:

w32tm.exe /config /manualpeerlist:”” /syncfromflags:manual /update

Also follows the article setting NTP server on Windows machine using PowerShell if you also want your control panel in-sync.

Most solutions do not work if the host is a Windows Server 2016 Active Directory Domain Controller (ADDC), as it treats itself as a “reliable” source that cannot make big time change.

w32tm /resync /force does not work, because the /force does not appear in server 2016.

net time /SET /Y does not work either, because it would have asked:

Do you want to set the local computer’s time to match the time at
\ (Y/N) [Y]

Of course, it won’t work if you are on, /Y just hides the question.

The steps work for me using PowerShell:

1. Set w32time service as unreliable

w32tm /config /reliable:no /syncfromflags:manual /update

Option /syncfromflags:manual means sync with NTP listed in peer list (i.e. external NTP), /update for notifying the time service the configuration have changed.

2. Restart the w32time

Stop-Service w32time
Start-Service w32time

3. sync

w32tm /resync

This should work.

4. If you DO need ADDC as a reliable time source, make it reliable again:

w32tm /config /reliable:yes /update
Stop-Service w32time
Start-Service w32time

How to Join an Active Directory Domain in Windows 10?

Short answer: the using the Run as Administrator PowerShell command line like

Add-Computer -domain

Benefits are:

  1. Command line is less likely to change. Most of the GUI steps I found do not apply to my Windows 10
  2. You got more clue (i.e. debug message). GUI just tell me “Something is wrong, ask your administrator…”, but I am the administrator, who should I ask? :-/

Command line reveals me the true cause: “The user is disabled”. After I enable the user on the server side with

dsmod user <UserDN> -disabled no

Things are worked as expected.

The “Proper” Way to Use Microsoft Word Master Document

Long story short, don’t use it, use field IncludeText instead.

As a DevOps/software engineer, I prefer to keep my files (even the MS word documents) consistent and synchronised.

I am looking for jobs and sending my resume to two kinds of organisations: public sector and industry. Public sector jobs usually require referees, while in industry, referees are not mandatory. So I have two types of resumes: with or without referees.

Why don’t I just use the one with referees? Some international recruiters are not aware of time differences and just call you in the most inconvenient time. I have received a call at 4:30 am, when all of my family are sleeping. So that’s why I am reluctant to include referees in my industry resume.

To keep both branches in sync, I though the master document was a good idea, until I saved and opened the master document, and I see mess, just as describe in Why Master Documents corrupt. And I saw an interesting quote:

There are two kinds of Master Documents: Those that are corrupt and those that will be corrupt soon. – John McGhie

I have also tried auto text in “building block”. The main problem of that is: I have hard time to locate them. I cannot remember whether I save it in or . When I need to update contacts several months later, I will probably forget they are in auto text.

Eventually, I found that the field IncludeText actually helps. But there are CATCHES:

  1. The insert field command is also not easy to find in UI. Search “Insert field” is more reliable. (The search field is at “Tell me what you want to do”)
  2. You need to manually input the filename, there are NO file dialog for you to choose.
  3. If the document is on OneDrive, the full path in local drive WON’T WORK. You need related path to OneDrive\Documents. For example. If the sub document, referees.docx is in the directory OneDrive\Job and your main document is also at OneDrive\Job, you need to insert ../Job/referees.doc to the field IncludeText in your main document.
  4. URLs in sub documents need to be well-formatted. In other words, for email addresses, WON’T work, you need
  5. Even if you do enter the correct URLs, MS Word like to show them as it pleases. It is up to MS Word to decide whether to show the URL as URL or plain text.

I uses Office 365, so version-wise it supposes to be always the latest. Perhaps I should have written the sub-documents as HTML+CSS and version control them.

HOWTO: sign dkms kernel module for UEFI secure boot

If you are stuck with UEFI secure boot, and desperately need to build and install a custom kernel module, then you need to know how to sign your kernel module.

To sign a dkms custom kernel, please refer my Git repository: dkms-module-util

Fix NTFS “unsupported reparse point”

Reparse point is an application-defined data that associate with a file or directory.  So it can be anything from symbolic link to mount point, and many more.

A comment in ntfs: unsupported reparse point says that plugins from Advanced NTFS-3G Features fix the problem. My own experience: works, but binary provided in is not.

HOWTO: Unwatch packages in Fedora package source (

If you don’t want to get messages from certain Fedora packages:

  1. Login  to
  2. Click Watchlist
  3. Click the package you want to unwatch, this will bring you to package Overview page
  4. There is an Unwatch  pull down which looks like the below picture. Click it and select UnwatchPackage Overview page

Note that you CANNOT unwatch the packages you maintained.

Legacy Python str.format() gotcha

In Python 2.7, str.format() works with empty string like:

python -c "print '{}'.format('')"

However, in Python < 2.6,  you will see:

ValueError: zero length field name in format

Workaround? Use %-formatting like:

python -c "print '%s' % ''"


Indent in Fedora-Flavored Markdown

I cannot find any documents about the indent in Fedora-Flavored Markdown. Yet I figure out following:

You need 4 spaces to indent. The rest is same with this Markdown Cheatsheet.

For example

- Upstream update to 1.10.0
    + Bug fixes:
        - Log to file defaults to unwritable location
        - Losing GUI config when restarting the OS

    + Enhancements:
        - CLI argument to control screen lock feature
        - Customizable size limit on clipboard sharing

- BuildRequires qt5-qtbase-devel


  • Upstream update to 1.10.0
    • Bug fixes:
      • Log to file defaults to unwritable location
      • Losing GUI config when restarting the OS
    • Enhancements:
      • CLI argument to control screen lock feature
      • Customizable size limit on clipboard sharing
  • BuildRequires qt5-qtbase-devel

See for the actual result.