Happy Birthday Alan!

December 28, 2009 – 5:25 pm

Happy Birthday Alan! I hope you’re having a great day on the links. It’ll be good to see you in couple of weeks.

By Andy | Posted in life-unscripted | Comments (0)

New IP Address

December 16, 2009 – 3:26 pm

Well, as a cost saving measure and because we really weren’t using more than one, we’ve cut back to a single IP address. Time Warner Cable is the biz Internet provider. They’ve been very helpful in setting up reverse DNS lookups and PTR records, but at the same time the transfer to the new IP really screwed with the cable modem.

I spent many hours with some very nice people at TWC tech support, like Jan, but what eventually fixed the problem was changing the fixed IP I was assigned to another fixed IP.

Long and short is everything, mail, web, etc. seems to be back up and running.

By Andy | Posted in computer, osx-server | Comments (0)

Baby Steps to Healthcare Reform

October 21, 2009 – 8:46 am

Since I’m sure all members of Congress will have the opportunity to read and comprehend the entirety of whatever is the current healthcare legislation the following small steps to improve the situation will be meaningless. I have 3 simple proposals that could fit on a single page. Heck, it fits in a single post.

  1. Eliminate pre-existing conditions as a reason to deny insurance.
  2. Allow insurance companies to sell in any market in the US.
  3. Malpractice reform — Loser Pays

I think the first 2 are self evident so lets focus for a moment on the third.

Loser Pays

What I mean is that all legal fees will be paid by the losing party to the litigation. This would include naming a doctor in a med mal suit and then dropping them from the suit.

You see, just because a doctor gets dropped from a suit doesn’t mean that his malpractice carrier doesn’t incur costs. In fact, it’s usually about $20K to defend a suit that is dropped.

Interestingly, anytime a doc is dropped from a suit, they must sign a release stating that they will not sue the plaintiff’s attorney. I once tried not to sign this but my lawyer told me he’d never seen it done before.

Yeah, I know, it doesn’t solve many of the problems facing our healthcare industry. But I bet it would improve the situation with minimal effort.

By Andy | Posted in medicine, politics | Comments (0)

Fail2ban on Leopard Server

September 24, 2009 – 4:52 pm

So here I am running my own server — for almost 2 years now. It’s been a real learning experience and I’ve tried to share. My latest add-on has been fail2ban. I got tired of looking into my logs and seeing where script kiddies or bots were trying to take control of my server. Fortunately, none have.

After a bit of googling, I found fail2ban. It’s a collection of python scripts.

> Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

There are a few tricks I’ve discovered along the way to make it work on my installation and likely on Mac OS X Server in general.

First is that fail2ban creates a PID and socket file in a directory that it fails to create. Yeah, that’s a bug. Since I didn’t want to mess around with the actual scripts in the program, I created a plist that issues the mkdir /var/run/fail2ban command. I placed this in /System/Library/LaunchDaemons and set it to Run at Load. Lingon is your friend, but’s now inactive. :-(

After creating the file you have to use the command line to move it to the /System/Library/LaunchDaemons directory. I also created another launchd plist to reload fail2ban every day. I did this because I run multiple virtual websites and the error logs for those sites get rotated and the names have some time code or something tacked on the end of the filename.

OK, problem 1 solved. Next I discovered that since fail2ban is really running on a multitude of linux boxes all the different methods of IP tracking, sorting etc. were really useless on my OS X Server. I run ipfw firewall and fortunately there’s a module for that in fail2ban. Unfortunately it’s not quite set up correctly, at least it wasn’t for me. I had to tweak it a bit.

What this means is that your action is always going to be ipfw. I tweaked the ipfw.conf file a bit. Now it does the following.

  1. Logs it’s action to ipfw.log
  2. Adds a rulenum to the ipfw command. I did this because some other rule in my setup was allowing the IP before my deny could take effect. By lowering the rulenum my deny now fires off first.
  3. Abstracted the protocol (tcp, udp) to pass as a variable. Just in case something you want to block isn’t tcp.

I also created another filter as I found many times some machine would excessively hit my Apache server looking for nonexistent files. Since it sounds like something a bot would do I decided to ban it. This was the simple creation of a new filter.

I created a jail.local file to hold all my prefs and through trial and error discovered that the examples of how to call for a jail weren’t working for me. Perhaps I just didn’t understand the examples. I soon discovered that parameters for the jail action needed to be passed inside of square brackets in the prefs.

I’m sure, if you’ve gotten this far that you’re either very confused by this whole post or that you’ve had an epiphany. To further the epiphany along I’ve uploaded my file changes.

You should be able to figure out what file goes where from the folder structure of the upload.

A couple of things in summary to remember. First, turn on your server’s firewall. Then make sure you change your server’s local IP address in the files to match your own. That’s the setting for localhost.

Good luck. If you have any questions leave a comment.

By Andy | Posted in code, osx-server | Comments (0)

Snailjacked

May 12, 2009 – 8:25 am

Well, I’ve found out that someone is hijacking my posts with no attribution and no permission. I’m not even sure I understand the logic as there isn’t even any advertising there — yet.

If you’re seeing anything on the domain computersoftware.snailjack.com, it’s a rip off from somewhere else. Do me a favor and don’t click on any links, don’t support there advertising and just don’t go on their site.

Other than restricting my RSS feed I’m not sure what I can do to stop it.

Don’t support anything from the domain SNAILJACK.COM!

By Andy | Posted in blogging | Comments (0)

VoodooPad Pro Blogging

May 7, 2009 – 2:54 pm

It’s time to package up all my VoodooPad Pro blogging scripts and assorted web export plugins so that I can

  1. Remember what the heck I was thinking.
  2. Remember what all these pieces were supposed to accomplish as a whole.
  3. Provide some sort of reference to others interested in this stuff.

Concept: To use VoodooPad Pro as a CMS for a web site, allowing for static sites and inclusion of blog-style concatenated page. The blog-style page was originally intended as a “News” page of a static business site. SEO optimization necessitating the addition of a page with re-newing content. Google likes it more.

Disclaimer: I like Markdown and built these scripts around the fact that the VPP document is essentially always formatted in plain text. Images need to be added using links.

I will include a sample package that contains a VPP document, a web export plugin and several script plugins. The site the sample is based upon is at http://losrobleshoa.org.

VoodooPad Pro is a requirement as the meta data and triggers are necessary in the creation of the files. My workflow is as follows.

  1. Create new page/post.
  2. Run script plugin Blog > Meta Markup - HomepageMeta on new page.
  3. Run script plugin Blog > Make Homepage and Feed
  4. Run web export.
  5. FTP files up to site. I use Transmit. It’s also a great app.

The script will move all the created files into a folder structure so that the file structure on the computer will match the web site structure.

VoodooPad Pro document Item meta data is contained in the HomepageMeta page of the document. This is where most of the personalized info on the site is contained.

In the VPP document tags are used to create a pseudo-folder structure. This means that a page may only have one tag. Some pages are not exported but are used as reference, ie. links in the sidebar or the HomepageMeta page. Static pages that are to be rendered at the root level of the site are tagged main.

Triggers can be used to include certain information into specific pages or info on every page. I use this for things like Google Analytics which needs to be on every page or the analytics confirmation that is only on the index.html page.

The Web Export Plugin Some customization of these files will be necessary for your specific site.

  • preflight.sh - creates the actual folder hierarchy, the folders are created in the preflight.sh script. The preflight.sh script also copies files like images to the export folder. These images are kept in the web export plugin. File like robots.txt that need to be at the root level are kept in a root folder inside the web export plugin.

  • postflight.sh - can be used to rename pages that may be PHP based from .html to .php

  • deleteVPExtra.sh - deletes the extra pages that VoodooPad creates during a web export. No changes to this file are needed.

  • fixRelativePaths.sh - fixes the relative URLs that occur inside of nested pages. No changes to this file are needed.

  • parseMetaXml.rb - Parses the meta.xml file that VoodooPad creates and uses that infomation to move files into their correct folder structure on the disk and to create a valid sitemap.xml file for use with Google Sitemaps.

  • Info.plist - This file was edited to call these scripts during the web export process.

Script Plugins These are placed in the ~/Library/Application Support/VoodooPad/Script PlugIns/ folder. No changes should be required in these scripts. They will be viewable from the Plugin > Blog menu in VoodooPad.

  • meta_markup_HomepageMeta.lua - Takes the data from the page HomepageMeta in the VPP doc and adds specific item meta data to the frontmost page.

  • meta_markup_update.lua - Propagates changes made to the HomepageMeta page to all the item meta data of all pages that require them. This is only just the pages used for the blog-style page.

  • blog_home_atom.lua - Creates the blog-style page now called home in the VPP document and also creates a valid atom.xml feed in the output directory.

Comments and questions are welcome. If some enterprising person wants to wrap this all up in the new plugin architecture that would be cool. I’m happy to help if I can.

By Andy | Posted in blogging, code, mac-osx | Comments (1)

Amavisd settings

March 16, 2009 – 10:03 am

I run my own mail server on OS X Server. For the most part I have my SpamAssassin settings tweaked pretty well. Unfortunately, there is some spam that seems to have malformed or incomplete MIME boundaries and these messages don’t seem to be getting passed off from Amavisd to SpamAssassin. As such, they seem to be getting through to the recipient with a null value for the spam score.

After a little Googling I found Amavisd critical settings and I think the $final_bad_header_destiny is the key. The default setting is set to D_PASS. I’ve changed mine to D_REJECT now I’ll see what the logs say and see how much non-spam gets caught. Obviously, if enough good stuff doesn’t get through then I’ll have to think of something else.

But the obvoious question remains, Why doesn’t SpamAssassin score these messages?

By Andy | Posted in computer, osx-server | Comments (0)

Backblaze Backup

March 13, 2009 – 6:35 pm

I have an invite or two to distribute for the Backblaze online backup service for OS X. Price is $5 a month per machine for unlimited data. Attached disks are recognized, but not yet network attached storage. My opinion is once they allow for NAS backup it’ll be great.

Leave a comment if you want a link to the beta.

By Andy | Posted in computer, mac-osx | Comments (0)

Nationalized Healthcare and the Free Market

March 5, 2009 – 2:33 pm

Nationalized/Universal healthcare will happen. Obama ran on it and he intends to deliver. What’s more, I can see a manner in which the country will flock to it under the current free market insurance system.

First, the federal government will expand Medicaid to cover the unemployed and uninsured. Second, the Congress will pass some law that mandates employers to provide health insurance for not only full-time employees, but part-time employees too.

Oh, by the way, the federal government will also make available a government-sponsored insurance plan to compete with the other available HMO and PPO choices. Of course the government plan will cost you (the employer) 40-50% less than the next most expensive plan.

You (the employer) will offer your employees the government plan as per the terms of the new law and they (the employees) will have the option of spending almost twice as much for a different commercial plan. I don’t really expect many employees to avail themselves of the opportunity to spend more money for little perceived increase in services.

Soon 80-90% of the country will be on the government plan and physicians and hospitals will effectively have a single payor.

Welcome to nationalized/universal healthcare.

By Andy | Posted in medicine, politics | Comments (2)

iPhone Stand

March 4, 2009 – 4:51 pm

While looking for an iPhone stand I came across the simplest solution. A binder clip.

By Andy | Posted in iPhone | Comments (2)