Zugschlusbeobachtungen

After asking for useable CA Software, I have finally settled on using EasyRSA. This is what I did to come across the packaging shortcomings of EasyRSA in Debian.

Mailing lists of big and successful open source projects are these days flooded with clueless requests from newbies which obviously have not spent a second getting acquainted with the tool or with the basics of the underlying protocols. I'm going to publish some of the "best" of these messages in irregular intervals her, tagges with "best-of-mailing-list".

All articles tagged appropriately can be seen as blog entries. There is also an RSS feed.

Description: SMTP command-line test tool
 swaks (Swiss Army Knife SMTP) is a command-line tool written in Perl
 for testing SMTP setups; it supports STARTTLS and SMTP AUTH (PLAIN,
 LOGIN, CRAM-MD5, SPA, and DIGEST-MD5). swaks allows to stop the SMTP
 dialog at any stage, e.g to check RCPT TO: without actually sending a
 mail.
 .
 If you are spending too much time iterating "telnet foo.example 25"
 swaks is for you.

A very important tool which makes debugging e-mail a breeze. A must for every mail admin.

Dear Lazyweb, in late 2001, I bought a shiny new computer to replace my VHS VCR and to finally help me in getting my last 200 hours worth of music form analog audio tapes into the digital domain. I have to admit that I have failed to do this.

While the TV ambitions were originally spoiled with the rotten Windows TV software that came with the Hauppauge PVR PCI card, audio with windows used to work rather decently. Until I decided to ditch Windows and to use Linux. Which looks like a mistake. Not even the audio stuff works any more.

I have bought a new TV card and a new sound card, but all I currently get (with the old sound card, btw) are audio recordings that sound way too fast.

For nearly two years, I have been pondering about a good and failure-resilient DNS setup to implement for my own domains. In the last days, I have set the first prototype into use.

No, I haven't dared to touch zugschlus.de, my most important domain, yet. This is planned for the weekend. So, if you experience difficulties in accessing any of my Internet services, please inform me and allow me to fix the issue.

I recently had an issue where a remote host would frequently run out of memory after a number of processes had been invoked from remote. I looked in the wrong direction first, but finally found out that each process invocation leaves two sshd processes hanging around, which are eventually exhausting the memory on the box.

Next step was finding out what happened for the sshd processes not to properly terminate. Eventually, I remembered that the incoming ssh connections were not invoked directly, but via a third host with "proxycommand ssh other-host socket %h %p". Looking on other-host quickly showed a number of socket processes being around, and killing them made the sshds on the low-memory host vanish as well.

Short-term remedy was therefore to set ClientAliveInterval in the low-memory host's sshd configuration.

I then searched for reasons why ClientAliveInterval is not set by default at least in Debian's sshd configuration. I didn't find a reason and proceeded to file a wishlist bug request againnst openesh-server for this option to be set by default.

Before filing this bug, I routinely visited the BTS, just to find out that the bug was already filed. By me. One year and 285 days ago. And that the openssh maintainer(s) didn't even bother to reply to it yet.

Guys, _this_ is a textbook example how to discourage people from filing Bugs against your packages. Please, give them at least the appreciation of a short ACK if you don't get around to fixing the bugs in reasonably short time. Having a bug rot away uncommented and unfixed in the BTS for two years is simpy not acceptable. Yes, that goes even for a wishlist bug.

Dec 29 11:23:51 scyw00225 kernel: Critical temperature reached (4822 C), shutting down.

Right after your system has shut down while booting up in the early morning.

Dear Lazyweb, dear Santa Claus,

One thing I wish for exim is a patch for Exim Bugzilla Issue #66, which will incidentally fix Debian Bug #244724, which has become a recurring issue in various complex ISP configuration schemes.

A patch solving this would add an option to an SMTP transport which allows the transport to set the authentication credentials instead of the authenticator. The transport still knows the host name given to it and can look up the right authentication credentials, while the authenticator only knows the IP address that we are connected to and thus needs to rely on reverse DNS information to look up the credentials. Which leads to numerous kinds of confusion regarding CNAMEs and broken reverse DNS on the ISP side.

So, please dear Santa, give me a patch for that. It shouldn't be too hard to do.

Yesterday, Philip Hazel released exim 4.64. I have just uploaded the packages to Debian experimental. If you want to try the lastest and finest exim, please check out the packages.

Unfortunately, the release is too late for etch. Debian etch will release with exim 4.63. I mean, unless the release team decides to bend their rules very badly, which I really do not assume.

If I continue leaving channels at this rate, I'll have an empty IRC client by christmas.

I somehow still consider this a bug, since IRC is the anchor for most of my social contacts.

But I surely won't be missing #debian, and #debian is not going to miss me.

Andreas, I am not a nice guy. I am only lazy. If the change to exim4 (it now displays a debconf note to everybody who tries do dpkg-reconfigure exim4, -base or a daemon package telling them to dpkg-reconfigure exim4-config) saves #debian from answering the question "how do I reconfigure exim4, dpkg-reconfigure exim4 does nothing!" twice a day, it is a good change.

I basically agree with you that people who not read the minimum basics of documentation are a nuisance, but they're unfortunately real. You need to hurl the docs into their faces. And even then they're going to ignore them and google for answers instead. And on google, they're going to find wrong or outdated docs.

... have a mandatory policy about how Planet pictures have to look like? Or officially allow some individual touch?

And, btw, it is horrendously impolite to rant about people on IRC while the people ranted about are present. Sheesh!

While evaluating Gallery, I noticed that my test web server generates wrong links inside the web application. After getting some help on the Gallery Forum, I was told that this was because my setup was miscreating REQUEST_URI to contain the entire URI, consisting of scheme, host name and path, while Gallery expects that variable to be only the path portion of the URI.

If you are putting an URL containing brackets in the section title of an .ini-like formatted file, you'd better use percent notation for the brackets in the URL.

Sorry for yesterday's Planet flood. I hope it will be less painful this time.

Packages that need to change their init script execution order during an update have a problem: sysv-rc's and file-rc's abstraction layer (which is access through update-rc.d and invoke-rc.d) doesn't offer read access. Hence, it is impossible to see whether the execution order has been locally modified without interfering with the internal mechanisms of the appropriate package.