Stuff I'm Up To

Technical Ramblings

Sphinx Search — September 29, 2016

Sphinx Search

Sphinx is an open source full text search server, designed from the ground up with performance, relevance (aka search quality), and integration simplicity in mind. It’s written in C++ and works on Linux (RedHat, Ubuntu, etc), Windows, MacOS, Solaris, FreeBSD, and a few other systems.

NGINX, PHP and a Blank Page —

NGINX, PHP and a Blank Page

Got Nginx installed, got PHP installed. All ready to go, but all you get from your test PHP page is… nothing.

Catches me out regularly. The php5-fpm daemon runs as the user “www-data”, but the Nginx daemon runs as “nginx”. So Nginx has no permission to the /var/run/php5-fpm.sock file because it’s owned by “www-data”.

Continue reading — September 27, 2016 is a very helpful little plugin for Kodi. What makes it so helpful is that it acts as a backup of what I’ve watched and how far through a series I am. After every movie or TV program it asks me to rate the show (optional). More importantly it records that I’ve watched it by “scrobbling” (just sending what I watched and when) up to the portal and records it on my profile.

I’m sure it collects my viewing habits and does some strategic selling of my statistics somewhere along the line. But fair play to them. If I wanted to I could join in with the whole social aspect of discussing what I’ve watched, but what I get out of it happens when I reinstall Kodi. I activate the plug-in, it then syncs with my profile and marks all the local media I’ve actually watched as watched.

So I always know where I’m at.

SSH Tunnelling —
Windows CA SHA-256 —

Windows CA SHA-256

Has it really been 10 years since I deployed a Windows Certificate Authority? Well obviously it has as the certificate is up for renewal. Not only that the Signing Algorithm used is currently SHA-1 which is causing some complaint from our vulnerability scanning. Time for an upgrade.

In order to satisfy the requirement for SHA-256 you need to use the newer provider KSP as the current one is CSP.

Continue reading

HTML5 Doctor — September 26, 2016
OSMC Installation — September 24, 2016

OSMC Installation

I’ve been a fan and user of OpenELEC on my Raspberry Pi’s for some time. It’s always performed great and was pretty straightforward to install and use. But it seems the developers are struggling to keep up with the releases of Kodi.

This isn’t necessarily a problem. It’s not like I need a new Kodi when the version I have works just fine. But I ran into OSMC and it has a newer version of Kodi and promised to be just as straight forward.

… and you know what? It really was.

Continue reading

Nginx 1.10 and PHP7.0-fpm — September 23, 2016

Nginx 1.10 and PHP7.0-fpm

Keen to press on a try new suff I figured that seeing as I’d now tried Nginx 1.10 that I’d put that together with PHP 7.0.

I started of by thinking I’d remove nginx 1.6 from my workstation, clean the config out and install the latest from the nginx repository. It was all going so well until:

Unpacking nginx (1.10.1-1~jessie) ...
dpkg: error processing archive /var/cache/apt/archives/nginx_1.10.1-1~jessie_amd64.deb (--unpack):
 trying to overwrite '/usr/share/nginx/html/index.html', which is also in package nginx-common 1.6.2-5+deb8u2
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)

Continue reading

Network Access Control —

Network Access Control

In order to satisfy a number of security requirements we implemented 802.1X authentication throughout our network – wired and wireless. Initially this was done using Windows NPS (RADIUS) and the built in capabilities of our Extreme network switches.

It works very well. No one can plug into the LAN and get connected to the business network without authentication. If you’re not authenticated you get dropped onto the Guest VLAN and can access the Internet, but no business systems.

Great. We’re protected, but there are a few quirks and then this is where I visited the world of Open Source and stumbled over PacketFence.

Continue reading

Using LDAP with Active Directory — September 22, 2016

Using LDAP with Active Directory

Getting your Linux box to talk with Active Directory is pretty straight forward. But doing it securely will need you to have installed your CA certificate into your trusted certificates.

Mostly I’ll only setup anything to do with LDAP/Active Directory is a specific application requires it, otherwise I’ll leave out the Windows authentication bit. I generally don’t use LDAP/AD for the SSH PAM type logons and will configure LDAP when a web server or the like uses it, eg. php5-ldap is required.

Continue reading

Usenet —


So what’s Usenet?

Usenet has been around since God was a lad. It’s been part of the internet for so very long it pre-dates all the graphical stuff we see today.

Put simply it’s a text based system of sharing news messages , hence it’s correct protocol name being Network News Transfer Protocol (nntp), and operates in a similar way to a forum. Text posts would be made into news groups containing newsworthy information and could be responded to by people all around the internet. The news servers replicate and spread this news between each other so any piece of news may exist on many servers throughout the world.

Back when everything started becoming more than just text the cleverest propeller heads started to figure out you could convert binary files into a text format and back again. So binary files could be attached to email and sent as text and converted back from text at the other end.

Well the same was true for Usenet messages. So it didn’t take long before the text based system became host to binary files converted to text. This meant the underlying Usenet system itself needed no changes. It would still replicate these converted text messages across the globe. But now they could be converted back to binary files and the global sharing of anything from pictures, movies and music became an ingrained part of Usenet.

Continue reading

Trusting CA Certificates —

Trusting CA Certificates

This is something that catches me out regularly. Adding our CA certificate onto a Linux server. Just so it can trust the interactions of the LDAP over a secure channel.

It’s pretty straightforward to do but bites me almost every time. The secret seems to be make sure your CA certificate is in PEM format and named with a .crt extension. A .pem or .cer extension just doesn’t cut it.

Continue reading