Writings Photos Code Contact Resume
Debian

You are here


The spammer or a DoS attack ? Doesn't really matter.

Submitted by msameer on Sun, 10/09/2006 - 6:55pm

So, I'm still a hardcore GNU/Linux administrator after all ?!

Apache "The webserver" is down. Looks like the master process gets killed by the kernel. That's weird.

Now what's interesting is the dmesg output:

TCP: Treason uncloaked! Peer 62.68.70.130:62537/80 shrinks window 1681427947:1681430707. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61105/80 shrinks window 288684489:288684490. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61107/80 shrinks window 285018062:285018063. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61137/80 shrinks window 282542156:282542157. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61161/80 shrinks window 305746809:305746810. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61185/80 shrinks window 341351133:341351134. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61213/80 shrinks window 356410419:356410420. Repaired.

Looks like the peer is playing bad games with my TCP/IP stack. Decreasing the window size. I guess that's why apache was holding too many connections. Something like 119 connections.

netstat output was interesting:

     88 CLOSE_WAIT
     21 SYN_RECV

I wouldn't know but I guessed that the high number of SYN requests is due gto the high number of half closed sockets.

The problem is that after I've decreased the CLOSE_WAIT time via:

echo 2 >  /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait

The number of TIME_WAIT started to increase.

echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait

Of course all the above might be incorrect or even nonsense. Let's see.


Back to apache.

Submitted by msameer on Tue, 21/03/2006 - 12:58pm

lighttpd was doing fine but sometimes it doesn't start after the logrotation, I'm lazy to write a script to fix this plus, I miss the apache mod_security to filter out some SPAM comments. I'm using an old package from backports.org, Maybe it was fixed in a later package but it's not there for debian yet.

I also enabled a php accelerator when I moved to lighty, Now I'd like to test how apache'll perform with the acceleretor.



Lighty powering foolab.org

Submitted by msameer on Sat, 18/02/2006 - 10:58pm
Yes, I've discovered that Lighttpd is now in Debian, I grabbed the sarge backport from backports.org and here it is!
Probably you won't notice anything, Maybe the server'll be a bit faster. But for me, I can serve more requests now as lighty is more lightweight than Apache ;-)
Graphs ? Generated every minute. ;-)


As you can see, I don't have much requests but why not use something that can allow me to expand ? :-)
Probably I won't leave the graphs for long, I'm just enjoying the rrdtool module of lighttpd!

Linux 2.6 SUX!

Submitted by msameer on Sat, 18/02/2006 - 2:04am

First, I know that I should STFU because I'm not going to write a patch to fix it but I can't as I'm not a kernel developer and the knowledge I have about the kernel development is the same as the knowledge I have about T.V internals ;-)

Really 2.6 is annoying, I don't know what's wrong with Linus. Yes thanks Linus for releasing Linux as a GPL'ed kernel and for working on it but you still suck :-)

A few days ago I went to the office, Powered on my laptop, startx and errrrrrr. I'm not allowed to startx. WTF ?

After digging around for some times I discovered that the Xwrapper.config file has been replaced by a strange file, I discovered later that it was the fonts.dtd file from the fontconfig package. WTF !!

Simply, I fixed the file and managed to startx, Something wrong with the colors ? I finally discovered that the rgb.txt file has been truncated. I also discovered that a lot of directories has been turned into files. I was sure that someone didn't crack my laptop. After I fixed this, I was trying to switch my keyboard layout to Arabic but it didn't work. Open a terminal and damn! "setxkbmap" is crashing, Google told me that some files might be missing. I reinstalled the relevant debian packages and it worked.

I had to stop and consider it, Is it a file system corruption ? I never had this with Linux before. I rebooted using a live CD, Ran fsck but it was fine. Odd!

I booted my normal system back and started to work, I'm a full time employee after all and this suck when you want to poke around :-)

Never mind, I'll have a detailed look later.

I was doing something when I suddenly got a message on the terminal and the file system was remounted read only by the kernel.

ext3_free_blocks_sb: bit already cleared for block

Enough is enough, The night before I installed the 2.6.15 kernel from sid. Now I can say that it might be a corruption in the kernel data structures. I rebooted and fsck again, shit I never had any entries in my lost+found directory since I swotched to linux, Now I have something like 22 Megabytes.

That's it, I downgraded the kernel to the 2.6.15 from testing, kept rebooting and running fsck until it stopped reporting filesystem errors.

Now what ? I'm not going to reinstall ? Sure no.

I need to verify all the packages, I found debsums but I also discovered that not all the packages install an md5sum for their contents.

At that point I decided to go home.

I used debsums to verify all the packages with md5sumsand reinstalled all the packages with corrupted or missing files. I then reinstalled all the packages without md5sums for 2 reasons:
1) I can't tell whether they contain corrupted files or not.
2) To allow debsums to generate md5sums for them.

Now the only problem is that the md5sums files might be corrupted too but I decided that I'm still lucky ;-)

Everything was fine but I was really considering FreeBSD but then I thought about it again, I can't use it without trying to contribute but I don't like to contribute to a code under the BSD license which can be closed anytime.

Also, I won't be using stable, I'll be using release which is equivalent to Debian testing, It's also my fault that I used a kernel from unstable but come on, That's Linux, We are not talking about windows here. I mean even so, It should be stable.

Sure I wish I can report this as a bug but how ? I don't have any information to report.

The other problem is: How the hell am I supposed to use such a kernel when it enters testing ?

I can't also compile from source again for 2 reasons:
1) I've been building from source since the late 2.2, I tried building 2.6.15 some time ago but damn, mutt wasn't able to open my main inbos, grep complained about inability to allocate memory when I tried to grep through the ~500 MB file. Something is wrong and this makes me afraid.

2) If such a bug is there when we have a team of people maintaining the Debian package, How can I be sure that I won't hit something more sever when I'm on my own ?

I know that everything can have bugs but the filesystem driver ? Isn't this too much ??


Do you want to play with a GNU/Linux server ?

Submitted by msameer on Thu, 05/01/2006 - 3:10pm

This is my old VPS and I won't renew it.

Host: naboo.vpsland.com
User: root
Pass: root
OS: Debian sarge.

Use ssh!

You won't be able to add users or change the root password. If you discover how then you deserve it ;-)


Katoob releases.

Submitted by msameer on Fri, 04/11/2005 - 7:37am

Unless I change my mind later, Which is not going to happen IMHO, I won't release a new version of Katoob.

I'll silently take a CVS snapshot and upload it to debian. I'll also keep such releases here.

This means that if you want to follow up with it you have 3 options.
1) Switch to debian.
2) Regularly update your CVS snapshot and build your binary or watch the above directory regularly. I'll also announce it here.
3) Get someone to build you a packag for your distro.

Now why is that ?
I'm lazy.
I don't feel like tagging the CVS, Generating tarballs, Building a debian package, Uploading all this to sourceforge and creating a release, Updating the freshmeat record, Emailing both the arabeyes developer and announce mailing lists,Wait for the announce to be approved. Update te arabeyes project page and link to the announcement email.

Islam is using Gentoo, He's already compiling from source for phaeronix.

Debian users are handled fine ;-)

Mandrake/Mandriva users ? May god help them ;-)


What a day!

Submitted by msameer on Mon, 24/10/2005 - 5:03am

Quite a lot of things happened within the last few hours.
I erased a movie by mistake, Whatever I did, I wasn't able to get it back.

The problem is that the torrent is not seeded all the time, Guess I have to wait.

A few minutes ago, I erased an email by mistake. I wanted to keep that email but damn!

I've got the latest firefox Debian package from experimental, Why experimental / Because it has pango support which means that Arabic diacritics'll be rendered fine.

I decided to remove my ~/.mozilla away so that firefox won't get crazy, I never had to do this with opera, I only had to edit the main configuration fileonce but I'm using the same ~/.opera since opera 5 or so.

Ayway, I only installed the session saver extension and I'm trying to stick to firefox.

The memory consumption looks fine, But I need to give it a try before I decide to stick to it.

I'm still having a few problems with the font size but it should be tweaked soon ;-)
I need to find a way to increase the menubar font size too.

Ah, And the create content page doesn't render correctly, Just to piss me off.

Finally, Here's a new bug report ;-)



Pages