Red Hat Enterprise Linux 4 Security Report
By Jon Jensen
June 5, 2007
Mark Cox, director of the Red Hat Security Reponse Team, has published a security report of the first two years of Red Hat Enterprise Linux 4, which was released in February 2005. He discusses the vulnerabilities, threats, time to release of updates, and mitigation techniques the operating system uses.
It is interesting to note that the vast majority of security vulnerabilities affected software not used on servers: The Mozilla browser/email suite, Gaim instant messenger, xpdf, etc. Some of the server vulnerabilities would require certain user input to be exploited, such as running Links or Lynx, calling libtiff, or running a malicious binary. Others require less common setups such as Perl’s suidperl or Bluetooth drivers, or local shell access.
Nothing is completely secure, but Red Hat Enterprise Linux, configured well and kept updated, has a very good track record so far.
redhat linux
Evangelizing Test-Driven Development
By Ethan Rowe
June 2, 2007
I read Practices of an Agile Developer shortly after it was published, and I got pretty fired up about many ideas in it, with particular interest in test-driven development. From that point I did progressively more with testing in my day-to-day work, but everything changed for me once I went all-out and literally employed “test-driven development” for a minor project where I once wouldn’t have worried about testing at all.
If you’re not familiar with the principle, it basically boils down to this: When you are developing something, write the tests first.
I originally greeted this idea with skepticism, or viewed it as unrealistic. It also struck me as overkill for small projects. However, as I’ve been writing more tests, and finally came around to writing tests first, it’s really demonstrated its value to me. I’ll list an abstract set of benefits, and then provide a hopefully-not-too-tedious example.
Benefits
1. Cleaner interfaces
In order to test something, you test its interfaces. Which means you think through how the interface would really need to work from the user’s perspective. Of course, one should always plan a clean interface, …
testing perl
USPS changes the Web Tools Rate Calculator API
By Dan Collis-Puro
May 14, 2007
End Point offers integration with online shipping APIs to provide “live lookups” of rates.
Advantages of “live lookups”:
- Current rates
- Includes additional costs such as fuel surcharges
- No manual maintenance of rate tables
Disadvantages of “live lookups”:
- Dependent on the availability and performance of the rate service
- Planning, programming and rolling out API changes
CH CH CH CH CHANGES!
Speaking of changes, the USPS has changed shipping rates as of May 14, 2007 (non-tech-friendly details here). The changes include updates to rates, package attributes and shipping methods. These changes impact the XML-based Web Tools Rate Calculator, in some cases breaking lookups altogether. As of press time, the USPS hasn’t documented the changes to the API. Broken lookups appear to be confined mostly to international shipping.
Many of the changes represent a simplification and restructuring of international shipping methods, detailed here. This tweaking of international shipping methods is definitely an improvement — there were too many confusing options before. Unfortunately, these tweaks aren’t backwards compatible — meaning nearly all …
ecommerce shipping api
Creating a PL/Perl RPM linked against a custom Perl build
By Jon Jensen
March 7, 2007
We sometimes have to install a custom Perl build without thread support, and to have some specific versions of CPAN modules, and we don’t want to affect the standard distribution Perl that lives in /usr/bin/perl and /usr/lib/perl5. We use standard PGDG RPMs to install PostgreSQL. We also like PL/Perl, and want PL/Perl to link against our custom Perl build.
It’s easy to achieve this with a small patch to the source RPM spec file:
--- postgresql-8.2.spec.before 2007-02-15 11:52:53.000000000 -0700
+++ postgresql-8.2.spec 2007-02-15 12:02:35.000000000 -0700
@@ -306,6 +306,7 @@
%endif
%if %plperl
--with-perl \
+ --with-libraries=/usr/local/lib/perl5/5.8.7/i386-linux/CORE/libperl.so \
%endif
%if %plpython
--with-python \After applying that patch (adjusted for your own custom Perl build, of course), rebuild the RPM, and install the postgresql-plperl (as of PostgreSQL 8.2) or postgresql-pl (8.1 and earlier) RPM. With a service postgresql restart, you’re ready to go.
postgres sysadmin perl
New edition of The Book of JavaScript reviewed
By Jeff Boes
February 21, 2007
The Book of JavaScript (2nd edition) is a new and comprehensive introduction to the JavaScript language presented in an entertaining, practical format. I have significant practical experience with JavaScript, so I do not consider myself in the target audience for this book; however, I still found much of it useful so it will remain as a valuable reference on my bookshelf.
My full review of the book was just published at OS News.
books javascript
Interchange 5.4.2 released
By Jon Jensen
February 7, 2007
Today a new version on the Interchange 5.4 stable branch was released. This was primarily a bugfix release, as documented in the release notes summary.
interchange
Greg Sabino Mullane’s PostgreSQL tips and how-to articles
By Jon Jensen
January 15, 2007
End Point engineer Greg Sabino Mullane is a prolific writer of PostgreSQL tips, suggestions, and how-to articles in his Planet PostgreSQL blog. Some posts involve emergency procedures to diagnose and fix an ailing database, while others are helpful recipes developers can use. The strengths and weaknesses of various approaches are compared, and there are lots of neat things to learn along the way.
Here’s my list of favorites from those Greg has posted since last March, in reverse chronological order:
- Turning a table into a queue
- Reindexing the PostgreSQL system tables
- Viewing nearby rows
- Finding multi-column keys
- In-database email address validation without reinventing the wheel
- Making a copy of a unique row
- Finding the median of a table using PL/Perl
- Finding the value closest to the average using PL/Perl
- Getting random rows from a database table
- Scripting with psql
- The million table challenge
Enjoy!
database postgres tips
Hardware Monitoring with Nagios on OpenBSD
By Jon Jensen
January 4, 2007
At End Point we use Nagios and its remote client, NRPE, to monitor servers we manage and alert us to any problems. Aside from the usual monitoring of remote accessibility of services such as a website, database, SSH, etc., it’s very helpful to have monitoring of memory usage, disk space, number of processes, and CPU load.
In this detailed article Dan Collis-Puro shows how to go even further and monitor the CPU and case temperature, and fan speeds, to alert administrators to hardware failures so they can be remedied before they become catastrophic.
networking monitoring openbsd