I made them dance together yesterday. They danced Samba.

Essentially, it allowed my gentoo box to share a few directories over microsoft networks and to mount windows network drives onto the gentoo box.

It also allowed a very happy me to log into the gentoo box remotely, mount a drive from a computer in the remote LAN and download a photoshop file I had forgottent to take with me.

This is cool. Computers on the LAN are now accessible remote.

EEEK!

What's that saying about security?

Basically, I think I'm no less secure than I was before - if I someone could've hacked themselves into the root account, they could've easily installed samba and most likely gain access to the other computers on the lan.

Well, as long as I remember to unmount the drives when I'm finished, it's as safe as it was - you'd need the usernames and password of the other machines to mount drives.

Sheesh. How paranoid must you be in order to be a security expert? I'm merely dabbling in the stuff and I already suspect my grandmother to be working with the ennemy...

Having first encounters with the dirty-er side of HTTPS - installing certificates on the server side.

Apache has quite comprehensive documentation and FAQ on how to do this. Not too much of a hassle, if you're used to dabbling in this kinda stew.

What I missed before I actually went and bought a certificate, is that it would seem that one IP = one domain.

That kinda sucks - see, I only have one IP (for the moment) and my first client needs a cert - which I installed. So now, I won't be able to set my own cert until I get myself my own IP.

(which means I have to factor renting an IP in my price when selling certificates, but that's another topic)

Why? Well, here's the reader's digest on how I understand it: SSL kicks in before HTTP does. So we negociate a secure connection before we get to know what domain name we're going to (which is part of the HTTP request).

Therefore, you can only bind on an IP.

Ergo, there can be no different domain names bound under the same IP (except, of course, if you're willing to use a port other than the standard 443).

Ergo, you're screwed. You need multiple IPs.

I've kinda heard something about "multiple domain certificates". Is it urban legend? To my understanding, it'd allow for adding a wildcard on subdomains (like *.mydomainnamesucks.org). Not for two different base domain names.

Of course, I beg to be wrong.

My next task was to set up an ftp server. vsftpd (very secure ftp daemon) was suggested to me, which sounded cool.

But I didn't understand fast enough how to configure it.

My local webmin setup talked about proftpd. So I say - hey, if I can get a somewhat more comprehensive configuration UI, that's what I'll do.

Turns out its configuration is pretty similar to vsftpd. Which make some kind of sense, since they both do the same thing.

I figured out how to make proftpd's authentication mechanism work with mysql (a nice user table which will enable me to make a nice end-user configuration interface later on).

And I also learned about .ftpaccess files. Which are a neat new thing to me.

See, I could - with a few simple lines of configuration script - give simple ftp access to an end-user and not allow them to see or modify any files I don't want them to (such as php code, for instance).

Yay!

This kinda stuff makes me happy.

If you're here, its because you know here exists.

And it you know here exists, you know that here has been down for a few days (or is it weeks already?)

Reason for this is that I was tring to move inthemaze.net from its current provider to my company's webserver.

And that involved a few things, that are usually quite simple:

• Make my registrar's DNS entries for inthemaze.net point to its new home
• Move the web site & database from one server to another.

Simple, right? I done that quite a few times. Should be easy.

Well, I didn't expect it to be too easy. And that was the reason I tried it with inthemaze.net first.

See, this time, the web admin is 100% me. That means that I have to make the entries into my own DNS server. Which means I have to figure out how this DNS stuff really works.

I first had to figure out that I has to run my own DNS. Just the figuring out what I had to do part was already something.

I've been told I had to let my registrar know I was running my own DNS. Fine.

So I've had to mix up in the whole CNAME, NS, A mess. Quite a buzz. Not sure if I got this all right.

I'm sparing you my agonizing pain at testing this thing out. Turns out I had it OK the first time around but I somehow had to restart my name server for it to see all the nice changes I had made. Maybe it was caching or something, I don't know.

Let's just say I figured out how to make BIND behave how I want it to (for now) and how to make httpd behave like I want it too.

Now I have to figure out how to structure this so it makes sense.... eventually, I'll get an experienced someone to set it up so it runs efficiently too.

For now, the server doesn't see too much traffic. But I prefer to plan ahead...

Let's just say I'm glad to be back up.

(Now to figure out these MX entries...)

Well, thanks to some fine tips from the gentoo website, I was able to start the KDE UI without too much trouble. (Thank god for Internet.)

KDE runs fine. KPersonalizer didnt start right off the bat, but I got it starting easily.

I've got one issue.

I'm running at 640x480 resolution.

And

it's

killing

me.

I don't know what to do... I know gentoo found my video card (can't remember what it is... I think it's an nVidia card... yes... I see the "driver" lying around somewhere). I know my monitor can do above 640x480 (I've got a monitor that can't if you can actually believe that...).

KDE does allow me to go to 320x200. Which is amusing, but offers me nothing but amusement value. I mean, come on. 320x200?

I want at least 800x600 out of this. I want 1024x768 from that old setup.

But I don't know where to go yet...