Just a Theory

By David E. Wheeler

Posts about Linux

Blog Restored, Google Analytics, FeedBurner

My “Server Room”

My “Server Room”

Some of you no doubt noticed that this site was down for several days, starting last Friday and lasting until yesterday. Sorry about that. I had a hard disk failure of some kind on the ca. 1999 OptiPlex I was using. I’ve had a newer box (ca. 2005) to move to for a while, but lacked the tuits. With this change, I was forced to make the switch. Fortunately, a Debian install CD let me login to the OptiPlex and access all my files, so I was able to recover everything. I even managed to keep the file modification times the same, so feeds won’t show everything as unread (which I’ve seen many times when other bloggers I’ve known have switched providers or recovered from some catastrophe). Unless you tried to hit this site over the weekend or on Monday or Tuesday, you should notice no changes at all (except speed, the new box is a lot faster!).

Naturally, I took advantage of this opportunity to get my blog configuration into SVN via my Capistrano deployment system. Hell, none of this stuff was even backed up before (although I did back up all my blog entries about a week before this happened—but not comments, yow!). The new box is now properly backing itself up and backing up the Kineticode server, and I can make changes to Blosxom and configure and reboot the blog from my MBP. Yay! No more remote editing.

I’ve also upgraded my “server room,” moving out the gigantic 17” CRT and putting in the 17” flat panel screen I’ve had floating around. I also plugged a USB keyboard into my KVM, so I no longer have to move keyboards around when I switch between the Linux server and the G3 Mac server. Of course, now that I have large disks and Time Machine running on all the other boxes in the house, we don’t use the G3 anymore. So I think we’ll be donating it soon.

Another change I’ve made was to stop doing my own log analysis (the command-line tools are such a PITA) and switched to Google Analytics and FeedBurner for tracking visitors to the blog and its feeds. I’ve still got the old log files around, so I can see how things have changed since before the switch to outside analytics providers, but I’ll probably just create a report from them and then ignore them from now on. Too much work to track that stuff.

In the future, I’d like to switch from Blosxom to some other tool. Maybe Movable Type, now that it’s open source. It’s pretty well-regarded and written in Perl, so I could hack it pretty easily. What I should do is avoid writing my own Blog engine. Right? Right?!. In the meantime, I have other priorities, so I’ll be sticking to Bloxsom for a while.

Looking for the comments? Try the old layout.

Windows Virus Hell

So to finish up development and testing of Test.Harness.Browser in IE 6 last week, I rebooted my Linux server (the one running justatheory.com) into Windows 98, got everything working, and rebooted back into Linux. I felt that the hour or two’s worth of downtime for my site was worth it to get the new version of Test.Simple out, and although I had ordered a new Dell, didn’t want to wait for it. And it worked great; I’m very pleased with Test.Simple 0.20.

But then, in unrelated news, I released Bricolage 1.9.0, the first development release towards Bricolage 1.10, which I expect to ship next month. One of the things I’m most excited about in this release is the new PHP templating support. So on George Schlossnagle’s advice, I sent an email to webmaster@php.net. It bounced. It was late on Friday, and I’m so used to bounces being problems on the receiving end, that I simply forwarded it to George with the comment, “What the?” and went to fix dinner for company.

Then this morning I asked George, via IM, if he’d received my email. He hadn’t. I sent it again; no dice. So he asked me to paste the bounce, and as I did so, looked at it more carefully. It had this important tidbit that I’d failed to notice before:

140.211.166.39 failed after I sent the message.
Remote host said: 550-5.7.1 reject content [xbl]
550 See http://master.php.net/mail/why.php?why=SURBL

“That’s curious,” I thought, and went to read the page in question. It said I likely had a domain name in my email associated with a blacklisted IP address. Well, there were only two domain names in that email, bricolage.cc and justatheory.com, and I couldn’t see how either one of them could have been identified as a virus host. But sure enough, a quick search of the CBL database revealed that the IP address for justatheory.com—and therefore my entire home LAN— had been blacklisted. I couldn’t imagine why; at first I thought maybe it was because of past instances of blog spam appearing here, but then George pointed out that the listing had been added on August 18. So I thought back…and realized that was just when I was engaging in my JavaScript debugging exercise.

Bloody Windows!

So I took steps to correct the problem:

  1. Update my router’s firmware. I’ve been meaning to do that for a while, anyway, and was hoping to get some new firewall features. Alas, no, but maybe I’ll be able to connect to a virtual PPTP network the next time I need to.

  2. Blocked all outgoing traffic from any computer on my LAN on port 25. I send email through my ISP, but use port 587 because I found in the last year that I couldn’t send mail on port 25 on some networks I’ve visited (such as in hotels). Now I know why: so that no network users inadvertently send out viruses from their Windows boxes! I’d rather just prevent certain hosts (my Windows boxen) from sending on port 25, but the router’s NAT is not that sophisticated. So I have to block them all.

  3. Rebooted the server back into Windows 98 and installed and ran Norton AntiVirus. This took forever, but found and fixed two instances of WIN32Mimail.l@mm and removed a spyware package.

  4. Rebooted back into Linux and cleared my IP address from the blacklist databases. I don’t expect to ever use that box for Windows again, now that I have the new Dimension.

The new box comes with Windows XP SP 2 and the Symantec tools, so I don’t expect it to be a problem, especially since it can’t use port 25. But this is a PITA, and I really feel for the IT departments that have to deal with this shit day in and day out.

What I don’t understand is how I got this virus, since I haven’t used Windows 98 in this computer in a long time. How long? Here’s a clue: When I clicked the link in Norton AntiVirus to see more information on WIN32Mimail.l@mm, Windows launched my default browser: Netscape Communicator! In addition, I don’t think I’ve used this box to check email since around 2000, and I never click on attachments from unknown senders, and never .exe or .scr files at all (my mail server automatically rejects incoming mail with such attachments, and has for at least a year).

But anyway, it’s all cleaned up now, and I’ve un-blacklisted my IP, so my emails should be deliverable again. But I’m left wondering what can be done about this problem. It’s easy for me to feel safe using my Mac, Linux, and FreeBSD boxes, but, really, what keeps the Virus and worm writers from targeting them? Nothing, right? Furthermore, what’s to stop the virus and worm writers from using port 587 to send their emails? Nothing, right? Once they do start using 587—and I’m sure they will—how will anyone be able to send mail to an SMTP server on one network from another network? Because you know that once 587 becomes a problem, network admins will shut down that port, too.

So what’s to be done about this? How can one successfully send mail to a server not on your local network? How will business people be able to send email through their corporate servers from hotel networks? I can see only a few options:

  • Require them to use a mail server on the local network. They’ll have to reconfigure their mail client to use it, and then change it back when they get back to the office. What a PITA. This might work out all right if there was some sort of DNS-like service for SMTP servers, but then there would then be nothing to prevent the virus software from using it, either.
  • You can’t. You have to authenticate onto the other network using a VPN. Lots of companies rely on this approach already, but smaller companies that don’t have the IT resources to set up a VPN are SOL. And folks just using their ISPs are screwed, too.
  • Create a new email protocol that’s inherently secure. This would require a different port, some sort of negotiation and authentication process, and a way for the hosting network to know that it’s cool to use. But this probably wouldn’t work, either, because then the virus software can also connect via such a protocol to a server that’s friendly to it, right?

None of these answers is satisfactory. I guess I’ll have to set up an authenticating SMTP server and a VPN for Kineticode once port 587 starts getting blocked. Anyone else got any brilliant solutions to this problem?

Looking for the comments? Try the old layout.

How Do I Know Whether NTPD is Working?

Well, after figuring out how to configure NTPD, it appears to be working well: there are two processes running, and there’s a drift file. However, the drift file just has “0.000” in it, and ntpq doesn’t seem to know much:

% ntpq -p
127.0.0.1: timed out, nothing received
***Request timed out

So, how do I know if it’s working? Is it working? Shouldn’t ntpq -p be more informative?

Looking for the comments? Try the old layout.

More about…

NTPD Configuration on FreeBSD and Red Hat Linux

Well, I got no responses to my request for assistance setting up NTPD on FreeBSD, but today I must’ve just been Googling better, because I found the resources I needed.

The most important site I found was the NTP configuration page from Computer Facilities Management at the University of Washington. It was valuable because it provided some simple ntpd.conf file samples that set up ntpd to run only as a client. So no I’m confident that no one will try to connect to my servers and cause any mischief. The CFM NTP page also helpfully pointed out that I could easily enable ntpd on my Red Hat box by typing chkconfig ntpd on.

Another interesting site I found is www.pool.ntp.org. The cool thing about using pool.ntp.org as the time server to synchronize my servers to is that it distributes the load to lots of time servers. So I set up my ntpd.conf files to point first to pool.ntp.org, and then to two geographically close servers.

And finally, this DynDNS page gave me the instruction I needed to get ntpd running on FreeBSD. All I had to do was add xntpd_enable="YES" to /etc/rc.conf. I restarted my box, and now I’m in business!

Looking for the comments? Try the old layout.

More about…

How do I Configure NTPD?

So I need simple instructions to get NTPD running on FreeBSD. It should function solely as a client, and not accept connections from other servers. I could also use the corresponding instructions for Linux (and don’t say “RPM”!). I’ve found an awful lot of information online about NTPD, but the simple instructions for setting up a secure NTPD to start when the system starts up are sorely lacking. Part of the problem with regards to BSD may be my not yet fully understanding how FreeBSD startup stuff is supposed to work, but I also can’t find simple instructions for how to configure ntptd to operate only as a client.

Links and instructions gladly accepted.

Looking for the comments? Try the old layout.

More about…