Cafaro.net is now on IPv6 with Linux, Apache, and WordPress

Posted on April 17, 2013 by D-Caf

So I finally took the time and got www.cafaro.net up and running on IPv6. I’ve had the addresses for a while and getting Linux up and talking IPv6 is pretty straight forward. All you need is to add some lines like these to your ifcfg-ethX file:

IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6ADDR=XXXX:XXXX:XXXX::XXXX:XXXX/64
IPV6_DEFAULTGW=XXXX:XXXX:XXXX::XXXX:1

And of course, can’t forget to setup ip6tables to match what iptables is blocking!

Getting Apache up on it was a little more fun. I’ve got some virtual hosts spread about so I basically had to find every reference to my sites IP address and duplicate all relevant configs, swapping the IPv4 addresses (like 192.1.1.1) with a bracketed IPv6 addresss (like [1922:1::1]). Examples would be:

Listen [1922:1::1:2]:80
or
NameVirtualHost [1922:1::1:2]:80
or
VirtualHost [1922:1::1:2]:80

What was the real bear was WordPress and plugins. See once I had this all setup and running for Apache, Apache wanted to talk to the world via IPv6 (IPv4 is still there, just less favored)! Of course, WordPress and akismets servers don’t do IPv6 and things broke. To fix a lot of this I had to enter in /etc/hosts entries specifically for wordpress and akismets servers. Here are some examples of my entries:

UPDATE The below are no longer needed and will break things, wordpress.org can be added for feed news

72.233.56.138 api.wordpress.org
66.150.40.250 wordpress.org
66.135.58.62 rest.akismet.com YOURKEY.rest.akismet.com
72.233.56.139 downloads.wordpress.org

With those in the hosts file, my system now defaults to IPv4 when those plugins try to do their behind the scenes checks. I also had to update the Dashboard news feed to the updated URL which apparently changes since it was added to my WordPress install (they use a redirect on their server which again fails with IPv6).

After all that it’s now up and running. Next will be tackling postfix and email over IPv6, but that’s for another month…

Posted in David, Linux, Technology | Leave a comment

Replacement for telnet as a service sanity check

Posted on December 17, 2012 by D-Caf

For years now I’ve used telnet as a quick and easy way to check to see if the most basic network functionality of a service like http is working. I.e. I telnet to port 80 and see the raw server communication. Very helpful in debugging network services. Where it fails is when you get into SSL services. Telnet to port 443 and sure you’ll see you connect, but your not going to be doing an SSL handshake.

So I finally did a little googling and ran across this gem:

openssl s_client -connect www.example.com:443

And now I have SSL handshake and my raw plaintext interface that telnet provided.

Works great for all my ssl service troubleshooting (imap/pop/https/etc..).

Found the info at this site:

http://advosys.ca/viewpoints/2006/08/testing-ssl-with-command-line-tools/

Posted in David, Linux, Mac OS X, Security, Technology | Leave a comment

Fixing Thunderbird + Enigmail + GPG-Agent passphrase cacheing on CentOS/RHEL 6

Posted on March 30, 2012 by D-Caf

Ok this has been bothering me for a while, I upgrade my desktop to CentOS 6 to have a nice stable platform going forward from my previous Fedora 14 install and all was good.  Except Enigmail gpg passphrase caching broke.  Every time I hit an encrypted email I had to enter in the passphrase at least twice it seemed, and pity me if i clicked on a threaded email conversation.

So after digging around I found the following fix:

Edit .bash_profile and add:

gpg-agent --daemon --enable-ssh-support --write-env-file "${HOME}/.gpg-agent-info"

if [ -f "${HOME}/.gpg-agent-info" ]; then
. "${HOME}/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
fi

Edit .bashrc and add:

GPG_TTY=$(tty)
export GPG_TTY

And now all is happy.  Some of this was found on this page:

http://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html#Invoking-GPG_002dAGENT

Some of it was trial and error, plus a health amount of googling.

Posted in David, Linux, Security, Technology | Tagged , , | Leave a comment

Really not dead yet…. (Yes an update)

Posted on January 17, 2012 by D-Caf

So it’s been over two years since my last post.  Been very busy in my life and haven’t had time to do as much tinkering and computer stuff at home as I usually would.  That’s not to say I haven’t done anything, just haven’t documented it.  Here are a few things that happened in the last two years:

  1. I changed jobs, I now work in computer, network, and systems security full time.  I’m loving it!  Finally getting to really practice what I preach in the security field.  Georgetown was fun and a great time to grow my general systems experience, but I’m enjoying the focus on computer and network security.


  2. Got a new car, this actually happened about three years ago, but I never posted about it.  The Chevy Blazer was taken out by it’s imploding supercharger and deemed not worth my time, effort, and money to repair.  Given it was early 2009 and car dealers were giving away cars I got a great deal on a new 2009 VW Tiguan SE with AWD.  Still love the car and making small upgrades to it as the years go on to make it more mine.  I did actually stand up a page for that work here: My SUV Project (Tiguan).


  3. I made some network and computer upgrades at home as well.  I replace my original first generation MacBook Pro 15″ (Intel Core Duo 2Ghz) with a late 2010 model MacBook Pro 15″ (Intel i7 Dual Core) with HD display and 8GB of ram.  It’s currently triple booting MacOS X 10.6, Fedora 16, and Windows Ent 7.  I have a post on how to setup triple boot in the works.  I also upgrade my old Promise NS4300N 2TB NAS box with a new NetGear ReadyNAS Pro 6 12TB.  Much faster and a lot more storage plus so many options.  Finally I’ve kept the network up with technology and run full WiFI a/b/g 300mbps+ and GigE wired via NetGear WNDR4000 and assorted GigE switches paired with FiOS internet.  Finally I upgraded my workstation piece by piece to get it up to a Sandybridge i7 and 16GB ram so that I can build out a new HD+CableCard MythTV network using VMs, the NAS box, and the new Silicon Dust HD Prime. I’ll have a post later documenting my network general gear later as well as posts on how I setup MythTV.


  4. I’ve got a Barnes and Noble Nook Color as well.  It’s a great little device and hoping to take better advantage of it this coming year.  And yes, it’s rooted.  Running stock Nook Software but with the added benefit of sideloaded and standard android market apps too.


  5. And last but not least, still being a dad and husband working away enjoying watching the kids learn and grow (as I learn and grow).

 

Posted in Cars & Trucks, David, Gadgets, Hobbies, Linux, Mac OS X, Security, Technology | Leave a comment

Graduate School Complete!

Posted on January 4, 2010 by D-Caf

Well after 2.5 years I just turned in my application to graduate from my Masters in Computer Science program at Georgetown University.

I started the program in the Fall of 2007 with my first class, Information Retrieval (Basically Search Engine and Data mining technologies).  Some of my favorite classes included Network Security, Information Warfare, Requirements Engineering, and Service Oriented Architecture.  Finished my studies up with an independent study revolving around Privacy and Information Control for Fall 2009.  Basically a cross between Information Warfare, Information Retrieval, and the privacy implications, with a little Java programming thrown in.

All grades are in (I did very well, even with being a new Dad to kids during this time period, thank you wife!), so the rest is just formalities.

Now I can get back to more of my volunteer and independent work as well as hobbies.

Posted in David | Tagged , , , , | Leave a comment

Sharp MM20 sold… Aspire One doing well

Posted on December 17, 2009 by D-Caf

I decided it was a little much having two “netbooks” around, so I sold my trusty Sharp MM20 (a netbook that came out before anyone heard of netbooks) to another MM20 owner with all the accessories.

So I’ve dedicated myself to the Acre Aspire One and it’s doing a great job.  One complaint was the horribly slow 16GB SSD drive that it came with.  It’s pitifully slow and loading a full blown Linux distro on it started showing its shortcomings.  Well this was solved by replacing the drive with a better performing RunCore based SSD drive.  Now the machine is quick and responsive.

I’ve loaded up Fedora 12 on the machine with “Desktop Effects” enabled, SELinux enforcing, and an encrypted hard drive via dm-crypt.  In truth, I notice no performance loss, it’s quick responsive and no stuttering.  Works great for Web Browsing, SSH sessions, and email.  That’s all I really need from a Netbook.  Oh and 5 hour battery life is no problem for this little 2.5lb machine.

Posted in Linux, Technology | Tagged , , | Leave a comment

Finally an update.

Posted on December 15, 2009 by D-Caf

So I’m finally getting near the end of my Grad School career and will slowly have some small bit of life back.  Hence the need to post.  Just a quick recap of events from this year since the last post:

1. OpenSource World, San Francisco – All speakers were lined up and presented, heard some great things about them, but the show in general seems to be having trouble finding its rhythm.  Unfortunately once again I had to miss it because…

2. The family of three expanded by one!  So now there are two little ones keeping their parents awake, which of course adds to…

3. The lack of sleep I’m getting because of my last class for Grad School!  Finishing up an independent study class where I’m working on some research into Identity Management on the web.  Kind of a if you really don’t have any privacy anymore, how do you make the best of a bad situation?  It’s been tough squeezing in the work given…

4.  That my day job has changed somewhat.  My original group I worked for has actually been broken apart and individuals sent to different groups.  Basically, we accomplish our original mandate of getting engaged with researchers and it’s now time to help them integrate in and take advantage of the rest of University Information Services.  My role remains about the same, but I’m now charged with managing a couple more projects while seeking out ways in which other researchers can be assisted.  Of course all these things caused me to miss…

5. My BEST FRIEND CINDY LI GETTING MARRIED!!!!  Unfortunately she moved out to the west coast and there was just no way I could get out there in the short time I had.  But I’m SO VERY HAPPY for her.  I just wish I could have been there.

So that’s basically where I’m at now.  There were a few other items to update on like laptops, computers, cars, etc…  But I’ll save those for other posts.

Posted in David | Tagged , , | Leave a comment

Aspire One up and running

Posted on April 8, 2009 by D-Caf

So much for my concerted effort!

So small update, EeePC is gone, had to return it for work, but it was replaced with an Acer Aspire One.  I received the AOA110-1698.  This model comes with Linpus Linux Lite, 1GB Memory, 16GB SSD drive, and the 6 Cell big battery.  Linpus lite was fine, but I needed a full-blown Linux and it’s now running Fedora Core 10.  Even have SELinux running enabled on it as well as encrypted file systems.  Works very well, everything works except suspend to RAM right now.  Not too big a deal as hibernate (suspend to disk) works great.  Probably better to use that anyway, so that my battery lasts longer when I forget to plug it in when I get home.  Takes a little longer to get started up, but it runs reliably!  I’ll need to write a how-to on setting this up, just have to find time.

Next note, OpenSource world is looking good, just finished recruiting my last speaker so the Security Track is complete.  I really like the lineup this year; I’m happy with the track!

UPDATE: Suspend to RAM works very well now on the Aspire One, kernel update seems to have patched it.

Posted in David, Technology | Leave a comment

Ok, new year – new post

Posted on January 29, 2009 by D-Caf

I’m going to make a concerted effort to post more frequently this year.  I’ve got several projects going on at home and at work that I’d like to document.  Here are a few things I’ll be writing up:

1.  Some MythTV HD updates like the move to a Promise NS4300N 1.5TB Raid 5 NAS box for storage

2.  The return of the EeePC 1000 to work, the resurrection of the Sharp MM20 with Ubuntu (yes, not Fedora)

3.  The new EeePC 1000 replacement on the way (it’s a surprise what’s coming)

4.  The end of LinuxWorld and the birth of OpenSource World!!! (Yeah, new freedom new conference just new new new!!!  Did I mention new?)

5.  DC*BSDcon and Shmoocon coming up next week in Washington, DC.

So yes, some updates coming.

Posted in David | Leave a comment

Yuck, upgrade messes up text

Posted on October 31, 2008 by D-Caf

Looks like I’ll have to do some cleanup on my blog.  Appears that the recent update to the software has caused misc  and †to show up in all the posts.  Ugh, this could take a while…

UPDATE: ok the  are taken care of, but the †are going to be a little more challenging.

UPDATE2: Ok, the †are now back to —

Posted in David, Technology | Leave a comment