It all started when Jodi told me she accidentally deleted a mail in her mailbox. I remember setting up her mail client on her powerbook as a pop account, and enabling her to permanently delete mail. I decided to see how l33t I really was, and went into her mail directory on the server. I decided to try to undelete the file, and used grep to search the partition. I read somewhere you could do this, so I decided to search the last 1.8MB on the partition for the phrase “jodibell.com.” Not a good idea. For some reason, or somehow, the command locked up all processes. I’m talking: ssh, httpd, ncftpd, EVERYTHING. There was no way to stop the command, and unfortunately, no way to reboot the server remotely. I waited for a while, but then got really worried. You know, that sinking feeling when you start to imagine the worst possible outcome: what if my server was really hosed up good and I lost everything? When was the last time I backed up? How much would I lose!?!?

Well, to make a long story short, I eventually called my dedicated hosting provider, Interland, who are great, BTW, and they simply rebooted the box. She was up within 20 minutes of the ordeal. Yes, there goes my 99.9% uptime, and my 180+ days of continuous uptime with no reboots, but alas, at least she’s up and back purring….

So, to answer the question of when the last time I backed up was - well, let’s just say it has been too long.

I started searching for some backup scripts or even a backup program, but then decided to build my own. I am using a script running daily/weekly (we’ll see how it goes) in the crontab that runs rsync on several directories, including the entire seebq.com virtual host directory, to synchronize with my linux server at home - the mythtv-server. I have heard that rsync-diff is the way to go, but I’ll try that some other time. I also grabbed the etc directory and then proceeded to whip out some mysqldumps (since my movabletype is storing data in a mysql DB) and rsynced those too.

I had some difficulty adding the ssh key so it would automatically trust my mythtv-server at home, but then found out about running processes under the ssh-agent - and fixed it.

So the gist of my script does:

rsync --delete --compress --archive --rsh=ssh $directory_to_backup
backupuser@$remote_host:backups/

And to get the mysql dumps, a quick:

mysqldump --opt -u $dbuser -p$dbpass $database >
/root/mysqlbackup/mysql_database.bak.dump

and then I rsync the mysqlbackup directory, after performing several mysqldumps on the various directories.

The hardest part is setting up the automatic ssh login. So - let’s just hope, like every good backup, that I never have to use it.

References:
http://rimuhosting.com/howto/rsyncbackup.jsp
http://www.cs.indiana.edu/Facilities/FAQ/Security/openssh.html
http://rimuhosting.com/howto/mysqlbackup.jsp

I gotta give a shout out to the PHP Users Group of Nashville for letting me crash their monthly meeting while in town. I gleaned some juicy tidbits about upcoming Zend Studio 4, and the whole Zend push. I suppose I had never thought Zend Studio being the “answer” to WebSphere, but I think that’s where they want to head. Zend does say pretty clearly on the web-site that they are “making PHP enterprise grade.” So, yup, that’s it, it’s over. Too commercial for me, too mainstream. PHP is so lastweek.com. I’m kidding. Sorta.

Today, there was a flurry of corporate memos e-mailed around, company-wide. For a software company, unfortunately, that means lots of excel spreadsheets of performance data and charts. Surprisingly, not a lot of powerpoint. A shame, really.

Jumping on the bandwagon, I decided to perform a little performance analysis myself, on myself. Here is part of the extensive research analysis:

SANS report reveals Shoutcast DNS Server has a security issue:

(2) HIGH: Nullsoft SHOUTcast Server Format String Vulnerability
Affected:
SHOUTcast version 1.9.4 and prior

Description: SHOUTcast Distributed Network Audio Server (DNAS) is a
popularly used free audio streaming server for Windows and UNIX
platforms. The server contains a format string vulnerability. The flaw
can be triggered by an HTTP request to access a media filename
containing format string characters such as “%x.mp3″, and exploited to
execute arbitrary code on the SHOUTcast server. Exploit code to leverage
this flaw on Linux SHOUTcast servers is publicly available.

Status: Vendor confirmed, upgrade to version 1.9.5.

Council Site Actions: The affected software is not in production or
widespread use, or is not officially supported at any of the council
sites. They reported that no action was necessary.

References:
Posting by Damian Put
Exploit Code
Vulnerability Discussion on SHOUTcast Mailing List
SHOUTcast DNAS Doc
SecurityFocus BID

So, my little shoutcast, which, has been running for, months, now, is due for a little restart. Gotta love these kind of statistics. Know any Windows servers that have been running for 163 days?

 12:49am  up 163 days, 21:12,  1 user,  load average: 0.25, 1.17, 1.54
110 processes: 106 sleeping, 4 running, 0 zombie, 0 stopped
CPU states:  0.1% user,  0.2% system,  0.0% nice,  0.1% idle
Mem:   514672K av,  503096K used,   11576K free,       0K shrd,   51364K buff
Swap: 1028148K av,  103308K used,  924840K free                  226448K cached
  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME COMMAND
15697 root      15   0 52152 3996   828 S    15.2  0.7 24072m sc_trans_linux
 5273 root      16   0  1068 1068   824 R     3.8  0.2   0:00 top
    1 root      15   0   472  436   412 S     0.0  0.0   0:08 init
    2 root      15   0     0    0     0 SW    0.0  0.0   0:00 keventd
    3 root      15   0     0    0     0 SW    0.0  0.0   0:00 kapmd
    4 root      34  19     0    0     0 SWN   0.0  0.0   0:00 ksoftirqd_CPU0
    5 root      15   0     0    0     0 SW    0.0  0.0   1:18 kswapd
    6 root      15   0     0    0     0 SW    0.0  0.0   0:00 bdflush
    7 root      15   0     0    0     0 SW    0.0  0.0   0:03 kupdated
    8 root      25   0     0    0     0 SW    0.0  0.0   0:00 mdrecoveryd
   12 root      15   0     0    0     0 SW    0.0  0.0  78:06 kjournald
  133 root      15   0     0    0     0 SW    0.0  0.0   0:00 kjournald
  475 root      16   0   548  512   472 S     0.0  0.0  31:14 syslogd
  480 root      15   0   432  372   372 S     0.0  0.0   0:00 klogd
  582 named     15   0  5152 4976  1644 S     0.0  0.9   0:00 named
  584 named     15   0  5152 4976  1644 S     0.0  0.9   0:00 named
  585 named     15   0  5152 4976  1644 S     0.0  0.9  15:38 named

I made some modifications to my mythtv setup - just some minor updates. The ease of the apt-get rpm packaging management system is amazing. In just a few simple commands, you can completely update your system. I’m now running the 2.6.9-1.11 kernel on the mythtv-server, the latest nvidia drivers (though, they’re licensed now, and thus “taint the kernel” by adding non-obtainable source binaries to an otherwise open-source linux system), the newest ivtv drivers (tv tuner card), and lircd (remote control drivers). I also finally setup both Hauppauge 350 tv tuner cards on the server, and went ahead and ran CAT6 cable (little overkill, I know) from the server to the backend, to replace this Wireless G bridge. Streaming video over Wireless was just too flaky. Needless to say, I’m watching Ghost in the Shell now on the projector on the wall in the bedroom, and it is absolutely flawless over ethernet! No skipping or stuttering at all!

I hacked free Internet at my hotel. Sure, I probably shouldn’t document it, in that I got something for free that is normally not, but it really was so easy that I think it deserves to be brought out into the open. If only they’d purchased a new security certificate (their’s expired), I would have gladly punched in my credit card to their totally unsecure site. Yeah right.

I simply saved the page locally, altered the form to post to the server and changed the cleverly named field for:

<input type=hidden name=billing_method_id value=1>
to:
<input type=hidden name=billing_method_id value=2>

Boom. Free.

I wonder what would happen if I started posting data to the creditcard.cgi -> or even better, just injected some sql to show databases, describe tables, then select * from all the stored credit-card #s. hmmmm….

Happy New Year! Every time the calendar rolls around, as much as you try to fight it - nostalgia hits you. Everyone tries to look back on the past and look forward to the future. I’m no different.

It’s been a long time for seebq.com. From the earliest days, back in 1999 when domains could only be bought from networksolutions.com at 75 bucks a pop, to the recent incarnation - a decent attempt at a blog and photo-gallery with random musings, projects, and well…. lots of junk.

Where to next? Well, the cool-guy in me doesn’t want this blog to turn into the next lj-like diary of a hipster, even though I really yearn to post every day about what I bought at the store today along with music lyrics and IM conversations. The hacker in me wants this blog to become uber-l33t, by installing lots of goodies like automatic spam-detection, mobile blogging tools, streaming radio stations, and open-source goodness while documenting for everyone, every step. And, the sappy-guy in me just wants to post pictures of my doggy, condo renovations, and my girl, Jodi.

Where will seebq.com go from here? Who knows….