Troubleshooting path MTU problems

2010-04-08 20:26 +00:00 | 1 comment

Not long ago we started having very unusual issues our email servers. Mail would be inexplicably held for delivery, bounce back, or fail to send for hours and then send without issue later. Some users couldn’t fetch email by POP until they restarted their mail client. We investigated the mail software, but weeks of investigation turned up nothing.

Around the same time, we also experienced intermittent problems logging in to MSN Messenger, and some users complained of issues accessing certain web pages, including a lot of HTTPS links. I began to suspect these were related.

Read the rest of this entry »

Tags: ,

Firefox extension: Open With

2010-03-30 07:12 +00:00 | No comments

Some time ago I released a simple Firefox extension, Open With Konqueror. In the time since I released it, a new version of KDE and the Crystal icon set have been released, as well as a slew of new “Open With X”-type extensions. Open With Konqueror is simply obsolete.

I recommend you install Open With, a generic extension capable of opening the current page or selected link with any application. KDE users can simply open the extension preferences, select the “Manual Entries” tab, select “Add”, and enter “/usr/bin/konqueror”.

Tags: ,

iptables firewall templates

2010-03-29 18:39 +00:00 | 2 comments

I use iptables firewalls on every server I administer, including all of our core routers (which run Linux too). There are lots of tools to easily configure a firewall. For simple tasks, Ubuntu now installs ufw by default, which has both command-line and GUI tools. For servers, consider Webmin.

If you want to do something more complicated, or prefer editing iptables rules yourself, you’ll have to do it by hand. When I first started doing this I found a template online and edited it to suit my need. Over time I’ve learned a lot more about iptables, and my templates have evolved.

Read the rest of this entry »

Tags: , , ,

Flying without a net: safe techniques for working remotely

2010-02-28 22:16 +00:00 | No comments

I try to post a few times each month, but somehow January (and most of February) fell through the cracks. Lately I’ve been busy with operational tasks, which hasn’t left me much room for engineering. I haven’t solved any particularly hard or unusual problems, which is usually what I write about. Instead, I’ll write about a routine problem that is nonetheless tricky enough to warrant discussion.

Most of the time I’m not in the same country as the servers I administer. Which means I can’t just drive down and fix something when it goes wrong. It also means that making changes to the network is particularly dangerous. So is updating the kernel, initrd, or GRUB configuration. It is possible to leave a server in a state that requires you to be physically present to fix it. I call this kind of work “flying without a net”. Here are my techniques for safely working without console access.

Read the rest of this entry »

Tags: , ,

VLANs, bridges, and virtual machines

2010-02-20 12:44 +00:00 | 13 comments

We run several virtual machine host servers on a network with multiple VLANs. The virtual machines are members of different VLANs, but are not themselves aware of the VLAN. This is how we did it.

Read the rest of this entry »

Tags: , , , ,

Merry Christmas!

2009-12-14 19:35 +00:00 | 2 comments

Merry Christmas, everyone! We have a special card just for you:

http://www.tolaris.com/xmas/xmas2009.php

(In case you miss it the first time, try reloading or clicking the button.)

Read on if you’d like to know more about how our awesome card works.

Read the rest of this entry »

Tags: ,

virt-manager now in repo

2009-12-08 17:23 +00:00 | 1 comment

The latest virt-manager package in Ubuntu karmic is broken. We use virt-manager to manage KVM/QEMU virtual machines over an ssh tunnel. This worked fine in hardy and jaunty. But it is partially broken in karmic.

Read the rest of this entry »

Tags: , , ,

kregexpeditor, grip now in repo for karmic

2009-11-23 19:56 +00:00 | 2 comments

Both kregexpeditor (removed since the KDE 4 upgrade) and grip (unmaintained since 2005, relies on old libraries) are missing from Ubuntu karmic. I expect to find alternatives to grip, but for now I’d like to keep using it. And I’ll give up kregexpeditor when they pry it from my cold, dead hands.

The hardy version of kregexpeditor still works on karmic, and I’ve used pbuilder to port the jaunty package of grip to karmic. Both are now in the repo.

Tags: , ,

Securing laptops with ecryptfs, cryptsetup, and tmpfs

2009-11-14 00:17 +00:00 | 7 comments

One of the awesome features of the last several Ubuntu releases is support for ecryptfs, an encrypted filesystem. At Talia we depend heavily on GPG, OTR, SSH keys and other forms of encryption and secure identification. Loss of those keys and other confidential data to laptop theft, corporate espionage, or the US Customs Service is a big concern for us. This week I secured my laptop, as a prototype of our new corporate laptop setup. Here is how I did it.

Read the rest of this entry »

Tags: , , ,

Enabling the Sleep button on a Dell laptop in Kubuntu Karmic

2009-11-10 19:35 +00:00 | 7 comments

Update 2010-05-02: See this comment.

I read an article in the Dec 2009 issue of Linux Magazine, one of several Linux-focused magazines we get at the office. I’d like to link directly to it, but it the magazine’s own website doesn’t offer the article or even a reliable permanent link to the issue number. Hint: hey guys, sort that out.

The article was about configuring ACPI hotkeys to support your specific laptop. IE, the buttons for “sleep”, “brightness up”, etc. For most laptops this already works on Ubuntu. On my Dell Vostro 1500, every button except for “sleep” worked right after install. This is Linux, so there is always some way to fix that.

Read the rest of this entry »

Tags: , , ,

« Older entries § Newer entries »

All content © 2008- Tyler J. Wagner