Greylisting

I’ve just installed postgrey at webthing.  So I’m (experimentally) greylisting incoming mail.

Since people say greylisting is so effective, I’m also dropping the more fallible part of my existing spam filtering as part of the experiment.  Blacklist access restrictions and sbl-rbl remain in effect, along with basic SMTP well-formedness checking.  But all pattern-matching on message headers and bodies is suspended, as part of the experiment.

If greylisting is as effective as many folks claim for it, I’ll make that a permanent change.  Time will tell!

Virtualised!

My slice is up-and-running, and all major services appear to work, though there’ll doubtless be glitches.  Yesterday I updated DNS to point to it, after Richard contacted me to say they’re clearing out the old datacentre over the weekend.  This morning, DNS has propagated to my ISP and no doubt much of the ‘net, so next time you contact anything I run, it’ll be on the new slice.

There were a couple of minor panics in setting it up, when things didn’t compile first time.  libhtnorm (the backend for AccessValet) was an unexpected scare when it showed a bunch of unresolved C++ symbols.  But it turned out to be just the linker that was different, so it worked fine when I explicitly loaded libstdc++.so.  Other Site Valet tools required some very minor troubleshooting, but only at a sysop level (no programming).  My main fear proved unfounded as mod_validator required nothing more exciting than the latest Xerces package and an OpenSP build with the right options.  ApacheTutor also needed some trivial work, to compile mod_xmlns against the expat version installed on the new slice.

I’m still thinking about how best to add a note to pages served, and invite users to report anything that’s broken in the move.  Of course I can use mod_publisher to insert a notice, and the stumbling block is to work out the page design with the notice in for each site affected.  All my sites need an overhaul anyway.

Anyway, it’s farewell to Openia, who have done a great job hosting the server over several years.  A special thanks to them for sponsoring it when WebThing was struggling with no money.

Server Upgrade

I just upgraded webthing.com and apachetutor.org to Apache 2.2.5 today, after basic testing over the weekend. No change or recompilation required for any of the libraries, nor to my own or third-party modules.

mod_proxy_html 3.0

WebThing Ltd is pleased to announce Version 3.0 of mod_proxy_html.  This is the first major update in three years to WebThing’s most popular module for Apache httpd 2.x.

mod_proxy_html is a filter module to rewrite the links in an  HTML page on-the-fly.  It is an essential component of a reverse proxy, where pages coming from the backend server may contain links that are valid only within a private network, and would be unresolvable to users of the proxy.

mod_proxy_html was first published in 2003.  In July 2004, Version 2 added support for links in scripts and stylesheets, basic internationalisation, regular expressions, <META> parsing, and verbose logging for debugging/diagnostic help.

A development version of a major update destined to be Version 3 was first published in December 2006.  Initially this had problems, but since the most recent fixes made in June 2007, reports have indicated it working well.  Today it has been packaged and released as Version 3.0.0 at http://apache.webthing.com/mod_proxy_html/

The principal changes in Version 3 include:

• Much improved internationalisation/charset support.
• Configurable to support proprietary HTML variants (defaulting to standard HTML).
• Flexible configuration with environment variable interpolation and conditional rules.
• Improved robustness against malformed HTML, and partial validation and correction.

All new features are documented, but some new topic-guides still need to be written to expand and ultimately replace the Technical Guide.

As ever, feedback, bug reports and feature requests are encouraged.

Splat!

I can’t leave this unblogged.  John was right behind me at the time, and won’t let me forget it if I try.

The UK tax year for personal tax ends on April 5th.  So this is the time of year to decide how to optimise our tax affairs, and specifically what kind of a dividend WebThing should pay (assuming we can afford it).

So yesterday evening, we got together to look over the figures.  Of course, we wanted a nice venue for a meeting, and that (alas) implies an out-of-town pub.  I suggested the Peter Tavy Inn, somewhere that looks decent but that neither of us knew (if we’d really hated it, the Elephant’s Nest is nearby as a fallback).  Anyway, the pub was fine, which is nice to know.

It’s too far to walk, so we cycled, using the little country lanes in the dark.  My normal bike is dead, with a big crack in the top tube, so I was on the company bike, a folder whose purpose is to combine easily with public transport on business travel.  It has small wheels, and less stability on a rough road than a full-size bike.

The outward journey is mostly uphill, for which my little LED front light is adequate.  But there’s one substantial downhill stretch, leading to a right turn at a tiny crossroads.  And I could hear a car engine somewhere behind.  Hmm, well, I’ve got to find the right turn, in the dark, on the downhill.  That might mean some faffing about.  Best not to do that with a car behind, so let’s find somewhere to let it pass.

Is that brighter light from behind John’s bike light, or car lights at a greater distance?  Try to look at too many things at once; get confused by a farm gate on the left as the road bears right.  Put the front wheel off the side of the road.  Front wheel stops; everything else, including me, goes over it.  Aaargh!

And no car: it had already turned off at the top of the hill!

No damage done, except to my (already-knackered) glove.  But John told me it was quite impressive to look upon from behind!

After our meal and meeting, we returned along the main road.  I dislike main roads whilst on the uphill (and therefore breathing hard), but that’s much less of a problem when heading in the downhill direction.  And of course, with the main road being wider than the overhanging vegetation, having a smoother surface, etc, it’s safe to ride at downhill speeds.

Apache/APR/MySQL packaging

My attention has just been drawn to Debian bugs 395959/403541 re: packaging the MySQL driver in apr-util. This is a legal problem of meeting the terms of all licenses involved.

That’s bad, because I believe packagers such as Debian are precisely the people best placed to make this integration available to end-users. Speaking as a key holder of the intellectual property in question, maybe I can help. I just posted an entry to the Debian bug tracker, but I’m not sure how that works. So I’ll blog it here for the record.

---

Hi,

Joachim has just drawn my attention to this report.

I am the original developer of the MySQL driver, and it was originally my decision to license it under the GPL. I’m also director of WebThing, and a member of the Apache Software Foundation (though not, in this message, speaking in an official capacity).

I’m not dogmatic about the licensing, and I’d be happy for it to change if it helps, subject to the constraints of the other licenses involved. Originally I’d have been more dogmatic about it, because apr_dbd_mysql released under the Apache license seems to risk undermining MySQL’s GPL rights, and I didn’t want to be responsible for that. However, MySQL AB has made it clear that they are happy to live with that: indeed, they explicitly name APR and the Apache license at http://www.mysql.com/company/legal/licensing/foss-exception.html

So the sticking point is no longer the GPL, but rather ASF policy, which does not permit us to distribute anything that would impose restrictions on our users, over and above those in the Apache License. The ASF takes the view that to take advantage of MySQL’s exception risks leaving our users in limbo. That clearly doesn’t apply to Debian: your primary license is after all the GPL.

A quick google reveals that some Linux distros have apr_dbd_mysql as a separate (RPM) package, and have presumably built apr-util to enable dynamic loading of a DBD driver. This seems to me an excellent solution.

I hope Debian will see a way to make this available for your users. If I can help, please ask.

2005 Accounts

Apparently 2005 company accounts have to be sent to the proper authorities by the end of the month. So today I signed them off, after getting John to explain some of the subtleties.

For the first time since 1998, we have both an adequate salary to me and a profit. Can’t complain.