Chronophage.net Blog

So, I decided I needed a bit of a landing page for web.chronophage.net. I wanted to show certain active statistics, but I didn’t like the format, or information leakage that mod_status showed.

So I did some googling, and found this: http://www.phpclasses.org/package/3613-PHP-Retrieve-and-parse-Apache-server-status.html

Unfortunately, the examples were set to just show the stats of one server, and I had four.

Well, an array, for loop and some php rejiggering, and viola! Active server stats!

Now I can see all the worms attempting to XSS my websites.

Wee!

So, I changed mail, splitting mail.chronophage.net into a 3 host mail cluster, and a shell server.

Unfortunately, I have shell users who were using mail.chronophage.net as their moniker for pop/imap. This also broke their ability to log in to the antispam area and change their spam settings. I have fixed both of these issues.

Dovecot has a passwd-file facility, which uses passwd formatted files to do authentication. I simply added such a file to my mail cluster, with the shell username and {CRYPT} hashes (out of master.passwd) and added a proxy=y statement and a host=(shell server’s ip)

So now, when they log in, it’ll authenticate them, and then pass the authentication over to the shell server’s POP3 or IMAP server. Since they authenticate locally first, SASL works for sending mail.

This gives them one point for external clients, and still lets them log in via the shell server, or use procmail (via a .forward) if they so choose.

Unfortunately, this means that I have to manually keep password in sync in two places. But my users don’t change their passwords often, and there aren’t too many of them

So, for posterity

mail.chronophage.net (POP3, IMAP, SMTP)
https://mail.chronophage.net (webmail via roundcube)
https://mail.chronophage.net/squirrelmail (webmail via squirrelmail)
https://mail.chronophage.net/antispam (for antispam services)
gaia.chronophage.net (shell server)

Working on a post for work. Part 1 is pending edits and approval. Here’s a chart I’ve made for Part 2:

*UPDATE* Post approved: http://blogs.iphouse.net/2011/11/10/infrastructure-and-other-games/

I’ve been waiting, and working.

I’ve been waiting for my work to release a its new product. I’ve been waiting, politely, for my boss to blog about it. I’ve been waiting to show off this new product.

I’ve been working on provisioning, and working with customers on beta testing the new product. I’ve been working on templates, and auto install media, to make everyone’s life easier. I’ve been working on documentation for customers.

I’ve been waiting for, and working on, a VMware vCloud Director based product known as vmForge VDC.

This is cool stuff!

(continue reading…)

So…

It’s been awhile.

Recently, I’ve decided to make sure that all of my servers were IPv6 addressable. This was made infinitely easier by working at a forward thinking ISP. So a quick email to our network admin and bam! IPv6 routed to my vlan!
Now, what to do with it?

(continue reading…)

(..sigh) There’s a lot I like about RedHat. I like the fact that they’re worth more than a billion dollars as an OpenSource company. I like how they’ve been in the Linux game for a long time, and keep finding new ways to innovate and expand. I like how they have a competitive, yet accessible application stack, that runs on a wide variety of hardware. Their partner program, and resources are outstanding, especially when compared to other software vendors. I like a lot about RedHat. I just don’t like their operating system.

(continue reading…)

Man, I’ve been busy… I’ve recently been promoted to being a System’s Administrator! This has forced me to program a few BASH scripts. This one is for a customer that wants a managed system, but wants to be able to add websites at will. It’s pretty simple, and relies on an existing example.com template. Why example.com? Because I follow RFCs dammit! The template allows me to adjust the Apache specific settings, without recoding the script.  A little REGEX here, and a pipe to sed there, some error checking, formatting and a dash of some SUDO magic and voila! The customer doesn’t need to email/call me to add a website.  Sure beats paying for a crappy control panel

(continue reading…)

So, some of my users are avid World of Warcraft players. They’ve been complaining that they keep getting phishing schemes in their email accounts. Since Bayesian Filtering isn’t catching on, I think it’s time for custom SpamAssassin rules.

(continue reading…)

[Originally Appeared 02/04/2010 blogs.iphouse.net]

One of the many terms you’ll hear thrown around an internet service provider is Request For Comments, aka, RFC: “This isn’t per the RFC!” or “We follow the RFC!” or “Read the RFC!” So what is an RFC, and why do you want to know what it says.

(continue reading…)

I recently read an article explaining why FreeBSD was not more popular. The conclusion of said article was that the installer was daunting, and archaic, and that it was too intimidating to utilize. So, basically, whoever wrote this article (I don’t like calling professionals out) didn’t get past installing the operating system. He assumes, that once it’s up and running, it’s the same as Linux. Nothing about the Ports system, nothing about administration. The sum total of his experience was that that installer was intimidating. He went on to state, and I am paraphrasing here, that only old, wizened Unix admins would use FreeBSD, sitting on high from their ivory corner of the office, replete with Star Trek posters, and choice snippets of their homemade 1994 BoFH day-by-day calendars strewn about their desks,  as they are the only ones who would defend such a terrible installer. This is the type that would utilize an operating system that requires disk slices and network configuration. The rest of us “modern” geeks don’t want to bother with such incantations, abjurations and divinations. They just want an operating system that works out of the box. Point-and-click-and-go!

Well, that tells me that you don’t get it. I’m not wasting my time with my installer. You’re wasting your time with yours. And with your point-and-click Linux install, you’ve installed an “operating system” dedicated to wasting time.

It’s all about the futz factor. And you just declared “I live to futz!”

<Here comes the biography>

I am not a wizened UNIX admin. I’m a Macintosh kid. I grew up with GUI objects, and hypercard. I thought that the most efficient way to work with a computer was with a graphic interface. I did some work with DOS, and frankly, thought it archaic, and backwards. Setting base pages for memory, batch scripting, who needed it?

My first experience with UN*X was MKLinux on a Mac LC (the pizza box) I futzed and futzed with it until I got it to boot. No idea what to do with it. 2 years later, my uncle gave me a PII 200Mhz and I put Mandrake Linux on it, to use it as a NAT’ing router and I thought: Cool! Windows sneaked into my life in my late teens, as I could not resist the lure of Counterstrike, Duke Nuke’m and Quake. Still, I enjoyed futzing with Linux. Breaking things, trying to figure out how they were put together, tinker tinker tinker.

(continue reading…)