Friday, April 29, 2011

freebsd sysinstall hate :E

Every time I have to use a FreeBSD installer I am confused. Why the "Exit" item is done in tree different ways: "Q", ">>>Exit" or button?

Hei, Logic? Looogic...

Lucky, I don't have to use sysinstall too often.

Thursday, April 28, 2011

lvm, ext4 online resize memo

 lvresize -L +XXG [path]
 resize2fs [path]

Resizing mounted volumes is limited to growing, you can’t shrink using resize2fs unless the block device is unmounted.

LVM is not only lack of important features, but all this jugglery with [pv|vg|lv][create|remove|reduce..blablabla] doesn't make admins happier.

(btw, this fellow has done very well indeed.)

Monday, April 25, 2011

bugzillla is a funny thing

lvm2 (2.02.54-1ubuntu4) lucid; urgency=low

  * Some idiot thought it'd be a good idea if device mapper didn't respond
    to "add" events, like those during boot.  Take their change out back
    and shoot it in the head.  LP: #561390.

 -- Scott James Remnant   Sun, 25 Apr 2010 21:36:25 -0700

Saturday, April 9, 2011

old news: moscow government promotes Apple in schools

 As a result of some tenders moscow school will be (or already are?) supplied with ~7000 MacBook Desktops and 200 Mac mini as servers with resulting cost 400 millions rubles. I'm not sure if is this a laughing or a crying matter for several reasons. Firsly, consider a permanent buzz about so called "National Platform" based on Linux. Secondly, the very fact of this tender is yet another reason to think about wide spread corruption. And third thing... just look at this photo and you will get whom our government expects to see on election in recent years...

really good post about OpenNMS

 I completely share this viewpoint.

Monday, April 4, 2011

php security memosheet from joomla

Use local php.ini files

On shared servers you can't edit the main php.ini file, but you may be able to add custom, local php.ini files.
There are a few important things to keep in mind.
  1. Local php.ini files only have an effect if your server is configured to use them. 
  2. Local php.ini files only effect .php files that are located within the same directory (or included() or required() from those files). 
  3. If you have a php.ini file in every directory, some script probably did this for you. If you didn't intend it to happen, you probably should root them out, but given #2 above, you probably only have to panic about the php.ini files in http_root and the administrator directories.

Use PHP disable_functions

Use disable_functions to disable dangerous PHP functions that are not needed by your site. Here is a typical setup for a Joomla! site:
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open

Use PHP open_basedir

open_basedir should be enabled and correctly configured. This directive limits the files that can be opened by PHP to the specified directory-tree. This directive is NOT affected by whether Safe Mode is ON or OFF.
The restriction specified with open_basedir is a prefix, not a directory name. This means that open_basedir = /dir/incl allows access to/dir/include and /dir/incls if they exist. To restrict access to only the specified directory, end with a slash. 
open_basedir = /home/users/you/public_html
Additionally, if open_basedir is set it may be necessary to set PHP upload_tmp_dir configuration directive to a path that falls within the scope of open_basedir or, alternatively, add the upload_tmp_dir path to open_basedir using the appropriate path separator for the host system.
open_basedir = /home/users/you/public_html:/tmp
PHP will use the system's temporary directory when upload_tmp_dir is not set or when it is set but the directory does not exist, therefore it may be necessary to add it to open_basedir as above to avoid uploading errors within Joomla.

Adjust magic_quotes_gpc

Adjust the magic_quotes_gpc directive as needed for your site. The safest method is to turn magic_quotes_gpc off and avoid all poorly-written extensions, period.

magic_quotes_gpc = 1

Don't use PHP safe_mode

Avoid the use of PHP safe_mode. This is a valid but incomplete solution to a deeper problem and provides a false sense of security. See the official PHP site for an explanation of this issue.
safe_mode = 0

Don't use PHP register_globals

Automatically registering global variables was probably one of the dumbest decisions the developers of PHP made. This directive determines whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables where they become immediately available to all PHP scripts, and where they can easily overwrite your own variable if you're not careful. Luckily, the PHP developers long since realized the mistake and have depreciated this 'feature'.
If your site is on a shared server with a hosting provider that insists register_globals must be on, you should be very worried. Although you can often turn register_globals off for your own site with a local php.ini file, this adds little security as other sites on the same server remain vulnerable to attacks which can then launch attacks against your site from within the server.  register_globals = 0

Don't use PHP allow_url_fopen

Don't use PHP allow_url_fopen. This option enables the URL-aware fopen wrappers that enable accessing URL object like files. Default wrappers are provided for the access of remote files using the ftp or http protocol, some extensions like zlib may register additional wrappers. Note: This can only be set in php.ini due to security reasons.
allow_url_fopen = 0