More Zonkyness

OpenSolaris, and mod_security2

Jan 072010

For various reasons I have decided that I need to install mod_security2 on my personal web server. This is a Solaris zone running on an OpenSolaris global zone with various bits of software provisioned by OpenCSW. Unfortunately (or fortunately at least from the point of view that I get to do something interesting), mod_security2 is not something provided by OpenCSW.

For even more various reasons, I decided to “formalise” my notes on building, installing, and configuring mod_security2.

Before attempting to build mod_security2, it is important to have a functional build environment. This includes :-

Installing the apache2_devel package from OpenCSW (pkg-get -i apache2_devel)
Installing the gcc3 package from OpenCSW
Installing the following OpenSolaris packages (pkg install XXX) :- SUNWhea, SUNWarc, SUNWbtool
Installing the SunStudio package from Sun. It may be possible that gcc3 is not necessary with this installed, but I ended up with both so advise you too as well. In addition to installing it in the standard location (/opt/SUNWspro) it is also necessary to create a symlink in the place where the OpenCSW developer placed his/her copy of SunStudio :- mkdir -p /opt/studio/SOS11; ln -s /opt/SUNWspro /opt/studio/SOS11/SUNWspro

The next step is to setup a shell environment appropriate to configuring and compiling mod_studio2 :-

export PATH=$PATH:/opt/SUNWspro/bin
export PATH=$PATH:/opt/csw/bin
export PATH=$PATH:/usr/ccs/bin
export PATH=$PATH:/opt/csw/gcc3/bin
export CC=gcc

(The above presumes the use of a shell that understands the above syntax)

The next step is to unpack the module source code, and configure it :-

cd /var/tmp
gunzip -c modsecurity-apache_2.5.11.tar.gz | tar xvf -
cd modsecurity-apache_2.5.11
cd apache2
./configure --with-apxs=/opt/csw/apache2/sbin/apxs \
   --with-pcre=/opt/csw \
   --with-apr=/opt/csw/apache2 \
   --with-apu=/opt/csw/apache2//bin/apu-config

That should successfully general a Makefile. Edit this makefile and remove all references to “-Wall” (for APSX_EXTRA_CFLAGS, also remove the proceeding “-Wc,”). This is because modules will compile with SunStudio’s compiler no matter what we try to do to stop it, and SunStudio does not understand “-Wall”.

Now finally you can compile the software :-

make
sudo make install

Now we are at the point where we can start configuring mod_security2.

In the main httpd.conf file, add the following two directives somewhere appropriate (i.e. close to the other “LoadModule” directives) :-

LoadFile /opt/csw/lib/libxml2.so
#   Check that this library is installed!
LoadModule unique_id_module libexec/mod_unique_id.so
#   This will be already in the file but may be commented out
LoadModule security2_module libexec/mod_security2.so
#   And this is the one we're interested in.

At this point, try a graceful restart (/opt/csw/apache2/sbin/apachectl graceful) to be sure that the relevant code loads. Now onto enabling the module and configuring it with the “Core Rule Set” …

First copy the rules subdirectory to an appropriate place and fix the permissions :-

cp -rp rules /opt/csw/apache2/etc/modsecurity
chown -R root:root /opt/csw/apache2/etc/modsecurity
chmod -R o+r /opt/csw/apache2/etc/modsecurity
find /opt/csw/apache2/etc/modsecurity -type d -exec chmod o+x {} \;

In the file modsecurity/modsecurity_crs_10_global_config.conf, change SecDataDir to /var/tmp.

In the file modsecurity/modsecurity_crs_10_config.conf :-

Change SecAudditLog to var/log/modsec_audit.log
Change SecDebugLog to var/log/modsec_debug.log

Now add the following to httpd.conf :-

Include etc/modsecurity/modsecurity_crs_10_global_config.conf
Include etc/modsecurity/modsecurity_crs_10_config.conf
Include etc/modsecurity/base_rules/*conf

And gracefully restart Apache.

At this point, mod_security2 is running and blocking stuff, but has not been finely “tweaked” to the local applications – at the very least it partially breaks WordPress, and may well break other applications.

The Big Snow Reaches Portsmouth

General No Responses »

Jan 062010

So last night we had a huge whoomph, and this big pile of snow landed on Portsmouth (and many other areas of Southern England) last night. With something like 7cm of snow in Portsmouth this is probably the hardest hit Portsmouth has been since before I started living here. In fact I don’t recall many times the snow being this heavy anywhere (except in the US).

Of course other areas were even harder hit with up to 30cm is snow in places around the South. This has caused traffic chaos with people trapped in cars for up to 12 hours not too many miles from here, and at work this morning most drivers did not arrive. As the snow was continuing to fall heavily, work rather quickly decided to shut for the day and send us all home. Some of us continued to work from home 😐

Some of the thoughts that occurred as various reactions to the adverse weather set in …

Northerners keep criticising Southerners for being wimps when it comes to weather. Well this time the reaction was particularly irritating. The previous day the North also caught some heavy snow, but considerably less that the South got (yes some places in the North got more – places that get snow almost every day in the winter). Did Southerners start criticising when the North ground to a halt ? No we didn’t. It’s about time that Northerners stopped talking about soft Southerners when the weather we got yesterday and today was severe enough to cause the North to grind to a halt.

Businesses of course were whinging about all the money they will lose because of the bad weather – the lost production because of workers being unable to turn up, shoppers not diving in to spend money, etc. Well grow up, and live with it. Nature can’t be beaten, and there are more important things than making money – staying safe and avoiding fatal accidents in bad weather for one.

People are complaining about the council gritting operations being unable to keep the roads open and safe. They obviously don’t understand exactly how the “grit” works. In fact the grit is in fact rock salt and the salt helps to melt a limited amount of ice or snow. That is why gritters repeatedly grit roads when things get bad. What with abandoned cars getting in the way of gritters and the need to repeatedly grit roads, the number of roads that get effectively gritted goes down. Gritting cannot keep roads open in these kind of conditions.

I would say that drivers need to be a little more careful and a little more considerate of other road users, except that it is really the idiot car drivers who need to do that. It is just that the idiots are more prominent in these kinds of conditions. Some advice :-

If you don’t know how to drive in snow, don’t try.
Drive slowly … there is too great a chance of you sliding uncontrollably. I don’t care if you bend your nice shiny car, but I don’t particularly want to be smeared across the pavement at the end of your skid.
When clearing the snow off your windscreen, do the same for the rest of the car. All that snow will often leap off the car as you are moving along and the dropped snow will make things tricky for anyone else around. That is if it doesn’t hit anyone!

Lastly, whilst I have every sympathy for anyone who slips and falls in the present conditions there are some who wear entirely inappropriate footwear for the conditions. Wearing flat bottomed shoes with no grip and then complaining about how slippery things are just isn’t right.

Film Review: Lesbian Vampire Killers (and watching films on an iPhone)

Film, iPhone No Responses »

Jan 012010

So O2 is giving away free downloads for the 12 days of Christmas (or something like that) and have just given away a free copy of the film “Lesbian Spank Inferno” … sorry I mean “Lesbian Vampire Killers“. Well as it was free, I decided to give it a go …

The first thing to note is that watching films on an iPhone is a pretty bad idea. Ok, it is portable and probably isn’t too bad for watching an old film that you are familiar with for entertainment on the move (although reading a book is probably better). The screen is just too small.

As for the film itself, well you will have to turn off your “PC filters” before watching – the title itself and the first few minutes reveal a misogynistic fear of lesbians (the writers seem to be under the impression that lesbians are that way through a hatred of men!).

After you turn off these filters, what do you get ? Well two principle characters who are pretty repulsive – one pathetic type whose girlfriend is routinely unfaithful (and with good reason), and another who is even more pathetic and unsurprisingly has no girlfriend.

These two pathetic losers journey to a village under an ancient curse whereby all 18 year old women suddenly turn into lesbian vampires (surely a contradiction in terms). They meet up with an unlikely bunch of history students – all female and all with a predilection for wearing low-cut tops. At which point the “story” (if it can be called such) progresses through an unlikely series of events until our two “heros” with a surviving love interest manage to defeat the lesbian vampire queen.

It isn’t good porn (whatever that is).

It isn’t comedy. And no I’m not being superior – I like simplistic “Carry On” style smutty comedy.

It isn’t a good vampire story. It doesn’t even have much of a story.

All in all, a complete waste of time. One of those “freebies” that cost too much.

Don’t bother.

Chinese Government Kill The English Madman

Politics No Responses »

Dec 292009

(With apologies to the relatives of Akmal Shaikh – I’m using somewhat impolite terms for mental illness)

The Chinese government has just executed an Englishman for drug smuggling despite the fact that he was plainly more than a little unhinged. Even ignoring the fact that executions are a barbaric way of dealing with criminals, not taking into account someone’s mental health is positively medieval.

Well it would be except that medieval societies may well have been a trifle more understanding of those with mental health issues than the Chinese authorities have been.

The Chinese authorities are claiming that there are no reports indicating that Akmal has mental health issues, but it doesn’t take a report to know that he’s a bit of a fruitcase. And if there has not been a mental health assessment it is fully the responsibility of the Chinese authorities that there hasn’t been one!

Apparently the Chinese authorities are annoyed that people are criticising them for executing Akmal. They claim we have no right to criticise them! Well it’s not about whether we have the right to criticise them but about whether we find the behaviour of the Chinese authorities repugnant.

The Future Of Printed Newspapers

Computing, Media No Responses »

Dec 282009

There seems to be an impression amongst fans of digital media that printed newspapers are on the slow decline on the way to oblivion, and they could well be right. Without some radical changes, printed newspapers could be going the way of the town crier – around only as a historical oddity.

But what about radical change ? There are certainly possibilities there. The key is to look at the weaknesses of digital news :-

Authority. Whilst some digital media news sources have some credibility, much of the time when you bump across some random blogger (like me!), you will have no idea on how credible they are – do they know what they are talking about ? I certainly don’t!
Location. There are zillions (well a large number anyway) of places you can find digital news and it can take time to look for the news you are interested in. That is fine for a number of specialised areas – for instance my job includes an unwritten requirement to keep up to speed with what is happening in the IT industry, so I’ll spend a few hours a week searching. But for something less important to me – such as general European news, I’ll pass.
Photography. Funnily enough given the quality of photo printing in most newspapers, this actually a weakness of digital news – whilst they all do photographs, they don’t do them well. Some of the most dramatic moments in history have had their stories told in newspapers with just a photo printed large. This does not happen often, but when it does it is a very powerful way of telling a news story (or starting off the story).
You can’t read digital media in the bath. In the past, Sundays would often include a period of an hour or two sitting quietly reading the newspaper; whilst we can do that on the computer screen, this is rarely as relaxing as reading in the bath, at a quiet spot in the garden (or the local park), etc.

But what are the weaknesses of the printed newspaper ? Here we also have many :-

You pay for the whole paper. Out of an ordinary newspaper, I am probably interested in at most 50% of it, and it seems rather irritating paying for that sports journalist who puts in some long story about a hockey tournament that I have never heard of, do not care about, and will not take the time to read even if you pay me for it. On the other hand, I might be interested in some random articles on things I would otherwise not read – for instance I am completely uninterested in car reviews, but there has been a recent review of a car “made” by Top Gear that I wouldn’t mind reading (for humour if nothing else).
If you are lucky the newspaper you buy was put together by an editor whose interests closely match your own. Far more likely however is that there are news stories that did not get in (because you have “oddball” interests) because they are not seen as popular. I want to see news stories on what is happening in Europe, and local interest stories for Portsmouth, Winchester, Bangkok, and Sangüesa – a rather eclectic set of locations it may seem, but what they really are is individual.
The quality of news photograph prints needs to be improved on. If you can print fashion photographs in a supplement properly why cannot the news stories also be printed properly ? Maybe that would cost more but I for one would be willing to pay extra for it.
Some people want a daily newspaper and some want a weekly one. Actually some of us probably want a newspaper on some Sundays.

What we are looking at here is a newspaper suited to the individual requirements. Conventional newspaper printing and distribution won’t cope with that, but that does not mean it is impossible to provide. After all we have printing on demand for books, so why not newspapers ?

What I envisage is a web site where you start off by choosing something very conventional … “I want a copy of the Sunday Times delivered every Sunday”. From this unpromising start (and a start that is probably more expensive than the current way of getting the Sunday Times), you can add customisations :-

Print on quality paper for extra cost.
Remove any articles relating to Sport.
Add articles relating to this set of locations.
Add articles relating to IT, astrophysics, and archaeology.
Reset the formatting to use body text font as “Liberation Serif” at 12 points, headlines as “Verdana” at 14 points, and make the pages four columns wide.

From there, you could add additional customisations to the point where the newspaper has little or no relation to the real world “Sunday Times”. Whilst the default preference would be to pay for a printed copy, you could opt for downloading a PDF (or any other suitable eBook format) at a cheaper cost if you wished.

I am sure that if some newspaper magnate were to read this, they would think “hell no, that’s just too expensive” or some other reason for not doing it. That is probably more an indication that their imagination is too limited.

Older Entries Newer Entries