It was time for a new theme. So here it is. A bit modified from the original version I downloaded. Including some css edits and the ability to fully work with mobile devices (I only have a andriod to test though).
Interesting note on the mobile features though, both Android and iOS have a issue where they can’t use the css overflow. iOS at least lets you scroll the content, but none of them will show a scroll bar of some sort.
In moving my projects over to git, I stumbled across a troublesome issue. In one of my projects existed a folder along side trunk, tags and branches that had stuff I needed to be converted. However I wanted to convert these as individual git repositories.
So, after reading “git –help svn clone” and finding nothing to help me with this issue, I headed to the search engines. It took some time between search engines and asking some friends. As a note, Git 1.7 has sparse abilities, however I never got that far to try it out. I found out that git 1.6.4 included a new parameter which does the job just nicely.
I stumbled across this on the Tech Debug blog.
So in the end the following command is an example of what I did, with real data omitted.
$ git svn clone http://example.com/svn/project/folder --no-minimize-url --no-metadata -A authors-transform.txt folder
This did the job exactly as I needed it to. It converted just the folder in the repository without so much of a complaint. Now that I review the git man page for svn, I do see I missed it.
When tracking multiple directories (using –stdlayout, –branches, or –tags options), git svn will attempt to connect to the
root (or highest allowed level) of the Subversion repository. This default allows better tracking of history if entire projects
are moved within a repository, but may cause issues on repositories where read access restrictions are in place. Passing
–no-minimize-url will allow git svn to accept URLs as-is without attempting to connect to a higher level directory. This option
is off by default when only one URL/branch is tracked (it would do little good).
I have my git repos cloned on my site. In order to keep my git viewer up to date, I need those clones to continue to be up to date.
Thankfully, there is a simple way to do this. git does have a –git-dir=/path, However this does not appear to work. You still need to change into the working directory in order to pull the updates. So after some work, I came up with this:
#!/bin/bash
FILES=/srv/git/*
for f in $FILES
do
if [ -d $f ] && [ -d $f/.git ]
then
echo "Processing Git repository, $f"
cd $f
git --git-dir="$f/.git" pull -q
fi;
done
I simply add this as a cron tab, using > /dev/null to eat the output. However if an error occurs, I should receive a email with what exactly went on.
In addition to my Dovecot issues, postfix as well had failed and I wasn’t able to send emails. However, getting them was more important at that point.
After some trials, I found I needed to add this to my main.cf
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
Which has resolved postfix from not working. Hopefully I fixed all my issues since my upgrade.
Just recently updated my vps to ubuntu 11.10, this went mostly smooth. However, I had some issues with dovecot. I could not get it to start.
It seems that the configuration guide I followed to setup dovecot broke due to outdated settings. However thanks to a wiki guide from dovecot, I was able to convert my configuration file: http://wiki2.dovecot.org/Upgrading/2.0
However, dovecot refused to work properly. After much searching and much issues, I finally figured out that I had to install a new package, dovecot-mysql in order to get this to work. After which, a restart of the saslauthd service brought everything back into working order, at least for dovecot
I added boot camp to one of my macs and happy found that that Windows 7 supports reading HFS drives. Which means it had access to my Mac OS X installation. Sadly it didn’t keep the user permissions setup and I could see everything from all users. Not acceptable for a family used computer.
So some google searches did bring up some options, however I found that all of them alone don’t resolve the issue completely.
The first thing I found suggested using “gpedit.msc” to add policy in User Configuration -> Administrative Templates -> Windows Components -> Windows Explorer in the “Prevent access to drives from My Computer” policy. However this had two limitations here. First off it applies to the current local user only and secondly it only did drives A-D. Which doesn’t help me with drive E.
Now, I can open “mmc”, go to add a snap in, select Group policy editor, click browse and then the users tab to set it to non administrators. However the secondary limitation was still the problem. I needed to do a non default drive that the group policy editor didn’t support. Which makes it almost useless.
Another solution I found was to modify the windows registry to do this. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer may contain a dword called “NoViewOnDrive”. This is perfect for what I want as I can limit it to other drives. A article on how to geek explained how the data was represented. So this works out for me.
However that solution had the same problem as first time where it only the current user. So after more searches not turning up anything useful I found a solution that works. By using the mmc I created above to add a policy for non administrators, it added that data into the registry. I simply used the find function to locate “NoViewOnDrive”. After some searches, I located it.
I do want to mention I did close the mmc I was using and opened the registry editor before. Data may be outdated otherwise and may not update. But it was simple to do this after which as I modified the value to match what I wanted. Now it appears to be working just fine for non administrators and is preventing access to the drive. A little more work than I wish I would of had to do in order to accomplish this, but it got the job done.
There is a similar dword in the registry called NoDrives. This simply hides the drives and does not prevent access to them. I left the drive visible as it really doesn’t bother me to see it. I just needed to prevent its unleashed access to the drive.
Linode.com has recently setup IPv6 natively and is deploying it across their data-centers. This is great as I now have a native IPv6 address for my VPS.
I use Nginx as a replacement for Apache and I noticed today that my vhosts where not correctly responding on the IPv6 address. Since I use a wildcard for my subdomains, it still would respond with my main domain, but it wouldn’t recongize any additional or subdomain. From the configuration documentation it makes it sound like I only need to add “listen [::]:80;” to my vhosts in order to get this to work. However despite my tries I received an error:
[emerg]: bind() to [::]:80 failed (98: Address already in use)
All documentation supports the suggested command and some suggest running the sockets separately (by adding ip6only=on to that listen). However this still failed to make it work.
So, after going through all my configs, test configs (for test subdomains I have) and disabling any listen directives (which broke a few things), I still couldn’t get it to work. In the end I am not quite sure how I got it to work. I even checked with “lsof -i :80″ to see anything that might of been running and couldn’t find anything.
But what I did to finally get this to work right was add this to my default config (ie for my main domain):
listen 80 default;
listen [::]:80 default ipv6only=on;
Then for each other vhost I added:
listen [::]:80;
This seems to make things work without any problem. No errors whatsoever and ipv6 responds as it should.
As a final note, I should mention my ISP does not natively support IPv6 yet. I am using a tunnel broker via HE.
I had a issue with my laptops video card dieing. None the less thanks to a class action lawsuit and some work by Apple, I have been able to get my video card replaced for free (See: http://support.apple.com/kb/TS2377). The nicest thing is that this is costing me $0 dollars to fix and ship back to me. Which is awesome and I am glad that Apple took the initiative to investigate the issue and help their customers.
Well while I wait for that to happen, I was smart enough to use Screen Sharing which still worked to pull the logs off my system. Upon trying this I found my user accounts missing. I had the root user enabled so I was able to still get in one way. So after recreating my user for now (I could recreate from a full backup I did just days before this), I put my logs on a thumb drive so I could look at them.
This is a snippet from the logs:
2/12/11 10:12:19 PM com.apple.loginwindow[59] 2011-02-12 22:12:19.113 ManagedClient[120:903] -xaDiskDisappeared: removing external account “_amavisd” with home “/var/virusmails” from DSLocal because disk disappeared.
2/12/11 10:12:19 PM com.apple.loginwindow[59] 2011-02-12 22:12:19.116 ManagedClient[120:903] MCXCDeleteAccount(): Trying to delete user id = 83
It wasn’t able to delete the system accounts, thankfully. However it did delete my account and a postgresql user account I created. Which I should of setup as a system account in the first place. No damage was done, just the user account deleted. All my data was still there and backed up.
Managed Client is apart of the OS X and is used to manage users in a server setting. That said my system was never setup in a server setting. But if I had to guess from the error log, it appears that when it losses connection to the server with the user account data, it is auto deleting users as a security precaution. Again I don’t have server setup or use this, which means it acted on the local users when it couldn’t load the data. Not a very smart idea of Apple to allow this for the local users though.
User data for the system is kept in /var/db/dslocal, which explains this. I also had a notice about anacron not being able to find its data in /var. So I am suspecting that my /var directory went corrupted during one of the restarts I did trying to diagnose the system.
2/12/11 10:12:09 PM com.18james.anacron[78] anacron: Can’t chdir to /var/spool/anacron: No such file or directory
Luckily I can restore everything lost in there off a backup and didn’t keep anything important in var. So it isn’t a major lose and I am glad I keep backups. Unfortunately I wasn’t able to find very much information in searching around. I didn’t feel like reading Apples 294 page PDF about user management to try and see if I could find anything about it. A search of the document using some simple terms didn’t turn up anything.
As a final note, incase you are wondering, user accounts disappearing is happening to other OS X users, but none of them tried to look at the console log to see why. http://www.google.com/search?q=”mac+os+x”+user+account+disappeared
The title may be confusing, but I am sure it is related to how I have things setup. I have phpMyAdmin setup to use http login, which means it gives a login form for me to log into phpMyAdmin. phpMyAdmin is on a protected folder with a auth basic login setup (so a dual auth is required to access my database). This is all behind https.
The problem as been that after I login, is phpMyAdmin will redirect to http://domain.tld:443/phpmyadmin/index.php[...]
This causes Nginx to complain that a redirect to a https port coming from a http protocol. Nginx won’t even do the redirect to https protocol even though I have that setup.
I know the blame here is phpMyAdmin. It took some time to figure out why and sadly a solution in phpMyAdmin isn’t the easiest. It is much easier to fix in the Nginx configuration.
The issue is that HTTPS is not set in the server environment variables. So phpMyAdmin detects the port mismatch and when it fixes up the url, it includes the port (since it doesn’t detect HTTPS on and the port is not 80).
The simplest solution is just to add this to my fastcgi_params. Since the location of phpMyAdmin is behinds its own domain that always uses https, I don’t have to worry about the variable being set where it shouldn’t.
# Needed by phpmyadmin.
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
I also show a HTTP_SCHEME environment variable. phpMyAdmin will also detect this if it doesn’t detect HTTPS is on. Either one of these should work. I only tested the first but the second is looked at in the phpMyAdmin config test and it bypasses all the other scheme checks.
Content Security Policy is a relativity new header being promoted. Browsers such as Firefox 4 will make use of this. Considering the benefits it and X-Frame-Options headers offer. It is almost stupid to not look into this.
These new headers try to do one thing and that is prevent some of the common security issues (Clickjacking, XSS, and data injection).
However, google ads require some setup. You have to allow it on multiple src. From my tests, this includes the allow and script-src twice (two domains).
Mantis has already implanted this in their source code. Due to how limiting what they implanted is, it breaks a lot of integrations. SimpleMachines.org uses mantis as its bug tracking software. CSP also happen to of broken everything from working correctly in FireFox4.
So after some testing with FireFox4 and reading the CSP information. I came up with the following header (which you can view if you have the proper tools installed and visit Mantis on SimpleMachines.org).
header( "X-Content-Security-Policy: allow 'self' http://pagead2.googlesyndication.com; options inline-script eval-script; img-src 'self' *; script-src 'self' http://*.simplemachines.org http://pagead2.googlesyndication.com http://googleads.g.doubleclick.net; style-src 'self' http://*.simplemachines.org; frame-ancestors 'none'" );
Note that image-src is set to self and *. The wildcard allows us to load in remote images. Although this lowers security, there is no other simple way to do this with remote avatars. The header gets nasty in length and I personally start to worry about all headers being able to be transmitted in one packet in some setups where the header is even longer. But this is the price you pay for security.
My GitHub Feed