Andrew’s personal weblog

During the weekend we have migrated our main firewall system to the latest release of pfSense. Although we had spent some hours testing in a pilot environment, a couple of minor issues were encountered in the process, as outlined below.

We upgraded the main node at first (as suggested by the “Redundant Firewalls Upgrade Guide“. Then the secondary node was not syncing immediately after its upgrade, because the old webConfigurator SSL certificate was not selected by default. Selecting the right certificate and rebooting the 2nd node solved the problem.

Some bits of the OpenVPN configuration (we have been running a couple of site-to-site VPN) was not retained correctly: tun(4) interfaces disappeared in favour of the new “ovpns” interfaces, so a reassignment was needed. After a couple of clicks all was working again flawlessly.

A little more work is planned to polish the configuration (for example, the FTP proxy is now implemented in a different way, and there is no need to allow port TCP 21 to external WAN addresses), but all the main functions are here, and the performance of the webConfigurator interface seems to be drastically improved.
In conclusion, we are very satisfied by this new version, which we have been running in production since it was released a few weeks ago, for some customer’s new firewalls.

After all single-instance WordPress blogs were upgraded in the past nights, today we have upgraded the WPMU blogs collection to the latest release of WordPress.
The most significative advantage of this major release is that the multi-user and the single-instance versions of WordPress has been finally merged. The upgrade process has been divided in two steps: at first, we checked on a dedicated WP 3.0 installation that all themes, plugins and WPMU plugins were working well with the new release, then the production instance of WPMU was definitely migrated. With a bit of care (read the post “Upgrading WordPress MU 2.9.2 to WordPress 3.0“), all worked well at the first shot, without any issue.

Even if WordPress is working pretty well for our publishing needs, I’m still committed to migrate all corporate blogs to Drupal as soon as possible, because its architecture is much more clean than WP’s one, and because it’s the foundation of several web apps we are deploying both for us and our customers. But I know that the time I’ll be able to allocate to this activity is less than what I need to work it out…

After a couple of days spent in studying and testing, today the first SVN server was put in the development stage. A test repository is available for anonymous checkout and ViewVC browsing at http://svn.valsania.it. Commit privilege is granted only to selected accounts, defined both in Active Directory and htpasswd file.

This first deployment still has some rough corners, but the main goals are targeted:

• simple anywhere access to the repository both for read and write access (via WebDAV and ViewVC);
• secure transmission of credentials and data (enforced SSL offloading was activated);
• integrated authentication with corporate directory service (thanks to the auth_ldap Apache module).

During the next days I’ll be committed to put this service in the hands of all the developers which have the potential to be involved in any sort of collaboration with our company in the future!

A lot of time has past since my last post, a lot of work has been done, a lot of hours has been spent in studying and testing new solutions to serve better the needs of our corporate IT environment and our customers’ ones.

One of the bigger improvements is about the oldest form of synchronous collaboration: phone calls! One week ago our CommuniGate system began to route all voice traffic in and out my business. Stalker’s product is the last piece of software I tested to manage such type of  communications (another good candidate was Asterisk) and it proved to be the better choice for businesses of all sizes, thanks to its right price and its amazing scalability and reliability, which lets it to serve five thousand as well as five users with the same high level of performance and functionality.

The wide range of transport and access protocols supported lets our users connect and keep in contact from almost any client software or device on any platform to any customer or partner who might rely on public or private communication system and network (e-mail, Jabber, GTalk, SIP, PSTN, …), so dramatically simplifying the administrative efforts to connect these entities.

A lot of aspects were involved in such evaluation, which I can’t describe here and now, but the results of our tests convinced us that, even if CommuniGate’s strong backgrounds in carrier’s field make it miss a lot of enterprise features at this time, it has all the requirements needed to fight and win in the enterprise market, first of all because of its rock-solid architecture, which makes it run and be supported on almost twenty different computer architectures!

I’ve just read the “wpDirAuth-Versionen” post written in Dutch by Damian, who wish to have it published in English too. I do not know very much about Dutch neither English, but I think he had done a great job for the WordPress community, since this plugin has a tremendous impact on the usage of WordPress in the business environment, and I’m glad to post a translation of his article here.

“wpDirAuth is a useful plugin to create WordPress user accounts connected to an LDAP directory service. Unfortunately Stephane Daury, the developer who built it, does not seem to be interested in or to have the time to maintain it, so the project page, the  official WordPress plugin page, and even the Google groups wpdirauth-support and wpdirauth-dev are become stale. Despite of this, the plugin still seems to be functional: Adam Yeraout published on wpdirauth-support the 1.3 release for WordPress 2.5 and newer, Andrew Valsania wrote a patch to fix a password-check bug on his blog and published the 1.4 release.

In order to take under control this versioning chaos, since the project-trac without an Administrator has become not usable, I’ve created my personal SVN repository, which also contains a revision history at https://www.delta-phi.net/svn/wordpress/wpDirAuth/tags/. Obviously I can commit other patches to SVN, but if someone would take over this work I could give him/her a dump of the repository.

I’ll be glad if someone would publish the same post in English…”

Thank you so much for you work! I hope that someone would be interested in maintaining this plugin working and improving it even more.

Today I put in production on my secondary Internet connection the new Cisco 877 Integrated Services Router. Since the previous model was quite older (C837), I’m pretty impressed by the power of this new machine, which features a fully managed 4 ports FastEthernet switch. Thanks to VLAN support, this router will even be able to survive to the current ADSL line, since I can easily configure one FastEthernet port to be the WAN interface.
All unmatched great features of the Cisco IOS 12.4T bring this router among ones best priced in the SME market.

Some days ago our production web application platform has been upgraded to the 6.9 Drupal release. A little work has been necessary to migrate some self-customized themes and to remove or substitute with custom views some modules which were not available for the 6.x branch.
Drupal has confirmed to be a very interesting web development framework to address the needs of highly customized and business-tailored applications for (at least) the SME segment.

This is the first post I can write without being in front of a computer: I’m using my new iPhone to write these lines while I’m “on the go”!
I must admit that I never thought to blog in that way, but this mobile device seems a very powerful platform, not only because of it’s builtin functions, but mainly because of the possibilities it can offer by the development point of view. This post is a little example of what I mean: I wrote it using a thirdt party application developed by the WorPress team who made it available on the Apple online App Store.

The migration process I began some days ago to the new CommuniGate Pro platform has successfully completed today. Surely, a lot of things might be improved, but all the majour features needed by our internal corporate usersare just available.

Some troubles were encountered in porting old calendar and contact data from the old system, but we have managed to fill all the gaps we encountered by now. The new system will allow us to consolidate both asyncronous and syncronous collaboration services (such as mail, calendar, contacts, presence, IM and even VoIP) into one single, robust, dependable, highly scalable and secure Unix server.

We are trying the Mailshell SpamCatcher plugin to filter the spam remaining after all incoming messages have been inspected by our Sendmail frontend servers, and it seems to be quite a good alternative to the Exchange Intelligent Message Filter which is based on Microsoft’s SmartScreen technology.

This work makes up the biggest step towards a broader migration process to technologies and products out the Microsoft’s world, since the Redmond’s software house missed the promise to bring its customers to reliable but cost effective IT solutions. Quite all today’s products from Microsoft are unreliable and cost-prone both in implementation and management terms.