You’ll get the sense that this week’s Thursday Threads is stacked towards cultural awareness. First is the view of a developer of the female gender in a room of peers at a meeting of the Digital Public Library of America. The second thread is a pointer to a story about Facebook’s software release process, and it leads into a story about the role of alcohol in technology conferences and reflections from the library technology community.
I was doing some maintenance on the Amazon EC2 instance that underpins DLTJ and in the process managed to mess up the .ssh/authorized_keys file. (Specifically, I changed the permissions so it was group- and world-readable, which causes `sshd` to not allow users to log in using those private keys.) Unfortunately, there is only one user on this server, so effectively I just locked myself out of the box.
$ ssh -i .ssh/EC2-dltj.pem email@example.com Identity added: .ssh/EC2-dltj.pem (.ssh/EC2-dltj.pem) Permission denied (publickey).
After browsing the Amazon support forums I managed to puzzle this one out. Since I didn’t see this exact solution written up anywhere, I’m posting it here hoping that someone else will find it useful. And since you are reading this, you know that they worked.
My place of work has installed a VPN that moderates our access to the server network using the OpenVPN protocol. This is a good thing, but in its default configuration it would send all traffic — even that not destined for the machine room network — through the VPN. Since most of what I do doesn’t involve servers in the machine room, I wanted to change the configuration of the OpenVPN client to only send the machine room traffic through the VPN and everything else through the (original) default gateway. As it turns out, this involves tweaking the routing tables.
Dear future self,
If you are reading this, you are remembering a time when you ran into a really nasty interception proxy1 and you are looking for a way around it. Do you remember when you were sitting in the Denver International Airport using their free wireless service? And remember how it inserted advertising banners in HTML frames at the top of random web pages as you surfed?
At least I hope that is the correct headline. I’ve been having some problems with this installation of WordPress lately — in particular, I could no longer activate or deactivate plugins — and the only solution offered in the WordPress codex was to start with a fresh installation of WordPress. Now you know how I spent my free time this weekend. While doing so, I updated the Barthelme theme and along the way gained some really need Semantic Web coolness to the underlying XHTML of the blog pages. The version of Barthelme is still a heavily, heavily hacked one, but hopefully the clean up this weekend will make it possible to keep up with new versions of the underlying theme files without major headaches. I also updated all of the plugins and cleaned out lots of old cruft in the plugins directory and in the theme files. As a result, the pages seem to load faster. Maybe that is just my wishful thinking.
The title of this post is the same as the report it describes, Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide [PDF]. It was announced by Ronald Deibert last week on his blog at Citizen Lab. The one sentence synopsis goes like this: “This guide is meant to introduce non-technical users to Internet censorship circumvention technologies, and help them choose which of them best suits their circumstances and needs.”
Well, something is still going wrong on dltj.org — despite previous performance tuning efforts, I’m still running into cases where machine performance grinds to a halt. In debugging it a bit further, I’ve found that the root cause is an apache httpd process which wants to consume nearly all of real memory which then causes the rest of the machine to thrash horribly. The problem is that I haven’t figured out what is causing that one thread to want to consume so much RAM — nothing unusual appears in either the access or the error logs and I haven’t figured out a way to debug a running apache thread. (Suggestions anyone?)
dltj.org runs on a relatively tiny box — a Pentium III with 512MB of RAM. I’m running a Gentoo Linux distribution, so I actually have a prayer of getting useful work out of the machine (it server is actually a recycled Windows desktop), but the performance just wasn’t great. As it turns out, there are several easy things one can do to dramatically improve life.
A while back we created an LDAP directory to consolidate account information for various back-room services, and when we created it we decided to use the individual’s e-mail address as the account identifier (uid in LDAP-speak). It seemed like the logical thing to do — it is something that the user knows and it is a cheap and easy way to assume that the account identifiers will be unique. This is not uncommon for many internet services, of course.
Keeping track of configuration changes to servers is a tough job made tougher when some of the sysadmins work from home. Questions of who did what when and why can be exacerbated by the lack of physical proximity — in other words, I can’t simply yell over the cubical wall to the colleague down the hall to ask him about the new package installed on the server. Besides, that oral history tradition is difficult to maintain and harder to sustain as the number of machines grows. This essay describes a practice for maintaining a Gentoo Linux distribution using GLCU, Subversion, and Trac that is lightweight (doesn’t impose a large burden on the sysadmin staff), effective (although it is lightweight it better documents and makes accessible the state of our systems over the oral history tradition), and cheap (no operating budget dollars were harmed in the creation of this process — only staff time overhead).