Blog Without An Important Name

I now have the maximum possible number of assurance points for CACert, 150. This means two things. One is that I can now get SSL and email certificates that last two years, and the other is that I can now allocate points to others.

So if anyone who happens to be in the same place as me (generally Dunedin, but right now various bits of Australia) wants some, they should get in touch.

A nice side effect is that there is now enough people in Dunedin to get another person up to the required 100 points so they can then allocate them, so the region can now bootstrap itself fairly easily.

I’ve finally gotten around to putting all my kallisti.net.nz stuff onto a real server. Well, I guess it’s not a real server, as it doesn’t actually exist anywhere. But it’s a real virtual server, as opposed to the quaint Pentium Celeron 466 that was doing the job.

It’s now hosted by TekTonic, who do a pretty good deal for a fairly minimal unmanaged virtual server. It’s the first one of those listed that I’ve got. The CPU is more than enough for what I’m going to be doing, and the bandwidth is many times better than the 256k/128k that the old server was on. The only catch really is the disk, I have not too far off 10G of stuff to put on it. Of course, I guess I could delete some email or something…

I’m hoping that someone builds a system that lets me use Amazon S3 to store the photos in gallery, that’ll make life a lot easier, as then I won’t have to worry about space on it at all.

Anyway, the migration is still in progress. Jabber.kallisti.net.nz was moved first, as that was pretty easy, and I now have www.kallisti.net.nz on there, except gallery. Now it’s just the other websites that are hosted there, and finally the mail. Mail is going to be the most tricky, as new mail will always be coming in, and it has a fairly complex setup. A curious side-effect of it being split up like this, is that if one webmail user sends an email to another webmail user, it will travel to the US and back up to four times, as it’s stored in NZ, the webmail runs in the US, and then that’s likely to be viewed in NZ again. However, this will become a little more sane soon I hope.

The eventual upshot of this is that for the first time in years, I won’t have to have a computer running in my bedroom 24/7

The default install of Webalizer on Debian doesn’t perform DNS lookups on the log files, although it is capable of it. There are three ways of getting Webalizer to do this, in rough order of recommendedness: 1) make your webserver do the lookups when it writes the logfiles (this makes your webserver slower, and has been a source of vulnerabilities in the past), 2) use logresolve to pre-process your log files (logresolve isn’t included in Debian sarge), and 3) tell webalizer to do it.

Making webalizer do it is pretty easy, simply add lines similar to the following in /etc/webalizer.conf:

DNSCache /var/log/apache2/dns_cache.db
DNSChildren 5

The first tells it where to put it’s cache file, the second tells it how many resolutions to do at once. The higher, the faster, but also the higher load on the system.

If you add these lines to the config, keep in mind that only new entries will be updated, and so it won’t be until the next month rolls around that you have a complete statistics by domain name.