SSL my blog

I’ll be at linux.conf.au all next week and I’m planning to update my blog a few times. The problem is that I’ll be on a wireless connection so prone to people sniffing my passwords.

So I thought I’d see if I could get https going on my server. A quick google found a page on generating self signed certificites and another on lighttpd as a ssl proxy so with a bit of tweaking:

#### SSL engine
$SERVER["socket"] == "64.62.228.123:443" {
                  ssl.engine                  = "enable"
                  ssl.pemfile                 = "/etc/lighttpd/server.pem"
                  server.name                 = "blog.darkmere.gen.nz"
                  proxy.server = (
                       "" => ( ( "host" => "64.62.228.123", "port" => 80 ) )
                   )
}

Which work well enough for me to post this article via. Obviously self-signed certifcates are not the best sort of thing for public sites but in my case I just have to make sure I get my browser to trust the cert before I leave and from then on I can be pretty sure I’m connecting to the right site and nobody is sniffing my traffic.

This evening I’ve been doing the slides for my lightning talk next week. Everything is turning into a bit of a rush since I leave early Saturday morning. But I think I should be okay.

Share

Linux.conf.au minus 1 week

Just had my last weekend in NZ before Linux.conf.au 2009 . I’m flying over this coming Saturday and back the Saturday following. So this weekend I’ve cut down a bit on other stuff and been prioritizing LCA.

I sent sent out a call for lightning talks to the LCA attendees list. So far we’ve got 3 confirmed lightning talks for the Sysadmin Miniconf and with a 1 hour slot on each day we have plenty of space for more. I hoping that a few first-time presenters will do quick talks about things like how they deploy apache or which monitoring system they use. Sometimes it’s very hard to get a feel for what other people are doing and a 5 minute talk on a simple tool can really help a lot of people.

Towards that I volunteered to do a 10 minutes (approx) talk on mondorescuse and PXE based on some stuff I’m doing at work and a previous blog post . My main bit last night and today was getting some screenshots of mondorescue and doing a little testing of stuff I didn’t cover at work.

I did my own screenshots since I couldn’t find any under a nice license ( I’ll release mine under Public Domain ) and the ones at work using VMWare client under Windows XP didn’t look right. To get mine I just ended up using KVM on my desktop and the built-in gnome-screenshot program.

A couple of interesting links:


Share

Chess for 2009

It’s around 11 months since I started playing chess again so I thought I’d do a bit of a review and some goals for 2009.

I’ve found I enjoy playing quite a bit both at the club, tournaments and online as well as doing study both by myself and with others. So I’m definitely going to keep going this year.

In the last rating list my rapid rating went from 1276 to 1314 but my normal rating only went from 1261 to 1274. The main reason for this is that I am still losing the odd game to very low ranked players though carelessness. My actual rating is probably closer to 1400 in both rapid and normal going against my results against players in the 1400-1500 level.

Goals for 2009

  1. Get my Rating to over 1700
  2. Play in NZ champs in early 2010 and do well in under-2000 grade.

Programme to accomplish this

  1. Keep playing at the Club
  2. Enter as many tournaments as possible.
  3. Play in over-1400 grades when able
  4. Train 10-20 hours per week
  5. Keep going to fortnightly coaching

Weekly training

  1. 10-20 hours
  2. 500 problems on tactics server ( 4 hours )
  3. 20 Blitz games on FICS each week ( 4 hours )
  4. 10 Standard games on FICS each week ( 4 hours )
  5. Study Openings repertoire and practice it ( 4 hours )
  6. Play though annotated games ( 4 hours )

Well that is the plan anyway. Certainly if I keep to it I’ve got a chance at reaching the goals. However keeping myself on track will be the hard bit.

I’m using a little area in the spare room going as a study space. For a computer I’m just going to use my Eee ( with external keyboard, screen and mouse ) but keep it off the network most of the time to cut the urge to browse. But for now just a board and a few books but thats enough for a start.

Share

Upgrading stuff

I’ve been spending most of today upgrading various bits and pieces on my external server. Since March 2007 I’ve had a dedicated server at Layered Technologies in the US. However with the change in the value of the dollar, a price rise they had a while back the cost has gone from around $NZ 100 to $NZ 200 ( $US 105 ) per month (with me paying a larger percentage of it) which is just a little too much for what I need.

So a couple of weeks ago I bought a $US 40/month VPS at Linode.com to replace it ( switch off of the old machine is the end of January ). So far I’ve been pretty happy, the box was provisioned in a few minutes, I got an extra IP no problem and it came with a nice minimal Ubuntu 7.10 install.

Today I’ve been moving over a few more service to the new machine and documenting it as I go.I’m also trying to get the config a little tidier than the previous one

  • DNS was pretty easy and I’ve tidied up my domains ( all 10 ) . I’m just waiting for people I secondary DNS for to make some changes before starting cut overs.
  • Some websites are move. The static sites ( like my homepage ) were easy and the wordpress ones were as well ( dump DB, scp , import DB ).
  • I upgraded WordPress to 2.7 while I was at it which seems to have worked okay. Only thing I don’t like is the small fonts on the admin pages.But there is probably a way to fix that.
  • I had a few problems moving over one web-app since it was keeping old info somewhere (I checked the DB and the configs) but as luck would have it Ubuntu has recently fixed the package to work with non-apache Web installs (I am using lighttpd) so I just blew away the DB, grabbed a clean install and took 20 minutes to re-add the small amount of data.
  • Wiki sites are still to be moved and I’ve left off a couple of that are probably getting moved elsewhere.
  • I got the basic backups working also just in case something goes kaput.

Overall it’s been a fun day. I would hope I’ll be able to finish the rest of the move by the end of next weekend.

Share

Youtube comment filters waste of time?

Even now and then I get bored and look on youtube at the odd video. One thing I notice is that in the comments for a video you have the option of flagging comments as a “poor comment” or a “good comment”. You also have the option of filtering the comments you see to only show those with scores of greater than -10 , -5 , 0 , +5 or +10 ).

The problem appears to be that nobody ever rates comments as good. So this feature is completely useless. To check I had a look at the top 8 videos on the most viewed videos of all time page and even though most of the had thousands of comments not a single comment was rated better than +5 . In other words a complete rating system for video comments that is completely unused by anyone.  Perhaps they should just remove the buttons.

I also noticed that the most viewed video on youtube ever ( Avril Lavigne – Girlfriend ) is “not available in your country” when I try to view it. I assume this says something about somebody’s business model.

Share

Sysadmin Miniconf programme up

I’ve just posted the programme for the linux.conf.au 2009 Sysadmin Miniconf !

This year we were allocated 2 days by the programme committee so we have 15 full length talks by some great speakers on a wide variety of topics. Have a look for yourself to see which ones you are interested in.

I’ve not yet updated the lightning talks but we have a few already and are still looking for more, so contact lca09 @ sysadmin.miniconf.org is you are interested in presenting.

Share

Server recovery first steps

At work last week we were looking at backups on a group of machines that had been installed by another company but which our team had recently taken over. I was interested in the backup system they had which involved doing a lvm snapshot of the boot partition and then rsyncing this to another machine is the group ( the rsync’s went around in a circle more or less).

This looked quite cute for quick machine recoveries ( we kickstart our servers but we are still at the stage of doing a fair bit of post install setup ) and we had a think about recovering machines by doing a simple kickstart, then netbooting the server, mounting the root partition under the netboot and rsyncing it back to the install. This seemed a promising idea which we thought would only take an hour or so per machine.

However over the weekend I had a bit of a think and it popped into my head that Mondorescue almost did this sort of thing out of the box already. So I’ve been playing around a it this week with it.

So what I have now ( testing using a scratch VM ) are a few commands that:

  1. Backup the server to a NFS partition.
  2. Make an differential backup since the previous backup

Which means I now have a directory on a NFS server with a couple of bootable ISOs sitting in it. One has the full backup of the machine ( it’s about a third of the size of the used space ) and the other has any changes made since the first was done. I do the differential since the full backup takes about 30 minutes of hard work for the server while the incremental only takes 3 minutes or so ( YMMV ). I’ll probably do full backups every week and differential backups nightly.

The fun bit is the recovery:

  1. Remove console the server and boot it over the network
  2. Use PXE to boot the full backup mondorescue image
  3. Mondo boots and thee automatic restores the server to the state is was when the last backup was made (about 15 minutes) . I then have to hit enter a couple of times to reboot
  4. Netboot the incremental mondo image.
  5. Mondo now applies any changes between the last full and the last differential backup.
  6. Reboot again to the hard drive
  7. Finished, machine should be up and running.

A bit of testing shows this only takes about 20 minutes for my test VM ( 3 Gigabytes of default RHE 5 goodness ) and production servers shouldn’t be much slower ( more data but faster disks and CPUs ).

With a bit of luck I should have this ready to deploy in a few days ( although I’m a little short of NFS space to apply it to every machine ).

Overall a fun couple of days, depending on how it goes I might even do a lightning talk about it at the Sysadmin Miniconf next month although I’m not sure if it’s a little trivial since this is close to “out of the box” functionality for Mondorescue.

Share

Economist plus meme

Why I love The Economist :

China could stop making aggressive gestures towards Taiwan and buy Malaysia instead. It’s already run by Chinese, so they’d hardly notice the difference. And Barack Obama, committed to uniting America, could defuse the nation’s culture wars by purchasing an alternative homeland for those of his countrymen who want more use of the death penalty, less gun control and no gay marriage. A slice of Saudia Arabia’s empty quarter would do nicely: there’s plenty of space and the new occupants would have lots in common with the locals

From O give me a home… in the Nov 13th 2008 edition.

and the Book Meme thats going around Planet Linux Australia.

  • Grab the nearest book.
  • Open it to page 56.
  • Find the fifth sentence.
  • Post the text of the sentence in your journal along with these instructions.
  • Don’t dig for your favorite book, the cool book, or the intellectual one: pick the CLOSEST

and mine is:

Black has a backward d-pawn and a weak square on d5, though it is difficult for White to exploit either – the d-pawn is well guarded, while occupation of d5 often simply results in exchanges.

From Understanding the Chess Openings by Sam Collins.

Which is I guess what you get when you insist on the nearest book.

Share