When the world is not enough!

Powered By Php

Mysql Logo

Powered By Apache

AroundYou fake rep + Gumtree Scam
Posted by Joel (joelh-website at planetjoel dot com) on Saturday, 15th of June, 2013 - 01:10:43 AM

A friend of mine was scammed by someone who got their details off Gumtree. I'm going to make an attempt to track down who this person is.

Here is the thread on whirlpool I have started to investigate.

/usr/lib/grub/grub-mkconfig_lib line 51 segmentation fault
Posted by Joel (joelh-website at planetjoel dot com) on Sunday, 10th of March, 2013 - 10:19:22 AM

If you receive this error while trying to do an upgrade of your kernel on stable debian, it could be because your device.map is wrong. Try the following:

mv /boot/grub/device.map /boot/grub/device.map.bak

ActionView::TemplateError (no block given) when using find_all
Posted by Joel (joelh-website at planetjoel dot com) on Friday, 11th of June, 2010 - 12:34:47 AM

No block given aye? One of the problems with the magic of rails is that you get very magic error messages back. In my case the fix was to use find(:all) instead of find_all() which has now been deprecated

OpenVPN: Dynamically create IPtables rules based on LDAP group membership
Posted by Joel (joelh-website at planetjoel dot com) on Friday, 14th of May, 2010 - 08:19:21 AM

I'm releasing two small perl scripts I wrote which provide the client-connect and client-disconnect scripts for OpenVPN such that you can dynamically create IPtables firewall rules based on LDAP group memberships. You push out routes to all your internal networks to the user then using IPtables only allow traffic to specific destinations and ports. This allows you to give out customized and limited VPN access, or VPN access based on roles.

Rules are looked up in an LDAP database using the common name of the certificate as the unqiueMember to a groupOfUniqeMembers. Details of how to install it are in the zip.

Currently it only supports TCP protocol. It could easily be extended to support other protocols.

Download: openvpn_ldap_iptables.0.1.zip

Posted by Joel (joelh-website at planetjoel dot com) on Saturday, 10th of April, 2010 - 11:08:45 AM

I signed up my django project to WebFaction. I'm currently evaluating their service and will post my opinion of them once I get the site up and running.

Posted by Joel (joelh-website at planetjoel dot com) on Saturday, 10th of April, 2010 - 11:07:58 AM

I just donated $25USD to Wikileaks. Please go there and watch their latest video, it was very disturbing but its important that you we the war in Iraq as it really is.

Music Blog: Sound Fleet
Posted by Joel (joelh-website at planetjoel dot com) on Saturday, 10th of April, 2010 - 07:33:18 AM

So me and some friends decided it would be a good idea to start up a group music blog.

Its still very fresh but I enjoyed hammering out a few posts. If your also a music lover contact me and we will continue adding you to the blog (after a rigorous interview process of course).

Sound Fleet Blog

Background/Wallpaper Desktop Switcher
Posted by Joel (joelh-website at planetjoel dot com) on Saturday, 10th of April, 2010 - 06:40:42 AM

Was looking around for a good free background desktop switcher, and I found so much crap. Google struggles to find good free software and instead preferences spam websites and commercial software, its very frustrating. Anyway I've started using John's Background Switcher and so far it works great.

Choosing the right SSL certificate
Posted by Joel (joelh-website at planetjoel dot com) on Thursday, 25th of March, 2010 - 11:30:52 AM

Not all SSL certificates are the same, here is a rough round-up of differences:

Verification Levels

There are three basic levels of verification: domain only, domain and business, and domain business and identity of representative. Domain only is actually quite weak authentication when you think about it, it doesn't prove you are who you say you are or that you have the right to use the brand. However to most end-users they won't know the difference and they will see the locked icon. Domain and business is what is typically provided, and they normally require something trivial like a corporate credit card to verify you are the business in question.

Extended Verification is the new standard that requires extra steps by the CA to verify you are actually who you say you are and are the legal entity allowed to trade under that name. See wikipedia's entry for more details. In Firefox an EV certificate will show as a Green box slightly to the left of the URL itself with the company name.


Each SSL provider will give different Indemnity insurance should you someone else fraudulently either use your certificate or your domain coming from the same CA. I think its very rare that people actually need to go down this path

Coverage across browsers

Typically all major SSL providers will be supported on all major OSes out of the box straight away. Some may require you to serve an intermediate chain bundle, which can be a hassle. Revocation


Not all CA's support the ability to revoke certificates - surprisingly to me when I last looked at this only a handful had certificate revocation url's listed. If your serious about your security pick one that does have a revocation URL. Summary


Certificates can vary wildly in cost. Consider the vendors reputation and staying power when considering a certificate, and don't assume more cash means a better product. Consider the interface and flexibility you have in your CSR - all should support uploading a CSR directly.

Encryption Support

All modern certificates should support 256-bit encryption.


If your needs sound basic and simple, I would recommend you purchase something cheap. RapidSSL, InstantSSL, GoDaddy or any of the other large players are all fine.

If you are a bigger player, considered upgrading to a new EV certificate. It gives your site a professional look especially among internet savvy users. The process can be timing consuming so budget extra time to get an EV certificate

. See also: Wikipedia Comparison of SSL certificates.

Subversion Pre-Commit hook to check sudoers file syntax
Posted by Joel (joelh-website at planetjoel dot com) on Tuesday, 6th of January, 2009 - 09:32:23 PM

In my short running series extremely obscure pieces of code that hopefully someone else in the universe will find useful I bring you a pre-commit hook for subversion that checks to make sure your sudoers file has correct syntax. This is useful for us because we have a very large sudoers file and once commited into subversion it will get deployed to all of our boxes. If it contains a syntax error this would be quite nasty.

While coding it I ran into a fun little bug that means if you try and print too much to stderr it hangs which made things a bit more interesting.