These are my own notes to self...probably irrelevant to anyone else. To use DNS on tridity.org (mappinghacks.com): mh notes:
/home/named/var/named/asi has named.asi where the individual references go, ie. equiv. to /var/named and it has individual domain files, ala /var/named/data To Add a domain which will live on lewis.geocoder.us:

edit /home/named/var/named/asi

look for zones where the master file points to geocoder.us

co -l named.asi

edit it, add domain as copy of existing one that points to geocoder.us-like presenttous

ci -u named.asi

sudo /etc/rc.d/init.d/named reload

This is some old shit, or just non-tridity

copy an existing 'template' file from /var/named/data

on mh copy /home/named/var/named/asi/

Edit the template

do some rcs

on mh see include "/var/named/asi/named.asi"; or something like /home/named/var/named/asi

update the serial number-apparantly not needed on Tridity

edit /var/named.conf to add a pointer to the new /var/named/data file

on my /home/named/etc/named.conf

kill -HUP the named process or /etc/rc.d/init.d/named restart For email on tridity cd /etc/postfix co -l local-host-names vi local-host-names # follow example of presenttous ci -u local-host-names co -l virtual vi virtual # follow example of presenttous ci -u virtual i had to manually remove virtual.db postmap virtual
sudo /etc/rc.d/init.d/postfix restart
/etc/rc.d/init.d/postfix restart email on ?

edit /etc/postfix/aliases (if needed for emails) or maybe /etc/postfix/virtual
co -l virtual
edit...see folkartforschools example *on mh: *edit virtual
*edit local-host-names
*postmap virtual
*sudo /etc/rc.d/init.d/postfix restart
co -l local-host-names
edit again, see 'rich' section ci -u virtual sudo make -C /etc/postfix Don't need to do these-they are dealt with in make -C /etc/postfix postmap virtual

run newaliases to create aliases.db

edit /etc/postfix/main.cf

add this domain to the mydestination list

/etc/rc.d/init.d/postfix restart On lewis? /etc/httpd/conf domain.conf - see presenttous, other samples. sudo /etc/rc.d/init.d/httpd graceful some other server

look in /etc/httpd/conf.d/sites.conf for httpd config

edit the file as appropriate.

put your new site somewhere like:
/home/www/mydomain.com/

restart apache /etc/rc.d/init.d/httpd restart

2004-09-10

CVS_RSH=ssh
export CVS_RSH
cd geohacks
cvs -d:ext:rich@nocat.net:/cvsroot import -m "import from Rich's iBook"  geohacks rich start

This was important at one point...
cvs -d:ext:rich@geocoder.us:/home/cvs upd -dPA

and here is my diff line:
 cvs -d:ext:rich@geocoder.us:/home/cvs diff lib/Geo/Track/Log.pm  > f

this works:
cvs -d:ext:rich@geocoder.us:/home/cvs commit lib/Geo/Track/Log.pm 


2007-03-18
this works:
cvs -d:ext:rich@mappinghacks.com:/home/cvs co Audio-DSS

I shoot RAW mode, and then want to import the not-raw files into iPhoto to preview, but I end up with the RAW files in iPhoto, which is unable to productively handle them (in my version).

find . | grep NEF | xargs rm

Isn't that special? Or:

find . | grep NEF | tee filelist | xargs rm "Are we going to watch them until they do a couple of back flips? I don't think so. We wern't watching them, we were washing them."

Adam just showed me a Word trick. Turn on wildcards, then search for

( )(*)(\n)

and replace with:

\2\3

And this is clearly superior to doing << in vi :-)

...We just have all kinds of people.

Clearly that is advice to live by. I wanted a new server to throw into our 1/4 rack down at Hurricane Electric. I mean, Schuyler has a machine in the rack, and he and I jointly have a machine in the rack, but all those beautiful "U's" were sitting empty, forlorn, waiting for a machine from me!

I got a pretty cool 1U case off of EbAy for $46.97. As near as I can tell it is a brand new case. And it included a power supply, and the PCI 90 degree adapter. Screaming deal.

Of course, for it to be a Testing Range Production there need to be some arbitary number of freaky weird things that have to be done.

First weird thing was that the back cutouts were just a little off from my mother board. But the Dremel tool made reasonably quick work of those. I did shatter three dremel cut off wheels in the process, but that is the price of progress.

Next the motherboard I had from my friend Nate had a full sized heat sink and fan. Hmmm. That is not going to fit in the 1U case. A little time with the metal cutting band saw and it seems that I've taken care of that problem.

Next is the question of drives. Since Schuyler had an emergency that required the use of my new 300 gb drive I installed Fedora Core 3 on an old 6 gb drive. I had a 250 gb SATA drive, and an Adaptec ASH-1205 SATA Connect Serial ATA Card. I figured it wouldn't hurt to try, so I installed the mess and after a quick fdisk and mkfs I amazingly was able to mount the drive.

Fedora Core 3 recognized the Adaptec ASH-1205 and automatically loaded the sata modules. I was happy. I don't know if that would work for the boot partition, but I'm happy right now.

A side benefit is that this system has an older BIOS, and didn't actually appear to recognize the full 300 gb of the other drive. I assume that since the sata modules live in user space that the BIOS loses the power to vex in this case.

The final (knock wood!) indignity was that the case was designed for a single hard drive. It doesn't even have cut outs on the front panel for a floppy or CD-just blank steel.

(if you look closely at that picture you can read this text being edited. If I were clever I would call this 'Computer in the process of being documented' and it would be conceptual art, and sort of clever. If only I were clever and could capitalize on these little syncronicities. Though, since I intentionally planned the photograph to include that text it isn't strictly 'syncronicity' but rather 'staged' which is a word that here means not random.)

Dilemna. I managed to solve the dilemna with a bit of nearly precision metal fabrication. You can tell a geek's operating system from the shape of the hard drive sled used in their server...

Screws and stuff: case and hard drive screws appear to be (mostly?) 6/32. This means size 6, and 32 threads per inch. This is interesting because it turns out that this means if you use a certain size drill bit you can reliably make holes that match your screws, and if you use a slightly smaller bit, and a 6/32 tap, you can make threads that these screws will happily grip.

And if you can tap threads you have far more options as to where you can install things, and even, dare I say, what is possible to treat as a computer case...(more to follow).

Yet again...I'm not actually getting too much spam, my filters seem to be working well enough, and I turned off wild card emails a bit ago, but now I notice that I get it appears tens of thousands of attempted spams per day to journalsonline.com addresses that have never existed.

So I've taken the step of pointing the journalsonline.com mx record to an ip address that I own, but that isn't pointing to anything. First I changed my postfix main.cf file so that it no longer attempts to receive mail for journalsonline, but that just changed the problem slightly: instead of connecting, looking up the user, and rejecting it now simply rejects the connection with a relay denied error.

Actually, I do get some Relay access denied messages in my maillog, but mostly it seems that I get connects and disconnects.

next morning...my log file was still spewing into the log, but then a bit later it quited down...probably as dns propagated. how nice.

1. Connect eth0 to a network segment with a dhcp server.
2. Go to the DHCP server, tail the lease log:
   sudo tail -f /rw/var/lib/dhcp/dhcpd.leases
3. Power up the metrix.
4. Watch the log...by and by a lease should be issued.
5. ssh root@thataddress, password=root

I'm getting a huge amount of SPAM. I have a lot of filters, but it looks like my system performance is actually now being impacted by the work my filters are doing.

This came to a head when I was debugging an email problem on another system. I sent email to myself from that system while watching my /var/log/maillog. I kept missing what I was looking for because of all of the darn SPAM hammering my system.

The thing that is annoying me right now is all of the spam send to accounts that don't exist on my system. Running this command shows me attempts to send mail to non-existent accounts:

sudo tail -f /var/log/maillog | grep reject

Using iptables to count bandwidth usage

This command will use iptables to log bandwidth of web traffic:
sudo /sbin/iptables -A OUTPUT -p tcp --dport 25 -j LOG
or this adds a label so you can see what is what

sudo /sbin/iptables -A OUTPUT -p tcp --dport 80 -j LOG --log-prefix 'www' and then this shows that usage:

sudo /sbin/iptables -L OUTPUT -v

This works if I stop my default firewall rules...so I need to clean my default rules...

sudo /sbin/iptables -A INPUT -p tcp --dport 25 -j LOG --log-prefix 'mail'

This also works, to at catch the responses (ie. source port)

sudo /sbin/iptables -A OUTPUT -p tcp --sport 25 -j LOG --log-prefix 'mail'

I wrote a program to look at reject'ed emails in my maillog

sudo tail -20000 /var/log/maillog | grep reject | ./maillog.pl

maillog.pl just groups by ip address.

So this is quasi interesting to show the current attempts:

watch 'sudo tail -20000 /var/log/maillog | grep reject | ./maillog.pl'
maillog.pl (this is of course ugly, code but you can see what it is doing)

So watching that gives me the most recent abusers, who I can add to my kill file with:

sudo /sbin/iptables -A INPUT --source 192.168.0.8 -j DROP

But I do have the default firewall rules running, so to log things with the firewall running:
sudo /sbin/iptables -A RH-Firewall-1-INPUT -p tcp --dport 25 -j LOG

The firewall config lives in /etc/sysconfig/iptables and can be edited by /usr/bin/system-config-securitylevel

This is quasi interesting:

watch 'sudo /sbin/iptables -L INPUT -v'

10/22/2004 I knew wget was good, but no, it is _really_ good.

Don't use this server, for various reasons, but this command is good.

wget -r -H -np -Amp3 http://www.oddiooverplay.com/ears/hallowseve/ -r - Recursive retrieving...walks down directories -A accept list -> in this case just mp3's -H span hosts -> follow linked to sites. -np never ascend to the parent or above. ie. this will ignore things like ../../../ that might get you to the root directory. -nH no host directories ... doesn't create a directory named for your domain. 1/9/2005 update: wget -r -np -nH http://www.roberts-etal.com FINISHED --19:12:30-- Downloaded: 437,618 bytes in 48 files -nH no host directories. Without this all the files would have been downloaded into a directory named www.roberts-etal.com.

system-config-services edit services by runlevel.

Linux Server Hacks is really great. Hack 66 'Turbo Logins with SSH' is one of my favorites.

I made a little refinement...rather than scp'ing id_rsa.pub to the target server, and then editing authorized_keys2 to append the contents of id_rsa.pub I do this:

cd .ssh
cat id_rsa.pub | ssh login@server "cat >> .ssh/authorized_keys2"

I _hate_ this message!

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = "en_US",
	LC_ALL = (unset),
	LANG = "en_US:en"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

You can solve the immediate problem by unsetting LANG. For bash or other bourne variants: unset LANG For tcsh or other csh variants: unsetenv LANG

These are my install/config notes...probably only of interest to someone who is messing with the media server.

Install Debian on Via
currently has Lindows on a 20gb drive, and a 120 gb drive
with lots of 'stuff'

download debian images
on Testingrange in /home/rich/wa/debian

Write CD/s
sudo /usr/bin/cdrecord dev=0,0,0 debian-30r1-i386-binary-2.iso 

It all depends on where you come from, but my NoCat gateway now has a web server. These links go to the same place...

nocat.testingrange.com

rich.nocat.net

10.42.3.1

Unix is sick!

Try this command:

Except, you probably are not on the community network, so the 10.42.3.1 address will fail...

watch 'telnet 10.42.3.1 10000 2> /dev/null | grep eth'

diagnosing xinetd
kill the existing xinetd
run it from command line in debug mode...you can see what is happening.
sudo /usr/sbin/xinetd -d -stayalive -reuse -pidfile  /var/run/xinetd.pid

the 'mon' script:

---

#!/bin/sh
#
# grep out device statistics in a monitoring-friendly format
#
# Returns the device name, receive bytes, receive errors, transmit bytes,
# and transmit errors, separated by spaces.
#
PATH=/bin:/usr/bin

if [ -z "$1" ]; then
  echo "Usage: $0 [device name]"
  exit
fi
echo -n "$1 "
grep $1 /proc/net/dev|tr ':' ' '|awk '{print $2 " " $4 " " $10 " " $12}'

---

Then put this in xinetd.conf

service mon 
{
        type            = UNLISTED
        socket_type     = stream
        wait            = no    
        disable         = no    
        user            = nobody
        server          = /usr/local/sbin/mon
        server_args     = eth0
        port            = 10000 
        protocol        = tcp   
}

---

Or for inetd...I should document it...

I purchased Rob Flickenger's book Linux Server Hacks the first day it was available at O'Reilly. They had to go to the back room and open the carton. And then last night I again found myself enthralled by the beauty that is the Unix way of life.

cd /home pax -wvz rich | ssh puppy.testingrange.com "pax -rvz"
pax -wvz -T 0302010000 rich | ssh puppy.testingrange.com "pax -rv"

The first command duplicates my home directory on a second machine, while the second command updates everything changed since midnight, Feb 1st, 2003.

Jorn Barger writes So long as you're working with PhotoShop or MP3s or TiVo video, etc, a 40-gig harddrive is just bigger. But when you talk about ascii text, 40-gigs is effectively infinite-- no human could read 40 gigs of text in their lifetime! I thought that I had a lot of data. 16 gb of pictures, 22 gb of mp3's, and all the rest. But when I started to look at things, 'all the rest' started to become manageable. Like Mary Ann on Gilligan (write me if catch the reference).

Excluding photos and mp3's, I need to sling around just three or four directories worth of stuff, totalling under 8 gb at a whack. And that is for complete backups. Moving to the incremental approach makes it even easier.

Everything got easier when I put in my 100 mb hub.