dolfschimmel.nl

For those wondering why I have such a low postcount the past few months, I was ill for a week twice, I’ve had holidays, and furthermore, I do a lot of webdevelopment using the Zend Framework (</spam)

I recently bought myself a new server which fit easily in the meter cupboard that I’m now using as a gateway. The specs are a AMD Athlon 64 X2,BE-2400, Socket AM2 (35 Watt), 2x Seagate Barracuda 320 Gb configured in software-raid, MSI K9AGM3-F motherboard and 4 Gb Kingston DDR2 PC5300 @667 MHz RAM. This server - especially due to the low-power cpu - consumes when idling only 65 Watt

I currently use it mostly/mainly for web-caching and proxying, as well as NAT-firewall. Because I do not use it for many other purposes, it wouldn’t be that much of a problem if something happened to it. Guess what, it happened There was a user configured who had a password that was the same as the username, while ssh running on port 22. Weird he, that someone guessed it After a couple of hours I discovered an unwanted user, who ran an irc server (I discovered an open port a minute after it was opened), and was able to lock the unwanted visitor out. New lesson: Make sure a user is simply not able to have a password that equals the username.

For anyone interested I suffixed my iptables-config that I use for proxying/masquerading.
Read the rest of this entry »

Since my upgrade to Gutsy, I encountered time after time that X-server crashed whenever I pressed the keycombination of shit+backspace. After some reading, it turned out that this behaviour is caused by XGL. I fixed it like this:
~/.kde/Autostart$ echo "xmodmap /usr/share/xmodmap/xmodmap.us" > disableXbackspacecrash
~/.kde/Autostart$ chmod +x disableXbackspacecrash
~/.kde/Autostart$ ./disableXbackspacecrash

Of course it was needed to restart kde first, before changes were taken into effect.

It just crossed my mind that I had to make a backup of some servers. Usually I only backup the home directory and databases, but just to be comfortable, I decided to create a backup of the entire harddisk. In this case, the server needs to keep running and serving websites and is located a couple of hundred kilometres away from here. Therefore it was no option to insert an extra harddisk and do a sector-to-sector copy.

The aim was to copy all files, compress them, and have the compressed file transfered to a mirror location. This can be achieved quite easily:
tar -cj / | ssh username@mirrorlocation.tld "cat > fullbackup_filename.tar.bz2"

After the full backup was created, and transfered to the mirror location, I saw that there was a compress rate of over 60%, which means the backup is still several gigabytes big. Time to buy some tapestreamer…

I’m using Proftpd on a shared webhosting server using PAM authentication. There’re plenty of users that I do want to have an sftp-account, but not an shell-account by default.

Because the way I configured proftpd I need to add ‘real’ linux users (also based on PAM). Which brings me to the problem right-away: The user gets shell-access at that very same time. It took some time, but I figured out this script:
#!/bin/sh

If you require shell-access, please contact your webhost.”;
exit;
fi;
exec /usr/lib/openssh/sftp-server

After setting the the right file-permissions (-rwxrwxr-x ), and changing the shell of a user to this script, that user will have no access to bash, sh, etc

I just updated ZendFramework on one of the servers I manage from 1.0.1 to 1.0.2.

cd /usr/share/php
wget http://framework.zend.com/releases/ZendFramework-1.0.2/ZendFramework-1.0.2.tar.gz
tar xvf ZendFramework-1.0.2.tar.gz
rm ZendFramework
ln -s ZendFramework-1.0.2 ZendFramework
chown nobody:nogroup ZendFramework-1.0.2 -R


And just to confirm the creation of the symlink was done succesfully:
ns4:/usr/share/php# ls -la
...
lrwxrwxrwx 1 root root 19 Oct 10 19:21 ZendFramework -> ZendFramework-1.0.2
drwxrwxr-x 5 nobody nogroup 4096 Oct 10 19:21 ZendFramework-1.0.1
drwxrwxr-x 5 nobody nogroup 4096 Sep 25 13:47 ZendFramework-1.0.2
-rw-r--r-- 1 root root 3775664 Sep 25 18:01 ZendFramework-1.0.2.tar.gz


A couple of years ago, I decided to register some of the .nl domain names with HostingDiscounter, for the moment it seemed fine.

Until last December, for every .nl domain you wanted to register/move/expire you needed a form as required by the SIDN. Last year December the SIDN decided that no forms are needed anymore. Which is some real progress, because from then on, everything should be possible fully electronic, right?

With all modern registrars who take their customers seriously, yes. For hostingdiscounter: no. You can register a domainname over the internet fully automatic. However, one needs to pay for changing the zonefiles (which is done by the staff manually,just like medieval times), also the changing of NameServers is done manually. And stuff gets worse, before you can cancel you contract with HostingDiscounter, you need to fill out a form, and send it by FAX or by Post, for their own administration they say. I wonder why they can’t automise that. They need to have that form 30 days before the domain name expires.

You need to specify on that form whether you want to cancel it, or move it. In case you want to move it, the move should be accomplished fourteen days before the expiration date of the contract. If it’s not accomplished fourteen days before the expiration date, they will automatically renew the contract for one more year, desperate beggers.

Though I’m not exactly sure what I want to do with the domain name it’s all about, I’m sure of one thing, I want to get rid of HostingDiscounter. I therefor modified the form in such way, that I have until the expiration date of the domain name to decide whether I move it, or let it expire permanently. They will probably not agree on that, but when I registered the domain name, this 14-day period is something that wasn’t mentioned in their terms of service, so I’m not tight to that for sure.

On the form it’s all about, they also require a signature. I don’t get the idea of that signature, it wasn’t needed when I registered the domain name, so they’ve got nothing to compare it too. However, I did personally sign the form. And as long as I sign it, it don’t matter what the sign(ature) is. Even if the signature says ‘invalid’, it is a valid signature (as approved by law). The signature I signed with, is attached to this post.

Anybody who is a big fan of bureaucracy I’d advice to register his/her domain names with hostingdiscounter. For anybody else (a vast majority I guess), please register your domain names somewhere else.

Signature:

For I wasn’t very keen on keeping removing all spam messages (see this post) I disabled any new comments.

I don’t know why I’ve never done so before, but today, I decided to check out what IP-addresses are used, and I discovered that it are just a couple of big spammers (and a few little ones). I blocked these IP’s, and let’s hope the best about it now. User comments are allowed by now.

For all spammers here, I’d suggest you start spamming these IP’s (which spammed me):
134.93.178.33
81.95.146.227
12.64.30.55

For some project of mine, I thought I needed LDAP, and installed it:

apt-get install ldap-utils slapd

Unfortunately, I kept getting the error:

Unrecognized database type (bdb)

or

Unrecognized database type (sql)

Depending on whatever database I tried. After several hours of putting a lot of effort, sweat, and tears into it, I decided to compile LDAP myself. After a couple of seconds, it said that I was missing some libraries for the Berkely DataBase (BDB) support. This made some bells ring, and it didn’t take too long, to figure out that I needed the package libdb*-dev in order to use the LDAP packages.

It wasn’t much of a problem to install LDAP now, after all, this is what should have been done in the start:
apt-get install libdb4.4-dev ldap-utils slapd

Btw, after having it all working, I was told that I wasn’t going to need it after all……