Technical

You are currently browsing the archive for the Technical category.

Subscribe to the Technical category feed

SSL Certificates are now provided by LetsEncrypt. For now only the web server has been migrated; SMTP and IMAP will be moved over shortly.

Update 2017-02-28: SMTP and IMAP have been migrated to the LetsEncrypt certificates as well.

www.nerdylorrin.net, mail.nerdylorrin.net, and webdav.nerdylorrin.net have freshly minted certificates signed by the StartSSL Certificate Authority.

I’m rolling out new SSL Certificates. These are signed by the StartSSL Certificate Authority, replacing the ones signed by the illustrious nerdylorrin.net Certificate Authority. What finally pushed me over the edge was not the tedium of installing my own CA certs on all my client machines, nor a diminishing thrill in trying to keep track of my own CA certificate files. No, what did it was Google’s decision to make Android continuously punish users who have added their own CA certificates to the trusted list:

Android continuously displays this warning when an additional CA cert is installed on the system.

Thanks, Google.

On the bright side, having a cert signed by a “real” CA also allows basking in the glory of a “A” rating on the Qualys SSL Labs server test.

The new certs are already deployed for www.nerdylorrin.net and will roll for mail and webdav before long.

Web pages (including blogs) and email were intermittently unavailable between 8:15 and 9:15 pm (PST). Kiwi was moving to a new host and getting more RAM and disk space. IP address and DNS are unchanged.

Our camera’s clock got reset and we didn’t notice until we had shot nearly two hundred photos. Doh! Even after we figured out the offset required to correct the problem, it turned out to be a bit involved to apply it. I ended up writing a Ruby script to do it. Then I was able to correct both the filesystem dates as well as the embedded EXIF timestamps for all the images with the following command:

camera_date.rb "18 Jan 2005 23:31:12" "14 Sep 2009 11:31:12" *.PEF

The first time stamp is the incorrect time stamp of one of the images, and the second is the correct time stamp for that particular image. This offset is then applied to all the specified files (*.PEF). The Ruby script is below. It requires that ExifTool be installed.

#!/usr/bin/env ruby
 
require 'time'
 
# 2009-10-17 LHN: Adjust file modification time and EXIF fields of files.
# Used to correct files that were recorded on a camera that had it's clock
# accidentally reset.
 
# Requires ExifTool (http://www.sno.phy.queensu.ca/~phil/exiftool)
 
def help_message
  puts <<HEREDOC
 
Camera Date rev 2009-10-18
 
Camera Date is intended to correct images take on cameras whose clocks were
accidentally reset. It will update the following pieces of information:
  * filesystem timestamp
  * EXIF fields DateTimeOriginal, CreateDate, ModifyDate, Date
 
Syntax is camera_date.rb bad_date good_date file ...
 
bad_date is the date of an image as recorded by the camera
good_date is the correct date for that image
 
bad_date and good_date are used to calculate an ofset that can then be applied
to all specified files.
 
dates are specified in RFC8288 format and must be surrounded by quotes.
 
Example:
camera_date.rb "18 Jan 2005 22:10:03" "14 Sep 2009 10:10:03" IMGP7843.PEF IMGP7845.PEF
 
HEREDOC
  exit
end
 
help_message unless ARGV.length >= 3
 
begin
  INPUT_DATE = Time.parse(ARGV[0])
  OUTPUT_DATE = Time.parse(ARGV[1])
  OFFSET_TOTAL_SECS = OUTPUT_DATE.to_i - INPUT_DATE.to_i
  puts "#{INPUT_DATE} => #{OUTPUT_DATE}"
  puts "Offset in seconds is #{OFFSET_TOTAL_SECS}" 
 
  ARGV[2 .. -1].each{ |entry| 
    mtime = File.stat(entry).mtime
    newtime = mtime + OFFSET_TOTAL_SECS
    puts "#{entry}: #{mtime} -> #{newtime}"
    system("exiftool \"-AllDates=#{newtime.strftime("%Y:%m:%d %H:%M:%S")}\" \"-Date=#{newtime.strftime("%Y:%m:%d")}\" #{entry}")
    system("touch -c -t#{newtime.strftime("%Y%m%d%H%M.%S")} #{entry}")
  }
  puts "Done."
rescue StandardError => e
  puts e
  help_message
end

The main server, kiwi, now has a little more than twice the memory it used to. This should improve website responsiveness and put an end to the sporadic outages of the email spam filter. The upgrade involved a few reboots over the weekend.

All services are now back up and running. I revived carrot (that’s the server in the basement). Everything that couldn’t be migrated to kiwi (that’s the new hosted server) is once again running on carrot. This includes the gallery and all Tomcat webapps (Wiki, Calendar).
I had liked the idea of no longer maintaining a server in the house any more, so I’m still looking into ways of migrating those.

While reviving carrot, I learned that there was no disk corruption. Carrot had long ago become unbootable and I just never noticed! In September 2006 the boot menu was incorrectly written. I don’t have logs to confirm it, but I assume this was the first time carrot had rebooted since then.

I’ve signed up for a hosted server since that’s quite a bit cheaper than any of the options for upgrading the internet connection here. It will be a while before I’ve migrated all the services over. My current plan is to move mail first and then move the web sites one domain at a time.

The new host doesn’t have enough disk space for the Gallery. If you’ve got some online disk space to share, please let me know.

Preserved for posterity from the old pre-blog HTML page:

2005-Dec-10
All services down from 11:45 to 12:05 PST. Migration to replacement hardware complete. Replaced disks, motherboard, power supply.
2005-Dec-03
All services down from 21:00 to 00:00 PST. Failed to migrate to replacement hardware. Downtime in the the new few days to try again.
2005-Nov-18
All services down from approx 6:00 to 20:00 PST due to hardware failures. The motherboard and/or the power supply went flakey and one hard disk failed. All services are back up on the remaining disk and borrowed hardware. There will be downtime 12/03 to install replacement parts.
2005-Oct-06
Web server down from approx 1:30 to 8:45 PDT; unknown reason. 🙁
2005-Jun-22
Web server down from 9:15 to 17:15 PDT; unknown reason. 🙁
2005-Jun-21
ISP outage from 15:45 to 16:50 PDT.
2005-Jun-10
Webmail now available. Log in using the mail link on the left.
2005-May-07
Late night downtime due to dislodged network cable. Public IP changed from 67.168.38.251 to 67.168.38.164.
2005-May-07
Firewall upgraded to “new” hardware. We escaped before the old hard disk completely died!
2005-Apr-01
Scheduled all-day power outage beginning 9:00 a.m.
2005-Jan-14
Public IP changed from 67.183.16.116 to 67.168.38.251. Servers unreachable while DNS updates propagate.
2005-Jan-05
Firewall updated without downtime. Happy new year’s!
2004-Oct-05
Brief downtime to update firewall to IPCop 1.4.0 Final.
2004-Sep-24 – Oct-01
Occasional evening downtime during transition from calvin to carrot.
2004-Aug-19
Downtime during transition to new firewall. Public IP changed to 67.182.135.20.
2004-Jul-06
Oops, out of disk space! Temporarily using an old 1.6 gig drive to hold the overflow.
2004-Jun-16
Power out. But it’s sunny!
2004-Jun 08
Power out
2004-Mar-25
Tomcat, MySQL updates. Unplanned downtime after I failed to notice that the upgrade tightened security and denied webapps the ability to access the database. No improvements to Tomcat stability.
2004-Mar-16, 17
Kernel upgrade, new UPS
2004-Mar-04
Tomcat goes down periodically. Looks like it’s not quite stable yet.
2004-Feb-15
Network card upgrade
2004-Mar-08
BackupPC is now making daily backups of all machines. The old server (Damosie) is no longer publicly accessible.
2004-Feb-08
The transition to the “new” Debian server (Calvin) went smoothly. I expect to keep the old one (Damosie) running on port 81 until mid to late February before converting it too to Debian and setting it up as a failover machine. Tomcat is occasionally throwing exceptions when a page is viewed for the first time in a while but a browser page refresh makes them go away. I haven’t tracked this down yet – but it’s a step up from the sporadic freezes on the old server! If you notice any patterns let me know.