jcm's blog

So, I spent a while trying to figure out how I’m going to shutdown all these machines I’ve got at home. I came up with the idea of getting some more colo to handle stuff I don’t really want based at home in the first place – well, not really, it’s more hassle than it’s worth to worry about unreliable [A]DSL connections and the like.

I prefer my email to just work. So, I decided everything needed replication. Not just in the way I’ve copied things previously – now I want live copies of mail that are synchronized, right down to the meta data for which mails I’ve read/deleted or otherwise tagged/flagged. Take a look at the MX for jonmasters.org now:

jonmasters.org.         9601    IN      MX      10 mx1.jonmasters.org.
jonmasters.org.         9601    IN      MX      20 mx2.jonmasters.org.
jonmasters.org.         9601    IN      MX      30 mx3.jonmasters.org.
jonmasters.org.         9601    IN      MX      40 mx4.jonmasters.org.
jonmasters.org.         9601    IN      MX      100 mx5.jonmasters.org.

I setup a couple more colo boxen (actually low cost VM) that can see each other over my private VPN. These are mx1 (fremont.jonmasters.org) and mx2 (london.jonmasters.org). They run exim4 and both think they’re delivering locally all of my mail. Fremont delivers into /fremont/mail/jcm/Maildir, while London delivers into /london/mail/jcm/Maildir. Since fremont.jonmasters.org is the top priority MX, most of my mail will end up there, some (mostly SPAM) will go to the secondaries. Both fremont.jonmasters.org and london.jonmasters.org export /fremont and /london over NFS over the VPN so they can see each other’s mail.

I wanted a distributed filesystem (thanks to my friends at work for suggestions) but unfortunately cannot get my colo providers to do that just yet (they’re busy moving to Xen anyway – then I can just take the matter into my own hands) so I have to have this (growing) NFS hack for the moment. I can’t just deliver mail into both directories on both machines, because that won’t help when the two are out of sync. Instead, I have looked at a variety of Maildir syncing software with a view to syncing the two machines once per minute.

First off, I looked at offlineimap. Mostly because other people seem to like it. It sucks. Not only is it badly documented, but it doesn’t work in the way you would expect, errors out if it’s not happy and likes to create lots of duplicates of mail/waste space. I won’t use it again unless it’s for something that’s a really simple syncing-mail-with-laptop scenario. Oh well.

Next, I looked at maildirsync. This is a simple looking utility, but it actually works. Through a wrapper script, I now have the machines sync the maildirs of those users for which I want this replication enabled. Each user has pretty typical procmail filters and the like, thanks to some macros abstracting the difference between hosts.

The net result from this work is that I now have several places with live copies of my mail, synced together and make it available using IMAP, Squirrelmail and through other media. Eventually, I’ll increase the number of hosts involved so that I can handle multiple failures on different continents and still have mail I never read nor reply to

Jon.

Apparently Madonna may be prosecuted in Germany for Blasphemy over her appearance on a cross with a crown of thorns on her head. Yes, that’s right, there’s actually (apparently) a law against that in Germay – and that’s fucked up.

Ok, most of you know I’m an atheist. I don’t give a shit, except when religion starts trying to influence the laws of the land (and I spent a good 20 minutes the other day swearing at the TV when watching the UK House of Lords filled with unelected religious representatives nobody voted for – I’m that anti Religion influencing politics on any level). Having a law against Blasphemy is just so wrong I don’t know where to start discussing it. I hope they do prosecute Madonna (over someone else) because her lawyers would have a field day over it (I hope). I really hope she doesn’t give in to calls not to have those scenes in her performance – for once, she could do a good thing by standing up for the right to nail yourself to a cross in public.

Jon.

I’m no big fan of EasyRyan but I think Ryanair have a point in threatening the UK government over the security hysteria that followed last week’s terror plot. In the aftermath of last week, it’s now becoming increasingly difficult to take hand luggage onto planes and this is helping to pander to terrorists everywhere. I sympathyise with the comments made today about how the UK government is dealing with the situation and even though I don’t think Ryanair have a legal leg to stand on, I hope they help to win some kind of backlash against the powers that be. The government need a large injection of realism to aid their “governance” of all the little people.

Either you allow baggage onto planes, or you don’t. Either you allow fluids or you don’t. What you don’t do is apply an uneven unstandardized set of “requirements” on to the traveling public in different locales and at different times. I have seen first hand just how they apply different standards at different airports and on different occasions and have seen the ineptitude of these security folks first hand. They don’t care about your security – they care about targets and getting a bonus from the company to whom the passenger screening has been outsourced to (probably to the lowest bidder, too). In turn, security companies care about making profit for their shareholders. You just don’t outsource security in airports and expect to be taken seriously – and some of us see right through all that farce.

But isn’t it brilliant how the US and UK have overreacted? Over the last week, we’ve had one plane diverted because a woman had a panic attack and an airport closed down after a pregnant woman of pakistani origin had some cream that might have been explosive. At the same time, we’ve had one passenger get back onto a plane and a 12 year old boy walk onto a plane without being checked by anyone (until he was on the plane itself). The right-wing media have had a field day with all their stupidly pointless animations and GIANT RED ALERT SIGNS on the screen and global terrorism has won the victory of making life just that little bit more miserable for the traveling public.

It is still safer to fly than to walk down many streets late at night. It’s safer to fly than it is to drive a car, or cross the street, or go into some banks, or do many other things that we take for granted. Heck, you’re almost as likely to win the lottery as get caught up in an incident – and when was the last time you won the lottery? But it’s still somehow necessary to go nuts and pander to extremists. And now we apparently need more profiling to take place and more ID cards and more <insert government surveillance here> to make our lives safer. I don’t feel any less secure than I did a week ago – just now I know about one more plot. Here’s a radical idea: let’s spend more money on curing disease and making cars safer. Let’s save a lot more people every day. Meanwhile, I’m still going to be flying.

Jon.

Well, there’s some good news this week in the global “war on terror”. The people who care about privacy in the US have successfully pointed out to the fuckwit in chief that he is not above the law. Yes, unfortunately, he has to actually listen to that pesky “it’s just a piece of paper” constitution from time to time and not spy on people without any legal mandate to do so. Of course, the government will appeal this decision until they get their way (why not? Who cares about the rights of the people not to have unreasonable search or privacy in their own home from intrusive surveillance?). They’ll get legislation through to make it all legal after the fact because right-wing conservative nutjobs will support privacy errosion as an “anti-terror” “necessity”. I don’t think they even understand what the ACLU is trying to save.

While people who can’t add two numbers together continue the expensive and pointless fight to undermine freedoms in society, the ACLU will be doing something about it. They are one of the greatest institutions in the United States. These people care about defending the rights of the people that were fought for all those years ago by the founding fathers. What’s the point of having brave people stand up and establish the Union if idiots can undermine that on a whim? In a world increasingly twisted and distorted by the acts of a small number of people, who would love to see us all living in a police state, it’s refreshing to see brave people making a last stand for freedom.

Jon.

Update: Ok. So, as people point out, it’s a joke site. I blame Joe for showing me the link – I trusted the source too much that time

So, Joe just showed me this wonderful FUD on Evolution Propaganda. It’s brilliant. Absolutely and utterly shite, like all the best religious writings, but it’s got all the markings of the highest callibur nutticism.

That’s right. We’re all using Macintosh computers to secretly subvert the good wholesome religious zealoty nutjobs everywhere. As he points out, Open Source is all about communism too, because who would honestly believe it could be just about making software available to all mankind? Instead, we should go listen to what self-proclaimed religious whackjobs tell us God tells them we should be doing, because people who hear voices from God are sane.

So, there you have it. Now go be a good little conformant and stop using Apple Macintosh computers immediately, for the devil has truly taken hold of blah blah blah. I can’t even find the energy to joke about this any longer – but go read the article if you want a good laugh. Then, check out those pesky HTTP headers coming from that website:

GET http://www.objectiveministries.org/ HTTP/1.1
Host: www.objectiveministries.org

HTTP/1.1 200 OK
Date: Sat, 12 Aug 2006 08:57:45 GMT
Server: Apache/1.3.33 (Unix) mod_throttle/3.1.2 DAV/1.0.3 mod_fastcgi/2.4.2
mod_gzip/1.3.26.1a PHP/4.4.2 mod_ssl/2.8.22 OpenSSL/0.9.7e

Yes, he’s writing about the evils of communist Open Source software while simultaneously the hosting company he uses is running evil communist Open Source software.

Jon.

So I got fremont.jonmasters.org and london.jonmasters.org installed and they’re on their way to being setup. I decided to play with SSL/TLS encrypted openvpn tunnels so I’m building private (short session, non-shared keys) VPN peerings between these machines (and other virtual machines) in order to build a shared global jonmasters.org filesystem. I’m not decided whether I’ll run GFS or hack something more me together via FUSE layered over NFS (because I can’t build kernel modules on every one of these virtual machines) but the goal is that my mail delivery system get more streamlined (rather than the hacks in place right now) so that each host serves as an equal priority MX delivery MTA for *.jonmasters.org and delivers into the same Maildir, with multiple redundant backups.

Distributed mail backups. That’s kind of the system I have now, but the implementation is not quite as clean – I want a very robust email system once I turn off this kit on my home ADSL and get to the point that email should have reached a long time ago anyway. Ideally, I’ll end up with all email sitting on encrypted volumes using a key that’s not committed to disk any place and exploit e.g. FUSE/LVM snapshotting capabilities to keep instantaneous backups. But that will take a while to get right. In the mean time, there should be no single point of delivery failure for my email, since email doesn’t have a single point of transport failure. In any case, I must also soon stop using gmail too. It was supposed to be temporary – I don’t really want them going anywhere near my mail with their Googly appendages.

I need to write a HOWTO at some point, too.

Jon.