Disabling SSLv3

With POODLE the time has come to disable SSLv3 everywhere. There will be clients that break and need fixing but it needs doing. You can read more details and background on the vulnerability. Here’s a few useful snippets from my experience with it this week: Apache Make sure the combination you have for the SSLProtocol line disables SSLv2 and v3 - something like: SSLProtocol All -SSLv2 -SSLv3 DataPower Ensure your crypto profiles have SSLv2 and v3 disabled in the options line:

Traffic Pi

Using my Raspberry Pi, Piglow and the traffic API feeds I have created a script to give me a visual representation of the journey time to work. This gives me an idea of the traffic before I leave the house in the morning, or so that when I’m working at home I can look at it and see how glad I am that I’m not sitting in traffic on the way to work :)
Boot from Live CD / USB Decrypt the filesystem <code class="markdown">cryptsetup luksOpen /dev/sda5 <span class="emphasis">*hostname*</span> </code> Mount filesystems <code class="sql">mount /dev/dm-2 /mnt mount /dev/dm-3 /mnt/home mount /dev/sda1 /mnt/boot mount <span class="comment">--bind /dev /mnt/dev</span> mount <span class="comment">--bind /sys /mnt/sys</span> mount <span class="comment">--bind /proc /mnt/proc</span> </code> Enter chroot chroot /mnt /etc/crypttab should have: sda5_crypt UUID=sda5_uuid

MySQL Locking

After experimenting a bit with MySQL locking today, I thought I’d make a note of what I’d discovered: To create a lock, you need to use: <code>LOCK TABLES table1 [READ |WRITE], table2 [READ |WRITE]</code> READ is used to stop other people changing the table while you read from it. WRITE is used to stop other people reading the table while you write to it. Once you have issued a LOCK TABLES statement, you will not have access to any tables you didn’t include.
If you find that after rebooting your MySQL slave it stops replicating with the master and you see the “Failed to open the relay log” error in the logs it is probably caused by MySQL putting it’s relay logs in /var/run by default, which gets cleared out on boot. To fix this, you need to change the location MySQL uses for the logging by adding the following line to the [mysqld] section of /etc/my.