Monthly Archives: January 2007

squid 2.6 transparent proxy

In case you used squid 2.5 to create a transparent proxy and you decided to switch to 2.6 or this is the first time you try to set up a transparent proxy and most/all of the tutorials out there are for squid 2.5 here is a brief howto for this setup.

In squid 2.6 the configuration options:
httpd_accel_host
httpd_accel_port
httpd_accel_with_proxy
httpd_accel_uses_host_header
are not defined anymore ( see squid 2.6 release notes ), so if you are using them in your config file squid will give you an error like "parseConfigFile: line 41 unrecognized: 'httpd_accel_host virtual'" and will refuse to start.

To activate transparent proxy in squid 2.6 all you have to do is use the "tranparent" option on http_port. Something like:

http_port 3128 transparent

Of course squid has to be compiled with transparent proxy support for netfilter (iptables) by adding --enable-linux-netfilter to the ./configure line, the linux kernel needs to be compiled with netfilter and you will also need a rule in iptables that will redirect packets from your local network interface with a destination port 80 to the port squid is listening on.

Assuming your local network interface is eth1 and squid listens on port 3128 here is the rule that has to be added to iptables:

iptables -A PREROUTING -i "eth1" -p tcp –dport 80 -j REDIRECT –to-port 3128

Email folders and message filters in thunderbird

I really love using folders on my imap account. This is ( I think ) one of the main reasons why I don't use gmail, labels are just not as good as folders.

I have tens of folders and message filters for each folder, I'm subscribed to various email lists from the freebsd project, Linux kernel, gentoo, postfix, qmail and some others and I use thunderbird with filters to put messages from each list in it's own folder. When you go in thunderbird to set a new filter and you want to move messages that match a certain criteria in some folder, you get a list of all folders in all thunderbird accounts. This is really a pain if you have more then one email account set up and in each account you have 20-30 or more folders.

My folders are well structured so I have just a few top level folders and then each has subfolders. In thunderbird 1.0.x you would get a list of top level folders that you could expand or colapse as you wanted, that was great but now in 1.5 when you
want to find a folder you see the whole list of folders in all accounts with every folder expanded and you can't colapse them. This is really annoing. I wonder why they changed the original behavior.

drbd 8.0 released

DRBD ( Distributed Replicating Block device ) is a Linux block device that is designed to mirror a whole block device over a network link. Today the team developing DRBD released version 8.0

Among many bug fixes and improvements in the new version we find support for primary/primary ( two way synchronization ) for distributed file systems such as OCFS2 and GFS, optional peer authentication with a shared secret and improved tunable after-split-brain recovery strategies.

Continue reading

phpPgAdmin 4.1 released

Yesterday the phpPgAdmin Team announced a new major release of phpPgAdmin. Version 4.1 adds many new features, bug fixes and updated translations over the previous version.

Download

To download right now, visit:
http://phppgadmin.sourceforge.net/?page=download

Demo

To give the fully-functional demo a try, visit:

http://phppgadmin.kattare.com/phppgadmin4/

Continue reading

first freebsd 6.2 bugs found

Just one day after the release and we have the first bugs that show up in the FreeBSD errata.

bug #1 Some isolated crashes were reported for arcmsr, the driver for Areca ARC-11xx and ARC-12xx series of SATA II RAID controllers. This problem is still being investigated. Users that have problems are advised to consider backing out the driver update or installing a version of this driver directly from Areca

bug #2 is a kernel bug related to Unix domain sockets. A patch for this problem has been committed to HEAD and RELENG_6, and is a candidate for an errata patch to RELENG_6_2 after further testing.

bug #3 was observer on systems with heavy network activity. the problem seems to be with the kernel memory allocator. A partial workaround for this problem is to add the following line to /boot/loader.conf and reboot:

kern.ipc.nmbclusters="0"

More details about the bugs in this release on Errata

TLS for HTTP

On my previous post about wildcard ssl I was complaining that you have to use a different ip for each domain that needs ssl/https and I wondered why there is no TLS feature like there is in SMTPS where you have STARTTLS. Well it seems I was wrong. There is such a feature, actually there are two different features one is described in RFC2817 and the other in RFC3546. Rfc 2817 specifies how a plain text connection can be "upgraded" to a secured connection over SSL:

This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443). It also enables "virtual hosting", so a single HTTP + TLS server can disambiguate traffic intended for several hostnames at a single IP address

RFC 3546 various extensions to TLS and one of them is an extension for server name indication . This extension will allow a client to tell the server which domain is contacting.
That's just great, but there's one problem. Not only that few web server software implement any of the two rfcs but also few web browsers support them.

Apache implements rfc 2817 in mod_ssl since version 2.1 and mod_gnutls implements the server name indication extension in TLS described in rfc 3546.
It seems that IE7 has support for RFC 3546 and firefox may have support for rfc 2817.

drupal.org is more popular then youtube.com

Someone on the drupal site thought it was great news or at least worth mentioning that drupal.org is more popular then youtube.com. Actually the google page rank for drupal.org is 9 and youtube.com's page rank is just 8. Does this mean that drupal is more popular then youtube? I like drupal, don't get me wrong, but have you looked at some traffic stats lately? Why even compare? The sites and projects are totally different, it's like comparing Microsoft Windows to cars :)

FreeBSD 6.2 RELEASE

FreeBSD 6.2 was released today at 00:29:19 -0500 :)

The release brings a lot of bug fixes and new features like official support for binary updates with freebsd-update, ipfw packet tagging, linux emulation support for sysfs, kde 3.5.4, gnome 2.16.1, bind 9.3.3 . Check out the complete list of new features and bug fixes in freebsd 6.2 for more.

easy way to create a random password

Sometimes you just need a quick way to create a random password without installing special random password generators.

Here is an easy way to create a random password using standard tools that are available on most of the unix flavours:

head -c 10 /dev/random | base64

or if you don't have the base64 program but you have uuencode

head -c 10 /dev/random | uuencode -m -

This will create a password based on a 10 bytes long random sequence.

If you want longer or shorter passwords just replace "-c 10" with "-c x", where x is the number of random bytes you want to use.