We've had a self-signed SSL certificate for some time now (four years?) but it was self-signed and thus untrusted by most browsers.

Thanks to a kind donation by dkg we now have a "real" SSL certificate, valid for the next five years.

Installation was carried out in a rush, but I'll do it properly shortly. Any problems shout at me.

Thanks again, Daniel.

Update: I've also fixed the site to use a canonical host name, with the www. prefix now being used globally.

Yeah, I could hardly believe it either.

• http://lumail.org/

It is modal, it uses Lua for scripting/configuration. It is not yet complete, due to missing features. But as a read-only mail-viewer it works perfectly.

When I see a number of fake users, or spam comments, from a particular IP address I usually just block it.

As of today I'm now going to block the containing /24 instead.

Life is too short to play whack-a-mole with closely-related IPs.

The big link, "Search", at the top of the site pages now works.

Quick hack via Lucy::Simple.

The Lucy::Simple module made it trivial to write a simple indexer and search script. Took me only an hour or so, and I've been in bed most of the day!

I may well document the process in the future if there is any interest.

Years ago I had a linkedin account. It was not so useful to me, because I could remember who I'd worked with, and I would ask for personal recommendations/feedback from friends who were local about companies near me.

I deleted the account because I was annoyed by too many emails "Bob Smith wants to be in your network". That on top of fake-recommendations was just too much.

Recently I was searching for some details on PXE booting, and I came across an article I'd written shamelessly copied and pasted with no attribution in their forums.

http://www.linkedin.com/groups/PXE-boot-Setup-4566348.S.147719683

Reporting this to linkedin.com resulted in no action.

Submitting a formal DCMA-takedown notice to linkedin resulted in no action.

Poking them on twitter, twice, resulted in no action.

So, really, what are linkedin good for? Fake recommendations from people you've never met? Weekly spam about people who want to connect to you?

Update: Rejoined the site to see if I could flag/report it. No chance. Fuckers.

SO this site has now moved to Bytemark's BigV platform, and on the whole it is working properly.

This is a brief list of things that I've spotted:

• IPv6 support has gone away, until I route a /64 to the VLAN that holds these machines.
• The site-search is broken.
• Comment IDs on articles aren't working as expected
  • Because of the master-master MySQL setup.

There have been a flurry of spam sign-ups, made possible because I disabled the registration CAPTCHA - these seem harmless since they'll be prevented from submitting comments when they try.

Finally, on the admin-side, I need to implement cluster-wide blacklisting of malicious IPs. I figure I'll use rsync to sync a master-blacklist around, or something similar.

I'm slowly moving the hosting of this site over to BigV. This evening I've migrated the standalone site:

• http://planet.debian-administration.org/.

I'll do a full write-up in the near future. For the moment the basics are:

• Two new BigV guests - planet1 & planet2.
• A floating IP address which is live on only one host at a time 212.110.179.77
  • This is implemented using ucarp
• nginx serving the site.

The site is rebuilt every five minutes on both hosts, and providing one of the machines is up the site will be functional. I've gone this route because the site is comparatively low-traffic - and even when the traffic peaks it can easily be handled by nginx (it is entirely static).

Having two running via load-balancing seemed like overkill, but at the same time I'm making a lot of effort to redeploy things "properly" and part of that is having redundancy in all layers.

TODO: IPv6.

As part of the upcoming re-deployment I've moved the database server this site uses to a new location.

Fingers crossed this will be transparent.

I've been using github for a few days now, and finding it nice.

I typically develop and host on my own mercurial repositories, but it is nice to share and be more visible. I love the way the initial README is displayed beneath each repository. Something that makes it really easy to scan the project contents and get a feel for the purpose/history.

I'm not yet decided if I wish to mirror my repos, the git plugin for mercurial seems to die under Squeeze, so for the moment I'm unable to do so. But it might be an option for the future.

Anyway should you care I'm here.

Time for me to do something useful here, I guess?

I could talk about puppet, cameras, pies, or cake.

*ponder