Their work with mootools was a lot smoother than my work with prototype.

The site owes a lot to mootools.net, PEAR and smarty. I went with using the Pear libraries for database access, the Smarty tools for templating and the mootools for javascript. I’ve built a secondary site at hyperdesk themes that’s using the same stuff and also the blueprint css(link) libraries. Once nice thing about building a site for myself ( or to my own standards ) is that while I can say “this is ugly” ( the animation is currently ugly ), I can also say “make this better via the blueprint grid.” and not “move this over 2 pixels, no too far!”

Competetiveness is a virtue of companies. Basically, people who believe in it consider that there’s a limited amount of income available ( or public attention or whatever ) and they’re driven to get “their fair share” or “most of what’s out there.”

Here’s a list of values a client poses for his company. It’s not my list, but I think it’s an interesting one to look through:

• Creative in approach to solving problems
• dedicated to his own ideas
• high value on time
• competitive
• thinks big
• forward thinking/future oriented
• innovative

I like to think t hat I’m dedicated to my own ideas, innovative and creative with regards to problem-solving. However, I’m not sure I place a high enough value on time, or that I think big enough. As far as “competitive,” don’t make me laugh.

How does one groom oneself to become more competitive?

I configured it to watch the mail log and when a connection was rejected because of spamhaus.org, it would trigger. It would remember the IP for an hour and then let the spammer try again. Why an hour? Our list is currently averaging around 2500 ips, and I didn’t want it bigger than that.

This is the jail.conf entry:

[spamhaus]
enabled = true
filter = spamhaus
action = iptables[name=SPAMHAUS, port=smtp, protocol=tcp]
logpath = /var/log/maillog
findtime = 60
bantime = 3600
maxretry = 1


And the filter entry:

[Definition]
failregex = [[](?P\S*)[]] (?:did not issue|[(]may be forged[)])
failregex = (?P\S*) listed at sbl-xbl.spamhaus.org


However, here’s an intriguing question: at some point fail2ban just “stopped working.” It was like the regex didn’t match any more. Nothing obvious in the logs, et cetera. But when it stopped working, we were hammered by inbound spam. In fact, I originally thought the problem was a DOS attack. But maybe when the iptables rules expired, the spam mail servers carried on their normal mail sending ( when a mail server comes back online, send any waiting mail to it ). Maybe I’m not helping the problem and I should go back to a plain 5.7.1 reject?

So I’m imagining that it’s not really being maintained at the moment. Feel free to argue with me For now, I guess, I’m rolling my own class. And that’s ok too.

Here’s what I came up with: I was already running mrtg-rrd to do much of their graphing, so I wanted to create a MRTG Target line to correspond to “how long does our page take to render.” I wrote a script to run “/path/towget –delete-after -pq (page) -O /tmp/garbage” and display the amount of time it took. I wrote it in php because it was easiest.


$wget="/usr/bin/wget -pq --delete-after -O /tmp/garbage";
$toget = "$site";
$start=microtime(true);
exec( "$wget $toget", $out, $e );
$end=microtime(true);
$dur=round( $end-$start, 3 );
print "$dur\n";


The problem with this is that I was running it on their gateway; their gateway is also the monitor and grapher. It was taking less than a second to render the page ( because of local network speeds ). Instead, I wanted it to more closely correspond to what the client would be seeing. Their development server is at their office; so I put the script there and wrote the MRTG target to point at a local ( on the gateway ) script that got the value from the development server, printed it twice, printed the date and the name of the site. It looks like this:

$user='foo';
$password='bar';
$sitename='example.com';
exec("/usr/bin/lynx -auth=$user:$password --dump http://developmentserver.com/scriptname.php ", $out, $e );
$time=0;
while ( ($time==0) && (count( $out ) > 0 ) ) {
$time=(float) array_shift( $out );
}
print "$time\n";
print "$time\n";
print date("r\n");
print "$sitename\n";


A couple of important caveats. The day after I started running this ( it averages around 4.6 seconds, btw, much too long imho ), the displayed time doubled. It could have been a change to the page we’re looking for, but it turned out to be a DNS issue on the development server. So DNS is important. This doesn’t take into account the amount of time a browser takes to render a page; it’s just the time to download all the pieces. So processor intensive stuff, like super heavy javascript or super heavy tables, won’t show up here. However, if you keep in mind what the value is- how long to resolve and download all the pieces of a web page, this is a useful metric.

That is all.

I do, and you will too.

Of course, every book in the world will tell you that there are three sets of permissions; user, group and world. So something that’s rw-r–r– is writable only by the user but readable by everyone. There’s read, write and executable settings for each one, and they’re marked by “bits”. You know that computers think in binary, and in binary there are only zeroes and ones. Here’s what we’re interested in for the next few minutes.

Decimal 0 = Binary 000
Decimal 1 = Binary 001
Decimal 2 = Binary 010
Decimal 4 = Binary 100

If you look those over, you’ll see there’s only one way to get each of the numbers from 0 to 7 using only one of a number ( ie, you can’t replace a 4 with 2 2s ). A seven has to be a four, a two and a one. No other options. So when you’re saying “change the ownership of somefile to 755″ what you mean is you want the ownership to be read:ON, write:ON, execute:ON for the owner, and read:ON write:OFF execute:ON for everyone else.

If you’re ssh’d into your server and you run an “ls -la somefile” you’ll see something that looks like

-rw-r--r--

which translates to

011000100

or, taking off the first one ( because it’s special and I won’t talk about it here),

110 100 100

If you treat those each as binary numbers and translate them to decimal, you’ll have 644.

What’s this mean?
Basically, 4 is read permissions only. 2 is write permissions only but you can add them together and get 6 which is read and write permissions. There’s only one way to get a six; a four and a two ( you can’t have two threes or three twos ). When you add “executable” to the mix, you’ll see that you can add executable to any of these numbers and get 5 ( read and execute, don’t write ), 3 ( write and execute, don’t read ( weird ) ), 7 ( read, write and execute ).

Note that it doesn’t really make sense to “execute” a directory. The “executable bit” for directories translates to “traversable.” Or, in english, a user can go through the directory without needing read permissions. For instance, to use a contrived example, you could have a /var/logs/user/ directory and just give the users permission to see their own directory; the logs directory could not be readable or writable but be traversable; they could go through it. But if they did a “ls -la /var/logs”, they’d get back an error.

I ssh to the servers my sites are on in order to look at server statistics. I can’t stand automatically generated passwords with numbers, letters, capital letters, punctuation and more than thirty-five characters. They’re irritating, though pretty secure, I’ll admit. So here’s what to do in order to connect more automatically with your server.

First, make sure you have SSH access. With Site 5, it took me an email. With Hostgator, it took an email and a scanned copy of my driver’s license. No big deal, really. Ok, now you’ve got access to the server, what next?

I like a SSH client named Putty. Don’t use this in countries that outlaw encryption, for gods’ sake! Download Putty and PuttyGen ( you’ll need this in a couple of minutes). You can save them to your desktop, or to a thumbdrive, or whatever. Save the files.

Then run PuttyGen by double clicking on the icon. You want to create a SSH RSA 2 key. Click “generate.” You’ll need to “create some randomness” by moving the cursor around the blank area. Nothing fancy, just move the mouse. Click “save public key” to save the public key. You’ll want to come up with some identifying name for it; let’s use myserver.pub. And then you’ll need to save the private key. Click “Save Private Key” and it’ll ask you for a passphrase. A passphrase is a good idea, but if your computer is in your house and nobody else uses it, et cetera, you may not need one. Use your judgement. If you’re doing this on a laptop or a thumbdrive, you’ll want to use a passphrase. It’s just like a password. Enter “myserver.ppk as the name of the key and click OK to continue.

Hopefully this is the only time you’ll need your password for your account at your host. Click on the putty.exe file and run it. Type the name of your host ( possibly www.domainname.com, however you’d normally connect ) into the host box and make sure “ssh” is selected for connection type. Connect, and type in your password. You’re logged in now! Yay! See if there’s already a .ssh directory there with the command “ls .ssh”. If it’s not there, create the .ssh directory with the command “mkdir .ssh.” Chmod it to usable only by you: “chmod 700 .ssh”.

Enter the .ssh directory ( cd .ssh ) and look for a file named “authorized_keys.” If it’s not there, don’t worry, we’ll create it. Go back to where you saved your public key ( above, with the PuttyGen software. The public key is the one named “myserver.pub.” Open it up with a text editor like notepad. It should look something like this:

ssh-rsa AAB3NzD+rXhGEB9Bt6kEotYi/+gvcGKrRpeNIIekJvnCj4jAsmu9eQHgwxJq1rsTqo0iJAw0B6w0LPn+0omkorYcqA89OK/gsI1VuFuS+WV4oFCXbRBqJJkdkxz972uOqj/rn7re/zn3oKzsPhqUKCtdjz/c7S/zAX5DLT/DDhWkzS4QzrlZYWI0H8ruKh7ZcmOd7texXFkFFRYca7djvsFIbLQ//KVMAZ2l78r53SSvnNd2GoF3n9yvQsslze0t7Dh9t1i4Hni53rc990jpw==

with a comment at the right end of it ( leave the comment there ). Copy that entire thing. Go back to the Putty window and type “cat >> authorized_keys” and hit return. The cursor will drop to the next line. Paste in your public key, hit enter, and then hit “Ctrl-D” and enter, and your authorized keys file will be complete. You’ll want to “chmod 600 authorized_keys” to make sure that only you can read it. Or write it. Make sure the file is only one line long; the ssh key shouldn’t be broken into separate lines.

Ok, exit from your putty program. Close it up and restart it. Enter your server’s host name again in the box, and ensure it’s set for SSH. On the left hand window pane, go to “connection” and then to “rlogin.” Enter your username. Then go down a little more in the left window and hit “SSH” and then “Auth.” Use the myserver.ppk private key for authentication. It’s just like every other file- browse box. Make sure you go back to the left hand pane, back up to “Session” and save it. You’ll need to enter a name in the “name” box and then press “save.”

To use it, double click on the saved name in the little window. If everything went according to plan, Putty will read the private key (you’ll need your passphrase here if you used one ), generate the public key, and then use that to authenticate with the server, and then log you in.

Note to self:don’t do “yum -y remove coreutils.”

It seemed like a good idea at the time. I installed CentOS 5 on a new computer with a big hard drive, intended solely for network storage over NFS. So I figured I’d remove all the unneeded packages. I ran “yum list | grep installed” to get a list of all the installed packages, and then made a long list of packages to remove.

When it got to the “doing it” part, it started throwing out this error…

/etc/rc.d/init.d/nfs: line 125: rm: command not found
/etc/init.d/functions: line 303: rm: command not found

/etc/rc.d/init.d/rpcidmapd: line 68: rm: command not found
/etc/rc.d/init.d/nfslock: line 29: uname: command not found

Well, what happened?

When I ran my “yum remove” line to remove the 25 or so packages, I included the -y flag, which assumes “yes” for everything. I scrolled up and it was removing some packages that required some of the packages that I was deleting. So, for instance, it was removing python. Nevermind that yum requires python. It was going. It was also removing coreutils, which is where uname and rm went. When I realized what it was doing, I aborted it.

My terminal is already fubar though.

scp still works, however, so I’m copying the /usr/ and the /lib/ and the /bin/ directories from another system with the same release and the same processor type, and I hope that when I do a “yum install” to replace all the packages that were removed that I’ll be back to normal in relatively no time. I don’t really feel like driving back down to the colocation again; it’s been twice already today.

Edit:
Nope, it’s broken. Off to the colo again. Don’t feel right about charging the client for my enthusiasm so it’ll be just me.

That’s because in the version of asterisk we have on our system, the Manager interface outputs the channel in upper case not lower case: SIP not sip. So we had it configured for “sip” and it wasn’t returning anything. I changed it to “SIP” and it’s working again, but a case-insensitive flag would help me