Lists all of the journal entries for the day.

Thu, 11 Sep 2003

12:06 AM - fixed pasv mode ftp

i finally fixed passive mode ftp. I haven't been able to use it since i installed the firewall on the server. Turns out that there is a valid range of ports that pasv uses. Shitty ftp servers use all of them above 1024, but only 49152-65534 can be used according to the registration with IANA.

I added a rule to allow this traffic. I am not sure if i need to tighten it or not.. we shall see. I decided to allow inbound and outbound on those ports. Nothing runs that high anyway unless someone were able to compromise the box and start a process on one of those ports. It really sucks that i have to leave them open. Theoretically though if someone could run an app as root they could do the same thing on the ftp data ports cause its usually not bound unless in use.

Of course, unpriveledged users can run stuff on ports above 1024.

Most server programs on my box don't run as root anyway. For example, apache, mysql, and bind do NOT run as root. They give up privledges and run as unique users. I don't pull a fred and run everything as nobody... that would be foolish. If i get time soon, i'm going to chroot most of that stuff anyway. Sendmail, imap, and ftp i can't do anything about (unless i changed products). I could chroot the ftp space, but then apache would still need to access it. Maybe i could do a double chroot??? ftp inside of apache? ftp is more likely to get hit anyway. I'll think that over. I need to change the filesystem layout for all the web crap soon anyway.. i could make it a lot more secure than it is... its just a lot more work when i deploy.

Rob used to leave everybody permissions in NT. Now that was funny. He was just too lazy to figure out what files needed. Hell authenicated users would have been slightly safer.. but that was a 2k thing I think. Maybe that permissions upgrade thing for NT4 did it to? its been to long.

location: Home

()

12:16 AM - jj fix

I corrected the issue with comments today. Stupid thing was crashing cause i forgot to upload a new copy of addcomments.class... lol. Thats a java file for those of you who are programming illiterate. You know i really need a spell checker on this thing.

location: Home

()

12:18 AM - CS111 Lab and Linux

I had to use Redhat 9 today. I was rather suprised. The gui was very nice.. i liked it better than XP actually. It reminded me of a shitty version of Mac OS X! I think it was the workstation version which costs 150 per seat. What a pain in the ass.. microsoft type pricing.

Redhat is the microsoft of the linux world!

I must say though that it impressed me, and if they get the speed issues fixed it would be a good pc os, second to Mac OS X. I think FreeBSD will catch up though.

Redhat did have a nicer gui than Sun and SGI though. Nice improvement. It looks like they are using some of the KDE stuff, but i'm not positive on that. I suspect an opengl accelerated driver would make it rock. Well if linux can do that like freebsd, it would.

At least linux would support my fucking sound card. FreeBSD does not! (its an audigy)

If i didn't have requirements for .NET, i'd probably switch to linux with wine actually. I could play enemy territory on linux.

I think i'd prefere a new Macintosh with virtual pc though. (no ET, but i'd have a new Mac to game on) I'd like to get a powerbook with 10.3 panther on it. Wireless of course!

Anyway the lab went fine, aside from being a bit bored. I connected to my server with ssh and surfed with lynx. :)

Lynx actually supports iframe, and image maps btw. (seperate link)

I'm such a Unix geek lol!

location: Home

()