sbackup on Ubuntu is a nice backup utility, but I needed to copy my backup files across network to a Windows server with a 1TB external drive formatted in FAT32. What sbackup needed was a way to samba mount my external drive, a way to break up files larger than 4GB, and to breakup the backups into nice size chunks that can be copied nicely over my network.
Here's my quick script to backup my /home dir.
#!/bin/sh
BACKUP_DIR=/home/robert
DATESTAMP=`date '+%Y%m%d'`
echo "Backing up Copernicus laptop..."
ls -1 $BACKUP_DIR | while read dir
do
echo "Backing up $dir"
TARFILENAME="${dir}_${DATESTAMP}"
tar cvpjf /var/backup/local_backups/backup_${TARFILENAME}.tar.bz2 --exclude=*.log --exclude=lost+found $BACKUP_DIR/$dir
split -b4GB /var/backup/local_backups/backup_${TARFILENAME}.tar.bz2
done
sudo smbmount //192.168.0.122/copernicus/backup /mnt/backup -o username=YYY,password=XXX
mkdir -p /mnt/backup/backup_${DATESTAMP}
mv /var/backup/local_backups/backup_*_${DATESTAMP}.tar.bz2* /mnt/backup/backup_${DATESTAMP}
echo "Finished backing up Copernicus laptop..."
exit 0
Monday, June 22, 2009
Monday, June 15, 2009
SMF Review
SMF or simple machines forum is a php-based forum software with many features and an active developer community. After searching for several forum software packages, and checking ratings, maturity of the code base, frequency of updates, helpful forums, SMF appeared to be one of the top packages available. Also, my hosting company (GoDaddy) provided free install and setup (another plus!). Pretty much what I wanted, because this wasn't to be a main focus of one of my sites, but I also wanted a forum that was low maintenance, so that I could do other work that was more interesting. SMF also appeared to also have many useful features.
So everything looks good right? Well almost. As a java developer, I learned several things good and bad about php. I also waged a small battle with security. My hats off to the guys that manage LAMP apps full time.
Lessons learned...
Set allow_url_include to OFF
Set register_globals to OFF
2. Do not allow users to register themselves - As much as I don't want to keep up with users, I soon found that this is the best way to see whats happening on your site after setup especially since I am by no means an SMF expert. After setting up my final SMF 1.1.9 forum, I had 16 spam bots attempt to register users between 1AM and 7AM. The first setup, was to add admin approval for all users. SMF sent me a nice little email that Viagara28 and other creative users were interested in joining. Yeah right!
Allowing users to register themselves will open the doors for spambots, and you will soon have hordes of nefarious advertisements posted on your forum.
One really nice feature about SMF is that with a click you can view and lookup the IP of the requesting member. This helps give you an idea of with whom you are dealing. The 16 member requests were all from spamlands Ukraine and Russia. SMF also allows you to block certain IP ranges if you wish to block out an entire country. Sorry Ukraine!
3. Set the captcha to the highest level of difficulty - This one step filtered out numerous emails from spambots. This article here explains that Captcha can be hacked and should be made as difficult as possible to filter out the bots.
These 3 suggestions kept my SMF forum from being decimated into a heaping pile of ash. Overall, though I believe that SMF/php is a little bit rough around the edges on security, it is by no means a reason to stay away from SMF or php in general. I must note that I did start with SMF 1.1.5 which is the default SMF install from godaddy.com. After reading newsgroups about security enhancements, I decided to go out on my own and install 1.1.9. A good move and all remote file inclusions seemed to be wiped clean by making this move.
So here's my analysis on SMF experiences.
1.) Install - (B+) Overall pretty good install. There seems to be a low barrier to setup SMF which is nice. I didn't quite understand upgrade paths.. can i go from 1.1.5 -> 1.1.9 with a simple upgrade package? but in my situation everything appeared to work. Also, the learning curve on setup was pretty small. I had a few issues installing themes and understanding if a theme would fit 1.1.9 but this issue was soon resolved. Also, you have to go back and remove the php pages for install.php and upgrade.php. It would be nice not to need to do that.
2.) Security - (C) Spambots are ready for SMF, but I think following the suggestions above and upgrading to the latest version of SMF will keep you a few steps ahead of the spammers and hackers. Default settings are prone to hacking, and I believe spambots prey on this fact.
3.) User Community (A-) There is large SMF community out there which in my book is worth more than the app itself sometimes. There was a lot of good information and the developers seem to be actively posting. Good job on this!
Another note on this... SMF allows homegrown pre-packaged themes to be installed which I really liked. You can visit a site and browse many different types of themes, pick one, download it and install it.
4.) Features - (A) Lots of features have been added to SMF. Almost too much really for what I needed, but I was able to navigate through the menus and using IP tracking, style sheet editing, and many more.
5.) Usability - (B) Well this is good and bad. The good is that there are a lot of features. The bad is that there are a lot of features. Overall, I was able to navigate, setup, and configure a site pretty quickly. However, there were times where it took me some time to figure out the right way to do something. One example is setting the current theme. After installing the theme I liked, do I simply change the paths on the current theme? I tried changing the path, but for some reason my site turned into garbled mush and couldn't find URLs etc. I soon found the install theme button, and everything cleared up. There were other small things like that, which kept SMF from becoming stupidly simple to use. Some level of technical knowledge is useful for SMF without a doubt.
So everything looks good right? Well almost. As a java developer, I learned several things good and bad about php. I also waged a small battle with security. My hats off to the guys that manage LAMP apps full time.
Lessons learned...
- Remote file inclusion - PHP without the correct barriers set can allow hackers to send a url that references a remote file. These remote scripts serve different purposes, but in my case a script was used to customize php files and drop in redirects for certain URLs that boost different websites rankings in Google.
There is a great description about remote file inclusion here. The article also provides a great description and some remedies for this issue.
Here's the first fix to keep remote file inclusion from being used on my site...
Set allow_url_include to OFF
Set register_globals to OFF
2. Do not allow users to register themselves - As much as I don't want to keep up with users, I soon found that this is the best way to see whats happening on your site after setup especially since I am by no means an SMF expert. After setting up my final SMF 1.1.9 forum, I had 16 spam bots attempt to register users between 1AM and 7AM. The first setup, was to add admin approval for all users. SMF sent me a nice little email that Viagara28 and other creative users were interested in joining. Yeah right!
Allowing users to register themselves will open the doors for spambots, and you will soon have hordes of nefarious advertisements posted on your forum.
One really nice feature about SMF is that with a click you can view and lookup the IP of the requesting member. This helps give you an idea of with whom you are dealing. The 16 member requests were all from spamlands Ukraine and Russia. SMF also allows you to block certain IP ranges if you wish to block out an entire country. Sorry Ukraine!
3. Set the captcha to the highest level of difficulty - This one step filtered out numerous emails from spambots. This article here explains that Captcha can be hacked and should be made as difficult as possible to filter out the bots.
These 3 suggestions kept my SMF forum from being decimated into a heaping pile of ash. Overall, though I believe that SMF/php is a little bit rough around the edges on security, it is by no means a reason to stay away from SMF or php in general. I must note that I did start with SMF 1.1.5 which is the default SMF install from godaddy.com. After reading newsgroups about security enhancements, I decided to go out on my own and install 1.1.9. A good move and all remote file inclusions seemed to be wiped clean by making this move.
So here's my analysis on SMF experiences.
1.) Install - (B+) Overall pretty good install. There seems to be a low barrier to setup SMF which is nice. I didn't quite understand upgrade paths.. can i go from 1.1.5 -> 1.1.9 with a simple upgrade package? but in my situation everything appeared to work. Also, the learning curve on setup was pretty small. I had a few issues installing themes and understanding if a theme would fit 1.1.9 but this issue was soon resolved. Also, you have to go back and remove the php pages for install.php and upgrade.php. It would be nice not to need to do that.
2.) Security - (C) Spambots are ready for SMF, but I think following the suggestions above and upgrading to the latest version of SMF will keep you a few steps ahead of the spammers and hackers. Default settings are prone to hacking, and I believe spambots prey on this fact.
3.) User Community (A-) There is large SMF community out there which in my book is worth more than the app itself sometimes. There was a lot of good information and the developers seem to be actively posting. Good job on this!
Another note on this... SMF allows homegrown pre-packaged themes to be installed which I really liked. You can visit a site and browse many different types of themes, pick one, download it and install it.
4.) Features - (A) Lots of features have been added to SMF. Almost too much really for what I needed, but I was able to navigate through the menus and using IP tracking, style sheet editing, and many more.
5.) Usability - (B) Well this is good and bad. The good is that there are a lot of features. The bad is that there are a lot of features. Overall, I was able to navigate, setup, and configure a site pretty quickly. However, there were times where it took me some time to figure out the right way to do something. One example is setting the current theme. After installing the theme I liked, do I simply change the paths on the current theme? I tried changing the path, but for some reason my site turned into garbled mush and couldn't find URLs etc. I soon found the install theme button, and everything cleared up. There were other small things like that, which kept SMF from becoming stupidly simple to use. Some level of technical knowledge is useful for SMF without a doubt.
Monday, June 1, 2009
PHP and script.aculo.us Web 2.0 Application Interfaces
I just recently finished reviewing PHP and script.aculo.us Web 2.0 Application Interfaces by Sridhar Rao. Sridhar provides many hands-on examples of the Script.aculo.us library and explains in detail many of the effects used in many of our favorite web 2.0 applications i.e. tadalist, digg, delicious, and 43things.com. If you have ever struggled to get JavaScript to play nicely this is a must read.
Sridhar explains the concepts of Script.aculo.us, Prototype, and AJAX in PHP. The chapters are well-written and follow up with many useful examples. The author weaves those concepts into reality and explains how many of the effects that we enjoy on the web are done. My favorite was creating a Delicio.us / Digg -like bookmark application along with many effects such as search with real-time autocompletion, realtime updates, and tag clouds. Another useful chapter describes an AJAX enabled shopping cart that provides awesome features like drag and drop, and applies some of the interesting Script.aculo.us effects to the online store. Very cool.
The author also writes in a fun tone, and gives the reader a lot of interesting tidbits to chew on. A good read overall.
Sridhar explains the concepts of Script.aculo.us, Prototype, and AJAX in PHP. The chapters are well-written and follow up with many useful examples. The author weaves those concepts into reality and explains how many of the effects that we enjoy on the web are done. My favorite was creating a Delicio.us / Digg -like bookmark application along with many effects such as search with real-time autocompletion, realtime updates, and tag clouds. Another useful chapter describes an AJAX enabled shopping cart that provides awesome features like drag and drop, and applies some of the interesting Script.aculo.us effects to the online store. Very cool.
The author also writes in a fun tone, and gives the reader a lot of interesting tidbits to chew on. A good read overall.
Subscribe to:
Posts (Atom)