darrin's musings on software, linux, and anything else.
Archive for October 2013

CloudFlare and a Virtual Private Server

It wasn't that long ago that people paid fairly hefty monthly rates to host web sites, with pitifully small storage quotas.

Then along came companies like DreamHost that promised massive amounts of storage at much lower cost. But even small personal sites would still be up for hundreds of dollars per year in hosting fees.

By this time, we all had 24/7 broadband internet. And (depending on your ISP's policy) it was quite feasible to serve your own site from your home, for free, and with as much storage as you would like. For personal sites this worked fine, but there was always the risk of the Slashdot effect, which would render your home internet connection unusable and probably get you kicked off your ISP.

Read more »


After a short and non-extensive search, I selected BlazeBlogger as the CMS tool for this site.


It does feel a bit simple compared to the more common systems, but it has a edit-source-generate-output workflow that feels very familiar to software developers, and lets me stay close to the CSS and HTML code that defines the look of the site.

There are no databases, the source files can be kept under version control, and the output is static HTML pages (and therefore nice and fast). A few simple command-line tools are used to add/edit pages, and then the site is generated with blaze-make. After that its a simple matter of previewing and using rsync to upload it to the web server.

I'm not sure if the lack of a comment system is a good thing or a bad thing. So many sites out there only have nonsense or spam in their comments. But the lack of a feedback channel is a bit of a shame. Perhaps I'll try an email address for feedback submission, and see if that generates ridiculous amounts of spam or not.

If you have a Mac, you can easily install it (and all sorts of other packages) using the Homebrew package manager.

Postfix SASL support for sshguard

sshguard is a great tool for securing internet-facing servers. I've been using it for some some to protect from ssh brute-force attacks and IMAP server attacks.

However, the current version does not include attack signatures for Postfix, and my servers are seeing hundreds of brute-force connection attempts. These show up in logs like:

Oct 19 19:56:07 longbeach postfix/smtpd[2309]: warning: unknown[]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Oct 19 19:56:21 longbeach postfix/smtpd[2309]: warning: unknown[]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

Anyway, I decided to check out the code and look at adding support for these lines. It was fairly simple, the only real complication was that the yacc-based parser did not accept the two-part process name ("postfix/smtpd"). A quick rule tweak took care of that.

Read more »