FennecBlog

It’s been a while since I’ve updated (I’m bad with that, I know), so here’s a little update on my life

I’ve settled completely into my new home now, and am starting to want to make upgrades. Add sockets in the bedroom, network the entire place with CAT5e, add a shower to the bathroom.

I’ve also yet to upgrade my server; I’m waiting for OpenMediaVault to be released, which should make managing it a lot easier. Plans for a HTPC are also on hold until I get a much better TV to hook it up to; the current 26" SDTV just isn’t any good anymore, I want to get a LCD HDTV to replace it, then get a HTPC to replace the XBOX (which cannot play x264 video reliably).

Another upgrade is the network; things have slowly degraded back to a mixed 100Mbit/Gigabit network, then 100Mbit. Getting that back to Gigabit is a fairly high priority for me.

Last upgrade on the list at the moment is the router; I really want to replace the singlecore VIA C7D motherboard in it with a fanless Atom board. Should be quieter with quicker VPN performance.

Shall be updating more often, I promise!

Recently, I discovered that eBox, a promising Ubuntu based distribution attempting to fill the same niche as Microsoft Small Business Server, gained support for SSL security on multiple Apache2 virtualhosts.

Wonderful! I thought to myself, thinking that FINALLY, someone had picked up on the fact that Apache2 has supported TLS SNI for quite some time now.

I was sorely disappointed. What they’re actually doing, is using a single SSL certificate with AltName fields. Whenever a SSL secured virtualhost is added or removed, the old certificate is revoked and a new one issued. Not pretty, and considering the alternative, not efficient either.

Ah yes, the alternative. Lets look at it. With SNI, if you added a new virtualhost, you’d just create a new certificate. No messing around revoking. Removed a virtualhost? Revoke the certificate. No messing around creating a new one. Much more efficient.

The argument that SNI is not popular is also a false one. True, as far as I know it’s not widely used, but what it is is pretty widely supported. What supports SNI? Here’s a list:

Windows Vista onwards.
Apple OS X 10.5.6 onwards.
Linux, though KDE is left out.
Any device running iOS4

Look at that last one. Any iPhone, iPod Touch, and soon iPad running iOS4 is automatically SNI capable. Go on, give it a try. Visit https://sni.velox.ch/ on your 3G or 3GS or 4, running iOS4, and have a look.

Sorry, SNI is a lot of things (awesome, best kept secret of apache2, not implemented much), but ‘not popular’ is NOT one of them.

Recently, I stopped hosting my own mailserver in favour of using Google Apps personal edition. It’s been working very well so far, I’m even getting activesync push for my contacts, calendar, and email once I enabled Sync on my domain.

Once I got everything working, I transferred all my email over to the new account, then ripped the mailstack out of my own server. Oops.

My server no longer had a way to send me email notifying me of updates, WordPress no longer could notify me of comments, etc, etc. I thought it was being a bit quiet!

So I reinstalled postfix, repointed it at my smarthost, and we’ll see how that works.

In other news, I may be getting an iPhone 3GS on contract next Tuesday. Rather looking forward to it, if not to using iTunes (at least until libgpod updates with support for the new database).

Just trying an iPod touch, using the WordPress app. The keyboard is… suprisingly usable.

To my eternal shame, I have started microblogging. You can follow it (if you wish), at MicroFennec.

In other news, I have pulled the Atom 330 out of my desktop and put it into my fileserver, and repurposed the VIA C7-D into a hardware firewall. Both seem happy enough now, the C7-D performing WAN->LAN tranfers at 5.99MB/s with 30% CPU load.

Having had a look at the Atom D510 boards, however, I plan on upgrading soonish. Approximately £150 for two boards. 1.66GHz, dual-core, hyperthreaded, and a much lower TDP than the Atom 330 platform thanks to the use of the NM10 chipset (2.5W TDP) rather than the GMA950 chipser (22W TDP). Results in a 15W platform TDP for the Atom D510 compared to 30W for the 330.

Probably going to stop using Smoothwall on the router when that happens, and switch to Ubuntu Server, as Smoothwall currently lacks both dual-core and hyperthreading support. I’ll be sad to see the ease-of-use vanish, but the power gained by being able to edit configuration files by hand will hopefully make up for it. I’ve already started planning on what I’m going to put on it, though:

• Shorewall.
• PPtPd.
• DNSmasq.
• linux-igd.
• openssh-server.

And that’s about it. Shorewall will give me a good high-level interface to iptables, PPtPd will give me a simple ‘proper’ VPN solution over NeoRouter (though I might keep on using that too.). DNSmasq for a very simple, combination DNS and DHCP server. I don’t need BIND or DHCPD for my network. Linux-igd will give upnp using clients the ability to traverse the NAT without problems, and openssh-server will give me a line into the firewall to perform updates and maintenence, as it’ll be running headless and keyboardless.

Whoo! Spent an hour today upgrading the home server with shiny new hardware.

HDD space stays the same at 2TB, and I haven’t bothered reinstalling the OS just yet as it runs fine on the new hardware.

CPU is now an Atom 330 overclocked to 2GHz, which gives me three more cores in my server, which are quicker to boot. The old CPU was a VIA C7-D, running at 1.5GHz, with a single core.

RAM is now 3GB DDR2 from 1.5GB DDR2, another nice upgrade. Hopefully my server will never touch swap again. And the upgrade path is clear towards 4GB now.

Network has gone up to gigabit now, though very little in my network supports that standard at the moment. It’s important though, I do plan on having a gigabit network in the future.

It’s obviously a lot quicker now, logins via SSH are virtually instant where it would hang for a couple of seconds before logging in before, WordPress is responding more smoothly, things like that.

Oh, and going from SATA to SATA2 is nice too.

Just another update to reveal another very useful program for those of us with a home server.

Actually, two programs.

The first is Quassel, a rather clever IRC client, which uses a client/server approach. Now let me explain, when I mean client/server, I don’t mean in the normal way that IRC clients are client/server, but in the following way: Take an ordinary IRC client. Then split it into two parts, the GUI, and the bit that connects to IRC. Then let them talk to each other using an SSL secured TCP/IP connection. This means you can have the GUI running on a laptop, desktop, or whatever, and the backend running on a server somewhere else, and effectively always be online.

The second program I’d like to introduce is Deluge, which is a BitTorrent client structured in much the same manner as Quassel. The advantages of this approach are great: on the desktop/laptop you have what is for all intents and purposes a BitTorrent client, but instead of downloading on the laptop/desktop, torrents are downloaded on your server, which likely has a much better connection and much more disk space.

Before, I was using TorrentFlux, which while nice, hasn’t been updated in a while and runs on top of Apache, MySQL, and PHP. It’s understandably a lot slower than Deluge is, and lacks the bonus of acting like a local client – associating .torrent files with Deluge gives the result that clicking on one on the laptop/desktop, will result in Deluge downloading it on the server, even when the desktop/laptop is switched off.

I downloaded Ubuntu Moblin Remix at around 5.9MB/s.

Given TCP/IP overheads, I’m guessing I’m getting my full 50Mbit/s connection here. This makes for much happiness.

Today, I’m transferring that iso over to my laptop to burn it off. I’m getting 2.4MB/s. 54g wifi is less than half as quick as my internet connection. Amusing.

Just a quick and happy post about my getting VPN working using a rather nifty client/server software called NeoRouter.

NeoRouter is a zero-configuration VPN solution rather similar to Hamachi, with one rather important difference: NeoRouter provides the server component to run on your own computer, they don’t provide any servers. It’s also SSL secured (like OpenVPN), which hopefully means it’s as secure as that software.

Good points:

Very simple to install.

Very simple to run.

No need to rely on someone else’s server to use.

Bad points:

Closed source, I can’t know for certain how secure it really is. SSL encryption suggests good security though.

Closed source aside, I think I can happily recommend this if you’re using Hamachi, or want to set up a simple VPN.

Just a quick update to apopogise for my server’s semi-unreliability, I think the little C7 in it isn’t quite able to cope with the load I’m regularly putting on it now, so I’m going to be exchanging motherboards soon, getting a bigger and cooler case and seeing how that works out.

Atom 330 should work out nicely, especially in combination with the gamer/server case from Maplin, I think. Might also invest in some hard disks, too. Some more storage would hardly go astray.