Older blog entries for mascot (starting at number 43)

mathieu: In answer to your question about FTP over routers which perform NAT. Firstly, as you're probably aware, there are two modes of FTP - Active and Passive. Passive FTP works over almost all routers, whereas active FTP rarely works over NAT unless the router is clever enough to know how to specifically interpret FTP traffic. Most FTP done via web browsers and the like is passive, since it works in more scenarios, but on Linux the command-line ftp client defaults to active FTP.

Passive FTP is easy. All connections are made from the client to the server, so the router can just route these as with any other connection (like HTTP and the rest).

Active FTP, however, requires the server to open a connection to the client. In the case of a router that does NAT, the router must know which machine on the local network to send this incoming connection to. In the case of a Linux router, that's the job of the FTP Conntrack module (I think), which basically keeps track of the FTP connection. If your router supports Active FTP, it probably has a similar piece of software running.

I hope this answers your question. And I hope someone will in turn correct any mistakes in my answer :-)


I've been in Scotland for the past two weeks, interspersing homework with mountaineering and photography. The weather was exceptional - unbelievable in fact: for the entire first week, we had hot sunshine and a cloudless sky. Anyone who's been to Scotland will know that this is highly unusual :-) I only got rained on once the whole time, and that was on the last afternoon. We did have an impressive thunderstorm directly overhead on one evening though - the strikes were so close that the electric field made my Dad's hair stand on end.

Computer stuff

I came home to a broken power supply in one of our home PCs. (No, it wasn't a power spike! It had been left unplugged. I'll just put it down to lack of attention :-) That machine is usually left on, so perhaps it was just some sort of momentum that kept it going...) Rooting around for spares, the only one I could find was in the back of my cupboard, labelled (by myself) as "Broken; buzzes". Well, it seems to work :-) and the buzzing is barely audible. I'll keep an eye on it though...

Linux Kernel Software Watchdog (and the daemon, watchdog-5.2)

I came across this for the first time today, and realised immediately how useful it could be on the webserver I manage for my friend. This server has bouts of instability, which I'm still trying to pin down, but my friend is trying to run a hosting business and doesn't appreciate long downtimes when it crashes and I'm not around to fix it. It seems that once I install the software watchdog, the downtime should be limited to only a couple of minutes in the event of a crash.

(Yes, I know this is fixing the symptoms rather than the cause. I'm still trying to find out which of the kernel patches I've applied is causing the crashes.)

I wonder if there are any other obscure goodies in the Linux kernel which I haven't come across yet? I'd certainly never heard of this before I came upon it by accident. Is this just me living in a cave, or are features like this rather under-advertised?

Happy birthday to me :-)

I'm 18 at last. And the first birthday card I got was from my local Member of Parliament, which (translated from politician-speak) basically said "Congratulations, you now have the right to vote, now make sure you vote for me." :-)

robocoder: no, really, Mozilla 1.4a was released yesterday. It's April 2nd today, so you're allowed to believe me :-)

I agree wholeheartedly, though, that the April Foolery goes too far. Slashdot was plain stupid yesterday, with the same fake article repeated five times. And the Gentoo Weekly Newsletter informed me that the Gentoo project was abandoning Portage in favour of RPM. I genuinely didn't know whether to believe this.

31 Mar 2003 (updated 31 Mar 2003 at 23:27 UTC) »


I'm so gullible. I just ran this Bash code, as found in someone's sig on Slashdot, just to see what it did:

:(){ :|:&};:

Anyone have any idea what it does? I just know it hogged my system and ground away at the hard disk, before I hit the Reset bitton :-) Shame I can't search for it; none of the search engines count it as a valid query.


To answer my own question: I've now been informed about what I just inflicted upon my machine. It makes perfect sense if you realise that ':' isn't a special character - in this case, it's a function name. Imagine it replaced by 'foo'.

Very neat.


Ooh, lucky me. I've just received my first voting card.

The next local election is shortly after my 18th birthday, apparently.


That Intranet I keep talking about - development is still ongoing; it's in CVS now and I'm beginning to prepare (!) to release it to the general public (it's already live at the company I wrote it for, where my Dad works, and it's been GPLed from the start).

I tried to update the copy on the live server from CVS today - except the ISP had somehow managed to only enable SSH access on all machines except that server. (That machine is also the proxy server, so it gets different firewall priveliges than the rest of the network (i.e. port 80 is enabled), but it's ironic that the only machine that needs external SSH can't get it...)


We found a leaflet in the car park at my Dad's place of work. It was the instruction leaflet for a hand gun - how to load, how to fire, etc.. Worrying...


Still goes on, miraculously.

Involved in a car crash today. Some moron in a 4x4 speeding through a red light into the side of my Mum's car. No major injuries, but we're both bumped and bruised - my Mum rather worse than myself.

But it was so close to being a lot worse. If we'd been just a little bit further forwards, the impact would have been directly on my Mum's door... (shudder). The car was a write-off as it was.

(And to think I was scared about rebooting my server yesterday...)

19 Mar 2003 (updated 19 Mar 2003 at 00:17 UTC) »

God I'm scared. I'm just rebooting my server (in Germany; no physical access) with an untested patched kernel to fix the ptrace vulnerability :-$

Do I trust Alan Cox's patch not to clash with my existing multitude of patches...? Only time will tell.


PHEW! It came back up fine. Now just to see whether it's stable.

I'm now responsible for a RedHat-based dedicated server hosted in Germany, which I'm managing on behalf of a friend. I've got to be very careful to avoid killing networking (nothing worse than the realisation that you've just broken SSHD and you can't now log in and fix it!). So far it's survived, although there were a couple of hairy moments with iptables. (It's also survived a deluge of traffic when another friend (aes)'s screenshot, also hosted on that server, got posted on the front page of GnomeDesktop.org... I never realised that site was so popular!)

Discovered many stupidities in Ensim Webppliance - shame it's not open source, otherwise I'd fix the problems :-( A project idea for someone: a GPL'ed Ensim clone. Specifically:

  • Lets you create domains on the server, each with their own website and chroot environment
  • Manages the config for apache (with vhosts), sendmail (or preferably something nicer like Postfix - not an option with Ensim!), proftpd, ssh, etc. so each user can connect as though they had their own server
  • When you connect through SSH, FTP, etc. it should work out which chroot you need to be in - Ensim does this with a PAM module that looks for horrible usernames like "me@mysite.co.uk" (which most programs refuse to count as a username!) - this means "log user 'me' into the chroot environment for 'mysite.co.uk'"
  • Tracks bandwidth used for each site separately
  • Allows for different access levels for the control panel - i.e. designated Site Owners can log in to change a few things about their domain (e.g. add mailboxes); designated Resellers can log in and create a limited number of domains with limited total bandwidth, etc.

It's the sort of project I'd really like to write (or contribute to) myself. But unfortunately I don't have the time at the moment. If anyone knows of a good, free product which does some or all of the above, please tell me. I'm never happy being tied to a product which I can't fix when it breaks. (Now there's an argument for open source software which you don't hear enough in businesses...)

My complete list of university offers for anyone interested. Now I've got to pick just two :-( Probably Cambridge as first choice, and Warwick as second. But if you ask me again tomorrow I will probably have changed at least three times :-)

You've got to pick based on grade requirements: if you make the grades for your first choice, you automatically go there, and you don't get to choose your second choice if you change your mind. So this is pretty much the final decision... and I'm no good at decisions :-(

34 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!