Chris’ Blog

I am off to London, because Tomorrow… I am going to Google’s Developer Day. I am very excited about it, and look forward to meeting some of the people behind Google and getting to learn about some of their technology from them first hand. Exciting

So how do I get Postfix to verify and sign messages with the DKIM system, under Debian? Here is how.

1. First we need to install the dependencies.

   $ sudo aptitude install libdigest-sha{,1}-perl libemail-{address,mime-encodings}-perl libnet-{dns,server}-perl libcrypt-openssl-rsa-perl liberror-perl make libmailtools-perl

2. $ sudo cpan install Mail::DKIM

3. $ perl Makefile.PL
   $ make
   $ make install

4. $ ./configure --prefix=/usr/local
   $ make install

5. $ sudo adduser --system --shell /bin/false --home /var/run/dkimproxy --group dkimproxy

6. $ sudo mkdir /etc/dkimproxy/
   $ cd /etc/dkimproxy/
   $ sudo openssl genrsa -out private.key 1024
   $ sudo openssl rsa -in private.key -pubout -out public.key
   $ sudo chown -R root:dkimproxy .
   $ sudo chmod -R a=,u=rwX,g=rX,o=rX .
   $ sudo chmod o= private.key

Sorry, this solution will not run nicely on my NSLU2 so I have abandoned the rest of this documentation - it should help you somewhat though, hence I am publishing it anyway.

My laptop and desktop are not always connected to the same network as my server and when this is the case its most likely I do not have control of the network or want the information passed over the internet in plain text. So this is my answer to remote munin nodes, using the remote forwarding feature of SSH.

1. Install Munin Node:

   $ sudo aptitude install munin-node

2. Create the upstart event file:

   $ sudo -e /etc/event.d/munin-tunnel

   Write in the following text:

   start on runlevel 2
   start on runlevel 3
   
   stop on runlevel 0
   stop on runlevel 1
   stop on runlevel 4
   stop on runlevel 5
   stop on runlevel 6
   
   exec sudo -u munin ssh -N munin-reporter@munin-server.example.com
   respawn

3. Generate a SSH key for munin:

   You do not want to set a password on the SSH key

   $ sudo sudo -H -u munin /bin/bash
   $ mkdir /var/lib/munin/.ssh/
   $ cd /var/lib/munin/.ssh
   $ ssh-keygen -b 1024 -C munin@`hostname -f` -t rsa
   $ exit

4. Edit the SSH configuration for the munin user:

   $ sudo -e /var/lib/munin/.ssh/config
   $ sudo chown munin:munin /var/lib/munin/.ssh/config

   Insert:

   Host munin-server.example.com
   RemoteForward some-port-number localhost:4949

5. Now you need to do some leg work on your server first create a user so that the SSH tunnel can be created, I used munin-reporter. Then you need to copy the munin users public key on your client into the ~munin-reporter/.ssh/authorized_keys file on your munin server. I will leave this as a user task, set up how you like on your server. I would recommend prepending the munin public key with the following in the authorized_keys file to restrict what the user can do.

   no-pty,no-X11-forwarding,no-agent-forwarding

6. Again, on your server, we need to tell munin where to get the data about the remote host from, using the snippet below:

   sudo nano /etc/munin/munin.conf

   [node.example.com]
   address 127.0.0.1
   port some-port-number
   use_node_name yes
   

7. Next we need to test the connection and verify the host signature so, that it doesn’t need to be done again.

   $ sudo sudo -u munin ssh munin-reporter@munin-server.example.com -v

   Check for any errors etc. if you spot a problem retrace your steps.

8. All that is left is to start the upstart event and wait for some pretty graphs

   sudo start munin-tunnel

I have uploaded the photos me and my friend took whilst driving the journey from Gateshead-upon-Tyne to Lancaster, via the Hartside Pass and the Lake District, quite a few desktop wallpaper photos in the bunch.

How sad can you get, recreating a music video in the Sims?

So, at home currently rather than at university, this poses a problem when trying to connect to some resources, such as internal machines and private resources. I know Network Manager in Ubuntu has VPN support but I had never tried it out, so, I gave it a go. Issue the following command to install the required package, provides Microsoft VPN support to Network Manager.

$ sudo aptitude install network-manager-pptp

Now you can load my configuration by downloading the configuration file and click on the network manager applet, find the VPN Connections sub menu and hit Configure VPN…. Hit Forward, from the list choose PPTP tunnel, press Forward again and now press Import Saved Configuration…. Find the configuration file I told you to download and select it, now press Forward and then click Apply. Bingo!

I decided to convert my blog to use UTF-8 rather than Latin-1 as its character set, this turned out to be somewhat of a PITA. After changing all the table and database character sets manually I had to convert the data. Eventually settling for this little terminal magic.

mysqldump --default-character-set=latin1 --add-drop-table cs278_blog | sed 's/SET NAMES latin1/SET NAMES utf8/' | mysql cs278_blog

I redumped the data afterwards and checked it over with iconv which found nothing to complain about. I found how to do this here.

Wordpress 2.2 aka Getz has been released, once again I performed an upgrade using Subversion generated patches, which had one small problem. They changed the background images in the default style so I had to manually wget them from subversion.

cd wp-content/themes/default/images
wget http://svn.automattic.com/wordpress/tags/2.2/wp-content/themes/default/images/kubrickbg-{ltr,rtl}.jpg
rm kubrickbg.jpg

You usually expect the owner of the house you have bought to have moved out, not in this case, she was mummified on the sofa. Read More

I came across this fabulous Internet speed testing tool called: Speedtest.net. Best I have seen, okay the flash use is a little over the top but it works well.