en-us The phpPhobos web-site is the attempt to create a Web-site with a security in mind. Check the documentation for it. This slight web-page portal has for main focus - security in coding and design. This means - that very strict rules are applied in any operation that affects the security of data and access to the system. http://stargate.solsys.org it took some time to actually get the Furniture for our (my wife and mine) office, and since it came last week, I couldn't push back the fact that I needed to move the server from it's old (non design) Rack, to a new one I am partly responsible for. For the sake of Administration, I did put in a KVM, and mounted a screen outside on the Rack, and even added a space for the keyboard, making it look pretty cool in the end. I just hope I won't get a temperature problem, as it's all in the same room. On the same occasion, I removed the FreeBox and put my beloved RB493G routerboard back in, helped by a Modem/Router which provides the bridge on Free's network. ADSL over a kind of ATM network. Pretty weird, and broken by design IMHO. http://stargate.solsys.org/index.php?news=240&expand=yes Seems the French Telecom and Free Telecom play the ping pong game. France Telecom says the physical line is Ok, and I tell Free Telecom the line is not OK and they see it too. According to this picture, the quiality is really really bad. If I have 15 minutes of connectivity without disconnects, I am lucky at the moment. No chance in playing any online based game at all. Especially during this Week-End. Issues have been fixed end of February - at last. Actually - when the temperatures got freezing, all of a sudden the connection was really nice. It didn't even take 4 or 5 days for the connection to be better after the big cold, it happened the first day. For me - this means the water is somwehere on an exposed place. After contacting Free/France Telecom again, I explained them my suspicion, and they checked. As predicted, the cable connection from our physical line was under water (actually - there was water in), That water was frozen, so it was easy for them to actually patch my line on another higher position, and making sure there is not water. Since then - no more connection issues (fingers crossed). http://stargate.solsys.org/index.php?news=239&expand=yes a recent massive spam-attack on my mailserver has put the latter one into denial mode. This means, that internal mails where still processed, sending out mails too, but the mail-server has refused to accept any Internet-inbound mail. After identifying the 6 IP-Addresses that where mail-flooding my mail-server, my ISP dropped routing from these IP's, and the mail-server could come back to normal operation. Note - the blue color is Rejected mails. You can find the local monitoring system with different time-scale and bigger views here. http://stargate.solsys.org/index.php?news=237&expand=yes Updated all data from the Linux Counter. You can see my linux-counter page here . Note that for some systems, the busybox binary won enable me to automatically update all data, however the manual entered data is accurate. http://stargate.solsys.org/index.php?news=235&expand=yes Upgraded the OS on Stargate from Ubuntu LTS 6.06.2 to 10.04 LTS (via 8.04.2). Some small quircks needed to get fix - but all in all it took barely 30 Minutes per OS Upgrade, and the fix at the end, a little bit of googling around, to identify that applications have changed API that needed to be adapted. A real 2 hours for the upgrade processes, and another 2 Hours for the fixes. Try that with windows - as going from Windows 98 through to Windows Xp then to Windows 7 :) Good Luck ! http://stargate.solsys.org/index.php?news=234&expand=yes I finally figured out why my connection has some outages. There are 2 causes for this - and I'm afraid I can fix only one. The Modem I have sometimes gets a hickup - and stalls. This one needs a hard-reset. I'll probably hook up a timer onto it's power supply to get it fixed. The other issue is a software issue on the firewall/router. The built-in hardware watchdog will go into shutdown mode instead of reboot mode - forcing a normal shutdown. Only a regular power-cycle can fix that one. However in the latter case, a firmware fix is out I still have to apply. and - for all issues, I'll hook up that firewall router to the timer to also get it power cycled once a day at dawn. This way - connectivity should be there during the day. Update: Updated the firmware of the router. A 2 Minute operation. Easy. Will see if the watchdog reboots are stable now. http://stargate.solsys.org/index.php?news=233&expand=yes As usual - I can't stand things/hardware that does not work at 100%. Hence - I ordered a replacement board, and put it in place today. The new router board is the next generation, means that it has Gbit ethernet ports, and provides a USB Port as a Micro SD port that could be used. A test has shown 38MiBytes of FTP transfer speed - which is a good indication for GB Network. It took me longer to actually get the new setup running - as the ethernet ports have been rotated somehow - making the backup of the old setup not compatible. After reconfiguring the interfaces and the firewall rules, everything is running smooth now on the router side. As som OID's have changed for the internal Monitoring, I also had to adapt these on the MRTG Configuration. [Update] After having in place the new router, the connection still dropped from time to time. A new call to my provider showed that the modem (Turbolink 1203 ADSL2+ Annex B) on their side is Ok. I then decided to connect a HUB (yes - old sweet HUB, and I'll never hand it out) and saw quite some errors on that short link. A short data packet capture showed that there were many CRC errors on the link. I then decided to buy a new ADSL2+ Modem. The Netgear DM111PBL-100GRS was the one I took (Have made very good experience with the Netgear Type products, especially on ADSL link). Hoked it into the data flow, and all issues were gone. I however wanted to know if the old router RB493AH was broken, or if it only was the old modem ? Hocked the old one in, and checked the link on the PoE/Ether1 Port. Still the issues. Note - the problems are existing on both sides. The old Modem, and the old Router. hence - both are broken. Probably due to a power-surge on the phone line (can't be the normal power - everything is secured through a USV with power surge protection). However - I can't protect the phone line itself. it would drop the the max. ADSL Speed to ADSL v1 -> 6MBit downstream. http://stargate.solsys.org/index.php?news=229&expand=yes while being on travel for work, suddenly I was unable to reach my home-site anymore. When I came back, everything was still running, except the internet connectivity would not work, and the reason was unknown. I first suspected an issue with my ISP, however testing it with them, it was not the ISP's fault, rather on my router. However - identifying the issue avered a pain, as it was not the a fatal problem, rather a non fatal. For the router, the interface was there, and it tried connecting to the ISP (ADSL), however never managed to get an answer. Seems something was not working right. At first - I though the flash-drive failed, so I reinstalled the router, and restored an old backup (2 Weeks old), Didn't work either. I then had the idea to disable the PPPoE interface, and use another interface of the 9Port Router (RB493AH). And this time - it worked.Needless to say, this entire operation has taken me most part of last night ... So to make it short, on port on my router is broken, the others still work. I'll make sure to have a backup router at hand for the next time this kind of issue happens ... http://stargate.solsys.org/index.php?news=228&expand=yes a new law comes - and this one base on the FSK From January 1st 2011, all sites providing uncontrolled access to data are required to tag the data entries with apropriate FSK values. This is again - a stupid law - done by people having absolutely no idea on how the Internet works. So we see once again - how good our governments are working. Especially - how much brain they put into their decisions - namely: zero ! (It's not their fault - they have no brains left anyway, or just don't know how to use it) FYI - in germany, you see X-Rated content etc. in every magazin store, the X-Rated DVD's are aligned next to the kids animatinos in some Media stores. And you know how self-speaking the pics are on these magazines/DVD covers ! -> Sarcasm ON I think that I will add an own TAG on my site (will have to design it first though - so if anyone is a good designer and want to provide the open source software world such a Tag - you're most welcome). This Tag will be: -> Content not suitable for Politicians with IQ lower than 100% Eventually the Tag could contain a percentage Number in it - so we could add automatically if politicians with an IQ of 20, 50 or 100 could understand it. However - according to the latest info I have - even a Politician IQ Tag 20% would hardly be understood by any politician ... Where there is no brain, there cannot be any intelligence... -> Sarcasm OFF NOTE: This site will not be affected. As the Admin of this site has to actively enable content ! every entry is controlled by HIM -> BOFH ! http://stargate.solsys.org/index.php?news=225&expand=yes It is quite amazing. You buy some new hardware, shiny new disk, CPU, memory, Case, DVD-Writer etc. all in, migrate the old system to that hardware, adapt all scripts for automation, monitoring, remote access and apply the newest patches etc. You tell yourself, that for the next 5 years there won't be any more hardware related issues showing up. That box then runs for 2.5months, and suddenly you are bombarded with S.M.A.R.T. alerts sent to you, and the full-backup is unable to go through any more. Num Test_Description Status Remaining LifeTime(hours) LBA err # 1 Extended offline Completed: read failure 90% 4220 233938 # 2 Extended offline Completed: read failure 90% 4214 233938 # 3 Short offline Completed: read failure 90% 4214 233938 18734569.984000] ata1: translated ATA stat/err 0x51/40 to SCSI SK/ASC/ASCQ 0x3/11/04 [18734569.984000] ata1: status=0x51 { DriveReady SeekComplete Error } [18734569.984000] ata1: error=0x40 { UncorrectableError } [18734570.008000] sd 0:0:0:0: SCSI error: return code = 0x8000002 [18734570.008000] sda: Current: sense key: Medium Error [18734570.008000] Additional sense: Unrecovered read error - auto reallocate failed [18734570.008000] end_request: I/O error, dev sda, sector 233932 [18756960.812000] ata1: PIO error You go back to the shop you got the computer from - to tell them that you'd need a new harddrive, as the old one is dying (slowly but steadily). And the only thing the people in the support center of that said shop tell you is: Staff: Well - bring in the computer, and we'll send it in. It'll take around 4 weeks for a repair. Even though I explain them - that giving in the hardware is not an option, that's all they stick with (because they don't know of any other way, or no one actually told them, that there is indeed another way). Back home - I contact the Technical support of MSI, and they told me that it's absolutely no problem for me to fill in a RMA form and specify that only the disk is to be replaced. What does this tell me ? First - I'm not likely going to buy any computer in that "Professional" shop again. Second - the Support staff is barely capable of telling you the difference between a computer and a hard-drive - verdict: useless. I guess they can only impress people by using IT abreviations, but I doubt they really know what these abreviations stand for. However - to send the disk back in, I need to first get another disk - which I did in another shop of course. Anyway - now that this disk is being installed - and this time during formatting I do a read/write badblock test (which takes ages), I'll be sure everything is OK on that one. Oh - I almost forget. I never liked WD disks, and my dislike has been confirmed once again. The old disk is a WD drive (WDC WD5000AAVS-22G9B1). The new one I got is a Samsung (HD503HI). Since 5 Years I am now using Samsung drives in all my systems (if I have the option to choose), I never had an outage in such short time. Server disks died after around 5 Years of service. But that's OK as I had planned for that (Using Raid 1 where ever possible or a decent backup policy). So - all I have to do is replace the drives. The disk replacement went not as smooth as I'd hoped. The usual issues with /var/run files on Ubuntu systems stroke again. Until I figured it out - 30Minutes were gone. In fact, I was lucky. Almost the same minute I had sync'ed my old disk to the new one (using rsync) and unmounted it, the system crashed. Guess that was too much stress I inflicted in one time. Anyway - tried rebooting from the broken disk - the kernel-files/modules seem to have gone to Nirvana - means the bad blocks have expanded to places where it was fatal. No recovery possible, had to mount the disk externally to try to see what is going on. http://stargate.solsys.org/index.php?news=223&expand=yes my old NAS beeing dead (kind of had to expect it, the server died, and the NAS was not much younger than the server) - I decided to go for a replacement having the following features: Low power consumption Raid capability Linux OS, that can be adapted to own needs Possibility to use more than 2 disks, preferably enough to hold a Raid5 SMART Monitoring capability for all disks UPS Support - Back-UPS CS 350 After lots of searching & Googling, I finally cam up to choose the SS839 Pro from QNap. It offers me what I wanted, and more The SS-839 Pro Turbo NAS is the 8-bay, 2.5" SATA HDD network-attached storage server for business users who need a power-saving, high performance, and reliable network storage solution with professional features such as advanced RAID protection, built-in iSCSI target service, and AES 256-bit volume-based encryption. This system has been equipped with 6x640GB Samsung SpinPoint M7 2.5" Disks - configured as Raid5 + Spare Disk providing around 2.3TBytes of storage capacity. The disks of the old NAS (40GB Disks - 1 Broke, and I still had a replacement laying around), have been added too - to form the Encrypted Raid1/Mirror location on the NAS. All private and sensitive Information is stored on it. Note that once shut down - the Raid1/Mirror Device needs to be unlocked manually. /dev/md0 2.3T 558.6G 1.7T 24% /share/MD0_DATA /dev/mapper/md1 35.2G 5.8G 29.4G 17% /share/MD1_DATA Remote backups are still done the old way - using my backup-scripts (check the FAQ for more details on my site), except for the sensitive information. I don't want that information to be stored on the unencrypted devices, hence the use of rsnapshot on the Raid 1/Mirror device. Should be enough security. The negative side of this little Device is that it's trying to do too many things - kind of getting bloated as Microsft OS's are. To counter this issue, I removed most software and functionality I could without being intrusive (I still want to be able to perform Firmware updates the easy way), however all the Multimedia capability - which has nothing to do on a NAS - has been removed. I am still struggling as to remove the WebInterface (configuration etc.) and eventually replace the loaded system kernel (the actual version does not provide any iptables for firewall capability). http://stargate.solsys.org/index.php?news=220&expand=yes The Budget module is solely a way to have an overview of what fix costs a person has, to be able to evaluate if the monthly income is enough to handle these. It displays in a table format, how much money will go away every month so people realise what they can really spend.In addition to that, it will calculate how much money one has to put aside every month, so the big bills at the end of the year won't eat up a full monthly income. The Block function will show what the will be spent the actual month. As usual - the Budget module is accessible to registered users only ! Check out the documentation for more info. http://stargate.solsys.org/index.php?news=219&expand=yes the timesheet software, web-application clone from the PAZE software, has had some new features added. Most data for a yearly holiday display was already available. So - all I had to do - was to format the data into it's own view. The other added feature required more interaction with the system. As a traveled distance submission had to be added, and put into a view. The result is quite pleasant. The main TimeSheet view will show if a car trip was done, and the overall Driver's log view will show all the trips done with the car so far. BTW - localisation in French and German exist too. http://stargate.solsys.org/index.php?news=218&expand=yes Well - what I suspected to happen, happened. In fact, in 24hours, I had 6 Bot-Login requests coming through. I don't know, if valid/real requests had been made here though. From the submitted E-Mail Addresses, I do think that these are Bots. Seems I'll have to add a possibility to identify living human brains somehow. Note that the system requests the User to validate his request. he is being sent a link to activate. If he does not do it - even the admin can not unlock the account. So - the Bot-detection is plain simple, and works already. Only that I didn't expect to have such a high number of account requests to come through. Only - how will I do this ? There are many ways out there - and IMHO - I think I will just deactivate the Creat-login option, and if someone wants to have a login, I'll add it myself (as a Site-Admin). http://stargate.solsys.org/index.php?news=215&expand=yes it looks like some bots are very active, and have a small AI permitting to perform login requests. Upon user request - I had reactivated user-account requests on my website. It didn't take 1 Hour for 2 Account-requests to get through, obviously with wrong E-Mail addresses. I'll observe the overall behavior. If it get's overhelming, I'll disable Account-Creation again. http://stargate.solsys.org/index.php?news=214&expand=yes as the old one did die randomly, and it is of over 10 years old already, I decided to go for a new hardware. In fact, I found in a shop nearby a MSI Wind PC2325VHB with 2GB Ram, 500GB Harddisk, and an Intel Atom 230 @ 1.6GHz. All I had to do, was to copy the content of the harddisk of the old server over, make sure the network card driver worked, and the new mac-address was assigned to eth0. Also, the grub-loader had to be reconfigured to boot from a S-ATA disk instead of a IDE disk. Result: The system is screaming fast compared to the old hardware (It also uses up to 35W of power all by himself), and the move was pretty painless, compared to what my friends with their windows systems experience... http://stargate.solsys.org/index.php?news=213&expand=yes For a long time, the stargate server was not able to perform an automated reboot. It was quite difficult to figure out why, the loopback interface did not come up. However, after following the boot-up process several times, it avered that the /var/run could not be mounted as virtual filesystem, as it would be overmounted by the /var Partition. However - the ifup program looked in the /var/run/network file to see if an interface is already configured. When the system did shutdown, the lo-interface was still existing on the physical /var/run/network file. Hence - it was already configured, and the system would not configure it again *shrug*. Editing the /etc/init.d/loopback file - I added a --force to the command configuring the lo interface. This prevents the ifup program to look into the /var/run/network file. Now - the server can boot up without human interaction. I still wonder who wrote the ifup program to work in that brain-dead manner. IMHO - at system boot up - the network LoopBack interface has always to be brought up. This is too much flexibility here ! http://stargate.solsys.org/index.php?news=212&expand=yes as it seems, many spammers and spam-networks come back to life, and the bayesian filters are not capable of reaching a high enough score for tyhe spam-system to identify and lock out SPAM, I have reactivated greylisting capability to see if it locks out some more spam. Right now - about 10 get through the spam-filter a day. Hopefully, this will work. http://stargate.solsys.org/index.php?news=211&expand=yes A new hard-disk, 160GB has been put into place. With this - hopefully, all issues should go away. Note - it is possible that some files are missing - as some errors were notified during the copy process. However, taking a copy of the still running system has probably less missing files than a 28 hours old backup. For those reading their mails on my system, if an old mail is missing - let me know. I can restore it from the old backups (50 Weeks rotation is configured)... http://stargate.solsys.org/index.php?news=208&expand=yes the harddisk of stargate starts to fail. As I'm locked out on an island, and no ETA for my return is available, I tried to fix all issues, relocate the bad blocks on the harddisk. Hopefully this remote-repair operation will last long enough until my return to swap the hard-drive. http://stargate.solsys.org/index.php?news=207&expand=yes Added a small addition to the site active_users function. It now extracts data from the referer to identify the Operating system of the requesting browser, and displays some statistics. All non identified Operating systems known are Linux, Windows and Macintosh - go into the group Other. Note that the percentage is calculated on every page access. http://stargate.solsys.org/index.php?news=205&expand=yes The servers are in place now. Took some time to find a place to put them, but at last, as they are passively cooled, I had to find an open space for them. The UPS and KVM Switch are of course also available, as a screen and keyboard for admin tasks. Check for yourself. What you see here, are from top left to bottom right: Routerboard RB493AH Firewall Router (ADSL Modem is hanging on the left side of the Rack), Screen/Keyboard, Philips Skype Telephone. Down one - KVM Switch, External Backup Drive for time-based backups (Incrementel, full and mirror backups), then the NAS Server (hosting 2x40GB Harddrives in Mirror mode for availability of the data). Note that all data disks are encrypted. Last but not least, the Mail/Web Server itself and the 350VA UPS which is a quite nice addition for any hardware in place. In case there is a power outage - I still can use the phone and the internet for about an hour. The Screen is not by default plugged into the UPS to have a maximum duration for the important systems. Note that all hardware plugged to the UPS drain about 48W of Power if the external Backup disk is powered up and not in sleep mode. In Sleep mode - all these systems use about 42W. http://stargate.solsys.org/index.php?news=202&expand=yes The hardware has been moved to a new location. Up to now - it is in a temporary space which needs to be reworked as soon as a new storage rack has been found. Eventual outages can not be avoided. http://stargate.solsys.org/index.php?news=201&expand=yes The test has shown that about 5 Spam-Mails a week get passed the spamassassin with greylisting disabled. The issues with mails not being delivered immediatley due to greylisting, in case the sender is not in the users whitelist, was beginning to be a big hassle for everyone. So - the decision has been taken to disable greylisting completely. http://stargate.solsys.org/index.php?news=197&expand=yes as Spammers do more and more count on greylisting, I decided to remove greylisting for a while to see if it changes anything on the hit-rate of the installed anti-spam engine. If the results are similar to those achieve with greylisting - the former will stay disabled for the future as of no use any longer. http://stargate.solsys.org/index.php?news=191&expand=yes