Lots of proxy probing going on: CONNECT verb attacks
prince.org has been getting a ton of proxy-probing attacks lately… I see in the logs TONS of “CONNECT
Ah, there IS a way (after much futzing) to block CONNECTs explicitly. Done!
Archive for the tag 'princeorg'
Finally got the prince.org staff blog up and running
I’ve been trying in spare cycles here and there to deeply integrate a WordPress-based blog into prince.org, for the staff (myself and all the moderators) to be able to muse on new policies, changes, whatever. We have a forum for that currently in the message boards area but that’s not the most effective way to disseminate stuff, as a lot of folks don’t actually read that forum, and there’s nothing that calls out new posts there (or differentiates the moderator-authored ones from the general question/complaint posts).
It was an interesting coding experiment to dive into WP’s guts a bit and figure out how to do this properly. I like the final solution; essentially the latest WP code gets dropped into /blog/ on the site, and a custom theme and plugin are symlinked in when I deploy the site, from my codebase. I don’t need to change a single line of WP code, and I get integration with my own session management/user database/authentication, a completely custom look and feel, and a nice administrative panel. I think added a new homepage module (in the upper right) to help guide some traffic to it (since I think postings there are really relevant to all visitors), which was trivial since I have a standard methodology for that. Overall I really think it’s a big win, and for probably less than a total of 10 hours work, with about 25% of that being CSS (which I suck at).
If you want to see how it turned out, head on over and check it out: the prince.org staff blog.
Biting the bullet and upgrading to PHP5.1 on prince.org
Due to some other work I’ve been doing in PHP5, and wanting to host on the prince.org server, I finally decided to bite the bullet and upgrade the server’s PHP (for the sites). I had been dreading it, because I knew the eAccelerator wouldn’t work properly with the PHP 5.1 code, and I have my misgivings about APC, (even though we use it in production at Yahoo everywhere) but I desperately need the cache. Plus, the legacy “org” code was written in the PHP4.0 days, so you know there’s going to be issues… like all that wonderful “you really can’t return a reference here… now that’s an error, we used to ignore it (and sometimes segfault)” thing.
I did recompile it though and slam it up, along with building the APC (”pear install apc”, whoo hoo… except for the gotcha in the docs, if you can even find them… it’s an “extension” now not a “zend_extension”). I also built in both the mysql and mysqli stuff (old code uses my own large mysql wrapper class, new code uses ADODB with mysqli underneath for cursors, etc.) All went pretty
smoothly, once I hunted down and killed a rogue line in my php.ini.
I did have a couple places where I had to change the return values of functions to not be references, and now I’m getting a lot more undefined variable warnings (my code sets error_reporting(E_ALL), and apparently it’s stricter now), but basically all went pretty well. And so far, I think I actually like APC better than eAccelerator. I definitely like that some of the Yahoo extensions (for loading constants and storing arbitrary values in the cache) are now exposed. Yay Open Source, yay Yahoo.
So far, so good. Only thing left is to get a weird older version of the Pear class NNTP_Realtime working again (it went missing, after the PEAR install on PHP5, oddly). I need this for some of the Usenet interfacing code. But hey, that shouldn’t be too bad. Way to go PHP5!
MySQL woes
Got a call from Ubaldo, who is visiting family in Florida… prince.org is down, his site is down, the machine is hosed. I was in the car, driving back from a party down in Mountain View (with the baby screaming, he was hungry, and we were trying to hurry up and get home). I told him I’ll check it out as soon as I got upstairs, wondering what was causing this issue…
Well, it’s the second time mysql has crapped out in a bizarre, troubling way. It’s running, but all the threads are busy–up to the maximum (500 in my case). Can’t connect to it due to error “too many connections” or similar. Even on the local machine, as real and mysql user root, can’t consistently get an extended-status out of it. Finally I got a ‘mysqladmin shutdown’ to sort of work… although it seemed to hang. So I killed it, and noticed about half the threads had been killed… but still, can’t connect to mysql… the client apps all hang. Nothing interesting in the error log. Finally, out of desperation, do a killall -9 mysqld_safe ; killall -9 mysqld. That does it, but we all know things are going to be ugly. Try to restart mysql, it hangs. Reboot machine (I know, this shouldn’t matter). (And it doesn’t.) Sigh.
Start doing myisamchk’s. On several tables, it segfaults! Nice! Check mysql.com–looks like a bug in myisamchk has been fixed in later versions (I’m running 4.1.3). What the hell–download the latest RPMs (4.1.5) and install them. Myisamchk doesn’t segfault anymore! Repair all tables (including one with 2.1million forum posts with a fulltext index… fun!) Read a little on the web while I’m waiting for the myisamchk -r’s to finish… seems the unresponsiveness might be a result of the tables in the mysql db being corrupted… make sure to repair those (again–segfaulted on 1st try pre-upgrade). Restart mysql accidentially before finishing all repairs (don’t ask). It works though! Shut it down nicely this time. Copy all datafiles to another directory, so I can make a full backup offsite later. Restart mysql. Everything’s happy.
I do have a copy of the extended-status output while it was hung at first… will dig through there. One thing that seemed to stand out was the first thread listed said “delayed”. I have recently added one table that I do INSERT DELAYED’s into. I changed the code to not use delayed, we’ll see if that seems to help. This has happened twice in about 5 weeks now… we’ll see if another 5 weeks go by… of course it’s a newer version of mysql, too, so, anything could happen, good or bad.
Jackin’ for sites
with my sincerest apologies to Ice Cube and his classic “Jackin’ for beats”…
gimme that site, fool
it’s a full-time jack move
b-bside yo homie make that page load
and i’ll jack any typepad, yahoo
that’s the name of the suckas i’ma redo
ain’t got no busines model
but drop PHP, break ya off somethin’ proper
OK, so I’ve had a really hard time motivating myself to work on prince.org lately. There’s 34 open bugs/feature requests in bugzilla, and a few small things I just want to add. But for some reason, it’s tough to sit down and do it; maybe partly due to the heat in Barcelona now. Yeah, that’s it. Well, anyhow, I’ve been thinking what to do with some of my other domains, including princefans.org, I’ve been trying to come up with something, not just another portal/forum/?. I still enjoy that, but it’s 90% done how I envision it, in the org already. I wanted to clone Craigslist for Barcelona in EN/ES/CAT languages when I was moving here, but found out it was already done, and really well, at that. I thought of blogs, since I’ve toyed with them for so long (paid LiveJournal account for 2 years, then tried MT, b2, …) Honestly, typepad is the friendliest so far, which is what I need to encourage me to actually use it. And that it’s hosted is a plus, otherwise I’ll just tinker with the code and not blog. Many readers might consider that a plus, however 
One of the moderators (well, really ex-moderator) from prince.org IM’d me today about a thread she started discussing the “reputation” of the org. We chatted about how “out of control” it seems to be. I think this almost always happens, with “almost anything goes” forums. Adding more moderators (which I am going to do) will help, but anything with such a large, diverse group of people with varying opinions, will devolve into chaos. We’re not quite there, and I don’t think it’ll ever get to the point of total anarchy, but it’s worrying at least to her. To me less so, but she’s perhaps more in touch with the site contents than I am–I actually don’t read it too much. Point is, I think this is endemic to large communities built with the “message forum” paradigm. I believe the blog paradigm for communities has inbuilt limits to this destabilizing effect, and I’m really interested in investigating it further.
In short, I am excited about the prospect of providing a typepad-like site, for Prince fans (because that’s the group I have access to, and a suitable domain doing nothing, and a lot of creative energy in those folks). I’m certainly not aiming to steal TypePad’s business, or make something nearly as involved. A simple experiment in community-building via blogs. There are some technical challenges that are vaguely interesting, too. Not sure whether I’ll make another blog for that project, or comment here, or even do anything. Hopefully the good people of typepad won’t mind me jackin’ some of their ideas. If someone gets really into it, I’ll just push the user toward them anyhow, I think.
Vaguely related anecdote: my wife (when she was my girlfriend) met Ice Cube, when he was just blowing up. His first solo CD was out, and it was the bomb. I played it to death, and he was in town for a show. My wife was walking in midtown (New Center area) with a distant cousin, and ran into him. She actually got his autograph for me on a napkin. It says “To Ben–stay up! Ice Cube”. I think I even have it, still, packed away somewhere. Funny. I’m glad to see his career longevity, seems like a really smart guy.