Archive for the 'Services' Category

New Certificates for 2010

Sunday, February 7th, 2010

As promised, I finally made new certificates for all TLS and SSL-enabled services. The new certs were pushed into production for HTTPS, SMTP STARTTLS and IMAPS this afternoon, and (so far) they seem to be working fine.

As usual, my recommendation is to set-up the CA certificate as a trusted authority in your web browser and/or email client, and you won’t be bothered by certificate warnings until 2013. (The new service certificates will expire in February 2011.)

Please contact me if you have any questions.

Photo Linking Fix

Friday, February 15th, 2008

Shortly after the big server rebuild a few weeks back I was examining the web server logs and I noticed that several sites were stealing bandwidth by linking images from the Photo Gallery directly into their web sites. So while I was rebuilding the web server I implemented a very common Apache mod_rewrite recipe so that these bandwidth stealers would get a very different image than the one they linked to — nothing gross, just the pic of me playing the ukulele that I drag out every now and then.

Well, apologies if you accidentally got that photo when you were trying to print your Photo Gallery pictures through Shutterfly. I hadn’t thought about that, but it’s fixed now.

WordPress Upgrades Scheduled

Wednesday, February 6th, 2008

I will be upgrading all WordPress installations tonight from version 2.3.2 to 2.3.3. Blogs will be offline for a short period of time around Midnight.

In the interest of security, I have already updated the version of the vulnerable xmlrpc.php file to a patched version in each installation with no obvious ill effects.

New Certificates

Saturday, January 19th, 2008

I spent last night rebuilding the certificate authority and creating new certificates for all TLS and SSL-enabled services. Very early this morning I pushed the new certificates for HTTPS, SMTP STARTTLS and IMAPS into production and they seem to be working fine.

The beauty of this is that you can now set-up the CA certificate as a trusted authority in your web browser and/or email client and you won’t be bothered by certificate warnings for the next five years. (The individual service certificates expire yearly.)

I’ll try to get a page up here soon explaining how to import the CA certificate (you should just be able to click the link above to install it in your browser), but please feel free to contact me if you have any questions.

Mail and User Account Migration

Friday, January 11th, 2008

User accounts, IMAP service and SMTP will be migrated to the new server Friday night, January 11, between 10:00PM and Midnight EST. During this time period SSH logins will be disabled (including scp) and mail services will not be functional. Incoming mail will be queued on an external server so nothing should be dropped.

Please let me know if you have any questions.

UPDATE 1/12/2008:

I’ve synchronized all login accounts and moved SMTP and IMAP to the new server. IMAP and SMTP relaying have tested good using SquirrelMail and Thunderbird. Exim is receiving mail and testing it with SpamAssassin.

Jessica reported a password problem, which has me a bit nervous, so please try to test your accounts ASAP and let me know about any problems.

The Great WWW Re-Org

Wednesday, January 9th, 2008

During yesterday’s SquirrelMail migration I re-remembered that you can’t use multiple SSL certificates for different Apache NameVirtualHosts. This has put the kibosh on my plan to split all the web services out to different DNS hostnames — everything’s gotta move back under www.

So far that will probably only affect the Photo Gallery, the Kid Amnesiac blog and the new home page (i.e. the new apps I’ve implemented since the rebuild). SquirrelMail went under www where it needed to be since I discovered the problem while migrating it yesterday.

The new structure will look something like this:

  • (Home Page)
  • (Photo Gallery)
  •<blogname> (Blogs)
  • (Web Mail)
  •<username>/ (User Home Pages)

I’ll try to schedule the change for tonight. Please let me know if you have any questions.

UPDATE 1/10/2008:

Last night’s migrations ended up being a bit more complicated than I thought. After a bit of pain Gallery and the home page have been migrated. The Kid Amnesiac blog will have to wait for tonight.

UPDATE 1/11/2008:

Last night’s Kid Amnesiac migration didn’t go as expected either — Jessica told me she’d break my face if I moved the blog URL again.  So instead I just moved it off of the Debian wordpress package and onto a clean copy of 2.3.2 and left the URL intact.  There was some database pain involving character codes from where blog entries had been copied in from Microsoft Word, but that appears to be fixed now.  I also decided to move the home page out of /home and into the root — much easier to do know that I know how to separate out the index.php file from the rest of the WordPress installation.

SquirrelMail Migration

Tuesday, January 8th, 2008

Jessica, Simon & I all have the plague today, so I took advantage of the sick day to migrate SquirrelMail to the new server.  So far everything seems to be functioning properly. Address books and preferences should be synchronized. Sending mail works fine.

All SquirrelMail functionality will be a bit slower until I migrate the SMTP and IMAP services over to the new server as well. That’s a bit more complicated, but might happen this weekend.

Please let me know if you have any problems.

New Server

Sunday, January 6th, 2008

I’ve finally built the new server — this time with RAID 1 disk mirroring as promised! Actually, I just rebuilt the old (the server that ran out of my San Francisco apartment February 2004 – May 2005), this time running Ubuntu Server and making use of that second SATA hard drive that I always intended to integrate. I’m particularly happy with Ubuntu. The install was remarkably smooth, and I’m excited to have the manageability of a Debian derivative combined with the up-to-date software provided by Ubuntu’s six-month release cycle.

Last week I drove the new server over to the colocation facilities at IgLou Internet Services and got it up on the Net. So far I’ve migrated DNS, Gallery and Kid Amnesiac to the new server. A first attempt at migrating Squirrelmail had some bumps, so I’ve backed off for a few days. Mail, user accounts and the remainder of the web site will follow shortly.

Some Services Restored

Thursday, December 6th, 2007

The ISP has replaced the server’s harddrive and has reinstalled Debian on it. The old harddrive is still attached, but the filesystem is trashed. I’ve got a bajillion files in the lost+found directory with completely meaningless numerical file names. I’ll see what I can do with this mess, but it’s gonna take some time.

In the meantime, here’s the status of what I’ve restored so far:


Most accounts that appeared to be active at the time of the disk failure have been restored. Home directories and email folders are semi-restored. If you have an account that you are interested in maintaining, please try to login to via SSH (or at least by SquirrelMail) to confirm the status of your password, files and email folders.


All e-mail functionality has been restored, including IMAPS, SMTP and SMTP STARTTLS AUTH. SquirrelMail is tested and functional, as is MUA access using Mozilla Thunderbird.

Also, I’ve started rejecting obvious spam (SpamAssassin score >= 12) at the gateway. I tried this in the past and had some problems with false positives, so I’m being extra careful this time around. Already rejected 412 in the last 48 hours. This isn’t the best set-up, but it’s at least RFC compliant and nothing gets bit-bucketed. If you’re still getting spam in your inbox you can use procmail to filter on the SpamAssassin mark-up, or you can use SpamAssassin or bogofilter on your own. (I’ll try to provide details later.)

Photo Gallery

I really hope you all didn’t use as the the only repository for your photographs, but if you did I’ve made some progress recovering the JPEG’s on the old filesystem. Last night (10/22/2007) I recovered 8822 digital photographs (7.3G) and sorted them out into directories based on the model of camera they came from (as taken from the EXIF tags). Photos can be found here for the time being.

The last “back-up” of the OK Computer Photo Gallery occurred in May 2005, right before we relocated to Louisville. I’ve restored the Gallery from this back-up. My apologies for all the lost work, but that’s really the best I think I can do with this application.

New Server?

Now that it’s the end of the year and I’ve got a bit of time, I’ve started building a new server with RAID1 disk mirroring. Yes, you heard right — almost a real back-up strategy. I need to do some scouting for a co-location facility, but pretty soon we should be up and running in glorious double-hard-drive stereo.

Disk Crash

Tuesday, October 16th, 2007

The server has suffered a nasty disk failure and is going to be down for a bit. We are currently working as hard as we can to restore as much data as we can and to get services running again. Details to follow.

Many thanks to Tony B for for hosting web and DNS services while we rebuild.