Category: Linux

I finally decided to create a maintenance page to use whenever I’m upgrading any of my sites. This solution was pretty simple.

I added two RewriteCond stanzas to my .htaccess, at the top of the file at the base of the site. The first rewrite handles the case where the maintenance page exists:

# If the maintenance.html page exists, redirect to that.
RewriteCond /full/path/to/site/system/maintenance.html -f
# Don't redirect if the maintenance page was requested.
RewriteCond %{REQUEST_URI} !/system/maintenance.html
RewriteRule ^.*$ http://blog\.coredump\.ca/system/maintenance.html [R,L]

If the maintenance.html file exists, it is displayed. What happens when the maintenance is complete? Well, I remove the maintenance.html page of course. To prevent anyone from seeing a 404 once maintenance.html has been removed, I added the following to .htaccess immediately after the previous stanza:

# If the maintenance.html page does not exist, redirect to the index.
RewriteCond /full/path/to/site/system/maintenance.html !-f
RewriteCond %{REQUEST_URI} /system/maintenance.html
RewriteRule ^.*$ http://blog\.coredump\.ca [R,L]

Now all I do whenever I bring the site down for maintenance is:

1. copy maintenance.html into the appropriate location;
2. perform the site maintenance;
3. remove maintenance.html.

Isn’t that easy?

I’ve got an old IBM ThinkPad R51 that needed an upgrade. The CD-ROM has become flaky, so I wanted to install from a USB thumbdrive. Turns out this was pretty easy.

1. Download the Fedora live CD. For Fedora 10, this is about 682MB.
2. Follow the instructions at How to create and use Live USB.

That’s all it took. To boot from USB, you have to press the blue ‘Access IBM’ button, then F12. From there, the BIOS presents a menu and you can select the thumbdrive as a boot device.

BTW, I was initially going to attempt a PXE-boot and kickstart. This is also easy to do thanks to the folks at Etherboot.

Shaw was having routing issues (which was pretty obvious from my traceroute). Now that those issues have been resolved, I’m back up and running again. It’s unfortunate that this IP change led to ~9 hours of downtime.

Experienced my first significant backscatter on one of my domains today. Good times.

Here’s how backscatter happens:

1. spammer forges the sender in email, such as ‘From: NameGeneratedBySpammersEvilSoftware@example.com’;
2. server which receives the forged email bounces the message;
3. since the spammer used my domain as the sender, the bounce comes to my domain;
4. since the spammer guessed a name that doesn’t actually exist, my mail server is unable to deliver the bounce message locally (generating a double bounce);
5. my mailserver then sends the double bounce to postmaster at my domain; since I’m the postmaster, it sucks to be me.

Over a 5-hour period, I received 1200 of these little messages.

Some of this is caused by my use of qmail. Qmail will accept a message for delivery at the SMTP stage, then realizes there is no suitable recipient. At that point it has to generate a bounce and return it to the sender — who was forged, creating a double bounce.

Might become necessary to install chkuser — it refuses to accept email unless there is an actual recipient. We’ll see. At the moment, the rate of backscatter has dropped to a few per hour.

I received the results from my RHCE exam — they arrived in my inbox Friday night.

• Section I: Troubleshooting and System Maintenance
  • Compulsory: 50/50
  • Non-compulsory: 50/50
  • Overall Section I score: 100
• Section II: Installation and Configuration
  • RHCT Components: 93.5/100
  • RHCE Components: 100/100

My marks were much higher this time. Three more years of experience helped, but it was probably more important that I wasn’t a sleep-deprived father of a 7-week-old baby girl. It also helped that I had my IBM R51 with CentOS 5 — this was indispensable when I was studying.
RHCE Certificate number: 805007524928180
RHCE Certificate (PDF)

During yesterday’s RHCE class, Lee used a powered USB hub and some cheap USB thumb drives to construct a software RAID array.

This seemed like a pretty cool (and inexpensive) way to build a software RAID without destroying my ThinkPad. It wouldn’t do me any good to disable my ThinkPad before the RHCE exam, now would it?

I found a USB hub and some 512MB thumb drives at Staples. The drives were only $10 each, so this was a much lower barrier to entry than an enterprise attached storage solution.

Once I had the thumb drives connected I created some partitions of type fd (Linux raid autodetect). I then created the RAID 1 devices with mdadm. Once those were in place I created LVM pvs, vgs, and lvs. Last came the ext3 filesystems.

The beauty of this setup is I now have a safe place to test things. And it’s just too hilarious, you know?

I’m taking my RHCE again — it’s been 3 years, and my old certificate is going to expire real soon now. So I’m in Toronto and missing my girls.

When I took this course in 2004, I did it in Calgary. The instructor was Lee Elston. I was kind of surprised to see he’s my instructor this time around too.

The participants in this class seem pretty knowledgeable. This will keep Lee on his toes — no newbie questions from these people. It also means I’ll have to keep my blood-caffeine level pretty high.

This evening I’ve been hacking on my IBM R51. I installed CentOS 5 on it a couple weeks ago, because I knew what I’d be doing in the hotel.

Things I’ve done to this machine tonight:

• added udev rules for my CIRA usb key and my SanDisk SDDR-92 CF Reader:
  
cat /etc/udev/rules.d/70-cirakey.rules
BUS=="usb", KERNEL=="sd*", SYSFS{serial}=="JT8EYK0J", NAME="cirakey%n"
cat /etc/udev/rules.d/70-imagemate.rules
BUS=="usb", KERNEL=="sd*", SYSFS{serial}=="0300176226", NAME="imagemate%n"

• added corresponding entries to /etc/fstab:
  
/dev/imagemate1 /media/flash vfat noauto,user 0 2
/dev/cirakey1 /media/cirakey vfat noauto,user 0 2

• labelled my root filesystem as /:
  
e2label /dev/vg0/slash /

• updated both /etc/fstab and /boot/grub/grub.conf, then rebooted (yes, the system came back just fine):
  
grep -w \/ /etc/fstab
LABEL=/ / ext3 defaults 1 1
grep -w \/ /boot/grub/grub.conf
kernel /vmlinuz-2.6.18-8.1.8.el5 ro root=LABEL=/ rhgb quiet

• switched to permissive SElinux policy, then rebooted (relabelling the filesystems)

I’m happy to announce that the laptop is running better than it was when I left Calgary.

I still have a little more to review before I sleep: quotas, ACLs, and swapfiles.

After more than 6 years, I’m finally starting to get spam on my primary dmurray.ca email address. It has certainly helped that the address has not been published: my fans need to use my contact page first.

The QVCS Guide has clear instructions on configuring SpamAssassin to filter out spam. Once I had this configured I tracked down the spam_buttons plugin for SquirrelMail.

Theoretically, spam_buttons should have been an easy way to mark email as spam or ham (non-spam) from SquirrelMail. Alas, I had to fight a little to get this working. The missing piece was sudo -H in config.php.

1. Follow the spam_buttons INSTALL instructions.
2. In /etc/sudoers:
   
apache ALL=(ALL) NOPASSWD: /usr/bin/sa-learn

3. In spam_buttons/config.php:
   
$is_spam_shell_command = 'sudo -H -u ###USERNAME### /usr/bin/sa-learn --spam';
$is_not_spam_shell_command = 'sudo -H -u ###USERNAME### /usr/bin/sa-learn --ham';