This is just for reference. I forgot the syntax already twice. The insert query does not work if you use parenthesis.
create table test ( a int , b int) ;
create table test1 ( c int) ;
insert into test1 values 1;
insert into test1 values 2;
insert into test1 values 3;
insert into test1 values 4;
insert into test (a,b) select c,0 from test1;
select * from test;
1|0
2|0
4|0
3|0
Not without pain, this evening I’ve learned how to write a small
client side script with greasemonkey [1] .
Even if conceptually very easy, I discovered (the hard way) that the
firefox security model changed quite drastically with firefox 3.0
introducing XPCNativeWrappers. This page [2] explains the
problem in details.
Anyway below it is a small js script to replace http with https in all forms on a page. It can be handy to force login using https on website that do not offer this option by default. And it was funny to learn.
// ==UserScript==
// @name Fix broken forms
// @description Forces known sites to use a secure connection
// @include https://example.com/*
// @copyright Pietro
// ==/UserScript==
//fix broken forms
var forms = document.getElementsByTagName('form');
for (var i = 0; i < forms.length; i++) {
var form = forms[i].wrappedJSObject || forms[i];
if (form.action) {
form.action = form.action.replace(/^http:/, 'https:');
}
}
[1] https://addons.mozilla.org/en-US/firefox/addon/748
[2] http://www.oreillynet.com/pub/a/network/2005/11/01/avoid-common-greasemonkey-pitfalls.html
I just finished to setup our off-site backup . Since the admin in the data center where out off-site backup machine is hosted asked for a pull method, I had to setup a “secure” rsync jail to allow him/her to move our data. To this end, I installed rssh, rsync and I setup a simple jail for it.
The rssh configuration is pretty straightforward. First you need to add the backup user to your system.
adduser--disabled-login --no-create-home --home /var/chroot/backup backup
Then you can use the script that comes with rssh to build the jail. This script actually build the jail only with scp. This is not enough as we want rsync. To add ryync to the jail is necessary to copy the binary and a couple of libraries that we can easily find out with ldd.
#/usr/share/doc/rssh/examples/mkchroot.sh /var/chroot
#cp /usr/bin/rsync /var/chroor/usr/bin
#ldd `which rsync`
libacl.so.1 => /lib/libacl.so.1 (0x00002ad794dd6000)
libpopt.so.0 => /lib/libpopt.so.0 (0x00002ad794edc000)
libc.so.6 => /lib/libc.so.6 (0x00002ad794fe5000)
libattr.so.1 => /lib/libattr.so.1 (0x00002ad795222000)
/lib64/ld-linux-x86-64.so.2 (0x00002ad794cbe000)
#cp /lib/libacl.so.1 /lib/libpopt.so.0 /lib/libattr.so.1 /var/chroot/lib
Then we need to configure rssh to allow the backup user in the jail
#cat /etc/rssh/rssh.conf
logfacility = LOG_USER
umask = 022
user=backup:011:10000:/var/chroot
In order to give read-only access to the user partition I decided to bind mount the real partition readonly
#mount -o ro --bind /srv/backup /var/chroot/home/backup
and in the end to copy the public key of the backup user in the .ssh directory.
I can finally rync my encrypted backup !
rsync --list-only backup@backupmachine: .
drwxr-xr-x 4096 2009/02/10 03:21:53 .
-rw-r--r-- 63056911 2009/02/09 15:59:47 dev_full.1.dar
-rw-r--r-- 214303 2009/02/09 16:11:46 dev_incr1.1.dar
-rw-r--r-- 281236 2009/02/10 03:17:38 dev_incr2.1.dar
-rw-r--r-- 3323334 2009/02/09 16:05:25 mail_full.1.dar
-rw-r--r-- 9584 2009/02/09 16:14:19 mail_incr1.1.dar
-rw-r--r-- 1211287691 2009/02/10 03:21:24 mail_incr2.1.dar
-rw-r--r-- 1156597930 2009/02/09 16:06:48 nfs_full.1.dar
-rw-r--r-- 33476937 2009/02/09 16:14:36 nfs_incr1.1.dar
-rw-r--r-- 205390873 2009/02/10 03:21:51 nfs_incr2.1.dar
[...]
I’ve modified a script to backup live xen images with dar. This script uses lvm to snapshot a running VM disk, then mount it read only and uses dar to create an incremental backup. The script is a derivative of a script I’ve found on the net [1]. There is still a small problem with journaled file system that even if the fs is frozen before taking the snapshot, for some reason, even if I mount it read only, the kernel module tries to go through the journal to recover the fs. I’m worried that this might lead to data corruptions… There is this old thread [2] shading a bit of light on the problem.
The script is pretty simple. To create a full backup of a xen domain the command line is:
./xenBackup.sh -d domainname
to create an incremental backup :
./xenBackup.sh -d domainname -i 1
where -i is the sequence number of the incremental backup. Of course you need the previous incremental backup for the operation to be successful (if i = 1, you need a full backup) . You can use this script from cron, running a full backup on sunday and an incremental backup every day of the week.
Script attached.
[1] http://www.johnandcailin.com/blog/john/backing-your-xen-domains [2] http://www.nabble.com/Xen-backups-using-LVM-Snapshots-td19988096.html
As it is explained in the svn book [1] in order to share a repository
in a multi user environment, every user should set their umask to 002,
to avoid permission problems. Implementing this in debian can be
problematic as explained in this bug report [2]. Setting this umask by
default is a potential security risk and should be avoided (this is
true at least in redhat where every user is member of the user group,
in debian we have a better approach where every user a member of of
its own user group by default). The solution is to use a wrapper and
to put it in /usr/local/bin . The wrapper is actually already
being written for you. This is what you have to do:
apt-get install subversion-tools
ln -s /usr/bin/svnwrap /usr/local/bin/svn
ln -s /usr/bin/svnwrap /usr/local/bin/svnserve
since in debian by default /usr/local/bin is looked up before
then /usr/bin the two links created above are used instead of
the real svn binaries avoiding any problem related to upgrades.
[1] http://svnbook.red-bean.com/en/1.0/ch06s05.html [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=24236