You are currently browsing the Carl's notes weblog archives
for July, 2011.
Only a small number of servers here are accessible from off-campus. This prevents staff and students from using their office computers to host websites and share files via http. Lots of good reasons for this but on one occasion a colleague needed to run a Tomcat server (Java) for a research project and it needed to be accessible worldwide. I was unable to get it running on this server 
but was able to use Apache’s mod_proxy to make his own machine accessible on the web via a URL on this server.
I enabled Apache’s mod_proxy and used the following lines in /etc/apache2/mods-enabled/proxy.conf.
ProxyVia Block
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /public_url http://firewalled-private-server
ProxyPassReverse /public_url http://firewalled-private-server
The content hosted on http://firewalled-private-server must of course be accessible from your public server. It will then be available outside your network at http://my-public-server/public_url.
There may be some security considerations, and some of the lines in the configuration may not be necessary, but it did the trick. FYI it’s not in place any more.
Linux July 29th, 201103:42 pm
Lancaster University Student Union (LUSU) offer two types of student card. The one advertised everywhere is the Purple Card. It has the NUS logo on it and gets you discounts and free drinks in shops, restaurants, pubs and clubs around Lancaster.
However, if you just want to get your regular student discounts (concessionary prices) at the cinema or theatre, and aren’t going to benefit from the perks of the Purple Card, then you can get a Red Card which costs just £1, instead of £12.50 for the Purple. You only save £11.50 but I don’t think I’ve ever been in a situation where a Purple Card would have benefited me, so I might as well. The URL for the Red Card is http://card.lusu.co.uk/red. I’m listing it here because the link doesn’t appear anywhere else online. The website for ordering the Red and the Purple cards are almost identical but the price at the end will be different.
As far as I can tell, the additional NUS Extra card is available with either of these cards, so that doesn’t justify the extra cost of the Purple one. The NUS Extra card doubles as an ISIC international student card and will get you discounts on Amazon orders for instance.
The latest version of Apple’s MacOSX won’t allow users to access Terastation shares over AFP (the Apple filesharing protocol).
The message says:
There was a problem connecting to the server. The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.
Several other NAS manufacturers have similar problems. Apple have dropped previous versions of AFP authentication, and the license of the software that allows most NAS to support AFP has changed, making it more difficult for manufacturers to upgrade to the newer version. In addition, the new and more secure authentication method may slow down access to files.
Alexander Wilde offers a workaround.
There’s a long list of unhappy people and a few more details on the Buffalo forums.
Misc July 22nd, 201106:16 pm
WordPress is updated every few months. That’s good. But it’s a nuisance to go through the manual update every time. WordPress can update itself via the web admin interface but it needs a few tweaks. Without these changes, you will see a form asking for details of an FTP server. These are not required, they are just a sign that the web update method didn’t work and that FTP is available as a fallback (presumably for shared hosting where FTP is the only way to upload files).
- The WordPress directory must be writable (or owned?) by the user running the webserver.
- The proxy server must be configured in
wp-config.php.
In our case we need:
define('WP_PROXY_HOST', 'wwwcache.lancs.ac.uk');
define('WP_PROXY_PORT', '8080');
define('WP_USEPROXY','TRUE');
- I’ve changed the permissions so my user’s group can write all files and directories, and the SUID and SGID bits are set on all directories in the hope that if I create any files manually, they will have the right permissions and not break the updates. There may well be some security considerations which I’ve neglected.
When you use Subversion (or other version control systems), be sure to use them consistently. Checked out directories contain a hidden directory containing information about the repository, the original checked out files, which files have been deleted or added… Copying the complete directory to a different location or even a different computer might work seamlessly, copying individual files is also acceptable. But as soon as you copy subdirectories (with their special hidden directory) that have been updated or committed on another computer, the upper directory and the subdirectory become inconsistent as far as version control is concerned. You will get messages asking you to clean up, and claiming that some subdirectories are not under version control.
- Best practice is to use the version control tools to exchange files: commit on one computer, checkout on another, make changes, commit, update on the first computer.
- If individual files need to be processed on another computer (eg. batch converting images from one format to another on a *nix machine) then proceed as above, or select all and copy the individual files, not the whole directory.
- If you need to provide the whole version controlled directory to someone who doesn’t need version control (eg. sending LaTeX sources to an editor), use the export feature to create a clean directory tree without all the hidden version control subdirectories.
At some point during a recent upgrade, LDAP authentication broke on our server. It’s exactly the problem reported by vrillusions on the Ubuntu forums, and the solution by windependence worked perfectly.
The problem became apparent when trying to change a password for a colleague who couldn’t log in.
# passwd dave
Enter login(LDAP) password:
passwd: Authentication information cannot be recovered
passwd: password unchanged
It turns out that PAM wasn’t using LDAP correctly. This was fixed by removing the use_authtok parameter in /etc/pam.d/common-password.
Linux July 08th, 201111:14 am
