Cryptography Introduction

Posted: 2013-12-11 12:10:54 by Alasdair Keyes

Direct Link | RSS feed


Cryptography is one of the most important branches of maths in the modern age.

Almost everything that requires security/secrecy in our life relies on it. However the basics of it aren't well understood by many, even those who work with it daily, such as System Administrators.

Cryptography can get very complex and way beyond anyone who hasn't got a doctorate, however a basic grounding in some principles behind it is very useful (and interesting, if you're that way inclined)

I came across these videos whilst browsing Reddit which I would recommend to anyone that wants to learn more.

Public key (Or Asymmetric) Cryptography: Diffie-Hellman Key Exchange

Gambling with secrets (Cryptography)

RSA Encryption


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Elementary OS

Posted: 2013-08-22 12:56:53 by Alasdair Keyes

Direct Link | RSS feed


For the past 6 months or so I've been running Linux Mint 15 as my Desktop OS. It can be a little slow in it's operation, slight lag in response to mouseclicks etc. so I've been on the lookout for a new desktop distro when someone point out Elementary OS.

It's fairly new and based on Ubuntu 12.04 LTS. It's highly customized to look like OS X, while I'm not a huge fan of the OS X interface it does have some nice features.

I installed it on a VM for a quick play and the first thing I noticed was how fast it was. Everything seemed to open instantly.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

PHP Session Garbage Collecting - Not great for shared hosting (Repost)

Posted: 2013-04-02 12:28:47 by Alasdair Keyes

Direct Link | RSS feed


This is a repost of an old article that I transferred across from my previous blog. I've only just noticed that it was incomplete so I've completed it and reposted it

I look after a fair sized Linux shared hosting cluster (20,000+ websites) and to provide PHP session persistence between the servers in the cluster, PHP sessions are stored on an NFS share.

I noticed that a number of processes where running for a long time on the Apache servers. At first I thought this was due to loops or bad coding on behalf of the website owners, but it didn't seem to be restricted to any particular users.

After running strace on one of these processes I saw that the processes where getting permission denied trying to delete large numbers of PHP session files.

It turns out that PHP implements it's own internal garbage collection to get rid of old sessions, however, as we run SuPHP, the PHP processes only have permissions to delete their own session files (due to the use of Linux's sticky bit permissions), but that doesn't stop the process recursing through the sessions folder and trying to delete all old sessions.

With 20,000 websites, most of which run PHP CMS systems, this is quite a drain, compounded by the fact it's on an NFS share, which also adds overhead to each filesystem request.

The solution was to turn off garbage collection in PHP config. Create a config fragment file /etc/php.d/disable_session_gc.ini on the webhead and add the following content

; Disable auto session garbage collector
session.gc_probability = 0

Obviously I didn't want the sessions building up on our NFS filer, so I just set up a cronjob to call tmpwatch and delete old files once per day. I decided 7 days would be adequate.

/etc/cron.daily/clear_php_sessions.sh

/usr/sbin/tmpwatch 168 /exports/php/sessions


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Sprechen sie Deutsch?

Posted: 2013-02-06 23:13:46 by Alasdair Keyes

Direct Link | RSS feed


Nein :(

But I'm learning, in a break from my computer related antics, I've started learning German. I've always found myself fairly comfortable with maths and logic, but languages have always been beyond my grasp. My French has always been shady, I usually end up telling someone that their Grandmother uses a Rubik's cube in a manner other than intended. There's just no logic to languages.... I mean, how are you supposed to remember the difference between masculine and feminine nouns and which conjugation of verb to use, quite frankly, I have no idea what that is in English.

But then I heard about http://duolingo.com, it's a website that teaches you various languages from the beginning. It teaches very brief sentences and then asks you to translate, both to and from English and also allows you to speak it and grades your performance. New words are slowly introduced and I apparently know 29 words in German.... dies ist gut, ja?

Obviously you may wish to learn another language, but even after just a few days, spending 30 minutes in the evening I can start to speak some simple German sentences, I can't recommend it highly enough.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Stability vs. Security vs. Functionality

Posted: 2013-01-15 20:49:36 by Alasdair Keyes

Direct Link | RSS feed


In the world of GNU/Linux there are a number of well known Enterprise distributions and distributions that have gained a reputation for stability and reliability. Primarily, Red Hat Enterprise Linux boasts itself as the number one enterprise distribution and Debian also has a reputation among sys-admins for being rocksteady.

These distributions are reliable and stable, however that comes at a cost. Recent releases of software often have bugs and/or security flaws in them, which puts people off upgrading to them until the bugs have been worked out. It's this mantra that Debian and Redhat adopt to gain their reputation for reliability. Sadly, the recently released software also has all the latest security patches and new features.

This creates a trade off between running the latest software which is patched for all known bugs and has more functionality and running older software which is more reliable, but comes with less features and doesn't have the latest patches.

Of course, Redhat and other vendors do backport security patches when flaws are found, and Redhat have their Fedora project which is at the bleeding edge of software releases, but I think the days of large distributions running far out-dated software are coming to an end. Back porting patches in this manner is effective, but usually only done once a compromise has actually been exploited, rather than when the upstream software has fixed the bug, and the time difference between the two can be great. Debian has within the past few years started catching up with the latest upstream software and I think this is the right track.

Some of you may have already worked out that the recent Exim remote root exploit has triggered this post. More information can be found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ and https://rhn.redhat.com/errata/RHSA-2010-0970.html.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Firewalls... there for a reason

Posted: 2013-01-15 20:49:36 by Alasdair Keyes

Direct Link | RSS feed


Everyone knows the necessity of firewalls on a modern computer systems, protecting all the way from the heavy iron down to your home PC, however I've noticed a strange trend in companies to just not bother with software firewalls at all.

I know most companies have many firewall appliances which restrict access to various parts of their network and combined with correct routing can lock down a network very tightly, however I always think it's paramount to run software firewalls on all your boxes.

No one designs their network to get attacked, however any network that has been in production for several years will have been changed, re-patched, ammended, VLANs updated, routes added, that temporary firewall rule exception you added to grant an entire subnet access on all ports just because you couldn't see why you were getting connection errors. It's only natural that in that time mistakes will get made, possibly giving a small opening to someone you don't want in your network, and with the plethora of complex network penetration/hacking scripts about, it only takes one script to go un-noticed for a couple of months, probing and prodding at your network and it could have found a way through your to some very sensitive parts of your infrastructure.

Software firewalls certainly shouldn't be your only protection, however I would consider them the first and last line of defense. For shared hosting web servers they are the first line of defense against a nasty binary that has been uploaded through an insecure PHP script. For internal and backend systems such as database servers they are the last line of defense when someone has managed to get through the rest of your network security and is one step away from brute forcing your MySQL logins.

One excuse that is given is that it adds undue load to a server, yes, to a degree this is correct, however if you've got a server that has so many hundreds of thousands of connections that a software firewall is bogging it down, you should really look at some kind of load-balancing so that you can spread that load over more hardware.

Having spent most of my career working in Shared Hosting environments, we actively open up our networks to potential compromise. Anyone can buy shared hosting for very little money and run pretty much any PHP/Ruby/Perl/Python script they wish, and with the advent of more and more Wordpress and Joomla exploits, it doesn't take long before you'll find some shady scripts attempting to be executed.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Desktop VMs with Virtualbox

Posted: 2013-01-15 20:49:36 by Alasdair Keyes

Direct Link | RSS feed


I've recently been doing some development of a cluster of machines, obviously virtualization is the way to go.

To this end I've been using Virtualbox a great deal. I'm not really a great fan of Oracle, either with their flagship DB,or with some of the decisions they've made surrounding MySQL since they acquired it from Sun. However along with their acquisition of Sun they got Virtualbox, and in my eyes it can do no wrong.

It's a very simple, lightweight hypervisor with good support for a range of guest OS's. I've not yet found one that won't install SuSE, CentOS, Redhat, CentOS 4/5/6, Ubuntu, Debian, Open Solaris, (I've not tried silly examples like Windows 95).


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Disks failing everywhere

Posted: 2013-01-15 20:49:36 by Alasdair Keyes

Direct Link | RSS feed


It must the the lovely "sunny" weather England is experiencing at the moment, I've had three hard disks fail on me today, one in my desktop and two in servers


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Slow DHCP and the lack of Portfast

Posted: 2013-01-14 14:05:50 by Alasdair Keyes

Direct Link | RSS feed


If you're using DHCP and it seems to be taking a long time to get an Address from your server, check that Portfast is enabled in your switch config.

The config setting will be specific to your brand of switch, but it enabled good fast PXE booting for me.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

Ave Maria

Posted: 2012-12-06 19:01:31 by Alasdair Keyes

Direct Link | RSS feed


What does your database choice say about you?

Well, I don't know if they actually do say anything, however I've been using MySQL for a long time. If I need a database for a project, either for work and personal I fall back to MySQL, it's like the comfy old pair of shoes that you always wear because you know where you are with them and it always feels comfortable.

I dabbled a bit with Oracle at uni and dipped my toe in the Postgres waters a couple of years ago to see what the fuss was about. Both seemed very functional, however my only reason not to switch was that I was comfortable with MySQL. As a developer I know the SQL syntax to do pretty much most things I'd want to do and as a Sys Admin, I know how to set it up in multiple configurations, upgrade it, manage it and debug issues. Beyond that I'd got a lot of projects currently running on it and no one needs the headache of changing a core part of a system such as the database, as the saying goes... "If it ain't broke..."

Those who follow such things will be aware that MySQL has had a somewhat rocky history over the past few years with, being bought in 2008 by Sun and then acquired by Oracle a couple of years later. This has worried a lot of people, after all what would Oracle want with a free Database solution that might take business away from their high-end, uber-expensive prized product?

I have to say, I'm also a little concerned so I've been following MariaDB with some interest recently. MariaDB is a drop-in replacement for MySQL forked from the MySQL community version. It also has a few extensions and little extras of it's own should you want to use them but still maintains the backwards compatibility with MySQL. They very nicely also provide repositories for some of the main Linux distributions CentOS, Debian, Fedora, Redhat and Ubuntu, so you can get the latest and greatest versions and bug fixes all at the cost of adding a repository into your package management system.

I'm not sure I want to migrate my work systems to it yet, however I think I'll be giving it a go for some of my new projects.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

© Alasdair Keyes

IT Consultancy Services

I'm now available for IT consultancy and software development services - Cloudee LTD.



Happy user of Digital Ocean (Affiliate link)


Version:master-28fc6e6b4b


Validate HTML 5