Archive for 2009

Creating Bind DNS-Entries with regular dyndns-clients in routers

Recently there was a message posted upon the debian-user-german mailing list asking if there is a way to create BIND-compliant DNS-Updates with regulars dyndns-clients from routers. The Idea behind this is to get rid of dyndns.org services and provide an independent way to maintain dynamic dns entries for boxes without a static ip-address without the need of dyndns providers. The goal was to create a text file which could be used as input for nsupdate with cron to run it frequently.

Service Failover with heartbeat?

I have got e.g. two servers with Apache and Postfix and a virtual IP (from heartbeat-1). Well, heartbeat is working well and it is simple to deal with complete server outages, but how can I configure heartbeat, so that it also switches the server, if one of the above services fail?

Connect to Informix using PHP5 on Lenny x86_64

After much trial and error, I have a Debian Lenny x86_64 server with apache2, php5, and connectivity to an Informix database server. Here are the steps I went through. Much of this information I found at http://devzone.zend.com/article/4290.

Handling network mounts on a very mobile laptop?

I have a laptop that travels with me to work as well as being used at home. I have a number of network CIFS mounts that I like to have available when I am at home, so I have them set to "auto" in /etc/fstab. When I am at work, I use a Mobile Broadband card to connect to the Internet. When at home, I typically use Ethernet.

Speeding up dynamic websites via an nginx proxy

Many of us are familiar with the use of Apache for hosting websites. It might not be the fastest webserver but it is extraordinarily popular, extremely flexible, and a great choice for most people. However there are times when it can struggle, and placing a proxy in front of it can be useful.

Offline Package Management for APT

This article is about Offline Package Management in Debian. Debian is a pretty well known project. One of the things that makes Debian very popular is APT (a.k.a Advanced Packaging Tool) which allows remote package downloads, upgrades and dependency resolution. Unfortunately it does require a network connection - unless you use apt-offline.

Providing a website search facility with the namazu indexer

Adding searching facilities to websites makes it a lot easier for finding content. When sites are dynamically constructed it is often simple to update the code to perform the searching in the application, but for sites constructed of static pages using an indexer such as namazu can give you a great interface in very short space of time.

Raising the uid and gid limits?

According to Debian policy, limits for both UID and GID numbers (User IDs and Group IDs) are a maximum of 65535. Is there a way of increasing this limit?

Getting emacs23 for Lenny

I'm eager to try org-mode for emacs and see it comes with emacs23. I've just updated from etch to lenny (only kinks were having to re-setup nVidia's driver, remove && install gdm+gnome, install a new VMware (just run the .bundle file worked a treat!)) only to discover there's no emacs23 available.

I've got the org-mode for Lenny's emacs22 but now I know of emacs23 I'm keen to try that - any ideas?

thanks, michael

Howto: Canon LBP 5100 with Samba (amd64)

I bought the relatively inexpensive Canon LBP5100 colour laser printer for my XP machine at home. I thought I would crack network printing from Linux soon.

Migrating a live system from ext3 to ext4 filesystem

This article is meant to serve as a guide for migrating a live system from ext3 to an ext4 filesystem, including migration of files to use extents, a major feature in ext4. It describes the entire migration procedure, including common pitfalls involving a migration of a live system, as opposed to doing a fresh install.

How should I allow mail, calendar and contact syncs?

I'm looking to create a Exchange-type server where users can have their Desktop, Laptop & iPhone contacts, calendars, notes, & email all synced automatically.

Automatic host installation using Viper

The purpose of this article is to give you a straight-forward, Debian-friendly way of installing and configuring Viper, a system for completely automated installation and configuration of Debian GNU based systems.

Rebuilding a single kernel module

This article shows how to rebuild only a single module that comes with the main kernel tree for folks that neither need nor want to rebuild the whole kernel. If you want to build an out-of-tree module, than that module's documentation is probably the best starting point.

Encrypting an existing Debian lenny installation

Once in a time, I get to travel to places that make me worry about the data on my laptop. This time, it is not the US, but another openly democratic country where they kill you for a joint, let alone nude pictures. Enough politics, though.

Where art thou? - CDPR

cdpr is a nifty little command which speaks the Cisco Discovery Protocol, allowing you to learn interesting things from your network.

OpenSSH logging with ChrootDirectory

Finally following up on the previous article on the subject, I found some time to investigate logging what happens in an internal-sftp session using rsyslog.

A brief introduction to mod_perl - Part 2

In our previous brief introduction to mod_perl we showed how to install it, and how to use it to improve the performance of simple Perl-based CGI-scripts. In this conclusion we'll show how you can do more useful things with a little bit of effort.

A brief introduction to mod_perl - Part 1

Apache is currently the world's most popular webserver. There are many alternative webservers, but Apache was one of the first which offered real control, flexibility, and numerous available extensions. With the introduction of mod_perl you can directly control almost every aspect of your webserver with pure Perl. Read on for a brief introduction to using mod_perl.

Providing better editing support for sbcl via readline

The readline library is used by many programs which need to provide a pleasant environment for performing text entry, offering completion, history, and advanced editing facilities. There are applications which, for various reasons, do not use it, but this is something that may be fixed with the addition of the rlwrap readline wrapper.

Testing SMTP servers with SWAKS

When changing software configuration it is always a good idea to test things as thoroughly as you can. In the case of SMTP it is generally possible to test things offline pretty easily, and then perform simple tests via a manual telnet - but the SWAKS tool makes SMTP-testing even simpler.

Getting Started with Firewall Builder

Configuring a firewall policy using iptables can be difficult. If you do it by hand, you need to learn a complicated command line syntax and understand packet flow inside Linux kernel very well. GUI applications such as Firestarter can help build simple configuration but quickly run out of steam when security policy becomes complex. This article introduces "Firewall Builder", a GUI firewall configuration and management tool designed to help solve this problem.

Exim4 SMTP Auth for the Real World

I tried several times to get SMTP authentication working for use in a modern environment with much wailing and gnashing of teeth. For starters, I don't want to have to authenticate every client on my LAN. Clients coming from my home subnet should be trusted by IP and should not have to authenticate. Secondly, I want to be able to relay mail from any client if that client authenticates via TLS from anywhere on the internet. Hopefully this will save other people some time and sanity.

Encrypted Debian Live USB key

Handling mostly old or problematic hardware and not always having a stable internet connection, I have been struggling to find a live-cd/usb-key system which is slim, easy and fast to customize, fully encryptable and includes the debian network installer.

Concurrent boot sequence

In the quest for the fastest boot ever (see Booting Debian in 14 seconds), you may want to consider setting the variable CONCURRENCY=shell in /etc/default/rcS, recalling from your your theoretical studies that "Parallel is faster than Sequential."

Per-Process Namespaces

Our main development servers at work use almost 100% free software; however, recently I had a rare pleasure of having to install a piece of a binary blob. The Blob reared its ugly head as soon as I tried its installation routine. Read on to see how per-process namespaces can help defeat The Blob.

What to do when the root partition is full?

I just upgraded from an older version of Lenny to latest. When the upgrade finished, an alert appeared noting that root partition is full. As a consequence of this problem (I think) I can't save or print Open Office documents.

Debian 5.0 (Lenny) Released Today

Today, after several months of delays, the next new stable release of Debian Lenny was announced. This release features many changes not least of which is a newer kernel and supporting tools allowing for improved hardware support.

Making The Bash History More Useful

Since I began programming I have worked on at least a hundred different computers: university workstations, my own computers, dozens of employer and client workstations. Each one had a history file loaded with commands that I begged, borrowed, stole, sweated and cried for. Countless hours of work now long gone or rotting somewhere in a stack of backups.

Automating ssh and scp across multiple hosts

If you're like me you'll run Debian GNU/Linux upon a number of hosts and at times you'd like to run a command or two upon all of those hosts. There are several ways you can accomplish this, ranging from manually connecting to each host in turn, to the more complex solutions such as CFEngine or Puppet. Midway between the two you can use pssh to run commands upon multiple hosts.

Blocking a DNS DDOS using the fail2ban package

Are you tired of getting multi-thousand line emails from the logcheck package that contain multiple reports of denied queries from named? If so this article will show how you can reject these DDOS attempts via the fail2ban package.

Is your firewall IPv6 aware?

If, like many people, you've started to experiment with enabling, configuring, and using, IPv6 it might not have crossed your mind to update your firewall. This could lead to surprises if you're unlucky. Read on for a simple overview.

Past Years