Diary Products - Hannes Schmidt - Administrator

Install Squid 3.2.x on Ubuntu 12.04 (Precise) LTS

Fri, 25 Jan 2013 00:51:21 +0000

This is how I upgraded the Squid package from 3.1.19 to 3.2.6 on my Ubuntu 12.04 installations. The 3.2.x branch contains support for multiple cores, so that's a pretty important update to have. 12.04 is an LTS release, so I'm really not sure why 3.2.6 hasn't been backported to it. Anyhow, here's how I did it:

Set up the dquilt shell alias as described in the Debian New Maintainer's Guide:

alias dquilt="quilt --quiltrc=${HOME}/.quiltrc-dpkg"

Create ~/.quiltrc-dpkg containing

Lightweight and fast HTTP proxies

Sun, 20 Jan 2013 00:24:10 +0000

I recently evaluated several open-source HTTP proxy servers. I was looking for something lightweight and fast, without a persistent cache or with no cache at all.

Installing Mosh on Ubuntu Hardy

Fri, 27 Jul 2012 06:24:46 +0000

I recently had to get into the Mosh pit with my good old friend Hardy Heron aka Ubuntu 8.04 TLS.

wget --no-check-certificate https://github.com/keithw/mosh/zipball/mosh-1.2.2
mv mosh-1.2.2 mosh-1.2.2.zip
unzip mosh-1.2.2.zip
cd keithw-mosh-df955aa
sudo sed -i -r 's/#\s*(.*hardy-backports.*)/\1/' /etc/apt/sources.list
sudo apt-get update
sudo apt-get install build-essential autoconf automake libprotobuf-dev \
                     protobuf-compiler libncurses5-dev zlib1g-dev libio-pty-perl
./autogen.sh
protobuf_CFLAGS=" " protobuf_LIBS="-lprotobuf" ./configure --prefix="/usr"
sed -i s/LITE_RUNTIME/SPEED/ src/protobufs/*.proto
make
sudo make install

Domain Name (Dis)service

Fri, 18 Sep 2009 16:41:07 +0000

There are plenty of openly accessible DNS servers available that do name resolution for you. Most Internet providers run them for their customers. There are also DNS providers that encourage you to replace your ISP's name server with theirs. OpenDNS is one example. They even do it without charging you! But remember, hardly anything on the Internet is free. Someone will have to pay the bill. AFAIK, OpenDNS' business model is based on advertising revenue, so the advertiser pays the bill. This is how it works: If you accidentally type a URL with a nonexistent domain name, OpenDNS will resolve it to one of their web servers instead of returning an NXDOMAIN error. The web server will then serve a page with web search results related to the mistyped domain name and some advertisements.

Installing dbd-mysql for 64-bit binary installation of MySQL

Sun, 21 Jun 2009 01:02:44 +0000

The dbd-mysql gem assumes (?) an i386 architecture when building the native component of the driver. You'll need to set ARCHFLAGS appropriately and point the build at the installation of MySQL.

sudo env ARCHFLAGS="-arch x86_64" \
     gem install mysql -- \
     --with-mysql-config=/usr/local/mysql/bin/mysql_config

That should fix it.

Overriding DHCP- or VPN-assigned DNS servers in Mac OS X Leopard

Sun, 03 May 2009 20:13:55 +0000

I'll have to break sad news to you: /etc/resolv.conf has been made redundant in Mac OS X. The dig and nslookup utilities still read it but most applications use a different mechanism for picking DNS servers when resolving host names. They generally go through Darwin's resolver library which instead of reading /etc/resolv.conf looks up DNS servers via the SystemConfiguration framework backed by configd. Survival of the fittest, I guess, or, Darwin's intelligent design.

Ok, ok, I'll stop trying to be funny ... Anyways, this would be all swell if there wasn't the occasional need for manually specifying DNS servers. For me this need typically arises when I connect to a VPN managed by an operator from hell. After hours and hours of hard work (my fingertips still hurt from all the googling) I present to you a solution:

With the VPN connected, launch scutil with root privileges:

hannes-mbp:~ Sysop$ sudo scutil
Password:

List all network services with DNS configuration:

> list State:/Network/Service/[^/]+/DNS
  subKey [0] = State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
  subKey [1] = State:/Network/Service/F194302A-846C-4321-9325-6813DAE148F2/DNS

Pick one and show its contents.

> show State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
<dictionary> {
  SupplementalMatchDomains : <array> {
    0 : 
  }
  ServerAddresses : <array> {
    0 : 192.168.1.74
    1 : 217.0.43.81
  }
  SupplementalMatchOrders : <array> {
    0 : 100000
  }
}

Ahh, this is the one! So let's get rid of those pesky servers. Obtain a working copy of the DNS configuration entry. It's called ... drum roll ... well, obviously: "d" (rolls eyes).

> d.init
> get State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS
> d.show
<dictionary> {
  SupplementalMatchDomains : <array> {
    0 : 
  }
  ServerAddresses : <array> {
    0 : 192.168.1.74
    1 : 217.0.43.81
  }
  SupplementalMatchOrders : <array> {
    0 : 100000
  }
}

Reset the ServerAddresses entry to an empty array:

> d.add ServerAddresses *
> d.show
<dictionary> {
  ServerAddresses : <array> {
  }
  SupplementalMatchDomains : <array> {
    0 : 
  }
  SupplementalMatchOrders : <array> {
    0 : 100000
  }
}

Write the working copy back:

> set State:/Network/Service/A3551F2D-62CE-1234-B79A-6EE50CA7AE30/DNS

Note, that the line

d.add ServerAddresses *

clears the ServerAddresses array, thereby removing all DNS-servers tied to that particular connection ("service" in Apple-talk). Without service-specific DNS servers, Mac OS will fall back to DNS servers from other network services. Not sure how exactly that works. If you want to specify particular DNS servers, use

d.add ServerAddresses * 10.0.1.2 112.21.44.66

By the way, the "*" signifies array values, so it's not some kind of wild card.

Increase Wireshark Font Size on Mac OS X

Mon, 08 Dec 2008 01:58:21 +0000

Wireshark has a preference setting for the font of the capture display but it won't let you change the main font used for other UI elements such as like menu, toolbar and dialog windows. The default for the main font is illegibly small on my Mac OS X Leopard system -- I used Macports to install Wireshark and its dependencies. To fix it you need to add the gtk-font-name setting to your .gtkrc-2.0 preference file:

echo 'gtk-font-name = "Sans 14"' >> ~/.gtkrc-2.0

This will affect all applications using the GTK 2.0 toolkit but I guess that's ok.

"No DBD Authn configured!" with Apache, Digest Auth and DBD

Sat, 02 Feb 2008 21:10:26 +0000

I use mod_authn_dbd to check HTTP authentication credentials against a MySQL database. After switching from Basic to Digest authentication I got 500 errors and No DBD Authn configured! in the server's error log. It took me a while to realize that it wasn't enough to change

Quickly enable/disable default gateway for VPN on Windows

Thu, 10 Jan 2008 21:53:46 +0000

Whether a VPN connection has the "Use default gateway on remote network" option enabled has big impact on how network traffic from your machine is routed.

Windows Vista's DNS server priority issues in VPNs

Fri, 28 Dec 2007 01:27:31 +0000

Today I ran into a subtle issue regarding the order in which Windows Vista queries connection-specific DNS servers. I tested a setup with a PPTP VPN server that also provides DNS name resolution services to its VPN clients. For that purpose I ran both a BIND 9 name server and a Poptop PPPD daemon on the same box. It is dual-homed, i.e. one interface is the private interface of the VPN tunnel endpoint and the other one is the public Ethernet interface through which the server is linked to the internet. I configured BIND to listen on both interfaces.

Ubuntu 6.01.1 "Dapper Drake" DVD Torrents

Sat, 02 Sep 2006 07:57:27 +0000

It took me sometime to find Ubuntu torrents that work. I noticed that the .torrent files on the official Ubuntu server and its mirrors point to dead torrents. After some digging, I found this tracker to be most up to date. In case you're stumbling over this problem too, give it a try. It seems to be the official Ubuntu tracker.

Installing VMware Server on Gentoo Linux (Version 3)

Mon, 10 Jul 2006 04:49:52 +0000

[This article is now somewhat obsolete because vmware-server have been included the official portage tree. There is no need for a separate overlay. The bug reports still apply. This is an updated version of a two previous article on the subject.]

The new VMware Server is going to replace VMware's GSX Server product. And it's more than just a new name: VMware will supposedly release it free of charge. Being still in beta testing, there are currently no stable ebuilds available for it on Gentoo Linux. Fortunately, Mike Auty and others are working on one and they are doing a fine job. They also seem to be streamlining and consolidating other related VMware ebuilds. You can keep track of their progress on these Bugzilla bugs:

Problems regarding the vmware-module ebuild: 137422.
Problems regarding the vmware-player ebuild: 137423.
Problems regarding the vmware-server ebuild: 137424.
Problems regarding the vmware-server-console ebuild: 137425.
Problems regarding the vmware-workstation ebuild: 137426.
Problems regarding the vmware-workstation-tools ebuild: 137428.
Problems regarding the vmware overlay in general: 122500.

The VMware Server ebuilds are not part of the official stable Gentoo portage tree so if you want to install them on your system you will have to jump through a few extra hoops. Fortunately this process has become very convenient and straight-forward thanks to Gunnar Wrobel's layman.

Installing VMware Server on Gentoo Linux (Version 2)

Wed, 15 Mar 2006 16:17:49 +0000

[This is an updated version of a previous article on the subject.]

VMWare is going to replace its GSX Server product with the new VMware Server. And it's going to be more than just a new name: the best thing about it is that VMware releases it free of charge. Being still in beta testing, there are currently no stable ebuilds available for it on Gentoo Linux. Fortunately, Mike Auty is working on one and he is doing a fine job. You should keep track of his progress on Gentoo Bugzilla bug #122500. For people with little Portage experience (author included) it can be a bit complicated to throw together an ebuild from bugzilla attachments.

Per-directory configuration (.htaccess) in LightTPD

Thu, 02 Mar 2006 17:56:59 +0000

The frequent visitor of Diary Products knows that it runs on the LightTPD aka Lighty web server. The machine that hosts Diary Products is serving other sites as well so it needs to have some kind of virtual hosting mechanism in place. I use LightTPD's very straight-forward and easy to use mod_simple_vhost module. The only draw-back with LightTPD is that it doesn't support directory specific configuration files similar to Apache's .htaccess files. But this is not such a big deal for me because as much as I liked the convenience of .htaccess, I always considered it a waste of cycles and a security issue. The ideal solution in my opinion would be one which

Filtered: NMAP Port Scanner Sees Through IPtables Firewall

Thu, 23 Feb 2006 22:02:44 +0000

Ever wondered why port scanners like nmap are able to tell that some of the ports on your server are protected by a firewall? Have a peek at this nmap transcript:

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-02-23 22:54 CET
Interesting ports on doodah.com (12.34.56.78):
(The 1658 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
21/tcp   open     ftp
22/tcp   open     ssh
53/tcp   open     domain
80/tcp   open     http
3306/tcp filtered mysql

I'm quite sure my firewall blocks access to the mysql port. Yet it bugs me that it is possible to tell that I have MySQL installed on my system simply by performing a port scan.