Archive for the 'website' Category

Long overdue, I finally enabled TLS on this blog. It went almost like a breeze.

I used simp_le to get the certificate from Let's Encrypt, along Mozilla's Web Server Configuration generator. SSL Labs now reports a rating of A+.

I just had a few issues:

• I had some hard-coded http:// links in my wordpress theme, that needed changes,
• Since my wordpress instance is reverse-proxied and the real server not behind HTTPS, I had to adjust the wordpress configuration so that it doesn't do an infinite redirect loop,
• Nginx's config for multiple virtualhosts needs SSL configuration to be repeated. Fortunately, one can use include statements,
• Contrary to the suggested configuration, setting ssl_session_tickets off; makes browsers unhappy (at least, it made my Firefox unhappy, with a SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET error message).

I'm glad that there are tools helping to get a proper configuration of SSL. It is sad, though, that the defaults are not better and that we still need to tweak at all. Setting where the certificate and the private key files are should, in 2016, be the only thing to do to have a secure web server.

Three weeks ago, I slightly modified the comment system on this blog for an experiment. This blog is a standard wordpress installation. Comments are normally directed to the wp-comments-post.php script by the HTML form. What I did is:

• Create a comments-post.php wrapper script that just includes wp-comments-post.php (this allows things to still work properly after wordpress upgrades),
• Make the HTML form direct to a comments-post.php script,
• Add a usedForm=1 parameter to the HTML form action, such that comments-post.php is supposed to always be called with it,
• Add a simple javascript that adds a hasJS=1 parameter to the HTML form action when the page is loaded, and a Submit=1 parameter when the form is submitted.

During the past three weeks, on this blog, there were 7170 comments, 8 of which were actual comments. 7162 were spam (~99.9%).

• 3165 spams (~44.1%) were sent to the original WordPress comment handler (wp-comments-post.php) from 1589 unique IP addresses.
• 0 spam were sent to the new comment handler without a query string (comments-post.php), but 1 was sent with an empty query string (comments-post.php?).
• 18 spams were sent to the new comment handler with a lowercased query string (comments-post.php?usedform=1) from 6 unique IP addresses.
• 3971 spams (~55.4%) were sent to the new comment handler with the form query string (comments-post.php?usedForm=1) from 1153 unique IP addresses.
• 7 spams (~0.1%) were sent to the new comment handler with the full query string, including what is added through javascript (comments-post.php?usedForm=1&hasJS=1&Submit=1) from 5 unique IP addresses.

This means a large portion of spammers didn't care about actually checking the comment forms and used the standard wordpress url, and another large portion don't run javascript on their bots, although a very few do.

For 10 days now, I've had ADSL problems. Basically, there is something fishy somewhere between my end and the DSLAM. That can be anything, and for the moment, all I can do is wait for either my ADSL provider or France Telecom, whichever is responsible for the problem, to fix this. Anyways, my network connectivity is sometimes working (though quite slowly, especially on uploads), but more often not, with sometimes connectivity for a few seconds (enough to download small files or pop mail).

The glandium.org server being behind this ADSL line, it means that you're probably not able to see this post. Or maybe a feed-reader/planet/whatever got it while the line was somehow working. Note I've been able to setup another MX server, so that mail sent to my domain go somewhere I can fetch them. Don't worry about sending me messages, they will reach me. Just that it may take time for me to be able to see and/or answer them.

Anyways, the main downside is that it makes it harder to handle the upcoming xulrunner transition.

On the other hand, the upside is that I finally could take some time to work on ext3rminator again, basically rewriting the code from scratch for reasons I'll explain when it will be ready for a release. It's good to see that some new APIs in libext2fs, added since 2002~2003, when I first wrote ext3rminator, make some of the work easier. It's still sad there is nothing to handle reading the journal. Not that it's difficult (though not documented much), but that would downsize my code some more ;).

Update: It seems to be back to normal.

Well, it's been a few days, already, but I'm back from vacation, and the website too. It happened that for some reason the ADSL connection decided to die a few days only after my departure, leaving the site unavailable for 3 weeks.

"12 years old harddisk" - I don't own any that old.
"dead browsers" - I see them.
"dm-crypt luks header size partition block device" - 1032 blocks for 128bit keys and 2056 for 256bit ones.
"ebtables vmware server" - I'd like it too.
"fact on what horse represents" - We definitely have a recurring theme.
"hobbit debian install" - I didn't know Debian was popular in the Shire.
"i agree with you blog" - I don't
"perverts" - Where ?
"what kind of files are needed to installed properly a psp7 plugin" - damn, how did you end up here ?
"what version of debian 4 do we use" - hum... 4 ?

"adding the iceweasel branding to firefox windows" - coming soon
"asa dotzler sucks" - Blake Ross again ?
"booh debian" - apt-get moo
"ca passe" - ou ça casse
"dumb ass 2" - the return
"fix fucked up partition table" - you should try parted
"good variables to test" - foo ? bar ?
"hate soccer" - me too
"i could not agree less" - can't say disagree ?
"plus c'est gros mieux ça passe" - this also applies to what Sarkozy says
"shaking laptop while in use" - not convenient to type
"us consumer protection versus firefox" - Stella award in progress ?

"google keywords" - being the top search !
"ca passe" - ça passe pas
"i've got married" - congratulations
"blitzer blog" - not here
"how to gzip vmdk files without powering off vm" - wow, that's courageous
"cat and mice codes" - is it related to spaghetti code ?
"php script rm *.*" - what are you expecting to do ?
"should i use ubuntu or debian" - debian !
"why sucks is not scientifically correct" - yes, why ?
"drop laptop crash" - try and tell me what happens
"ext3rminator" - work in progress

I think I'm going to make a tradition of this google keywords list that I reinitiated last month. Anyways, here's the list for February 2007:

"google keywords" - waw, already on the first page for this
"i am a dumb ass" - me too
"blackout in europe" - that happened
"firefox 2 debian package" - you're looking for iceweasel
"mozilla firefox japanese symbols" - it's called characters, not symbols
"rebrand firefox as iceweasel" - not even done yet :(
"debian iceweasel replaces firefox" - surprised ?
"fucked up resizing partition" - welcome to the club
"hobbit debian" - I'm not a hobbit !
"how can i change firefox to iceweasel on kubuntu" - waw, I'm impressed
"web 2.0 vs. web 1.0" - not here
"bugzilla bts (hate or sucks)" - bts sucks less
"cmd to download firefox on ubuntu" - apt-get install ?
"i need firefox with debian" - not happening
"what is a esx flat file" - basically, a raw disk image
"linux ext3 noload option" - does not work as expected
"fact about a horse" - persistant...

I've done this exercise a long time ago, but I think last time was before the first post with WordPress. So here it is: my improbable (or not) best of search engines keywords for january (provided by webalizer).

"新年おめでとう" - 明けまして !
"debian fundamentalism" - where ?
"asa dotzler troll" - did Blake Ross post here ?
"could have agree with you anymore" - all your opinion are belong to you
"do i need firefox if i have iceweasel" - firewhat ?
"your name in firefox 2" - I know
"lifelike androids" - paranoid ones are better
"dumb ass" - still ?
"blitzer blog" - wrong address
"a lot of horse facts" - i don't know what to say
"damage harddisk instantly" - drop your laptop from the 10th floor
"iceape vs iceweasel" - none of the above
"do you like the american accent" - no
"facts about the horse" - what is it with the horse ?
"feliz año nuevo happy new year 明けましておめでとう" - Bonne année !
"free mozilla firefox" - as in beer ?
"icebrowser community edition" - nice one
"normal life" - what is it ?
"shake laptop crash hard drive" - shake it the other way
"trademark versus copyright", "trademark vs copyright", "trademark vs copyright vs gpl", "trademark vs reserved", "trademarked and copyrighted logo", "registered trade mark vs copyright" - ask mozilla, they are knowledgeable
"what should stop working" - you
"what is a patent" - something I hate (I'll tell you stories about that soonish)
"why does debian call firefox iceweasel", "why does debian name firefox iceweasel", "why iceweasel debian instead firefox" - because we can't call/name it firefox
"will flashplayer work with iceweasel" - why not ?

Joey, I can tell you such people exist (people whose power was cut in order to limit the impact), because I am one of them. No power for something like 45 minutes in all the neighbourhood at least, for what I know, and press reported 5 millions people without electricity for France alone. ADSL came back some 30 minutes after electricity, so everything was back to normal by 23:30 GMT+1. We also had a 'micro-blackout' earlier the same day, a bit before mid day, if I recall correctly, which made the external hard drive connected to my server be stuck during an I/O. Fortunately, powering it off and on solved the problem, and the filesystem is okay. The server itself being an old laptop, it didn't lose its uptime, but without network, it was quite useless...