You might have noticed for xrdp on Debian (but quite possibly with a lot of other Linux tools and other Linux distributions) the user limits (described in /etc/security/limits.conf) are not enforced. Which meant in my case that any session open with xrdp was opened with a max number of open files (nofile) set to 1024. To fix this, edit the file /etc/pam.d/common-session and add the following line: session required pam_limits.so
This is a personal reminder post. The easiest attack one can perform on a web server is opening all the connections and do nothing with it. iptables fortunately has a “connlimit” module to avoid this. If you’re using ufw like me you will want to keep your good integration with it. In the `/etc/ufw/before.rules file, after these lines: # Don't delete these required lines, otherwise there will be errors *filter :ufw-before-input - [:] :ufw-before-output - [:] :ufw-before-forward - [:] :ufw-not-local - [:] # End of required lines You can add this to limit the number of concurrent connections: ...
One of the biggest issue with distributed database is to find the right model to store your data. On a recent project, I decided to use a registry model. The registry idea The idea behind writing a registry is to have an easy way to both store and view data. For a given device that has a {UUID} id: I will access “/device/{UUID}/”. Any properties will be stored in “/device/{UUID}/properties/”. Deletion of the device will delete all the contents this device contains. Classical column-families to index data The problem comes with the data we need to index. We can store everything in a registry manner like having a path “/device/by-owner/{UUID}”:["{UUID1}","{UUID2}"]. But it’s just easier to use cassandra secondary indexes have each property of each entity written to the indexed columns of the column family. ...
This is now on the wiki.
Changes are: Removed references to the FAQ and the M2MP protocol. Added explanations on how to handle the deployment of multiple versions. Added a quick note on how to use the jazzlib library for gzip compression. The TC65Dev now is on the wiki.
The world is full of good surprises, and TINC is definitely one of them. Are you running a distributed system across multiple datacenters? Perhaps you’re using Cassandra or another distributed database? TINC is the networking solution you’ve been looking for. TINC creates a secure, decentralized virtual private network that automatically establishes a fully meshed topology between your nodes. What makes TINC stand out: Zero single points of failure Automatic mesh routing around NAT and firewalls Military-grade encryption Remarkably simple setup I followed these setup instructions and was impressed by how smoothly everything worked - no debugging or log diving required. For anyone managing distributed systems, TINC is a game-changer. ...
This has moved to the javacint wiki
Update 2012-03-25: It turns out, it’s just some object oriented C: Kaspersky Lab experts now say with a high degree of certainty that the Duqu framework was written using a custom object-oriented extension to C, generally called “OO C” and compiled with Microsoft Visual Studio Compiler 2008 (MSVC 2008) with special options for optimizing code size and inline expansion. Source If you missed it in the news, you should definitely read this: The Mystery of the Duqu Framework. ...
I’m a huge fan of all the cloud technologies. I’ve been working on a M2M project on top of cassandra and I can really say I love this distributed database. I’d like to give my feedback on this great database. Easy management Cassandra doesn’t require any kind of manual management for complex operations like sharding data accross node restore a crashed server or put a new or a previous disconnected node back into the cluster. You just have to tell the nodes to join the cluster and watch him do all the work. ...
On my spare time, I manage a handful of servers. And even if it’s not really my job, I try to do it well and efficiently. All of them work on Debian because it’s simple to manage. I started using cron-apt a few years ago. I started by upgrading everything automatically, this was a big mistake. I switched to only sending mails on available upgrades and doing the upgrade manually. But this is also quite painful because 95% of the time, it consists in typing “apt-get dist-upgrade -y” and waiting and I have lots more interestings things to do. ...