The World of SommitRealWeird.https://www.sommitrealweird.co.uk/blog/2018-06-07T14:04:22+01:00Brett ParkeriDunno@sommitrealweird.co.ukUpdates on The World of SommitRealWeird.The Psion Gemini
2018-06-07T14:04:22+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2018/06/07/psion-gemini/
<p>So, I backed the Gemini and received my shiny new device just a few months after they said that it'd ship, not bad for an indiegogo project! Out of the box, I flashed it, using the non-approved linux flashing tool at that time, and failed to backup the parts that, err, I really didn't want blatted... So within hours I had a new phone that I, err, couldn't make calls on, which was marginally annoying. And the tech preview of Debian wasn't really worth it, as it was fairly much unusable (which was marginally upsetting, but hey) - after a few more hours / days of playing around I got the IMEI number back in to the Gemini and put back on the stock android image. I didn't at this point have working bluetooth or wifi, which was a bit of a pain too, turns out the mac addresses for those are also stored in the nvram (doh!), that's now mostly working through a bit of collaboration with another Gemini owner, my Gemini currently uses the mac addresses from his device... which I'll need to fix in the next month or so, else we'll have a mac address collision, probably.</p>
<p>Overall, it's not a bad machine, the keyboard isn't quite as good as I was hoping for, the phone functionality is not bad once you're on a call, but not great until you're on a call, and I certainly wouldn't use it to replace the Samsung Galaxy S7 Edge that I currently use as my full time phone. It is however <em>really</em> rather useful as a sysadmin tool when you don't want to be lugging a full laptop around with you, the keyboard is better than using the on screen keyboard on the phone, the ssh client is "good enough" to get to what I need, and the terminal font isn't bad. I look forward to seeing where it goes, I'm happy to have been an early backer, as I don't think I'd pay the current retail price for one.</p>
Using the Mythic Beasts IPv4 -> IPv6 Proxy for Websites on a v6 only Pi and getting the right REMOTE_ADDR
2017-03-01T18:35:16+00:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2017/03/01/using-mythic-beasts-ipv4-ipv6-proxy-websites-v6-on/
<p>So, more because I was intrigued than anything else, I've got a pi3 from <a class="reference external" href="https://www.mythic-beasts.com/">Mythic Beasts</a>, they're supplied with IPv6 only connectivity and the file storage is NFS over a private v4 network. The proxy will happily redirect requests to either http or https to the Pi, but this results (without turning on the Proxy Protocol) with getting remote addresses in your logs of the proxy servers, which is not entirely useful.</p>
<p>I've cheated a bit, because the turning on of ProxyProtocol for the hostedpi.com addresses is currently not exposed to customers (it's on the list!), to do it without access to Mythic's backends use your own domainname (I've also got <a class="reference external" href="https://pi3.sommitrealweird.co.uk/">https://pi3.sommitrealweird.co.uk/</a> mapped to this Pi).</p>
<p>So, first step first, we <a class="reference external" href="https://www.mythic-beasts.com/order/rpi">get our RPi</a> and we make sure that we can login to it via ssh (I'm nearly always on a v6 connection anyways, so this was a simple case of sshing to the v6 address of the Pi). I then installed haproxy and apache2 on the Pi and went about configuring them, with apache2 I changed it to listen to localhost only and on ports 8080 and 4443, I hadn't at this point enabled the ssl module so, really, the change for 4443 didn't kick in. Here's my <tt class="docutils literal">/etc/apache2/ports.conf</tt> file:</p>
<pre class="literal-block">
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen [::1]:8080
<IfModule ssl_module>
Listen [::1]:4443
</IfModule>
<IfModule mod_gnutls.c>
Listen [::1]:4443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</pre>
<p>I then edited <tt class="docutils literal"><span class="pre">/etc/apache2/sites-available/000-default.conf</span></tt> to change the VirtualHost line to [::1]:8080.</p>
<p>So, with that in place, now we deploy haproxy infront of it, the basic <tt class="docutils literal">/etc/haproxy/haproxy.cfg</tt> config is:</p>
<pre class="literal-block">
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend any_http
option httplog
option forwardfor
acl is_from_proxy src 2a00:1098:0:82:1000:3b:1:1 2a00:1098:0:80:1000:3b:1:1
tcp-request connection expect-proxy layer4 if is_from_proxy
bind :::80
default_backend any_http
backend any_http
server apache2 ::1:8080
</pre>
<p>Obviously after that you then do:</p>
<pre class="literal-block">
systemctl restart apache2
systemctl restart haproxy
</pre>
<p>Now you have a proxy protocol'd setup from the proxy servers, and you can still talk directly to the Pi over ipv6, you're not yet logging the right remote ips, but we're a step closer. Next enable mod_remoteip in apache2:</p>
<pre class="literal-block">
a2enmod remoteip
</pre>
<p>And add a file, <tt class="docutils literal"><span class="pre">/etc/apache2/conf-available/remoteip-logformats.conf</span></tt> containing:</p>
<pre class="literal-block">
LogFormat "%v:%p %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" remoteip_vhost_combined
</pre>
<p>And edit the <tt class="docutils literal"><span class="pre">/etc/apache2/sites-available/000-default.conf</span></tt> to change the <tt class="docutils literal">CustomLog</tt> line to use <tt class="docutils literal">remoteip_vhost_combined</tt> rather than <tt class="docutils literal">combined</tt> as the <tt class="docutils literal">LogFormat</tt> and add the relevant RemoteIP settings:</p>
<pre class="literal-block">
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy ::1
CustomLog ${APACHE_LOG_DIR}/access.log remoteip_vhost_combined
</pre>
<p>Now, enable the config and restart apache2:</p>
<pre class="literal-block">
a2enconf remoteip-logformats
systemctl restart apache2
</pre>
<p>Now you'll get the right remote ip in the logs (cool, huh!), and, better still, the environment that gets pushed through to cgi scripts/php/whatever is now also correct.</p>
<p>So, you can now happily visit <tt class="docutils literal"><span class="pre">http://www.<your-pi-name>.hostedpi.com/</span></tt>, e.g. <a class="reference external" href="http://www.srwpi.hostedpi.com/">http://www.srwpi.hostedpi.com/</a>.</p>
<p>Next up, you'll want something like dehydrated - I grabbed the packaged version from debian's jessie-backports repository - so that you can make yourself some nice shiny SSL certificates (why wouldn't you, after all!), once you've got dehydrated installed, you'll probably want to tweak it a bit, I have some magic extra files that I use, I also suggest getting the dehydrated-apache2 package, which just makes it all much easier too.</p>
<p><tt class="docutils literal">/etc/dehydrated/conf.d/mail.sh</tt>:</p>
<pre class="literal-block">
CONTACT_EMAIL="my@email.address"
</pre>
<p><tt class="docutils literal">/etc/dehydrated/conf.d/domainconfig.sh</tt>:</p>
<pre class="literal-block">
DOMAINS_D="/etc/dehydrated/domains.d"
</pre>
<p><tt class="docutils literal">/etc/dehydrated/domains.d/srwpi.hostedpi.com</tt>:</p>
<pre class="literal-block">
HOOK="/etc/dehydrated/hooks/srwpi"
</pre>
<p><tt class="docutils literal">/etc/dehydrated/hooks/srwpi</tt>:</p>
<pre class="literal-block">
#!/bin/sh
action="$1"
domain="$2"
case $action in
deploy_cert)
privkey="$3"
cert="$4"
fullchain="$5"
chain="$6"
cat "$privkey" "$fullchain" > /etc/ssl/private/srwpi.pem
chmod 640 /etc/ssl/private/srwpi.pem
;;
*)
;;
esac
</pre>
<p><tt class="docutils literal">/etc/dehydrated/hooks/srwpi</tt> has the execute bit set (<tt class="docutils literal">chmod +x /etc/dehydrated/hooks/srwpi</tt>), and is really only there so that the certificate can be used easily in haproxy.</p>
<p>And finally the file <tt class="docutils literal">/etc/dehydrated/domains.txt</tt>:</p>
<pre class="literal-block">
www.srwpi.hostedpi.com srwpi.hostedpi.com
</pre>
<p>Obviously, use your own pi name in there, or better yet, one of your own domain names that you've mapped to the proxies.</p>
<p>Run <tt class="docutils literal">dehydrated</tt> in cron mode (it's noisy, but meh...):</p>
<pre class="literal-block">
dehydrated -c
</pre>
<p>That s then generated you some shiny certificates (hopefully). For now, I'll just tell you how to do it through the <tt class="docutils literal"><span class="pre">/etc/apache2/sites-available/default-ssl.conf</span></tt> file, just edit that file and change the <tt class="docutils literal">SSLCertificateFile</tt> and <tt class="docutils literal">SSLCertificateKeyFile</tt> to point to <tt class="docutils literal">/var/lib/dehydrated/certs/www.srwpi.hostedpi.com/fullchain.pem</tt> and <tt class="docutils literal">/var/llib/dehydrated/certs/ww.srwpi.hostedpi.com/privkey.pem</tt> files, do the edit for the <tt class="docutils literal">CustomLog</tt> as you did for the other default site, and change the <tt class="docutils literal">VirtualHost</tt> to be <tt class="docutils literal"><span class="pre">[::1]:443</span></tt> and enable the site:</p>
<pre class="literal-block">
a2ensite default-ssl
a2enmod ssl
</pre>
<p>And restart apache2:</p>
<pre class="literal-block">
systemctl restart apache2
</pre>
<p>Now time to add some bits to <tt class="docutils literal">haproxy.cfg</tt>, usefully this is only a tiny tiny bit of extra config:</p>
<pre class="literal-block">
frontend any_https
option httplog
option forwardfor
acl is_from_proxy src 2a00:1098:0:82:1000:3b:1:1 2a00:1098:0:80:1000:3b:1:1
tcp-request connection expect-proxy layer4 if is_from_proxy
bind :::443 ssl crt /etc/ssl/private/srwpi.pem
default_backend any_https
backend any_https
server apache2 ::1:4443 ssl ca-file /etc/ssl/certs/ca-certificates.crt
</pre>
<p>Restart haproxy:</p>
<pre class="literal-block">
systemctl restart haproxy
</pre>
<p>And we're all done! REMOTE_ADDR will appear as the correct remote address in the logs, and in the environment.</p>
Ooooooh! Shiny!
2017-03-01T15:12:44+00:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2017/03/01/ooooooh-shiny/
<p>Yay! So, it's a year and a bit on from the last post (eeep!), and we get the news of the <a class="reference external" href="https://www.indiegogo.com/projects/gemini-pda-android-linux-keyboard-mobile-device-phone/">Psion Gemini</a> - I wants one, that looks nice and shiny and just the right size to not be inconvenient to lug around all the time, and far better for ssh usage than the onscreen keyboard on my phone!</p>
Psion 5 - What ever happened?!
2015-09-22T00:11:23+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2015/09/22/psion-5-what-ever-happened/
<p>So, what ever happened to Psion, and more importantly, the Psion 5. The Psion 5 was an awesome pocket sized machine, it had a full qwerty keyboard that was actually quite nice to type on, it had graphics that were way beyond it's time (640x320) in your pocket. It had a whole desktop suite of applications, including word processing and spreadsheets, and yet, psion died... The most scary bit of this is that mobile phones are getting bigger than the original Psion 5, and yet have sacrificed the keyboard for, well, who the hell knows what - the Psion 5s keyboard was awesome. Mobile phone manufacturers need to take a step back and work out how to get that keyboard on to a new gen phone that's touch only... The psion 5 also had a touch screen (yeah, ok, only single point, not multi finger action), was pocket sized, near indestructable, and hell, if one now existed that could make calls I'd seriously consider it.</p>
Cold Calls and Marketing Morons
2014-11-24T16:20:02+00:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2014/11/24/cold-calls-and-marketing-morons/
<p>Dear cold calling goits, will you please learn that the landline of this house is <em>not</em> the home owners, and that asking for Mr Parker will get you the question of "which". Asking for the one that's the home owner is likely to get you sworn at as that Mr Parker died getting close to 2 years ago.</p>
<p>Now, stop damned well calling me.</p>
<p>(OK - so I normally know on the basis that there is caller id on the landline, but it's still damned annoying!)</p>
Pound and POODLE
2014-10-24T17:18:00+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2014/10/24/pound-and-poodle/
<p>Over the last week I've been working to get the patches for Pound in to <a class="reference external" href="http://www.debian.org">Debian</a> for the POODLE vulnerabilty, the new package in unstable has the DisableSSLv3 option available which allows for disabling SSLv3 (fundamental for POODLE), and is waiting to migrate to testing, once that's happen I'll be looking to get that version in to wheezy-backports.</p>
<p>In the mean time, I'm currently rebuilding my personal repository, and will update this post once it's available, along with the GPG public key that it's signed with, the repository will contain wheezy-backports versions of pound, built from the unstable sources, along with a newer version of pound from the current experimental (2.7d) release of pound.</p>
<p>I also raised a ticket for EPEL 7 to get them to update from the 2.7c version that they currently have in the repository to the 2.7d version, which mostly only has the added option to disable various versions of SSL, and that appears to currently be in progress.</p>
<p>Internally at <a class="reference external" href="http://www.mythic-beasts.com/">Mythic Beasts</a> we have a repository for managed customers which already has the patched versions for both CentOS and Debian Wheezy.</p>
Sony Entertainment Networks Insanity
2014-06-28T16:54:09+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2014/06/28/sony-entertainment-networks-insanity/
<p>So, I have a SEN account (it's part of the PSN), I have 2 videos with SEN, I have a broken PS3 so I can no deactivate video (you can <em>only</em> do that from the console itself, yes, really)... and the response from SEN has been abysmal, specifically:</p>
<blockquote>
<p>As we take the security of SEN accounts very seriously, we are unable to provide support on this matter by e-mail
as we will need you to answer some security questions before we can investigate this further. We need you to
phone us in order to verify your account details because we're not allowed to verify details via e-mail.</p>
</blockquote>
<p>I mean, seriously, they're going to verify my details over the phone better than over e-mail how exactly? All the contact details are tied to my e-mail account, I have logged in to their control panel and renamed the broken PS3 to "Broken PS3", I have given them the serial number of the PS3, and yet they insist that I need to call them, because apparently they're fucking stupid. I'm damned glad that I only ever got 2 videos from SEN, both of which I own on DVD now anyways, this kind of idiotic tie in to a system is badly wrong.</p>
<p>So, you phone the number... and now you get stuck with hold music for ever... oh, yeah, great customer service here guys. I mean, seriously, WTF.</p>
<p>OK - 10 minutes on the phone, and still being told "One of our advisors will be with you shortly". I get the feeling that I'll just be writing off the 2 videos that I no longer have access to.</p>
<p>I'm damned glad that I didn't decide to buy more content from that - at least you can reset the games entitlement once every six months without jumping through all these hoops (you have to reactivate each console that you still want to use, but hey).</p>
Wow, I do believe Fasthosts have outdone themselves...
2014-01-04T10:24:46+00:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2014/01/04/wow-i-do-believe-fasthosts-have-outdone-themselves/
<p>So, got a beep this morning from our work monitoring system. One of our customers domain names is hosted with livedns.co.uk (which, as far as I can tell, is part of the Fasthosts franchise)... It appears that Fasthosts have managed to entirely break their DNS:</p>
<pre class="literal-block">
brettp@laptop:~$ host www.fasthosts.com
;; connection timed out; no servers could be reached
brettp@laptop:~$ whois fasthosts.com | grep -i "Name Server"
Name Server: NS1.FASTHOSTS.NET.UK
Name Server: NS2.FASTHOSTS.NET.UK
Name Server: NS1.FASTHOSTS.NET.UK
Name Server: NS2.FASTHOSTS.NET.UK
brettp@laptop:~$ whois fasthosts.net.uk | grep -A 2 "Name servers:"
Name servers:
ns1.fasthosts.net.uk 213.171.192.252
ns2.fasthosts.net.uk 213.171.193.248
brettp@laptop:~$ host -t ns fasthosts.net.uk 213.171.192.252
;; connection timed out; no servers could be reached
brettp@laptop:~$ host -t ns fasthosts.net.uk 213.171.193.248
;; connection timed out; no servers could be reached
brettp@laptop:~$
</pre>
<p>So, that's fasthosts core nameservers not responding, good start! They also provide livedns.co.uk, so lets have a look at that:</p>
<pre class="literal-block">
brettp@laptop:~$ whois livedns.co.uk | grep -A 3 "Name servers:"
Name servers:
ns1.livedns.co.uk 213.171.192.250
ns2.livedns.co.uk 213.171.193.250
ns3.livedns.co.uk 213.171.192.254
brettp@laptop:~$ host -t ns ns1.livedns.co.uk 213.171.192.250
;; connection timed out; no servers could be reached
brettp@laptop:~$ host -t ns ns1.livedns.co.uk 213.171.193.250
;; connection timed out; no servers could be reached
brettp@laptop:~$ host -t ns ns1.livedns.co.uk 213.171.192.254
;; connection timed out; no servers could be reached
</pre>
<p>So, erm, apparently that's all their DNS servers "Not entirely functioning correctly"! That's quite impressive!</p>
dd over ssh oddness
2013-12-03T10:59:01+00:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/12/03/dd-over-ssh-oddness/
<p>So, using the command:</p>
<blockquote>
<p>root@new# ssh root@old dd if=/dev/vg/somedisk | dd of=/dev/vg/somedisk</p>
</blockquote>
<p>appears to fail, getting a SIGTERM at some point for no discernable reason... however, using</p>
<blockquote>
<p>root@old# dd if=/dev/vg/somedisk | ssh root@new dd of=/dev/vg/somedisk</p>
</blockquote>
<p>works fine.</p>
<p>The pull version fails at a fairly random point after a fairly undefined period of time. The push version works everytime. This is most confusing and odd...</p>
<p>Dear lazyweb, please give me some new ideas as to what's going on, it's driving me nuts!</p>
<p>Update: solved...</p>
<p>A different daemon wasn't limiting it's killing habits in the case that a certain process wasn't running, and was killing the ssh process on the new server almost at random, found the bug in the code and now testing with that.</p>
<p>Thanks for all the suggestions though, much appreciated.</p>
Hepworth Spam
2013-10-16T12:31:28+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/10/16/hepworth-spam/
<p>There's been a recent spate of spam from domains held by Communicado Ltd, to counter this <a class="reference external" href="http://blog.hinterlands.org/">Martin A Brooks</a> has created a lovely list of domains to easily filter, see <a class="reference external" href="http://bit.ly/1anwTZv">his blog post</a> for information on the distribution and usage of this list.</p>
And on a different but similar tack...
2013-10-14T21:16:39+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/10/14/and-different-similar-tack/
<p>Of the (entire!) 35 comments on my blog that I've approved, 5 of those are actually from ipv6 addresses! Well done you ipv6 early uptakers! You all deserve a pint. (If you ever happen to turn up in the same pub as me, you should probably remind me I said that :) )</p>
Just in case you missed it...
2013-10-14T20:37:27+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/10/14/just-case-you-missed-it/
<p>So, I've changed jobs, I now work for the incredibly awesome <a class="reference external" href="http://www.mythic-beasts.com/">Mythic Beasts</a>, So far it's been great, we've hit a few problems, we've made sane plans, and we're moving forwards and making things easier to manage long term. I've mostly been involved with debugging mac-mini boot problems, and getting them working with (as far as possible) stock kernels, rather than our previous set of custom compiled kernels, so that it's easier to upgrade later, and so that we're not having to maintain a whole set of patches that we shouldn't need to! We're also starting to package our own software that we use internally so that actually deploying new servers is becoming a lot easier, and configuration of our previous packages is now (mostly) handled by debconf, meaning that actually setting up backups is becoming much easier.</p>
<p>We've also changed out main backup strategy from using a (slightly flaky) openvpn connection with loopback mounted ext3 filesystems to using rsync with the --fake-super option - the only thing that we've found slightly wrong with this so far is that --fake-super can't reconcile symlinks (it uses user level xattr to store the origional permissions, and with symlinks this doesn't work, because, apparently, symlinks should store user xattr attrbutes!).</p>
<p>We also offer ipv6 for all our dedicated and vps customers, as per <a class="reference external" href="http://blog.mythic-beasts.com/2013/09/17/ipv6-end-users-starting-to-care/">the mythic blog</a> - and our 2 authoritative name servers are both v6 enabled. We're working towards making all of our core services available over both ipv4 and ipv6, and we should be there soon.</p>
<p>It's fantastic to work for a company that has the technical knowledge and no-shit stance that <a class="reference external" href="http://www.mythic-beasts.com">Mythic Beasts</a> has, we will hold our hands up if we do something wrong, and we'll tell you exactly what happened, why, and what we're doing to stop it from happening again.</p>
<p>So, 1 month in, and I'm absolutely loving working for them, and I've been a customer of theirs since black cat networks sold their domain name side to them, and shortly afterwards bluelinux sold their virtual servers service to them.</p>
<p>Our new <a class="reference external" href="http://www.mythic-beasts.com/vds.html">VDS lite service</a> is reasonably priced, and well spec'd. I thoroughly recommend our services, and obviously, we actually use our own vds service to provide some of our services - so it's as important to us that it keeps working as it is for our customers.</p>
<p>Wow, so that was a very salesy post. Erm, next time, back to whinging about authors not having written the books I'm waiting for yet! :)</p>
WHSmith - How not to do online trade...
2013-10-14T13:58:44+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/10/14/whsmith-how-not-do-online-trade/
<p>So, apparently WHSmith are very upset with the appearance of "Unacceptable Titles" in their Kobo feed, and so, the <em>obvious</em> solution to this is to entirely take down their website and replace it with the following holding page</p>
<a class="reference external image-reference" href="/photo/1-website-images/486/"><img alt="/media/photos/1-website-images/whsmith-small.png" src="/media/photos/1-website-images/whsmith-small.png" /></a>
<p>So, rather than doing the sensible thing, of just removing the kobo feed temporarily, and putting a note on the ebook selling part of their website, instead they've gone with the TAKE EVERYTHING DOWN!!1!!1!1!!one! approach. That seems somewhat stupid, and I'd be looking at whoever made that call and looking to find out how they've still got a job... unless WHSmith really do absolutely no online trade at all, this seems to be particularly stupid.</p>
The usefulness of getent
2013-09-18T19:37:26+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/09/18/usefulness-getent/
<p>It appears that if you want to do dns lookups, the output of <tt class="docutils literal">host</tt> is a pain to parse, and <tt class="docutils literal">dig</tt> doesn't follow the systems normal search path. So, the solution is to use <tt class="docutils literal">getent ahostsv4 <hostname></tt> which has easier to parse output (if you're only looking for v4 addresses).</p>
<p>Apparently this is not a well known thing, so I thought I'd drop it here to tell the world :)</p>
Moving, Changing Jobs and the Bank Holiday Weekend...
2013-09-11T20:38:57+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/09/11/moving-changing-jobs-and-bank-holiday-weekend/
<p>So, in the last couple of weeks I've (mostly) moved out of Brighton, got a new job, and generally the world has gone crazy.</p>
<p>The bank holiday weekend was spent at Debian UK BBQ, and was fantastic fun, including the reading corner on Sunday where we played through various arcs of <a class="reference external" href="http://www.amazon.com/To-Be-Not/dp/0982853742">To Be or Not To Be</a> (small spoiler: PIRATES!).</p>
<p>Since then I've been mostly back and forth from Brighton moving stuff, buying a car, and starting a new job... As mentioned in my <a class="reference external" href="http://blog.mythic-beasts.com/2013/09/09/i-do-not-accept-your-silly-software-license/">new employers blog</a> there was a small stumbling block with my new work laptop that stopped me from getting a sensible operating system on it from the get-go, but it's now running a shiny Debian Wheezy install and alllllllllll is well with the world... well, mostly. I have just removed gnome-keyring because I hate that I can't see a way of relocking it, or infact relocking any of the individual keys that it had.</p>
<p>So, back to ssh-agent I went, and the world is good again. But that means that I haven't got a gpg agent running at the moment, though, unless I'm missing something, I can't see a way of forcing gpg-agent to forget a passphrase either (ARGH, why on earth wouldn't you have an option for that?!).</p>
Of hosting companies that are completely opaque...
2013-08-01T21:20:54+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/08/01/hosting-companies-are-completely-opaque/
<p>So, my current place of employ (for another 3 weeks and 1 day) have a bunch of dedicated servers from a large hosting company in the UK, occasionally they break their already truly broken internal networking (yes, it defaults to blocking nearly all TCP ports between servers in their own data center, but if you want to hit those same ports from outside their network, that's absolutely fine!), I get to deal with the same thread at least once a quarter, when something in their network decides to block one of the few ports that <em>are</em> allowed... that port is 22, and ssh is used "rather a lot" between the approx 50 servers we have with them. Just for shits and giggles, all of their infrastructure filters ICMP making traceroute mostly totally useless. tcptraceroute ain't no better. Repeating the same question, asking for what they did when it magically all then works again, and getting a "we didn't do anything!" response is somewhat taxing, almost as taxing as watching them run commands on the servers and them not actually know what they're doing, but appear to have a vague grasp on iptables being a firewall, and that they can <em>maybe</em> read the rules and go, "oh, you weren't lying.". Their support is also so far lagged that it's ridiculous, other than an auto response, it took 3 hours (during office hours) to get a "oh, yeah, what you've said, that all looks good, now give us access so that we can diagnose further..." when you do give them that... it'll be between 4 and 6 hours before they bother logging in, and closer to 8 to 10 hours for them to go "oh, it works now, but I don't know why!". NYARGH. These guys make bedroom ISPs look professional to the max. The <em>only</em> thing they have almost going for them is that if you order a new dedicated server it is usually spun up within the hour.</p>
<p>And here endeth the vent.</p>
Of weekends and patio laying...
2013-07-29T20:37:07+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/07/29/weekends-and-patio-laying/
<p>So, this weekend I headed up to <a class="reference external" href="http://www.einval.com/">Uncle Steve's</a> and assisted in the laying of the flagstones for the patio for the BBQ - there's even at least one bit of <a class="reference external" href="http://photos.einval.com/gallery/patio/acr">photographic evidence</a> of me in a non-supervisory capacity. Was a good weekend, and fun was had by all, even if we couldn't really express it due to Complete Exhaustion by the end of it.</p>
<p>Only another few weekends and it'll be the <a class="reference external" href="http://wiki.earth.li/DebianParty2013">Debian UK Party 2013</a> which will, as it is every year, be absolutely awesome. I'll leave the thanks for the beer and food donations until after the party :)</p>
Replacing Planet Planet
2013-07-22T18:25:19+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/07/22/replacing-planet-planet/
<p>I'm just replacing the code running <a class="reference external" href="http://planet.alug.org.uk/">planet alug</a> from a (very old) Planet 2.0 to <a class="reference external" href="http://www.intertwingly.net/code/venus/">Venus</a>, appears that the transition has mostly worked, but maybe it's time to think about what to replace that with too, it'd be nice, for instance, to use something shiny and django based so that some more people can add feeds (with out me having to go edit the file!).</p>
It's been a looong time since the last blog post...
2013-07-09T21:39:40+01:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/07/09/its-been-looong-time-last-blog-post/
<p>So, does anyone have any clue what's happened, because I'm at a loss. Apparently I didn't blog about the loss of my Dad back in December, he was found in Union Canal on the 13th December 2012, with his dinner in a carrier bag and his bike. The 'official' date of death is the 13th December 2012, but as far as we can work out (and I'm fairly sure on it), he died between 1930 and 2030 on the 12th. I was on the phone to him at 1930, and I was trying to call him back at 2030 on leaving a pub and wandering back in to town, apparently I wasn't the only one trying to call him, but we all put it down to him being out of signal at the time, until I got a call from my brother on the 13th at just gone midday, saying that the police had been round to tell him they'd found Dad in the canal that morning.</p>
<p>The funeral was held on the 22nd January 2013, with a large turnout of friends and family, it was a good send off for the old chap, and we made damned sure that it was an even better wake - <a class="reference external" href="http://www.blackaddertap.co.uk/">The Brewery Tap</a> did a fantastic job for us, and all that turned up (ok, with some exceptions, but we can block them out!) were fantastic. The boy knew more people than we could possibly imagine, and most of them turned up to either the funeral, the wake or both.</p>
<p>Still miss him, don't expect that to change anytime soon, if only because I used to talk to him most evenings after work between the train station and the pub, and I really miss being able to talk shit with him and being able to relate. Next week we should finally have the Certificate of Representation so that we can actually empty his canal boat ready to sell, at which point it's likely to go back down to Wilton Marina to be sold off. It's not a bad little boat, but it was his sanctuary, and none of us feel comfortable keeping it.</p>
<p>In other news, work has been slightly a bit busy since then, and I'm still playing a bit of catchup from missing fair chunks of January (though, I was mostly still working from home when I could!).</p>
<p>I'm sure other stuff must have happened... Oh, yeah, I got older, but obviously no wiser. I went and visited The Brewery Tap for Father's Day (that was a good day, 7 hours trains for 5 hours in the pub, but <em>well</em> worth it).</p>
<p>Coming up: Cambridge Visitations! The August Bank Holiday Debian Party in Cambridge - now, that I am looking forward to!</p>
It's that time of year again..
2013-02-18T13:45:22+00:00Brett ParkeriDunno@sommitrealweird.co.ukhttps://www.sommitrealweird.co.uk/blog/2013/02/18/its-time-year-again/
<p>It's that time of year again, my hair has all gone!</p>
<a class="reference external image-reference" href="/photo/me/485/"><img alt="Slightly beardless me" src="/media/thumbs/w500/photos/me/me-haircut.jpg" /></a>