fak3r

If you’re like me, you’ve messed up your xorg.conf before and wanted to start over with the default that you know dpkg-reconfigure can set it to.  Because of this I’m posting here because I’ve needed it multiple times in the past and have tired of looking it up!  To automatically reconfigure Xorg in Debian or Ubuntu issue the following:

sudo dpkg-reconfigure -phigh xserver-xorg

Then logout/login or restart X via contrl-alt-backspace.  As one who tweaks things a bit more than he should, this has saved me a few times now. Props go to a poster on this page.

UPDATE: I’m reworking my config blending in the security ideas found on camomel.org they’re really thought things through on this, this should make for a very secure environment.

I’m always trying new software, and with the webserver I’ve moved from Apache 1.3 to 2.0 to 2.2, and then later I moved everything over to Lighttpd, which I’ve liked, save for some memory issues that popped up.  Now, enter a web server named nginx (engine x), written by a Russian hacker. It’s already proved it’s meddle by running some of the largest Russian sites for years now.  It has the speed of Lighttpd, but with none of that memory weirdness, plus it uses a fraction of the CPU, so scaling should be smooth for highly visited sites.  It also does cool things like load balancing, reverse proxy, IMAP and POP proxy, etc, so I can see it being used in a variety of ways on a network.  It took me some time to understand how to configure it, which was a case of me just making it harder than it really is, so I wanted to post it here.  Look for updates as we go along, but this is currently backing a Production site I manage.

user					www-data www-data;
worker_processes  			5;
pid 					/var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include				/etc/nginx/mime.types;
default_type			application/octet-stream;
log_format main 		'$remote_addr $host $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” “$http_user_agent” ‘
‘”$request_time” “$gzip_ratio”‘;
access_log			/var/log/nginx/access.log  main;
error_log			/var/log/nginx/error.log;
sendfile 			on;
tcp_nopush        		on;
tcp_nodelay      		off;
keepalive_timeout		65;
gzip				on;
gzip_http_version		1.1;
gzip_vary			on;
gzip_comp_level 		6;
gzip_buffers			16 8k;
#gzip_proxied			expired no-cache no-store private auth;
gzip_proxied 			any;
gzip_min_length			1000;
gzip_types			text/plain text/html text/css application/json application/x-javascript
text/xml application/xml application/xml+rss text/javascript;
server {
listen			80;
client_max_body_size	50M;
server_name 		server.domain.com;
root 			/var/www;
index  			index.html index.php;
access_log  		/var/log/nginx/access.log  main;
error_page   		500 502 503 504  /500.html;
location = /500.html {
root		/var/www;
}
location ~* ^.+.(jpg|jpeg|gif)$ {
root		/var/www;
expires         30d;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
}
}
}

When you run a webserver behind a reverse proxy or HTTP accelerator like Squid or Varnish, the webserver access logs will display the IP of the proxy (generally 127.0.0.1) instead of the end user’s IP.  This not only breaks any kind of tracking or reporting you want to run against your webserver logs, but it also takes away a datapoint I’ve had use for in general server admin tasks. This server runs Varnish in front of Lighttpd, and it reveals the end user’s IP in the header as X-Forwarded-For, so it’s just a matter of making Lighttpd (lighty) use that variable in its access logs instead of the default variable defining the referring IP. Once we know that, the configuration is simple; in lighttpd.conf, enter this:

accesslog.format = "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b /
\"%{Referer}i\" \"%{User-Agent}i\""

For the definition of these variables, and plenty more, hit Lighty’s wiki. Props to the poster on the Varnish mailing list for bringing this up and reminding me to fix it! I’ve sent this link to the list so now it’s out there.

PayPal has used Open Source and Linux exclusively.  In an op-ed piece, Matthew Mengerink from PayPal gives his four reasons why Open Souce is Essential to Success. “PayPal transacts more than US$1,500 every second of every day, with millions of people around the world relying on the robustness of its system. It comes as a surprise to many people that PayPal runs such a large financial services company on an open source platform, but that’s precisely how we’re able to deal with the two competing demands our business Over 800,000 High Quality Domains Available For Your Business. Click Here. model places on us: security and innovation. The economic, operational, development and security advantages of open source and Linux put us in the perfect position to both grow and innovate in a safe and secure manner. Here are four reasons why we love our open source system — and four tips for you if you’re thinking of making the switch.“

It’s time for a new laptop, as I’ve detailed, I’ve ripped apart, inserted coins and duct-taped  the old iBook back together again enough times, and it’s no longer viable. It’ll work fine on a flat surface, but if you try to use it as a laptop the minor flexing must loosen the video chip, because you quickly find your video locked, with a hard reboot the only fix. The wildcards are me as a buyer, since I’m hardly ordinary with my expectation that any laptop or desktop I’m going to buy is only going to run Linux, and the recent announcements by HP, IBM/Lenovo and Dell about their Linux support (some even pre-installed), I knew I’d finally have choices to consider. In the end I came up with a pretty current system, that Debian or Ubuntu will be 100% compatible with, and will be proud to call home. The detailed specs:

Intel Core 2 Duo T5470, 1.6GHz, 800Mhz FSB, 2M L2 Cache
15.4 inch Wide Screen XGA LCD display
1GB, DDR2, 667MHz 2 DIMM
128MB NVIDIA GeForce 8400M GS
120G 5400RPM SATA Hard Drive
Integrated 10/100 Network Cardand Modem
8X DVD+/-RW with double-layer DVD+R write capability
Integrated High Definition Audio 2.0
Intel 3945 WLAN (802.11a/g) Mini Card
Integrated 2.0 mega pixel webcam
Integrated Bluetooth
85 WHr 9-cell Lithium Ion Primary Battery

This is more system that I originally spec’d out, but the price was right, so I’m very happy.  Before I reveal which brand I picked, I’ll tell the interesting story of how I ended up with the ‘top I did, and how things compare for laptop Linux options these days, it’s an interesting ride.

NOTE: feel free to Digg this article if you like it.

(more…)

As a IT contractor I’m enjoying giving my opinion when asked, and sometimes even when I’m not asked; I have the confidence to be open and honest with everyone and want them to know that. Because of this I’ve been getting to do things I otherwise would not have since they would not have known I was interested or experienced in such things. One of the things I was hired for was to setup Apache on Linux to work with their web instances. It’s been fun, and while I’ve used Apache for over 10 years, there’s always new things to learn. Recently they asked for my opinion on ’support’ options for Apache. Keeping in mind, they already have support for the hardware and support for the Linux distribution, they still think they need another support channel for Apache. To me this a big waste of money and have somewhat made my case to them. While I understand their position that this support is a way to cover themselves if Apache ‘breaks’, the fact that this software is Open Source has to change the way they have traditionally considered support.

(more…)

I’ve read a few posts online that review Dell’s Linux support, and most complain that they have to call the ‘regular’ number first, only to get the “What version of Windows are you running?” support. After redirected to the correct number for Linux support, they get excellent support. So, to try and help propogate the Linux support numbers, I present them here. Dell’s Linux support number for hardware is 866-622-1947, and for software it’s 866-982-8688. Additionally, the online Linux Community Support forum will likely solve most problems for you even before you’re done dialing.

Classic, nice to have this back as an option; you can now get Tux on a Visa card from linuxfund.org. If I wasn’t completely enamored with my ‘Working Assets’ card I’d grab one of these. Who knows, maybe sometime down the road I’ll get one, it’s for great causes of course, “Each time a cardholder uses their card, a donation is made to The Linux Fund by the card issuer, U.S. Bank. These donations add up to tens of thousands of dollars per year which The Linux Fund then gives out in grants. The Linux Fund has donated to new ideas and teams who maintain things like Debian“. Would be really funny to see Puffy from OpenBSD on a credit card…but I’m not sure if I’d want to use that one!

Oh yeah, I’m going to Defcon again this year, just found out this Friday for sure. It’s August 3rd - 5th, in Las Vegas, and this year it’s all paid for by my new consulting group; what a great thing. I argued that I would learn so much more there than any class, for a fraction of the cost; and I will. More on this later.

UPDATE: thanks to a comment below from Ted, we now have a solution to have this option persist across kernel updates.  In grub, “…at the end of this new menu item add it as an argument to the line:

defoptions=quiet splash irqpoll

I knew there had to be a way, thanks for the post Ted!

There’s a known bug in Ubuntu 7.04 (Feisty) with some ata detection routine that causes the system to take over 2 minutes to boot. Since this has happened to me more than once I’m documenting it here for me, and for other desperate souls that may find their way here. If your system is very slow to boot, and you see error messages in your dmesg (`dmesg | grep ata`) such as this:

[ 34.122465] ata1.00: qc timeout (cmd 0xef)
[ 34.122519] ata1.00: failed to set xfermode (err_mask=0×4)
[ 34.122565] ata1: failed to recover some devices, retrying in 5 secs
[ 46.260055] ata1: port is slow to respond, please be patient (Status 0×90)
[ 69.218482] ata1: port failed to respond (30 secs, Status 0×90)

You just need to ad `irqpoll` to your grub line. So in so in /boot/grub/menu.lst I added irqpoll to the kernel line:

kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=48c5a348-eb39-4171-8531-671a49fdb75b ro quiet splash irqpoll

and it fixes the issue. Probably a work around, but since this resets every time you install a new kernel you’ll realize when it’s broken and when it’s fixed. Oh, and my system boots in 21 seconds now…is it geeky that I know that, and I tweaked the system to make it boot faster than the 27 seconds it was booting in? I guess we’ll never know!