"In het verleden behaalde resultaten bieden geen garanties voor de toekomst"

Current filter: »Rant« (Click tag to remove it or click and/or to switch it.)

About this blog

These are the ramblings of Matthijs Kooijman, concerning the software he hacks on, hobbies he has and occasionally his personal life.

Most content on this site is licensed under the WTFPL, version 2 (details).

Sun Mon Tue Wed Thu Fri Sat
12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29          
Powered by Blosxom &Perl onion
(With plugins: config, extensionless, hide, tagging, Markdown, macros, breadcrumbs, calendar, directorybrowse, entries_index, feedback, flavourdir, include, interpolate_fancy, listplugins, menu, pagetype, preview, seemore, storynum, storytitle, writeback_recent, moreentries)
Valid XHTML 1.0 Strict & CSS
Adobe dropped 64 bit Linux support in Flash again

Only recently, Adobe has started to (finally) support 64 bit Linux with its Flash plugin. I could finally watch Youtube movies (and more importantly, do some Flash development work for Brevidius).

However, this month Adobe has announced that it drops support for 64 bit Linux again. Apparently they "are making significant architectural changes to the 64-bit Linux Flash Player and additional security enhancements" and they can't do that while keeping the old architecture around for stable releases, apparently.

This is particularly nasty, because the latest 10.0 version (which still has amd64 support) has a couple of dozens (!) of security vulnerabilities which are fixed in a 10.1 version only (which does not have Linux amd64 support anymore).

So Adobe is effectively encouraging people on amd64 Linux to either not use their product, or use a version with critical security flaws. Right.

0 comments -:- permalink -:- 09:51
And the saga continues....

As you might have read in my previous post, I have been vastly unimpressed by MSI's warranty department. Or actually, I have been actually been quite impressed by the amount of incompetence that they have managed to concentrate in that department. But, I digress.

A few weeks back, MSI managed to take weeks to not replace my hard drive. I have been complaining about this, and they offered that I sent them the faulty drive (again) so they could replace it. Yet they could not send me a new drive, before they had received the old drive, since "the system would not allow it". They would not, however, require me to send back my entire notebook again, as a courtesy. It's not like I could use it for anything but decoration without a hard drive (it does not support booting from an USB stick, I discovered after installing debian om my stick), but well.

See more ...

0 comments -:- permalink -:- 22:28
So much for MSI support....

I was going to write a nice piece about MSI support here, as soon as I got my notebook back from MSI. About their nice service (pick up and return with UPS!) even though they are a little slow-ish. About their nice battery warranty (minimal 80% of capacity after a year) and their flexibility in applying that warranty (I was a few days too late, technically) But, I've decided not too.

There are several reasons for this. First of all, my notebook HD broke in the first place. Not a nice thing to do, though I should probably blame WD for not making HD's that can sustain repeated writes resulting from hibernation in the same area of the disk.

It could also be because it took them nearly a week to respond to my service request when I complained about a bad HD (with complete smart status and error logs to back up my case). All I got back was a UPS label, but I reckoned it took them a while to fully read through my case and decide what to do with it. As it turns out now, it seems they didn't even read it and just needed 6 days to send me a UPS label.

See more ...

1 comment -:- permalink -:- 19:57
Nested groups and win2000 native mode

Have been fighting with our windows server 2003 domain controller and the various samba/winbind connected FreeBSD servers all day. My objectives were twofold: Properly configuring SFU and getting nested groups to work on our BSD machines.

The first proved relatively easy. Some PHP code that used the LDAP libraries to mess around in the AD directly gave all our users and groups their uids and gids. Works now. Next up was getting nested groups to work to centralize our access management some more.

The current setup is as follows: We have a group "WWW", which is the webcommittee. They should always be able to login to our webserver. Also the group "Beheer" should be able to login, they are our system administrators. Finally, we have the group "Webmasters", which are the webmasters from a few other comittees. Currently, there is a rule that allows these three groups to login. Ideally there should be one group "WebUsers" that is allowed to login and contains these three groups.

Looking around brings me to the "winbind nested groups" feature of samba/winbind. This seems like exactly what we need, but eventually this seems to be meant for samba running as DC only, which is not our case (we have a 2k3 DC). Also, looking through the source, this directive seems to have no function at all anymore...

Anyway, winbind should unwrap nested groups all by itself, people told me. So, my current setup should work. Well, surprise, it doesn't :-). Looking around some more makes me suspect putting our domain controller in "windows 2000 native mode" might help. Currently, our 2k3 server is running in "windows 2000 mixed mode", which is the default. This allows NT4 domain controllers to participate in the domain, so shouldn't really be needed for our setup. So, let's upgrade, right?

Well, not so fast... The "upgrade" button is surrounded with red markers and warnings, since the change is not reversible. Upgrading should not affect the DC itself much, nor any of the clients. We don't have any NT4 machines in our domain, so there should be no problem. Also, our samba servers should be able to talk in windows2000+ protocols, so probably no problem there. The thing is, if it breaks, there is no way back. And since it is at the end of my weekend and people need their systems tomorrow and I need my time (haven't actually gotten to doing anything since I've been struggling with samba since yesterday). So, next opportunity I get, 2000 mixed mode dies. Now, let's settle for not-so-centralized management and get our webserver logins back up.

Update: See this post for more info on the cause of the winbind problem.

1 comment -:- permalink -:- 22:23
Sendmail Horrors

As sysadmin of Inter-Actief, I have been working with our FreeBSD 6.0 webserver. After a bunch of permission and stability problems, everything seemed to be ok. We thought...

Now, somebody started complaining that the mails he had sent through this nice Joomla webinterface didn't arrive for half a day. We had some earlier problems, but that seemed to be just some incidental DNS failure. This time, about a dozen mails were stuk in our queue, due toe DNS failure. Since DNS was operating fine, something else was wrong

Diving into the wonderful world of sendmail (brr...) I found almost no useful documentation. After I while I found the "mailq" program that lists the queue. After disabling some security option somewhere, half the mails managed to get delivered: The most important half, which were in the "client mail queue". The mails in the "main mail queue" were still undelivered. What the hel is the difference anyway?

After venturing that enabling sendmail listening on our internet connection might solve stuff, there was the issue of trying that. Enabling the sendmailport and restarting sendmail didn't seem to fix it. Now, did it not work. But, didn't it work, or did sendmail just not get around to trying it again? If I could just force sendmail to retry everything, then I'd know for sure.

Right, after plowing down some configuration files, handbooks and manpages, the "sendmail -q" command seemed to do the trick. I think. Still no succes anyway... By the way, I was looking at the sendmail config files (I had to spend 10 minutes looking around in files and browsing the internet before I found the actual config file) and encountered the following marvelous snippet:

R<$+> <$*> <$- $-> <$*>         $: <$(access $4:$1 $: ? $)> <$1> <$2> <$3 $4> <$5>
R<?> <$+> <$*> <+ $-> <$*>      $: <$(access $1 $: ? $)> <$1> <$2> <+ $3> <$4>
R<?> <$+ + $* @> <$*> <$- $-> <$*>
                        $: <$(access $5:$1+*@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R<?> <$+ + $* @> <$*> <+ $-> <$*>
                        $: <$(access $1+*@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R<?> <$+ + $* @> <$*> <$- $-> <$*>
                        $: <$(access $5:$1@ $: ? $)> <$1+$2@> <$3> <$4 $5> <$6>
R<?> <$+ + $* @> <$*> <+ $-> <$*>
                        $: <$(access $1@ $: ? $)> <$1+$2@> <$3> <+ $4> <$5>
R<?> <$+> <$*> <$- $-> <$*>     $@ <$2> <$5>
R<$+ <TMPF>> <$*> <$- $-> <$*>  $@ <<TMPF>> <$5>
R<$+> <$*> <$- $-> <$*>         $@ <$1> <$5>

I am not sure what it is supposed to do, but I think this is supposed to the assembly form of brainfuck, that gets compiled to the actual sendmail program. Or something. Anyway, yikes! Oh and in case you were wondering, your layout is wrong, I did not add any spaces here, this is just how the configuration file looks....

0 comments -:- permalink -:- 03:21
Copyright by Matthijs Kooijman