Zeltus

A bit of an eventful weekend all in all.

On Sunday I decided to go for a gentle hoon around Dartmoor, exploring the region generally and seeing if any particular spot took my eye and might be a suitable place to live in the future.

My route took me thru’ Moretonhampstead, Princeton and then Yelverton, after which I headed north towards Tavistock. Once there I turned eastwards towards Okehampton but soon after that my journey took a fairly extreme and unpleasant turn for the worse.

At about 11:30 I was following a group of cars at about 45mph thru’ the twisty road (no hurry, I was just gently hooning along enjoying the ride) when we came to a straight bit with clear visibility ahead for at least a mile and no oncoming traffic. So I decided to overtake.

And that’s it. I remember nothing more.

It seems that I accelerated to somewhere between 60-70mph (sounds about right, for an overtake) when the car at the front, a white Megane, turned right. I believe I T-boned him, went over the roof, face planted on the road and came to an abrupt halt, completely unconscious and no longer taking any interest in the splendour of Dartmoor.

Anyway, after a Major Trauma Incident was declared, an Air Ambulance helicopter was dispatched to pick me up and deliver me to Derriford Hospital in Plymouth an hour after the accident.

I have some fragmented, disjointed memories of being on the helicopter, then shoved into an MRI scanner and having my breath tested (negative of course) but really, I was out of it until about 22:30 that night, when I finally came to what passes for me as compos mentis. So all the above is what I’ve pieced together from what I’ve been told – I still have no memory of the event and apparently, am unlikely to remember it.

Now, a number of quite sh*t things have happened to me this year but this really takes the biscuit.

Nevertheless, all I can do is count my blessings as by some miracle, and despite knowing plenty of other riders who have killed themselves or suffered serious brain injury, what did I suffer? A broken (well, a "comminuted fracture" to be accurate) pinky in my left hand and a broken scaphoid and trapezium bones in my right. Not even any symptoms of concussion. Oh, the effects of shock of course, vomiting, shivering and general all-round wobbliness. But nothing truly serious, much to the disgust/relief of the medical staff!

I even got in the papers, with a rather inaccurate report – but even so, with no memory of the event, this is scarey enough – http://www.thisisplymouth.co.uk/

As for the subject line, I am guessing my beautiful ugly R1150GS is a write-off. It’s a miracle I survived so I can’t hope for the bike to have come off lightly as well. I haven’t seen it yet and until I can seek out some sort of alternative transport, I might never will. For now, it’s up to the insurance companies to slog it out.

Nevertheless, I managed to get hold of my scans (I still officially have a French address and can thus demand my records with more ease than is normally the case) and present some of them here. The scaphoid injury is quite clear and a haematoma/oedema in my left hemisphere is clearly apparent – but it cleared up by itself with no treatment – even the pinky fracture (comminuted = smashed to bits – look on Orange squash bottles) is not really very clear.

All in all, I have been extremely lucky although I am now without transport. But surely a miraculous escape like this means things are going to get better from here on in?

Technorati Tags: crash, helicopter, motorcycle, scaphoid, t-bone, trauma

For me, including snippets of PHP code within my web-pages has always been a given. To the extent that it sometimes comes as a surprise to me when someone asks me how to do it. Doesn’t everyone already know?

What most people trip up on is expecting PHP to only operate on files with a .php suffix. Nothing wrong with this so far as it goes, but I prefer my web pages to have .html suffixes. The fact that I choose to embed chunks of PHP inside my pages needn’t be visible to the end-user. Or rather, viewer. So how do I do it?

Well, it couldn’t be easier, really.

But first, a small refresher on how PHP embeds itself into web pages anyway. I use Apache but all HTTP Server software will work in much the same way.

The file Apache uses as it configuration file is invariably called httpd.conf. It’s location may sometimes be a little obscure, dependent on what OS it is residing on – on my Red Hat servers (well CentOS, anyway!) it is found in /etc/httpd/conf/. Caveat: some Ubuntu distros seem to want to call the file apache2.conf – but you shouldn’t have much trouble figuring that out, especially if you remember that GIYF (Google Is Your Friend)

Anyway, a well-behaved PHP install will create or amend something like the following entries in said configuration file…

<IfModule dir_module>
    DirectoryIndex index.php index.cgi index.html index.htm
</IfModule>
.
AddHandler test/html .htm .html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
.
LoadModule php5_module libexec/apache22/libphp5.so
.
.

In brief, PHP has told Apache that

• accept index.php as a valid directory index file. It is now the same as index.html in that respect.
• Anytime Apache processes a file with a .php suffix, use the PHP MIME-type declared as the processing agent.
• Load in the PHP module that does all this good stuff.

OK, so at this stage, a file called say, example.php will be correctly processed and served by Apache. But I want ALL my .html files pre-processed by PHP. Simples.

AddHandler test/html .htm .html
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

becomes

AddType application/x-httpd-php .php .htm .html
AddType application/x-httpd-php-source .phps

After saving these changes, checking no silly typos were accidentally entered into the config file…

root: apachectl -t
Syntax OK

…and then restarting Apache

root: apachectl graceful

Upon which, all things being equal, PHP will pre-process all .htm and .html files. Obviously, there is an overhead in doing this but you’d have to be running a seriously hard-run site before this became an issue. Do remember, after all, that PHP has been highly optimised to integrate into HTML and I’m willing to bet you’ll not notice a difference in page load times (the time taken to download images will far outweigh any time spent by PHP doing it’s stuff)

Finally, note that AddType and AddHandler ARE different! As a very rough rule of thumb, I try and use AddType exclusively. FWIW, the difference is that AddHandler directives tell Apache how to handle file types and AddType directives tell Apache how to handle the contents of files. Any clearer? No, thought not. As I said, try and use AddType directives exclusively and you’re not likely to go far wrong.

Technorati Tags: addhandler, addtype, apache, httpd.conf, mime, php

One reason that persuaded me into pushing myself too hard with a walk to Lyme Regis on Saturday was that meant I was in position to go to the South West Motorcycle Show the day after. I only heard about this after hearing about it on the invaluable but noisy Ixion motorcycle mailing list – Top tip guys!

I hadn’t foreseen that I would be as stiff as a post after a marathon slog and that in particular my legs would seize up or otherwise refuse to work – just mounting my bike caused both thighs to start cramping and I sure as hell wasn’t sure how I was going to dismount at the showground!

Still, I made it, I saw lotsa bikes, some gob-stoppingly awesome stunts and lots of desirable and expensive kit, none of which I really needed – I am pleased to say that I really do have all the kit I need to ride the beast in all weathers, not something I have had to worry about for several years but from now on, it is my only means of transport, come rain or snow. And knowing my luck, I’ll be getting all of that!

I did take but a few pictures with my crap camera ‘phone and here they are…

As is ever the case with my posts, clicking on a photo will invariably throw up a larger version that is easier on the eye.

Extremely talented work, but as I said to the guy next me "Supreme skills, and they are not getting anywhere near my bike!"

Technorati Tags: bike, ixion, south, west

The Bank Holiday weekend was an ideal time to complete a rather ambitious walk I have had planned since my last outing. I wanted to walk all the way from Sidmouth to Lyme Regis – the distance is fair – somewhere around the 15-16 mile mark but it is a much more arduous path than I have walked recently.

Click on the photo to go to Flickr and see the full album.

I first took my bike to Sidford, well inland from Sidmouth. I had already sussed out that my return bus journey wouldn’t take me to Sidmouth, the true start of my walk and I felt better about leaving my bike in the car park there :- I really didn’t like leaving my bike parked in the street in Exmouth on my last outing.

The long and the short of it is that I did complete the course but it was it bit too hard a walk for it to be truly pleasurable. From now on I will be doing shorter legs – I think my next outing might have to be a north coast route. My cheap walking boots are just about, good enough, but sadly I am ahem, somewhat divorced from my expensive top-quality, well-broken in fit-like-a-glove proper-job walking boots. Still, gotta make do with what you’ve got I guess.

But I needed to do this leg, as the path from Seaton to Lyme Regis can apparently only be safely attempted in good weather. I also wanted to go to the South West Motorcycle Show in Exeter the next day, so staying in this general area overnight is a convenient thing to do.

Technorati Tags: beer, coast, lyme, path, seaton, sidford, sidmouth, south, west

Now I have the opportunity, I have started a project whereby I walk the South West Coast Path. This, my first leg, took me from Exmouth to Sidmouth. I don’t have much of a camera, just the one contained in my old and ancient mobile ‘phone (kindly donated by the son of a friend). But it’s good enough to provide me with an album reminding me of what I have done and when.

I’ve created a flickr set to hold these photos. Just click on the photo to go to the album and view the whole lot, hopefully correctly ordered by location.

I’ve no idea what my next leg should be. Or when. This project has no timescales or deadlines (other than the one true deadline!) I’ll do each leg as and when it suits me. And it suits me to do no more at this stage until the blisters caused by my new boots heal up a bit! :-)

Technorati Tags: budleight, coast, exmouth, otterton, path, salterton, seaton, south, west

If someone can help me identify these bugs, I’d would be most appreciative. A number of these nurseries appeared in the Autumn, mostly on our Mallow shrubs.

I started off by assuming that they were nursery colonies of Firebugs (or Gendarmes, as the French generally call them – « masques-nègres » "Masked Nigger" is the local non-PC name for ‘em) – English children prefer the more socially acceptable but coarser "Bonking Bugs" – and indeed, it is all they ever seem to do!

But now I’m really not so sure – yes, they are on my Mallows, the seeds of which Pyrrhocoris apterus enjoys eating. But Firebugs have the typically flattened bodies of Hemiptera whereas these show the more rounded shape that indicated true beetles. Unless it’s simply that these are immature forms of some other Hemiptera. I also believe there are a few adults shown in the photo and, if so, they certainly are not Firebugs. And finally, Firebugs are a very bright red whereas these are a rather darker blood-red colour.

Anyway, if anyone can help me identify these bugs, it’d be one less thing for me to puzzle over.

Technorati Tags: beetle, firebug, france, gendarme, hemiptera, Pyrrhocoris apterus

Up to now, I’ve been mildly amused at the attempts of script-kiddies to break into one of my servers. I’ve no idea why they are targetting that one specific server – it’s an important one to me but then, all my servers have that category. What with my regime of backups and replication, it’s a particularly easy one for me to rebuild.

Not that it will ever come to that. I do use strong passwords.

Nevertheless, I think it’s reached a stage where I have better things to do than watch my logs autorotate. Like the majority of my Systems Administration peers, I’ve decided to opt for the superior protection of RSA or DSA keys, rather than rely on passwords.

A few pre-requisites. I only access this server via ssh. All other services are turned off. So the script-kiddies were always on to a hiding to nothing anyway. I access the box mostly from a Windoze workstation – so I use PuTTY for command line access and WinSCP for file transfer.

The beauty of this is that I can use the extremely easy PuTTYgen to create my public key/private key pairs.

PuTTYgen allows me to create both the Public & the Private keys that I need for this hardening exercise. The Private key I hide away in a safe location on my workstation. I like to use Truecrypt volumes or similar schemes for this side of things. The Public key needs to be moved to my server. Sometimes this is the hardest bit to achieve! But in this case, I already have sshd running, albeit with password access, so I can use WinSCP to get the key across.

Under FreeBSD (and pretty much most other main-stream distros) the key is in ~/.ssh and is called authorized_keys. As I only have the one key all I need to do is rename the Public key accordingly and then [IMPORTANT]set it’s permissions to 644[/IMPORTANT]

Now, to enable key-based authentication, I need something like the following in the system /etc/ssh/sshd_config file.

Protocol 2
PermitRootLogin without-password
PasswordAuthentication no
ChallengeResponseAuthentication no
ClientAliveInterval 60
ClientAliveCountMax 30
UsePAM no
AllowUsers user1 user2 user3 user4 user5
DenyUsers root {all other userids in /etc/passwd}
Port 12345

1. Force use of SSH 2 – much more secure.
2. Don’t allow passwordless root logins. In fact, I don’t allow root to login at all – see DenyUsers.
3. Don’t allow passwords at all. For anybody. It’s all keyfiles for this server.
4. I don’t use skey type authentication. You probably don’t either.
5. Lines 5 & 6 – stop non-responding connections from clogging up the system.
6. These will timeout and closedown any such attempts.
7. PAM can bypass ssh login settings. Unless this line is set.
8. The next two lines only allow those users specified to use ssh to login. Everyone else is banned. In particular, root.
9. In fact, DenyUsers has precedence over AllowUsers. So be a bit careful about overlaps.
10. Finally, some obscurity to back up my security – use a non-standard Port.

A few notes before re-starting the sshd daemon, which will activate all this.

It might be an idea to open up Telnet access just while this is being tested. A small mistake here can lock you out of your server until a friendly, local SysAdmin can get at the server and correct the errors for you. Très embarassing! Telnet means you can fix your own mistakes. Just don’t forget to turn it off again when you’re happy with your ssh set-up.

As I have said, I use PuTTY for CLI access and WinSCP for file transfer. All I have to do is amend these to use the keyfiles and the ports I have specified and as far as my perception of things is, I just log in as before (umm, I suppose I do have to type in a rather longer passphrase rather than a password – but that’s the only change I see)

So, in order of security, more or less, I have

• Obscurity – I use a non-standard Port. If a script-kiddie does discover it, I can change it quite easily.
• If the Black Hat does discover the Port I am using, he then has to work out what userids are allowed to login
• …at which point he has the problem of cracking a very powerful asymmetric key mechanism. If that’s you, the NSA want to hear from you!
• I also have numerous rules set up in the TCP Wrappers’ hosts.allow file. So there is plenty of scope to trip up there and have the connection aborted
• And finally, I use Packet Filter combined with sshguard-pf just in case.

If there is any overkill in here I don’t really care. It’s all pretty easy to set up and in the few days I have been running this configuration, my logs have reported that hacking attempts have dropped from several thousand attempts per day to a big, fat zero.

Technorati Tags: authentication, freebsd, hardening, password, security, ssh, sshd

After receiving a number of e-mails from a variety of people offering more information and details on the DICE Trials at Portland Bill in 1975, including a few corrections. But I’m quite pleased they were just a few corrections – my memory is still in pretty good nick then!

Anyway, I’ve edited my original web-page to include a few amendments and a couple of, I hope, interesting downloads. I found them interesting anyway.

Technorati Tags: dice, M.R.E., porton, spray, trial, weymouth

Well, cellar rather than belfry, in our case. I only go into our cellars in our French house once or twice a year – mostly to either shut off and drain the water pipes or else to open them up again.

So it was a pleasant surprise when entering our first cellar to find a small clutch of Pipistrelle bats dozing the daylight hours away. I guess it must have been a really good year for wildlife generally here in the glorious Dordogne.

We often see them in the evening hours as our garden is essentially surrounded by out-buildings and what with the garden lighting, insects are attracted in and have difficulty getting out – and the bats know this all too well. I’m pretty certain we get the odd grey-coloured Daubenton’s bat and we certainly see some larger bats – but they fly so fast it’s hard to identify them. These Pipistrelles roosting like this make the job of identification much easier! :P

They seemed quite unalarmed at my presence and even the flash on the camera left them completely unfazed. Nevertheless, I tried not to take too many liberties and left them in peace as soon as I got my shot.

Unfortunately, entering our second cellar was a less fun experience. A pipe had sprung a leak, God knows when, and it was our side of the meter – so we have to pay for whatever water leaked away. :? It’s not that serious – we have the cheapest water in the Dordogne AND it’s spring water to boot. Fortunately, plumbing, like electrickery, holds no fears for me and it was soon fixed. I guess the higher pressure caused when the street piping was renewed in the summer sought out the weak points.

Technorati Tags: bat, bats, cellar, dordogne, pipistrelle, pipistrelles, wildlife

Despite all the clever-clever Colour Studios and Colour pickers out there, I always have trouble deciding what colours to use in any particular theme. It never used to be this bad – Web-safe colours were the norm (all 216 of ‘em!) and before that, UNIX X11 windowing systems relied on a simple flat file called "rgb.txt" – which is still distributed with modern Linux distros today.

So I figured that if I looked for I would find a .css file of these X11 colours, ready for me to pick’n'choose some well-known favourites such as cadetblue or indianred. I am used to cut’n'pasting rather than using fancy IDEs, so although I do use Dreamweaver, I certainly don’t use all of it’s cleverer functions – one day maybe.

But a search failed to find any such file. It’s not surprising on reflection, as it really is of limited use – a .css file that size would simply slow the whole page load process down to a crawl – something Internet Explorer users already seem to find tolerable but us Firefox, Chrome, Opera and yes, Safari users certainly don’t.

Anyway, to cut a not-very-long story to a really-short story, I grabbed hold of a copy of an rgb.txt file and a few swift typically-arcane commands in vi, my favourite UNIX editor, I ended up with a humungous .css file containing all the X11 colours as simple class entries for both color: and background-color: properties.

And here it is…

As is ever the case, I did have some trouble with IE8 – it simply didn’t want to display the .css content the way I wanted to display it. So although the production of the file was a matter of minutes at most, I probably took over two hours to produce the page describing it! That’s the way the Microsoft biscuit crumbles I guess.

Anyway, I want to return to font handling now – the world has changed since my last post on this…

Technorati Tags: colours, css, rgb, rgb.txt, X11