Yesterday I have setup a kfreebsd-amd64 (ie GNU/kFreeBSD on an amd64 CPU) build daemon. Its name is shockley.aurel32.net (all my machines are named related to electronics), and it has Sempron 2600+ CPU.

As you can see on the photo, it is still missing a decent case. There are actually two machines on the the photo, the motherboard in the case is maxwell's one (one of the kfreebsd-i386 build daemon), while the one on the top front is shockley's one. That's a bit strange, but the amd64 motherboard needs a power supply with a P4 connector, while the other one only needs a small power supply.

Thanks to Ingo Juergensmann, the kfreebsd-amd64 architecture is now listed on http://buildd.net. As you can see on the graph, this machine is very fast (it only runs for 24 hours!).

Thanks to Ingo Juergensmann, the kfreebsd-i386 architecture is now listed on http://buildd.net. That means that Debian developers can now easily check the state of their packages, and if they fail to build, to find why.

The requirement to appear on http://buildd.net was to use wanna-build and make its output available somewhere on the web. As I was still using a set of (very) ugly shells scripts to handle the build-daemon, I spent a part of the last days to setup wanna-build, and to understand how it works. With wanna-build a lot of thing is automatic, and almost everything could be controled via the mail interface. That would save me some time that I could invest in porting packages to GNU/kFreeBSD.

The machine on the photo below is currently somewhere between France and Switzerland. It runs Debian GNU/kFreeBSD, and will be accessible to all Debian developers. Thanks to Gürkan Sengün, the ETH Zürich will host it.

I am running a build daemon for the Debian GNU/kFreeBSD port. It was a bit overloaded by the high number of packages to build since the CXX ABI transition has begun. I decided to use the old mainboard of my main computer to upgrade it from an AMD K6-2 500 to an Athlon XP 1800+. I also had to buy a new box since the old mainboard was an AT one, whereas this mainboard is an ATX one. The hard disks (an old 8.4 GB IDE disk for the system and an old 4.3 GB SCSI disk for the build daemon stuff) are still a bit slow, that is probably the next thing I'll upgrade.

It runs for a few hours now and has already reduced the backlog. Currently 83% of the Debian packages are built for the kfreebsd-i386 architecture.

I have just upgraded my main computer with a new motherboard and a new CPU. It now has and Athlon 64 3000+ CPU, it is a lot faster than my old Athlon XP 1800+.

I have four SATA disks in a software RAID 5 array, and with my old mainboard the SATA controllers were on two PCI cards. The PCI bus was limiting the maximum transfer rate to about 60 MB/s. My new mainboard has an NForce 3 chipset, which has two SATA controllers connected directly to the HyperTransport bus, so that I can reach 158 MB/s. That's a great improvement!

I have a total of 5 hard-disks, 1 DVD-ROM drive and 1 DVD-RW drive resulting in a lot of cables and a big mess in the mini-tower box, as it could be seen on the photo below. Hopefully I now have less PCI cards as the soundcard, the SATA controllers and the ethernets controllers are now integrated on the mainboard.

Now that the hardware is setup, I'll have to look at the software, as my computer is still running in 32-bit mode.

Sam has got a laptop with a very strange keyboard. Have a look:

No, it's not a DVORAK one.

Actually he explained me he tried to convert the QWERTY keyboard into a DVORAK one, but some of the keys can not be swapped because of the trackpoint. And he is using it as a QWERTY keyboard.

I have got two hardware problems today.

First my UPS died, leaving my servers at home as well as my ADSL modem without any power. The bad thing is that I am not at home, but in Helsinki for Debconf 5, so I had to managed to get it replaced by simple wires, by phone. That was not that easy, because the person that did the changes (thanks a lot Dominique) hasn't my keys, and thus have to get it first.

The second problem I got today concerns my laptop. It seems the memory has not supported the flight to Helsinki, and I had to remove half of it :-(

During the last few days, I experienced a high load on my server (sometimes up to 15). Each time it happens, I observed that apache was unable to serve pages. Restarting it regularly seemed to fix the problem.

Yesterday, I started to investigate the problem. Actually it was "referer spam". The stats of my blog are generated with webdruid and are available on http://blog.aurel32.net/stats/ . Some spammers tried to increase their website's page rank by submitting spoofed referers. It seems that they use zombie hosts, as the requests come from many IPs. The bad thing is that the hosts don't close the TCP connections, causing a lot of apache processes to be unable to serve pages. It's like a DoS, though this was not the aim.

A search on Google gave me a way to stop that. I added the following lines to /etc/wordpress/htaccess:

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://www.spammersite1.com [OR]
RewriteCond %{HTTP_REFERER} ^http://www.spammersite2.com
RewriteRule .* - [F,L]

The load started to go down. Good! I also added a robots.txt, so that the stats pages are not indexed anymore by the search engines (note to the wordpress maintainer: it would be nice to have a /etc/wordpress/robots.txt).

After a day, I grepped the apache logs to find all the zombies IPs, and I blacklisted all of them on my firewall with iptables, ie. 217 IPs!

This event reminds me that my server doesn't have enough RAM and that I should add some more.

My ADSL line was opened yesterday, so I am back on the Internet! Actually during the last two months, I still had an Internet connection, but only though a 56k modem, not really useable for maintaining Debian packages or for doing an "apt-get upgrade" on my machines (and a bit costly).

I am in my apartment for a month, and it tooks two weeks to get the invoice of my telephone line, one more week to get the ADSL line and one more week to get my modem from the post.

The connection is an ADSL2+ connection, so there is enough upload rate to be able to host websites. I moved all my websites to my home server, and I am just waiting the activation of the reverse DNS to be able to host an SMTP server.

In my latest post (Switching to kernel 2.6), I spoke quickly about my firewall. In the comments, I was asked for information about it. So I decided to write a new post.

My firewall is based on a micro-ATX PIII mainboard with an Intel Celeron 600. I know that it is too much for my use (the load is almost always 0), however I already had the mainboard. This processor is one of the slowest processor that the mainboard accepts (the lowest speed is 500 MHz). Anyway that kind of processor is a good choice for such a computer, as it is one of the first processor using a 0.18µm technology, thus it doesn't need a lot of power (for an x86). Using an Aqua 690 heatsink it can run without a fan.

This mainboard has an integrated Ethernet adapter, and 3 PCI ports. I chose to use them to plug three Ethernet adapters, that is to say a total of four. Currently three of them are setup in bridge, but I can later un-bridge one or more ports if I need. It could be useful to plug a WiFi access point, or to create a DMZ for my servers (just for the fun as I am the only user of my LAN).

Instead of using an hard-drive, that makes noise and heat, I chose to use a 256MB Compact Flash instead. I made a CF/IDE adapter using the article published in Elektor (April 2002 for the French edition). It is now possible to find such an adapter in some webshops.

I packed all that stuff in a metal box, with a 120W Shuttle Power Supply. The longest part was to machine the metal, with a drilling machine and a file in my case.

On the software side, this firewall is running Debian, with two scripts of my own using iptables: one for IPv4 and one for IPv6. 256 MB is enough for that and some useful packages (ADSL modem drivers, radvd, ping, traceroute, tcpdump, ethstatus, lm-sensors, snmpd, ntp, logcheck, etc.).

Below is a photo of the inside (sorry for the poor quality, I took it with my webcam as I still don't have a digital still camera):

You can see a fan grille on the front, however there is no fan behind it. I removed it as it was making noise, and was not really necessary. Concerning the processor's fan, I control it using lm-sensors, and it is almost always off, resulting in a very silent firewall.

I used the same box for my servers, however they are using an hard-drive. It is possible to put up to two hard-drives (useful for RAID1) in a such box, if you are using low profile RAM.