Server (blog)

From Organic Design

Saying NO to Mircrosoft[edit]

Posted by Nad on 9 June 2018 at 20:28
This post has the following tags: Server
As you've probably heard, Microsoft is acquiring GitHub for $7.5 billion. Github is a web-based system for managing source code using the Git version control system originally developed by Linus Torvalds for the devlopment of the Linux kernel. Github hosts almost sixty million code repositories, half of them public. Although Organic Design hosts its own repositories, it also maintained mirrors on Github. But as fierce advocates for libre software and opponents of the corporate agenda, we will no longer continue using Github now that it is owned by Microsoft.

We've now moved to GitLab which is very similar to GitHub and so was a simple migration process, but really this is not a long term solution because the same thing will happen to GitLab as well when they get very popular. We need to move our code management into one of the many new decentralised options, and so research into these is now under way :-)

A lot of other people are moving to GitLab as well in response to the acquisition, they conveniently released this migration tutorial the day before, the comments clearly reveal the frustration of the community such as "Microsoft buys Github are the most evil words I've ever read" and "I hope that all my favourite OSS projects move away from M$ Github". One thing I learned about GitLab from the comments is that it's fully transparent and open source itself, you can install GitLab on your own server!

Server move complete (again)[edit]

Posted by Nad on 31 May 2018 at 00:56
This post has the following tags: Server
It was only a month and a half ago that we completed the move of our server from Codero in the US to AbeloHost in the Netherlands, but unfortunately that just wasn't working out. They're really nice guys, prices are good and support is responsive, but a lot of dodgy spammers, botnet controllers and phishing sites have been using their service and their IP address range has gained a very bad reputation as a dirty host full of crime & abuse! This meant that a lot of the emails sent from our server were being rejected by other mail servers, so we've now just completed yet another move - we're still in the Netherlands covered by Dutch privacy law, but now we're with AltusHost on a clean IP address :-)

We've also just moved all our .nz domain names from to for the same reason that initiated the server move - our financial situation is in limbo at the moment and we've become part of the infamous "unbanked" so we need to move to services that accept crpyto as a payment option. As it turned out Gandi not only accepts crypto, but is also 30% cheaper than Webdrive :-)

Server move to Netherlands complete[edit]

Posted by Nad on 16 April 2018 at 17:49
This post has the following tags: Server
Over the weekend we've moved the server from Codero in the US to the Dutch hosting company Abelohost. Apart from a few small email glitches, the move went very smoothly. The US has been stamping out liberties like there's no tomorrow, and Internet privacy is one of the worst hit areas with abominations like the CLOUD act being signed in. This along with the fact that Codero have never responded to requests I've been making to them for over three years to accept crypto-currencies as a payment option has finally prompted OD to leave and head for greener pastures. We chose the Netherlands as our new digital home because Dutch law takes privacy much more seriously than most other countries in the world, especially the US where the very concept of privacy has been rendered virtually non-existent now. Abelohost use the 100% Dutch Serverius data-center and they accept over fifty different Crypto currenies for payment :-)

We're now running Debian 9, Nginx 1.10, PHP 7 and NodeJS 8.11. All the wikis are running MediaWiki 1.30 which is the first time ever that everything's completely up to date![edit]

Posted by Nad on 17 November 2016 at 09:51
This post has the following tags: Server
Nosso nome de domínio "organicdesign" é muito difícil para os Brasileiros, e também muito difícil para explicarmos esse endereço para outras pessoas. Por isso, eu comprei um novo domínio - agora o endereço do nosso blog é muito simples: Oba!

Obs: Os outros domínios ainda funcionam, esse novo endereço é só para explicar para outras pessoas mais fácil.

Free SSL certs for everyone!!![edit]

Posted by Nad on 3 December 2015 at 19:53
This post has the following tags: Server
LetsEncrypt is a new Certificate Authority, it’s free, automated, and open! It went public at 18:00 UTC today, and we had our first certificate made within the hour, and documented the procedure here.

The procedure is far simpler than all the back-and-forth of signing and requests that is required with the "legacy" corporate method, you simply install the LetsEncrypt utility on your server and tell it to make all your sites secure! Simple as that! Although we do have a very complicated configuration so I decided to have it just make the certificates and let me adjust the configuration manually - but even that process was eazy peazy lemon squeezy :-)

Here's screenies of Chromium (right), Firefox and SSL labs responses to our fist test domain secured with a LetsEncrypt certificate.

Ssllabs likes letsencrypt cert.jpg

Copy-to-sent bug finally fixed after two years![edit]

Posted by Nad on 24 November 2015 at 15:37
This post has the following tags: Server
A couple of years ago I configured the server to do the process of copying user's sent emails into the "Sent" mail folder on the server-side rather than the client having to do it since that effectively involves sending the whole message to the server twice. Not only does it have to be sent twice, but for some reason the Thunderbird email client tends to lock up during the copying to sent process for some reason. So I created this addition to our email configuration procedure which gets the server to do the job instead.

But there's one complication. The message that's copied doesn't have the Bcc header as it's been stripped by the time the message gets to the stage of being copied. It's very important that the messages in the "Sent" folder have their Bcc header because you want to know who the message was sent to, and you may also want to modify and re-send the message again.

So the Exim system-filter that copies the message also calls this Perl script which finds the message that was just copied to the "Sent" folder and then re-builds its Bcc header by getting all the recipients from the Exim $recipients variable and removing the ones found in the To or Cc headers of the message.

The only problem is that it hasn't worked properly ever since it was made two years ago! It's always added the Bcc header even if there wasn't one and put all the recipients in there including those from the To and Cc headers. I finally got around to adding detailed logging into the script so I could track down the problem - which turned out to be nothing more than a "+" symbol needing to be added into the regular expressions that extract the email addresses from the To and Cc headers.

Server OS upgraded from Debian 7.4 to 8.2[edit]

Posted by Nad on 9 September 2015 at 18:02
This post has the following tags: Server
Debian 8 has been the stable version since April, but I only just got round to upgrading the server today. Even then the main motivation was because of a sudden huge increase in spam which turned out to be due to two things. First we were being blocked from using the domain black-lists, and second because our version of Debian was using version 3.3.2 of [SpamAssassin], but it needs to use at least version 3.4 to make full use of the domain black-lists. Here's an example X-Spam email header showing that we're being blocked:
X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,HTML_IMAGE_ONLY_32,
	autolearn=ham version=3.3.2

The first problem was happening because the black-list services run over DNS, but they will block requests from DNS servers that use their free services too much. We were using our server host's DNS servers which were being blocked because they relay requests to the black-lists from thousands of their clients, but they don't pay for the black-list services. This issue is easily fixed though, we simply needed to set up our own caching DNS server so that when SpamAssassin requests information form the black-lists they're going through our own server that makes only a minimal amount of requests. See Configure mail server for more details.

The best way to fix the second problem was to upgrade the OS because Debian 8 uses SpamAssassin version 3.4.0 which is modern enough to properly support the black lists. Here's an example of what the X-Spam headers are looking like now :-)

X-Spam-Status: Yes, score=11.0 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY,
	URIBL_WS_SURBL autolearn=no autolearn_force=no version=3.4.0

Another thing that's much more up to date in the new Debian version is our web-server, Nginx. This was only on version 1.2 before but now has gone all the way up to 1.6! This is good news because versions prior to 1.3 had no support for WebSockets, so now our page comments no longer need to use Ajax-polling which is very unresponsive and wasteful.