Zu meinem Geburtstag (und ich schreibe jetzt nicht welcher es war) habe ich einen Urlaub in Osttirol geschenkt bekommen. Teil dieses Urlaubes war es auch einen Tag lang einen Porsche fahren zu dürfen. Das kommt natürlich nicht von irgendwo. Ich bin eigentlich schon seit ich Autos kenne Porsche Fan.

Zuerst noch kurz zum Hotel: Uneingeschränkte Empfehlung! Die Zimmer sind wirklich spitze genauso wie der Wellnessbereich mit Pool, Sauna und Dampfsauna.

Aber natürlich war das Porsche fahren der Hammer! Ich durfte einen Porsche 911 Black Edition Cabriolet fahren.

Nun zu meinen Eindrücken:

• Verarbeitung: Es ist wirklich Benchmarkqualität die Porsche hier liefert. Die Materialien sind einfach edel und es quietscht und knarrt einfach gar nichts.

• Sitzposition: Was soll ich sagen: Sportwagenfeeling. Es ist eher so, dass man sich den Porsche anzieht, als dass man in ihn einsteigt. Ich hoffe das klappt auch noch, wenn ich das Alter erreicht habe, in dem ich mir einen Porsche leisten kann :-).

• Fahrwerk: "Wie auf Schienen fahren" - diesen Spruch kennt man. Das erste Mal, dass ich in einem Auto das Gefühl hatte, dieser Aussage Nahe zu kommen. Die Präzision beim Einlenken ist wirklich toll. Korrekturen in der Kurve unnötig. Man muss ihn schon wirklich an die Grenze bringen (plus ein wenig Vortrieb auf die Hinterachse bringen) und erst dann zeigt er seine Tendenz zum Übersteuern.

• Motor: Bis 3500 Touren ist der Vortrieb "überschaubar". (Ich fahre einen turbogeladenen Benziner der doch schon wesentlich früher in der Lage ist Drehmoment zu liefern). Plötzlich greift aber die Resonanzaufladung (und was weiß ich sonst noch) und der schiebt nach vorne als gäbe es kein morgen. Gut - er könnte noch besser gehen - das "S" wäre wohl schon eine Investition wert (oder vielleicht doch den "Turbo S" ) - aber es geht schon was weiter. Ab dieser Drehzahl beginnt der Motor auch mit einem zu sprechen. Es ist nur eines das er sagen kann: "Gib mir mehr!". Das habe ich natürlich auch getan. Dieses Brüllen nötigt einem auch zum Runterschalten im Tunnel - "Alternativlos" (würde die Merkel sagen). Erstaunlich war auch der niedrige Verbrauch von rund 11 l/100km trotz der eher "unnatürlich sportlichen" Fahrweise auf den Passstraßen.

• Apropos Schalten - Getriebe: Ich hatte das Glück und durfte das PDK (Porsche Doppelkupplung) Getriebe fahren. Sowohl das Cruisen im Automatikmodus als auch das Schalten mit den Lenkradpedals macht richtig laune. Die Gangwechsel passieren rasch (wenn auch nicht gerade Rennstrecken tauglich - ich glaube auch dafür gäbe es eine "S" Taste zum Kaufen ) und wirklich frei von Zugkraftunterbrechungen. Ich habe mir auch eingebildet bei sportlichem Runterschalten Zwischengas wahrzunehmen - oder wie auch immer das Motormanagement hier mitmacht.

Zu Letzt bleibt nur noch mich bei denen zu bedanken die mir dieses Erlebnis ermöglicht haben - DANKE!

Since Hetzner offered some interesting root servers theses days I have decided to retire mephisto.

During this switch I also refactored the server configuration. The whole virtual mail setup is now based on LDAP only. No need for SQL and I fully removed the kerberos stuff as this simply to blown for a small to midsize server. I really appreciate any feedback on the whole configuration documentation.

How to send the GET method to test a HTTP server

These days I had the problem that I wasn't able to connect to a http server. The problem was the firewall. I wanted to test the connection through port 80 by sending a simple GET to the web server. So the first attempt was to do a

$ telnet $host 80
GET / HTTP/1.0


<Here the response should be served ... but>

But the Problem with this (at least on debian) was, that the telnet client did not send a <CR><LF> combination which is needed by the HTTP server. Neither toggling the crlf option in the telnet client nor any known keybord sequence like ^M, ^J, enter, return, aso. did help. So what did the trick?

$ echo -e -n "GET / HTTP/1.0\r\n\r\n" | nc $host 80

If you are interested in the HTTP protocol itself and the different methods I find the wikipedia to be a good starting point.

I did not have any monitoring services despite some automatic sent emaild quite a while. But the amount of hosts I should maintain is increasing and I felt like loosing the overview. On the other hand I was afraid of using Nagios as I always found it much to complicated. But yesterday I started my first attempts on it and I have to say it is much easier to install and maintain than I thought. I would like to collect some of the main steps here.

Debian

Installation

apt-get install nagios3 nagios-plugins

The cgi script (webinterface) uses a directory where files are written to initialize commands. This method (external commands called) is not only usable for the cgi script but also for other external (not nagios) tools. For example you can trigger a service update this way. In debian we have to do 2 things to make this working. In the file /etc/nagios3/nagios.cfg set

check_external_commands=1
command_check_interval=15s

and fix the permissions of this external command directory (which could be changed in /etc/nagios3/nagios.cfg of course)

/etc/init.d/nagios3 stop
dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios3/rw
dpkg-statoverride --update --add nagios nagios 751 /var/lib/nagios3
/etc/init.d/nagios3 start

Apache integration

Per default we can now access nagios with the URL

http://$SERVER/nagios3

and also per https. The first thing I want to do is the access of https only. Therfore we comment the Alias parts in /etc/apache2/conf.d/nagios3.conf

#ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3
#ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3
#Alias /nagios3/stylesheets /etc/nagios3/stylesheets
#Alias /nagios3 /usr/share/nagios3/htdocs

and add those line without comments into your ssl config file - e.g. /etc/apache2/sites-available/default-ssl. Now we can acces nagios with

https://$SERVER/nagios3

only.

The next step is the login configuration. Per default nagios uses a htpasswd file. As I already use apache mod_macro and have configured PAM to work with apache (I am using kerberos as auth) I do the following. First the macro

<Macro AuthPAMValidUser $auth_name>
       AuthPAM_Enabled on
       AuthBasicAuthoritative Off
       AuthUserFile /dev/null 
       AuthType Basic
       AuthName "$auth_name"
       require valid-user
</Macro>

and now the config in /etc/apache2/conf.d/nagios3.conf inside the DirectoryMatch directive

# AuthName "Nagios Access"
# AuthType Basic
# AuthUserFile /etc/nagios3/htpasswd.users
# # nagios 1.x:
# #AuthUserFile /etc/nagios/htpasswd.users
# require valid-user
Use AuthPAMValidUser "Nagios Access"

Now we can authenticate ourself against apache. What we now have to tell nagios is, which user rights are connected to the user name. We configure this inside /etc/nagios3/cgi.cfg and I've choosen the following configuration (you have to insert admin user name for $admin)

authorized_for_system_information=$admin
authorized_for_system_commands=$admin
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=$admin
authorized_for_all_host_commands=$admin

Now it's time to restart the services (and first check if configs are ok)

nagios3 -v /etc/nagios3/nagios.cfg
/etc/init.d/nagios3 restart
/etc/init.d/apache2 restart

We the default configuration of debian you should already see a localhost with some default services. Now go on and configure hosts and services!

Nagios Grapher

That's a very cool software which produces with RRD graphs of the states.

apt-get install nagiosgrapher

It uses a very simple interface which can be activated in debian with

process_performance_data=1
service_perfdata_command=ngraph-process-service-perfdata-pipe

NRPE

Sometimes it make sens to start remote checks. Therefore we use the NRPE plugin. On the $SERVER we have to install

aptitude install nagios-nrpe-plugin

On the $HOST we have to install

aptitude install nagios-nrpe-server nagios-plugins

We will start the service on the $HOST with the debian init script. It's also possible to run the NRPE server with xinetd. You can configure NRPE in /etc/nagios/nrpe.cfg. I'd say you have to configure at least the following

allowed_hosts=$SERVER

and be sure to open port 5666 on the firewall.

You should be able to test NRPE on the $SERVER with a command like the following

/usr/lib/nagios/plugins/check_nrpe -H $HOST -c check_load

If this works you can add a service on the $SERVER with a statement like the following

define service{
          use                 generic-service
          host_name           $HOST
          service_description Current Load
          check_command       check_nrpe_1arg!check_load
          }

Gentoo

On Gentoo the situation is quite similar - the ebuilds are called

net-analyzer/nagios
net-analyzer/nagios-nrpe
net-analyzer/nagios-plugins

and the installed plugins are chossen with the help of USE flags.

People who know me might know that I don't like social networking at all and facebook in special. But to be honest - I was curious what's all about this hype. So I created a profile. And my expectations about data safety and all the things I were afraid of, have been confirmed.

• Why was facebook able to suggests "friends" - I don't like this word in this context - (with a really high hit rate) I really know? There must be more information about me in this network than I put into it. That implies that if you are willing to share information with facebook - you don't share only information about YOU! That's a fact most people aren't aware of.

• The default privacy settings are horrible and the modification of them is even worse. Why is "Only me" a "custom" setting? I really don't understand that.

• Why is "public search" enabled per default! I really don't want to display my facebook profile first on google.

I also would like to (most people who are interested in privacy might already know) add a link to let you know which companies got your facebook data through the last leak.