Organic Design (blog)

Free SSL certs for everyone!!!

Posted by Nad on 3 de dezembro de 2015 at 12h53min
This post has the following tags: Server
LetsEncrypt is a new Certificate Authority, it’s free, automated, and open! It went public at 18:00 UTC today, and we had our first certificate made within the hour, and documented the procedure here.

The procedure is far simpler than all the back-and-forth of signing and requests that is required with the "legacy" corporate method, you simply install the LetsEncrypt utility on your server and tell it to make all your sites secure! Simple as that! Although we do have a very complicated configuration so I decided to have it just make the certificates and let me adjust the configuration manually - but even that process was eazy peazy lemon squeezy :-)

Here's screenies of Chromium (right), Firefox and SSL labs responses to our fist test domain secured with a LetsEncrypt certificate.

Oba! our net connection just got WAY better!!!

Posted by Nad on 29 de novembro de 2015 at 03h52min
This post has the following tags: Our third year on the land
Our new big antenna's been awesome, it always gets a usable 3G connection (even though it's only zero or one bar signal) and always gets a four or five bar 2G signal. But regardless of that the actual bandwidth has been getting worse and worse - first just in peak hours, but recently the badness has been creeping forward more and more, until often it's been unusable even at 8am!

But then this morning when I connected I noticed that it was a four bar connection, and we're on 3G!!! I tested the bandwidth to see if it was just some weird glitch and we got a consistent download speed of 2-3 megabits! We've never once had more than a single bar on 3G, and the absolute best bandwidth we've ever had is 1 megabit, and that was very intermittent!

All I can think is that a new tower must have finally gone up near by :-)

(At least I really hope that's the case, rather than it being some strange short-lived atmospheric condition or something!)

Update: By midday the signal had gone up to full strength and our bandwidth was consistently over 3 megabits peaking at over four!

Copy-to-sent bug finally fixed after two years!

Posted by Nad on 24 de novembro de 2015 at 08h37min
This post has the following tags: Server
A couple of years ago I configured the server to do the process of copying user's sent emails into the "Sent" mail folder on the server-side rather than the client having to do it since that effectively involves sending the whole message to the server twice. Not only does it have to be sent twice, but for some reason the Thunderbird email client tends to lock up during the copying to sent process for some reason. So I created this addition to our email configuration procedure which gets the server to do the job instead.

But there's one complication. The message that's copied doesn't have the Bcc header as it's been stripped by the time the message gets to the stage of being copied. It's very important that the messages in the "Sent" folder have their Bcc header because you want to know who the message was sent to, and you may also want to modify and re-send the message again.

So the Exim system-filter that copies the message also calls this copy-to-sent.pl Perl script which finds the message that was just copied to the "Sent" folder and then re-builds its Bcc header by getting all the recipients from the Exim \$recipients variable and removing the ones found in the To or Cc headers of the message.

The only problem is that it hasn't worked properly ever since it was made two years ago! It's always added the Bcc header even if there wasn't one and put all the recipients in there including those from the To and Cc headers. I finally got around to adding detailed logging into the script so I could track down the problem - which turned out to be nothing more than a "+" symbol needing to be added into the regular expressions that extract the email addresses from the To and Cc headers.

Yocaholics!

Posted by Nad on 3 de novembro de 2015 at 13h06min
This post has the following tags: Our third year on the land
When we were at Arca Verde we noticed that they were making Tapioca a different way than us, they used a more course sieve and made them really thick. We asked them how they did it because ours don't work if we try to make them thick, we have to make them thin and they're really difficult to get the water content exactly right so they don't break.

It turns turns out there's two different types of Manioc starch, sweet and sour. We've been using sweet, but they use sour, and that makes all the difference. The sour has a sort of cheesie smell when it's raw, but they both taste pretty much the same after you cook them. But the sour starch is a very different consistency and is much easier to work with.

So now we're having Tapioca as part of our meals almost every day instead of bread since it's so easy! And we also add some corn flour too to make it a bit more nutritious :-)

The tarantula in the well

Posted by Nad on 30 de outubro de 2015 at 14h21min
This post has the following tags: Our third year on the land
I was just doing my emails today when I noticed a movement in the corner of my eye, I thought it would probably just be our flatmate Fattie collecting stuff for his new apartment, but it wasn't - it was a huge tarantula! It came from under the house and made its way over to the edge of the vegie patch. She's about 25cm long with her legs stretched out! I got a photo and then went back to my email. Then a couple of hours later it was time to get some water from the well, so I lifted the lid off, and guess who's sitting in there! We carried on collecting out water keeping a close eye on her (actually I don't think they're poisonous or anything), but then she decided it was too much activity for her and she left for the swamp :-)

The super-hail is coming!!!

Posted by Nad on 16 de outubro de 2015 at 08h21min
This post has the following tags: Our third year on the land
What a week it's been! Beth had booked to do two courses at Arca Verde which is an alternative community just out of São Francisco de Paula. One course is about agro-forestry (more commonly known as "food forests" in the west) and the other is a clown course which is all about how to be yourself and find fun in simple things.

Two days before she was due to leave (cycling 50km with a heavy load) the weather turned bad - really bad! It kept pouring and pouring until the river was only a few metres away from our house. The night before we decided to go together to the hill to call our friend Vladimir in Barragem do Salto (the dam) to see if it was passable - we had to wade through a hundred metres of waste deep water to get out of our island to the hill first. Vladimir said the dam was definitely NOT passable, but that he had a boat and could give her a ride to the other side! So we decided not to let the rain beat her and to confront the rain and mud and go for it!

Luckily the next morning the rain was lighter, the river had receded and the path out through the forest was only a foot deep, so the bike could be wheeled out with the panniers all attached and ready. Then more good luck! Beth emailed a few hours after she'd left and said that Maneco (one of the locals) had passed by and gave her a ride with her bike in the back of the car - he took her to Canela and then she got the bus to São Francisco with the bike on board. So in the end she only needed to ride less than 10km from São Francisco to Arca Verde :-)

Beth said that the Agro-forestry course went really well and that she'd learned a huge amount and that the people there were really like-minded, always talking about things we're really interested in such as alternative currencies and alternative power etc. We've actually been there before when Mum and Dad came over for their holiday, but we didn't get much chance to get to know anyone then.

Then after the first course finished disaster struck! An intense storm rolled in with super-hail as big as eggs which badly damaged their roof causing water to pour in and soak every thing. The only reason they didn't cancel the course was because they needed the income from it to pay to fix the damaged roof! But last I heard they had all worked together and got tarps covering the roof and were drying everything out.

We had a hail storm the night before Beth left which was about the size of marbles with a few gob-stoppers thrown in. I was certain the solar panels would be completely smashed, but amazingly when I went up to check in the morning they were all fine! But we have to think of some way to protect the roof and panels from the super-hail, because apparently it's going to get worse and more frequent for the next few months due to el-nino :-(

Gold Bug is real!

Posted by Nad on 23 de setembro de 2015 at 07h38min
This post has the following tags: Our third year on the land
When Pete and me were kids we loved the Richard Scarry picture books such as Cars and Trucks and Things That Go. One of the common features was that may pages would have a tiny gold bug character hiding somewhere such as in the first picture on the below. He's still around these days and even stars in his own book!

We always thought that he was just an imaginary character but yesterday I found that he's real! And he followed Beth and I here to Brazil and has been hiding for four years! He would have stayed hidden too, but he must have slipped and fallen because I found him in the bowl of water in the bathroom :-( Fortunately he was ok and I scooped him out and put him on a piece of wood to dry out. Now he's gone into hiding again :-)

Server OS upgraded from Debian 7.4 to 8.2

Posted by Nad on 9 de setembro de 2015 at 11h02min
This post has the following tags: Server
Debian 8 has been the stable version since April, but I only just got round to upgrading the server today. Even then the main motivation was because of a sudden huge increase in spam which turned out to be due to two things. First we were being blocked from using the domain black-lists, and second because our version of Debian was using version 3.3.2 of [SpamAssassin], but it needs to use at least version 3.4 to make full use of the domain black-lists. Here's an example X-Spam email header showing that we're being blocked:
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,HTML_IMAGE_ONLY_32,
HTML_MESSAGE,T_DKIM_INVALID,T_RP_MATCHES_RCVD,URIBL_BLOCKED,URI_NOVOWEL
autolearn=ham version=3.3.2

The first problem was happening because the black-list services run over DNS, but they will block requests from DNS servers that use their free services too much. We were using our server host's DNS servers which were being blocked because they relay requests to the black-lists from thousands of their clients, but they don't pay for the black-list services. This issue is easily fixed though, we simply needed to set up our own caching DNS server so that when SpamAssassin requests information form the black-lists they're going through our own server that makes only a minimal amount of requests. See Configure mail server for more details.

The best way to fix the second problem was to upgrade the OS because Debian 8 uses SpamAssassin version 3.4.0 which is modern enough to properly support the black lists. Here's an example of what the X-Spam headers are looking like now :-)

X-Spam-Status: Yes, score=11.0 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY,
BAYES_00,HTML_MESSAGE,LOTS_OF_MONEY,MIME_HTML_ONLY,RCVD_IN_BRBL_LASTEXT,
RCVD_IN_XBL,RDNS_NONE,URIBL_BLACK,URIBL_DBL_SPAM,URIBL_SBL,URIBL_SBL_A,
URIBL_WS_SURBL autolearn=no autolearn_force=no version=3.4.0

Another thing that's much more up to date in the new Debian version is our web-server, Nginx. This was only on version 1.2 before but now has gone all the way up to 1.6! This is good news because versions prior to 1.3 had no support for WebSockets, so now our page comments no longer need to use Ajax-polling which is very unresponsive and wasteful.

Vege patch starting to look a bit better :-)

Posted by Nad on 4 de setembro de 2015 at 12h05min
This post has the following tags: Our third year on the land
Wow it's been a long time with no blogging! We were mainly focussing on our meditation practice, but then did our three monthly trip to Caxias to do our shopping which always takes a lot of both mental and physical energy out of us, and takes a few weeks to recover from and get back into our meditative state again. But nothing much has really happened that's worth post a blog item about, except that the vege patch has recently start looking a lot better, here's some pictures of it as of September 2015 :-)

Our flattie Fattie

Posted by Nad on 28 de junho de 2015 at 07h41min
This post has the following tags: Our third year on the land
Fattie's got a nest somewhere under the south extension and wakes up about the same time as us making a lot of noise. He's very curious about yoga and meditation and he usually hangs round with us under the north extension when we do our practices. One time he even came down and sat on Beth's shoulder :-) Most days he goes off to work and comes back in the evening making a lot of noise to say good night. He often comes home briefly at lunch time as well, his main diet is bugs that he finds around the house. We think he's a Corruíra (Troglodytes Musculus), this is a better picture copied from the Brazilian Wikipedia.