Author Topic: Downtime tomorrow (July 14, 2008)  (Read 9863 times)

0 Members and 3 Guests are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Downtime tomorrow (July 14, 2008)
« on: July 13, 2008, 08:26:54 pm »
Hey everybody,

I'm going to be swapping out the Web server tomorrow. I already have Apache and PHP installed on the new server, and I'm actually using it right now (hitting the same DB as the old server). So basically, I'm prepared to start the migration.

However, it's going to take some doing, and it's going to break stuff. I guarantee. So be prepared for a little downtime/instability tomorrow evening when I do it. I expect no more than ~30 mins of downtime, followed by a couple hours of instability (as I fix things I broke), and probably another week of minor instability as people report other broken things to me.

I'm hoping this goes smoothly. The biggest change is to security -- I will be using suphp on the new server, so everything will run in the context of its owner. That means that if somebody writes crappy code in their home directory (for example, if I upload something stupid to ~ron), it can't affect other sites on the server without a privilege escalation attack or similar. I'm also going to be making other changes that you probably won't notice.

The downside of using suphp is that PHP has to run as a CGI module instead fo an Apache module. That means it runs somewhat slower. When I first tried this, it was noticeably slower, but I upped the RAM dedicated to the Web server and now it's running the same as the old one. I guess it just likes having the extra RAM.

So yeah, expect downtime tomorrow, everything should be back to normal after that.

Offline Camel

  • Hero Member
  • *****
  • Posts: 1703
    • View Profile
    • BNU Bot
Re: Downtime tomorrow (July 14, 2008)
« Reply #1 on: July 14, 2008, 12:28:04 am »
If you look at the actual implementation in apache of how CGI interactions occur, you'll quickly understand why PHP became a module :)

<Camel> i said what what
<Blaze> in the butt
<Camel> you want to do it in my butt?
<Blaze> in my butt
<Camel> let's do it in the butt
<Blaze> Okay!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Downtime tomorrow (July 14, 2008)
« Reply #2 on: July 14, 2008, 08:20:10 am »
Yeah, it's definitely understandable. But I'm willing to give up the performance gain for the added security of running scripts as their user rather than as apache.

It's odd that PHP doesn't have anything built in for that, yet...

Offline Skywing

  • Full Member
  • ***
  • Posts: 139
    • View Profile
    • Nynaeve
Re: Downtime tomorrow (July 14, 2008)
« Reply #3 on: July 14, 2008, 11:50:17 am »
Ouch.  Switching to CGI from a server module is painful.

I would make sure you have response time and CPU/memory usage graphs before and after so you'll have a baseline for how much of a performance degredation you are looking at.  (In my experience, it's been very severe.  I would not recommend it at all.)

In general, however, I would assume that any PHP code uploaded to the server can run native code, and thus simply not allow untrusted PHP code.  PHP is a mess; just look through bug reports with all the various heap corruption and other almost surely exploitable but not until somebody releases a proof of concept (for purposes of fixing them in a timely fashion, from the PHP team's perspective) problems.

I would stick with the apache module and not run untrusted PHP code, and let that be the end of it.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Downtime tomorrow (July 14, 2008)
« Reply #4 on: July 14, 2008, 12:22:43 pm »
I do have graphs I can check, so I'll know. For the amount of traffic/weight of the apps, I'm not too worried. I wonder what hosting providers do to prevent others from looking at their code, though?

After talking to you, I think I'll install the main stuff as a module, and when others want an account or want to use code, I'll let them do it in the context of themselves.

Offline Camel

  • Hero Member
  • *****
  • Posts: 1703
    • View Profile
    • BNU Bot
Re: Downtime tomorrow (July 14, 2008)
« Reply #5 on: July 14, 2008, 12:58:46 pm »
Facebook uses PHP; their index.php file was leaked after they failed to secure their application platform.

<Camel> i said what what
<Blaze> in the butt
<Camel> you want to do it in my butt?
<Blaze> in my butt
<Camel> let's do it in the butt
<Blaze> Okay!

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Downtime tomorrow (July 14, 2008)
« Reply #6 on: July 14, 2008, 09:43:00 pm »
All right, this is done. I went with mod_php for the forum, and cgi for everything else. If it causes serious issues, it's a quick fix to change it.

I'm aware that this broke themes, I'm fixing those right away.

I'm aware that this will also break a lot of other things, please let me know. I went with the, "if I don't remember it, don't allow it" strategy, and will fix things on a case-by-case basis. :)

Oh yeah, and I moved the forum to forum.x86labs.org. You'll be required to log in and to remember a new URL. Deal. :)
« Last Edit: July 14, 2008, 09:45:06 pm by iago »

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Downtime tomorrow (July 14, 2008)
« Reply #7 on: July 14, 2008, 09:54:50 pm »
You bitch. Should I update the RSS url as well?
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Downtime tomorrow (July 14, 2008)
« Reply #8 on: July 14, 2008, 09:56:41 pm »
Yes, you most certainly should. :P

<edit> Also, you win the award for being the first person (besides me) to access the site by its new URL. Congratulations!

MetalMilitia was a close second (10 seconds after). :)

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Downtime tomorrow (July 14, 2008)
« Reply #9 on: July 14, 2008, 10:02:21 pm »
Themes should be working now. Let me know if any aren't, or if you have other issues!

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Downtime tomorrow (July 14, 2008)
« Reply #10 on: July 14, 2008, 10:12:54 pm »
Smilies are @ fail? I think the favicon is a bit too racy.

And really? I think I was just auto-redirected :O! What do I win?
« Last Edit: July 14, 2008, 10:15:10 pm by Ergot »
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Downtime tomorrow (July 14, 2008)
« Reply #11 on: July 14, 2008, 10:24:40 pm »
Smilies are @ fail? I think the favicon is a bit too racy.
Oops, should be fixed now.

Haha @ the favicon.. for some reason, that icon was always in the /forum folder, but obviously it was never used. That's awesome! Anyways, I deleted it.

And really? I think I was just auto-redirected :O! What do I win?
The task of making a new favicon!

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Downtime tomorrow (July 14, 2008)
« Reply #12 on: July 14, 2008, 10:45:49 pm »
[tex]x86[/tex]

^--- Looking good?
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Downtime tomorrow (July 14, 2008)
« Reply #13 on: July 14, 2008, 10:53:17 pm »
[tex]x86[/tex]

^--- Looking good?
Haha, no. :)

Blaze did one, though! http://forum.x86labs.org/favicon.ico

Offline Ergot

  • 吴立峰 ^_^ !
  • x86
  • Hero Member
  • *****
  • Posts: 3724
  • I steal bandwidth. p_o
    • View Profile
Re: Downtime tomorrow (July 14, 2008)
« Reply #14 on: July 15, 2008, 04:53:23 am »
Isn't that the same racy one from before :O?
Who gives a damn? I fuck sheep all the time.
And yes, male both ends.  There are a couple lesbians that need a two-ended dildo...My router just refuses to wear a strap-on.
(05:55:03) JoE ThE oDD: omfg good job i got a boner thinkin bout them chinese bitches
(17:54:15) Sidoh: I love cosmetology