Running a Web site without static IP with Linux and DynDNS

Dave Farquhar Servers and Networking

I run this Web site without a static IP address. I registered an address at DynDNS.org which, as long as I keep it updated, keeps me on the ‘Net.
In the past I’ve used a Windows-based program to keep my address updated. But the hard drive in that Windows box took leave of its life a few days ago. Somehow my IP address didn’t change for a few days, but then my DSL modem fell off the ‘Net.

Then I found setup instructions for Debian and Dyndns, which solved that problem. There’s a Dyndns client in Debian now, which this document explains, so now my Web server can keep itself online without any help from a Windows box and without me writing any nasty code.

Now, I haven’t tested this theory, but I suspect one could use DynDNS plus DHCP or PPPoE to run a Web site with a registered domain name without paying the extra monthly fee for a static IP address. The trick would be to set up your registered name’s DNS record as a CNAME to your DynDNS name.

Setting up the DNS records is left as an exercise to the reader, mostly because my understanding of it is good enough for me to do it myself, but not to explain it–when I’ve tried in the past, all I’ve succeeded in doing was confusing both of us.

If this isn’t real Christianity, it’s really close

Dave Farquhar Christianity

I’m a bit disillusioned today. Actually the last few days. I don’t deal well with pride and elitism.
Then I read something.

I’m not above a good fight, but I was so tired. I’d been fighting fundamentalist Christians for 20 years, had left my denomination, and had washed ashore with the only congregation that would have someone like me as their pastor. I didn’t have any fight left in me.

So I said the first thing that came to my mind.

“[expletive] A, man. [expletive]-A.”

I have found over the years that with some people, a well-placed “F-bomb” is the best pastoral move I can make. It’s like a conversational “Ctrl-Alt-Delete”. If nothing else works, just reboot and start over.

It’s the story of a hard-cussing preacher and one of his friends. It made me uncomfortable. So did the implied attitude that all you have to do to be a Christian is show up in church on Sunday.

But he had a real point: Show up. Leave the door cracked a little and see if God walks in. You don’t make yourself a Christian. God makes you a Christian.

As for the implication that all you have to do is show up on Sunday, read his own story and you see otherwise. So that apprehension was misguided. And he had Sundays right. Show up. Listen. Sing. Pray. Talk to people. Help put stuff away.

I used to have a church like that and I miss it. The Preacher is one of the most profane blogs I’ve seen. But he’s not wearing a mask. He even says he doesn’t necessarily believe in God all the time. He’s honest and he’s real, and that’s refreshing. I like him even if he makes me a little uncomfortable.

Read about The Preacher and George yourself. Then read The Preacher’s own story.

Network infrastructure for a small office

Dave Farquhar Servers and Networking , , , , , , , , , , ,

We talked earlier this week about servers, and undoubtedly some more questions will come up, but let’s go ahead and talk about small-office network infrastructure.
Cable and DSL modems are affordable enough that any small office within the service area of either ought to get one. For the cost of three dialup accounts, you can have Internet service that’s fast enough to be worth having.

I’ve talked a lot about sharing a broadband connection with Freesco, and while I like Freesco, in an office environment I recommend you get an appliance such as those offered by Linksys, US Robotics, D-Link, Netgear, Siemens, and a host of other companies. There are several simple reasons for this: The devices take up less space, they run cooler, there’s no need to wait for them to boot up in case of power failure or someone accidentally unplugging it, and being solid state, theoretically they’re more reliable than a recycled Pentium-75. Plus, they’re very fast and easy to set up (we’re talking five minutes in most cases) and very cheap–under $50. When I just checked, CompUSA’s house brand router/switch was running $39. It’s hard to find a 5-port switch for much less than that. Since you’ll probably use those switch ports for something anyway, the $10-$20 extra you pay to get broadband connection sharing and a DHCP server is more than worth your time.

My boss swears that when he replaced his Linksys combo router/100-megabit switch with a much pricier Cisco combo router/10-megabit switch, the Cisco was faster, not only upstream, but also on the local network. I don’t doubt it, but you can’t buy Cisco gear at the local office supply store for $49.

For my money, I’d prefer to get a 24-port 3Com or Intel switch and plug it into a broadband sharing device but you’ll pay a lot more for commercial-grade 3Com or Intel gear. The cheap smallish switches you’ll see in the ads in the Sunday papers will work OK, but their reliability won’t be as high. Keep a spare on hand if you get the cheap stuff.

What about wireless? Wireless can save you lots of time and money by not having to run CAT5 all over the place–assuming your building isn’t already wired–and your laptop users will love having a network connection anywhere they go. But security is an issue. At the very least, change your SSID from the factory default, turn on WEP (check your manual if it isn’t obvious how to do it), and hard-code your access point(s) to only accept the MAC addresses of the cards your company owns (again, check your manual). Even that isn’t enough necessarily to keep a determined wardriver out of your network. Cisco does the best job of providing decent security, but, again, you can’t buy Cisco gear at your local Staples. Also, to make it easier on yourself, make sure your first access point and your first couple of cards are the same brand. With some work, the variety pack will usually work together. Like-branded stuff always will. When you’re doing your initial setup, you want the first few steps to go as smoothly as possible.

I’d go so far as to turn off DHCP on the wireless segment. Most wardrivers probably have the ability to figure out your network topology, gateway, and know some DNSs. But why make life easier for them? Some won’t know how to do that, and that’ll keep them out. The sophisticated wardriver may decide it’s too much trouble and go find a friendlier network.

Why worry about wireless security? A wardriver may or may not be interested in your LAN. But that’s one concern. And while I don’t care if someone mooches some bandwidth off my LAN to go read USA Today, and I’d only be slightly annoyed if he used it to go download the newest version of Debian, I do care if someone uses my wireless network to send spam to 250,000 of his closest friends, or if he uses my wireless network to visit a bunch of child porn or warez sites.

Enough about that. Let’s talk about how to wire everything. First off, if you use a switched 100-megabit network, you can just wire everything together and not give much thought to anything. But if you’re using hubs or wireless to connect your desktops, be sure to put your servers on 100-megabit switch ports. The servers can then talk to each other at full speed if and when that’s necessary. And a switch port allows them to talk at full speed to a number of slower desktop PCs at once. The speed difference can be noticable.

Windows potpourri

Dave Farquhar Windows , , , , , , ,

I’ll give some random Windows tips tonight, since it’s getting late and I don’t really want to think. So here’s some stuff I’ve been putting off. So let’s talk utilities and troubleshooting.
Utilities first. Utilities are more fun. So let’s talk about a pair of reader submissions, from Bryan Welch.

Proxomitron. Bryan wondered if I’d ever heard of it because I’d never mentioned it. I’m sure I mentioned it on my page at editthispage.com because I ran Proxomitron for a couple of years. Proxomitron is a freeware proxy server that blocks ads, Javascript, cookies, and just about anything else undesirable. I’ve found that these days I get everything I need from Mozilla–it blocks popups just fine, and I can right-click and pick “Block images from this server” when I run across an objectionable ad, and of course I have GIF animation turned off and Flash not installed. That works for me, and it saves me memory and CPU time.

But if you want more than Mozilla gives you off the shelf, Proxomitron will give it to you. I used to recommend it wholeheartedly. I haven’t looked at a recent version of it but I’d be shocked if it’s changed much. If any of that interests you, I’m sure you’ve already run off to download it. It runs on any version of Windows from Win95 on.

98lite. Most of my readers run Windows 2000 or XP at this point, but about 20% of you are still running Win98 or WinMe. If you want to get a little extra speed, download and run 98lite to remove Internet Explorer and other not-quite-optional-but-mostly-useless cruft. It’s been pretty well established that Windows 9x runs 20-25% faster with IE gone. That’s more improvement than you’ll get from overclocking your CPU. Or from any single hardware upgrade, in most cases.

If you need IE, 98lite can still help you–it can break the desktop integration and speed things up for you, just not as much.

If you’re still running 98, I highly recommend it. How much so? When I was writing Optimizing Windows, Shane Brooks probably would have given me a copy of it, on the theory that its mention in a book would cause at least sales he wouldn’t get otherwise. I mentioned it (I think I dedicated half a chapter to it), but I didn’t ask him for one. I registered the thing. If I liked it enough to pay for it when I probably didn’t have to, that ought to say something.

Troubleshooting. Let’s talk about troubleshooting Windows 2000 and XP.

Weird BSODs in Premiere under Windows 2000. I haven’t completely figured out the pattern yet, but my video editing computer gets really unstable when the disk gets jammed. A power play at church forced me to “fork” my new video–my church gets its edited, censored, changed-for-the-sake-of-change version (pick one) while everyone else gets the slightly longer how-the-guy-with-the-journalism-degree-intended-it version. Re-saving a second project filled up nearly all available disk space and the machine started bluescreening left and right. After I’d done some cleanup last week and freed up over a gig on all my drives, and then defragmented, it had been rock solid.

So if you run Premiere and it seems less than stable, try freeing up some disk space and defragmenting. It seems to be a whole lot more picky than any other app I’ve ever seen. I suspect it’s Premiere that’s picky about disk space and one or more of the video codecs that’s picky about fragmentation. But if you’re like me, you don’t really care which of them is causing the BSODs, you just want it to stop.

Spontaneous, continuous Explorer crashes in Windows 2000. Yeah, the same machine was doing that too. I finally traced the problem to a corrupt file on my desktop. I don’t know which file. I found a mysterious file called settings.ini or something similar. I don’t know if deleting that was what got me going again or if it was some other file. But if Explorer keeps killing itself off on you and restarting and you can’t figure out why, try opening a command prompt, CD’ing to your desktop, and deleting everything you find. (I found I had the same problem if I opened the desktop directory window in Explorer while logged on as a different user, which was how I stumbled across the command line trick.)

I can’t say I’ve ever seen this kind of behavior before. First I thought I had a virus. Then I thought I had a corrupt system file somewhere. I’m glad the problem turned out to have a simple cure, but I wish I’d found that out before I did that reinstall and that lengthy virus scan…

Defragging jammed drives in Windows 2000 and XP. If you don’t have 15% free space available to Defrag (and how it defines “available” seems to be one of the great mysteries of the 21st century), it’ll complain and not do as good of a job as it should. In a pinch, run it anyway. Then run it again. Often, the available free space will climb slightly. You’ll probably never get the drive completely defragmented but you should be able to improve it at least slightly.

The low-end server

Dave Farquhar Servers and Networking , , , , , , , ,

Here’s a good question: What should a small operation do when it gets fed up with its network and is tempted to just chuck it all and start over?
Well, my advice is to start over. But I don’t agree that starting over requires one to chuck everything.

We’ll start with the server. Chances are, these days, you need one. If you’re doing Web and e-mail, you absolutely need one. But to a lot of people, servers are a mystical black box that costs more money than a desktop PC but runs a similar operating system. And that’s all they know.

Here’s what you need to know: A corporate server is built to stricter tolerances than a desktop PC and sometimes uses higher-quality parts (common examples are ServerWorks chipsets instead of Intel chipsets, SCSI instead of IDE, and error-correcting memory instead of the cheap nonparity stuff). You also often get niceties like hot-swap drive cages, which allow you to add or replace hard drives without powering down or opening the case.

They’re generally also better tested, and you can get a support contract on them. If you’re running an enterprise with hundreds or thousands of people relying on your server, you should buy server-grade stuff, and building your own server or repurposing a desktop PC as a server ought to be grounds for dismissal. The money you save isn’t worth it–you’ll pay more in downtime.

But a dozen people won’t hit a server very hard. This Web site runs on a Dell OptiPlex Pentium II/450 workstation. A workstation is a notch above a desktop PC but a notch below a server, in the pecking order. The biggest difference between my Optiplex and the PC that was probably sitting on your desk at work a year or two ago is that my Optiplex has a SCSI hard drive in it and it has a 3Com NIC onboard.

A small office can very safely and comfortably take a reasonably powerful name-brand PC that’s no longer optimal for someone’s desk (due to an aging CPU) and turn it into a server. A Pentium II-350 or faster, outfitted with 256 MB of RAM, a SCSI host adapter and a nice SCSI hard drive, and a 3Com or Intel 100-megabit Ethernet card will make a fine server for a couple of dozen people. (My employer still has a handful of 200 MHz Pentium Pro servers on its network, serving a couple hundred people in some cases.)

This server gets hit about as hard as a typical small business or church office server would. So far this month I’ve been getting between 500 and 550 visitors per day. I’ve served about 600 megabytes’ worth of data. My average CPU usage over that time period is in the single digits. The biggest bottleneck in this server is its 7200-rpm SCSI disk. A second disk dedicated to its database could potentially speed it up. But it’s tolerable.

Hot swappable hard drives are nice to have, but with an office of a dozen people, the 5-10 minutes it takes to power down, open the case, swap drives, and close the case back up and boot again probably doesn’t justify the cost.

A business or church office that wanted to be overly cautious could buy the very least expensive sever it can find from a reputable manufacturer (HP/Compaq, Dell, IBM). But when you do that, you’re paying for a lot of power that’s going to sit there unused most of the time. The 450 MHz CPU in this box is really more than I need.

Jeremy Hendrickson e-mailed me asking about whether his church should buy a new server, and whether it really needed two or three servers, since he was talking about setting up a Samba server for file serving, Apache for Web serving, and a mail server. Running file and Web services on the same box won’t be much of a problem. A dozen people just won’t hit the server that hard. You just make sure you buy a lot of disk space, but most of that disk space will go to file serving. The database that holds all of the content on this site is only a few megabytes in size. Compressed, it fits on a floppy disk with lots of room to spare. Yes, I could realistically do nightly backups of my Web server on floppies. If floppies were at all reliable, that is.

I flip-flop on whether e-mail belongs on the same server. The security vulnerabilities of Web servers and mail servers are a bit different and it would be nice to isolate them. But I’m a lot more comfortable about a Linux box running both being exposed on the ‘Net than I am a Windows box running one or the other. If I had two boxes, and could afford to be paranoid, I’d use two.

Jeremy said his church had a P3-733 and a P2-450, both Dells, due for retirement. I’d make the P3 into a file/print/Web server and the P2 into a mail server and spend the money budgeted for a new server or servers to buy lots of disk space and a nice tape backup drive, since they’d get lots of use out of both of those. A new $1200 server would just buy lots of CPU power that’ll sit idle most of the time and you’d still have to buy disks.

As far as concern about the reliability of reusing older systems, the things that tend to wear out on older PCs are the hard drive and the operating system. Windows deterriorates over time. Server operating systems tend not to have this problem, and Linux is even more immune to it than Microsoft server operating systems. So that’s not really a concern.

Hard disks do wear out. I read a suggestion not long ago that IDE hard disks should be replaced every 3 years whether they seem to need it or not. That’s a little extreme, but I’ve found it’s hard to coax much more than four years out of an IDE disk. Dropping a new SCSI disk or two or three into an old workstation before turning it into a server should be considered mandatory. SCSI disks give better performance in multiuser situations, and are generally designed to run for five years. In most cases, the rest of the PC also has several years left in it.

Later this week, we’ll talk about Internet connectivity and workstations.

Eldred loses, and so do the rest of us

Dave Farquhar Copyright , , ,

It’s obvious from today’s ruling in the Eldred v. Ashcroft case that copyright law will never revert back to what the Founding Fathers had in mind. Corporate interests will be able to continue to buy extensions to copyright law to prevent the overwhelming majority of works made after 1924 from falling into the public domain unless for some odd reason it gets abandoned.
The problem is that when you and I want something, all we have to offer to our congressmen is our vote every two or six years, and maybe a campaign contribution. Disney doesn’t vote, although its employees do, but Disney can give a congressman or a political party more money in a year than I’ll earn in the next decade.

The result is that companies like Disney can profit off the public domain (that’s where they got The Jungle Book–author Rudyard Kipling didn’t make a dime off the Disney movie) without ever putting anything into the pot. Movies like Casablanca, The Wizard of Oz and Gone With the Wind, which would be public domain by now if the Sonny Bono Copyright Act hadn’t passed in 1998, remain locked up.

I doubt the public domain issue is something that’s going to energize the masses enough to force the issue into Congress. At least not in the short term. Most people have no clue what “public domain” means. They just know that around Christmas, suddenly 50 of their cable channels start playing It’s a Wonderful Life 24 hours a day. If any of them ever bother to ask, they find out it’s because the movie is in the public domain and anyone can broadcast it without paying for it. Then they shrug their shoulders and reach for the remote and look for tanks or bulldozers or football.

But this is a battle we have to fight.

Since writing to our Congressmen is futile–I may do it anyway, hoping that maybe my word carries a couple of grams’ worth more weight since I have produced a number of copyrighted works–we’re going to need to resort to something else: Civil disobedience. If a law can’t be counted on to be kept by 70 percent of the populace, it’s not enforcable and the law will chance. The most recent example of this is speed limits.

This doesn’t mean I’m going to run out to Gnutella and Kazaa and download everything in sight. As much as I may disagree with Aimee Mann’s political views, she has more than the right to be paid–she has the need to be paid. She’s not working a steady 40-hour-a-week job so she needs those record royalties to pay her bills. Taking her music without paying for it is no different from withholding my 40-hour-a-week paycheck.

But when the copyright would have rightfully expired by now anyway, I see no moral or ethical problem in taking it.

For example, there’s the Non-US Online Books Page that lists old books that are out of international copyright but not U.S. copyright. Books make you look smart, right? Download them, unwrap them with a text editor like Metapad, and then you can load them into Word and set the font and size to whatever you want. Duplex-print them (or print the odd pages, let the pages cool, then put the pages back in and print the even pages) and comb bind them or put them into cheap $1 3-ring binders, or take up bookbinding as a hobby. Fill up your bookshelves with free books you may not necessarily ever read. Be sure to include legitimate public domain books in your collection as well.

Or, since I know the majority of you won’t do that, amass a huge collection of early ’50s rock’n’roll tunes. The copyrights have expired in Europe. Import cheap European bootlegs, or get them through Gnutella. Share them with friends. Record a shelf full of CDs. If your hobby is music, sample and re-use the living daylights out of them. If you’re a European musician, do us States-siders a favor and use a 1950s-era sample in every song you record so that your colleagues over here start wondering why they can’t do that.

Sometimes civil disobedience is the only way to overthrow oppressive laws.

Finally–GPL antivirus for Linux

Dave Farquhar Linux , , ,

Clamav is a free (GPL) virus scanner for Linux and other Unix systems. It seems to work well. The price is right.
There are very few viruses for Linux, so few that most people don’t waste their time with virus scanning. But if the machine is acting as a server for clients that are vulnerable to viruses–cough–Windows–cough–it’s a good idea to have antivirus software on your server, just so you know your clients are safe.

Debian packages are in Sarge and Sid. Source can be downloaded and built from the link above. Once it becomes better known, it should appear in RPM distributions such as Red Hat in time.

It’s just a scanner, but if it finds an infected file, you can clean it manually with free tools you download elsewhere. Clamav will take care of alerting you, the price is right, and the platform’s right. It’s always been hard to find antivirus software for Linux of any sort, so Clamav is a welcome addition to the family.

We’ll talk a lot more about servers in the coming days.

This unusual case wants to house your next PC

Dave Farquhar Hardware , , ,

The Lope I-Tee computer case is, well, shaped like a T.
When David Huff e-mailed me about it, he called it interesting. I’ll certainly agree with that.

Here’s the idea: You mount the motherboard up against the back plane of the case and put the drives and the power supply up front, yielding a case that’s not as deep as a conventional case and cools better. Allegedly.

I hesitate to write about it because I haven’t worked with one, I haven’t tested one, and I haven’t even seen one. Hmm. I really don’t know anything about it but of course I have an opinion about it. I feel so Slashdotty.

One big advantage of a layout like this is that all the ports are on the side where you can see them and get to them easily. The biggest disadvantage of a layout like this is that all the ports are on the side where you can see them, and depending on the way your desk is set up, they might be on the wrong side.

USB peripherals and front-mount USB ports are the usual cure for fumbling around the back–you can plug your digital camera or other things that move around a lot up there–but plugging your other peripherals in the back hides the cables and prevents things from getting too unsightly. Let’s face it, plugs and cables don’t fit traditional, conventional ideas of a thing of beauty.

On the plus side, cases that disassemble easily are always nice, as are cases that take up less space. But a couple of minutes with my ruler and my ATX cases shows this case isn’t any less deep than most of my mainstream cases, and due to its shape, it is considerably wider. I’d love something that genuinely took up less space on or under my desk, but this case won’t be it.

This case won’t flop on the marketplace though. They claim it improves cooling. Whether that’s true or not doesn’t matter. People buy aluminum cases because they supposedly conduct heat better. The reality is the difference in heat conductivity between expensive aluminum cases and cheap steel cases is nearly zero, and what difference you can measure is more likely due to aiflow than its material. Enthusiast overclockers still buy them anyway, hoping to get an extra 5 MHz out of their overclock. The same kind of people who buy aluminum cases for overclocking will go for the I-Tee, especially if the I-Tee’s cost is close to that of a mainstream case.

I can’t make any recommendations for or against it, based on not seeing it. But I’m willing to go out on a limb and say this–or a design like it–will survive at least as a niche product.

Umm… Don’t water-cool your power supply

Dave Farquhar Hardware ,

I saw a thing on Slashdot this morning about water-cooling your power supply. One word: Don’t.
I’ve worked inside a power supply twice–both times to replace a dead fan. One time I touched a heatsink that picked up a charge from somewhere–either a voltage regulator or a capacitor. Anyway, it really didn’t feel good. Beyond that, it made me jump.

Not a project you want to undertake if you don’t know what you’re doing. And if you do know what you’re doing, you probably already know it isn’t something you want to do be doing. Anyone who uses the word “electric” to describe something pleasant has obviously never experienced anything electric flowing through them.

I’ll pass, thanks.