System Overlord

A blog about security engineering, research, and general hacking.


I don't know how I missed it before, but I found a great backup tool today.  It's BackupNinja.  It's stupidly simple to set up to back up a small number of machines.  It's no centralized backup system like bacula, but for a single server or two (like I have) it seems far better than a "roll your own" solution.

So, a big Christmas thank you to the BackupNinja devs.

WikkaWiki: My new PIM

For a while now, I've found myself finding tidbits of information that I think would be useful again in the future, or more commonly, having to look up things where I know I've looked it up before.  In both cases, I keep thinking that I need somewhere to document this.  For a short while, I just threw this information into a file called "TIPS" that I edited with vim.  Sounds great, except I use a lot of computers, and keeping it on a flash drive meant pulling out the flash drive a lot.  Not only was that slightly inconvenient, but even worse, the file was becoming unwieldy, and there was no good way to link to web-based resources for finding more information.

Enter WikkaWiki.  At work, we run MediaWiki, but I decided to look for something more lightweight and just a little bit of a change.  Basic requirements: lightweight, PHP-based (say what you want about PHP as a programming language, but I already have it for WordPress), and using either filesystem or MySQL backgrounds (see comments about PHP).  WikkaWiki fit the bill, and it has native support for mind maps, which I thought might be useful at some point.

I've created a dozen pages or so, and I thought I'd write up a few thoughts on WikkaWiki.  First off, the default ACLs don't seem to work properly.  I've set default ACLs in the config file, but am still getting the "default defaults" on new pages.  Maybe I'm missing something. [Edit: Turns out, I forgot I had set apc.stat=0, which requires that the APC cache be manually flushed to see changes to PHP files, such as wikka.config.php.] Secondly, I wish categories worked a little more like MediaWiki: having the categories listed together in a box at the bottom is convenient and easily distinguishable.  Finally, I'm very hopeful that Table of Contents will be implemented at some point.  I've seen some proposals out there, and I do like the auto-ToC in MediaWiki.

We'll see how I do keeping up with putting this information into my personal wiki.  Hopefully it will do well for all the information I need to keep handy.

(As a side note, this blog, my wiki, and many of my other web-based services are all hosted on a Linode VPS running Ubuntu Server 10.04 LTS with Apache, PHP, and MySQL.)

Working 21 Hours... I Love This!

On Friday (and Saturday morning) I had the opportunity to spend 21 hours at work.  If this were a regular occurrence, it would probably be a nuisance, but doing this every once in a while has a certain excitement to it.  Working late at night is a unique opportunity to Get Things Done.  When it happens, it usually means we're putting some project that's been planned for months into production, and that's just an amazing feeling, if things go well.

Our goals were three-fold: we were migrating our production Drupal environment from the older server it was previously on to a pair of new servers using Heartbeat and Pacemaker for High Availability, upgrading production sites from a variety of editor configurations (TinyMCE Module, FCKEditor Module, Wysiwyg Module with FCKEditor) to CKEditor on the Wysiwyg Module, and renewing our SSL certificates which were due to expire on the 31st.

Naturally, things don't ever go according to plan.  As we began our upgrade, we discovered that Entrust, our SSL provider, was having issues with their CA control panel.  While we could (and had) revoke our old certificates, we could not issue new ones.  This could be a big problem as it would impact both the old and new environments.  A call to Entrust support revealed that they were aware of the issue, but had no ETA on the resolution.  45 minutes later, we were finally able to get back on track and issue the certificates.

Next, we attempted to bring up our high-availability environment.  And yet, no matter how much we tried, the grouping would not come up.  Finding a configuration to colocate 9 resources, start IPs before Apache, and manage them based on pingd is more difficult than the docs would make it seem.  Or maybe I just missed something in the documentation.  We're still having some trouble with out STONITH processes.

Finally, we had to go through our 64 production Drupal sites to update them all to use CKEditor, a custom set of CKEditor buttons, and a module for retaining login logs (outside the standard Drupal logging that keeps a limited number of entries).  The CKEditor button configuration is provided by a module written in-house, so we can adjust it (and keep it consistent across all sites) with ease.  Unfortunately, we were also testing modules under PHP 5.3, so  we discovered a number of small issues.

Ultimately, the 5 hour plan ended up taking 10 hours, but it will buy us many times more that in the long run in terms of support costs.  It will hopefully be a nice clean platform for our two new employees starting as soon as the University opens from winter break.

Firefox Extensions

I currently use Firefox as my primary browser predominantly because of the number of extensions I regularly use in my work in Information Security & Web Development.  I also like Chrome and am hoping to find parallel functionality in Chrome to all of my Firefox extensions to have 2 viable browsers.  My Firefox extensions are:

  • Adblock Plus
  • Certificate Patrol
  • Domain Details
  • Download Statusbar [In Chrome core]
  • Firebug
  • Firefox Sync [In Chrome core]
  • Greasemonkey
  • HTTPS Everywhere
  • Live HTTP Headers
  • Long URL Please
  • NoScript
  • Page Speed
  • Read It Later
  • RetailMeNot
  • View Cookies
  • Web Developer
  • YSlow

I'd appreciate insight into comparable functionality in Google Chrome.  Thanks!

1 OS, 2 Servers, 5... days?

At work, we're switching a number of our LAMP stack applications to be hosted on Ubuntu Server.  Because of its increased stability, we generally run the LTS editions, so we're currently on Lucid Lynx (10.04).  In this particular case, we're moving our Drupal CMS hosting over from RHEL 5.4 to Ubuntu Server on two new servers to be configured for high availability.  Turns out it took 5 days to do what would normally be done in a half a day.