About Archive Tags RSS Feed


Entries posted in September 2008

If you don't learn to behave yourself - there won't be a tonight

2 September 2008 21:50

Yesterday I made a new release of the chronicle blog compiler. This fixes a bug in the handling of comments.

Previously comments were sorted badly, when they crossed a month boundary. Now they are always sorted first to last - which makes reading entries with multiple comments more natural.

Other than that I've been readying for the launch of a new MX machine for my mail filtering service. The process went pretty smoothly, and so I'm happy.

Still have that paranoid feeling that something will break, but at the very least I'll hear about it quickly thanks to the SMS-alerts!

ObMovie: Brief Encountery

| No comments


Wash your face and try again, if you survive.

3 September 2008 21:50

There are many online blacklists which are populated by volunteers. I'm looking for such a blacklist which contains records of hosts conducting portscans, ssh brute-forcing, or other similar "badness".

dshield looks good - but doesn't make the scanning IP availble - just shows the port data.

denyhosts allows you to upload/download a list of IPs trying to run ssh bruteforce attacks - but when I wrote my own RPC code to poll that list of IPs I found I couldnt' get the full list.

I'm aware that I could run denyhosts on a spare IP, then just copy the IPs it downloads but that feels icky...

I'm unaware of any existing service that I could use for my purposes.

So would there be any interest in a service listing only portscanning/ssh brute-force IPs? (Allowing DNS queries, XML-RPC, or rsync downloads of the submitted data.)

Obviously I have my own reason for wanting such a list of bad IPs... Those are probably obvious, but it does seem like it would be generally useful.

I'd be willing to host a server to process the submitted reports, and make the results available, but I guess thats the easy part. The hard part is persuading people to run my "submit IP" client. Which has to understand ssh logs, iptable logs, or something similar.. Ugh.

I guess between the machiens I work with and the machines I host myself I've got a fair number of IPs which I could collect scans from - I could populate the database myself. But this is a perfect job for distributed submission.

ObQuote: Batoru rowaiaru



I don't have no other pants!

5 September 2008 21:50

OK so I've knocked up a simple blacklist:

The source code behind it all is open.

Currently it is setup to import IPs which denyhosts has downloaded every hour, and it will also receive updates from several systems under my direct control.

If you wish to begin submitting your own reports you may get in touch, or read the documentation in the source repository. I'll document that on the site itself publically in a couple of days.

So far I see several people have rsync'd my zonefile a few times. I guess the domain name was a bit predictable.

ObFilm: The Great Muppet Caper



What you've got to do is eat this entire bowl of jello

5 September 2008 21:50


Two years ago I started running the xen-hosting.org setup, offering Xen hosting for 7 people for a reasonable price. (Basically to subsidise my own desire to have a big guest and not pay too much for it)

At that time I was charging £11.50 for a Xen guest with 256Mb of memory and 10Gb of disk space.

Each year since then we've managed to increase the spec. For the same price.

Two years on this means I'm now hosting 7 Xen guests with 1Gb of memory, and 40Gb of disk space, for that same price of £11.50 a month. Nice to see how things can improve as time goes on :)

In other news - It is just past our two year anniversary.

DNS Blacklist

Thanks to the people who said nice things about the DNS blacklist I setup the other day.

I suffered a couple of DNS-problems earlier in the day, but things should be back up and running for good now. I hope.

The ultimate cause was using ":" not "&" records with tinydns. Sigh.

ObFilm: Teenwolf

| 1 comment


Yo lunchbox, hurry it up.

9 September 2008 21:50

Today I received two kittens. They rock.

Somebody else who rocks? Martin F. Krafft.

Martin rocks because of this gem I came across today managing ~/.ssh/known_hosts via git.

The idea is that instead of having a single file known_hosts you have a known_hosts.d/ directory containing multiple entries that are concatenated together.

So neat. So obvious. So nice. Rock award.

ObFilm: Jay and Silent Bob Strike Back



Father... father, the sleeper has awakened!

10 September 2008 21:50

To solve performance problems I've now started to switch my SMTP servers from using the "forkserver" version of qpsmtpd to using the "prefork" version.

Under testing qpsmtpd-prefork performed significantly better than the qpsmtpd-forkserver for handling incoming SMTP connections.

The loadavg of one machine has dropped from a constant 2.xx to 0.4x!

I'd love to see what the asynchronous server would behave like, but that would require re-writing all my plugins to work in an asynchronous manner which would be a significant undertaking.

(It would be nice if the qpsmtpd package available to Debian would allow you to choose between the two version of the server - I will file a wishlist bug.)

ObQuote: Dune

| No comments


Hey, Ash, where are we?

17 September 2008 21:50

I'm currently fighting with MySQL. The following takes too long:

mysql> SELECT COUNT(id) FROM q_archive;
| COUNT(id) |
|   2738048 |
1 row in set (17.95 sec)

I would like it to take significantly less time, even with memcached being in use it gets hit too often. I've added an index to the table - but I didn't expect that to help, and I wasn't disappointed.

Ho hum.

Maybe another case where flat-files are best. Sure counting them would take a while, but once I've counted them I can just `cat sum`.

This is probably a case where tweaking memory of MySQL would help. But I'm fairly certain if I start messing with that I'll get into trouble with other parts of my site.

ObFilm: The Evil Dead



Things are more moderner than before

21 September 2008 21:50

Every now and again the topic of SELinux arises locally.

I still believe it is:

  • Theoretically interesting.
  • Not ready for the prime time.
  • Not something I ever consider using.

I kept quiet when the Should SELinux be standard topic was recently raised. But I personally believe the answer should be emphatically "No".

Anyway, change of subject. The recent "What do you look like right now" meme. I looked like this a couple of days ago. Today I have no hair.

In other news my mail scanning service has now reached a new record. Over the last 30 days it has rejected/archived ovr three million SPAM messages.

Three million messages over a month averages out at about 100,000 messages a day. Sustained. Nice.

Finally I really owe Runa a new letter. I will write it today.

ObQuote: Bill & Ted's Excellent Adventure

| No comments


You like playing rough, huh?

29 September 2008 21:50

According to my small business advisor it is possible to advertise your company, service, or product on the internet.

Who knows what gem of advice they'll offer next?

In unrelated news all mail delivered to me personally in HTML-only format(s) will be dropped. I've given up being patient.

Finally OpenID - what a pain it is to implement! I've fought with it over the weekend, in amongst rewiring my lighting. Setting up a Perl script to authenticate to an OpenID server is just gnarly. (I now have motion-sensitive lighting in my bathroom, which my kitten loves, and radio controlled lighting in the bedroom. Lazyness is ..)

ObQuote: Resident Evil Extinction

| 1 comment