System Overlord

A blog about security engineering, research, and general hacking.

Apology to the LoCo

To the Ubuntu Georgia Local Community:

Around September of last year, I began to take over from Nick Ali and others in coordinating the activities of the Georgia LoCo.  Unfortunately, I haven't done very well at that.  I have not set up any events or otherwise taken steps to help the LoCo grow.  However, it's a new year and it's time for a new tack.  It's time for the LoCo to get out there and get active.  I have a large stash of 10.10 CDs for us to distribute and I'd like to try to get events scheduled at least every 2-3 months.  I'd also like to start new partnerships with other like-minded organizations.  Hopefully, I'll be able to turn a new leaf and jump-start activity in the organization. I'd like to invite anyone with thoughts on the future of the LoCo to contribute their ideas, and I'll do what I can to get them rolling.

I'd like to start thinking about a 11.04/Natty release party.  Thoughts, ideas, desires, suggestions?

Merry Christmas, and Thank You!

A big Merry Christmas to all my readers, and a big Christmas thank you to my favorite groups & organizations:

Also, of course, Merry Christmas to my friends and coworkers at Kennesaw State University, to my family, and especially to the love of my life (and wife), Ann.


I don't know how I missed it before, but I found a great backup tool today.  It's BackupNinja.  It's stupidly simple to set up to back up a small number of machines.  It's no centralized backup system like bacula, but for a single server or two (like I have) it seems far better than a "roll your own" solution.

So, a big Christmas thank you to the BackupNinja devs.

WikkaWiki: My new PIM

For a while now, I've found myself finding tidbits of information that I think would be useful again in the future, or more commonly, having to look up things where I know I've looked it up before.  In both cases, I keep thinking that I need somewhere to document this.  For a short while, I just threw this information into a file called "TIPS" that I edited with vim.  Sounds great, except I use a lot of computers, and keeping it on a flash drive meant pulling out the flash drive a lot.  Not only was that slightly inconvenient, but even worse, the file was becoming unwieldy, and there was no good way to link to web-based resources for finding more information.

Enter WikkaWiki.  At work, we run MediaWiki, but I decided to look for something more lightweight and just a little bit of a change.  Basic requirements: lightweight, PHP-based (say what you want about PHP as a programming language, but I already have it for WordPress), and using either filesystem or MySQL backgrounds (see comments about PHP).  WikkaWiki fit the bill, and it has native support for mind maps, which I thought might be useful at some point.

I've created a dozen pages or so, and I thought I'd write up a few thoughts on WikkaWiki.  First off, the default ACLs don't seem to work properly.  I've set default ACLs in the config file, but am still getting the "default defaults" on new pages.  Maybe I'm missing something. [Edit: Turns out, I forgot I had set apc.stat=0, which requires that the APC cache be manually flushed to see changes to PHP files, such as wikka.config.php.] Secondly, I wish categories worked a little more like MediaWiki: having the categories listed together in a box at the bottom is convenient and easily distinguishable.  Finally, I'm very hopeful that Table of Contents will be implemented at some point.  I've seen some proposals out there, and I do like the auto-ToC in MediaWiki.

We'll see how I do keeping up with putting this information into my personal wiki.  Hopefully it will do well for all the information I need to keep handy.

(As a side note, this blog, my wiki, and many of my other web-based services are all hosted on a Linode VPS running Ubuntu Server 10.04 LTS with Apache, PHP, and MySQL.)

Working 21 Hours... I Love This!

On Friday (and Saturday morning) I had the opportunity to spend 21 hours at work.  If this were a regular occurrence, it would probably be a nuisance, but doing this every once in a while has a certain excitement to it.  Working late at night is a unique opportunity to Get Things Done.  When it happens, it usually means we're putting some project that's been planned for months into production, and that's just an amazing feeling, if things go well.

Our goals were three-fold: we were migrating our production Drupal environment from the older server it was previously on to a pair of new servers using Heartbeat and Pacemaker for High Availability, upgrading production sites from a variety of editor configurations (TinyMCE Module, FCKEditor Module, Wysiwyg Module with FCKEditor) to CKEditor on the Wysiwyg Module, and renewing our SSL certificates which were due to expire on the 31st.

Naturally, things don't ever go according to plan.  As we began our upgrade, we discovered that Entrust, our SSL provider, was having issues with their CA control panel.  While we could (and had) revoke our old certificates, we could not issue new ones.  This could be a big problem as it would impact both the old and new environments.  A call to Entrust support revealed that they were aware of the issue, but had no ETA on the resolution.  45 minutes later, we were finally able to get back on track and issue the certificates.

Next, we attempted to bring up our high-availability environment.  And yet, no matter how much we tried, the grouping would not come up.  Finding a configuration to colocate 9 resources, start IPs before Apache, and manage them based on pingd is more difficult than the docs would make it seem.  Or maybe I just missed something in the documentation.  We're still having some trouble with out STONITH processes.

Finally, we had to go through our 64 production Drupal sites to update them all to use CKEditor, a custom set of CKEditor buttons, and a module for retaining login logs (outside the standard Drupal logging that keeps a limited number of entries).  The CKEditor button configuration is provided by a module written in-house, so we can adjust it (and keep it consistent across all sites) with ease.  Unfortunately, we were also testing modules under PHP 5.3, so  we discovered a number of small issues.

Ultimately, the 5 hour plan ended up taking 10 hours, but it will buy us many times more that in the long run in terms of support costs.  It will hopefully be a nice clean platform for our two new employees starting as soon as the University opens from winter break.