Domain: sesse.net
Stories and comments across the archive that link to sesse.net.
Comments · 8
-
Re:Turn off SuExec (and fix your file permissions)
Thanks for the advice.
The purpose of KernelCare is that they splice security patches into the kernel while it's running. That is what I was referring to in regards to not having to worry about security patches, and to further explain, I meant I don't have to worry about rebooting (and thus causing down time) after applying kernel security patches.
I'm well aware of the problems with suExec and suPHP (and suHosin, etc).
I used mod_ruid2 up until they finally incorporated support for ITK. This specific server only handles about 20 clients. This allows each account to have permissions of 0600, and with suexec and friends never having been enabled this is about as tight as you can get in terms of filesystem permissions.
Everyone else is in their own KVM virtual server, set up specifically for their requirements, based on Funtoo.
I'm not new to this, and resisted cPanel for a long time. This specific server was only set up in 2014.
Cheers.
-
Existing tools?
-
PHP is the worst (but not really)
I say this as a long time PHP developer. I've fiddled with other scripting languages (Python, NodeJS, Java/Tomcat), and I just find they are not very well suited for a web environment, so I always come right back to PHP.
The problem is actually a few different things, not necessarily related to PHP itself:
- Outdated installations are everywhere
- Outdated and very poorly written Tutorials are even more prevalent
- Lack of general understanding of security is a problem not relevant to any programming languageMany of the security problems with PHP have been addressed long ago when the initial release of PHP 5 came out, and a few more since then.
When interfacing with a Database, developers are now using PDO or a mechanism provided by their framework (usually built on top of PDO). This in and of itself has completely eliminated SQL injection attacks. The problems still cropping up are legacy applications that haven't been updated. Many of these can partially be attributed to outdated PHP installations.
The majority of web hosts run cPanel. cPanel has been making big changes to their product. A few things they have done recently:
- Dropped support for old PHP versions (oldest supported is now PHP 5.4)
- Shifting to a binary package system (via yum repository) for PHP/Apache with safer default configs; previously it was up to the Admin to compile, install, and configure, also supports automatic updates
- Included a mechanism in Apache to configure/utilize multiple PHP versions on a per-user, per-directory basis
- Included support for Apache MPM-ITK; allows each virtualhost to be run as a specific UID:GID instead of all sites running under the same UID, greatly increasing per-account security so long as each accounts file permissions are secure. -
Re:Pictures from last year
Ah.. Nothing like Geek S&M pornshot in the morning.
-
Re:World's biggest computer party, eh?
What is a computer party anyway?
LAN" vs. "computer party -
Pictures from last year
A lot of pictures from The Gathering last year.
-
Photos from Gathering 2002
Here are some photos from The Gathering 2002.
Of course, this guy put sooooo many thumbnails on this one page that Slashdot will likely kill this after five seconds. -
Not a LAN-Party
Sorry people, neither Dreamhack Winter or The Gathering is a "LAN-Party" (Dreamhack Summer is). Both parties were started as demoparties, and have evolved to computer parties. The focus was in the beginning 100% on demoscene - coding, graphics, music, drinking beer, having fun and getting to know people. Now, both events have become an in-between mix, called a Computer Party. See here for an in-detail comparison. The main idea is NOT to bring your computer and play computer games. The main idea is to come, meet people from all over Europe (especially at The Gathering), get new friends, etc. Hopefully you will also learn something new - programming, graphics, music, etc.. and relax. Many people live very far apart (this is Norway and Sweden...), and only see eachother at these events.