Usn’s IT Blog

My newly installed Firefox web browser (versions 2 and 3, does not matter) was deadly slow. I don’t mean the display of web sites, no, I am talking about pulldown-menus or opening tabs. (For example, bookmarks folder opens within 6 long seconds.) Several hours I was not able to tell why it acts that way. But now, I found out:

The system is protected with a host firewall. Ruleset:

iptables -t filter -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#mark
iptables -t filter -A INPUT -m state \
   --state ESTABLISHED,RELATED -j ACCEPT
iptables -t filter -A INPUT -j REJECT \
   --reject-with icmp-port-unreachable

But inserting this:

# Firefox seems to do stuff over loopback,
# it's deadly slow without that setting
iptables -t filter -A INPUT -i lo -j ACCEPT

at “#mark” makes it work fast as usual.

Tell me, why are they doing ther menu communication via loopback network socket?

Just in case you might wonder, too.
Usn

Hi,

there will be a talk about IT High Availability for rising IT professionals at Vocational IT School Wiesau on Monday, 10th of March 2008.

The topic:
“Hope is not a startegy” – IT high availability in theory and practical experience

See paper and slides here.

Regards
Martin

EDIT: There has been a nice press publication about this lecture.

Hi friends,

the Linux User Group Mitterteich has a new webpage and a new URI (http://www.linux-mitterteich.de). The old URI (http://www.lug-mitterteich.de.vu) will be redirected from today on.

Well, the page isn’t perfect at the moment – but finally we started working on it:

• The free template (made by Ramin Hossaini) used at the moment will be replaced: Maxi works on a new, customized one.
• I developed the page structure and filled it with first, generic and historical content, most items simply have been migrated it from the old page.
• By and by, the content will come.

Please review the new page, and tell me you opinion. I’d be glad.

Thanks
Usn

Hi,

saw some friends of mine using Gentoo for useful purposes (only had experience with Gentoo users asking useless questions and/or causing deeply clueless arguments about the use of a portage based OS so far), I needed to check it myself.

First thing, loaded a minimalistic Gentoo 2007.0 .iso file onto my VMware server, and created a VM with 512MB of RAM and 8GB of harddisk. Booted the image, had to choose a keyboard language (German = 10, but if you type “1″ you cannot get back to change it, since Backspace is ignored) and saw a beautiful root-prompt. But the NIC has no IP address, but the resolv.conf had the fottprint of my DHCP system. Big questionmark. Shutting and starting the interface solved that. Strange.

Read more…

Hi,

just got a brand-new LG L226 WTQ and it refused to align the picture properly, the auto set feature left a full of 15cm on the left unused and black, and same 15cm on the right hidden. Changing position of the picture manually (by drive down the “HORIZONTAL” value to zero) reduced the black/hidden space to about 15mm, but did not close the gap.
So, some modeline writing is necessary – but since I am no masochist, I preferred the use of “xvidtune” – it’s a nice tool that I did not know so far. If a DISPLAY variable is set, you are able to adjust your xorg modeline values verbosely and well-explained. Quick-check with “apply”, quit the tool and re-run it as “xvidtune -show” to get the new and fitting ModeLine. Become root, edit your “Monitor” and “Modes” section in xorg.conf – make it look like that:
Read more…

Hi,

just a note: Have a look at http://www.grolmsnet.de/kerbtut/

It’s not perfect, but my additions will follow as soon as my prototype here is running well. At the moment it does, but I do not fully understand why :)

Regards
Usn

Hello,

if you want to run the vpnclient as non-root-user (very desirable), you probably will get

privsep: unable to drop privileges: group set failed.

since the cvpnd needs to be run with root privileges.

Just give it the setuid root-Flag:

chmod 4111 /opt/cisco-vpnclient/bin/cvpnd

and have fun with yout user-built VPN tunnel.

Regards,
Usn

Hi,

TheBonsai started a brand-new bash forum at http://forum.bash-hackers.org. Since I know him as a real skilled bash poweruser it should be fun to learn from the site. Just have a look.

Yours,
Usn

Hi,

recently I’ve seen ugly error pages (e.g.for 404 or 403) on my Apache 2.2 server: The supplemental text blocks have been there, but instead of header, footer and spaces “[an error occured while processing this directive]” was shown.

For these accesses, the Apache error.log showed
“unable to include potential exec ‘include/top.html’ in parsed file /usr/share/apache2/error/xyz.html.var”
as well as the same with “include/spacer.html” and “include/bottom.html”.

Solution:
In my case, .html files have been configured as an executable mime type (for php). But Apache’s built-in security does not allow to include executable files (see http://issues.apache.org/bugzilla/show_bug.cgi?id=32346 to change that).

Since I considered php code within .html files useless for me, did not apply the patch and erased the .html and .htm entries from the corresponding “AddType” entry in httpd.conf.

Have fun,
Usn

Hi out there,

installing the Cisco VPN Client 4.8.00 should be no problem (just run “vpninstall” with kernel headers installed). But running it from the notebook in an insecure environment needs a host firewall on the mobile device. I love setting the default policies of a chain to “DROP”!

But the VPN Client communicates via loopback interface, and complains with

The application was unable to communicate with
the VPN sub-system.

So use this ruleset for peace:
Read more…