Other articles

  1. Blog migrated

    Date Mon 01 June 2015 Tags Life

    It’s been a long time since the last post, so this is a kind of “I’m alive” post. This blog has been migrated (as well as the entire server) to a static site generator, pelican. The theme is a custom one, inspired from pelican-boostrap. Why a static content generator ? Because browsing is fast, because it’s easy to create a read-only container to host pages, and because thanks to that I can avoid having PHP running. As the migration was both an automatic and manual process, don’t be surprised if things are broken, I will repair everything (don’t hesitate to give feedback).

    In fact, the entire server has been migrated, and it took some time before getting things to work again.

    What will be published ? Same kind as before, random posts on technical stuff, an OCaml-LLVM tutorial, thoughts on TLS, and maybe some sysadmin points one the installation of my servers

    read more
  2. goodbye EdenWall

    Ça fait un certain temps que je n’avais rien posté, alors voici quelques news

    Après un peu plus de 4 ans, j’ai décidé de repartir à l’aventure et de quitter EdenWall. C’est surtout l’occasion de remercier tous les gens que j’ai rencontré, avec qui j’ai pu travailler ou échanger quelques blagues (à leur grand désespoir parfois!).

    Je remercie toute l’équipe, et en particulier Éric, Jérôme et Loïc pour leurs immenses qualités humaines et professionnelles, ces années ont été autant de fun que de travail intéressant :)

    read more
  3. GPG transition - signatures welcome

    Date Tue 30 November 2010 Tags GPG

    I finally managed to issue a transition statement for my new GPG key (4096R) a,d signed it with both keys.

    If you happened to sign my old 8D5F40CB key at Solutions Linux, SSTIC, or any beersigning party, and you’re satisfied with the content of the transition statement,then please sign my new F1393998 key. Thanks !

    read more
  4. Site migrated

    Date Mon 15 November 2010 Tags Life

    As you’ve probably already seen, this blog and the entire site have been migrated to another hosting.

    Changes include :

    • Upgrade from etch to squeeze (PHP4 to PHP5 + suhosin, grub to grub2 etc.)
    • Most services are now using PostgreSQL instead of MySQL
    • Server is installed with SELinux in enforcing mode (why ? because it’s fun !)
    • IPv6 (and fun with iptables)
    • OpenLDAP + Kerberos
    • This blog had been migrated from dotclear 1 to DC2 (with some fun to keep old URLs working)
    • Trac migrated to Redmine: this will allow adding some projects
    • Git repositories
    • All cleartext URLs are redirected to SSL
    • Other (non-public) services, like postfix + greylisting, cyrus etc.

    There are still some things to do, like installing real SSL certificates, but globally it has been pretty easy (and this is one reason I like Debian ). I’ve kept notes from the entire migration, so if someone’s interested I can share some parts.

    read more
  5. New GPG Key

    Date Wed 20 May 2009 Tags GPG

    Partly because of the latest theoretical attack against the SHA-1 digest algorithm (details), I created a new GPG key:

    sec   4096R/F1393998 2009-05-10
    uid                  Pierre Chifflier <chifflier@gmail.com>
    uid                  Pierre Chifflier <chifflier@inl.fr>
    uid                  Pierre Chifflier <pollux@debian.org>
    uid                  pollux <pollux@wzdftpd.net>
    uid                  Pierre Chifflier <chifflier@cpe.fr>
    

    It’s signed with my old key 0x8D5F40CB, uploaded to keyservers, and will replace my old key.

    read more
  6. Restoring data from raid + lvm disks

    If you are, like me, using this kind of layout for your disks:

    disks => raid1 => lvm (encrypted or not) => partitions => filesystems
    

    (Remember never to use XFS with this layout, unless you want to be sure to loose data - XFS still has problems with the 4k stack. Also, do not use XFS if you are not using a power supply. Oh, well, remember not to use to XFS at all …)

    This setup should ensure you to keep your data safe if one of the disk crashes. Good ! But what happens if you want to take one of the disks and mount it elsewhere (for ex. with an external USB converter) ? You have to re-create the FS stack manually, which can be quite tricky, so I post the commands here:

    0 - find your disk partitions layout

    # fdisk -l /dev/sdb
    Device Boot      Start         End      Blocks   Id  System
    /dev/sdb1   *           1         122      979933+  fd  Linux raid autodetect
    /dev/sdb2             123       14946   119073780   fd  Linux raid autodetect
    

    1 - Create a (degraded) raid array

    # mdadm --assemble --run /dev/md0 /dev/sdb2
    mdadm: /dev/md0 has been started with 1 drive (out of 2).
    

    2 - Scan and create the LVM volume group

    # lvmdiskscan |grep md
    /dev …
    read more
  7. ulogd2: the new userspace logging daemon for netfilter/iptables (part 3)

    Installation

    If you’ve followed the previous article, you now have a working ulogd2 installation.We will now explore the way data are stored in the database, and the default SQL schema provided with ulogd2.

    SQL schema, basics

    The SQL schema ? Not really, only the default one. Ulogd2 uses stored procedures and views to create an abstraction layer between the C code and the real storage of the data (the tables in the SQL database). The basics are the following:

    Inserting data using the “INSERT” keyword is fast, but requires the application to know the SQL schema. An update of the SQL part will need an update of the C code, which is not very handy. So instead of using:

    INSERT INTO tablename (field1,field2,...) VALUES (1,2,...);
    

    We will create a stored procedure (in this example, we use PostgreSQL PL/pgSQL syntax):

    CREATE OR REPLACE FUNCTION INSERT_PACKET_FULL(
                   IN value11 integer,
                   ...)
    RETURNS bigint AS $$
    DECLARE
           t_id bigint;
    DECLARE
                   t_id := INSERT INTO tablename (field1,field2,...) VALUES ($1,$2,...);
                   RETURN t_id;
    END
    $$ LANGUAGE plpgsql SECURITY INVOKER;
    

    Inserting data can now be done, using:

    SELECT INSERT_PACKET_FULL(1,2,3,...);
    

    So, we have succeeded into transforming a fast and single (and simple) query into …

    read more
  8. Git rocks

    No news here, this post is mostly a note for myself, to remember some commands for git:

    Creating a repository to be shared between several hosts (with an existing project)

    On the server:

    mkdir project.git
    cd project.git
    git --bare init
    

    On the remote host:

    cd project
    git init
    git remote add origin ssh://server/var/git/project
    git config branch.master.remote origin
    git config branch.master.merge refs/heads/master
    

    Now you can make the first commit:

    git add .
    git commit -m "First commit"
    git push
    
    Fix a mistake in a previous commit
    1. Save your work so far.
    2. Stash your changes away for now: git stash
    3. Now your working copy is clean at the state of your last commit.
    4. Use ‘git rebase -i’, and use the ‘edit’ command on the commit you want to edit
    5. Make the fixes. (If you just want to change the log, skip this step.)
    6. Commit the changes in “amend” mode: git commit —all —amend
    7. Your editor will come up asking for a log message (by default, the old log message). Save and quit the editor when you’re happy with it.
    8. The new changes are added on to the old commit. See …
    read more

Page 1 / 2 »