xrdp and the ulimits / nofile issue

You might have noticed for xrdp on Debian (but quite possibly with a lot of other Linux tools and other Linux distributions) the user limits (described in /etc/security/limits.conf) are not enforced. Which meant in my case that any session open with xrdp was opened with a max number of open files (nofile) set to 1024. To fix this, edit the file /etc/pam.d/common-session and add the following line: session required pam_limits.so

June 11, 2012 · Florent Clairambault

Limiting number of connections per IP with ufw

This is a personal reminder post. The easiest attack one can perform on a web server is opening all the connections and do nothing with it. iptables fortunately has a “connlimit” module to avoid this. If you’re using ufw like me you will want to keep your good integration with it. In the `/etc/ufw/before.rules file, after these lines: # Don't delete these required lines, otherwise there will be errors *filter :ufw-before-input - [:] :ufw-before-output - [:] :ufw-before-forward - [:] :ufw-not-local - [:] # End of required lines You can add this to limit the number of concurrent connections: ...

June 2, 2012 · Florent Clairambault

Cassandra as registry

One of the biggest issue with distributed database is to find the right model to store your data. On a recent project, I decided to use a registry model. The registry idea The idea behind writing a registry is to have an easy way to both store and view data. For a given device that has a {UUID} id: I will access “/device/{UUID}/”. Any properties will be stored in “/device/{UUID}/properties/”. Deletion of the device will delete all the contents this device contains. Classical column-families to index data The problem comes with the data we need to index. We can store everything in a registry manner like having a path “/device/by-owner/{UUID}”:["{UUID1}","{UUID2}"]. But it’s just easier to use cassandra secondary indexes have each property of each entity written to the indexed columns of the column family. ...

June 1, 2012 · Florent Clairambault

TC65i development on Mac Os X (or Linux)

This is now on the wiki.

May 23, 2012 · Florent Clairambault

Small updates to the TC65Dev

Changes are: Removed references to the FAQ and the M2MP protocol. Added explanations on how to handle the deployment of multiple versions. Added a quick note on how to use the jazzlib library for gzip compression. The TC65Dev now is on the wiki.

May 1, 2012 · Florent Clairambault

TINC – Simple P2P VPN

The world is full of good surprises, and TINC is definitely one of them. Are you running a distributed system across multiple datacenters? Perhaps you’re using Cassandra or another distributed database? TINC is the networking solution you’ve been looking for. TINC creates a secure, decentralized virtual private network that automatically establishes a fully meshed topology between your nodes. What makes TINC stand out: Zero single points of failure Automatic mesh routing around NAT and firewalls Military-grade encryption Remarkably simple setup I followed these setup instructions and was impressed by how smoothly everything worked - no debugging or log diving required. For anyone managing distributed systems, TINC is a game-changer. ...

March 21, 2012 · Florent Clairambault

Interesting discovery around the TC65 / TC65i

This has moved to the javacint wiki

March 15, 2012 · Florent Clairambault

The Mystery of the Duqu Framework

Update 2012-03-25: It turns out, it’s just some object oriented C: Kaspersky Lab experts now say with a high degree of certainty that the Duqu framework was written using a custom object-oriented extension to C, generally called “OO C” and compiled with Microsoft Visual Studio Compiler 2008 (MSVC 2008) with special options for optimizing code size and inline expansion. Source If you missed it in the news, you should definitely read this: The Mystery of the Duqu Framework. ...

March 11, 2012 · Florent Clairambault

Cassandra

I’m a huge fan of all the cloud technologies. I’ve been working on a M2M project on top of cassandra and I can really say I love this distributed database. I’d like to give my feedback on this great database. Easy management Cassandra doesn’t require any kind of manual management for complex operations like sharding data accross node restore a crashed server or put a new or a previous disconnected node back into the cluster. You just have to tell the nodes to join the cluster and watch him do all the work. ...

February 13, 2012 · Florent Clairambault

cron-apt and the perfect update system

On my spare time, I manage a handful of servers. And even if it’s not really my job, I try to do it well and efficiently. All of them work on Debian because it’s simple to manage. I started using cron-apt a few years ago. I started by upgrading everything automatically, this was a big mistake. I switched to only sending mails on available upgrades and doing the upgrade manually. But this is also quite painful because 95% of the time, it consists in typing “apt-get dist-upgrade -y” and waiting and I have lots more interestings things to do. ...

January 18, 2012 · Florent Clairambault