Quiet for you, the reader, at least. My schedule is irregular because of work over the next few days – including the weekend – so regular posting may not resume until next week. Sorry!
Argh, https
For some reason, OpenSSL-using command line clients – but not any browsers – are choking on the RSS feed for this site when fetched via https. So, the site no longer defaults to https. It’s still available if you want to use it, and I’ll work on fixing the setup.
The way to see it is:
openssl s_client -connect www.dragonflydigest.com:443
You will notice an error in the output like this:
672060044:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:184:
There’s lots of references to errors like this out there – many different, some for bugs long fixed. I daresay it’s a configuration screwup I haven’t figured out yet; I’ve noticed that adding -tls1 or -no_tls1 or -ssl2 or -ssl3 to the above command makes the problem go away.
RSS feed issues
Since the switch to https here, the RSS feed has been having trouble, as several people reported. I haven’t had time to look into it much so far. Though I suppose it’s only likely that you are reading this if you are unaffected by it.
https, here
I had a reminder in my calendar to do it tonight, and thanks to your suggestions, I have a ‘real’ SSL certificate installed. If you want to browse the Digest using https, go for it.
Certificate opinions
I need to get a legit certificate for this domain. I’ve never done serious https cert shopping – who has, and what’s your opinion of the vendors? (“Not Network Solutions” I can already guess).
A domain name change
The Digest is now located at dragonflydigest.com (or dragonflybsddigest.com if you are really into typing). Everything else should be generally the same, and old links still work. I’m only 8 or 9 years late in getting a real domain name attached…
What new server should I buy?
The server that hosts shiningsilence.com is getting old, and it’s time for me to go to 64-bit DragonFly. It’s audience opinion time: what have you purchased lately, and liked? What would you suggest?
Oops, had some cleanup to do
I ended up with this server rebooting as we were affected by Time Warner’s giant outage. In the process of rebooting, I found I must have done an upgrade and forgotten to reboot to make sure everything still worked, as mod_php had disappeared and mysql decided it didn’t want to work. Things appear to be OK now…
Missing Twitter posts
The plugin I use for posting to Twitter managed to silently stop working after a recent WordPress upgrade. It’s fixed now. Thanks to alert reader TJ for telling me. If you are picking up articles here through Twitter, you have some backlog waiting for you.
IPv6 enabled for shiningsilence.com
This site, shiningsilence.com, is now available on IPv6. Thanks to Markus Müller for getting me to actually complete the process.
Short outage, sorry
I knocked my own server out of commission today – sorry! I thought it was because I was experimenting with an IPv6 tunnel – but no. It appears to be a long-running Minecraft server. Once that was gone, it all got better.
Wanted: a Mailman patch
One of the most-requested items for the DragonFly mailing list archives is reverse sorting by date. Mailman, which is what’s being used now for archiving, doesn’t have a ‘native’ way to do that. Has anyone seen a trick/patch to get that to happen? I already patch Mailman to get the message date to show in listings.
Server issues
shiningsilence.com suffered a disk failure early this morning. I’ll take the opportunity to set up a new machine, given that my local backup drive hasn’t been mounted and my remote backup went offline, in a horrible coincidence.
The disk is up and limping, which is why you can read this, but I’m still rebuilding. What motherboard/CPU/RAID/etc. parts do people recommend?
Switching to dports software
I changed shiningsilence.com over from pkgsrc to dports over the last 48 hours or so. Here’s how it went, in a series of bullet points:
- I had to download dports source and build the pkg tool by hand; since this system was upgraded from DragonFly 3.2 to DragonFly 3.4, pkg wasn’t automatically present as it would be for a new installation.
- I took the output of ‘pkg_info’ and culled it down to the applications I knew I used, and that formed my ‘to-install’ list for dports. That worked in a very straightforward way.
- It took so long mostly because of two things: I was also dealing with an email problem at my workplace, which usually took precedence. Also, I had several applications that I had previously installed by hand and needed to reconfigure to work as a dports item.
- Installing from binaries is really fast! Really, the dports part of this was possibly the most brief.
- The only thing I needed to compile from source was php, in order to get the Apache plugin. I’m sort of surprised the option isn’t on by default.
- Using ‘pkg search packagename’ is a good idea, because ‘pkg install’ can pick up multiple versions of a package. e.g. ‘pkg install mysql-server’ selects mysql-server51, mysql-server55, and mysql-server56. You probably don’t want to install all three. Or even one, depending on your opinions.
- Overall, it went more easily than I had expected, given it only had half of my attention.
Pardon my dust
I’m switching this server from pkgsrc to dports. No post while I fight with old, stale configs and etc.
a pf question on VoIP
I have a pf question for anyone who is interested. I have this setup in my /etc/pf.conf, to prioritize my VoIP link. (this system also does NAT.)
extif="em0" intif="nfe0" ipphone = "192.168.0.101"
altq on $extif cbq bandwidth 768Kb queue { std, voip }
queue voip bandwidth 168Kb priority 7 cbq(borrow)
queue std bandwidth 600Kb priority 1 cbq(default)
nat on $extif from $intif:network to any -> ($extif)
pass in quick on $intif proto udp from $ipphone to any tag VOIP_OUT keep state
pass in on $intif from $intif:network to any keep state
pass out on $intif from any to $intif:network keep state
pass out on $extif tagged VOIP_OUT keep state queue(voip)
pass out on $extif inet proto tcp all modulate state flags S/SA queue(std)
pass out on $extif inet proto { udp, icmp, gre } all keep state
When I run this, ‘pfctl -s queue’ shows most of the data getting run through the ‘voip’ queue. I unplug the ATA, I still see the number of packets going up. It seems packets are getting tagged that shouldn’t be, but I’m not sure why. Anyone else have a similar – but working – setup?
Update: it was the underscore character in the tag. Everything matched it, it seems. Removing that made it work as expected.
Connectivity issues for shiningsilence.com
I have reports from some people not being able to connect to the Digest, and others who can. If you can’t, please mail me a traceroute. I thought it was from me messing with pf, but perhaps not…
A favor with xorgs and DPorts
If you have a DragonFly 3.3 system with DPorts, can you install xorg, then ssh -Y from another machine to there, and see if you can remotely run an X program like xterm with local display? I’ve done this twice on two different machines with DPorts and it won’t work. xorg won’t write the security info to ~/.Xauthority, with ssh or xhost or whatever. It’s driving me crazy.
(Yeah, slow news day.)
Merry Christmas
Hope your presents are interesting this year…
Outage fixed
The Digest was down over the last 12 hours or so – sorry! Upgrading this system took a bit longer than planned. I upgraded to Apache 2.4, and had to figure out all the config changes, and several packages didn’t like upgrading.
I’ve resisted upgrading for a long time, mostly because I think I could recreate the entire Apache 1.3 config file layout from memory. For the benefit of anyone else, this checklist of Apache errors and corresponding modules helped tremendously. Also, pkg_leaves is a great, if minimal, way to find packages you don’t need.