Ogre.com

I upgraded my dev box to Fedora Core 9 yesterday, which mostly worked well (except, it botched the grub boot loader, and failed to upgrade ~4GB's worth of FC6 packages). Most things went well, except the migration to PulseAudio. It ended up starting in a "broken" state, and then Gnome gets really unhappy (including any Gnome apps). Looking in syslog, I'd see

May 18 22:57:05 loki pulseaudio[2733]: main.c: Called SUID root and real-time/high-priority scheduling was
requested in the configuration. However, we lack the necessary priviliges:
May 18 22:57:05 loki pulseaudio[2733]: main.c: We are not in group 'pulse-rt' and PolicyKit refuse to grant us
priviliges. Dropping SUID again.

Adding my user to the pulse-rt group seems to have fixed this particular problem, so things are happy again. Getting Firefox and Flash to work was a whole different story, doing a number of web searches, a few suggestions to use libflashsupport. However, digging deeper, setting the environment variable FIREFOX_DSP also does the trick. E.g. something like this in your firefox startup script:

export FIREFOX_DSP="aoss"

Our friend Andy Ihnatko was in town last week, and we met up at the Pancacke House in Boulder. Geeks as they are, Michelle and Andy started taking photos of each other, turned out to be a pretty cool picture:

I've been painfully aware of the threat to our oceans for a while now, but I know how badly we're killing off our diminishing shark population. 100 million sharks are killed each year, primarily for shark finning only. This has a devastating effect on the entire ecosystem in the ocean, on the scale of global warming, or worse! Not to mention the insane cruelty and wasteful hunting of these mostly harmless animals. I'd swim with a school of sharks any day (in fact, I have), but I would never consider walking with a pack of lions, or go near a grizzly.

I just finished watching the documentary Sharkwater, and if you haven't seen it yet, please watch it. It's sad, scary, and quite eye opening. We're destroying the oceans, and it's happening fast. More information about the film, and the danger to the shark populations and the oceans at [http://www.sharkwater.com/ sharkwater.com]. Please help, write about it in your blogs, tell your friends, get active! I've started a new "section" on my site, to start collecting information and links about this issue. See http://www.ogre.com/sharks/ .

For some reason, my boxes seem to get a lot of login / hacking attempts to them. For a long time now, I've deployed an iptables filter that blocks a lot of these attempts. They still keep trying, even though they only get a few attempts per IP. Maybe I'm sticking out my head too much here, showing what my filters are, but I figured that someone else might find this useful. And besides, if knowing my filters makes me more vulnerable, then I rather find out about it.

So, here it is (well, the parts of it that blocks login attempts):

-A INPUT -p tcp -m tcp --dport 22 -m state --state new -m limit --limit 10/hour --limit-burst 4 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 22 -j LOG --log-prefix "IPTABLES SSH-LIMIT: "
-A INPUT -m tcp -p tcp --dport 22 -j DROP

-A INPUT -p tcp -m tcp --dport 21 -m state --state new -m limit --limit 10/hour --limit-burst 4 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 21 -j LOG --log-prefix "IPTABLES FTP-LIMIT: "
-A INPUT -m tcp -p tcp --dport 21 -j DROP

Be careful to not lock yourself out. If you need to go over these limits from a particular IP, whitelist it first with a rule to always grant access.

During my upgrades to the new system, I installed a new (latest) version of Cyrus IMAP. This version has support for "global" Sieve scripts, which can be :include'ed by user scripts. My old configuration for imapd.conf has user "leif" marked as an admin, which has never been a problem. But, in this new version of Cyrus and Sieve, if an "admin" user uploads/modifies a Sieve script using sieveshell, they get stored in the "global" area. This certainly makes sense, but took me quite a while to figure out. The solution, of course, was to not have user "leif" be marked as an admin.

I've been working for a while now moving all "ogre.com" servers and services to my new cari.net server. This has mostly worked well, but I ran into a problem with Cyrus IMAP and Sieve. I just couldn't get it to let me connect to the sieve daemon using sieveshell, e.g.

leif 266/0 # sieveshell -u leif -a leif localhost
connecting to localhost
unable to connect to server at /home/server/bin/sieveshell line 169.

I did a bunch of web searches, and finally found out that I need to add this to my imapd.conf file:

allowplaintext: 1

SASL2 is very clever and cool and what not, but a PITA to configure ... I already use SSL (TLS) or SSH for all my remote connections, so I don't really care that the password is in plain text.

I just moved ogre.com and all my other sites to a new ISP, http://cari.net/ . So far so good, excellent system, nice bandwidth, all at a very reasonable price. Oh, and their setup time was really fast. The IP they gave me was mostly "clean", although the netblock they have is blocked by Yahoo, which fortunately isn't a problem for me, and I managed to quickly get my IP unblocked.

All in all, I'm very happy so far.