Debian Server Upgrade Warning: libapache2-mod-php5

Somewhere between Debian “Lenny” and Debian “Squeeze” (current), the libapache2-mod-php5 package has changed slightly.

If have your web content in /home/ (for example, /home/web/SITENAME/), then PHP will be suddenly turned off – and there aren’t any clues in the logs why.

The reason for this is the following configuration:

/etc/apache2/mods-available/php5.conf
# To re-enable php in user directories comment the following lines
# (from <IfModule ...> to .) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
<IfModule mod_userdir.c>
<Directory /home/*/public_html>
php_admin_value engine Off
</Directory>
</IfModule>

You’ll have to comment out those lines (… just like the configuration comment says).

Ouch.

S/MIME Login

I’m surprised that noone has written a plugin or produced any documentation about requiring/using a S/MIME certificate in order to login to WordPress, or for use with OpenID.

There are lots of items around on how to force Admin logins to use HTTPS – but nothing I’ve seen so far about using client SSL certificates.

Reverse DNS for IPv6 PTR Ranges

One of the (many) challenges facing those who are looking at deploying IPv6 is Reverse DNS (PTR records).

Under IPv4, a single DNS Zone for PTR records might be at most 300 lines long.

With IPv6, a single DNS Zone for PTR records for a single subnet would have 2^16 (18,446,744,073,709,551,615) entries.

Therefore, under IPv4, it was common to pre-populate the PTR records. Under IPv6, that gets prohibitive.

So, what is the solution?

The solution I first came across is by Kazunori Fujiwara, who has written a DNS server in Perl specifically for this task. The server basically does some simple pattern matching to convert PTR and AAAA records.

Query 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa
Response 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa IN PTR 20010db8000000000000000000000001.user.example.jp.
Query 20010db8000000000000000000000001.user.example.jp
Response 20010db8000000000000000000000001.user.example.jp. IN AAAA 2001:db8::1

This means pre-population of zones is not required – the entries are generated on the fly. The downside to this is an extra name-server daemon needs to be run.

Kazunori Fujiwara’s server can be found here: http://member.wide.ad.jp/~fujiwara/v6rev.html. Some small customisation may be required to match the requirements at your site.

Another solution I have found is implemented a similar way, however using PowerDNS’s “pipe” backend to generate the data on the fly, much like the previous example. I haven’t tried this myself, as I do not use PowerDNS, but more information can be found here: http://hyse.org/v6rev/.

Using nagios to verify firewall

Here’s a suggestion – use Nagios to validate/verify your firewall rules.

You can use “check_tcp“/”check_udp” to check that a port is open, and pair either of those commands up with “negate” to make sure the firewall is blocking traffic.

This could be combined with firewall ruleset tools, to ensure what you *think* is blocked, is.

Another tip: If you’re going to do this, make sure your nagios check_interval is something pretty high.

Views on Email Etiquette

Subject Lines

Keep them relevant, do not be afraid to change them if the discussion changes course – especially if you want to involve other people.

Top Post vs Inline

If the discussion is using inline posting,keep using inline, but if everyone is top-posting, then keep top posting. Do not switch an email discussion between inline and top posting, even if you have your own views on which style to use. Personally, I dislike top-posting, but it is more harmful for everyone to suddenly start replying inline in a long top-posted discussion.

HTML: Colours, Fonts, Italics, Bold

Bad. Don’t do it. It makes the emails hard to read (especially inline colours), and does not always turn out on all email clients. Do not assume everyone is using the same email client as you.

When to Forward, what to forward and to where

Does everyone in the department, and everyone you’ve ever had coffee with need to receive that forward? If it affects a whole team, maybe use the team’s email list address. If it is a request or FYI, maybe there is a more appropriate place – such as an issue tracking system, a news page, or a heading in a regular bulletin.

Keep it Simple (Summarise!)

No one likes to have to spend an hour reading a long history before they even understand what the topic is about. Please post a summary – especially when involving a new person in the discussion. They can refer to the long history if they need to, but let them get involved quickly by providing a relevant summary, hopefully including why they are now involved.

 

Ebook price comparison from Amazon

Out of interest, I’ve been comparing the costs of Ebooks from Amazon with the paperback and hardcover costs – before now, I would have thought that the price difference was greater, but oftentimes the ebook is just cheaper than the hardcover, but more expensive than the paperback edition. Of course, this does not take delivery/freight/etc into consideration.

Continue reading “Ebook price comparison from Amazon” »

Amazon Kindle needs a “now reading” section

If the reviews are anything to go by, the new Kindle software (2.2) was a vast improvement on the older versions, but the “Collections” feature doesn’t yet go far enough.

Unfortunately, none of the E-book software I’ve used (such as Calibre) supports mangling the Collections database on the Kindle, and it seems there are technical reasons that make this difficult to do.

Manually updating books and putting them into Collections on the Kindle is a slow process, that can take a long time.

The Kobo application has a “I’m Reading” page, showing the books I’m currently in the middle of. This is great for me, as it is difficult searching through all the books I have loaded on the Kindle to find what I’m currently in the middle of – I currently have to use the Kindle’s search feature in order to find the book I’m currently reading, which is a pain.

Amazon Recommendations

The Amazon website continues to amaze me – it becomes almost a battle every time I visit the web site not to spend money.

Unfortunately, there is a small problem in their “Recommendations” algorithm – it does not take into account if the book is available. There have been a number of recommended books, such as Lewis Carroll: Through the Looking-Glass that are not available in Australia, but keep coming up in the recommendations.

Amazon: Please, remove unavailable books from the recommendations view, and make books such as “Through the Looking Glass” available… please?

Enetica Support Glue IPv6 : no.

I was interested in if Enetica was able to support IPv6 glue records on domain name registration – a fair few domain name registrars do now, however you need to jump through hoops to make it happen.

I decided to ask the registrar we use for work if they supported IPv6 glue records, and if not currently when they may be supporting them.

Question: Does Enetica support IPv6 Glue records, and if not currently, when does Enetica believe they will be supported?

The following was Enetica’s response (2010-May-29):

Hi, 

We do not currently support IPv6 Glue records and do not currently have this planned

I hope this helps