Dave Lachapelle

Recently came up against a bit of a tough nut to crack, so to speak, and thought I’d write up a quick blog about how I fixed it, in case anyone else has this problem. At MRX, we have several different hosting environments we use, one of which is a shared environment for our smaller clients. The problem being that one of those clients had a vulnerability on their site that was allowing spammers to send unauthorized e-mail through our servers, thereby getting us onto a whole bunch of blacklists.

After a bit of searching around, it seems as though its actually possible to completely disable the mail() function from PHP, however, that was only a temporary solution. This is simply a matter of adding

disable_functions "mail"

to the php.ini file and reloading the apache configs.

While I searched for an actual solution to the problem, I came up with the idea of attempting to use a php_admin_value flag value to disable e-mail for a specific virtual host inside the htaccess files until I was able to determine which was the offending site. Again – brick wall – PHP doesn’t support setting disable_functions in the php_admin_value flag.

So, after a bit of searching, I decided to just add the following to each site’s .htaccess files:

php_admin_value sendmail_path "/dev/null"

Essentially sending all e-mail to /dev/null for that particular site. Perhaps not the most elegant solution, but it was effective, as we are no longer sending e-mail through a broken form and I was able to alert the affected client that they had a problem.

Continuing on my latest theme of blog upgrades – I just got a new server set up for myself over here at the new MRX datacenter, and got my blog transitioned over to it. If you’re reading this post, then likely you’ve gotten the new DNS. If you hit my blog from twitter and get a 404, well, you don’t have the new DNS yet, and you likely won’t be reading this yet.

I’ve taken the liberty of setting up Varnish in front of Apache, I know my blog doesn’t get much traffic, but at least it should respond a lot quicker – sometimes I find wordpress to be kinda slow. I’m going to be tweaking the config, and once I have it just right, I’ll post my VCL code here for anyone who’s interested in optimizing Varnish for WordPress installs.  It also has the added benefit of protecting my blog should (hell freeze over and) one of my posts suddenly become popular.

So, big news of the week, Oracle just bought Sun Microsystems for some ridiculous amount of money ($7.4 billion in cash).  Aside from the obvious moanings of how I wish I had $7.4 billion in cash just sitting around so I can buy up companies like playing monopoly, this deal has me (and likely a number of other people) wondering about the future of MySQL now that its going to be owned by Oracle.

I’ve been reading up on the topic a lot, and it seems as though no one’s really talking about whats going to happen with Sun’s newest acquisition.  I can’t say I’m not just a little concerned, since all of our work here at MRX is powered by MySQL databases.  Thats not to say I’m afriad of Oracle, just its both expensive (as in not free) and complex.  I’d argue, so complex that not many people out there who know Oracle are looking for work.

One interesting point I did find when reading up on the topic that I didn’t really know, is that Oracle does own a number of other database systems including TimesTen, Berkeley DB open source, as well as InnoDB.  However, none of these directly competes with Oracle, whereas MySQL does.  So, the question is, do they monitize MySQL to a lesser degree than Oracle (while maintaining some form of stripped down free version), do they drop MySQL alltogether and provide some form of migration path to Oracle 11g, or do they simply let both co-exist and continue monitizing Oracle.

If I had to guess, I’d say they will likely monitize MySQL to a lesser degree than Oracle, probably in the form of support contracts mostly, and still continue to provide a free open source version of MySQL.  Obviously they would charge for any new features they decide to add to MySQL along the way.  Probably very similar to Redhat Enterprise’s business model – seems to be successful for them.

So, I just upgraded to Ubuntu Jaunty on two of my VMs here at the office.  I know its not set to come out in a final release for a few days, however, we’re in the process of migrating to a fully virtualized system, and unfortunately Intrepid has some issues with iSCSI connections.  Namely if you try and shut down the machine, it’ll hang because it tries to disconnect the drive before its unmounted and then just throws errors.

Anyway, as per usual, the upgrades went more or less flawlessly – minus a few symbolic links that needed to be re-created.  Since I don’t have GUIs on these machines (waste of resources on servers if you ask me), a quick:

sudo apt-get update
sudo apt-get install update-manager-core
sudo do-release-upgrade -d

And about half an hour later and I was all upgraded.  No more iSCSI disconnection problems, and one new feature I’ve found that actually changed my whole workflow when it comes to servers.  That being the inclusion of screen-profiles, a sort of profile manager for screen allowing you to create default screens that open when you log in, as well as status bars, clocks and notifiers.  If you haven’t heard of it, I’d highly recommend you check it out.

Ubuntu Jaunty Jackalope – Alpha 3 | Ubuntu.

So, I happened across this article today, written by a Scott Wallace, I’ve copied the text here in case his site goes down for whatever reason. Note, I haven’t tried this as of yet, but in the future when I fill up my drives, I’ll likely be able to just buy another 500 gig drive and convert my raid-1 array to a raid-5 array instead of having to buy another 3 whole drives.

Converting RAID1 to RAID5 with no data loss | scott.wallace.sh

(continue reading…)

Further to my previous postings about Ubuntu and VNC, which seems to have been the most popular page on my blog for a while, I happened across this post from Sam Lesher this morning on how to enable Ubuntu’s built-in remote desktop from the command line. The built-in remote desktop uses VNC, and so kind of eliminates the need for any form of VNC Server setup.

Sam Lesher » Ubuntu 7.04 – Enable/Disable Remote Desktop from the Command Line

To enable remote desktop from the command line, issue this command:

$ gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true

To disable remote desktop from the command line, issue this command:

$ gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled false

Unfortunately, this only works if you have previously configured remote desktop with a password, which would in theory require physical access to the machine.  That being said though, I want to set it up remotely, and so to add to Sam’s guide, I’d like to add that you can X-Forward a gnome session through SSH which will allow you to change this option.  I’m working on a how-to which I will post shortly.

Well, its been a long time coming, but tank has finally died. For those of you who no not its saga and history, you are sorely missing out. Though, as with any computer system, especially one containing my whole television collection as well as all my backups, it will rise again. Not after some serious modification though.

As it would appear, the motherboard finally died, the system simply refused to boot if any SATA drive was plugged into it – obviously a problem. I went out to the local computer shop and picked up a new motherboard, processor and ram. Specially, I got myself an ASUS M3N78-EMH HDMI motherboard, and I know, I have absolutely no use for an HDMI motherboard, but it fullfilled my main requirements of being under $100 and having more than 4 sata ports (specifically it has 6), bringing my total available sata connections up to 8 (I have a PCI card).

So, I get it all home, rip apart tank – dust off as much as I possibly can, and I go to town unpacking, reconfiguring the case and generally getting everything set up. So, I’m sitting there going through the checklist, processor mounted… check, processor fan mounted… check, ram mounted… check, hard drives plugged in… check, *CRAP*… well, it would appear my 4 year old Thermaltake power-supply is only a 20-pin, and this new motherboard is a 24-pin. Now this is at 9:30pm on a Sunday night… no computer supply shops are open.

So, just a quick note to anyone looking to upgrade, check your freaking PSU before you buy a new motherboard!

I have to start off by apologizing, I had intended on posting this last week, but got tied up with a lot of work stuff. Our Windows server decided to throw a hissy fit, and I really hate windows. Somehow the permissions got all messed up and IIS wouldn’t read any of the web files, we spent almost three full days trying to get the permissions set back up. Finally we just gave up and decided to back up the system and re-install it.

Anyway, continuing on the theme of system optimizations, I thought I’d talk a little bit about a simple optimization you can make to MySQL, that will greatly increase your server performance. In comes MySQL’s Query Cache or qCache for short. Its already built into MySQL, all you need to do is enable it. “But caching data is bad” or, “My boss says we update our data too much to make it worth caching”. Both of these ideals are in fact wrong. I used to hold to the one that said that caching data is bad, yes, it generally is a bad idea if done improperly, but if done properly it’ll save you a lot of time.

(continue reading…)

And no, thats not APC as in American Power Conversion, thats APC as in Alternative PHP Cache. At the office, we host a fair number of high traffic websites, sites that routinely push a few gigs of traffic a day each. Obviously, thats a lot of web traffic, and we do have to keep our servers running fairly well. We also have a few, what we refer to as “seasonal” sites, where traffic for the sites spikes during certain parts of the year.

(continue reading…)