Migrating My blog
My blog is powered by Roller, a java based blog platform, and it works reasonably well for me. However I want to move my blog to be hosted off my home connection, which rather means paying for hosting that can run a Java app, and if I wish to use to use multiple servers for redundancy, I will have to set up replication of the database somehow. These are complications I do not need, and add to the maintenance overhead of my blog somewhat. So what do I need?
The death of a smartphone, and the liberation it brings.
I knew I relied heavily on the access that I get by carrying around a smart phone, I read my emails, send and receive text messages, look things up on the internet, etc. It is a very useful tool, but I didn't realise how much of an impact it has on my life until it died. So I immediately ordered a replacement, but that took two whole days to arrive. The fix for my old phone was outside my ability level, and I couldn't find anyone who could fix it in a hurry, so I elected to spend two days without it, or any other phone. And it has been two of the least stressful days I have had in a very long time. Disconnected from the world, I didn't need to worry about things I could do nothing about, or keep abreast of the latest goings on on twitter. I almost regret getting a new phone, the old one is off for repair, and will be back in two to four weeks. I can hardly imagine spending that much time without a smartphone. Before the old one broke it was because I thought I would become overly stressed, and fail to cope, but having spent two days with only having the internet when tethered to a desk I can't imagine how relaxed I may get without a smartphone. Maybe in future I shall turn the phone off for periods of time. Maybe too much connectivity is a bad thing?
Technical debt, laziness, and Grub.
So, I run My own server. It hosts this blog. It also, amongst other things, hosts my e-mail, and a local network share. (I know, I should use separate servers, but I do use containerisation to keep a modicum of separation)
To ensure the integrity of the data I use a software raid array, 4 disks in a raid 6 set, it's not a backup, and I should know better, but it has served me well enough. There have been a few disk failures, and I've not lost any data (at least none I care about enough to look at regularly enough to know it's gone) through any of them. One of those disk failures I put in a new disk, but it was slow, and had occasional read errors. Annoyingly these prevented me from installing the grub boot loader on that disk. But that's ok, there were three more disks, it's not a major problem. Critically however, it also prevented me installing grub on any other disks. And so begins our tale of fail. Since that disk has gone into the array there have been disk failures, I can't be certain of the number (disks don't fail in easy to identify patterns) but I can be certain that it is more than two. At least one more than two. Because the server I have doesn't support hot swapping drives, rebuilding the array requiires a restart of the system. Restating the system requires a working boot loader. The last of the disks with a working boot loader failed recently. This left me with a system that wouldn't boot, and installing grub wouldn't work with the slightly faulty disk in the system. I was left with a system that I couldn't repair without putting the integrity of my data at risk, or a long wait for the array to rebuild using a boot disk (knoppix as it happens. I highly recommend having a copy available to anyone who does any sort of computer support). I chose the latter. So it takes a long time to rebuild 3TBs of data onto a shiny new disk. And so my website, my blog, my emails too, have been offline for a long time. I have now replaced the slightly faulty drive, as well as the failed drive. The array is rebuilding (again) onto the newest drive. I have ordered enough disks to have a spare on hand. And I have learnt a lot about the grub-install command's modules flag. I have also now got the motivation to not only fix the technical debt that caused me to not have a server at home for three days, but also the technical debt that means I'm hosting a server at home, and not on a hosting service (I know what I'm doing this weekend).
Roller Weblogger Update
So, I use Apache Roller as the application my blog runs on. A new version of this has come out (I was on 5.0 and 5.1 has been released) so I decided to upgrade.
This has resulted in the theme I was using breaking, badly, so I have had to move to the basic theme. I can't be bothered to tweak that right now, but I don't like it much either, so I am going to have too eventually. It also appears to have broken rss feeds, such that if you do follow my blog with an rss reader you get all my blog entries again (or at least it does in tiny tiny rss) so sorry about that.
Worse than all that however is the fact that I decided to take this opportunity to update to openjdk-7 (from openjdk-6) and tomcat 7 (from tomcat 6). The server this blog is running on used to be Debian 6, but was dist-upgraded to Debian 7 (which went terribly smoothly at the time) and the older versions of java and tomcat were left over from that. This process was far more laborious than it should have been, largely due to me having forgotten all the steps I had taken to get Roller working on tomcat 6 in the first place (the java upgrade was painless mind, so I did that bit right at least).
It's a good job I'm not getting paid for looking after this server, I'm apparently not doing a very good job of it.
POODLE (aka CVE-2014-4566)
So another day, another web security vulnerability. Once again a problem on the internet has prompted me to fix something on my home server, in this case the SSLv3 vulnerabilty that has been given the name "POODLE" (seriously who comes up with these names) and it has reminded me that the SSL settings on my server are woefully inadequate.
Given my site is just a personal site I figure there is no real reason to stay with SSLv3 as I don't much care about IE6 users. In fact, the stuff I use it for supports TLSv1.2 so I may as well stick to that, and the older protocols be damned. This does break a large number of older, and mobile clients. But that is their problem.
It's also a good time to play with different cipher suite orders. So I've removed all but those that support forward secrecy (again, this will break stuff, but not the stuff I use so I don't much care).
Obviously the choices I have made here are made in the absence of any pragmatic need to support legacy systems, but that is the beauty of having a personal site rather than a commercial one.