Make a diff!
If your Python environment seems to be buggy or broken after a recent Python upgrade, it probably is. To fix it, simply execute the following command on your Gentoo box:
# python-updater -v
(note that this process takes quite some time to complete)
Additionally, you might want to make Gentoo check the dependency tree and rebuild broken packages (related to Python or other packages):
# revdep-rebuild
P.S. This is more or less a repost of an earlier post about python-updater.
I’ve just posted a new ebuild for CakePHP 1.2.4.8284:
http://bugs.gentoo.org/show_bug.cgi?id=221299
It’s only a version bump, but once again, the naming format of the archive on the servers has changed, requiring a minor adjustment in the ebuild.
Problem description (In WP 2.8.3 and earlier, the admin password can be reset remotely without WordPress generating a new one, locking-out the admin):
[Full-disclosure] WordPress <= 2.8.3 Remote admin reset password
For a quick-fix, see:
http://core.trac.wordpress.org/changeset/11798
i.e., in wp-login.php, replace the line
if ( empty( $key )
with
if ( empty( $key ) || is_array( $key ) )
If your WordPress installation has been hacked already, here’s an emergency password reset script you can use to reset and regenerate your admin password.
A German explanation of the security bug and how to fix it can be found on heise online:
Lücke in WordPress ermöglicht Aussperren des Admins
[Update 20090812: Now that a security update is available, users are advised to update to WordPress 2.8.4]
A better alternative to the older, perl-based sslh for those who would like to use SSH and SSL on the same port (could be useful if you’re behind a restrictive firewall, e.g. at an Internet café):
http://www.rutschle.net/tech/sslh.shtml
It’s implemented in C for better performance and supports privilege dropping.
(via XTaran)
I used to have a headless Linux LAN server that ran 24/7, i.e. even when I actually didn’t use it. Now, it powers itself off automatically as soon as it doesn’t detect any running workstations/notebooks (with dynamically assigned IP addresses) in the LAN.
Here’s how to do it:
In /usr/local/bin, create a new bash script named “shutdown_if_no_dhcp_client_in_lan” with the following content:
#!/bin/sh
# Shutdown the box if there aren't any (not ignored)
# DHCP clients in the LAN
# ignore the skype base station
ignored_macaddr="aa:bb:cc:dd:ee:ff"
# dhcp range starts at 192.168.1.$dhcpstart
dhcpstart=32
# dhcp range ends at 192.168.1.$dhcpend
dhcpend=46
for i in $(seq $dhcpstart 1 $dhcpend)
do
# returns 0, if ip reachable. returns 1, if not reachable
ping -w 1 -q 192.168.1.$i >/dev/null
if [ "$?" = "0" ]; then
# check whether this ip should be ignored
if [ "`ip neighbor|grep 192.168.1.$i|grep $ignored_macaddr|wc -l`" = "1" ]; then
echo "192.168.1.$i is reachable but ignored"
else
echo "192.168.1.$i is reachable and NOT ignored"
# exit the program without shutting down the box
exit;
fi
else
echo "192.168.1.$i is NOT reachable"
fi
done
# we didn't find any (not ignored) DHCP client in the LAN
# we can thus shutdown this box
echo "warning the users and shutting down the box in 5 minutes"
shutdown -h -P +5 Please save your work now!
(Adjust the script to your LAN environment)
In /etc/crontabs, add:
*/20 * * * * root /usr/local/bin/shutdown_if_no_dhcp_client_in_lan >/dev/null 2>&1
Now the LAN server will shutdown automatically after a while when no workstations/notebooks are running anymore. Note that this can happen 5 to 25 minutes after the last activity and isn’t fault-tolerant at all. The script can easily be improved however.
As spam levels increased quite a bit lately, I made a Gentoo Ebuild for the iXhash SpamAssassin plugin by Bert Ungerer / Heise iX, Germany.
So far, it’s available on bugs.gentoo.org only. In order to install it, download
and put it in your local Portage Overlay.
YMMV, but it performs really well on my server (particularly for German spam which is difficult to catch without). Don’t forget to adjust the according penalty scores to your liking, though!
Finally, I’ve had to enable greylisting for this domain due to ever increasing levels of spam. Fortunately, setting it up is very easy. For Gentoo and Postfix, here’s a nice walkthrough:
postfix greylisting on gentoo (postgrey) | andreas d.’s.
Let’s hope that this, in conjunction with other anti-spam measures, will do it for a while.
Non-spammers shouldn’t experience any problems due to this change, but if you do, please contact me using Skype (mettlerd), phone or SMS.
Finally, I’ve created Gentoo ebuilds for Lx-Office ERP 2.6.0 beta 1 and its dependencies. Lx-Office is a fork of the server-based open source accounting solution SQL-Ledger and customized for the German market (and to some extent, the Swiss and Austrian markets).
A screenshot of Lx-Office ERP 2.6.0 beta 1 showing the XUL menu:
And here’s a flash video of Lx-Office ERP 2.6.0 beta 1 showing the XUL menu in action.
Lx-System (the company backing Lx-Office ERP) and LINET Services host a public demo of Lx-Office ERP 2.4.3 (user: demo, password: demo).
To install Lx-Office ERP 2.6.0 beta 1 on Gentoo, follow these steps:
1) Set up a local portage overlay (e.g. at /usr/local/portage), if you haven’t done so already.
# mkdir -p /usr/local/portage
In /etc/make.conf, set
PORTDIR_OVERLAY=/usr/local/portage
2) Download lx-office-erp-2.6.0_beta_p1-r1_plus_dependencies.tgz and extract it to your local portage overlay
# cd /usr/local/portage
# tar xzvf lx-office-erp-2.6.0_beta_p1-r1_plus_dependencies.tgz
3) In /etc/portage/package.keywords, add the line
www-apps/lx-office-erp ~amd64
(or ‘www-apps/lx-office-erp ~x86‘, depending on the architecture of your machine)
4) In /etc/portage/package.use, add the line
www-apps/lx-office-erp vhosts
5) Install Lx-Office ERP on your system by executing
# emerge -av lx-office-erp
Depending on your current portage settings and installed ebuilds, you may need to unmask additional ebuilds.
6) Use webapp-config to link your Lx-Office ERP installation to a specific host, e.g. by executing
# webapp-config -I -h localhost -d lx-erp lx-office-erp 2.6.0_beta_p1-r1
7) Follow the steps displayed on the screen to setup and configure Lx-Office ERP. Some of these steps might be automated in a later release of the ebuild.
8) Have fun using Lx-Office ERP on Gentoo! :)
(These ebuilds are sponsored by my company Printscreen GmbH, dedicated to the developers of Lx-Office ERP and Gentoo and released for free use under the terms and conditions of the GNU GPLv2 license.)
With the introduction of the TLS SNI extension (transport layer security server name indication), name-based virtual hosts (i.e. virtual hosts sharing the same IP address) can now use distinct SSL certificates.
Here’s how to configure TLS SNI on Gentoo, using Apache:
1) DON’T try to set up TLS SNI using mod_gnutls. When I tried it on January 30, 2009, mod_gnutls still seemed to be too experimental and unstable for reliable TLS SNI (I observed some non-deterministic behaviour).
2) It does work fine though with a reasonably current version of OpenSSL and a patched Apache mod_ssl. And here, Gentoo shines once again: With Gentoo, you don’t need to manually patch Apache or OpenSSL! All you have to do is add the “sni” use flag to Apache in /etc/portage/package.use:
www-servers/apache sni
and remerge Apache (’emerge -auDNv apache’).
Note that Gentoo’s OpenSSL is already SNI-enabled by default (since openssl-0.9.8g-r2.ebuild) – remerge/update OpenSSL if required.
The configuration of SNI-enabled name-based virtual hosts in Apache is transparent, i.e. works the same way as for SSL-enabled, non-SNI name-based virtual hosts (of course you’ll want to use different certificates for every virtual host and specify them, as explained on Kaspar Brand’s TLS SNI test site).
Have fun!
I’ve just found and installed the following add-on for Mozilla Thunderbird:
S/MIME Security for Multiple Identities
It allows you to use a different S/MIME certificate for each of the different identities (i.e. “e-mail address aliases” or “profile aliases”) you defined in your Thunderbird profile.
It’s currently still marked as an experimental add-on and I’ve noticed a minor glitch in v0.3.0 when using it (see my add-on review), but this might also be related to the fact that I also use the Virtual Identity add-on (another nice add-on which allows you to use an arbitrary sender address for sending messages).
The “S/MIME Security for Multiple Identities” add-on is very convenient if you have multiple e-mail accounts and want to use S/MIME message signing and/or encryption with all of them.
Bonus hint: You can get your own, personal S/MIME certificates for free at Thawte (for e-Mail only) or StartCom/StartSSL (also offers free class 1 SSL/TLS certificates for FTP servers, web servers etc. -> the latter don’t “work” with Internet Explorer, however).