By using a replacement for the default system logger, syslog-ng, you can selectively stop IPs from being written to log files, for example on a mail server.
I am currently playing with the thought of [url=http://linux.die.net/man/1/shred]shredding[/url] files automatically before they are unlinked from the file system (for example on a mail server). I wrote a small library that you can inject into processes using LD_PRELOAD, so all unlink operations result in a call to shred for (A) regular files that (B) have only one hard link left.
Ubuntu not only connects to Canonical servers on request, it does so permanently in the background. It even transmits geolocation information for the weather applet. Here’s a quick fix that removes all components involved in this tracking.
$ ./fingerprint.sh www.torservers.net status.headstrong.de SHA1 Fingerprint=90:14:6B:74:FC:B8:30:C8:48:06:4F:52:A6:27:C4:0A:EE:D8:C5:6E SHA1 Fingerprint=19:46:7F:F7:C5:1C:B7:C9:03:58:88:19:46:DC:55:BA:57:49:92:96
We run a high bandwidth Tor exit node on a Gbit connection. Unfortunately, the NIC by our hoster doesn’t support MSI-X to distribute interrupt load across all cores. The latest linux kernel 2.6.35 adds a mechanism called Receive Packet Steering: [quote]This patch implements software receive side packet steering (RPS). RPS distributes the load of received packet processing across multiple CPUs. Problem statement: Protocol processing done in the NAPI context for received packets is serialized per device queue and becomes a bottleneck under high packet load. This substantially limits pps that can be achieved on a single queue NIC and provides...
Note to self: Don’t forget to set configuration option PidFile in torrc when you run multiple instances of Tor.
[quote]The UNIX-HATERS Handbook? Why? Of what earthly good could it be? Who is the audience? What a perverted idea. But then again, I have been sitting here in my living roomstill wearing my coatfor over an hour now, reading the manuscript. One and one-half hours. What a strange book. But appealing. Two hours. OK, I give up: I like it. Its a perverse book, but it has an equally perverse appeal. Who would have thought it: Unix, the hackers pornography.[/quote] “Dennis never found the problem with his Makefile. He’s now stuck in a dead-end job where he has to wear...
I use Postfix as SMTP server. By default, it includes every user’s IP and hostname in outgoing mails, even internal ones. As there is no need for the outside world to see what IPs I use internally (or what external IPs my users connect from), I decided to remove IP headers from outgoing email. This post explains how.
According to the [url=https://www.torproject.org/faq.html.en#RelayMemory]TorProject FAQ[/url], a Tor relay will use less memory if compiled with openBSD-malloc and the latest openSSL. This helps if you’re resources are limited, or if you run a high bandwidth node. Here’s how you can do that on a Debian system.
With the release of Debian 5.0 “Lenny” as stable, I have upgraded my servers and installed its Xen 3.1.2 and Kernel 2.6.26 Xen packages for my DomU’s. After that, one of my DomU’s kept freezing: 100% CPU, no responses on the console whatsoever. I found that various people report similar problems, but no hints towards a solution. If you experience similar freezes, downgrade your DomU to the 2.6.18 kernel from Etch: Add the etch sources to your APT repository in both Dom0 and your DomU, install linux-image-2.6.18-6-xen-686 (or -amd64 for 64bit systems) and modify your Xen configuration to use the...