News:

The anti-spam plugins have stopped being effective. Registration is back to requiring approval. After registering, you must ALSO email me with your username, so that I can manually approve your account.

Main Menu

New Server Coming Soon

Started by Xepher, February 23, 2007, 01:57:29 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Xepher

In other news, if you're having issues with stuff being super slow or failing to connect... the entire datacenter is apparently being DDoSed... basically a flood attack. It's causing packet loss of up to 50%, which really screws with connections. I hate hackers that do this sort of thing.

fesworks


www.PSIwebcomic.com
www.TheShifterArchive.com
www.ArdraComic.com
www.WebcomicBeacon.com

reinder

Will the new server have PHP safe mode on? For that matter, does the current one still have it? I've been thinking of installing Gallery 2.0 to revive my creaky, broken old gallery section, and it says in the requirements that it needs to have Safe Mode off.
We've dealt with this before, on my latest upgrade, but that was aaaaages ago :)
Reinder Dijkhuis
Rogues of Clwyd-Rhan | Waffle

Xepher

Ever since I switched PHP to cgi mode, it runs a script as the user who owns it, making it pretty secure (for the system, not necessarily the user) to run without safe mode. Basically, it means if there's some exploit that gets used, it can still damage any other files you have, but it can't hurt other users or the system. (In theory, of course...)

So yeah, safe mode is off... if it's not than I can turn it off. (I sometimes forget every setting I've made when I upgrade PHP and it replaces my config files.)

Databits

I.E. you're using suexe right? I'd hope so. :P

Perhaps just making some little backup utility for the user that tarballs their public html folder and then dumps their db and adds it to the tarball making it available for that user to download would be helpful. Something you and I can probably do with ease, but isn't quite as simple for other people around here.

Oh and why would gallery 2.0 need non-safemode?
(\_/)    ~Relakuyae D'Selemae
(o.O)    
(")_(")  [Libre Office] [Chrome]

Xepher

Yeah, it's suexec right now, but it won't be on the new server. As I nerded out and talked about some other post (too lazy to look where right now) it's going to run peruser MPM in apache itself. Apache itself will fork a user-owned process to serve all content for that account... script or no script. This lets me use mod_php again, putting PHP directly into apache, instead of calling it as a separate runtime. It also eliminates the need for the executable bit and strict permissions as required currently by suexec.

As for the tarball thing... maybe on the new server, but for the most part, people should just be able to connect with their SCP or FTP client and then drag/drop their whole public_html (or even home) folder. I setup the filesystem with that in mind. Hence why each user has their mysql tables actually stored inside their home directory, although they can't write to those files directly, as that would be BAD, it does make for an easy backup scenario as I just described.

Gallery 2.2 has a huge thread about safe mode, but the main thing seems this...

QuoteYou cannot use pipes or redirects when executing system calls which is painful (though not insurmountable) for the graphics manipulation packages like NetPBM that expect to use pipelining.

mkdir() will not allow you to create new directories unless the parent directory has the same UID as the process being executed. This means that Gallery will not be able to create it's data directories under the top-level "albums" directory that you created using ssh/ftp -- your ISP will have to chown the top-level directory for you in order for you to successfully install Gallery.

You cannot call set_time_limit() in safe mode, which means that Gallery cannot do anything that takes longer than 30 seconds (or whatever the server is configured to allow). This means that at the 30 second mark, your operation will be interrupted. Since the most commonly used database (MySQL) in its most commonly implemented setup (MyISAM) does not allow transactions, this means that you virtually guarantee data corruption when your long operation fails.
The thread (found at http://gallery.menalto.com/node/3017 ) has a point about safe mode basically being what you use if you have no BETTER way to secure things... I totally agree, it's basically a workaround for a flawed model of webservers. That is, that the website and the webserver are owned by the same user, which is rarely the case in any multiuser environment these days. Suexec or the peruser MPM I talk about above are much better ways of doing security, and pretty much obsolete safe mode.

That said, I personally find gallery to be needlessly complicated code for what should be a rather simple task. I haven't used the 2.x series much, but about 40% of the bot/hack attacks I've had to deal with were from bugs in users various gallery (1.x) installs... another 50% were bugs in phpBB installs. I'm not saying don't use it if it's what you want. Just keep it up to date when they release bug fixes, and maybe take a look to see if there's some lighter weight code somewhere that still does what you need. I personally wrote my own simple gallery/thumbnail maker. It's one file, and does really nothing but accept uploads, let you title/date them, and automatically make a thumbnail. http://xepher.xepher.net/images/ Code is http://xepher.xepher.net/images/code.phps It's 4kb, and requires nothing outside of PHP itself. Gallery is 9.5 MB! and also requires external programs to process images. To me, that just means a lot of room for bugs and potential exploits, mostly in features and such that I'd never even use. I'm betting someone out there has written something that'll do what you need without being as much overkill as gallery is. Totally your choice though.

reinder

Quote from: XepherThat said, I personally find gallery to be needlessly complicated code for what should be a rather simple task. I haven't used the 2.x series much, but about 40% of the bot/hack attacks I've had to deal with were from bugs in users various gallery (1.x) installs... another 50% were bugs in phpBB installs. I'm not saying don't use it if it's what you want. Just keep it up to date when they release bug fixes, and maybe take a look to see if there's some lighter weight code somewhere that still does what you need. I personally wrote my own simple gallery/thumbnail maker. It's one file, and does really nothing but accept uploads, let you title/date them, and automatically make a thumbnail. http://xepher.xepher.net/images/ Code is http://xepher.xepher.net/images/code.phps It's 4kb, and requires nothing outside of PHP itself. Gallery is 9.5 MB! and also requires external programs to process images. To me, that just means a lot of room for bugs and potential exploits, mostly in features and such that I'd never even use. I'm betting someone out there has written something that'll do what you need without being as much overkill as gallery is. Totally your choice though.
I see your point, especially because my Gallery 1 install hasn't been a picnic for me to maintain either. I'm holding out hope that the 2.x series is less buggy and offers better separation of templates and code functionality (that aspect of series 1 was terrible, even though it's both an obvious idea and easy to implement - when I asked for templates to be separated in atp autosite, the guy who made it redesigned and built it that way in a matter of hours). If it isn't, I'll be very cross.

I've thought of deleting the Gallery installation outright, but I can't make myself. There's something of value in having an image gallery on my site - something that isn't the webcomic or the blog - and I'm convinced that there's value in having it set up properly, with comments, an RSS feed and all the navigation and sorting you need when the image collection grows big. Your images script is a neat enough tool but looks a little too quick-and-dirty for what I want.
Gallery, on the other hand, is big and bloated, just as you say. Something inbetween should be good for me if I can find it - especially if I can import my existing Gallery data in there. Any tips, anyone?
Reinder Dijkhuis
Rogues of Clwyd-Rhan | Waffle

Databits

Oooooooh nice choice.

I thought about that kinda setup for the small setup I've got separate from my Xepher.net account (it's my business server), but considering it's currently just a VPM rather than a full fledged server, I decided that it wasn't worth it.
(\_/)    ~Relakuyae D'Selemae
(o.O)    
(")_(")  [Libre Office] [Chrome]

Xepher

Oh, I wasn't expecting you to be able to use my script... it's totally underpowered and hacktastic unless you use it EXACTLY the way I do. I just meant it as an example of how simple the actual image processing is, with built in php functions even. I originally meant that as a simple proof-of-concept while I added features like comments, navigation, tags, etc... But since it mostly did what I needed, I lost motivation and it stopped there. I'll probably pick it up again in the future, but, well... we know how that goes. :-)

cha0s

Thanks Xepher. You're the best.
xepher puts the SEXY in DYSLEXIA

My Music!
FreeBASIC rox hard

Databits

Not sure who you're replying to, I was referring to the server setup though. We used something like that in my apache admin course a few years back. It's not exactly super unique, and worked somewhat well for what we were doing with it. I'm not exactly sure how well it'll hold up under a larger amount of load though (although with some of the systems now days that's hardly an issue).
(\_/)    ~Relakuyae D'Selemae
(o.O)    
(")_(")  [Libre Office] [Chrome]

Xepher

Oh, yeah, sorry... I was replying to Reinder last time.

Databits

Gotta love multi-topics in forums! :P
(\_/)    ~Relakuyae D'Selemae
(o.O)    
(")_(")  [Libre Office] [Chrome]

dragyn


psychobob

Hahahahaha!! OMG, all this time I was looking for that "on" switch in Squirrel mail and not on my account itself XDDD!!

I got dogpiled by so many e-mails, including....DR. PHIL!

Yah, I'm a dork :P