Mine started even worse than the last one ended.
click here for the rest of the story...

[ published on Tue 29.05.2007 15:35 | filed in still-not-king | ]

click here for the rest of the story...

[ published on Mon 21.05.2007 18:26 | filed in brainfarts | ]

Tony Nelson pointed out a bug in glibc's gethostbyname() which causes pam_recent failures in mixed ipv4-v6 situations. The problem is worked around and the docs have been improved.

Version 1.3 can be downloaded here.

[ published on Mon 21.05.2007 18:07 | filed in mystuff | ]

...and it doesn't dig many if not most of my files. Damn dumb beast!

Well, no more. swish-e seems to be better behaved, and actually works! duh

These guys have cooked up a tiny perl CGI frontend (which I've reworked and cut down a lot further), and the search functionality on this site works again.

I've also fixed a long-standing annoyance of blosxom: plugins can't cleanly set the title of a page from the story title, because the header plugins run first and the story plugins have no official access to the output. The fix is Really Dirty, in the best tradition of blosxom which is Abysmally Dirty Code: a plugin with a sub last {...} that massages $blosxom::output. If it finds exactly one story in there, then it changes the <title> to that story's title. Hideous but it works, and the search interface can display story titles instead of just the boring story links.

If you want to play with the Abominable Code for this stuff, let me know. fakefake

[ published on Wed 16.05.2007 17:32 | filed in interests/comp | ]

I dislike spam, very much, and repeat offenders deserve all my wrath. Here's another use of the iptables recent module in a very cheap and simple manner, to limit the spam blasters' effects on me and my servers' life.

(I've said nice things about ipt_recent before here and here, both with example applications.)

I've just added these extra rules to the firewall setting on my mail servers:

 # smtp access is controlled by previous behaviour: spam me and you lose.
iptables -A INPUT -p tcp --dport 25 -j smtplimited
 # smtp: if mimedefang has flagged you as bad, you lose for 12h
iptables -A smtplimited -m recent --name SMTP --hitcount 1 \
   --seconds $((12*3600)) --rcheck -j TARPIT
 # clean up the old entries to unclog ipt_recent
iptables -A smtplimited -m recent --name SMTP --remove
 # and let people through if they've been good in the past
iptables -A smtplimited -j ACCEPT

My mimedefang filter has been instructed to (do the perl equivalent of) echo "+$ASSHOLE_IP" > /proc/net/ipt_recent/SMTP whenever it detects an asshole that tries to:

  • send email with a non-existent sender's address
  • send email to one of the spamtraps within my domains
  • send email to nonexistent addresses within my domains
  • send me spam (where the degree of spamminess is beyond any reason for doubt)
  • send me viruses

(The decision logic is actually a bit more complicated: I certainly don't blacklist known forwarders and backup MXes.)

The net effect is that when you do something nasty to me (email-wise), all your subsequent connections to my mail servers are tarpitted for the next 12 hours. Works great, easy to tweak if you want to be more lenient (just up the hitcount and adjust the following --revove rule) and reduces the time my systems have to waste on repeating the checks for surefire rejections on the smtp-envelope level. (I usually get about 5000-10000 rejections per server per day.)

[ published on Sun 13.05.2007 16:40 | filed in interests/comp | ]

Spam is good for something, after all. Two things in my case: First it gives me a nice flow of test mails so that I can verify that my servers do work as intended. The second use is that every morning when I get my first cup of coffee, skimming the spam&trash mailbox reminds me of recording my weight, which I check every morning before showering. Usually I have forgotten to write it down by the time I've finished doing my teeth, inserting my eyes, getting the coffee etc.

[ published on Thu 10.05.2007 12:02 | filed in brainfarts | ]

Ten minutes ago \rho-bert and Anitta left Oz for the last time. "Back to Europe" for them, "back to work" for me. We'll see how soon I cease speaking German because of lack of exercise.

[ published on Fri 04.05.2007 15:02 | filed in brainfarts | ]

Austria has no DMCA, so let's also publish the Magic Number here.

09-f9-11-02-9d-74-e3-5b-d8-41-56-c5-63-56-88-c0 (with a heartfelt "Leckt's mi am Arsch!" to the RIAA/MPAA/AACS goons)

Netzpolitik.org has some nice alternative renderings, and of course it makes a weird color bar, too.

[ published on Thu 03.05.2007 13:49 | filed in interests/anti | ]

Yesterday my car decided to celebrate the coming of the merry month of May.

While driving home in the evening, the horn started hooting uncontrollably, on and off and more on and more on and maybe off... Very annoying. Even more annoying is the fact that the horn is not coupled to the ignition, so it kept on randomly hooting after I switched off the engine.

It took me about five frantic minutes to determine that no, I won't find the correct fuse (if there even is one for the horn) anytime soon, yes, hitting the horn pad on the steering wheel has a 50% chance of shutting the sucker up for a few seconds, and finally...blissful silence, when I disconnected the horn. Fortunately on this Fart Falcon the horn is easily accessible once you open the bonnet and even has a convenient quick-disconnect plug close by.

Looks like the foam in the switch pad has rotten away. sigh. Well, at least it didn't fail when I wasn't around; my neighbours would have been real happy with a randomly braying horn during the night...until the battery would have died.

[ published on Tue 01.05.2007 14:44 | filed in still-not-king | ]

Debian Silver Server
© Alexander Zangerl