Website

You are currently browsing the archive for the Website category.

Subscribe to the Website category feed

SSL Certificates are now provided by LetsEncrypt. For now only the web server has been migrated; SMTP and IMAP will be moved over shortly.

Update 2017-02-28: SMTP and IMAP have been migrated to the LetsEncrypt certificates as well.

The StartCom SSL certificates will expire soon. For the last 10 hours web pages were served using a new set of certificates. However, Firefox reports the new certificates have been revoked. Reverted to old certificates for the time being.

Update: The problem was that Firefox does not trust newly issued StartCom SSL certificates!

sec_error_oscp_unknown_cert

All SSL access to hosted websites is currently broken using Firefox and Safari. The problem is that OCSP lookups are failing due to a misconfiguration by StartSSL, the certificate authority providing our SSL certificates. Other browsers are not affected because they have not implemented OSCP lookups. A temporary work-around is to disable the checks. In Firefox:

  1. Enter about:config into the Firefox address bar
  2. Accept the warning
  3. Search for security.ssl.enable_ocsp_stapling
  4. Double-click to change to false

StartSSL does not seem to have any blog or social media presence to indicate status on the outage, but a Twitter search yields a steady stream of corroborations. Hopefully they’ll fix it soon.

UPDATE 2015-04-05 11:45 pm: OCSP is working properly again as of a couple hours ago. Outage/technical problems on StartSSL’s part.

UPDATE 2016-11-26: OCSP responses have had bad signatures for the past two days. I believe this is once again an issue on the StartSSL side. Can be worked around the same way.

Updated kernel, added disk space. Brief outages around 12 am PST.

Upgraded to WordPress 3.9.1. Mostly uneventful except that the WordPress Email Notification Plugin I had been using is no longer compatible. Apologies to everyone used to being notified about posts to the blog. Recommendations for alternate plug-ins welcome.

Updated server to Ubuntu 14.04 and bumped up RAM. Brief outage around 11 pm PDT.

I’m rolling out new SSL Certificates. These are signed by the StartSSL Certificate Authority, replacing the ones signed by the illustrious nerdylorrin.net Certificate Authority. What finally pushed me over the edge was not the tedium of installing my own CA certs on all my client machines, nor a diminishing thrill in trying to keep track of my own CA certificate files. No, what did it was Google’s decision to make Android continuously punish users who have added their own CA certificates to the trusted list:

Android continuously displays this warning when an additional CA cert is installed on the system.

Thanks, Google.

On the bright side, having a cert signed by a “real” CA also allows basking in the glory of a “A” rating on the Qualys SSL Labs server test.

The new certs are already deployed for www.nerdylorrin.net and will roll for mail and webdav before long.

Brief outages on kiwi over the weekend (website, blogs, mail) for opsys and disk space upgrades. For most clients, any SSL connections will now have perfect forward secrecy. One more brief outage coming soon to move to a cheaper server in the data center, which will require an IP address change.

Updated 2013-11-15: Moved to new server. IP addresses changed, DNS updated. Everything seems to be back up and running. Down for about an hour.

I upgraded to WordPress 3.5.1. We were on 3.4.2 before, so the upgrade is our introduction to a bunch of enhancements, including a new media manager, that came with WordPress 3.5.

Two outages this month! Kiwi was down for about an hour Saturday evening for a bi-annual upgrade to a new Ubuntu LTS release. Everything should be back to normal now.

Web pages (including blogs) and email were intermittently unavailable between 8:15 and 9:15 pm (PST). Kiwi was moving to a new host and getting more RAM and disk space. IP address and DNS are unchanged.

kiwi was inaccessible for about an hour this evening due to a router failure. Don’t worry, it’s not the router failure the SOPA-supporting elephant killer had. RimuHosting runs the show here.

Minor upgrade to WordPress 3.4.

kiwi was down for about 3 minutes this afternoon to upgrade disk space. I also applied the latest WordPress security patch.

икона за подаръкJust before 10pm PST on 2012-02-16 Apache memory usage got out of control and made kiwi unresponsive for nearly an hour. Everything back to normal now but root cause remains elusive.

Update 2012-02-21: Most likely cause is that I simply allowed Apache to spawn too many threads. If correct, things are under control now.

Kiwi (hosting everything except the Gallery) was down for an hour starting 2012-01-09 13:45 (PST) due to RAID issues on the host machine. Alas, for a while now MySQL hasn’t been starting automatically on reboot. I forgot about this and therefore WordPress was out of commission for two days. Mea Culpa. I have now finally fixed the MySQL configuration so it should be able to start automatically again.

Подарък иконаикониKiwi (web presence other than Gallery; email) moved to new hardware in the RimuHosting Dallas data center. Outage was 12:51 – 1:24 am Pacific time. IP addresses changed from 72.249.17.232 to 74.50.48.111.

In unrelated news, I’ve taken down the public nerdylorrin.net wiki. It turns out not many people were excited about poking around my notes.

Kiwi ran completely out of memory and crashed hard just before noon (PDT) today. Back up around 9:15 pm (PDT).

Gallery, wiki unaffected (they run on different servers).

Update 2010-08-06:

I’ve belatedly taken some stops to reduce memory usage. Spamassassin and Apache will now fork fewer child processes, which will hopefully keep things under control.

It looks to me like Dreamhost did an upgrade that broke my PHP installation. Gallery was returning HTTP 500 errors from 9 am to 11 pm PDT. Fixed.

(belated notification)

Two weekends ago I upgraded kiwi to the latest Ubuntu release. I think the only visible effect is a major update to the WordPress administrative interface. For those of you using webmail (oh wait, that’s no one outside of this house) the upgrade paves the way major updates there as well. Blogs were down for a couple hours, everything else for a few minutes.

Kiwi ran out of disk space and memory (perhaps running out of disk space resulted in no room for the swap file to grow?) around 1 am PST this morning. Upgraded both and brought back online around 6:45pm PST.

Web sites (except Gallery and Wiki) and mail were down. Everything should be back to normal now.

Module misconfiguration on kiwi brought Apache down from 9:15 – 11:00 PM (PST). Web sites (except Gallery and Wiki) were down. Everything should be back to normal now.

An upgrade on kiwi didn’t go as smoothly as one might hope. Web sites (except Gallery and Wiki) were down starting around 9 pm PST. Blogs in particular were down for about three hours. Everything should be back to normal now.

Gallery has been migrated from Tomato (who lives in our basement) to Dreamhost. I’ve also upgraded to Gallery 2.3. The most exciting update in this release is a much improved Slideshow feature. I’ve also installed a few more themes to choose from. Floatrix was available before but I hadn’t tried it; it seems like an improvement over the usual Matrix theme.

Let me know if you notice anything that didn’t migrate correctly.

Websites (other than wiki and gallery) and mail were out a few hours this evening (approx 4:00 – 7:15 p.m. PDT ). They’re hosted on kiwi, which locked up and needed to be restarted. Unlike the December outage, this time it was just kiwi and not the parent Xen host. Root cause unclear. Spam Assassin was churning through a bunch of spam at the time, but that could be a random correlation.

Websites (other than wiki and gallery) and mail were out a couple times this afternoon. The parent Xen host crashed twice and was rebooted by RimuHosting. Sigh. Hopefully it’ll stay up this time.

Update 12-25: I must have jinxed it. Host continued to have issues and was out overnight. (Sleigh riding with Santa?) Seems to be back up now after a Xen upgrade.

I’ll be moving the servers rhubarb, carrot, and tomato back down to the basement today (basement renovation is nearly done!). Consequently the Gallery and Wiki will be down for a few hours.

Mail, blogs, and other websites will be unaffected. They’re hosted on kiwi, which is located in a data center in Dallas.

Update 7:35 p.m. PDT: Back online!

While we were out of town a power loss took down the gallery and wiki. They’re on UPSes but apparently not big enough ones!

A disk failure crashed carrot around 6:00 PDT. Everything is back up as of 16:30 PDT and the RAID array is rebuilding in the background.

I’ll be moving the servers rhubarb, carrot, and tomato today (basement renovation!). Consequently the Gallery and Wiki will be down for a few hours.

Mail, blogs, and other websites will be unaffected. They’re hosted on kiwi, which is located in a data center in Dallas.

Update 1:30 PDT: Move complete!

Gallery has been migrated to tomato, carrot’s eventual replacement. (They both live in the basement here in Seattle). Tomato’s running Ubuntu 8.04 with Gallery 2.2. Exciting new features include:

  • Photo auto-rotation based on camera sensors or on settings from other applications.
  • Dynamic albums: You can e.g. create an album based on a search for photos with certain keywords
  • Fixes a bug in handling images with no EXIF data
  • New module to send Ecards
  • WebDAV album maintenance

Let me know if you notice anything that didn’t migrate correctly.

Gallery and Wiki were down for ~ 10 hours. The usual drill: Comcast changed my IP address and everything hosted in the basement became inaccessible. I didn’t notice right away because I had forgotten to update the the health checks to specifically test the Gallery and Wiki now that they’re hosted separately from everything else. Then again, Esmae keeps us so busy I probably wouldn’t have noticed the alert emails pouring in…

On July 25th rhubarb, the firewall machine in the basement, had a spectacular hard disk crash. It sounded like a cat fight and startled us out of bed! 😯

Rhubarb kept routing traffic, so I was lazy and didn’t get around to rebuilding on a new disk until today. Carrot, which hosts the Gallery and the Wiki, was inaccessible during rhubarb’s rebuild. Kiwi, which hosts everything else and lives in a data center in Texas, was unaffected.

The gap in the traffic graph below reflects the time during which rhubarb had no working hard disk and couldn’t record log files. If you had been attempting to hack in to my network, that would have been a good time to do so surreptitiously!

red-month.png

The CA certificate used for all nerdylorrin.net secure communication expired at the end of June. As a result you may have noticed security warnings popping up when accessing mail, WebDAV, or SSL protected web pages. A new CA certificate good through 2017 is now available. See the SSL Certificate instructions on how to update.

WordPress upgraded

I’ve upgraded WordPress, the software which runs the blogs, from 2.0 to 2.2. The visual editor is improved in many ways:

  • built-in spell-checking
  • tabs for flipping between Visual and Code views

However, you may find that it is disabled by default! To enable, go to Users -> Your Profile and select Use the visual editor when writing.

Other enhancements include auto-saving of posts while you edit them, better performance, and improved comment spam filtering.

As always, please let me know if you encounter any problems.

I’ve signed up for a hosted server since that’s quite a bit cheaper than any of the options for upgrading the internet connection here. It will be a while before I’ve migrated all the services over. My current plan is to move mail first and then move the web sites one domain at a time.

The new host doesn’t have enough disk space for the Gallery. If you’ve got some online disk space to share, please let me know.

Some blogs on nerdylorrin.net have unfortunately been getting a bunch of comment spam. If you’re getting spammed, please take the following steps:

  1. Go to the WordPress.com signup page.
    1. Pick a username. Enter your email address. Select “just a username, please.”
    2. Click “Next.”
  2. Wait for the activation email. Click the link in it. (This will take to a page with your new WordPress.com password. You actually won’t need this password for these steps, but it might be good to write it down anyway.)
  3. Wait for another email to arrive. This will contain an API key.
  4. On your blog’s Site Admin, go to “Plugins.”
  5. Activate the Akismet plugin.
  6. A message will flash in red at the top. Click the link to “enter your WordPress.com API key”
  7. Enter the API key from step 3. Click “Update API Key.”

That’s it! Akismet checks comments against the Akismet web serivce to see if they look like spam or not. You can review the spam it catches under “Manage” and it automatically deletes old spam after 15 days. This approach seems to require the least work for bloggers and commenters alike. If it’s not effective I’ll look into other options.

Click for more information on WordPress.com API Keys.

FYI, Akismet’s privacy policy is “we don’t save comments that get submitted to our Akismet comment spam blocking service unless they were marked as false positives; in which case we store them long enough to use them to improve the service to avoid future false positives.”

On May 16th I set up a /robots.txt file which instructs search engines not to index the Gallery (as well as some miscellaneous other pages). This has effectively dropped the Gallery out of search results as far as I can tell.

My motivation was to save bandwidth. I had mixed feelings about all the Gallery photos being so easily locatable. Now I have mixed feelings about them being so hard to find!

If you prefer to have your Gallery pages indexed by search engines, let me know and we’ll work something out.

If you have other nerdylorrin.net content you’d like to not let be indexed, I can add it to the list. But be aware that while search engines do honor /robots.txt, this should not be seen as a way of making anything private. In fact, one way to look for interesting things on a website is to open up the robots.txt file for a list of things not to look at!

WordPress can now be set up to send emails out when there are new posts to your blog. This is intended for readers who aren’t hip to the wonders of RSS.

To enable, go to Site Admin -> Plugins and active the WordPress Email Notification Plugin.

Note: If you’re not using the default or Tarski theme I’ll have to make some tweaks before users can sign up. Let me know.

Permalinks Fixed

Options -> Permalinks now works correctly. This lets you have permanent links to posts that look like http://www.nerdylorrin.net/blog/2006/06/04/sample-post/ instead of http://www.nerdylorrin.net/blog/?p=123.

New Themes

I installed a bunch of new WordPress themes. To use one on your blog go to Presentation -> Themes. Some of the themes then have options (e.g. font tweaks) that can be set under Presentation -> Themes -> Options. Enjoy!