Yea, you read that right. Three commands and you can run a pen-test on your website/webserver. So, how?
kelvin@home:~$ sudo apt-get install nikto
kelvin@home:~$ sudo nikto -update
kelvin@home:~$ nikto -h www.thoughtdeposit.net
As you can see, Nikto is a web server scanner, apparently for over 3200 dangerous files/vulnerabilities. Additional features can be seen at the Nikto website, yet you will certainly want to add this old gem to your webserver toolbelt as soon as possible.
In the next year I plan to make a little video, nothing fancy likely, but something that will require an editor. However, I don’t own a mac (which rules our Final Cut Pro + After Effect and iMovie, which Ian and I both have had too much fun with. Inside joke.) I’m also a die-hard Linux fan, trying to hold out buying a mac for as long as possible.
SF to the rescure. There are four editors listed, and in the next year I’ll try them all. Overalll, they look quite promising.
Jahshaka — Beta. Good reviews from what I’ve seen.
Kdenlive — Alpha/Beta. Looks a lot less mature than Jahshaka, especially since I’m going to have to check it out via svn. But, the screenshots look quite impressive.
LiVES — Beta.
The dread of every webmaster. Of every e-commerce site. Of every blogger.
For those whom have advertising or offer services on their pages, a site that is down = a site not making money. The first step to solving a down site is knowing that it is down. But nobody wants to visit their site every few minutes, so, uptime checkers here we come!
Some sites are setup to monitor ports on your sever (e.g. port 80 for web service), and if the port is closed, they can perform an action. For instance, in geek code, if(sitedown) { sms(kelvin) }. Or, you can use the free services that have less features (for instance, less frequent checks or fewer ports.
All of this would be quite trivial to implement, but it already exists, so why not take advantage of it?
I use, and recommend, Hyperspin. But have heard nice things about Siteuptime.
Windows groups can be squirrely. The key to grocking them is knowing the order windows processes, or “expands”, them in.
The rule of thumb is that a group can have as a member any other type of group that has already been expanded. For example, the local group is the most flexible because it’s expanded last. Pretty much anything can be a member of a local group because by the time the server’s authority expands it, all the other group memberships are known. Global groups, on the other hand, because they’re expanded first, are heavily restricted. At the time they’re expanded, we know very little: The client’s domain starts with the user’s SID and begins expansion from there.
“What is a Group?” has a set of nice hand-scrawled diagrams to walk you through it all.
I’ve always wondered, how would my site deal if a lot of traffic got sent to it? Could I tune it to maximize the return based on the hardware it is running on? Sure, and Siege appears to be the answer.
This little tool is a great way to slap tons of load on your sever. You’ll need a testing computer (say, a personal computer with quite a bit of power), a decent connection, and your website. This is how you run it:
kelvin@home: siege -c350 -t30s http://www.thoughtdeposit.net/tipstricksandhacks/gtd-in-dashboard
And this will yield:
Transactions: 474 hits
Availability: 100.00 %
Elapsed time: 29.71 secs
Data transferred: 4.98 MB
\Response time: 11.09 secs
Transaction rate: 15.95 trans/sec
Throughput: 0.17 MB/sec
Concurrency: 176.86
Successful transactions: 474
Failed transactions: 0
Longest transaction: 29.18
Shortest transaction: 1.20
See, pretty nifty, eh? Do a man on Siege to find what each switch stands for. Also of interest is ApacheBench and jMeter. I have tested out jMeter, and it appears to be a very full testing tool. A good list can be found here
I have tested out lighttpd using this tool, and decided to switch back to Apache (for now!) I look forward to testing out Apache’s worker MPM with PHP, and see if that gives a performance boost. Will report on that later.
Don’t know where I picked this one up, but here is a tip for today.
I totally heart vi, I can’t deny it. Knowing how to manipulate can sometimes be tricky, and nobody says it has an easy learning curve. Maybe somebody will find this useful:
To find a particular line in vi you could first press / and then type in what you are looking for. And poof, you go to that line. Press ‘n’ and you will keep going. But sometimes I want to go straight to a line but don’t quite know what it is. For that…
# grep php -n httpd.conf
26:LoadModule php5_module modules/libphp5.so
137: DirectoryIndex index.html index.php
382:AddType application/x-httpd-php .php .phtml
Now you know the lines of whatever you are looking for. Now open up vi, press : and then enter the number, e.g.
:382
Press enter and you are there. Yay.
Wikity is a miniature wiki in your OSX dashboard. If you’re a GTD true believer, it’s can also be the linch-pin of your system.
I keep four instances of Wikity open in my dashboard, one for my ‘next actions’ list, one for my ‘waiting on’ list, one for my ‘projects list’, and one for my ’someday maybe’ list. My someday maybe window usually gets cannibalized to look at other wiki pages I keep in the system, like my errands list, or the various agenda lists I keep for people.
This system fits my style because I, for my own picky reasons, really hate having extra icons in my dock or seeing them listed in the task switcher. So that rules out apps like Kinkless GTD. I just hit F12 and my lists pop-up, hit it again and everything disappears.
Wikity used to even work with Quicksilver, but the plugin seems to be broken for me right now. Still, I swear by this simple system, even not playing nice with my beloved Quicksilver wasn’t enough for me to abandon it.
I’ll admit, I think one of the thickest barriers to entry regarding Linux is variety. I love variety, but general end users don’t adjust well to change (IMHO). Thus enter the stage: Portland. So, what does this mean to the end user? This means that, eventually, the UI throughout linux will all look similar — regardless if it is designed to utilize GTK, QT or anything else (that is, if it is built off the Portland standard).
And as a runner-up, worth mentioning, the user driven Tango Desktop Project
One command, instant leech:
$ wget -m http://www.thoughtdeposit.net
$ ls -l
$ drwxr-xr-x 25 ian ian 4096 Oct 09 03:53 www.thoughtdeposit.net
You can even use the –convertlinks switch to make the site browsable locally, and preserve style sheet linking.
CoRD is a Cocoa-based app for accessing Remote Desktop. The speed is comparable to MS’s client, but with no bookmarks, keychain integration, etc., file this under “revisit at 1.0″
Right now the biggest reason to use CoRD is if you want to use concurrent multiple Remote Desktop sessions. That’s not possible with MS RD Client unless you make copies of the executable and run each independently. Bleh.
Two wishlist features it may have someday are “Quicksilver plugin” and “VNC Support”, now that would make it a killer app.