More Zonkyness

Author: Mike Meredith

  • Inappropriate Gas Supply Whinging

    In the recent inclement weather the demand for gas has gone up a trifle (bear in mind I’m English – we call a wild gale “a moderate breeze”). To help balance supply and demand, the National Grid has started started suggesting that certain companies switch to some other energy supply.

    Now these companies with very high energy requirements bought into special contracts that basically say that their gas supply is very heavily discounted in exchange for the National Grid being able to cut their supply in certain situations. Like the current weather and associated increased demand for heating.

    Now some of these companies on such contracts are now complaining about losing their gas supply and how this will affect their recovery from the recession. Now I’m going to say something the National Grid spokesperson(s) can’t or won’t say.

    Shut up and get on with it! You took advantage of the cheap gas whilst times were good, and are now complaining about the reason for the cheap price. If you want reliable supply, you need to pay the full price like the rest of us!

  • OpenSolaris, and mod_security2

    For various reasons I have decided that I need to install mod_security2 on my personal web server. This is a Solaris zone running on an OpenSolaris global zone with various bits of software provisioned by OpenCSW. Unfortunately (or fortunately at least from the point of view that I get to do something interesting), mod_security2 is not something provided by OpenCSW.

    For even more various reasons, I decided to “formalise” my notes on building, installing, and configuring mod_security2.

    Before attempting to build mod_security2, it is important to have a functional build environment. This includes :-

    • Installing the apache2_devel package from OpenCSW (pkg-get -i apache2_devel)
    • Installing the gcc3 package from OpenCSW
    • Installing the following OpenSolaris packages (pkg install XXX) :- SUNWhea, SUNWarc, SUNWbtool
    • Installing the SunStudio package from Sun. It may be possible that gcc3 is not necessary with this installed, but I ended up with both so advise you too as well. In addition to installing it in the standard location (/opt/SUNWspro) it is also necessary to create a symlink in the place where the OpenCSW developer placed his/her copy of SunStudio :- mkdir -p /opt/studio/SOS11; ln -s /opt/SUNWspro /opt/studio/SOS11/SUNWspro

    The next step is to setup a shell environment appropriate to configuring and compiling mod_studio2 :-

    export PATH=$PATH:/opt/SUNWspro/bin
export PATH=$PATH:/opt/csw/bin
export PATH=$PATH:/usr/ccs/bin
export PATH=$PATH:/opt/csw/gcc3/bin
export CC=gcc

    (The above presumes the use of a shell that understands the above syntax)

    The next step is to unpack the module source code, and configure it  :-

    cd /var/tmp
gunzip -c modsecurity-apache_2.5.11.tar.gz | tar xvf -
cd modsecurity-apache_2.5.11
cd apache2
./configure --with-apxs=/opt/csw/apache2/sbin/apxs \
   --with-pcre=/opt/csw \
   --with-apr=/opt/csw/apache2 \
   --with-apu=/opt/csw/apache2//bin/apu-config

    That should successfully general a Makefile. Edit this makefile and remove all references to “-Wall” (for APSX_EXTRA_CFLAGS, also remove the proceeding “-Wc,”). This is because modules will compile with SunStudio’s compiler no matter what we try to do to stop it, and SunStudio does not understand “-Wall”.

    Now finally you can compile the software :-

    make
sudo make install

    Now we are at the point where we can start configuring mod_security2.

    In the main httpd.conf file, add the following two directives somewhere appropriate (i.e. close to the other “LoadModule” directives) :-

    LoadFile /opt/csw/lib/libxml2.so
#   Check that this library is installed!
LoadModule unique_id_module libexec/mod_unique_id.so
#   This will be already in the file but may be commented out
LoadModule security2_module libexec/mod_security2.so
#   And this is the one we're interested in.

    At this point, try a graceful restart (/opt/csw/apache2/sbin/apachectl graceful) to be sure that the relevant code loads. Now onto enabling the module and configuring it with the “Core Rule Set” …

    First copy the rules subdirectory to an appropriate place and fix the permissions :-

    cp -rp rules /opt/csw/apache2/etc/modsecurity
chown -R root:root /opt/csw/apache2/etc/modsecurity
chmod -R o+r /opt/csw/apache2/etc/modsecurity
find /opt/csw/apache2/etc/modsecurity -type d -exec chmod o+x {} \;

    In the file modsecurity/modsecurity_crs_10_global_config.conf, change SecDataDir to /var/tmp.

    In the file modsecurity/modsecurity_crs_10_config.conf :-

    1. Change SecAudditLog to var/log/modsec_audit.log
    2. Change SecDebugLog to var/log/modsec_debug.log

    Now add the following to httpd.conf :-

    Include etc/modsecurity/modsecurity_crs_10_global_config.conf
Include etc/modsecurity/modsecurity_crs_10_config.conf
Include etc/modsecurity/base_rules/*conf

    And gracefully restart Apache.

    At this point, mod_security2 is running and blocking stuff, but has not been finely “tweaked” to the local applications – at the very least it partially breaks WordPress, and may well break other applications.

  • The Big Snow Reaches Portsmouth

    So last night we had a huge whoomph, and this big pile of snow landed on Portsmouth (and many other areas of Southern England) last night. With something like 7cm of snow in Portsmouth this is probably the hardest hit Portsmouth has been since before I started living here. In fact I don’t recall many times the snow being this heavy anywhere (except in the US).

    Of course other areas were even harder hit with up to 30cm is snow in places around the South. This has caused traffic chaos with people trapped in cars for up to 12 hours not too many miles from here, and at work this morning most drivers did not arrive. As the snow was continuing to fall heavily, work rather quickly decided to shut for the day and send us all home. Some of us continued to work from home 😐

    Some of the thoughts that occurred as various reactions to the adverse weather set in …

    Northerners keep criticising Southerners for being wimps when it comes to weather. Well this time the reaction was particularly irritating. The previous day the North also caught some heavy snow, but considerably less that the South got (yes some places in the North got more – places that get snow almost every day in the winter). Did Southerners start criticising when the North ground to a halt ? No we didn’t. It’s about time that Northerners stopped talking about soft Southerners when the weather we got yesterday and today was severe enough to cause the North to grind to a halt.

    Businesses of course were whinging about all the money they will lose because of the bad weather – the lost production because of workers being unable to turn up, shoppers not diving in to spend money, etc. Well grow up, and live with it. Nature can’t be beaten, and there are more important things than making money – staying safe and avoiding fatal accidents in bad weather for one.

    People are complaining about the council gritting operations being unable to keep the roads open and safe. They obviously don’t understand exactly how the “grit” works. In fact the grit is in fact rock salt and the salt helps to melt a limited amount of ice or snow. That is why gritters repeatedly grit roads when things get bad. What with abandoned cars getting in the way of gritters and the need to repeatedly grit roads, the number of roads that get effectively gritted goes down. Gritting cannot keep roads open in these kind of conditions.

    I would say that drivers need to be a little more careful and a little more considerate of other road users, except that it is really the idiot car drivers who need to do that. It is just that the idiots are more prominent in these kinds of conditions. Some advice :-

    • If you don’t know how to drive in snow, don’t try.
    • Drive slowly … there is too great a chance of you sliding uncontrollably. I don’t care if you bend your nice shiny car, but I don’t particularly want to be smeared across the pavement at the end of your skid.
    • When clearing the snow off your windscreen, do the same for the rest of the car. All that snow will often leap off the car as you are moving along and the dropped snow will make things tricky for anyone else around. That is if it doesn’t hit anyone!

    Lastly, whilst I have every sympathy for anyone who slips and falls in the present conditions there are some who wear entirely inappropriate footwear for the conditions. Wearing flat bottomed shoes with no grip and then complaining about how slippery things are just isn’t right.

  • Film Review: Lesbian Vampire Killers (and watching films on an iPhone)

    So O2 is giving away free downloads for the 12 days of Christmas (or something like that) and have just given away a free copy of the film “Lesbian Spank Inferno” … sorry I mean “Lesbian Vampire Killers“. Well as it was free, I decided to give it a go …

    The first thing to note is that watching films on an iPhone is a pretty bad idea. Ok, it is portable and probably isn’t too bad for watching an old film that you are familiar with for entertainment on the move (although reading a book is probably better). The screen is just too small.

    As for the film itself, well you will have to turn off your “PC filters” before watching – the title itself and the first few minutes reveal a misogynistic fear of lesbians (the writers seem to be under the impression that lesbians are that way through a hatred of men!).

    After you turn off these filters, what do you get ? Well two principle characters who are pretty repulsive – one pathetic type whose girlfriend  is routinely unfaithful (and with good reason), and another who is even more pathetic and unsurprisingly has no girlfriend.

    These two pathetic losers journey to a village under an ancient curse whereby all 18 year old women suddenly turn into lesbian vampires (surely a contradiction in terms). They meet up with an unlikely bunch of history students – all female and all with a predilection for wearing low-cut tops. At which point the “story” (if it can be called such) progresses through an unlikely series of events until our two “heros” with a surviving love interest manage to defeat the lesbian vampire queen.

    It isn’t good porn (whatever that is).

    It isn’t comedy. And no I’m not being superior – I like simplistic “Carry On” style smutty comedy.

    It isn’t a good vampire story. It doesn’t even have much of a story.

    All in all, a complete waste of time. One of those “freebies” that cost too much.

    Don’t bother.

  • Chinese Government Kill The English Madman

    (With apologies to the relatives of Akmal Shaikh – I’m using somewhat impolite terms for mental illness)

    The Chinese government has just executed an Englishman for drug smuggling despite the fact that he was plainly more than a little unhinged.  Even ignoring the fact that executions are a barbaric way of dealing with criminals, not taking into account someone’s mental health is positively medieval.

    Well it would be except that medieval societies may well have been a trifle more understanding of those with mental health issues than the Chinese authorities have been.

    The Chinese authorities are claiming that there are no reports indicating that Akmal has mental health issues, but it doesn’t take a report to know that he’s a bit of a fruitcase. And if there has not been a mental health assessment it is fully the responsibility of the Chinese authorities that there hasn’t been one!

    Apparently the Chinese authorities are annoyed that people are criticising them for executing Akmal. They claim we have no right to criticise them! Well it’s not about whether we have the right to criticise them but about whether we find the behaviour of the Chinese authorities repugnant.