The source code that got Apollo 11 to the moon

Blast off! Oh that’s cheesy. If you’re into your code and you’re into your space you may be interested in hearing that the source code for the Apollo 11 guidance computer has been put up on GitHub: Apollo 11 Guidance Computer source code.

Of course the internet is having its way with it right now, filing issues such as adding a pull request that provides an extension pack for picking up Matt Damon. There have also been some important typo fixes that were missed originally that the internet of course has now fixed.

Other issues include a request to modernise the code by adding a Dockerfile. Finally there’s also a request to tidy up the repository, as having all of the source code in the top level is disturbing.

In all seriousness, it is quite an interesting one to have a look around even if you don’t understand it. Just to see how much (rather, how little?) code it took to get man to the moon. This is a part of our history here nerds. Browse it, read it, love it!

My screen keeps going black whenever a video plays and its really annoying

Like most of the posts on this site something’s been bugging me for almost years at this point (ok, a year.. probably less) and it’s finally pushed me over the edge to try to fix it. – My screen keeps going black, seemingly randomly whenever it decides it wants a breather. Let me preface I’ve got an NVIDIA GPU of some sort for the gaming and whatnot. It uses the NVIDIA GeForce control panel to sort its inner workings. If you’ve not got that you might be able to play along here but also you might be out of luck. Let me know in the comments if this helps either way.

Continue reading →

Jetpack thinks I'm lucky. xml_rpc -32700 Try connecting again.

Well here’s one to get into straight away! Recently tried activating Jetpack but had this pop up instead?

Your Jetpack has a glitch. Something went wrong that’s never supposed to happen. Guess you’re just lucky: xml_rpc -32700
Try connecting again.

Error Details: The Jetpack server could not communicate with your site’s XML-RPC URL. Please check to make sure https://icnerd.com/xmlrpc.php is working properly. It should show ‘XML‑RPC server accepts POST requests only.’ on a line by itself when viewed in a browser and should not have any blank links or extra output anywhere.

I’m betting either you have indeed blocked the xmlrpc file (and if you have why would you be here, you know what’s wrong!) or you are using CloudFlare?

Basically the problem is that CloudFlare is blocking access to the URL

http://<yourwebsite>/xmlrpc.php?for=jetpack

Screenshot from 2015-03-31 14:44:56

Unfortunately the only quick solution would be to disable CloudFlare, enable Jetpack and re-enable Cloudflare. I’m uncertain if Jetpack ever really tries to reconnect via this endpoint however, so i might be the case later that your Jetpack plugin stops working again if you do this.

If you absolutely need CloudFlare enabled, I’d say contact their support and see if there’s anything they can do to help you. Otherwise it might be worth either dropping either Jetpack or Cloudflare as unfortunate as that may be.

I’ll check on this in a month or so to see if there’s anything else out there on this issue! Let me know if you have found any other workarounds! Oddly enough it just worked on one of my sites while testing for this article, but not another site. Very odd behaviour. Just to note I’ve currently tried adding a page rule in to bypass caching/security on this specific URL however that did not resolve the issue. I’ll keep trying! 🙂

Are your Steam downloads slow? Fixit fixit fixit!

Well colour my face egg-white. I was complaining a bunch about Steam downloading slowly and it turns out there’s an easy fix if it’s on  Steam’s end and not your own.

Now I’m guessing everyone and their dog knows how to solve this but in case you don’t know I thought I’d chuck up a little thing here. It’s quite a simple fix.

Click up top of the Steam program “Steam” menu option and then Settings and then go to Downloads. Just change the server to another one that’s near by. For me the server it auto-selected was UK – London, which I’m guessing is overloaded as the piles of nerds such as myself download games and updates on a Friday night.

Switched it to UK – Manchester and restarted Steam, my 7 hour download is now going to be done in 15 minutes.

So yeah.. Steam downloads slow? Have a fondle around with the settings, it’s a lot easier than complaining! 🙂

steam-server-settings

Windows 8.1 is here! Hopefully it'll fix some issues.

While I’ve not been able to get it just yet, reports are that Windows 8.1 is being rolled out as I type this. If you’re already on Windows 8 have a peek in the Windows Store and it should be there as an update.
Fingers are very crossed that this fixes the issues we’ve seen in A fix for my Windows 8 laptop dropping wifi connection. Most notably of course the wifi dropping out for no apparent reason.

Other things that have changed are that the Start bar is back! As I say I’ve not seen 8.1 yet but I’ll be sure to uninstall ClassicShell and give it a whirl, probably attach a video or something too. Obviously if you’ve tried it and have any sort of opinion on it (Good or bad!) please do feel free to mention in the comments below!

If you’re more of a cautious sort of person and would prefer someone else jump in first please let me know any specifics you’d like looking at and I’ll make sure to have a poke around in that area.

Changes in 8.1

  • Start button
  • Booting to desktop
  • Organizing the home screen
  • Hot Corners
  • Default/Favourite apps
  • Wallpapers and slideshows
  • App updates

Good lord I hope it doesn’t suck as much as the transition from real Windows to mid-life crisis Windows 8 did.

imatablet

Installed OpenVPN in CentOS 6 – Can't find easy-rsa directory anywhere!

Just a quick one I came across today – I’ve installed OpenVPN but I wasn’t able to find the easy-rsa directory that simplifies the process of creating a server hugely.

If you’re here for the same reason, it’s because it’s not delivered with the install anymore. Good times!

As pointed out by a user in the comments.. it’s in yum just in a separate package. Can’t believe I missed that trick! *facepalm*yum install easy-rsa

I’ll leave the rest of the post here in case it’s ever needed by anybody, but yeah your standard install is in the EPEL yum repo..

Grab it here: https://github.com/OpenVPN/easy-rsa

I’m not sure why it was removed to be honest, and even more honestly I’ve not looked any further into it! Personally I did a git clone on it and then copied out the 2.0 dir cp -r /path/to/easy-rsa/easy-rsa/2.0 /etc/openvpn/easy-rsa

From there it’s the standard usage, edit your ./vars file to suit your environment if needed. Only clean all if this is a fresh install. This all assumes it’s fresh so make sure you CYA!
Personally I also make a link to the keys dir for easy configging ln -s /etc/openvpn/easy-rsa/keys /etc/openvpn/keys

cd easy-rsa
source ./vars
./clean-all
./build-ca
./build-dh
# Go make a cup of coffee, drink it, make another.
# This one takes a moment or two and spams up your terminal with dots and plusses.
# All good stuff really
./build-key-server servername

From here you should probably generate a CSR on the guest nodes and sign the csr using ./sign-req but as my VPN is a simple closed network with keys copied over SSH it’s just quicker to

./build-key guestname
scp ./keys/guestname.{crt,key} ./keys/ca.crt [email protected]:/etc/openvpn/

Copy (using scp of course. Don’t go using FTP or email on me) guestname.crt, guestname.key, ca.key

You’ll reference these files in your server.conf and client.conf configuration files. Let me know if you’d like an OpenVPN client-server config walkthrough/video – I’d have fleshed this one out but there’s thousands of them on them interwebs!

Hope this helps! If you do know why it was removed from the yum package please feel free to teach the wealth in the comment section below, muchly appreciated as always!

Dynamic backend servers with Varnish 3.0

Note:  This only works in Varnish 3 – Varnish 4 removed the DNS director and we’ll have to wait on a VMOD or make one ourselves to get this working in version 4!

Let’s say you’re wanting to host multiple websites on multiple backend servers and you want a single caching reverse proxy in front of all of them to make them super speedy.

For example each of my sites lives in its own OpenVZ container for security purposes as well as super easy backups and restores if needed. Of course I could set up varnish in each container along with httpd and MySQL, however for a bunch of smaller sites this is less efficient than just having one beefy caching proxy in front of all of them as you can then have a relatively full cache server rather than multiple mostly-empty caches.

Please do bear in mind the following guide assumes Varnish is on its own server. If it’s not, be sure to either change the listen port or have your web server listen on an alternate port.

Before getting started you’ll need

  • Backend web servers/sites
  • A working DNS zone to contain internal IPs (e.g. .ws.int, .internal.example.com, etc)
  • Varnish cache 3.0

Firstly if you’ve not done so already, install Varnish 3.0.

CentOS / RHEL

CentOS/RHEL 5

rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release-3.0-1.el5.centos.noarch.rpm

CentOS/RHEL 6

rpm --nosignature -i http://repo.varnish-cache.org/redhat/varnish-3.0/el6/noarch/varnish-release-3.0-1.el6.noarch.rpm

Then do a

yum install varnish

Debian / Ubuntu

curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
echo "deb http://repo.varnish-cache.org/debian/ wheezy varnish-3.0" >> /etc/apt/sources.list
apt-get update
apt-get install varnish

We’ll then set up our varnish server how we like it. In CentOS you’ll want /etc/sysconfig/varnish, Debian keeps it in /etc/default/varnish I believe. It’s probably wise to grab a spare copy of the file before we modify it – Just in case.

Replace the contents with the following, changing the settings to fit your environment. This’ll mainly be the options VARNISH_LISTEN_ADDRESS and VARNISH_STORAGE_SIZE

VARNISH_RUN_USER=varnish
VARNISH_RUN_GROUP=varnish

# Maximum number of open files (for ulimit -n)
NFILES=131072
# Locked shared memory (for ulimit -l)
# Default log size is 82MB + header
MEMLOCK=82000
# Maximum number of threads (for ulimit -u)
NPROCS="unlimited"
# Maximum size of corefile (for ulimit -c). Default in Fedora is 0
# DAEMON_COREFILE_LIMIT="unlimited"

RELOAD_VCL=1

# # Should probably change this
VARNISH_VCL_CONF=/etc/varnish/default.vcl

# # Not setting VARNISH_LISTEN_ADDRESS makes Varnish listen on all IPs on this box
# # (Both IPv4 and IPv6 if available). Set manually to override this.
# VARNISH_LISTEN_ADDRESS=
VARNISH_LISTEN_PORT=80

# # Telnet admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082

# # Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret

# # The minimum number of worker threads to start
VARNISH_MIN_THREADS=50

# # The Maximum number of worker threads to start
VARNISH_MAX_THREADS=5000

# # Idle timeout for worker threads
VARNISH_THREAD_TIMEOUT=120

# Best option is malloc if you can. malloc will make use of swap space smartly if
# you have it and need it.
VARNISH_STORAGE_TYPE=malloc

# # Cache file size: in bytes, optionally using k / M / G / T suffix,
# # or in percentage of available disk space using the % suffix.
VARNISH_STORAGE_SIZE=2G

VARNISH_STORAGE="${VARNISH_STORAGE_TYPE},${VARNISH_STORAGE_SIZE}"

# # Default TTL used when the backend does not specify one
VARNISH_TTL=60

# # DAEMON_OPTS is used by the init script.  If you add or remove options, make
# # sure you update this section, too.
DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT}
             -f ${VARNISH_VCL_CONF}
             -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT}
             -t ${VARNISH_TTL}
             -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT}
             -u ${VARNISH_RUN_USER} -g ${VARNISH_RUN_GROUP}
             -S ${VARNISH_SECRET_FILE}
             -s ${VARNISH_STORAGE}"

Now that we’ve got our config sorted we need to edit the config file that tells Varnish what to do with various requests and whatnot. In the example above it’ll be /etc/varnish/default.vcl – but will be whatever you set VARNISH_VCL_CONF to be.

Again it is worth grabbing a copy of your current config (or the sample) in case you need it later.

In here we want the following config. Be sure to modify as required.

In the director’s .list you’ll need to change the range that Varnish allows as backends. Please don’t set this to a /8 or anything too big (/24s at most work nicely I’ve found) else it’ll take forever for Varnish to start up. A /8 means Varnish will attempt to make 16 million or so backends.. Yeah.

It does need to allow for all possible backend IPs however. If the IP you set later in DNS doesn’t exist here Varnish wont try to connect to it and will output an error. You can specify each IP as a /32 if you like, but in my case I know all of my web servers will have a 10.5.0. IP so “10.5.0.0”/24 works nicely.

Also change the .suffix option from .ws.int to the internal DNS zone you’re using, e.g. .internal.example.com

/* Does a DNS lookup on .ws.int
 * if result is one of the listed IPs, use that IP as backend
 */

director default dns {
    .list = {
        .port = "80";
        .connect_timeout = 5s;
        .first_byte_timeout = 600s;
        .between_bytes_timeout = 600s;
        .max_connections = 10000;
        "10.5.0.0"/24;
    }
    .ttl = 1m;
    .suffix = ".ws.int";
}

acl purge {
    "127.0.0.0"/8;
    "10.0.0.0"/8;
}

sub vcl_recv {
    set req.grace = 10s;

    if (req.request == "PURGE") {
        if (!client.ip ~ purge) {
            error 405 "Not allowed.";
        }
        return (lookup);
    }

    if (req.request != "GET" &&
        req.request != "HEAD" &&
        req.request != "PUT" &&
        req.request != "POST" &&
        req.request != "TRACE" &&
        req.request != "OPTIONS" &&
        req.request != "DELETE") {
           /* Non-RFC2616 or CONNECT which is weird. */
           error 405 "Not allowed.";
        }

    if (req.request != "GET" && req.request != "HEAD") {
         /* We only want to cache GET and HEAD */
         return (pass);
    }
    if (req.http.Authorization || req.http.Cookie) {
        /*
         * Not cacheable by default. Usually means its an authenticated request,
         * which we don't want to accidentally server to another user
         */
        return (pass);
    }

    /* Otherwise we're good. Send it to the cache logic */
     return (lookup);
}

sub vcl_pipe {
     return (pipe);
}

sub vcl_pass {
     return (pass);
}

sub vcl_hash {
     hash_data(req.url);
     if (req.http.host) {
          /* Add the requested domain/virtual host to the hash */
          hash_data(req.http.host);
     } else {
          /* Server IP if it's not specified */
          hash_data(server.ip);
     }
     return (hash);
}

sub vcl_hit {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
return (deliver);
}

sub vcl_miss {
    if (req.request == "PURGE") {
         purge;
         error 200 "Purged.";
    }
    return (fetch);
}

sub vcl_fetch {
    /* How old should we allow the cache to be if the backend server doesn't respond? */
    set beresp.grace = 10m;
    set beresp.http.Vary = "Accept-Encoding";

    if (beresp.ttl <= 0s ||
        beresp.http.Set-Cookie ||
        beresp.http.Vary == "*") {
            /*
             * Mark as "Hit-For-Pass" for the next 2 minutes
             */
             set beresp.ttl = 120 s;
             return (hit_for_pass);
         }
    return (deliver);
}

sub vcl_deliver {
    /* It's a bit paranoid, but lets not show all of our cards to the other players */
    remove resp.http.X-Varnish;
    remove resp.http.Via;
    remove resp.http.X-Powered-By;
    remove resp.http.X-Secure;
    set resp.http.Server = "Apache";
    return (deliver);
}

sub vcl_error {
    set obj.http.Content-Type = "text/html; charset=utf-8";
    set obj.http.Retry-After = "60";
    synthetic {"<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset='utf-8'>
<title>503 Service Unavailable</title>
<style>
::-moz-selection{background:#b3d4fc;text-shadow:none}::selection{background:#b3d4fc;text-shadow:none}html{padding:30px 10px;font-size:20px;line-height:1.4;color:#000;background:#f0f0f0;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}html,input{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif}body{max-width:1024px;_width:1024px;padding:30px 20px 50px;border:1px solid #b3b3b3;border-radius:4px;margin:0 auto;box-shadow:0 1px 10px #a7a7a7,inset 0 1px 0 #fff;background:#fcfcfc}h1{margin:0 10px;font-size:50px;text-align:center}h1 span{color:#bbb}h3{margin:1.5em 0 .5em}p{margin:1em 0}ul{padding:0 0 0 40px;margin:1em 0}.container{max-width:960px;_width:960px;margin:0 auto}
</style>
</style>
</head>
<body>
<div class='container'>
<h1>503 Service Unavailable</h1>
<p>Apologies, it appears the server handling this request is unavailable, overloaded or just completely broken..</p>
<p>Please try again later</p>
</div>
</body>
</html>"};
    return (deliver);
}

sub vcl_init {
    return (ok);
}
sub vcl_fini {
    return (ok);
}

Now you’re free to start Varnish up!

service varnish start

To finish it off and make it all work add a web server by adding an A-record to the internal zone. For example if icnerd.com was served by a machine on 10.5.0.6 you’d configure an A record icnerd.com.ws.int. with the IP of 10.5.0.6 and as low a TTL as you can possibly set.
If your nameservers support it you can also set a wildcard record *.icnerd.com.ws.int. too, or just www.icnerd.com.ws.int. and any other domains you’d use to access this site.

When you request icnerd.com through the Varnish server we set up above, it’ll now connect to 10.5.0.6 on port 80 as its backend, caching anything it can. Awesome.

To have Varnish do a new lookup on a backend server (e.g. the backend’s IP has changed) issue a service varnish reload to have it re-lookup the domain without losing its cache.

From here the world is your oyster, because Drew, that’s all the world really is. Maybe you could have a script automatically provision web servers and add them to DNS, issuing a reload to Varnish when done. Good stuff.

Hope this helps!

Webserver down: "Invalid command ‘php_value’"

Well this one took me by surprise I’ll say. It’s never fun when Zabbix lights up saying half of your websites have dropped out!

Starting httpd: Syntax error on line 31 of /etc/httpd/conf.d/php.conf:
Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration [FAILED]

Firstly DO NOT comment out the bottom two lines as some sites have recommended. The reason being this will allow your webserver to start up however PHP will not be processed, dumping all of your site’s code into the browser as plain text for anyone to see!

To summarise what happened I had done a yum update which bumped up php – apparently the Atomicorp (Atomic Rocket Turtle RPM Repository) repo I use had a bit of trouble with their packages, meaning the php.conf that ends up in /etc/httpd/conf.d/php.conf was a tad broken.

If you’re just in a bit of a panic rush like I was and would just like the quick fix, I had to add the following back to the very top of the file above everything else and then restarted httpd ( service httpd restart )

#
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages.
#
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
<IfModule worker.c>
LoadModule php5_module modules/libphp5-zts.so
</IfModule>

Hoping this helps you quicker than it took me to find the fix! I’m not sure if the issue has been fixed at atomic, only a couple of my web servers were affected by this while they’re all at the same version of php. Luckily it was just dev server for ICNerd that was affected by this issue.

A couple of other sites did flail off the internet into a broken php abyss though 🙁

Update: All of the sites using this repo were affected, they just hadn’t tried restarting or reloading httpd configs yet… that was fun

 

Side note. The featured image in this post is from openclipart: nuclear explosion by tzunghaor