Mac OS X Tips

With this sponsored post, we will discuss a great site called Mac OS X Tips! About a year ago (maybe a little more), I purchased a MacMini with the x86 chipset and thought it would accomplish a few things for me. The first big buying point was for web development. I have a few (and the list is continuing to grow) clients that use Mac and reported problems or bugs related with Safari and projects that I was currently developing on. It was incredibly frustrating to debug stylesheet and Javascript issues when I'm unable to view or reproduce the problem on my end. Also, along those lines, I wanted to know how to help the same clients configure their email accounts and problem solve their network issues, etc. The second buy point was the fun factor. Knowing that the core is a flavor of BSD, and with the new x86 chipset, I thought it would be great to compile various Linux tools, and get into the guts of the system, while still having my cool, slick windows manager. - A computer related blog

With this sponsored post, I'm pleased to talk about, which is a Computer related blog. I'm a nerd and I enjoy the presence of other nerds. Almost all of my 'real' (non-virtual) friends are nerds as well. Being around nerds is great for getting great dialog, and overall really helps me become a better programmer and administrator.

Rea's blog is great and offers a nice balance of human spirit along with heavy tech talk, so nerds and non-nerds will be able to enjoy it. I'm also impressed with the overall design of his WordPress application. It's clean and easy on the eyes. His categories are diverse and provide a good overall view of technology. Obviously, I jumped right to 'Linux and Unix'.

AVS iDevice Explorer

With this sponsored post, I'm excited to talk about a company that I'm stoked about as well as having an interesting hot product! The company is Now, I've been using the AVS Video Converter for years on web development projects where I needed to convert .AVI to .WMV, etc. What I like about their products, simply put, their software is clean, simple and just works. That is a hard demand now-a-days, but they definitely deliver. They currently only support Windows (minus Vista at this time).

This company is one of the kings of multimedia software and provides fantastic tools to help manage and convert media files. The hot product I want to talk about is AVS iDevice Explorer . It allows you to exchange audio and video files between your computer and portable devices (mobile phones, portable video and music players).

Mod_security :: upgrading from 1.x to 2.x (part 1)

Portage has official made mod_security ( 2.1.1 stable! This is great since the official releases of 2.x have been out for a long, long time. With this jump, there are some issues to contend with. Jumping from 1.x to 2.x releases involves some major configuration modification, but is aided with a conversion matrix document. Basically every rule and configuration option have changed with this release. I'll be documenting my upgrade procedures in the next mod_security blog post. I want to verify that changes are working correctly first before posting.

For those that do not know what mod_security is or what mod_security can offer you, here is a rough interpretation of what mod_security does. Mod_security is basically a application firewall that sits in front of Apache requests. It analyzes every request to Apache and depending on rules (defined using regular expressions) certain handling can happen. You can block requests and present a 403 (or other error code), or you can let it pass but log the request. Mod_security has fantastic logging with it's audit_log (now modsec_audit.log) where all payload and packet information is stored about the request.

Apis Ceratina - Macro Tool (Windows)

With this Sponsored Post, I wanted to talk about an interesting product. As most of you know, my world is Gentoo Linux, but as a web programmer, I do an insane amount of work on Windows. I like to make sure that I'm using operating systems from Linux to Windows to MacOSX to keep in touch with clients and other IT professionals.

The product, which is Apis Ceratina by Mavrsoft (visit their web site at: is a great macro tool for Windows to perform repetitive tasks quickly. With Apis Ceratina (man, that's a hard name to remember | say | type), you can record clicks and keystrokes, and then replay them. When I heard this, I was wondering, "what's the point?". But in their demonstration they illustrated it very nicely.

How-to set up and configure policyd-weight for additional spam prevention

As another weapon in my anti-spam arsenal, I wanted to give policyd-weight a shot within my existing postfix setups. Policyd-weight is a great daemon that sits between postfix's authentication and data delivery phases. After handling SMTP authentication, etc it will hand over the headers to policyd-weight before the data transmission. This is great, since this will aide in bandwidth usage and processing time.

Policyd-weight then begins some basic checks to determine some 'shadey' behaviour. For example it sees if helo matches hostname, checks against various RBLs and verifies it has a valid MX just to name a few.

How to create Chrooted Apache with mod_chroot

Here is a thorough howto on how I built a chrooted apache using mod_chroot. Along with chroot, I'm using mod_security for basic filtering and the suhosin PHP extension for adding additional security to the core of PHP on the server.

As some of you know, adding additional security, you often take away functionality and usability. These techniques won't be for everyone, and the learning curve is slight steep for debugging the initial problems. Once you learn what to look for and how to correct them, thing become much easier.

PHP's fsockopen() in mod_chroot

Currently, I'm working on a hardened server using mod_chroot, mod_security and the suhosin extension. I was installing an app that was using fsockopen to check for updates (it's open source package). Everytime, I would check for updates, I would get an unexpected error displayed to me.

Hoping to find more information I took a look in the error_log. Unfortunately nothing was there. Following the PHP code path, I isolated the problem to the fsockopen()

$fp=@fsockopen($server, $port,$this->errno, $this->errstr, $timeout);

I took out the error suppression and received the following error:

Warning: fsockopen() [function.fsockopen]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /var/www/ on line 1041

Warning: fsockopen() [function.fsockopen]: unable to connect to in /var/www/ on line 1041

How to get saslauthd to work in postfix chroot environment

This article is about getting saslauthd working in a chroot'd postfix, but I'll explain how I got here to start with.

I was working on a Gentoo box that has been a slight nightmare for me (actually, complete nightmare). It was built outside of Gentoo portage (basically image'd from another Gentoo box). Because of this, world is all broken and the server basically doesn't know what it has installed, so updates are a bear, and I was lucky enough to inherit this machine.

The real problem was the original admin liked qmail... so if any of you are qmail fans.. stop reading now.

Me being a noob of qmail systems, and was not part of the initial configuration I felt it was a steep climb to a spot where I could see what is going on and more importantly what is going wrong. What I do know, is that's it's hard to understand what is going wrong with it. Sure the service is secure, but the logging is crap (which I'm sure is a misconfiguration on debug level or something on my part, so I'll definitely take some blame, since I'm sure someone will email me on this).

Fallback kernel on panic with grub

During the recent upgrade to 2.6.19 kernel, I ran into a problem with SATA drives. Looks like these options have been brought into a new area of the .config. Not a problem, simple search in the Gentoo forums pointed me in the area where they're located and I was quickly back in action.

But, it got me to to think about a way to roll back the kernel in case of kernel panics. I have several remote servers where this error would have hurt me badly. Assuming that I could have had a tech reboot the machine and manually select the old kernel I could have been down for hours (not good).

Syndicate content