syst.eng. Anders Larsen/2013-03-30T20:23:00+01:00Looking for a Blog platform2013-03-30T20:23:00+01:002013-03-30T20:23:00+01:00Anders Larsentag:None,2013-03-30:/posts/blog-platform.html<p class="first last">Looking for a Blog platform</p>
<p>Some time ago I decided to join the blogosphere, having read
<a class="reference external" href="http://www.stevemcconnell.com/">Steve McConnell</a>'s <a class="reference external" href="http://www.stevemcconnell.com/ieeesoftware/bp10.htm">Call to Action</a> (at the bottom of the page):
"If you are actively developing software, I urge you to write about your insights. If you have worked on a project that taught you valuable lessons, share them."</p>
<p>Unfortunately (I thought at the time), all user-ids similar to my preferred id
were already in use on the public blog hosts
(although many of them seemed abandoned), so I dropped the idea again.</p>
<p>After my web-hoster <a class="reference external" href="/posts/server-outage.html">went south last month</a>,
I quickly set up <a class="reference external" href="//www.apache.org/">Apache</a> to host my old home pages and noticed that
those pages hadn't had a decent update for almost a decade, so
I decided to ditch them and instead host the blog myself
and started looking for a suitable platform.</p>
<p>I soon found that most "mainstream" blogging platforms were either
using <a class="reference external" href="//www.mysql.com/">MySQL</a>, coded in <a class="reference external" href="//php.net/">PHP</a>, or both.</p>
<p>My preferred database is <a class="reference external" href="//www.postgresql.org/">PostgreSQL</a> (which scores higher on the performance
benchmarks and feature comparisons I've seen so far), and PHP is certainly
<a class="reference external" href="http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/">not my first choice</a> of programming language.</p>
<p>So I started looking for blogging platforms written in <a class="reference external" href="//www.python.org/">Python</a> and quickly
came across a <a class="reference external" href="//www.pydanny.com/choosing-a-new-python-based-blog-engine.html">post</a> on <a class="reference external" href="//www.pydanny.com/">Daniel "PyDanny" Greenfeld</a>'s blog - Daniel had
already thoroughly researched the subject and had found an interesting
solution: <a class="reference external" href="http://docs.getpelican.com/en/latest/">Pelican</a>.</p>
<div class="section" id="pelican">
<h2>Pelican</h2>
<p>Pelican creates static pages from <a class="reference external" href="//daringfireball.net/projects/markdown/">Markdown</a> or <a class="reference external" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> input -
this eliminates the need for a database backend and even allows a very
minimalistic web-server to host the pages
(thereby eliminating several security risks).</p>
<p>As an added benefit, I can keep my input pages locally in <a class="reference external" href="//git-scm.com/">Git</a>.</p>
<p>Setting up Pelican was fairly straight-forward, as the documentation is
detailed and complete - the hard part was to pick a theme among
the available lot...</p>
<p>Pelican even sports an integrated web-server and can generate HTML output
on the fly as soon as it detects that an input file was modified -
this enables you to check the result of your edits practically in real time.</p>
</div>
Port-based routing2013-03-23T20:14:00+01:002013-03-23T20:14:00+01:00Anders Larsentag:None,2013-03-23:/posts/port-based-routing.html<p class="first last">Port-based routing</p>
<p>My current network setup looks somewhat like this:</p>
<pre class="literal-block">
________ \ / ________
__________ | | / \ | |
_________| |___| ADSL- |____\ Internet /____| root |
LAN | firewall | | router | / \ | server |
|__________| |________| \ / |________|
^ / \ ^
:..............................................:
OpenVPN tunnel
</pre>
<p>My local Internet connection (left-hand side)
does not have a fixed IPv4 address,
so I used to send outgoing e-mails through my mail-hosting provider,
who unfortunately <a class="reference external" href="/posts/server-outage.html">went south last month</a>.</p>
<p>The root-server on the right-hand side,
which hosts some virtual machines,
has a fixed, global IPv4 address, and since I control the DNS zone file,
I decided to have it handle outgoing as well as incoming e-mail traffic.</p>
<p>One of the virtual machines on the root-server hosts a <a class="reference external" href="http://www.postfix.org/">Postfix</a> mail-server,
another hosts an <a class="reference external" href="//www.apache.org/">Apache</a> web-server.</p>
<p>The easy part was to route incoming traffic to those VMs
using <em>iptables</em> on the root-server:</p>
<pre class="literal-block">
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to-destination "IP of Postfix VM"
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination "IP of Apache VM"
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source "global IP of root-server"
</pre>
<p>Now, routing outgoing e-mail traffic from my LAN through the root-server
without passing <em>all</em> traffic through the VPN tunnel was a bit more tricky.</p>
<p>First, declare a new routing table for <a class="reference external" href="//wiki.linuxfoundation.org/networking/iproute2">iproute2</a> on the firewall;
let's call it "smtp" and assign it the (arbitrary) number 25:</p>
<pre class="literal-block">
# echo "25 smtp" >> /etc/iproute2/rt_tables
</pre>
<p>Next, when the VPN tunnel comes up,
add a default route using the new table <em>smtp</em>
and force marked packets through that route:</p>
<pre class="literal-block">
# ip route add default via "root-server IP on VPN" table smtp
# ip rule add fwmark 0x01 lookup smtp
</pre>
<p>(the above two commands could be placed in the <a class="reference external" href="//openvpn.net/">OpenVPN</a> "up" script).</p>
<p>Finally, mark outgoing SMTP packets using <em>iptables</em> on the firewall:</p>
<pre class="literal-block">
# iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark 0x01
</pre>
<p>Et voilà - SMTP packets originating on the firewall
(which queues outgoing e-mails using Postfix)
are routed through the VPN tunnel and exit from the root-server
(using its global IP address).</p>
<p>With outgoing e-mail traffic originating from a fixed IP address,
configuring <a class="reference external" href="http://www.dkim.org/">DKIM</a> and <a class="reference external" href="http://www.openspf.org/">SPF</a> is now possible.</p>
Server outage2013-03-04T22:01:00+01:002013-03-04T22:01:00+01:00Anders Larsentag:None,2013-03-04:/posts/server-outage.html<p class="first last">Server outage</p>
<p>For the past twelve years my domain has been hosted by a regional company
(separate from my ISP),
but although problems have been few and far between
(and were always solved swiftly),
I was forced to take over and handle it myself.</p>
<p>Here's a record of my ordeal:</p>
<div class="section" id="tue-2013-02-05-day-one">
<h2>Tue 2013-02-05, day one</h2>
<p>At 09:15 UTC the lights suddently went out at my hoster's data center (but
I didn't notice until the next day).</p>
<p>My logs show that my local server successfully fetched a batch of e-mails
at 09:13 UTC, but two minutes later
<a class="reference external" href="http://www.fetchmail.info/">fetchmail</a> stopped in the middle of the next batch.</p>
<p>Since then, all connection attempts timed out.</p>
</div>
<div class="section" id="wed-2013-02-06-day-two">
<h2>Wed 2013-02-06, day two</h2>
<p>I wondered why I hadn't received any e-mails (not even the occational SPAM)
for the past day and took a look at my server logs.</p>
<p>Having noticed the timeouts I tried to contact the hosting company, but their
land lines (VoIP) were dead.
I couldn't reach their home-page either, so I wondered if perhaps their
backbone was damaged.</p>
<p>Not knowing what was going on or even if the problem was transient or not,
I patiently waited.</p>
</div>
<div class="section" id="thu-2013-02-07-day-three">
<h2>Thu 2013-02-07, day three</h2>
<p>Still no connectivity to the hoster and no news whatsoever about the
incident, so I started preparing for the worst.</p>
<p>As the hoster was located in my region (less than 20 km away)
I decided to drive by after work and have a look at the surroundings.</p>
<p>I got there about half an hour before the end of their office hours,
but I could not spot neither light nor any other sign of life in the
entire building, so I decided to act.</p>
<p>At the advice of a knowledgeable collegue I opened an account with
the domain registration robot of the German hoster
<a class="reference external" href="//www.hetzner.de/">Hetzner Online AG</a> in order to move my domain elsewhere.</p>
<p>I placed the order rather late in the evening, so I just had to wait
until the next day.</p>
</div>
<div class="section" id="fri-2013-02-08-day-four">
<h2>Fri 2013-02-08, day four</h2>
<p>I received the access code to the domain registration robot in the morning
and immediately initiated a domain transfer.</p>
<p>Alas, my request was rejected; it turned out I had to provide an authorisation
code which the domain registrar is supposed to provide.</p>
<p>Now things threatened to get out of hand - the old hoster
(still unreachable) was <em>also</em> the registrar,
so I had to quickly learn how the Internet works (organisationally, that is).</p>
<p>My hoster was a member of <a class="reference external" href="http://www.corenic.org/">CORE Internet Council of Registrars</a> in Geneva,
so I emailed them that my hoster/registrar was Missing In Action and
asked for help.</p>
<p>The person from the CORE secretariat was friendly and helpful; after having
cleared some formalities regarding proof of identity I was handed the precious
authorisation code, only two hours after the first contact.</p>
<p>With the authorisation code at hand,
the robot finally accepted the domain transfer request.</p>
<p>The confimation stated that the actual transfer would only take place after
five days (unless the previous registrar would ACK the transaction earlier,
but alas he was still unreachable).</p>
<p>I guess I could have expedited the transfer (by contacting CORE again),
but as it was now friday afternoon and
I still hadn't decided where to host my domain, I instead started searching
for a new hoster.</p>
</div>
<div class="section" id="sat-2013-02-09-day-five">
<h2>Sat 2013-02-09, day five</h2>
<p>I spent an hour or two looking for and comparing virtual servers
and root servers, since by now I had more-or-less abandoned the possibility of
selecting a new web-hoster but instead decided to regain complete control
by renting a server and configuring the web- and email-services myself.</p>
</div>
<div class="section" id="sun-2013-02-10-day-six">
<h2>Sun 2013-02-10, day six</h2>
<p>I decided to rent the smallest (read: cheapest) root-server from Hetzner,
still a fairly powerful box (i7 quad-core, 16 GiB RAM and 2 x 3 TB disk drives),
suitably for hosting a handful of virtual machines.</p>
<p>My plan was to compartmentalise the services (e-mail, web, whatever), each in
its own VM.</p>
</div>
<div class="section" id="mon-2013-02-11-day-seven">
<h2>Mon 2013-02-11, day seven</h2>
<p>The server was ready, complete with a Ubuntu 12.04 minimal installation.</p>
<p>Having restricted access according to my wishes
the next step was to install and configure <a class="reference external" href="//openvpn.net/">OpenVPN</a> on the server
to get a comfortable routing to and from my LAN.</p>
<p>Next I installed <em>qemu-kvm</em> and prepared a 'template'-VM,
also with Ubuntu 12.04.</p>
<p>I then cloned the template and configured my new mail-server.</p>
<p>Since my domain was still lingering awaiting transfer, I could only test that
<em>local</em> emails were handled correctly, though.</p>
</div>
<div class="section" id="tue-2013-02-12-day-eight">
<h2>Tue 2013-02-12, day eight</h2>
<p>I configured the next VM as a web-server and uploaded the backed-up content
of my home-page.</p>
<p>Using <em>iptables</em> I redirected incoming traffic on port 25 to the mail-VM
and port 80 to the web-VM, then verified the connectivity.</p>
</div>
<div class="section" id="wed-2013-02-13-day-nine">
<h2>Wed 2013-02-13, day nine</h2>
<p>Early in the afternoon I got the longed for message that my domain
was finally transferred, so I configured DNS, logged into the
mail-VM and let <em>/var/log/mail.log</em> run by.</p>
<p>Less than a minute after having submitted my DNS zone file, the first
e-mail arrived: <strong>SPAM</strong>...</p>
<p>At any rate, it meant that after nine days I was now up-and-running again.</p>
<p>Oh, just noticed that my new server came with a global /64 IPv6 subnet!
Hmmm...</p>
</div>
The QNX4 file-system in Linux2004-02-03T21:01:00+01:002004-02-03T21:01:00+01:00Anders Larsentag:None,2004-02-03:/posts/qnx4fs.html<p class="first last">The QNX4 file-system in Linux</p>
<p>The QNX4 file-system option in Linux allows you to mount QNX4/QNX6-formatted
floppies and hard-disk partitions on your Linux box and access
the files as if they were on your native file-system.</p>
<p>It was originally written by Richard A. Frowÿn and Frank Denis, who -
due to lack of time - passed the maintainership on to me in december 1999.</p>
<p>I fixed the last severe bugs in Kernels 2.2.15 and 2.3.35;
previous versions were quite buggy and did not support fragmented files at all.</p>
<p>Starting with Kernel 2.4.19 it is possible to mount partitions created
with QNX version 6.1 and above.</p>
<p>A bug that got exposed by subtle changes to the Virtual File System can cause
a <strong>complete system hang</strong> when using the QNX4 file-system in Kernel 2.4.8
and 2.4.9 - the solution is to comment out line 399 of fs/qnx4/inode.c
(the problem was fixed in Kernel 2.4.10)</p>
<p>There's an alternative implementation which supports writing to the QNX
partition at <a class="reference external" href="http://qnxfs.narod.ru/">http://qnxfs.narod.ru/</a>, but I don't use it myself and cannot
guarantee that it will work for you.</p>
<div class="section" id="related-software">
<h2>Related software</h2>
<p>Peter Waechtler (formerly of QSSL Germany) wrote a <tt class="docutils literal">dinit</tt>-like utility
to initialize the QNX4 file-system from within Linux; you can get a copy here:
<a class="reference external" href="/files/dinit.tgz">dinit.tgz</a></p>
<p>If you are familiar with QNX and its Send/Receive/Reply IPC paradigm and would
like to use a similar mechanism with Linux, check the
S.I.M.P.L. project at <a class="reference external" href="http://www.icanprogram.com/simpl/">http://www.icanprogram.com/simpl/</a></p>
<p>A light-weight library implemented by Sam Roberts was available
at <a class="reference external" href="http://www.cogent.ca/Software/SRR.html">http://www.cogent.ca/Software/SRR.html</a>, but that link is dead now.</p>
<p>You may wish to see the QNX community portal at <a class="reference external" href="http://www.openqnx.com/">http://www.openqnx.com/</a>
for news, explanations, FAQ, forums, newsgroups, mailing lists,
software downloads, weblinks, tech reviews, searches, fun, tips,
online live support around QNX4 and QNX6.</p>
</div>
mkQNXnbi2003-12-29T22:41:00+01:002003-12-29T22:41:00+01:00Anders Larsentag:None,2003-12-29:/posts/mkqnxnbi.html<p class="first last">boot QNX4 over Ethernet</p>
<p>I wrote <em>mkQNXnbi</em>, a utility to allow net-booting QNX4 using
<a class="reference external" href="http://etherboot.org/">Etherboot</a> - a versatile, open-source dhcp/bootp Ethernet boot-ROM package.</p>
<p><em>mkQNXnbi</em> is included with the Etherboot-distribution tarball
(look into the directory <tt class="docutils literal">/contrib/mkQNXnbi/</tt>).</p>
<div class="section" id="related-software">
<h2>Related software</h2>
<p>You may wish to see the QNX community portal at <a class="reference external" href="http://www.openqnx.com/">http://www.openqnx.com/</a>
for news, explanations, FAQ, forums, newsgroups, mailing lists,
software downloads, weblinks, tech reviews, searches, fun, tips,
online live support around QNX4 and QNX6.</p>
</div>
Booting Linux on a WindowsCE device2001-03-13T20:23:00+01:002001-03-13T20:23:00+01:00Anders Larsentag:None,2001-03-13:/posts/amd-elan.html<p class="first last">Booting Linux on a WindowsCE device</p>
<p>I've written a <a class="reference external" href="/files/LinuxCE.tar.gz">utility</a>
to boot Linux 2.2.x via the WinCE loader on the credit-card size PC
"DIMM-PC EC" (manufactured by the German company <a class="reference external" href="http://www.gesytec.de/uk/">Gesytec GmbH</a></p>
<p>This module utilizes an AMD Élan SC410 PC-on-a-chip, which,
unfortunately, has some peculiarities.</p>
<p>The company <a class="reference external" href="http://www.pengutronix.de/index_en.html">Pengutronix</a> provides <a class="reference external" href="http://www.pengutronix.de/software/elan/index_en.html">patches</a> against 2.4.13 .. 2.4.17
which fixes a clock drift problem
and provides a work-around for a nasty serial interface bug.</p>
<p>The patches were merged into 2.4.18,
so you probably don't need them separately, though.</p>