Extra Pepperoni

To content | To menu | To search

open source

Entries feed - Comments feed

Tuesday, October 19 2010

BIND: Beware forwarders with subdomains

Yesterday I set up a subdomain for an Isilon cluster -- they use the subdomain to handle load balancing across nodes. We were all surprised to discover that the forwarders option in named.conf) prevents subdomain delegation -- thensrecord for the subdomain was completely ignored. Once I removed theforwarders` clause, the subdomain worked.

Normally, forwarders in the options block of named.conf is handy -- it informs named of local resolvers, so named can get answers from a nearby/fast resolver, rather than going all the way up to the international root servers and working its way back down.

Thursday, December 18 2008

Google's 404 Service: Apache httpd Recipe

I just registered EP and my home site with Google Webmaster Tools, and discovered they offer a 404 (page not found) service for replacing your existing not-found page with Google links which should include useful suggestions from your site. At the moment I just get a search box with the non-existent page name pre-filled, which is still a useful improvement.

I had the default Apache 404, and it's fine but it's not particularly useful or friendly, so I set up the Google alternative. Somewhat to my surprise, Google doesn't offer Apache httpd instructions for actually creating the 404 page, so here's my 3-step recipe for httpd 2.2.

1) Create a new page.

Mine is /var/www/error/404-google.html, accessible directly at http://www.reppep.com/error/404-google.html.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    <title>404: Page Not Found</title>

<script type="text/javascript">
  var GOOG_FIXURL_LANG = 'en';
  var GOOG_FIXURL_SITE = 'http://www.reppep.com/';
<script type="text/javascript" 


2) Enable the Google 404 in httpd.conf.

ErrorDocument 404 /error/404-google.html

If you already have a custom 404 defined, disable it.

3) Reload the server configuration.

[root@inspector ~]# apachectl graceful

Sunday, November 9 2008

yum Killed Email, Again!

I ran "yum update" before bed last night to update my CentOS (RHEL) 5.2 system. Unfortunately, I didn't notice that email stopped flowing. Cyrus IMAPd was running, but no new mail was coming in. postfix was accepting mail, but new mail wasn't reaching Cyrus. Melissa let me know that mail wasn't working, and I discovered that again, the update had broken amavisd-new.

yum & rpm don't coexist well with cpan, and cpan itself has lots of trouble with Compress::Zlib. After a bunch of poking around, I eventually got cpan to reinstall (or just properly recognize?) Compress::Zlib, and got amavisd-new restarted; then postfix delivered the outstanding mail.

The whole cpan dance was prolonged and complicated by long cpan timeouts attempting to contact FTP mirrors -- presumably due to firewall restrictions that I never noticed because I avoid FTP. After a bunch of futzing with "o conf urrllist", I expunged the FTP mirrors and replaced them with HTTP mirrors; I was then eventually able to reinstall the necessary modules.

Thursday, September 4 2008

Open Source Is Beautiful: code_swarm

I never took that quite so literally as Michael Ogawa. Watch Apache httpd around December 2000 for my favorite bit.

Wednesday, August 27 2008

Firefox 3: Restoring http://www. .com URL expansion behavior

Firefox 3 defaults to searching words entered in the URL area. This makes sense, as the Mozilla Foundation makes a bit of money every time they send a search to Google.

I don't like this behavior, as there's a perfectly good Google box to the right. If I type in google/calendar, I want http://www.google.com/calendar/, not Google's search results for "google calendar". After some searching, I found out how to disabling this feature, but it wasn't in the first 10 things I found. So here's a breadcrumb for the next person who prefers to partial URL canonicalization rather than using Google as a keyword finder (shades of AOL!).


Also, on the subject of Firefox 3.0.1, here's the list of keyboard shortcuts, which appears to auto-customize to the browser's reported OS.

And my first Firefox 3 bug: I was unable to cycle to the left of the left-most tab with Command-Shift-[; after I had cycled past the right-most tab, I was suddenly able to go past the left edge. Bizarre.

Wednesday, August 20 2008

MySQL Initial Setup Crib Sheet (RHEL5)

Update 2008/08/22: There's actually a simpler command to create the database, once MySQL is secured and the account exists:

mysqladmin create newdatabase -u existinguser -p.

To test Movable Type, I needed a new MySQL installation on a CentOS 5.2 (equivalent to Red Hat Enterprise Linux 5.2) system. Here's a crib sheet with the steps I took to set up a new MySQL installation.

Get and Start the Software

  • yum install perl-DBD-MySQL mysql-server # Install MySQL server and the DBD perl module that Movable Type needs to talk to it.
  • service mysqld start # Start mysqld (the MySQL 'daemon', or server).
  • chkconfig mysqld on # Set mysqld to run at boot in future.

Secure MySQL

MySQL uses internal accounts which are totally separate from UNIX accounts. My MySQL installation came with 3 distinct root accounts (without passwords); a RHEL4 system configured MySQL with a pair of anonymous accounts! The MySQL RPM suggests securing the default accounts with mysqladmin, but the website points out that mysqladmin doesn't get all the accounts. Fortunately MySQL offers instructions on how to secure the initial accounts manually.

mysql> select host, user from mysql.user;
| host           | user |
|      | root | 
| localhost      | root | 
| mmm.reppep.com | root | 
3 rows in set (0.00 sec)

In WordPress, each blog has its own account and database (that's how I configure them, anyway). In Movable Type, a single account & database will be used for my whole Movable Type installation, which makes administration simpler.

  • Secure both root accounts by setting strong passwords.
  • Delete both anonymous accounts.
  • Create a new account for the blog.

To make sure I really did configure a required password for root, I logged out of MySQL and then tried to login without a password (which is how got in initially). This failed, telling me I had successfully disabled passwordless root access. Then I logged in as root with a password, to continue setting up MySQL tables. Note that I never supply passwords on the command line, because that's insecure. Instead I supply the password when prompted by the mysql command, which keeps it out of command history and ps output.

  • mysql -u root # Log into MySQL, which doesn't yet have a root password.
  • Delete the non-localhost root account.
  • Set passwords for root@ & root@localhost.
  • Log out of mysql:
[root@mmm ~]# mysql -u root
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.0.45 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> drop user 'root'@'mmm.reppep.com';
Query OK, 0 rows affected (0.00 sec)

mysql> set password for root@ = password('unencryptedpassword');
Query OK, 0 rows affected (0.00 sec)

mysql> set password for root@localhost = password('unencryptedpassword');
Query OK, 0 rows affected (0.00 sec)
mysql> exit;
[root@mmm ~]# mysql -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@mmm ~]# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.0.45 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> exit;
[root@mmm ~]# 

Create a MySQL Database & Account for Movable Type

mysql> create database movabletype;
Query OK, 1 row affected (0.01 sec)

mysql> grant all on movabletype.* to movabletype@ identified by 'unencryptedpassword';
Query OK, 0 rows affected (0.00 sec)


I'm not covering MySQL backups here, but I use http://sourceforge.net/projects/automysqlbackup/.


  • use movabletype;
  • create user dotclear@localhost identified by '****';
  • grant all privileges on dotclear.* to dotclear@localhost;
  • show databases;

Monday, August 18 2008

Red Hat Kickstart without DHCP

Red Hat Kickstart is the right way to install RHEL, but Red Hat's Linux documentation assumes the host can boot via DHCP. If DHCP (or bootp) isn't available, there are some obscure options to provide the network configuration on the linux command line (at the boot: prompt). These options are ip, netmask, gateway, and dns, as in:

linux ks= ip= netmask= gateway= dns=

I found several pages of kickstart docs which are missing these options, but they are listed on http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-startinginstall.html.

Tuesday, March 18 2008

kate Is Not Bad

I got Exceed, and after reassigning my left modifiers to X instead of Windows, kate is quite reasonable. It uses kompare for graphical diff, and comes with some CVS plugins. I prefer BBEdit's diff display (although BBEdit's diff has been broken for years). I'm not sure how I managed to view a couple windows in xemacs from kompare, but I can probably avoid that in the future...

kate is clunkier and less featureful, and not as configurable as I expect -- the commands I want to assign to the toolbar, for instance, are not available in that context. On the other hand, BBEdit doesn't use a toolbar at all, and rearranging menus is only supported in limited ways, so I'm not convinced kate is inferior here -- it may just feel like that to me as a BBEdit user. Hopefully Subversion support is available for kate, but that doesn't actually matter to me right now.

I need to get Copy & Paste working between Windows (including PuTTY) and Exceed; hopefully this will be straighforward, but it doesn't just work.

Per IDM, UltraEdit cannot be installed without admin rights, which I do not expect to get, so that's out -- at least until they offer an alternate installer.

kate icons are a bit fuzzy, but they fit the Linux aesthetic, and the fonts are very nice.

Thursday, November 23 2006

Optional Sidebars with Apache SSI

I'm writing online documentation for a site that has substantial left-side nav in a sidebar: http://www.xowave.com/. We want to be able to hide the sidebar, perhaps to build a smaller tarball of the docs, or to make more room for large images on smaller screens, or to save space on crowded pages.

Bjorn (the developer) made the sidebar conditional a few days ago, and I just enhanced it this morning to provide a user-accessible knob (in footer.incl , so on available on every normal page) to flip it on and off. Additionally, with "wget --user-agent=printme", we can whack the whole site without nav. I don't actually want to do this, but it's a nice feature.

I actually tested with something like "curl --user-agent printme URL | grep -i agent", using the URL of a special test.shtml page that basically just contained <!--#printenv -->. It was very handy for figuring out what the server thought of my requests.

footer.incl contains this snippet:

<!--#if expr="$QUERY_STRING = printme" -->
    <a href="<!--#echo var="SCRIPT_URI" -->">Restore navigation sidebar</a>
<!--#else -->
    <a href="<!--#echo var="SCRIPT_URI" -->?printme">Hide navigation sidebar</a>
<!--#endif -->

And head.incl wraps the sidebar code in:

<!--#if expr="$sidebar = hidden || $QUERY_STRING = printme || $HTTP_USER_AGENT = printme"-->

Friday, August 25 2006

bash: Clearing History

The excellent bash shell keeps a history of recently executed command lines and lets users cycle through them with up/down arrow, edit commands, and re-execute past commands.

Every once in a while, I make a mistake and type a password at a bash prompt -- today it happened because I had a remote session waiting for a password, which timed out, so I typed my password at the "Password:" prompt, but my workstation noticed the connection was down and dropped me into bash, which failed to execute my password (because it's of course not a valid command), and helpfully cached it on disk for future shells to take advantage of.

The quick fix is "history -c", to flush the whole history (and Command-K in Terminal or whatever's necessary in a different terminal program to clear the screen and scroll-back buffer).

A less drastic step is to use "history | tail" to find the line number of the bad command, and "history -d 503" (or whatever the appropriate line number is) to clear just the bad line, preserving the rest of the history. Further details are available with "man bash".