Wednesday, September 16, 2009

Got distcc(d) working!

I finally have distcc and distccd working, so now my ancient PowerPC iMac actually has all its code compiled by a semi-modern dual-core AMD machine. Woohoo!

Most of this was Gentoo magic that worked right out of the box, at least for portage. I still have not been able to prove to myself that I can actually use distcc manually as well. Of course that's not nearly as important... :-D

Next I have to try pump mode, and then it's off to setting up the old SPARC box I have lying around, also with distcc most likely. (It's equally straightforward to generate another cross-compiler using Gentoo's crossdev script. Sweet.)

Monday, September 7, 2009

I <3 LVM2

So when I installed Debian on my MSI Wind Netbook the other day, I was asked whether I wanted to have encrypted LVM2 volumes. I said yes, and I am already glad I did today: resizing works! :-D

Debian decided to give me a 4GB / and a 138GB /home which was a little unbalanced since I needed to install a lot of stuff. Also it made the swap space 2.3GB instead of the 4GB I would have liked. I was really bummed out for a few minutes until I remembered the LVM2 stuff.

So I went ahead and used resize2fs to make /home smaller, then lvreduce to make the volume for /home smaller, then lvextend to extend the swap space and a new mkswap on it, and finally lvextend to make / 16GB and resize2fs to expand the file system as well. And it all worked. Amazing! :-D

Makes me wish I had done an LVM2 install on my desktop at home too, but sadly I didn't feel comfortable enough with it back then. I am already using it on the gaming lab server, but I never had a reason to resize anything on there yet. Good to know that it'll work if I ever need to. I <3 LVM2! :-D

DenyHosts on Gentoo

When I set up a server, I like to move the port for sshd away from 22 to some high location, say 32767. At JHU, however, high ports are blocked by the good folks in IT. So machines I host on campus actually get attacked a good deal more than machines I host off campus where I control the firewall. Talk about "security" measures around here. :-(

I looked around for a nice way to ban attackers who try to get into my machines and settled on DenyHosts as my favorite. One emerge later I was editing the configuration file, and after I got done with that the trouble started.

First sshd completely ignored the /etc/hosts.deny file that DenyHosts 2.6-r1 writes into. Maybe I forgot to install tcp-wrappers? Nope, those are there. Maybe I forgot to build sshd with the tcpd USE flag? No, that's there. It turns out that the default sshd configuration will bind to all interfaces on your machine, and for some reason that leads to entries in /etc/hosts.deny not being respected. The details are muddy, at least to me, but adding a ListenAddress solves the problem. And you gotta put your actual ip address!

So once that's working, I try the init script to (re)start DenyHosts. And it fails. At least that's what the init script says, in htop I can clearly see that I have a denyhosts process running now. What do you know, the init script that comes with Denyhosts 2.6-r1 on Gentoo is broken. You need to replace --name denyhosts with --name /path/to/python instead. Yes, you'll have to change it every time you update the Python interpreter to a new major version. What can I say? Someone needs to rewrite the init script from scratch I guess.

So now I have DenyHosts running, and script kiddies who try to get into my machine are banned. What else could I wish for? I don't know, a similar tool for Apache maybe? :-D

Sunday, September 6, 2009

The Domains of JHU

Don't ask me how I got into looking this stuff up, what matters is that I did look it up... :-D Apparently Johns Hopkins owns somewhere between 200 and 450 domain names. I am not sure how reliable the statistics are, but here are the links to what I saw:

low estimate
high estimate

Yes, I took the liberty of rounding the numbers, both up and down. I started wondering how many domain names other universities own. Here's my biased sample (data taken from the same site): 242-391 186-405 50-247 86-479 48 19-53 4-8 4-7

And just for reference, has 24,609-29,017 domains associated with it. So while we at JHU are "small fish" compared to M$, it's still somewhat surprising to me that universities, especially some who consider themselves "Ivy League," are domain hogs. :-)