• Lighttpd and the wonders of strace

  July 29th, 2007

  I ran Lighttpd under strace today whilst debugging a problem with mod_deflate and I found two mis-configurations just from watching the system calls it was making. In case anyone is interested, this is what I found.

  Firstly, I’d enabled the system.use-noatime option but I could see that it was failing to set this mode when opening a file to serve:

  
  open("/home/john/.../newsniffer.css", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_NOATIME) = -1 EPERM (Operation not permitted)
  open("/home/john/.../newsniffer.css", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 40
  

  I realised that Lighty drops privileges on start-up, and the O_NOATIME option is privileged. No biggie, but a wasted system call is a wasted system call, so I disabled the option. To my surprise, this fixed the blank/empty page problem I was having with mod_deflate. Clearly a bug, but now I can file a slightly more helpful bug report (this is the Lighttpd dev trunk btw).

  Secondly, I’d always assumed (having read it somewhere, I’m sure) that Lighttpd selected the most efficient event-handler available on the operating system – on my Linux 2.6 system this would be epoll, but strace showed Lighttp using regular poll:

  
  poll([{fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}], 6, 1000) = 0
  

  So, I explicitly configured it with server.event-handler = "linux-sysepoll" and now strace shows me:

  
  epoll_wait(39, {}, 4096, 1000)          = 0
  

  I’ve always found the strace tool very useful, but sometimes I forget and take it for granted. I love you strace tool.

  Tags: compression, debugging, lighttpd, strace

  Posted in GNU/Linux, Tech | 1 Comment »

• LUG Radio Live 2007 this weekend!

  July 6th, 2007

  Remember, it’s LUG Radio Live 2007 this weekend in Wolverhampton, UK.  As you can see from the schedule here, there are some cool talks by some cool people (and also a talk by me :) and a big party Saturday night.

  You can pay in on the door (a measly £5).  Details of local hotels to stay in here.

  Hope to see you there.

  Tags:

  Posted in GNU/Linux, Personal, Tech | No Comments »

• Daemontools and Ruby on Rails

  April 8th, 2007

  Dan J Bernstein’s (djb) daemontools is a set of programs to help you manage unix services. It provides a flexible, secure and convenient way of starting, stopping and sending signals to background processes. Combined with his ucspi-tcp tools, it can be used as an awesome replacement to inetd (it’s most often used in this way to run qmail, a secure and high-performance mta). It can be fiddly to set up and has a bit of a steep learning curve but I already use daemontools for various other stuff, so it was just natural for me to use it for Ruby on Rails deployment.

  Read the rest of this entry »

  Tags: daemontools, deployment, fastcgi, rails, ruby

  Posted in GNU/Linux, Ruby on Rails, Tech | 4 Comments »

• Top ten quick FOSS games

  February 21st, 2007

  Louisa wrote about her top ten favourite quick FOSS games.  All available in Ubuntu universe.  They’re all very addictive though, so beware.  My favourite is Frozen Bubble, but Neverball looks awesome so I’ll have to give that a go.  Tetrinet is great if you have some friends to play against too.

  Tags: free software, games

  Posted in GNU/Linux | 1 Comment »

• Maintenance pages status codes and Lighttpd

  January 10th, 2007

  I’ve noticed a few very broken maintenance page Lighttpd config examples around, including the one on the mod_magnet documentation page. They all manage to display the maintenance page ok, but they return a HTTP 200 status code to the client, rather than the more appropriate HTTP 503 code.

  As with all 500 status codes, the 503 code is an error code but it signifies a temporary error. The client should try again later (in fact you can specify how much later using the Retry-After header).

  A 200 code tells the client everything is normal and OK. So the user gets your nice maintenance page telling them of a temporary outage, whereas their browser gets told that everything is fine. Now this might not be a problem for a user, but if the client is a search engine or a caching proxy then it will assume the maintenance page is the new valid content for the request.

  If the Google crawler hits your site when you have the maintenance page up, it will update its search index with your “we’re down for now” message, rather than your cash prizes blog content. Your page rank will drop, your fat Adsense cheque will diminish and you’ll have to go back to your regular nine to five job in the city with people you don’t like in clothes you hate wearing.

  So, as you can see, it’s important to return the correct status code. Here’s how to do it with Lighty and mod_magnet:

  Read the rest of this entry »

  Tags: deployment, error, google, http, lighttpd, lua, mod_magnet

  Posted in GNU/Linux, Networks and Firewalls, Tech | 1 Comment »

• Xen on Ubuntu Edgy broken – Debian to the rescue

  January 7th, 2007

  I found a great HOWTO on getting a Xen virtual machine up and running on Ubuntu Edgy. Unfortunately, Xen is pretty broken on Edgy. I managed to get one virtual machine running easily but on starting a second one, Dom0 panics and the whole box freezes. It’s been reported on launchpad but as it’s in universe I guess it’s just not a priority.

  As a workaround, I installed the Xen kernels from Debian testing (Etch). These pulled in the Debian Xen userspace packages too, but they didn’t clobber anything. So now I have a couple of mostly Edgy virtual machines which I plan to use as a little test lab.

  Whilst troubleshooting, I also found another good Debian specific Xen HOWTO with lots of good general advice too.

  Etch is looking good. I work with Sarge a lot on servers and firewalls but I’ve not played with Etch much. I think I’ll get it installed in a Xen machine and have a play. I feel bad for not helping with its testing though.

  Tags: Debian, Ubuntu, virtual machines, xen

  Posted in Debian, GNU/Linux, Tech, Ubuntu | No Comments »

• Encrypted partitions with Ubuntu/Debian

  December 6th, 2006

  I figured out how to set up an encrypted partition on Ubuntu the other day. There are a bunch of ways of doing it but I found this to be the simplest. It should work on Debian too, since all the relevant packages are Debian ones anyway. In my example I’m encrypting an LVM partition (logical volume), but it should work with any device, including removable USB keys (see end notes). UPDATE: This is broken in Edgy but I figured out a simple fix, see below.

  Read the rest of this entry »

  Tags: Debian, encryption, filesystem, privacy, Security, Ubuntu

  Posted in GNU/Linux, Security, Tech, Ubuntu | 15 Comments »

• IPSEC VPN problems upgrading to Ubuntu Edgy

  November 2nd, 2006

  I upgraded my home gateway firewall to Edgy today in the hope of fixing some SATA problems I’ve been experiencing. The new Edgy kernel might help – we’ll see.

  Anyway, it went pretty well. Two runs (?) of apt-get dist-upgrade -u, a reboot and there I was.

  Unfortunately I had two problems with my Openswan IPSEC VPNs. I’m not so sure if these count as bugs. I’ll be investigating further and reporting if so. Anyway, techie details follow…
  Read the rest of this entry »

  Tags: dapper, edgy, icmp, ipsec, iptables, kernel, linux, NAT, netfilter, openswan, pmtu, Ubuntu

  Posted in GNU/Linux, Networks and Firewalls, Tech, Ubuntu | 1 Comment »

• grsecurity and selinux

  September 28th, 2004

  I’m playing with the grsecurity patches for Linux. Unfortunately 2.6.8 changed in a way that causes major headache for the grsec team, so no planned release date for a new patch. Having some problems with strange enforcements of rlimits, potentially linked to the rlimit auditing code. I’ll hopefully get time to tinker with SELinux too.

  Tags: grsec, linux, Security, selinux

  Posted in GNU/Linux, Security, Tech | No Comments »

• RedHat, Firestorm, 802.11b and rpm2html

  March 22nd, 2004

  I’ve been working on my qmail rpms for RedHat ES/AS/Fedora. I’ve even started some documentation. It’s all on my RedHat page.

  I’ve also been working on Firestorm, improving the arp decoder and developing my macwatch arpwatch clone. Hopefully this will appear in the latest Firestorm tree soon.

  I recently ditched my aging Linux wireless bridge/router/firewall in favour of a little Linksys device that cost no more than 60 pounds, uses considerably less electricity and makes almost no noise. The price is impressive and even the device seems to work ok. One thing it can’t deal with properly at all is the TCP ECN flag. The web admin port just sends a RST. Can you believe a Cisco company would make this mistake? Yes. I can.

  Also, I’ve created an rpm2html index of all the RPMs in my downloads tree. Some are old crap I’ve not bothered deleting yet, but there is some stuff in there that will be useful to someone (not just google).

  Gianni will be home from Luxembourg soon.

  Tags: cicsco, ecn, fedora, firestormnids, linksys, linux, nids, qmail, redhat

  Posted in GNU/Linux, Tech | No Comments »

• RedHat

  November 11th, 2003

  RedHat have reannounced the dropping support for some old versions (ands April 2004, still lots of warning). I say reannounced due to the fact they originally announced this December 2002. And have had it on their website ever since (very clearly). If you want a supported RedHat distro now (by supported I mean the fixing of security and functional bugs) you either neeed to pay for and use one of the RedHat Enterprise Linuxes, or use the Fedora Project distro. The RHEL versions are released every 18 months and supported for 5 years. Fedora looks to be an ongoing thing, but community supported. Lots of freeloaders are moaning and complaining. They don’t seem to understand that if you don’t have the skills to pay the bills (and patch, fix and recompile software yourself) you pay somebody else to do it for you. This support system is how people are expected to make money from GPL/open source software (and yes, people ARE allowed to make money). It sounds like it’s mostly coming from morons who list “cost” as the main benefit of using GNU/Linux as a server operating system. Get a clue.

  Tags: fedora, linux, redhat

  Posted in GNU/Linux, Tech | No Comments »

• Firestorm ethereal and RedHat Advanced Server

  August 15th, 2003

  I’ve ported my Ethereal ELOG patch to the latest version (0.9.14) and fixed a bug handling pcap captured alerts. Created Debian debs for powerpc and i386. Matt is working on some RPMS for RedHat 9

  RedHat’s latest change of support plans for RedHat Linux seems to be doing what was intended, getting more people to purchase Advanced Server (and the new Enterprise Server and Workstation) rather than leeching off them. Good for RedHat. There have been too many idiots selling RedHat Linux-based solutions expecting the coloured headgear company to do the hard work of beta testing, bug fixing etc.etc. for free.

  Tags: Debian, ethereal, firestormnids, nids, redhat, rhel

  Posted in GNU/Linux, Networks and Firewalls, Tech | No Comments »

• John Leach

  • John Leach is a human being living in Leeds, UK.

• Twitter

  • John is finally sitting down to watch Terminator 2 after @louisa_ insisted we watch 1 first. She, of course, was right to insist. 8 hrs ago
  • More twitter updates →

• Author Stuff

  • Brightbox Rails Hosting
  • Compost This
  • ELER Web Comic
  • New World Odour
  • News Sniffer
  • Photography
  • Profile and History
  • Recycle This
  • The Gillroyd Parade
  • Things to do today
  • Website

• Friends

  • Caius Durling
  • Deb Bassett
  • Gianni Tedesco
  • Ian Higgins
  • Louisa Parry
  • Rahoul Baruah
  • Sleepy Kev
  • Tim Waters
  • Tom Hall

• Stuff

  • ifup
  • Media Lens
  • Mia Bambina
  • News from nowhere

• Meta

  • Log in
  • Entries RSS
  • Comments RSS

• Search

The text of this blog is licensed under the Creative Commons BY-ND license