This is to keep me out of trouble :)

72a73
>     my $confirm;
86c87,96
< @modules=keys %$map;
---
>     print "Are you SURE you want to webupdate everything? (y/N): ";
>       $confirm = <stdin>;
>       chomp $confirm;
>       if (($confirm !~ /n/i) && ($confirm =~ /y/i)) {
>             @modules=keys %$map;
>           } else {
>             print "You entered '$confirm'.n";
>             print "Guess not.  Exiting.n";
>             return 0;
>          }
</stdin>

Nice little surprise tonight. It appears as though (I’m actually quite certain this is what happened) we had some unfinished code checked into Answerline and the Shared classes. It was related to naming. When I webupdated Kulshan to get some of my new code updated, problems obviously arose. There shouldn’t be broken code checked in but also I should not have webupdated in such a way. Well it was an easy 5-minute fix (most of the time was spent bunzip2’ing a backup). Simply moved answerline to answerline-backup, and shared to shared-backup. Scp’ed over a day-old backup of both, and untar’ed them to the proper location.

Today consisted of typical server maintenence work. I updated three phpBB installs to 2.0.17(current) and backed them up before and after said update. I also backed up the three databases. We’re coming to a point in which we’ll need to clean out all of the databases to begin Fall quarter so I’ve been making preparations for that.

I also applied a couple of security patches to the Gentoo boxes, and patched Depts. for two new vulnerabilities within IPSec and Zlib (again?).

Tomorrow will be a day for further security / organization work. I’d like to slim down the various servers so it’s easier to see what all we need to back up and transition over in the future. Right now I keep discovering things (namely things in web directories) that are a few years old… I will also make some changes to Kulshan’s DB and webupdate Kulshan to get the new Control Panel look. Woohoo.

In other news, some coworkers have recommended Dreamhost as a good hosting solution. I might need to look into that, because I’d like to have a 24hr. web page, but be able to reboot my home box.

I worked today to get the Config pages organized. I like to have as many pages as possible matching the same look, and organized similarly, so I started there. They look pretty nice. I used what Pat showed me when I did the upload script’s page. I also did some minor database work because Sitzmar’s printer script was trying to write to a field that didn’t exist. I also added some fields for ipreg.hits to keep track of the time and staff member who added an exception. I plan to continue doing this reorganization for some other pages, for example the password changing script, which is currently ugly.

We talked to Kurt about Packeteer on Monday. There is some confusion over whether we were supposed to get a 9500 or 9500ISP version. Deborah is out of town, and she has the actual shipping receipt so I can’t really confirm. I presume it’s simply the 9500 based on everything I have seen, but the two are quite similar in all obvious ways so it’s difficult to tell.

Tomorrow(or today, as the case may be) I am going to review the IPTables logs and see what all is connecting to our two DB servers. I think I already know, but I will review the logs to make sure I have not missed any automated scripts which need access. Then I will finally enable the iptables rule that drops unrecognized connections. A small step toward securing the servers. Which reminds me, I need to start doing a full security audit of all of the servers. Especially before Fall opening.

Perhaps tomorrow I will update a few packages too.

I’ve been playing with PHP and analyzing some PERL code lately. I wrote a little script in PHP which connects to our LDAP server and gathers some information. Then it parses through the information and outputs all the UID numbers, sorted from least to greatest, and closes the connection. It was mostly just as a learning experience but I’ve been curious about scripting LDAP stuff, and that was one of the things I decided to try. Now I don’t have to go manually export an LDIF, and use a shell command to parse it.

I was wondering how difficult it would be to write a script that actually creates a new user. Probably not that difficult. I’ll look into that in the future. I want to play around with some C/C++ and Perl.

Also, I’m curious about some real object-oriented programming. I don’t know much about it, and I heard Ryan and Mike and Pat saying that one of the things CS students lack is object-oriented programming ability (if I heard them correctly). So I will dabble in that too. Right now my experience is pretty limited to just simple scripting and logic, but I can remedy that.

It appears as though Registration has been coughbroken since the 6th of July. This was due to a small oversight of mine (small?) while merging the config files on Odin, specifically /etc/squid/squid.conf….Pat, Nick, and Ryan noticed this while looking into the source of some Tenshi errors. Needless to say, a bad, bad mistake. They were cool about it though. Luckily it’s summer and it didn’t happen during Fall opening. I guess making big mistakes is the best way to learn what not to do, and avoid mistakes later on.

I discovered a few glaring security holes on a server last night and fixed them around 4:00am. Also found another incident today, same server, and fixed that. Hopefully there are no more of those little surprises sneaking up on me. I think Nick talked to a couple people about it. I think we need to make security a big deal around here, even though we aren’t exactly the highest-priority target, we do have ~3500 (?) people who rely on us for their privacy.

Made the upload tool live today and it seems to work but may, in fact, break in a day without explanation. We’ll see?

Alvis’ install of Apache continues to segfault, so I tried downgrading to an older version of Apache but that proved difficult with the way portage handles modules and masking. I was messing with the configuration, and was able to get some of it working, but ran out of time and had to go somewhere so I remerged all of our old setup and the old configs, so it’s “back to normal.” The stable mod_php has Apache 1.3 listed as a requirement to build. We’re currently using php5, apache 2.0.54-r12, unstable perl module, SSL, ldap & auth_ldap, etc. The fact that Apache2 itself isn’t stable is bad, and when combined with a bunch of other unstable modules, something is probably bound to go wrong. It’s difficult to figure out what is causing the segfault. I did notice a lot of people on the forums seem to have problems with Apache2 and these unstable modules such as PHP5, and sometimes having to do with certain MySQL calls. So many variables! If the segfaults continue as frequently as they have, I guess I will be forced to downgrade everything to stable one night when I’m not in a hurry to go somewhere.

I wrote an upload utility which can be used to upload images onto Kulshan, usable by the staff. It felt nice to write some PHP that worked, and understand the logic behind it. It hasn’t gone live yet but will today probably. Pat was helpful with getting the CSS/HTML to be very clean, and match the design he uses for most of his apps for consistency’s sake.

The talk of migrating servers/services to new boxes, or splitting them up, is underway. It seems to be a possibility that we will get new boxes, but I’m more excited for just organizing things as opposed to having newer stuff. I’ve started writing up some plans for how I/we will implement the actual switchovers.

A simple portupgrade of nss_ldap today broke ldap on Depts. I’m not sure how, or why. The new version of the port was quite a jump and I’m assuming it was an incompatibility with either our config or another module such as pam_ldap. It was really stressful though. Eventually got it fixed using Mike’s suggestion to simply roll back to a previous version. Lucky the one available on freebsd.org for 5-stable was a few weeks old. Still confused about the problem though.

I wrote a simple iptables rule the other day to protect our MySQL servers, and tested it. I have logged a day or two of activity on that port to make sure I have a list of all IP’s that need access to Kulshan. Once Kulshan is protected, I can do the same for Alvis. Small steps.

Woke up around 9:45. Arrived at the office a little before 11:00. At about 11:30, got Mike’s keys and headed over to the Ridge with Gordon to fix Depts. locally. The guy at the entrance, painting(?), asked what we’re doing. I explained “We’re going to fix a server in the lab. We work for ResTek” and he said, “Oh, okay.” Later he explained “I didn’t mean to be a dick, I’m just not supposed to let everyone in here. Especially with the football players around and all.” Hooked up a keyboard and monitor to Depts, logged in as root (didn’t even need to boot single-user) and:

1. cd /etc/pam.d
2. cp ~kian/other-fixed ./other


Then checked if I had sudo.


$ sudo -s
Password:

#


Left the office at about 2:30, and it was really sunny today (still is) so I just drove. I ended up in Fairhaven. I went into the bookstore and went downstairs to look at a book I saw there before. It has a poem in it that I like:

“To see a World in a Grain of Sand
And a Heaven in a Wild Flower,
Hold Infinity in the palm of your hand,
And Eternity in an hour.”

The book is called “The Golden Ratio.” I bought a different book called “Feynman’s Rainbow.” Then I sat outside in a little park area and read it for a while. Some guy asked if I minded if he play guitar while I read, and I told him No. I noticed he played Pink Floyd’s “Wish You Were Here.” Then I bought an ice cream cone and found my way back home.