Chris’ Blog

I am currently enjoying the visual refresh Wordpress has been given in version 2.5. Its quite cool.

(08:23:11) Me: dude
(08:23:43) Me: we’ve been on keyboard websites for nearly 45 mins xD
(08:23:52) Squire James: sad eh?
(08:24:01) Me: maybe xD

A new month (2 weeks ago), a new screen and thus a two new desktop backgrounds (and last months):

After my recent break in I have looked into ways of protecting SSH and my server resources. I employ fail2ban on my main server, it has the resources to run such a programme - my Linksys NSLU2’s however do not. The solution is to use iptables to limit the number of connections any host can make in a given time frame. I wrote up a quick how to on this over at my wiki. Enjoy.

So today I come to you with a confession, I discovered one of my boxen had been successfully attacked and the attacker had by the looks of things used it for launching DDoS attacks. I feel particularly stupid because the entire thing was my fault, I left the root password as root. Although I must stress I didn’t set it to this, I was using a pre-build debian install because the d-i installer was broken under arm and forgot to change the root password to something a little more secure.

So it is the other side of the festive period and I am slightly better for it, financially. Next pay day should be even better, worked over 70 hours plus in 2 1/2 weeks. I bought myself a new phone over Christmas, it is a Nokia 3110c, and I got it for cheap using staff discount - not complaining. I’ve filled it up with a 2GB SanDisk MicroSD card from the ever fantastic SVP and now use it as my music player as well.

I started up a little project after I got a new phone with the basic aim to write a basic webmail client in PHP optimised for portable devices, its untitled so far. But it is very light on resources making use of PHP 5 with the IMAP Extension, and memcached for caching of IMAP data. I will make the source available via Subversion soon enough.

Over the holidays I have just had a made some serious changes to my server configuration, doing away with my reliance on Linux-VServer because it is just not stable enough. One of the instances crashes it generally will not sort itself out in a reasonable time without a reboot of the entire host, what I was trying to avoid. So instead I have moved most stuff back onto sandman proper now, the exceptions are a couple of things which need Debian Testing which still run on a VServer host. I hope to remove the need for these and then remove VServer totally and install OpenVZ which appears to be much more robust.

I am now using Lighttpd to serve the bulk of my web content because it has much lower resource usage than Apache and is fairly extensible and customisable, certainly more so than Apache until I discovered mod_macro. It does have some draw backs to Apache, like I cannot do PAM authentication or run Subversion without piggy backing it through Apache and certain configuration drawbacks. But considering the only VHost that really needs PAM authentication is my Subversion repository and that cannot move away from Apache I think I am okay.

Merry humbug to everyone who believes that some bloke called Jesus was born 2007 years ago today, Merry Christmas to others who joins in the madness just because its ‘easier’ that way. Christmas is overly commercialised nowadays and has lost its religious meaning, boo-hoo. Any how it is two years since I started this little blog as a trash can for the crap that accumulates in my head, although apparently some of it is useful to others. Enjoy the festive period, as it means a lack of work and academia for some variable period, in my case 4 weeks. *grins*

Ekiga is a VoIP client for GNOME. I recently registered with SIPGate.co.uk as I am planning to have a go at setting up Asterisk sometime in the near future. Sadly it wasn’t a well documented process and after searching Google, SIPGate’s website and Ubuntu Forums for help I found some tips on debugging Ekiga. Armed with this knowledge ekiga --debug=[1-6] I managed to discover the required ports for successful NAT traversal. They are as follows:

• 5060 - 5100/udp
• 8000 - 8012/udp
• 5004/udp
• 10000/udp
• 3478 - 3497/udp
• 3478 - 3497/tcp
• 1720/udp
• 30000 - 30010/tcp

I am sure they could be refined and there maybe some that are unnecessary but it Works or Me™, use them at your own risk.

So, this is the second time I have tried to address the problem I was getting with some Subversion repositories I was trying to configure to be served by Apache. I was trying to use the SVNPath directive to serve one repository but it was not having any of it, so instead I ended up serving them as a temporary measure using SVNParentPath in the format http://svn.example.com/~name/repos/ which is not what I wanted. I am using the Location container in Apache configuration to configure up my repositories, the path I had specified was /~name/. This is where the problem comes in, I would try to checkout the repository over the network and be greeted with a 405 Method Not Allowed error like so:

svn: PROPFIND request failed on '/~name'
svn: PROPFIND of '/~name': 405 Method Not Allowed (http://svn.example.com)

This stuck me as odd, it seemed the Apache was not serving the repository URI using the WebDAV module. When I gave up on an earlier attempt I reverted to using SVNParentPath and accessing the repository over the URI http://svn.example.com/~name/repos/ which worked perfectly and I couldn’t spot why. Turns out I made a single character mistake, my Apache configuration was set to use the path of /~name/ I should have used /~name because SVN truncates the trailing slash even if you specify it on the command line. Bugger!

Thunderbird’s default sorting is the wrong way around, IMHO. This has always annoyed me, I found out how to reverse it.