All Posts By

Barney Desmond

# mysql_secure_installation… Ya-ha-! (and ~/.my.cnf)

By | Technical | No Comments

I was setting up mysql-server for a customer recently and noticed something interesting – there’s a helpful script included with mysql called mysql_secure_installation. We thought about that for a moment and had a chuckle. Okay, that was a little unfair; it’s no secret that we prefer to use Postgres wherever possible, but the idea of having a “make it all secure” script isn’t too bad an idea, as long as it doesn’t produce a false sense of security. The script does good things, but MySQL could probably be doing things better to begin with – make it more secure out-of-the-box, and the last thing they should be doing is shipping it with an empty root password. >_< It pains me to say it, but I think MSSQL probably comes with…

Read More

Tales of Hardware – IBM RSA-II slimline

By | Technical | No Comments

In a recent post I mentioned that there are some nice things about using Supermicro hardware here at Anchor. There’s a bit of a dark lining to that silver cloud, however – we’ve had the worst luck trying to get their IPMI stuff to work in any sane way. IPMI is short for Intelligent Platform Management Interface. Different companies have different names for the technology – Dell has this in their DRAC cards, HP calls this iLO, Sun calls it ALOM. IPMI basically gives you access to a bunch of diagnostic information and management controls for the server. The real killer feature is remote console. Because IPMI is largely independent of the rest of the system, you can get unimpeded access to everything on the server, regardless of what state…

Read More

WordPress 2.7, now with fewer absurd bugs

By | Technical | No Comments

I went ahead and upgraded the installation of wordpress we use for this blog from 2.6 to 2.7 – you won’t notice anything mind you, but we get a completely different admin interface under the hood. Keeping things up to date is always a good idea from a security standpoint, but I also wanted to address an odd issue that wasn’t present in my own personal installation of 2.7. I’d noticed a little while ago that the font-colour controls in the editor didn’t seem to work. I could select the text and apply the colour, but the change disappeared once I saved the changes. Looking at the HTML, something odd was afoot: <span style=”#990000″>lorem ipsum dolor</span> Definitely not the expected behaviour, the “color:” was being stripped out of the style…

Read More

Tales of Hardware – IBM x3650

By | Technical | No Comments

All the servers Anchor buys are from Supermicro. Most people won’t have heard of them, but they’re a sizeable hardware vendor that also does some OEM gear. Supermicro certainly doesn’t carry the mindshare of other big brands like HP, Dell, et al., but we chose them because their stuff is reliable and affordable – we focus on the things that actually matter, rather than some enterprise-y idea of sticking with big brands that you trust – “noone ever got fired for buying IBM” they say. Actually, hold that thought for a moment.

Read More

Firewalling VMware ESX for console access

By | Technical | No Comments

One of Anchor’s more recent product offerings is VMware-based virtual private servers. As one of my colleagues has already detailed, we take extra measures to secure the VMware host server to reduce the possibility of a compromise. Our VPS offering uses VMware ESX, which runs on bare metal and doesn’t have a host operating system. This isn’t the full story – according to documentation it boots a Redhat Enterprise Linux 3 system, then loads the vmkernel which is where the real work is done. One of the nice things about this approach is that there’s a userspace environment in which to run support software, like good monitoring components. We ran into an odd problem recently with an ESX host server on a dedicated network segment, namely that we couldn’t view…

Read More

Another great reason to run Postfix as your MTA

By | Technical | One Comment

All of our managed Linux servers here at Anchor use Postfix, written by Wietse Venema, as their mail server. Postfix is easy to configure, works out of the box, written with security in mind, actively maintained, and very fast. These are all very good reasons to stick with Postfix, but I’ve just found another one for all the programmers out there: http://dotat.at/writing/exim-turing.conf From Tony Finch’s homepage: I realised recently that Exim is Turing-equivalent so I decided to write a little demo which includes an informal description of how to translate a Turing machine into an Exim configuration, and an example configuration that implements combinator reduction like my IOCCC winner mentioned above.

Read More

Inode shortage reaches critical levels

By | Technical | One Comment

A customer got in touch with us recently saying they couldn’t upload files via FTP due to insufficient diskspace, but there was plenty of free space apparent when they logged in and checked. We don’t normally manage their server, but we said we’d take a look. [email protected]:~# touch /srv/www/newfile touch: cannot touch `/srv/www/newfile’: No space left on device After logging in and taking a look around, the problem became apparent. [email protected]:~# df -h Filesystem                Size  Used Avail Use% Mounted on /dev/mapper/nayuki-root  1016M  536M  429M  56% / /dev/mapper/nayuki-usr    4.0G  1.3G  2.6G  34% /usr /dev/mapper/nayuki-var    4.0G  1.3G  2.6G  33% /var /dev/mapper/nayuki-www     50G   41G  6.4G  87% /srv/www There’s plenty of disk space… [email protected]:~# df -i Filesystem                Inodes   IUsed   IFree IUse% Mounted on /dev/mapper/nayuki-root    65536    7244   58292   12% / /dev/mapper/nayuki-usr    262144   96830  165314   37%…

Read More

Anchor’s New Colocation Fit Out – Stage Two

By | Company News, Technical | No Comments

Our new colocation space will be ready to go very soon! In the last couple of days we’ve had the new racks installed and the basic network infrastructure connected. The power rails in each rack will be powered up on Friday, and the network hardware will be installed. We expect to have live equipment in there in less than a week. This will mostly be a photo post, they speak for themselves. To keep things interesting we’ve got photos of some of the high-level building infrastructure. This is the heavy-duty, redundancy-everywhere stuff that keeps you up and running, guaranteed. If you’re interested, follow the link on each photo; there’s a little more detail on what you’re looking at. You can see most of the new floorspace and racks in the…

Read More

Unicorns and Rainbows

By | Technical | No Comments

Unicorns and rainbows are a serious matter for sysadmins and geeks in general. They represent a state of tranquility and nirvana. Microsoft aspires to let us all live in a wonderful happyland with rolling green hills and springs of crystal-clear water. ‘Tis a place where unicorns roam free and rainbows grace the horizon like technicolour halos. Of course, we’re not holding our breath, but we can dream of the day it arrives. http://cornify.com/

Read More