Skip to main content

My choice of server distribution – Debian

Most probably you have already decided to use Linux as your server operating system as did 98% of the Top 500 supercomputers (Based on performance). Obviously Linux is usually the preferred choice for most of servers, so I will not discuss this point further.

But which flavor are you going to use?

CentOS? Ubuntu? Gentoo? Debian? Arch? Redhat? Fedora?

There are hundreds of Linux distributions, some specialized for servers, some for others purposes (Kids, security, online privacy, best performance, NAS, etc…).

Some are supported by robust company with professional support such as Suse, RedHat, etc…. and some are community driven (Ubuntu, Debian, Fedora, …).

For me, what I value the most in a server distribution are:

1) Community Support:

I expect to use a popular distribution where I can be sure most of the problems I will be facing if any, would have been already asked by someone else. Or if not, have proper forums to ask questions.

2) Stability

I want to make sure the services I will install are stable enough for a server. Not too new, not too old.

3) Security

Well, if any breach, backdoors, etc…is detected, I expect the devs of the distribution to release a patch rapidly. But also, the distribution must be popular enough and security oriented in their processes.

4) Large choice of services already pre-configured for this distribution.

I love when it works out of the box with no further configuration to do and I’m avoid too time consuming distributions.

Based on these criteria, basically, I prioritize 3 distributions, although the others are great too depending on your needs and skills:

– CentOS

– Debian

– Ubuntu.

But as I’m used to Debian/Ubuntu style (Most popular distribution), I usually only work with these 2 for servers.

The issue I have with Debian is it’s too old packages in the Stable version. However, after run my server on Ubuntu for 2 years and switch to Debian afterwards, I can clearly feel the difference in the stability of the system.

Debian is smoother and I encounter less issues with it. But I dislike the fact to split the Debian version in Stable, Testing, Unstable, Experimental. Always annoying to play with the source.list or preferences to select the version I want. (Gentoo was easier in that sense…but way too time consuming).

Anyway, there is no secret. Stability often means intensively tested, meaning you may have “outdated” versions if you only use Stable repository. I’m now used to install first the Stable version and only if I want to have a specific software updated, I’ll use backport or testing repositories to install it. I actually don’t need to have the latest PHP or MySQL version if the new features are not essential for me. But for application like Deluge-torrent, etc.. I do want a more recent version if possible to enjoy latest GUI, performance, .. improvements.

That is why Debian has started to be my favorite distribution for server and I strongly advice you to use it too as it is not more difficult than Ubuntu actually.

sysadmin & uptime
Sysadmin & Uptime

How to choose a good password

And the top 10 passwords are ……:

top 10 passwords of 2013
Worst passwords of 2013

If you are using any of these password you MUST change them as soon as possible by a robust one.

By robust, I mean:

Difficult to bruteforce (Trying all the combination possible with important processing power, like doing aaa, aab, aac, aad. Easy to do with current technology….)

Difficult to guess (If your first 3 letters start by oba, most probably the next 2 will be ma…obama. This can be done based on statistics and using words from dictionaries,… alias Entropy)

DON’T:

  • Write down your password on a piece of paper and post it on your computer (Too many people and enterprises are still doing it…).
  • Use the same password across multiple services. If one service is compromised, you could loose all the others accounts !
  • Share your password with anyone else. You may trust your friend, colleagues, family, but they may not have as good practices as (hopefully) you have to keep it secret.
  • If your email providers or any other services is requesting to send them your password for double checking or repair something, etc…, or any others reasons. Do not share it ! Most probably it is just some SPAM, SCAM, …Professional providers will NEVER ask you your password.

DON’T USE:

  • Names:
    • of yourself, including nicknames or login name (Even in reverse order or whatever order);
    • of your relatives;
    • of fictional characters or popular movie (Lord Of the Ring, Star Trek,… ;
    • of any place or proper noun;
  • Numbers, including:
    • your phone number;
    • your social security number;
    • anyone’s birthday;
    • your driver’s licence number or licence plate;
    • your room number or address;
    • any common number like 3.1415926;
    • any mathematical series such as 1234 or 2468, etc…(Computer will be better than you at this game)
  • Any word in any dictionary in any language in any form including slang, obscenity, or even technical jargon.
  • Any common phrases such as “Thanks God, it’s Friday” or “So far so good’, etc..;
  • Simple patterns, including:
    • passwords of all the same letter;
    • simple keyboard patterns (qwerty, asdfjkl);.
  • Any information about you that is easily obtainable:
    • favorite color;
    • favorite rock group.
  • Any object that is in your field of vision at your workstation.
  • Any password that you have used in the past.

DO:

  • Change your password frequently (Every 3 to 6 months);
  • Use both UPPER and lower case letters.
  • Use numbers, letters and special symbols (!@#$%^&*).
  • Create simple mnemonics (memory aids) tp help you remember your password:
    • “Ial 4g miPA$$.” for “I always forget my password.” (14 characters with UPPER and lower case, both letters and numbers with special symbols (Including spaces)
    • “HmPwaCciaCccP?” for “How many passwords would a cracker crack if a cracker could crack passwords?” (From MIT example)
  • Use misspelled words (Whut ru tolqing Abut?).
  • Use a minimum of eight characters. Some even recommend at least 15 characters. Anyway, in most of the case, the longer the better.
  • Could use your own standard rule to change a little bit only your password for each different services:
    • “Ial 4g miPA$$.” could becomeĀ “Ial 4g-GO miPA$$.” for Google account andĀ “Ial 4g-AM miPA$$.” for Amazon account.

Some people are recommending to use Password Wallets to avoid having to remember several passwords for different services. It’s basically a small software installed on your computer or smartphone that will keep records of all your passwords and will be protected by a super strong password (The only one to remember).

I’m not a big fan of these software as protecting your own computer might not be an easy job to avoid any hack, etc.. and you need to really trust this software to put all your eggs in the same basket…

Actually, for non critical passwords, if might even be safer to write it down on a small paper and keep it in your wallets, as most of the attacks will come from internet or having physical access to your computer.

The best will always be to keep it in your head. And if you forget it, just reset it.

If you want to see what could be a robust password, I recommend you this Strong Password Generator. However, it may be risky to use it as you are not sure if this website is keeping in record all the generated passwords in its database. (Probably not, but now, as a advised user, you should doubt of everything)

And to see how secure would be your password, I recommend you using this service. But here again, you are not sure that once entered into the website, it keeps record or not.

Password Security
Password Security

And you, what are your tips to choose a good password?

Host your own server – Where do we start?

So you wish to install your own server to run may be a website or your own mail, or a specific application or service (Subsonic? Minecraft?…)

You will obviously have few requirement to match based on your needs.

 

Hardware:

You could have a dedicated server using OVH or any other provider, but I’ll assume your here to use your own hardware and host it at home.

In fact, a server does not need to be very powerful, so you could reuse an old laptop or computer if you want. For example a Rapsberry Pi (Based on Arm with 256Mo Ram) is enough to host quite a few services. But don’t except high reactivity tho.

My first dedicated server@HOME was a custom ITX (Small size) config based on:

Case: Thermaltake Element Q

Motherboard: Intel DG41MJ (ITX socket 775)

Processor: Intel E5300 2.5Ghz

2GB DDR2 RAM

250GB 2.5 7200tr/m Hard Drive

Paid 250e 4 years back

And I had a very good experience with it and I was hosting few websites with modest trafic (few hundreds per day) and dozen of services such as Subsonic, Ajaxplorer, FTP, Mails, …. No need to be much faster in fact.

Although my config now is way too powerfull for my needs (But it was my own gift xD)

I’m now having a i7 2600 with 16GB Ram + OCZ Vertex 3 SSD 64gb + 2x2To Storage (For duplication). I actually really enjoy using SSD in my machines now (Fast load time, very good performance with MySQL databases or heavy I/O tasks)

Network:

Obviously the faster your Internet connection is, the better but I would say there is no specific minimum, it will just limit your type of services and traffic.

If you could have at least 128kb/s (16ko/s) upload speed with your ADSL, that would be a good start. Download will not matter much usually, as upload is always the bottleneck in ADSL. (If you are having cables, ADSL2, VDSL2, or even FTTx, lucky you. In that case you will probably be very comfortable with upload)The server described earlier was on an ADSL2 connection at 16M/1M.

Now I’m having FTTB with 100M/40M (So much faster…indeed)

Another important aspect of your network will be your router, to route correctly the needed traffic to your server. You will need to open several ports to let enter the traffic.

Operating System:

GNU/Linux is THE Operating System for servers. Widely used, very stable and with good performance, it is a good choice to run your server on.

In the GNU/Linux family, it exists a lot of “flavor”, Ubuntu being the most popular and very easy to handle. Ubuntu has a dedicated server version called Ubuntu Server and will run quite well. But although I’ve started with Ubuntu Server, I’m quickly moved to Debian and could only strongly recommend you to give it a try.

Ubuntu being based on Debian, you will not feel much the difference as a server version. However I felt Debian to be much more stable and reactive than Ubuntu. However Debian got 3 majors branches (Stable, Testing and Unstable) with different version of application. Stable being based on very robust and tested set of application, while Testing has more up to date and Unstable being cutting edge version, with possible bugs for these 2 versions.

You want to play safe? I suggest you to use Debian Stable and if an application is not up to date enough, to install a more updated version from backport repositories.

How to redirect 1 domain name to another and correct URL bar

If like me, you want to redirect your old domain name to your new one while correcting the visitors’ URL bar, the solution is quite simple in fact using your VirtualHost.

Here is my example, I wanted to redirect www.freelydifferent.com and freelydifferent.com (Without www) to directly freedif.org and make sure the domain name change in the visitors’ URL bar, you need to tweak a bit your Vhost located in your

/etc/apache2/site-enabled/my_website

to add the domain name you want to redirect at the beginning of your existing VirtualHost.

Here is the interesting part of mine:

 

 

First, the server will answer any request on the port 80, the default HTTP port (*:80) for the ServerName freelydifferent.com or the Alias www.freelydifferent.com and will redirect any folder called (/) to the website http://freedif.org/

Like that, if you call freelydifferent.com, it will redirect to freedif.org. Or if you call www.freelydifferent.com/plop, it will redirect to freedif.org/plop

Easy right?