03 marzo
2010
someone should tell google to avoid certain subdomain names
google! google! I'm here, I'm telling you that!
It all began this morning, when someone pointed me to the fact that the domain gemablog-.blogspot.com wasn't resolving correctly.
What? of course it is not resolving - was my first thought - did you see the - at the end of the subdomain name?
As you can read in RFC-1034:
The labels must follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen. There are also some restrictions on the length. Labels must be 63 characters or less.
I know there are some other RFCs that added some modifications to that rule later on, but I didn't find any that allow us to use - at the end of a subdomain or domain name (please do correct me if I'm wrong).
The funny part of the story is that, depending on your operating system and the tool you are using, that domain will resolve, or not.
For example:
dig works in FreeBSD 7 and 8, OpenBSD 4.2 and 4.6, Ubuntu Karmic, Linux Mint Helena, Debian Lenny and MacOSX Leopard
ping works in OpenBSD 4.2 and 4.6 and in MacOSX Leopard, but it doesn't on the other ones, resulting in different errors:
In Linux I got:
ping: unknown host gemablog-.blogspot.com
While in FreeBSD I got:
ping: cannot resolve gemablog-.blogspot.com: Unknown server error
The same happens to some other tools (like lynx or links) or even if you try to open connections to that hostname using a programming language.
Adding a line in /etc/hosts for the domain (pointing to the appropiate ip address) solves the problem.
Anyone that could add a reasonable explanation on this?
OH! and it is not only google who is doing that, seems there are some other domains that allow users to use such subdomain naming scheme (while others don't, like dyndns.org).
24 febrero
2010
Daybreakers (2009)
"It is 2019, in a world where being a vampire is no more extraordinary, different, and they've replaced humans' place in the planet, there are still a few people that will fight for a change"
This could be a small summary of the plot of the movie. This is not a new-era vampire movie (where vampires are not afraid of the light, for example) but it has all the well-known myths from those creatures (you got a hit through your heart, you are dead!) with a touch of sci-fi in the background.
The overall look of the film reminds me of Equilibrium, which is probably one of the reasons I liked it. Perhaps the only think I disliked was that, imho, the movie is a little bit short (90 minutes). Perhaps doing it 30-40 minutes longer could avoid that sensation it left on me that things happens too fast, some times like being not connected one to another.
Anyway, if you like vampire, action and sci-fi movies, go for it!.
You can get more info about the movie in the IMDB:
http://www.imdb.com/title/tt0433362/
22 febrero
2010
A sysadmin life, everyday is like this
xkcd did it once again, great job man!
From: http://xkcd.com/705/
16 febrero
2010
NFS server behind a PF firewall
redirecting NFS traffic could be a little bit tricky
Second post entitled something behind some-other-thing, I've wasted all my imagination when I was a child... ;)
Yesterday I found a small problem with NFS while working on this setup:
In the setup, there are 2 Linux-based NAS devices that export a 1Tb share over NFS. Both NAS are in sync so, if one fails, we can mount the other one and users would be able to keep working while the first NAS is replaced.
Both NAS devices are in a Gigabit LAN, connected with one of the network interfaces on a FreeBSD server (subnet 192.168.10.0/24).
On the other side of the server, there was another LAN, where workstations are connected to the server (subnet 192.168.1.0/24).
The plan was to mount the /nfs/shares share in the FreeBSD server and then export it again from the server, allowing the workstations to mount it. It didn't work. After some reading I found out that NFS does not like to re-export NFS shares, that is, if you mount an NFS share from server A on server B and then you try to export that share from the mount point in server B to server C (for example) you will get all kinds of nasty errors.
It was time for a change in the plan. I didn't want to give full-access to the NAS devices and I didn't want the workstations to mount the share directly from the NAS devices either, because if one fails, I would have to modify the mounts in every workstation so they use the backup NAS device.
Perhaps I could use PF in the FreeBSD server to redirect NFS traffic from the workstations directly to the NAS devices...
Continue reading "NFS server behind a PF firewall"
05 febrero
2010
tracd behind an apache2 proxy
wrong redirect after adding a ticket
I found this weird behaviour with tracd and an apache proxy today, while setting up some public trac access for one of our projects.
This is the setup (click on the image for a larger version):
The idea is pretty basic, there is an Apache server running with SSL support and accepting requests for https://my.publicname.com. It is configured to act as a reverse proxy for the server running tracd behind it, accepting requests for http://192.168.1.2:8000.
So, in the example someone could open up a browser, put https://my.publicaddress.com/project in the address/location bar and access that project trac page. The process would be:
1. A request is sent to the Apache server, which will accept it and process it using the following rule in the VirtualHost configuration:
RewriteRule ^/project/(.*) \
http://192.168.1.2:8000/project/$1 [L,P]
2. Another request is sent from Apache to tracd, asking for the needed data
3. The data is sent back from tracd to Apache
4. The data is sent back to the user, transparently (the user doesn't even know that there are more than one server serving the contents).
Nice!! but... it failed when I tried to add a ticket using a external connection. :(
Each time I tried to add a ticket, after it was added, my browser was redirected to http://192.168.1.1:8000/project/ticket/(ticketnumber) instead of https://my.publicaddress.com/project/ticket/(ticketnumber). Ugly. It seemed like trac was building the url internally and, of course, that internal url will not work from outside.
After some read-and-try, I found that the problem could be solved editing my trac env trac.ini config file, and replacing:
base_url =
[ ... ]
use_base_url_for_redirect = False
with:
base_url = /project
[ ... ]
use_base_url_for_redirect = True
This solved the problem, allowing me to use the trac instance from both within the LAN and from the outside.
28 enero
2010
Paris happiness
wow, almost 5 years have passed since that picture
Yes, I was happy when Marta took that picture. It was 2005 and we (Marta, Rita, Dolo and me) were in Paris during our one-week excursion to France (3 days in the Bretagne, 3 days in Paris) and I was happy.
I like group trips, even more if there is a car involved and it ends in a road trip. That trip was kind of a mix, road trip during the first 3 days and totally different while we were in Paris.
The photo was taken in a small green area by the memorial to the martyrs of deportation. It was February (or March, don't remember exactly) and it was cold, but I couldn't resist to lay down on the grass.
It was perfect, being there, doing that, almost perfect... until a gendarme appeared and told us that laying on the grass was not allowed, too bad.
24 enero
2010
New FreeBSD port: openerp-web
YES! my first port after sooo much time.
Today my first FreeBSD port went into the ports tree:
http://www.freebsd.org/cgi/query-pr.cgi?pr=143036
I've ported the OpenERP web client so, if you update your ports tree now (using portsnap or csup) you can search for openerp:
cd /usr/ports && make search name=openerp
You will get two results, the openerp-server port and my openerp-web port:
Port: py26-openerp-web-5.0.6
Path: /usr/ports/finance/openerp-web
Info: OpenERP Web Client
Maint: HERE_GOES_MY_EMAIL!
B-deps: gettext-0.17_1 libiconv-1.13.1 py26-Babel-0.9.4 py26-beaker-1.5.1 py26-cheetah-2.4.1_1 py26-cherrypy-3.1.2 py26-formencode-1.2.2 py26-mako-0.2.5 py26-markdown-2.0.3 py26-parsing-1.5.2_1 py26-pytz-2009u py26-setuptools-0.6c11 py26-simplejson-2.0.9 py26-xlwt-0.7.2 python26-2.6.4
R-deps: gettext-0.17_1 libiconv-1.13.1 py26-Babel-0.9.4 py26-beaker-1.5.1 py26-cheetah-2.4.1_1 py26-cherrypy-3.1.2 py26-formencode-1.2.2 py26-mako-0.2.5 py26-markdown-2.0.3 py26-parsing-1.5.2_1 py26-pytz-2009u py26-setuptools-0.6c11 py26-simplejson-2.0.9 py26-xlwt-0.7.2 python26-2.6.4
WWW: https://launchpad.net/openobject-client-web
I needed that, as I've been working a lot on setting up OpenERP solutions under FreeBSD so having the ports to take care of the dependencies is very useful.
Lately I've been working on a howto style doc too. In that doc I cover how to install and configure both the openerp server and the web client. I'll post about it once it is finished.
