mario.verbelen.org

If you have ever broken websites or stalling traffic
Connections works, telnet works, ssh works ... but you cant go to some websites or vpn's or whatever odd behavior
Well the problem can be PMTU (Path MTU)

I had this problem last year when I switched to a new provider

My setup is a dsl connection with a Linux firewall for the home network
Some sites are broken and some of them are working if you are lucky
After doing some small debugging I saw that it was a MTU issue

Normally the default MTU size is 1500, but for a pppoe connection it is downscaled to 1492
My first thought was simply lower the MTU on the client
Because for some reason my firewall is blocking the icmp message (mss) to the client.
After some testing the working value (with no fragmentation) is 1472 while the pppoe interface is using 1492.
Lower down the client MTU to 1472 is a great result

Now that I had some more time, I had to investigate this issue
(I don't want to change MTU on all my guests there PC)

I discovered (in the man page) that the simplest way is to add a iptables rule and allow this mss package

So if you have pppoe and a iptables firewall ...
I just added this rule to my firewall that wil forward this mss message

iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

I hope I can help some ppl with this blog

My nagios was reporting that my sheevaplug was gone
The moment I came home from work it was time to see what went wrong

I saw that the green light was flashing an a burned smell
When opened I found a burned psu unit

so time to dig on my computer graveyard and whoehoew
an old 5v 2,2A power supply

After some soldering its alive again :)

I was reading on slashdot about dumping XP
Maybe it is time! and not to w7 but to a real operating system
Ubuntu is ready for the desktop, I now there are comments like "missing apps", "no games" ...

Most daily work can be done out of the box on Linux
"office", "mail", "surfing" can be done without a problem

Migrating from XP to Linux is for most users not a big problem,
Even my mother is using Ubuntu for 3 years now
She migrated from XP to Ubuntu gutsy and I just needed to give some small explanations about evolution mail and firefox

currently she works with Lucid and firefox, amsn, evolution, picasa, gimp and ooffice

so idd its time to drop XP :)

Someone (of my family) has noticed that he could login to the Zarafa webaccess without a passwd
I was very surprised coz I had never tried to login with a wrong passwd

It seems that if your php is running with the same account as your Zarafa server the socket grants everything

What was I thinking when I changed this server to apache2-mpm-worker and fastcgi (exept the fact for tuning my apache)
taking a simple username for zarafa ...
Forgotten that Zarafa was running with the user zarafa!
And even worse I did not check for wrong passwords after migrating

So if you want to SuexecUserGroup create a uniq uid
Also playing save is switching the socket to a tcp socket
The http socket will alway's ask for credentials

(vi /usr/share/zarafa-webaccess/config.php)
- define("DEFAULT_SERVER","file:///var/run/zarafa");
+ define("DEFAULT_SERVER","http://localhost:236/zarafa");

(don't forget z-push and webaccess-mobile they have there own config file)

#puppetcamp was awesome, @patrickdebois did a great job in organizing this event

There was the opportunity to meet the experts behind puppetlabs and follow great talks
The interactive open-space sessions where great to share knowledge between administrators

It is clear that the world needs puppet.

I look forward to a continuation of this event ...

I'm wondering what is wrong with the internet connection in Belgium

There are many complaints of non-working websites while other sites are working perfectly
This for several providers here (so not just mine)

My connection is @dommel and I had never problems with this connection, but sins a month (or more) I see more waiting cursors than I want
It is even unacceptable at this moment

websites like hln.be, destandard.be, linuxquestions.org (and many more) even some pages on the dommel.be site are not working well

If I debug those connections manually it looks slower than 28.8 or even nothing

For now I just placed a squid over vpn to my server in germany and I can surf very fast again :)

is Belgium trying to inspect the traffic? or is this just a slow peer on our Belgium net?

This is my new backup solution

A sheevaplug computer running debian
And as storage an ICYBOX with a 500G sata disk

you don't get high bandwidths but for a backup storage this rules for home usage

At first I was trying to backup with rsync over ssh with blowfish
But this was to slow, I just get 50mbit
(ssh blowfish encryption was to heavy for this 1,2GHz arm processor)

so I decided to use rsync deamon
My backup is syncing now at 100mbit ;)
(I now rsync is not a backup, but I just want a copy in case of crash)

I also found that pulling the usb plug shuts down the harddisk
so I will check later to unload the usb after the backup has finished and when I got the time
It could save power

When I rebooted a xen guest I had no network anymore
this was strange, all the other guests had no problem with networking

After checking some commands I saw that the bridge has a weard problem(lenny/xen/bridge)

dummy0
 bridge id		8000.065a2bb7ed3a
 designated root	8000.065a2bb7ed3a
 root port		   0			path cost		   0
 max age		   0.00			bridge max age		   0.00
 hello time		   2.00			bridge hello time	   2.00
 forward delay		-150503672.24			bridge forward delay	-150503672.24
 ageing time		 300.01
 hello timer		   0.98			tcn timer		   0.00
 topology change timer	-143192091.79			gc timer		-156558985.99
 flags			TOPOLOGY_CHANGE TOPOLOGY_CHANGE_DETECTED 
====snip other interfaces===
vif51.0 (10)
 port id		800a			state		      listening
 designated root	8000.065a2bb7ed3a	path cost		 100
 designated bridge	8000.065a2bb7ed3a	message age timer	   0.00
 designated port	800a			forward delay timer	-150504113.11
 designated cost	   0			hold timer		   0.00
 flags			

vif51.1 (11)
 port id		800b			state		      listening
 designated root	8000.065a2bb7ed3a	path cost		 100
 designated bridge	8000.065a2bb7ed3a	message age timer	   0.00
 designated port	800b			forward delay timer	-150504113.11
 designated cost	   0			hold timer		   0.00
 flags

It looks like the bridge has lost some counters

Farmville is idd very popular, even my wife and parents are playing it, (I don't have time for this)

They are lucky that open-source exists coz there aren't so many tools to manage this scale of grow

If you see that after 4day's of the launch there ware more then 1.000.000 players ...
and after 60 day's 10.000.000

that is a fast grow
Thanx to luke there exists puppet
source

After the deredactie.be overflow there is also the "verkeerscentrum"(trafficcenter)

It seems that snow has a great snowball effect here :)

btw, I also failed to get to my customer today
After 1:15u I was 5km away from home (and still 20km to get to the customer)

have a nice day