I helped Robbster out on #clug today, building php4 for feisty (it’s been dropped after edgy, in favour of php5). If you want to install it, don’t care about security holes, and want to use the debs I created, add this line to your apt sources list, and go wild:

If on the other hand you want to know how to do it (so when the next PHP security hole appears tomorrow, you can build the latest version yourself), read on:

I’ve never used pbuilder before, so it was fun:

Edit /etc/pbuilderrc to point to your closest mirror, and uncomment the COMPONENTSline (so that you get universe included)

Now pbuilder is ready for work. Get the latest sources from debian (Download those 3 files at the end, dsc, orig.tar.gz and diff)

Sit back and watch…

When it’s done, you probably want to create a trivial repository of your debs:

Then add this to your sources.list

Wohoo. Remember to watch out for those security holes…

I’ve just spent an afternoon tweaking an OpenVPN install, and I thought it would be a good idea to document it here. Not the world’s most interesting post, but it’s my method, and I want to document it.

OpenVPN:

The best solution I found was to have the server on it’s own subnet:

This sets up a Windows-friendly, routed OpenVPN. (TAP32, the windows tap driver, can’t handle arbitrary IP routed VPNs, each link has to have a private /30 network)

Then, the Windows client side:

This is nice and simple, and has the advantage of pulling a lot of configuration from the server rather than statically storing it on the client.

WPAD:

My network has Proxy Autodetection. While I wanted DNS queries to go through the VPN, I didn’t want web traffic to. (DNS through vpn, is ugly, but necessary for finding private servers).

My solution was: dnsmasq.conf:

Apache, default site config snippet:

And a fallback, in-case the wpad is already cached, this at the top of the wpad:

I’ve spent some hours wasted on CLUG Park :-) Here are some improvements:

Rafiq is back:

I’ve been trying to get him to give me a feed to only his posts, but got no response. For a while, I told the park that his feed was http://www.webaddict.co.za/we-need-a-feed-for-rafiq-only-for-clug-park/, to make my point in 404s in his apache logs, but that didn’t bring me a reply, either :-)

So now I’ve got an XSLT filter in place that strips out other webaddict’s posts.

The Atom feed now has the person’s name at the beginning of the title (like the RSS feed has)

Rainy weather in Cape Town…

This cave is only really big enough for one, but that doesn’t stop them :-)

Before the cave it was a cushion:

Seeing as I carry around a vast array of equipment, in my massive, 10Ton backpack, I normally have a 3G card at hand. If I’m visiting someone who doesn’t have broadband themselves, or I’m sitting in a Coffee Shop with other laptop-lugging friends I might want to share my 3G connection with friends, via WiFi. (assuming I have a data bundle that month, or they understand the horrific 3G data pricing)

I wrote a little script to make this easy

• It’s clearly Atheros-specific, but I’ve included more generic commands in comments. Obviously interface names would need to be changed
• I dial the 3G connection before I run this, and disconnect afterwards, but it would be trivial to change that…
• My dnsmasq.conf contains only the line dhcp-range=10.42.42.10,10.42.42.254,12h
• Dnsmasq is configured not to run on startup, via update-rc.d

/usr/local/sbin/3g-ap: