There are many resources on the Internet for correctly securing apache web sites with X.509 client certificate authentication. This isn’t one of them. What follows is a three step guide to the fastest, easiest method for setting up self-signed server and client certificates. You are advised not to run any of the commands below in a production environment, they are presented only as an aid for those who learn kinesthetically.
A good solution applied with vigor now is better than a perfect solution applied ten minutes later.
- General George Smith Patton III (source)
Read more…
In most cases, Ubuntu desktop systems will automatically detect and mount removable media, and this is largely done with software that is part of the X Windows system; for server systems without X Windows however, this sort of thing requires a bit of work.
Now some may ask, “Why automount removable media at all?” It is unwise to remove an active device, such as unplugging a USB drive without first unmounting it, and automounting may encourage this sort of recklessness. I don’t contend this, but if one runs a server using an external USB drive, there are two words which should spark an immediate interest in automatic mounts: power failure.
Read more…
Shortly after I last upgraded my mail server, one user reported that his mail client was failing to connect with the message:
"Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server..."
He was the only one known to be having this issue, so after a cursory check of the server with no obvious problems, I suggested that this might be an error on his end, such as connecting to the secure IMAP port without using SSL/TLS. Occam’s Razor suggests that a server error is more likely than a client error which just happens to coincide with a server upgrade, so I eventually decided to dig up some infrequently used commands and perform a thorough analysis. Read more…
Some time ago I enabled recipient delimiters (e.g. user+foo@host.tld) as a convenient way to know if shady web forms are 
contributing to my spam folder. The idea is that when House Depot requires me to have an account before I can see if they have loose screws in stock locally, I can sign up with garrison+housedepot@codefix.net instead of my usual e-mail. With recipient delimiters enabled, postfix will try to deliver any incoming mail to garrison+housedepot but when it finds no such user, it will try garrison and I get my mail. The problem arises when I discover that House Depot’s broken web form rejects any e-mail addresses with “+” in the user name as invalid. I’m already using garrison+foo style addresses elsewhere so I don’t want to change the recipient delimiter, but neither do I trust my real address to a company that can’t even create a proper web form. Read more…
S.A.R.E. Ninjas are the folks over at SpamAssassin Rules Emporium who act as sort of an arms dealer in the Spam War: they publish custom rules and plugins for SpamAssassin, the Open Source world’s powerful anti-spam software. This article is about an imminent software release that promises big trouble for spammers. Read more…
Dell didn’t ask but if they had I would have told them that Ubuntu Linux is a good choice. I have generally refrained from the usual histrionics whenever something Linux-ish makes the news, but I’d would like to voice a couple remarks regarding Dell’s Ubuntu announcement.
While I’m always happy to see Linux reaching a wider audience, Dell has been something of a fair weather friend to the open source crowd. Read more…
Earlier this month Debian 4.0 (codename ‘Etch’) was released; many web pages now sport instructions for upgrading, but not all of these are wholly correct and some aren’t even safe. Naturally the best source for all things Debian is the official Debian website, where one may find comprehensive upgrade notes, but quick and easy tends to be the order of the day. Read more…