Month: September 2008

Pulped Data is Secure Data

Published September 6, 2008

A week's worth of receipts in a Tupperware container after having been soaked in warm water and pulped with a stick blender.

I’ve had a small stack of scraps of paper on my desk for a little while now, each bearing rather important passwords. I’d intended to burn them, but that is a hassle with both my neighbors wondering why I’m burning things out front, finding a can to do it in, etc.

Wanting to clean up my desk a bit I decided to destroy the passwords in a different manner: soaking in a pint glass of water, then pulping with a stick blender.

This worked so well that I took the week’s worth of receipts which I’d just entered into Quicken, soaked them in a larger container of water, and pulped them as well. I thought about then experimenting with making some new paper from this pulp, but I don’t have any screening handy, nor do I need another project.

Leave a Comment

banstyle.nuxx.net: It’s Back

Published September 5, 2008

The display on the VGA output of my new server, banstyle.nuxx.net, after it went down hard at ~01:30 EDT on 05-Sep-2008.

My server, banstyle.nuxx.net is back. In case you didn’t see the LiveJournal post I made about the server being down, know that it went down about 01:30 EDT this morning and didn’t come back up over night. The symptoms were that the machine had an active link to the switch, but the arp cache was aging and the box was generally unreachable and unresponsive. Here’s a Cacti graph showing the outage.

At lunch I drove down to the colo facility, was escorted down to the room, and first noticed that the box was powered up, the network activity LED was blinking, but the disk controller LED was dark. Plugging in a monitor I saw that blinky colored bars overlaid on the normal console, looking like a hardware problem. Perhaps something with the video controller.

The box was rebooted, and as a precaution I went into the BIOS and disabled the bits which redirect video output (text mode only, of course) to the serial port, essentially allowing the whole box to be managed from a terminal. I figure that maybe, possibly, somehow this contributed. After that, I booted the OS back up, did an initial check to be sure everything was okay, started the backed up mail on the old box flushing, and left. Things were a bit slow at first while fsck ran in the background and the mail filtered through, but after that everything seemed good.

So, to be honest, I don’t really know what went wrong. The server is working well again, I guess I’ll just have to keep a close eye on for a while. This is particularly frustrating because it’d been working great for the last four months while I had it at home. If there are any more problems, please bear with me…

For reference, here’s the stuff in /var/log/messages showing that there was nothing between the events noted in last night’s post about SMTP-AUTH and the reboot this morning:

Sep 4 23:05:50 banstyle postfix/smtpd[91552]: sql_select option missing
Sep 4 23:05:50 banstyle postfix/smtpd[91552]: auxpropfunc error no mechanism available
Sep 5 11:57:31 banstyle syslogd: kernel boot file is /boot/kernel/kernel
Sep 5 11:57:31 banstyle kernel: Copyright (c) 1992-2008 The FreeBSD Project.
Sep 5 11:57:31 banstyle kernel: Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
Sep 5 11:57:31 banstyle kernel: The Regents of the University of California. All rights reserved.
Sep 5 11:57:31 banstyle kernel: FreeBSD is a registered trademark of The FreeBSD Foundation.
Sep 5 11:57:31 banstyle kernel: FreeBSD 7.0-RELEASE #2: Wed Aug 20 12:57:10 EDT 2008

Leave a Comment

SMTP-AUTH for Postfix via courier-authlib (authdaemond)

Published September 4, 2008

Getting SMTP authentication working with Postfix via authdaemond on FreeBSD 7.0 without occasional, useless errors in /var/log/messages has just caused me an hour of frustration. Therefore, I wish to document what I had to do to make it work right:

First off, Postfix (mail/postfix) and courier-authlib with MySQL support (security/courier-authlib with AUTH_MYSQL set in the config) must be installed. Setting up courier-authlib to talk to a MySQL db is beyond the scope of this document, but it basically involves setting the following lines:

/usr/local/etc/authlib/authdaemonrc:

authmodulelist="authmysql"

/usr/local/etc/authlib/authmysqlrc:

MYSQL_SERVER localhost
MYSQL_SOCKET /tmp/mysql.sock
MYSQL_PORT 0
MYSQL_OPT 0
MYSQL_USERNAME mail
MYSQL_PASSWORD [OBSCURED]
MYSQL_DATABASE mail
MYSQL_USER_TABLE mailbox
MYSQL_CRYPT_PWFIELD password
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD pobox
MYSQL_HOME_FIELD homedir
MYSQL_MAILDIR_FIELD CONCAT(homedir,'/',maildir,'/')
MYSQL_QUOTA_FIELD quota
MYSQL_NAME_FIELD name

After that is set, Postfix’s main.cf must have SASL enabled with smtpd_sasl_auth_enable = yes. Next, the following smtpd.conf must be placed in /usr/local/etc/sasl2:

/usr/local/etc/sasl2/smtpd.conf

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/authdaemond/socket

auxprop_plugin: mysql
sql_select: select password from users where email = '%u@%r'

Now, here’s the stupid part. See those last two lines, auxprop_plugin: mysql and sql_select: select...? They don’t do anything, and that SELECT statement won’t even return anything useful on my db. Without them there SMTP AUTH works great. However, if you don’t have those lines there, Postfix will regularly complain loudly with errors such as these:

Sep 4 21:30:02 banstyle postfix/smtpd[47677]: sql_select option missing
Sep 4 21:30:02 banstyle postfix/smtpd[47677]: auxpropfunc error no mechanism available

Please note that with authdaemond, CRAM-MD5 and DIGEST-MD5 authentication mechanisms won’t work. (These would normally be set with mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5.) If enabled they will appear available but won’t work.

One final thing… Want to know how to be sure that the server is notifying clients that it supports authentication? Just simply telnet to port 25 on your mail server and type in EHLO domain.com. The AUTH LOGIN PLAIN and AUTH=LOGIN PLAIN lines show you that plain-text authentication is now available:

c0nsumer@banstyle:~> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 banstyle.nuxx.net ESMTP Postfix
EHLO nuxx.net
250-banstyle.nuxx.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

2 Comments

nuxx.net Mail Move

Published September 3, 2008

Tonight I ran into a harsh realization that the setup I’d intended to use for mail administration, Postfix Admin, has no facilities for editing server-side filters. Therefore, I’m moving my old, highly modified vMail.Admin install over to the new server.

Tonight I got everything working and tested except for the web-based front end for Postfix’s database. That shouldn’t be too hard to get going, I just don’t feel like working on it any more tonight. After that is going I will be shutting down mail on the old box and moving it to the new one. During this time you may (read:will) experience problems having mail delivered, checking mail, the works.

Sorry.

Due to how email works nothing should be lost, it might just take a while to arrive. Just keep using secure.nuxx.net for pop3s / imaps or SquirrelMail and everything will work fine.

Leave a Comment

Sites Moved to banstyle.nuxx.net

Published September 3, 2008

As mentioned before, I am in the process of moving to a new colo provider while at the same time moving everything hosted on nuxx.net to the shiny new banstyle.nuxx.net.

As part of this I moved all websites to the new server. That means if I host your site, it’s now on the new box. Mail, nor any of the shiny tools used for checking logs and such have been moved; I hope to get to that later in the week.

If you have any problems, please don’t hesitate to contact me.

Oh, and I might be sticking ads on the sites of people for whom I host just simple galleries (aka nuxxfriends). This is to offset the cost of the server and colocation. Hopefully that’s not a problem.

Leave a Comment

Wheels Go ‘Round Again

Published September 1, 2008

The rear of my bike, with new a SRAM PG-850 cassette, SRAM PC-870 chain, and Shimano Deore RD-M531-L rear derailleur.

This afternoon I made a quick run to REI (yes, they were actually open) and was able to pick up a Shimano Deore RD-M531-L rear derailleur for the must-be-MSRP price of $54. This, along with a new SRAM PC-870 chain and an SRAM PG-850 cassette purchased as-new from someone on the MMBA forums got my bike working great again.

After getting everything together and set up I went for a short test ride around my neighborhood, which turned into a 15 mile loop up through River Bends Park to Ryan Road. In short, practically all of my shifting problems are gone. I still have to replace a bent front chainring, there’s still spoke noise, and I think I the bottom bracket may be making a rubbing sound, but none of that makes it difficult to ride.

Leave a Comment

My New Single Speed

Published September 1, 2008

The emergency single speed conversion done to get home. I ended up using the 22 and 13 tooth rings.

I’ve been thinking that it’d be nice to have a single speed bike to ride, but I didn’t want to acquire one this way.

Today I ate a very large breakfast then set out with the intention of riding to Lake Orion and back, then to Metro Beach and back, hoping to break 90 miles today. After riding just about four miles and getting to the intersection of 23 Mile and VanDyke, just when I was feeling warmed up, something felt odd when shifting. Looking down I saw that my rear derailleur was canted to the side with the chain coming off of the top jockey wheel. As soon as touched the assembly to try and reposition things the derailleur came off, as seen here.

I ended up doing an emergency single speed conversion by shortening the chain, tensioning it up as I could, then riding carefully home. I had to make a total of three adjustments to the chain, because I found that if I had the chain on anything but the smallest rings it would drop off and skip around.

Even after settling on the two smallest rings I had to be very careful because occasionally the chain would bounce a bit and climb up one gear, putting so much tension on the chain (and BB) that it was nearly impossible to pedal. When this happened I’d have to remove the rear wheel, re-seat the chain, then keep going again. This had to be done at least six times in the four miles home. Eventually I found that if I pedaled gingerly, never pedaled when going over bumps, didn’t apply much force when going uphill, and coasted as often as possible I was generally fine. I could

Now to figure out what to do… The Shimano SLX group is tempting, or maybe the SRAM X.9 stuff. One thing I know I won’t be doing for a while is riding my bike.

Leave a Comment

Chainstay Protector from a Tube

Published September 1, 2008

An old tube cut into a 1" strip and wrapped around the chainstay to quiet down chain slap.

I’ve been wanting a chainstay protector to cut down on the noise from chain slap^†, but I both didn’t want to pay for one. I also particularly don’t like how most aftermarket bike accessories come plastered with logos like this Lizard Skins-brand one. So, while waiting for my biking clothes to get through a late-night wash cycle I took an old tube, cut it into a 1″ strip, wrapped it around most of the chainstay on my bike, and cable tied it in place.

This idea was inspired by this photo of an On-One Inbred Summer Season 456 with what appears to use this same setup. I really like the minimal look of it.

To cut this piece of tube I stuck a piece of 1″ masking tape on an old tube, cut along both sides of the tape, squared the ends, then scrubbed off the non-stick powder from the tube with a sponge. It was wrapped so that what was the inside of the tube is facing out, making for a consistent gray look. I would have liked to wrap more of the chainstay, but with the rear derailleur cable running under the chainstay there wasn’t a lot of clearance. The area of the chainstay which had taken the most damage (and thusly chainslap) before is covered, so it should work well.

^† Chain slap is the clanking noise made when the chain bounces and hits the chainstay (or other parts) while going over bumps or drops. Not only does it make a loud clanking noise, the impact usually chips up the finish on the chainstay.

4 Comments