24 May 2008

RPMs on a tight filesystem

I've ended up managing a couple of CentOS servers which don't have much free space left on their root (/) filesystems. I was looking through their lists of installed packages, and I discovered a useful trick. The following command will give the size (in bytes) of the original RPM of an installed package:
rpm -q --qf '%{archivesize}\n' pkgname

So if you needed a report indicating roughly how much filesystem space each installed package on an RPM-based distribution was consuming, you could try this:
rpm -qa --qf '%{archivesize} %{name}\n' | sort -rn

When I did this on a CentOS4 box with a full install, I was rather unsurprised to find that the top offender is the OpenOffice.org internationalization package openoffice.org-i18n.

21 May 2008

Hard Time

From the AP news wire:

Lou Pearlman, the man who created the Backstreet Boys and 'N Sync, was sentenced Wednesday to 25 years in federal prison for engineering a decades-long scam that bilked thousands of investors out of their life savings.

Well, at least he's going to jail, even if it may be for the wrong reason.

And I willfully acknowledge the irony of tagging this post with the 'music' label.

19 May 2008

root ssh access trick

Free Software Daily had an interesting post the other day about securing SSH services (that post points to a Tux Training article). This particular tutorial included a configuration item I hadn't seen before. It's a configuration value for the PermitRootLogin field.

If I'm running an SSH service which is visible to the Internet (or even a large intranet), I tend to disable PermitRootLogin (PermitRootLogin no), because the script kiddies can be reasonably sure that an SSH service will have a user called root, and if they try hard enough, they might get lucky with the password.

(I'm also a big fan of the AllowUsers option, which allows you to provide a list of users allowed to log in via ssh. If a valid user not on that list tries to log on, ssh acts as though the user has provided the wrong password.)

The new (new to me, anyway) trick in this tutorial is setting PermitRootLogin without-password. This allows root to log in with a key, but not with a password. This is a really good compromise if you have a server where you need root to be able to log in over ssh. Backups over rsync are a good example of this: to preserve file ownership and permissions, it's sometimes necessary to have rsync run as root.

18 May 2008

Bletchley Park financial problems

A recent Slashdot post talks about financial problems at Bletchley Park. Bletchley Park was home and workplace to Allied cryptographers in WWII. Some say that their success at deciphering German Enigma messages was responsible for the Allied victory against the Nazis. At the very least, their efforts probably significantly shorted the war (in the European theatre, anyway).

It's sad to me to see such an important historical site threatened. They'd probably turn it into condos and shopping centers.

16 May 2008


The other day Film School Rejects (great blog, with a great podcast) has a post about a flickr set of lunchpails. Reminded me of a Hong Kong Phooey lunchpail I used to have.

10 May 2008

problem w/ PHPUnit reports on CentOS5/RHEL5

Yesterday I was trying PHPDocumentor and was going through its Quickstart guide. After I ran phpdoc on the sample code, I threw the reports in my CentOS5 Apache document root so that I could look at the output. Several of the pages wouldn't load. After a quick look at the Apache error log, I saw that those pages were generating PHP errors (the T_STRING gripe), even though the files were named something like sample.php.html.

(CentOS5 and RHEL5 have Apace v2.2.x.)

It took me a while to figure it out, but it's due to an odd feature of Apache which honors multiple extensions in filename. RHEL5 does an AddHandler php5-script .php which tells Apache to run all files with a .php extension through the PHP5 interpreter. I didn't know this, but it even does this for files with names like sample.php.html, where .php isn't at the end of the filename. So even though the phpdoc output files should just render as HTML, they were being interpretted as PHP and were throwing errors.

So I created a directory called /var/www/html/phpdoc and added the following to /etc/httpd/conf.d/php.conf in a Directory container (and restarted Apache): RemoveHandler .php

That convinced Apache not to run any files in that directory through the PHP5 interpreter. Incidentally, I had previously tried SetHandler default-handler for that directory, and it disabled PHP5, but it also disabled nice things like autoindexing (which broke URLs like http://localhost/phpdoc/sample/: Apache would refuse to serve a directory).

By the way, this doesn't seem to affect CentOS4/RHEL4 (Apache 2.0.x and PHP4), because Apache sets up PHP a little differently: it does an AddType, so there's no conflict of having both a text/html content type and a PHP5 handler.

08 May 2008


Today digg had a story highlighting a topless robot post offering
The 11 Best Songs from Geek-Movie Soundtracks. Most of the 11 songs didn't really do it for me, but one of them was Prince's Batdance from Batman. I probably hadn't seen that in fifteen years, and it was fun watching it again.

07 May 2008

Satellite imagery of post-cyclone Myanmar

Estimates of the death toll in Myanmar have gone up and up over the last few days, and a Dot Earth post showing satellite images before and after the cyclone illustrate why.

06 May 2008

"Star Trek: The Experience" maybe closing

I went to Las Vegas with friends a few years ago, and one of the things we did was to check out Star Trek: The Experience at the Vegas Hilton. It's expensive, but you can walk through a museum which has props from the shows and a timeline of the Star Trek universe, there's a bar modeled after Quark's in DS9, and there are two rides: The Borg Invation 4D and Klingon Encounter. I actually didn't much care for the Borg show, the the Klingon ride was pretty cool. Walking through the museum was fun, and Quark's was a kick. There's also a good gift shop that'll be happy to overcharge you for souvenirs.

Looks like they may be shutting the thing down. So if you're in Vegas before September, and if you like Star Trek (and are OK with throwing away some cash), go check it out while you still can.

05 May 2008

MySQL query optimization from Jay Pipes

Jay Pipes has posted slides from a recent presentation in which he discussed query optimization in MySQL. Pretty good pointers, worth a look.