linux.conf.au payment gateway

Some of you may have noticed that we have been having a few problems with the linux.conf.au payment gateway. These have ranged from timeouts due to email and DNS issues to 500 server errors due to one or two bugs.

For those of you worried about duplicate payments, don’t ๐Ÿ™‚ We were just sending duplicate receipts for a while. You see Commsecure as well as redirecting the user back to the payment_received page, also does a GET on the page themselves. Which means we effectively receive duplicate transactions for everything and this meant we were sending two receipts.

Other than that the Commsecure setup is actually quite nice and does its best not to let users pay twice. It also seems to be written in python.

I had always tried to avoid python, being a long time perl hacker. In the last few months I’ve been dragged into it kicking and screaming. Scarily I’ve actually come to like it. Its nice having real exceptions! Pylons, Myghty and SQLAlchemy are also pretty cool frameworks and have meant I’ve come up to speed on the website code pretty quickly.

Anyway back to LCA, we are a handful of rego’s away from having 500! Don’t forget you’ve got till the 8th December to pay if you registered early enough to get earlybird rates.

Lindsay made me do it!

While at the Waugh Partners launch party tonight, a bunch of people, mainly Lindsay asked for some details on what I’d be talking about at SLUG on Friday. I thought that was a very good question and that I should make something up ๐Ÿ™‚

So for those that are wondering I will attempt to cover the following topics in no particular order or level of detail

  • VoIP ๐Ÿ™‚
  • Codecs, which one should I use
  • VoIP Hardware (Phones, ATAs, ISDN and PSTN cards, Mobile Pods)
  • VoIP Providers and what they offer
  • Asterisk and what it can do
  • Beagle Internet IVR and distributed VoIP Call Centre as a case study
  • Asterisk@Home

If there is anything else that in particular you are interested in or would like me to talk about then let me know.

I’ll also be bringing along various bits of hardware and hope to have a full demonstration running.

At Jeff’s request I will be doing an in depth overview of the difference between FXO and FXS and why it is critically important to any VoIP implementation. This will most likely require at least 20 slides and about 50 minutes of explanation ๐Ÿ˜›

iptables evilness

Matt came to me with an interesting problem at Bulletproof this week. We have a dedicated hosting customer who talks to an external application for e-commerce. The IP for this was going to change but they needed to do to some testing before the switch. As usual with most enterprise applications, the hostname was hard coded. ๐Ÿ™

Matt suggested we do some DNS poisoning or do some transparent proxying using squid or similar. While these would have worked they required firewall changes through three levels of firewalls and extra infrastructure.

So I turned to an evil solution, iptables. ๐Ÿ™‚ Most people use DNAT on the inbound connection from the Internet to their internal private network to port forward to internal servers, or perform one-to-one NAT mappings. There is nothing stopping you using it the other way around.

Lets say that every time someone browses to http://bulletproof.net we want them to hit http://inodes.org instead. All you need to do is use DNAT to translate one IP address into the other.
[code]
animal:~ johnf$ host bulletproof.net
bulletproof.net has address 202.44.98.174
animal:~ johnf$ host inodes.org
inodes.org has address 202.125.41.97
animal:~ johnf$ sudo iptables -t nat -A PREROUTING -d 202.44.98.174 -j DNAT –to 202.125.41.97

[/code]

Now for some testing, a ping looks normal

[code]

animal:~johnf$ ping www.bulletproof.net
PING www.bulletproof.net.au (202.44.98.174) 56(84) bytes of data.
64 bytes from 202.44.98.174: icmp_seq=1 ttl=241 time=198 ms

[/code]

but a tcpdump looks like

[code]

animal:~johnf$ sudo tcpdump -ni eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:35:25.099510 IP 211.30.227.143 > 202.125.41.97: icmp 64: echo request seq 1
16:35:25.301712 IP 202.125.41.97 > 211.30.227.143: icmp 64: echo reply seq 1

[/code]

Of course if anyone needs to try and debug this they are going to have a really fun time working out what is going on. ๐Ÿ™‚

If you want to test this yourself you can do it on your own machine using the OUTPUT chain instead of PREROUTING.

250!

We’ve just hit 250 registrations for linux.conf.au, only 5 days to go before early bird registrations close.

So here are some interesting stats of the attendee breakdown so far:

By Country

Country Number
Brazil 1
Canada 1
France 1
Ireland 1
Liberia 1
Nigeria 1
China 1
Singapore 1
Spain 1
UK 1
Croatia 4
Germany 4
Japan 4
Romania 9
New Zealand 13
USA 18
Australia 188

Australia by state

State Number
NT 1
TAS 3
WA 19
QLD 20
SA 20
ACT 23
VIC 24
NSW 77

ThinkingLinux ’06

ThinkingLinux ’06 was held in Melbourne a few days ago. It was organised by Synergy Plus with sponsorship by RedHat. Novel and a few others.

I gave a talk on Open Source in the Data Centre. Luckily this talk was after lunch so I got to do some editing in the morning sessions to tweak it more towards a business rather than technical audience. ๐Ÿ™‚

The conference was pretty awesome with interesting talks, ranging from Xen to how wotif.com was started.

Copies of the slides for all the talks should eventually make it onto the conference’s website.