Steve Holdoway's blog
I was asked to build a small office server for a local web dev company a few weeks ago. Nothing extreme was needed, so I built up a debian lenny based server, with a couple of GB memory, and a pair of 1TB Western Digital WD10EARS disks in a softraid mirror. Simple, no brainer so I thought.
Not So! Disk performance was absolutely appalling... sustained under 1GB/sec even with a following wind, and the CPU constantly between 50 and 100% in wait io. After spending days looking at everything else...
- Installing backported kernels right up to 2.6.30
Good question. One of my clients got hit with a slowloris attack. This is a DDoS attach whereby the perp opens connections to the webserver and holds them open for as long as possible. Almost zero effort/traffic for them = big win for little outlay. What I'm configuring mod_qos to do is to shut down these connections by just dropping those doing very little.
I've got an external backup disk that I use for backup. As it's living in a primarily Microsoft desktop environment, it's formatted NTFS for easy retrieval in case of failure.
/dev/sdc1 /backup ntfs-3g defaults,nls=utf8,umask=007,noauto 0 2
/dev/sdc1 on /backup type fuseblk(rw,allow_other,default_permissions,blksize=4096)
Now I want to create a new directory ...
mkdir -p '/backup/Wednesday/user/projects/YEAR 10/01/06 Jan 2010'
It's often the case in a small or startup business that the person assigned to perform the general systems administration tasks is the unfortunate developer who asked about the backup strategy first. Whilst this seems like a really good idea at the time, there's a fundamental reason why it isn't.
Simply put, a developer has to be an optimist, always looking forward, seeing if new ideas work. These qualities in a sysadm can be rather dangerous. Risk-taking with the infrastructure is something that tends to shorten the life expectancy of many companies when their gamble doesn't pay off.
Not too long ago, I had one of the sites that I manage quite badly hacked. It turned out that the uploaded code for one of the hosted websites had already been compromised, so lesson 2) is most certainly to vet uploaded code much more thoroughly on initiation! However, I've now taken the approach that I'll run as crippled a version of PHP as I can get away with. In most cases, this means that you can modify php.ini to disable the following:
allow_url_fopen = Off allow_url_include = Off disable_functions = system, shell_exec, passthru, exec, \ popen, proc_open
So you've been happily running your workstation on Ubuntu, and you have need to dual boot into XP as well. For me, I needed to run some performance tests, and my 2001 Toshiba laptop just wasn't up to the task. When you built your workstation, you chose the default full disk install, so you've got
- /dev/sda1 OS
- /dev/sda2 Extended
- /dev/sda5 swap
Which makes things tedious, no easy way to install XP without a lot of fooling around.