Daniel Lange's blog

For a few weeks SEO types now moan, argue, analyse or celebrate (please submit links in comments section ) Google apparently reducing the pagerank (tm Google) of their sites. I guess creating unique content is a too labourous option. Whatever, if you were Ryan Stewart you could even spit out some epicaricacy.

So with all this fuss, I wanted to find out the pagerank (which previously never had any relevance to me) of some (of my) sites. I would not want to install the Google toolbar because I'm not into software that does "something" to my PCs, so I looked around for other options. Wading through masses of pages that offer Javascript to be embedded into your pages to show a pagerank image inline (no thank you), I found two viable options:

• http://seopen.com/seopen-tools/pagerank.php
  SEOpen allows you to check the pagerank of a single URL
• http://www.iwebtool.com/visual_pagerank
  iWebTool can fix up any webpage for you so that it'll show the pagerank next to every link on the page

Give it a go. Some interpretation help: Pagerank 10 is the max., 7-9 is quite good, 4-5 means Google knows you, new pages start off at PR0.

The Livesearch (Javascript iterative search) plugin to Serendipity (s9y) currently does not work with the Bulletproof template active.

Matthias Mees (YellowLed) and Don(ald) Chambers are looking at it.

I just learned yesterday again, what I knew a few years ago, but since had forgotten:

You cannot put multiple SSL-enabled virtual Apache hosts onto the same IP and port.

Apache cannot identify which VirtualHost to serve a request from because the payload is encrypted in its entirety. So a

Host: servertwo.tld

header cannot be parsed until the encryption has been removed. Which requires the key, which is listed in the VHost section that could not be identified in the first place...
So a name-based VirtualHost-configuration like this won't work:

It will just serve any request out of the first VirtualHost (serverone.tld) regardless of the hostname in the request headers.

There is some light at the end of this tunnel though:
RFC4366 describes an optional field to the TLS (Transport Layer Security) client request called "Server Name Indication" (SNI). With this the client just includes a list of ServerNames (usually one) that it's trying to contact. Apache can easily match the supplied name from the client against a ServerName (or ServerAlias) directive from it's configuration files.

SNI will be supported with OpenSSL v0.9.9 in mod_ssl. Sometime in the future. There is a backport to v0.9.8 available from Steven Henson linked here. Or you can use mod_gnutls as described by George Notaras in a recent blog entry.

In either cases the above configuration snippet will "just work" once SNI is understood by Apache.

Currently Internet Explorer 7 (on Vista only, wanna upgrade ), Mozilla Firefox 2+, Opera 7.6+, KDE Konqueror 3.5+ support sending the SNI. You can test your browser at Kaspar Brand's SNI testpage. He also has a patch available to make Apache 2.2 mod_ssl SNI capable when compiled against a CVS-version of OpenSSL.

I'm rather sure that spreading SNI capable hosts will also provide new hacking opportunities:
Let's assume a system serves both Intranet and Internet traffic. A client contacts the Internet IP with SSL but specifies the Intranet Hostname in it's TLS SNI entry. Guess what will happen? Yup.

Since a baselayout update Apache fails to start on Gentoo at (re-)boot of a server if that server has unused ethernet interfaces.

The symptom is that Apache fails to start on boot although it has been added to the runlevel with
rc-update add apache default

This is caused by recent baselayouts not working properly with more than one eth and not all of them being up.

Thus changing depend() { need net ... } into
depend() { need net.eth0 ... } at the top of /etc/init.d/apache2 will help.

While you're at it you could also add an nice after urandom to the existing depend () construct
and make sure apr and apache are emerged with flag urandom set. Reading from /dev/random to initialize the digest authentication mechanism (or SSL for that matter) might cause apache to block otherwise if there is not enough entropy in the random pool.