28 July 2012

I have been running Unix systems (Linux, *BSD, QNX, Plan9, etc) for over 15 years and the truth about getting into the nuts and bolts of operating systems or rather any system of parts is that you learn a lot. If you haven’t spent time tinkering in complex systems, then I personally believe that you never really understand the world around you. How exactly do I mean? Well, at some point, your computer stops being a word processor or email machine and you start to think about all the processes running, and why they run, and which alternative processes you could run, and eventually you start tweaking all types of files and choosing other filesystems and settings, and building something that is custom.

“It’s Been Too Long Running Systems from Scratch”

During that process you learn a lot about the fundamentals, but you also learn about how to recover things when something fails. You get comfortable with your understanding of how things work; but at a big picture perspective you realize that you can apply this type of knowledge and methodology to other things. For example, artwork is something you can study and learn, languages can be dissected and learned, home brewing can be accomplished, and other non-trivial things start to become within grasp.

That being said, there will be a point in time (or effort spent) that the benefits of customization or full low level learning of some select topics will no longer yield the same metric of knowledge or reward. An example: I used to run OpenBSD on my laptops. I did this because OpenBSD is a great operating system and while I ran OpenBSD servers, it made sense to carry over knowledge that I gain on my own experimenting on the laptop into the production servers. There were constant CVS updates, make world compiles, and tweaking of files, patching things, etc. This used to make sense to me; and then a lot of different factors (change of job focus, traveling, priorities, etc) led me to buy a Mac laptop and I had all the Unix power with a system that I didn’t have to tweak to get work done.

Still Tweaking

I still tweak files on my servers, I still try new applications on my mac, but I always make sure that I have the basics of functionality available to me before considering a significant change to something I am using. I have been running my own mail servers and name servers for close to 15 years (for suspicious.org, truman.net, and other friend’s domains), and while it’s great to get experience with various software applications, there are times when I think it would just be easier to use Gmail. For one of my specific domains I did just that, and hosted my domain email on gmail; the result has been great. There is no spam, I don’t have to tweak postgrey, postfix, avclam, spam assassin, MX records, etc. I just let Google take care of it, and the quality is great. For some other domains, I think there is some benefit it keeping a system together with my software stack to keep an interest in Internet applications and security.

With the availability of Cloud and VPS offerings, it is starting to make sense to host everything virtually. Time and time again I have to deal with RAID array issues, rebuilding drives, drop shipping hardware to the DC, etc. It’s a lot to do when I just want to have web, email, and apps available for friends. I am starting to think that it will make sense to start using various Cloud or VPS systems spread around the world which would be more cost effective than simply hosting in a single location.



Switched from Apache to Nginx

Still learning this, but decided to modernize and go for the lightweight Nginx + php5-fpm to power my servers. The configuration of Nginx is far simpler (but more powerful) than Apache style configurations. This reminds of the experience of switching from Sendmail to postfix. More details when I get everything working well.


Back on the Linux wagon

I have and do run Linux from time to time, and primarily have been partially interested in features available in Linux. My interest comes in cycles; back in 1995-98 I used to run snapshot kernels and custom tweak everything. Then I learned about BSD, become a huge OpenBSD fan, and totally ditched Linux.

With virtualization being built on Linux and the primary development of applications being based on a Linux environment, I have started digging back into it.

Now I am getting OpenStack/DevStack running on Ubuntu 12.04 with an early build. This should be fun.

comment spam via ipv6

Checking some logs I realized that comment spam was originating from a host in Japan at: 2001:2e8:626:0:2:1:0:b7.

With the plethora of IPv6 addresses, it will only be a matter of time before we see massive comment/email/and web spam originating from IPv6 address blocks.

And what exactly is this machine that is sending comment spam?

Why, it’s a default install of Centos with a bunch of open ports. I am sure some not-so-friendly scripts have found their way inside this vulnerable host and have started using it to generate spam. The fact that the machine was IPv6 connected was likely a coincident, but a useful one (to the spammer).

I have now blocked the /64 of that range to prevent such annoyances.