Archive
Posts from 2006
Securing PHP installations
I have been using PHP for quite some time, and have developed a love-hate relationship with it. The ability to rapidly create dynamic web applications is extremely powerful, but PHP's absymal security track record often leads me to wonder if I should be using it (especially since a fair number of opensource PHP applications are poorly coded, and using them can put your hosting platform at risk). Over the past few months, I have spent a fair amount of time researching ways to protect my PHP enabled web servers from insecure code, and unknown PHP vulnerabilities. There are a number of ways you can tackle PHP security, the most important being designing and writing secure PHP code…
$ read more →Using ZFS compression
One of the nice things about ZFS is it's ability to transparently compress file system data. Compression can be enabled or disabled dynamically, and compression policies can be applied on a per-file system basis. This can be extremely useful if you need to save space on a file system that is used primarily to archive data, since you can create a file system decicated to data archival, and then enable compression on that file system to save space. If on the other hand performance is your primary concern (e.g., actively used Oracle database files), you can create a file system without compression…
$ read more →Concert review Alice In Chains
I am a huge Alice In Chains fan, and have traveled the country several times in the past few years to see Jerry Cantrell perform live. When I heard they were coming to my home town to play a show, I did everything it took to get tickets, and then had to patiently wait eight weeks to see them live. :( That my friend is hard to do when you love a band as much as I love Alice In Chains, but the eight weeks eventually passed and I got my chance to see them rock out last night! The band took the stage a little after 10pm, and they started the show with an amazing version of "Again." Jerry was on fire, William sounded great on lead vocals (he is definitely no Layne Staley, but sounded awesome nonetheless), and Sean and Mike were spot on with drums and bass…
$ read more →Patching PHP on Solaris hosts (all patch utilities are not created equal!)
While attempting to use the default Solaris patch command to apply the suhosin patch to the PHP source code, the patch command bombed out: The unified diff contained the name of each file to patch, so I decided to see if the GNU patch utility (which is installed in /bin on most Solaris hosts) worked: GNU patch worked flawlessly, which leads me to wonder if the Solaris patch command requires additional flags to process unified diffs similar to this. I have had a number of issues arise with the default Solaris patch utility over the years, and for some reason it doesn't seem to process unified diffs as smoothly as the GNU patch utility. In the interm, I aliased patch to gpatch to avoid these types of issues. :)
$ read more →Monitoring DBUS events
While debugging a goofy GNOME / USB interoperability issue this week, I came across the dbus-monitor program. Dbus-monitor allows you to view messages as they are sent on the DBUS message bus, which can be amazingly useful for debugging hardware and software interoperability issues. To print the messages that are traveling on the system message bus (DBUS defines two types of buses, one is the system bus, the other is a per session bus), dbus-monitor can be run with the "-system" option: In this example, you can see that two message were sent when a hardware device was added and removed from the system. After reading through a slew of documentation, I am finally starting to understand how all of the GNOME packages tie in one another…
$ read more →