blog.arithm

Easier to configure than I thought it would be. The defacto document on this lists a series of convoluted steps to get UTF-8 working.  All you really need to do is as follows:

1. Launch the local configurator via # dpkg-reconfigure locales
2. Select the locales you would like to support. I need Japanese support so I selected ja_JP.EUC, ja_JP.UTF-8, and en_US.UTF-8 in addition to already available locales. Click “Ok”.
3. Choose the default locale from the list; make sure it is a UTF-8 locale. Click “Ok”.
4. Login to another shell.

That’s it!

# locale charmap should now return “UTF-8″.

I have a new favorite shell: fish.

Fish is awesome for variety of reasons, but primarily because Fish:

1. Emphasizes command and parameter discovery, as well as overall usage transparency with truly useful default settings, over tweakability.  (After all, who really has time to trick out the shell on every damn box you log into?)
2. Has extremely powerful default tab completion and history search.
3. Highlights syntax with pretty colors.
4. Has multiline editing that actually works.
5. Simplifies directory navigation.  (Aspects of which remind me of the old AmigaDOS CLI.)

Be sure to check out the fish change log for insight into recent-ish enhancements.  Some very cool though obscure features in fish.

Looks like mktemp is now provided by coreutils.  No wonder.  This block has been bugging me (read: I’ve been ignoring it) for months.

To fix just unmerge mktemp and update coreutils.

Update: Same for the setarch / util-linux block should you come across it.  Unmerge setarch.

This post comes via notes taken from another blog… seemingly gone awol.   Here for posterity.

Etch naturally has an older version of WordPress.  To upgrade to a more recent, possibly though unlikely more secure version,  the easiest way is to change your tracking to testing, install WordPress and then change back.  How to do it:

1.  Edit your /etc/apt/sources.list to track testing. If your sources.list says etch or stable, change that to testing.  For example if your source.list has:

deb http://debian.lcs.mit.edu/debian etch main contrib non-free
deb-src http://debian.lcs.mit.edu/debian etch main contrib non-free

change those to:

deb http://debian.lcs.mit.edu/debian testing main contrib non-free
deb-src http://debian.lcs.mit.edu/debian testing main contrib non-free

2.  After you change your tracking to testing do an apt-get update.

apt-get update

3.  Install WordPress

apt-get install wordpress

this may pull in a few new php libraries, such as libphp-phpmailer.  Let it.

(Note that you do not want to do an “upgrade”, but rather “install” as listed above.   “upgrade” will try to upgrade a ridiculous number of packages, whereas install will focus only on packages required for installing and/or upgrading WordPress.)

4.  Change your tracking back to Etch. just reverse what you did in step 1. that is change testing back to etch.

5.  Clean everything up.

apt-get clean && apt-get update

After all this is done, login back in as admin to WordPress, and it will tell you that you have to update your WordPress database tables.  Do that and you’re done.

I’d seen this happen occasionally over the last couple of months, but it seemed to get really bad on Friday.

Fri Mar 21 21:31:45 2008 -> SelfCheck: Database modification detected. Forcing reload.
Reading databases from /var/lib/clamav
ERROR: reload db failed: Unable to lock database directory (try 1)
ERROR: reload db failed: Unable to lock database directory (try 2)
ERROR: reload db failed: Unable to lock database directory (try 3)
ERROR: reload db failed: Unable to lock database directory
Terminating because of a fatal error.
Socket file removed.
Pid file removed.
--- Stopped at Fri Mar 21 21:38:16 2008


Not entirely sure what the problem is, but it seems like clamav is choking on recent updates from freshclam.

And apparently I’m not the only one. Took advice from this thread and updated clamav to the version in debian-volatile. The official ClamAV documentation also recommends using the volatile repositories.

I’m new to Debian and almost took this to mean that I should use etch. Good to know that Debian maintains a volatile repository. To pull packages from volatile, just add:

deb http://volatile.debian.net/debian-volatile etch/volatile main contrib non-free
(though preferably use a mirror)

to /etc/apt/sources.list. Running a simple apt-get update clamav or aptitude update clamav will find and install the appropriate volatile updates. Nice.

There used to be a nifty little utility I used for this kind of thing, but the below works just as well:

find ./ -type f | xargs sed -i 's|http://domain.com|../relative/path/or/whatever|g'

As with grep and other utilities, sed can take different characters to represent the division between fields. Above I used the pipe (“|”) as opposed to the standard slash found in most examples.

Here’s something I’d never had to do before. Be careful as this kind of tip will only popup for you once on the first emerge.

# emerge dev-php5/ZendOptimizer
>>> cfg-update-1.8.2-r1: Creating checksum index...
Calculating dependencies... done!
>>> Verifying ebuild Manifests... 

>>> Emerging (1 of 1) dev-php5/ZendOptimizer-3.3.0a to / 

!!! dev-php5/ZendOptimizer-3.3.0a has fetch restriction turned on.
!!! This probably means that this ebuild's files must be downloaded
!!! manually.  See the comments in the ebuild for more information. 

 *
 * Please download ZendOptimizer-3.3.0a-linux-glibc23-x86_64 from:
 * http://www.zend.com/products/zend_optimizer
 * and put it into /usr/portage/distfiles/.
 * Please note that you need a valid Zend Account
 * (free) to download the Zend Optimizer!

Manually pushing the archive into distfiles and running emerge worked fine. For a moment I was concerned that I might actually have to build something from source. Whew!

Build mod_security against the wrong set of headers, and Apache 2 will mysteriously begin to segfault in a persistent manner. Check which version you’re running with dpkg --get-selections | grep apache2.

Seems my shiny new Debian distro running the prefork version of Apache had the threaded (worker) headers installed against it. Duh. apt-get install apache2-prefork-dev reinstalled the correct prefork headers and Apache is happy again.

Mathiew Dessus has a great article about installing mod_securty on Debian for those interested.

While I love the reports that Cacti produces, I really hate setting them up. And most of the time I just need something “quick and dirty” to get a better window into what’s going on with a small web/db server combo.

webminstats is a nice little plug-and-play Webmin module that does just that. It will automatically try to setup a dozen or so round robin scripts to collect data against a variety of common services (web server, database, memory, processes, etc.) It can take hours to get the same kind of reporting working in Cacti.

The output isn’t as “pretty” as that of Cacti’s.. but then again pretty doesn’t fix servers.

For a simple and free (and fairly standard!) way to secure your remote desktop sessions — and without having to figure out the crazy, proprietary Microsoft security stuff — take a look at copSSH. copSSH uses a streamlined Cygwin client to setup an SSH sever on your Windows box.

I’ve recently been using copSSH and PuTTY‘s Pageant authentication agent to tunnel RDP through PuTTY/copSSH SSH connections. Works like a charm.

One gotcha: copSSH doesn’t clean-up after itself well. Consider running taskkill from time-to-time.

C:\WINDOWS\Taskkill /F /IM bash.exe /T

Or if you prefer bashing:

$ kill -9 `ps | grep ^I.*bash$ | cut -c2-9`

Accrue more than 64 zombied PTYs and you’ll find yourself locked out of the server.