Author Archive

« Older Entries

“Resource Already Exists” on a Citrix Netscaler when adding an SSL certificate

Thursday, February 2nd, 2012
No Gravatar

I ran into a bit of trouble with a Citrix Netscaler recently. It wasn’t letting me upload an intermediate CA certificate for geotrust so I could link it to a server certificate I had already added. It was giving me the error when uploading the intermediate CA cert that the “Resource already exists”. I found this quite helpful page: http://support.citrix.com/article/CTX117284 Which tells you to compare Issuer and Serial of the certificates on the thing. I couldn’t get this to work on the netscaler’s shell itself, so I downloaded all of the certs in /nsconfig/ssl/ to my linux workstation, and used this script to compare all of the serials:   Read more...

Tags: , , , , ,
Posted in Linux System Administration | 1 Comment »

Is the collective nature of the internet making us stupider, or only seem stupider?

Friday, January 6th, 2012
No Gravatar

Many of us are used to text messaging speak or instant messaging our friends in some form of shorthand, some of it made up on the spot. Facebook is full of terrible grammar. Take a look in many IRC channels and you’ve got plenty of people not using capital letters and dropping punctuation at every opportunity. Bizarre abbreviations and acronyms pop up everywhere.  Read more...

Posted in Random Musings | No Comments »

SSL Certificates: then and now

Tuesday, November 1st, 2011
No Gravatar

Remember a few years ago when a basic SSL Certificate cost you $300? It’s different now. You can get them for $10, sometimes even less. A few of my peers consider the whole SSL Certificate authority situation a bit of a racket. We were paying them $300 per year for them to tell your browser that we are who we say we are. You can pay them even more money for them to make a certificate that works for all your subdomains. The last one I setup was in the order of 8 times more expensive for that privilege. On their end, it’s not any more technologically expensive to create you a wildcard certificate, or a normal certificate.  Read more...

Posted in Technology, Web Development | No Comments »

Programming for Load balanced environments: Part 1

Tuesday, October 18th, 2011
No Gravatar

Having multiple servers feeding a single load balancer has big advantages: fault tolerance, SSL Offloading to name just two. But with the performance comes extra complexity. There are a few things you need to keep in mind when setting up your web application to “play nice”:

SSL Offloading and Apache’s point of view

In a typical SSL Offloading setup, your load balancer (or web proxy) serves all of the certificates to the public facing IPs, so Apache doesn’t need to know anything about SSL. This simplifies web-server setup, which is especially valuable when you’re managing a cluster of them behind a load balancer. Because the load balancer is the point of contact to the outside world, Apache is unable to handle a few things that are normally simple in a standalone setup.  Read more...

Tags: , , ,
Posted in Web Development | No Comments »

Common RAID and LVM RAID1 Setup

Wednesday, August 31st, 2011
No Gravatar

My last RAID discussion was about growing the size of an existing RAID1 partition. I thought I’d back up a little bit and show an example of how we get a RAID1 in the first place.  Read more...

Tags: , , ,
Posted in Linux System Administration | No Comments »

Bacula Server Backup Complexities

Friday, August 12th, 2011
No Gravatar
Bacula is a very powerful backup managing product. Free (as in beer and speech), and quite mature. I recently had the task of setting up proper backups of a new server to a backup server. The way we wanted to do it caused a lot of complexity. I needed to minimize bandwidth use, minimize disk use, and keep increments back to about two weeks. I also wanted multiple jobs to be running at the same time, and didn’t want to transfer a complete full backup every month.

Bacula lets us do that! But it’s not immediately obvious how things work from the documentation. The documentation is probably geared towards someone familiar with this style of backup product, but coming from using rsync for backups, I had some learning to do. I’m still learning in fact, so if you have a better way of doing things, let me know!  Read more...

Tags: , , , , , , ,
Posted in Linux System Administration, Tools, Tips and Tricks | 2 Comments »

Growing a RAID1 While the Server is Live

Monday, April 11th, 2011
No Gravatar

I recently ran into a problem that most of us are very familiar with: the fileserver has nearly run out of storage space!

There were a few things compounding the upgrade.  Read more...

  1. The server has only two SATA ports
  2. Both SATA ports were in use by the existing RAID1 so I could not connect another RAID array and rsync the files across.
  3. I needed to minimize downtime as the fileserver ran an important accounting and project management application. 10 hours of downtime to run a grow operation using a live-cd was unacceptable.

Posted in Linux System Administration, Tools, Tips and Tricks | 1 Comment »

Curiosity vs Risk

Monday, November 15th, 2010
No Gravatar

Curiosity killed the cat, right? I bet if the cat had anything to say about it, his mindset was still worth it.

I was recently thinking about what drove me to become a programmer when I was asked if it’s hard to write code. I realized that the range of understanding necessary to stop any career from being akin to magic is narrow. With some basic understanding of something, you can start learning the rest of it. I came to the conclusion that programming was one of many occupations that could be a natural good choice for my curious personality.  Read more...

Posted in Linux System Administration, Random Musings, Web Development | 1 Comment »

IE6: The End is Nigh – Part 3

Friday, September 24th, 2010
No Gravatar

I thought I’d give an update on how the world is doing with ditching Internet Explorer 6. Between August 2009 and  August 2010, IE6 usage has dropped from nearly 18% down to 8%. This is great news! IE6 usage has finally dropped lower than the “other” category of browsers. For more numbers, see here: http://gs.statcounter.com/#browser_version-ww-monthly-200908-201008

There’s a few reasons why we’ll see a very rapid decline in IE6 usage this year.

1) IE6 is old. The last time IE6 came included with an operating system was with Windows XP  SP2, which was superceded by SP3 which included IE7 and automatic updates turned on by default on April 21, 2008. So if you’ve bought a computer after that, you likely got IE7 installed by default.  Read more...

Posted in Tools, Tips and Tricks | No Comments »

Interacting With a chroot Environment

Thursday, July 15th, 2010
No Gravatar

Some services are capable of running in a chroot environment without having to build a separate chroot environment for them. OpenSSH and bind9 are both examples of chroot aware services. Simple config options will get you on your way to secure use of either of those. But for other services, like Apache2, things get more complicated.

It’s sometimes helpful to make a stand alone chroot environment so that you can run multiple versions of software. For example, it’s sometimes useful to run one version of php for your live server and experiment with upgrading to the newest php by running the newest php in a chroot. But how can you interact with the services running in the chroot?  Read more...

Posted in Linux System Administration | No Comments »

« Older Entries