For those more distracted, please read it again

*HP-sponsored open source projects:*
Many HP-sponsored open source projects have been released to the community including, most recently, Seagull, a multi-protocol traffic generator test tool; Lipi Toolkit, for online handwriting recognition; and Mondorescue, a GPL disaster recovery solution for Linux *and FreeBSD.*

All news are fantastic, but this one is JUST GREAT!!

“Jail Resource Limits”:http://wikitest.freebsd.org/JailResourceLimits

URL: http://wikitest.freebsd.org/JailResourceLimits

Contact: Chris Jones
Contact: Kip Macy

We now have support for limiting CPU and memory use in jails. This allows fairer sharing of a systems’ resources between divergent uses by preventing one jail from monopolizing the available memory and CPU time, if other users and jails have processes to run.

The code is currently available as patches against RELENG_6, and Chris is in the process of applying it to -CURRENT. More details can be found at JailResourceLimits on the wiki.
Open tasks:

1. Port patches against -CURRENT.

You can read the complete Report at: “FreeBSD.org”:http://www.freebsd.org/news/status/report-june-2006-oct-2006.html

*My life is “running” near lightspeed!!*

Once again, apart of my daily job at “log”:http://log.pt as SysAdmin/Open Source Consultant and all work/stress I get from that, I have some side projects like:

# “the fresh new one” “Portuguese Ruby Brigade”:http://ruby-pt.org that will open it’s doors in about 15 days.
# “Viana Perl Mongers”:http://viana.pm.org, which we will start very soon some Perl related translations to Portuguese.
# “NPF”:http://npf.pt.freebsd.org, with very shy members but YES it’s alive too

and now … if you think this is great or is just a matter of Time Management, get ready because I am starting a course in Systems Information at night !!!

Wish me luck !!

Hey that’s me … from 7:30am to 23:30pm. So *if I take too much replying some mail please be patient*

As you can read in “*Bug Guide*”:http://bugguide.net/node/view/73847 , nature has “created” a six legs spider too!

“…it really seems to have been born with six legs… it walks quite naturally with them, and splays them symmetrically. From the bottom view, buds are evident in front of its “front” legs, but is it possible this could be a 6-legged species or mutant with vestigal front leg buds? If not, how could it have lost its two front legs so cleanly?..”

“…You will find two small appendages that resemble little legs (they aren’t legs though). These appendages are called pedipalps, and are used for sensing their immediate environment, for assisting with eating, and for males, reproduction (specifically sperm deposition).

If you look at the pedipalps, and they resemble boxing gloves (the tips of the pedipalps are swollen), this is an adult male. This is an example of an adult male (Agelenopsis grass spider):…”

_Did I already said *I have arachnophobia*_ !

“Nicole Fritz”:http://nicole.planetargon.us/ at “*PLANET ARGON*”:http://www.planetargon.com as posted about “What Does the Office Manager Really Do?”:http://nicole.planetargon.us/articles/2006/10/10/public-transportation-benefits-everyone

As you might guest, I am not a PostGateway to spread news world wide !

I just think this is a great example to follow!

“…When I started to look into how PA could assist its employees with the cost of public transit, which like most big cities is pretty expensive (yet not as expensive as a parking spot!), I found that the state of Oregon offers some pretty cool incentives. Also, although it’s little advertised, the feds offer up a tax break as well transit passes. So having a transit program benefits everyone: employees, businesses, the transit company, our non-public-transit fellow citizens sitting in traffic jams, and Mother Nature as well…”

Great job Nicole!

*Cool!*

“The State of Web Development: PHP developers most likely to switch to Rails”:http://www.sitepoint.com/blogs/2006/10/09/php-developers-most-likely-to-switch-to-rails

“Buy the Complete Report”:http://www.sitepoint.com/reports/reportwebsurvey2006/

Only two things are infinite, the universe and human stupidity, and I’m not sure about the former.

_Albert Einstein (1879 – 1955)_

“*Pound*”:http://www.apsis.ch/pound/ is a “*reverse proxy*”:http://en.wikipedia.org/wiki/Reverse_proxy, “*load balancer*”:http://en.wikipedia.org/wiki/Load_balancer and HTTPS front-end for
Web server(s).

I use this reverse proxy to pass all HTTP requests from the web to it’s refering backend HTTP server.

Well, about the post!

Last week after updating all my reverse proxys (yes I have a bunch of them ) I have noticed that *the configuration syntax has changed without any alert*! Dam it!

It is known as “best practices” under “*FreeBSD*”:http://www.freebsd.org, to write this kind of stuff/alerts under */usr/ports/UPDATING* for everybody to read before updating anything! But … the Pound’s port maintainer didn’t followed this “rule”!

Let’s take a look to it’s config right now.

1) Updating Pound!

% portupgrade pound

This simple step to upgrade pound will work just fine if you have “*sysutils/portupgrade*”:http://www.freebsd.org/cgi/url.cgi?ports/sysutils/portupgrade/pkg-descr installed. To install it just run:

% cd /usr/ports/sysutils/portupgrade ; make install clean

Now lets continue with pound.

The rc.d script under FreeBSD lives in */usr/local/etc/rc.d/pound* and this is just fine!

The config file is placed in */usr/local/etc/pound.cfg*

2) Backing up “things”

% cd /usr/local/etc
% mv pound.cfg pound.cfg_oldconfig

3) Now use your editor of choice and …

% vim pound.cfg

And take a look to my pound configuration file

#
Alive 20
LogLevel 4

ListenHTTP
Address 192.168.1.15
Port 80

Service
HeadRequire “Host: . * www . sufixo . com . * ”
BackEnd
Address 192.168.1.17
Port 80
End
End

Service
HeadRequire “Host: . * . sufixo . com . * ”
BackEnd
Address 192.168.1.17
Port 80
End
End

End

+*ALERT*: In the HeadRequire flag, REMOVE all spaces after the “host:+

And thats all folks bye! … hey *don’t forget to restar your Pound*

% /usr/local/etc/rc.d/pound restart

If is the very first time you install Pound, please don’t forget to “inform the system you want it to be started at boot time.

% echo pound_enable=”YES” > /etc/rc.conf.local

and now it’s all bye once again!

To secure a server or desktop it’s not just a matter of making all systems updates. You need to update and “watch” all installed application as kown as third part software.

After talking with some guys about the “*VuXML Project*”:http://www.vuxml.org/freebsd/ ( Vulnerabilities and Exposures Markup Language ), I have decided to write a ultra-litle step by step “memory note”.

But what is this *VuXML* for!?

Simple: is an XML application for documenting security issues in a software package collection such as the FreeBSD Ports Collection or OpenBSD Ports & Packages Collection.

So in practice, If you find a security hole in some application, you can submite a XML entrie to this project and then if some user arround the world (with “security/portaudit”:http://people.freebsd.org/~eik/portaudit/ installed and updated), tries to install or upgrade that application, he gets an alert about the security hole presente in that application/version.
But it may happen the other way arround too and that’s great!

Now the base instructions:

First update your ports collection:

$cvsup -g -L 2 /usr/share/examples/cvsup/standard-supfile

Install of portaudit:

$cd /usr/ports/security/portaudit ; make install clean

Check installed ports for known vulnerabilities:

$rehash (if you are using csh)

$portaudit -Fda

And get rid off all affected packages!

Finaly, in some cases perhaps in your latpot, you may need to install a port with some security hole. To do this with portaudit installed, you need to force that installation.

Forcing some app to install with a security hole:

$cd /usr/ports/CATEGORY/SOMEPORT

$make DISABLE_VULNERABILITIES=yes install clean

Well, it’s all folks

$tunefs /dev/brain

Besides the stress of having many projects at the same time and the daily job too, I think this month will be…