Bigbro's foray into the scary world of blogging
11 2007
Steve Coast spoke about the Open Streetmap project in the HEAnet offices last week. Thanks to the efforts of Kevin Dermody the video of the event is now available.
...was a girl stating, "I've never had to WD-40 my leatherman."
I wonder if the OED are aware the WD-40 is now a verb.
Update: I was wrong! The last comment was shortly followed up with, "I had no kettle so I had to boil penguins."
I don't feel I have the words to explain what prompted that...
posted at: 22:29 | path: /observations | permanent link to this entry
HEAnet are now mirroring the Open Streetmap data set.
So, if you're in Ireland you might want to consider grabbing your copy of the data from here.
Thanks to Christian and BrianMc for making this happen.
posted at: 16:10 | path: /technical | permanent link to this entry
The board room in HEAnet was more packed than it's ever been for an ILUG talk. Chairs were commandeered from the office at large to accomodate the crowd of people gathered to hear Steve Coast talk about a his Open Streetmap project.
Details of how the project started (by noticing that GPS traces of couriers around London could be used to derive a crude map) and where it's going to (getting close to complete coverage of the UK by the end of 2009, possibly sooner) were all detailed and beautifully illustrated with the aid of snapshots from the map. To demonstrate how easy it was to contribute to this map, Steve added a local pub with just a few clicks of the mouse.
Huge thanks to Steve for giving the presentation, and indeed to everyone who made the effort to come and listen to him. There was a video recording made, which will be made available in the very near future. Thanks also to HEAnet for generously hosting the event and to Kev Dermody for his unfailing camera and recording skills.
Finally, please remember the Dublin OSM Mapping Party tomorrow and Sunday starting from the ICS in Dublin, from 11:00am until late.
posted at: 16:06 | path: /technical | permanent link to this entry
An RTE article details that the HSE is making a call for an increase in the tax on alcohol. While I abhor alcohol abuse and the tragedy that it undoubtedly causes, previous tax rises have utterly failed to reduce consumption. I see no reason to see why this increased tax should have any more effect than previous ineffectual initiatives.
Perhaps the government might like to consider some 'carrot' rather than perpetually attempting to come up with new, yet equally useless, 'sticks' with which to beat us. As a musician who spends significant amounts of time in pubs the length and breadth of the country, can I humbly suggest that the government look seriously into the following, to start with:
If you ever use a map, you should come to the HEAnet offices on 22nd November 2007 at 7:00pm to hear Steve Coast talking about the Open Streetmap project:
"a project aimed squarely at creating and providing free geographic data such as street maps to anyone who wants them. The project was started because most maps you think of as free actually have legal or technical restrictions on their use, holding back people from using them in creative, productive or unexpected ways."
Galway LUG is organising a multi-distro installfest from 1000-1200 on Saturday 17th of November, in the DERI building (opposite the Westwood Hotel), Newcastle Road, Galway. We will have people available to help with Ubuntu, Debian, Mandriva and RedHat (minimum). There will be demo systems with various software preinstalled, and with luck, plenty of install CD/DVDs.
Tell your friends!
With thanks to Andrew Gallagher for bringing the event to my attention.
posted at: 11:16 | path: /technical | permanent link to this entry
Due to an ACL preventing me from using one of my mail servers (port 25 outbound blocked except to internal mail relays... thanks Windows viruses!) I decided to test delivery of mail over IPv6. It worked. Yay! I now have IPv6 mail relaying capability and from a few brief tests, it appears that many network that block port 25 for IPv4 do not have an equivalent block for IPv6.
If anyone notices any strangeness from mail.signal2noise.co.uk due to the addition of an AAAA record, do please let me know.
posted at: 19:03 | path: /technical | permanent link to this entry
For those of us who roam around the internet, getting a connection here, there and everywhere, trying to find mailservers that are willing to relay outgoing mail for us can be a challenge. While DHCP will give us an IP address, nameservers and a default gateway, there's no traditional model I'm aware of for provising mail relays. Of course, there's a solution to this problem - use your own mail server.
Using your own mail server means that you must configure it to relay mail from lots of possible IP addresses - but only if it's you that's trying to relay. I won't go into the details as to why it's a bad idea to have an open mail relay facing the internet - I'm going to assume you know. Fortunately, it's actually not that difficult to authenticate with your mail server at SMTP time (when you're sending a mail) and ensure that only you, or your valid users, get to use the server.
Step #1: Configure TLS
For this you'll need a server certificate. I've chosen to use CACert as my root signer. You can do the same by signing up for a free account with them - something I'd actively encourage you to do.
/etc/ssl/certs/CACert-class1-root.pem./usr/lib/ssl/misc/CA.pl -newreq-nodes to generate a certificate request for your server. Answer the questions asked, making sure to insert the server's DNS name as the Common Name (eg, YOUR name) section. In my case, it's for one of my mail servers, so I putCommon Name (eg, YOUR name) []:mail.signal2noise.co.uk.newkey.pem (this is your private key. Keep it a secret.) and the other called newreq.pem. (This is the certificate request you need to send to CACert.) I always rename the newkey.pem file to servername-privatekey.pem.newreq.pem file into the text area titled "Paste your CSR below..."servername-publickey.pemcat servername-privatekey.pem servername-publickey.pem > servername-keys.pem
servername-keys.pem file in the /etc/ssl/certs/ directory along with the CACert-class1-root.pem cert from above. We now have all the keys we need. If you have other users on your system, make sure that the servername-key.pem file is not world readable. chmod 0640 servername-key.pem should do the job nicely./etc/postfix/main.cf file:
## TLS
smtp_use_tls = yes
smtpd_use_tls = yes
## Only show AUTH options if TLS is being used.
smtpd_tls_auth_only = yes
## Log the hostname of a remote SMTP server that offers STARTTLS
smtp_tls_note_starttls_offer = yes
## Location of PEM files
smtpd_tls_key_file = /etc/ssl/certs/servername-key.pem
smtpd_tls_cert_file = /etc/ssl/certs/servername-key.pem
smtpd_tls_CAfile = /etc/ssl/certs/CACert-class1-root.pem
smtpd_tls_CApath = /etc/ssl/certs
## Increase this for more verbose logging
smtpd_tls_loglevel = 1
## Add a TLS header
smtpd_tls_received_header = yes
tls_random_source = dev:/dev/urandom
EHLO your.server.name it should now respond with 250-STARTTLS as one of the options.apt-get install libsasl sasl2-bin libsasl2-modulessasl2-bin package will install a file called /etc/default/saslauthd. You will need to edit this file to configure saslauthd to start automatically at boot time.
START=yes
MECHANISMS="pam"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
Other options can be left at their defaults. The OPTIONS stanza configures the runtime files appear in a location accessible by postfix, running in a chroot jail. Without this, postfix will be unable to communicate with saslauthd.
postfix:saslmkdir -p /var/spool/postfix/var/run/saslauthd
chown -R postfix:sasl /var/spool/postfix/var/run/saslauthdsasldb2 file so that it's accessible by postfix, and configure sasl to be added to the postfix group:adduser postfix sasl
mv /etc/sasldb2 /var/spool/postfix/etc/
ln -s /var/spool/postfix/etc/sasldb2 /etc/sasldb2
chown postfix:sasl /var/spool/postfix/etc/sasldb2/etc/postfix/sasl/smtpd.conf with the following contents:pwcheck_method: saslauthdmain.cf file to allow postfix to use SASL Auth for sending mail:
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
/etc/init.d/saslauthd start/etc/init.d/postfix restartI'm a little worried - it's 11:30pm at night, I'm still working, I'm watching a documentary on 'Helvetica' - yes, the font - and I'm starting to agree with their compelling arguments that it's the best font. I might need help...
posted at: 23:32 | path: /observations | permanent link to this entry
Last night, I had the pleasure of meeting with Mike Culver, of amazon.com who gave a tremendous presentation about their Amazon Web Services offerings, including the Elastic Compute (EC2 / EC3) technology. Compared to the 180 people Mike spoke with a couple of evening ago, the ten or so dedicated people who turned up to hear him at the Irish Computer Society offices in Dublin was a small crowd - but a more intimate discussion ensued as a result. Since a few people already had experience with EC3/S3, we bucked the trend and started asking questions of Mike before he even had a chance to start his talk.
For me, the most interesting services offered were the Elastic Computation service (EC3) and the storage service (S3.) The EC3 and S3 business model is what differentiates it from the more traditional model of having to burn cash up front to allow for reserve capacity for growth. With the S3 and EC3 systems, you can call down more storage and spin up another virtual server instance on demand - and you only pay for what you use! Of course, since all the machines are Xen instances, and are created by Amazon's back end on demand, you can scale back down as efficiently and cost effectively as you scale up. Currently, if you have one instance running all the time for a whole month, it costs about $72, plus bandwidth charges. If you only use it for an hour, you get charged ~10c.
Unfortunately, due to having to catch a 3am flight the next morning, this talk did not culminate in the traditional ILUG jaunt to the local pub. We'll have to invite Mike over again some time so he can experience the more esoteric post-talk question and answer session, where the questions often become more and more interesting, although less and less relevant, as the evening proceeds.
Huge thanks to Mike for speaking, to Niall O'Broin and Paul O'Malley for organising the event, and to the ICS for generously provising a venue.
Finally, don't forget the ILUG AGM 2007 tomorrow (well, later today by now...) Sat 3rd Nov, 2007, 3pm in the ICS building.
posted at: 00:37 | path: /technical | permanent link to this entry
![[IPv6 Ready]](http://9-badges.ipv6ready.ie/9/94/2f/05/9942f05fd76ad162164ae4abe1b094cd49d0d070-m.png)
