Tag Archives: Technology

IPv6 bei Strato mit Debian “Jessie”

Nach dem Upgrade eines meiner Server bei Strato auf Debian “Jessie” funktionierte auf einmal das Routing von IPv6 nicht mehr. Schuld ist wohl, dass Strato den Eintrag fe80::1 als Default-Route verwendet, was unter Jessie anscheinend nicht mehr so einfach möglich ist. Funktionieren tut es bei mir jetzt wieder mit diesem Eintrag in /etc/network/interfaces:

iface eth0 inet6 static
    pre-up modprobe ipv6
    address 2a01:238:429c:2900:dead:beef:2bad:4dad
    netmask 128
    gateway fe80::1
    post-up ip -6 route add default via fe80::1 dev eth0

Wichtig ist dabei die letzte Zeile. Sie weist das Betriebssystem an, das Default-Gateway über das Interface eth0 anzusprechen und nicht – wie es das normalerweise tun würde – über lo.

Finally: A Fix for Python 2.7 Aborts on Import of ctypes

This has been bugging me for quite some time now: Every time I tried to import the ctypes module into Python 2.7, all I would get was the famous “Aborted” message. With some time to spare I could trace the problem down to the file closures.c of the libffi submodule. Most likely due to a compiler/optimization bug in older versions of gcc a double-free is happening there in line 151.
Since the surrounding function only checks for the presence of SELinux on the host and since the box I need to run Python 2.7 on doesn’t have SELinux installed, I opted for simply removing the whole thing:

--- a/Modules/_ctypes/libffi/src/closures.c 2012-04-10 01:07:33.000000000 +0200
+++ b/Modules/_ctpyes/libffi/src/closures.c 2012-06-20 17:35:40.277850045 +0200
@@ -119,52 +119,7 @@
 #define LACKS_SYS_MMAN_H 1
 
 #if FFI_MMAP_EXEC_SELINUX
-#include <sys/statfs.h>
-#include <stdlib.h>
-
-static int selinux_enabled = -1;
-
-static int
-selinux_enabled_check (void)
-{
-  struct statfs sfs;
-  FILE *f;
-  char *buf = NULL;
-  size_t len = 0;
-
-  if (statfs ("/selinux", &sfs) >= 0
-      && (unsigned int) sfs.f_type == 0xf97cff8cU)
-    return 1;
-  f = fopen ("/proc/mounts", "r");
-  if (f == NULL)
-    return 0;
-  while (getline (&buf, &len, f) >= 0)
-    {
-      char *p = strchr (buf, ' ');
-      if (p == NULL)
-        break;
-      p = strchr (p + 1, ' ');
-      if (p == NULL)
-        break;
-      if (strncmp (p + 1, "selinuxfs ", 10) != 0)
-        {
-          free (buf);
-          fclose (f);
-          return 1;
-        }
-    }
-  free (buf);
-  fclose (f);
-  return 0;
-}
-
-#define is_selinux_enabled() (selinux_enabled >= 0 ? selinux_enabled \
-                 : (selinux_enabled = selinux_enabled_check ()))
-
-#else
-
 #define is_selinux_enabled() 0
-
 #endif /* !FFI_MMAP_EXEC_SELINUX */
 
 #elif defined (__CYGWIN__)

Compile, install – works. Now on to some other stuff that needs Python 2.7 to run properly ;)

Astaro ASG as OpenVPN Access Server client

Just about four weeks ago I posted about the resurrection of the .ovpn to .apc converter script. In the meantime Alois told me in the comments that while this was nice it didn’t work for current versions of the OpenVPN Access Server and the .ovpn files it creates.

Well, since there’s been nothing much else to do I did some more work on the script and I can now happily say that it now also converts the new .ovpn format to an .apc the Astaro can understand. Unfortunately, there’s a little catch: the OpenVPN Access Server relies on ‘tls-auth’ for client connections and the Astaro neither knows of that concept not provides a method to import the needed key file. So I had to do some creative manipulation to make the Astaro do my bidding to include the necessary config statements. In addition, you will need to manually copy the key file to the Astaro to make everything work as expected. To make things as easy as possible, the script will tell you what to do.

If you’re interested, check out the latest version of ovpn-to-apc.sh on Gitorious. If it works for you, let me know. If it doesn’t, let me know, too.

.ovpn to .apc Converter Revisited

The Astaro Security Gateway (ASG) is a great firewall and remote access solution. The only flaw of it being that Astaro, too, tries to build a walled garden around their suite of products. One major drawback here is that while the ASG has outstanding capabilities as a remote access server, there’s no easy way to use it as a client to connect to an OpenVPN SSL server. The main show stopper is that the ASG expects to get all it’s connection information from a .apc file while OpenVPN at best provides a .ovpn file which has a completely different structure.
Back in 2009 Patrick Schneider provided a simple bash script that would convert .ovpn files together with the needed certificates and key files into a .apc file the ASG could read. Unfortunately the script stopped working with newer ASG releases. Since I needed the functionality for a current project, I resurrected the code, polished and updated it a bit. The result can now be found on Gitorious: the new OVPN-to-APC converter script. Feel free to clone and enhance.

Update: Just pushed a new version to Gitorious that now handles the new .ovpn format provided by the OpenVPN Access Server as well.

Nginx + Dokuwiki and nice URLs

After almost tearing my hair out while trying to get those two to fully work together, I found the solution in the end. While most of the things that can be read here and there are right and true, all solutions I found one the web have one problem: After activating nice URLs in Dokuwiki, you won’t be able to use ACLs anymore with Nginx as the web front end.
The solution is quite simple, there’s an additional global rewrite needed:

rewrite ^/?$ /doku.php last;

The reason being that if you rely on “try_files” doing the right thing, it will do what you want for normal pages. But it will trigger a 302 redirect for admin pages, thereby losing all the POST data that should have been sent. Using the rewrite will keep the POST data and thus make the ACLs editing work again, even with pretty URLs.

Best Summing-up of Google’s new Search App for iPad

Yep its great and now they can move on to a decent Google+ app for iPad.
–Carlos Rodrigues

[ More ]

The Day The Routers Died

Can’t believe I missed that.

I especially like the part about “those who stay silent”.

Connect a Mac to a Minolta 2490MF

This isn’t a very common problem but since the solution is simple, it may come in handy. Konica-Minolta is one of the rare companies that doesn’t provide Mac drivers for at least some of their printers. Luckily enough not all of their printers are manufactured by Konica-Minolta either. So to print on a MagiColor 2490MF simply install the printer drivers for the Xerox 6115MFP. Works great via both, USB and network connection.

Neuer Rekord für “Skype for Mac (beta)”

Gerade eben hat die neue Skype for Mac (beta) einen neuen Rekord in der Kategorie “kürzeste Verweildauer auf meinem Mac” aufgestellt. Installieren, Starten, Gruseln, Runterschmeissen – das war alles in weniger als 60 Sekunden durch. Die neue “Schaltzentrale” ist für mich total unbrauchbar. Skype for Mac beta - Main Screen
Es interessiert mich nicht, wann ich zuletzt mit wem aus meiner Kontaktliste gechattet habe – was übrigens neben “ich schick’ mal schnell die Datei” meine Hauptanwendung von Skype ist -, aber ich muss alle meine wichtigen Kontakte im Schnellzugriff haben. Naja. Die alte 2.8.0.863 wird ja hoffentlich noch ‘ne Weile funktionieren.

P.S.: Ich bin da nicht allein

Move it, move it (a.k.a. “Screw it up the IBM way”)

I work with web sites for a living. I give them a place to live, I trash them when they’re no longer needed and I also move them. And believe me, moving a site is the trickiest of the jobs. But in all of my professional life, I’ve never ever seen a blunder like this (output shortened for brevity):

crow:~$ dig developer.lotus.com
; < <>> DiG 9.6.0-APPLE-P2 < <>> developer.lotus.com
;; QUESTION SECTION:
;developer.lotus.com.		IN	A

;; ANSWER SECTION:
developer.lotus.com.	127	IN	CNAME	192.147.106.27.
192.147.106.27.		0	IN	A	67.215.65.132

Really. Did they outsource the last thinking person in their networking department? Ok, maybe they fixed it and the change just hasn’t trickled down. So let’s try a different approach (again, shortened:)

Continue reading

Resolved: “ld: fatal: file values-Xa.o: open failed: No such file or directory” when compiling on (Open)Solaris

Ah well. Compiling software on Solaris could be really easy if it weren’t for the small problems all the time. Today I was faced with

ld: fatal: file values-Xa.o: open failed: No such file or directory

when trying to compile Subversion 1.6.5 on OpenSolaris.

Solution:

pkg install SUNWarc

{openx:6}

Host your SVN repositories on your ReadyNAS

I just finished creating two Addons for the ReadyNAS Duo, NV, NV+, 1100 and X6 that allow you to host SVN repositories. The first obviously is Subversion itself. This addon includes all the subversion command line tools and also adds support for accessing the repositories on your ReadyNAS through the browser interface.

{openx:6}
The second addon is WebSVN. In addition to browsing the repositories in a much nicer interface than SVN itself provides, this modified version also allows the creation of new repositories for authenticated users. To use WebSVN, PHP support has to be installed on the ReadyNAS which can be achieved by using the PHP_1.1.bin from Readynas.com.

As always: Works for me, ymmv. If these addons break your ReadyNAS you own the parts.

Ah, and before you ask: Yes, versions for the Intel based ReadyNAS products are to come shortly. Don’t hold your breath, though.

{openx:6}

How to build cheap cloud storage

backblaze-cheap-cloud-server-storage

At Backblaze, we provide unlimited storage to our customers for only $5 per month, so we had to figure out how to store hundreds of petabytes of customer data in a reliable, scalable way—and keep our costs low. After looking at several overpriced commercial solutions, we decided to build our own custom Backblaze Storage Pods: 67 terabyte 4U servers for $7,867. In this post, we’ll share how to make one of these storage pods, and you’re welcome to use this design.

Wow. If I had the money to spare, I’d definitely go and try to build one myself.

[ More » ]

{openx:6}

Cloudy Buzzword Compliance

Jeff Caruso over at Network World wrote a nice piece about buzzword driven product marketing for networking hardware:

Network equipment vendors are getting a little buzzword-crazy when it comes to one of the biggest buzzwords today – “cloud computing” – and suddenly all of their switches and routers have “cloud” capabilities. Give me a break.

{openx:6}

[ Full Story » ]

10 questions to ask before migrating to Linux

If you’re thinking about making the switch to Linux, Jack Wallen is all for it — but only if you approach the migration with your eyes open. He recommends that you evaluate a number of key issues before taking this big step.

Continue reading

The EVA 9150 has landed

eva9150_photoweb_lowresToday seems to be toy day. Right after the Tamron another parcel service delivered the EVA 9150 (aka Digital Entertainer Elite). Since I already own the EVA 8000 with which I’m quite happy, I’m very interested in the improvements the EVA 9150 will have.

Continue reading

How To Convert Any Video File Format Under Linux

This video tutorial will explain how to losslessly convert any video file format, including quicktime .mov, flash .flv files, open source .ogv, .mp4, .wmv, .asf and more. I show you how to install ffmpeg, check the formats and codecs available to you, convert a file to a new format (windows media and .asf in this example) without any loss in quality during the decoding and encoding process, and create and run a script file that will enable you to run a batch conversion on any number of files at the same time.

Continue reading