New Design!

I changed the design of my Blog as you can see.
Additionally this is my first email-post blog-entry.

It works well as you can see...

Nomike aka Michael Postmann

PS: Good night and sleep well...

New Design!

I changed the design of my Blog as you can see.
Additionally this is my first email-post blog-entry.

It works well as you can see...

Nomike aka Michael Postmann

PS: Good night and sleep well...

NFS shared Homes

I have 3 PC's at home. A few weeks ago I put my home-dir on one of them (gentoo), shared it with NFS and mounted it on the others (ubuntu dapper) in fstab.

But there are still some problems:

First of all, when I turn on a dapper PC /home doesn't get mounted, most of the time; sometimes it does. After a 1-3 Minutes (with luck) it get's mounted. If not I need to go to console, issue mount -a which runs ~3 Minutes and then /home is mounted.

This is a bit weired, but I could live with it by now...i seldom turn of or restart my pc's.

But a much bigger problem, is that on one dapper PC (IP 10.0.0.50) when I start firefox or some other application it takes a long time (>30secs) until I see any progress or splash-screen or something.

According to dmesg it has difficulties reaching 10.0.0.52 (gentoo box with shared /home) and localhost (!). WTF?

I installed nfs-kernel-server and now the kernel-messages and the delay are gone.

I hope this issue is resolved now...

Nomike aka Michael Postmann

Update

Welcome back ;-)
It's been quite a while since the last entry here, but I want to kinda "reactivate" this blog. Sorry for that!

So, what am I doing now?

Darkness Falls Across The Land
The Midnite Hour Is Close At Hand
Creatures Crawl In Search Of Blood
To Terrorize Y'awl's Neighbourhood
And Whosoever Shall Be Found
Without The Soul For Getting Down
Must Stand And Face The Hounds Of Hell
And Rot Inside A Corpse's Shell
The Foulest Stench Is In The Air
The Funk Of Forty Thousand Years
And Grizzy Ghouls From Every Tomb
Are Closing In To Seal Your Doom
And Though You Fight To Stay Alive
Your Body Starts To Shiver
For No Mere Mortal Can Resist
The Evil Of The Thriller


Listening to Michael Jackson's Thriller - a genious bit of music with an even better video.

Well, when I last was active on my blog I was working at the small IT-Developing-Company S2O (http://www.s2o.at). But because of some difficulties (mainly my boss wasn't able to pay me anymore (company was low on money)) I lost my job on end of November 2005.

So I had to find a new employment, which is not easy in the area I live (Burgenland, Austria). So I had a bit time to focus on my Girlfriend which goes to School.

But finally on the 27th of March I found a new Employment at the IT-Development Company TAC (http://www.reservationassistant.com). It is bigger than S2O, and we are mainly focusing on one Project (which is Reservationassistant (RA), a leading SPA Management Software) instead of doing individual small projects. And instead of 5 People we are >20 employees here, with seperated developer- and support-departments.

We are developing in Java.

In school I learned Java, or better I should have learned Java (I was not interestd in it that time, so most of the time I did other thing in programming lessons), so I could say when I started to work at TAC it was my first time with java. I needed to learn everything from the ground up (swing, even how to make a main method for launching applications) but since I did PHP, JavaScript and C(++) programming before it was not that difficult so I was able to build a SMTP-Sender-Program which I had to make for my application.

Now I'm evaluating J2EE to bring RA to the next level, from simple Client-Server using RMI to an ApplicationServer based solution.

At home I'm still playing with different computer-related things, so if I find out something interesting or face some problems I will let you know.

So stay tuned and have a nice day....

And as noone will ever read this entry so far I could put in some Garbage here ;-)

Nomike aka Michael Postmann

PS: In the Bible a bush itself was burning down. Today a Bush is burning down everything else...

Opensource Terrorists

As long as we don't get sued for it... ;-)
http://www.dpp-label.yi.org/upload2/images/Linuxterroriste.gif

Words of Wisdom

Sometimes, when you cry noone sees your fears.

Sometimes, when you're worried noone sees your pain.

Sometimes when you're happy noone sees your smile.

But fart just one time...

The endless depths of suexec

When building a secure shared hosting Webserver, mod_suexec is an absolute must. It allows you to tell apache to run cgi- and perl-scripts as different User:Group than the rest of apache. Combined with access control lists you could safely enable cgi-support without having to worry about users cgi-scripts modifying or reading data they should not be able to see.

A common Security Rule when building Apache Webservers is to move the cgi-bin directory (the dir where yiu normaly put cgi- and perl-scripts) out of your document root. So I have /sites/website1/html as docroot and /sites/website1/cgi-bin as cgi-bin. With the config-directive ScriptAlias /cgi-bin/ /sites/website1/cgi-bin/ I could "map" that dir into my docroot to make it accessible from the Browser.

If you enable suexec ("SuexecUserGroup website1 sites" in the virtual host config) apache executes the scripts called via this virtual host as user "website1" and group "sites".

Suexec itself is a bit paranoid (and that's good!) and does several checks before executing a script: The script has to be owned by user:group specified in the SuexecUserGroup directive, it must not be writeable by anyone else, it has to be in the documentroot or in a dir specified when compiling mod_suexec.

And that's where troubles start.

/sites/website1/cgi-bin/ is not in the docroot. So suexec doesn't work there. When compiling the suexec-module redhat people specified /var/www as the suexec-docroot. (the dir where you can use suexec)

So I either have to recompile mod_suexec (which breaks any future autmatic updates) or move /sites to /var/www/sites. As for easyness I did the later.

The second problem is awstats. I moved it to /var/www/awstats to place it inside suexec-docroot. But each virtual host uses it's own user. As I mentioned before the script needs to be owned by the suexec'ed user and since awstats could not be owned by everyone, it won't run.

One solution would be to turn of suexec for awstats, but as this is a security risk (enabling this means that customers could become other users by placing a SuexecUserGroup directive in a .htaccess file) it is not possible. So there is no way to get awststs running.

My personal solution is to let a cron job produce static html-files with the awstats-statistic during night and placing them in /var/www/sites/website1/stats/.

If you have an Idea how to get awstats running I appreciate your comments...

Regular Expressions for Matching Apache Logfile-Entrys

I'm currently developing a shell script which analyses a customer website and unfies it to a new format (dirs, filenames, etc.) for beeing put on our new Server. Part of this script is an Access-Log format recognition function. Therfore I created two sed scripts.

Common Log Format:
sed "s/^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\} - [a-z,A-Z,0-9,\\,,\\_, ,\\-]* \[[0-9]\{1,2\}\/[a-z,A-Z]\{1,4\}\/[0-9]\{4\}:[0-9]\{1,2\}:[0-9]\{1,2\}:[0-9]\{1,2\} [+,-][0-9]\{4\}\] \"[^\"]*\" [0-9]\{3\} [0-9,-]*$/#/"

Cobined Log Format:
sed "s/^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\} - [a-z,A-Z,0-9,\\,,\\_, ,\\-]* \[[0-9]\{1,2\}\/[a-z,A-Z]\{1,4\}\/[0-9]\{4\}:[0-9]\{1,2\}:[0-9]\{1,2\}:[0-9]\{1,2\} [+,-][0-9]\{4\}\] \"[^\"]*\" [0-9]\{3\} [0-9,-]* \"[^\"]*\" \"[^\"]*\"$/#/"

Feel free to use this, and send me suggestions for improvement/error corrections/etc.