<VirtualHost 123.123.123.123:80>
  ServerName example.org:80
  ...
  DocumentRoot /home/example.org/public_html
  <Directory /home/example.org/public_html>
    AllowOverride All
    ...
  </Directory>
  ...
</VirtualHost>

In order to prevent the htaccess lookups on the filesystem without losing the htaccess functionality – at least at the DocumentRoot level- I transformed the configuration to the following:

<VirtualHost 123.123.123.123:80>
  ServerName example.org:80
  ...
  DocumentRoot /home/example.org/public_html
  <Directory /home/example.org/public_html>
    AllowOverride None
    Include /home/example.org/public_html/.htaccess
    ...
  </Directory>
  ...
</VirtualHost>

Let’s see what we have accomplished with this:

1. httpd does not waste any time looking for and parsing htaccess files resulting in faster request processing,
2. the virtual host administrator can still override the configuration options of the document root manually or through the web interface of the web application.

Seems like a win-win situation performance and functionality wise.

But, as usual, there is no win-win situation without a downside. In this case, the above trick weakens the server’s security. Let’s see how.

Although the configuration of a directory can be set in both httpd.conf and the directory’s htaccess file, not all directives can be used in both contexts. htaccess files support a subset of the directives that can be used in the Directory context within httpd.conf. By including the htaccess file in httpd’s configuration the vhost admin is no longer restricted to that subset of directives.

This means that by implementing the above configuration the virtual host administrator is granted more privileges regarding the configuration of the virtual host. This also means that a potential attacker, that would exploit a vulnerability of the web application, would be granted the same privileges once he got write access to that htaccess file.

So, although this trick may seem like a good idea at first, it is in fact a rather bad idea and should never be used in production, unless you trust the virtual host administrator and the web application. I do not intend to use such a configuration and I do not recommend it. There are by far better ways to speed up Apache.

Your comments and suggestions are welcome.

Related Articles

• .htaccess Cheat Sheet
• SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls
• Use mod_deflate to Compress Web Content delivered by Apache
• Script for Apache Error Report
• Using the mod_dav_svn SVNParentPath directive with multiple authz files

- Wtf I just installed 6….
- I just installed 5.
- Once the version number is up to 50 in a short amount of time, it will become a joke, and future releases will be ignored.
- Firefox is killing themselves is what they’re doing. People use Firefox for the plugins, every new version installation kills all plugins. After I install this, there’s technically no reason for me to use Firefox over Chrome anymore. Why doesn’t Mozilla understand this???
- Pro tip: People aren’t switching from Firefox to Chrome because it’s got a “better” version number, guys.

I would add that it is not necessary to go through all the numbers from 5 to 14 to catch up with Chrome in terms of major version numbers. These could be just skipped and go straight to 14!

PS: The Firefox extension of a software I had paid for had stopped working since the FF3 -> FF4 upgrade. A workaround was released by the company for FF4, but as soon as FF5 came out it stopped working again. I’ll be straight. I’d rather use Internet Explorer or Chrome or Opera instead of asking the company for a workaround every time the Mozilla folks roll out a new major release of Firefox.

Related Articles

• Use the Alternatives System to switch to a custom Firefox release
• Mozilla Thunderbird speed up
• WordPress Meta Tags plugin stable release
• The Read-It-Later extension
• WordPress 2.1

Related Articles

• Remove-Generator-Meta-Tag WordPress Plugin
• Creative-Commons-Configurator WordPress Plugin
• Add-Meta-Tags WordPress Plugin
• More-Feed-Excerpt WordPress Plugin
• Fast-Static-Feed WordPress Plugin

The problem lies in the way that block ciphers are used in SSL/TLS. Block ciphers are generally operated in one of several modes that define how encrypted blocks are manipulated to ensure complete confidentiality. Cipher Block Chaining, or CBC mode, is used in SSL for all block ciphers, including AES and Triple-DES. The BEAST attack relies on a weakness in the way CBC mode is used in SSL and TLS. Non-CBC cipher suites, such as those using the RC4 stream encryption algorithm, are not vulnerable.

There have been several suggested mitigations that can be put into play from the perspective of the client, such as reorganizing the way the data is sent in the encrypted stream. Servers can protect themselves by requiring a non-CBC cipher suite. One such cipher suite is rc4-sha, which is widely supported by clients and servers.

Researchers have concluded that the RC4 (Alleged RC4) based cipher suites are not vulnerable to the BEAST attack, while CBC (Cipher Block Chaining mode) based cipher suites are. This involves both the TLS 1.0 and the SSL 3.0 protocols. On the contrary, TLS 1.1 and 1.2 have not been found to be vulnerable, but their use is very limited since they haven’t been adopted by the majority of HTTP clients and servers yet.

So, the use of RC4 based ciphers is all that is left for the moment. The security experts have released a list of cipher suites that is suitable for use in the configuration of the mod_ssl module for httpd:

SSLHonorCipherOrder on
SSLCipherSuite !aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:ALL

They have also released a one-liner list of ciphers suitable for use in the relevant fields of the Local Group Policy Editor in Windows Server boxes.

However, there is no info about configuring the mod_gnutls module for apache to use RC4 based ciphers, so, as a dedicated user of mod_gnutls, I decided to release this tip. All you have to do is set the preferred ciphers in the GnuTLSPriorities directive. In this example we use the TLS 1.0 protocol:

GnuTLSPriorities NONE:+VERS-TLS1.0:+ARCFOUR-128:+RSA:+SHA1:+COMP-NULL

Visiting a secure web site that has been configured using any of the methods described above and by checking the information of the secure connection to that website, you should see the following message:

Firefox message about using RC4 encryption cipher

This means that everything is working correctly.

As always, comments and suggestions are welcome and appreciated.

Related Articles

• Critical vulnerability in Adobe Reader
• SSL-enabled Name-based Apache Virtual Hosts with mod_gnutls
• mod_gnutls binary for Apache
• Using SSH for networking
• How to configure and use LIRC

gfx.direct2d.disabled
layers.acceleration.disabled

Also, open the Add-on Manager (tools/add-ons/plugins) and disable all plugins that do not need to be enabled in your email client. Note that the plugins are a different thing than the extensions. I disabled them all in my TB.

Finally, restart Thunderbird.

This has worked for me. Thunderbird 6 now feels as responsive as TB3 was.

Related Articles

• Mozilla Thunderbird 3 is out!
• Be cautious with Notepad++
• Speed up Apache by including htaccess files into httpd.conf
• The new amateuristic release strategy of Firefox
• Use the Alternatives System to switch to a custom Firefox release

Related Articles

• Back online after 48 hours of downtime
• Announcement: Downtime on Sunday, Mar 04 2007
• Error when using old run/bin installers under Linux
• When it comes to error messages…
• A CSS trap for comment spambots

For content and media, there are the Creative Commons licenses, some of which make it possible for creators to provide their work for free, while at the same time they still reserve the right to selectively make their work available for commercial purposes under different terms. That’s the beauty of those licenses. They are made to solve real problems and that’s why I highly respect them.

Related Articles

• Creative Commons v3.0 Licenses Launched
• Best Practices of Software Licensing
• Operating Systems do not matter any more
• Creative-Commons-Configurator WordPress Plugin
• GPLv3 is out – The G-Loaded.eu views

wget ftp://ftp.cc.uoc.gr/mirrors/linux/fedora/linux/development/rawhide/source/SRPMS/supervisor-3.0-0.4.a10.fc16.src.rpm

The simplest way to build an RPM for our CentOS release is to use the --rebuild option of rpmbuild:

rpmbuild --rebuild supervisor-3.0-0.4.a10.fc16.src.rpm

Wait a few seconds for it to finish and then your binary RPM package will be in ~/<your_building_env>/RPMS/....

To satisfy dependencies, you will also need the package python-meld3. So, download and rebuild it:

wget ftp://ftp.cc.uoc.gr/mirrors/linux/fedora/linux/development/rawhide/source/SRPMS/python-meld3-0.6.7-4.fc16.src.rpm
rpmbuild --rebuild python-meld3-0.6.7-4.fc16.src.rpm

Having built RPM packages for supervisor and python-meld3, you can now transfer them to a testing box and install them:

yum localinstall /path/to/supervisor.rpm /path/to/python-meld3
yum install python-elementtree

We also installed elementtree as this is a dependency missing from the supervisor spec file (note to self: file a bug report).

Finally, try to start supervisord:

/etc/init.d/supervisord start

Surprisingly, it complains about the missing elementtree!

Starting supervisord: Traceback (most recent call last):
  File "/usr/bin/supervisord", line 5, in ?
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.4/site-packages/pkg_resources.py", line 2479, in ?
    working_set.require(__requires__)
  File "/usr/lib/python2.4/site-packages/pkg_resources.py", line 585, in require
    needed = self.resolve(parse_requirements(requirements))
  File "/usr/lib/python2.4/site-packages/pkg_resources.py", line 483, in resolve
    raise DistributionNotFound(req)  # XXX put more info here
pkg_resources.DistributionNotFound: elementtree

Checking the requirements file at: /usr/lib/python2.4/site-packages/supervisor-3.0a10-py2.4.egg-info/requires.txt there are no special version requirements:

meld3 >= 0.6.5
elementtree
[iterparse]
cElementTree >= 1.0.2

After some investigation on the supervisor-users mailing list, I found a message that indicated that setuptools.setup() should be used instead of distutils.core.setup() in the setup.py script.

So, the dependency resolution depends on the way the package has been installed! I didn’t even bother to patch setup.py… Knowing that the dependencies are correctly installed, I commented out the elementtree line and also the meld3 line as this caused the same error.

So, my /usr/lib/python2.4/site-packages/supervisor-3.0a10-py2.4.egg-info/requires.txt file looks like this:

#meld3 >= 0.6.5
#elementtree
[iterparse]
cElementTree >= 1.0.2

Now supervisor starts without errors:

# /etc/init.d/supervisord start
Starting supervisord:                                      [  OK  ]
# cat /var/log/supervisor/supervisord.log
2011-05-12 02:56:08,221 CRIT Supervisor running as root (no user in config file)
2011-05-12 02:56:08,267 INFO RPC interface 'supervisor' initialized
2011-05-12 02:56:08,267 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2011-05-12 02:56:08,271 INFO daemonizing the supervisord process
2011-05-12 02:56:08,272 INFO supervisord started with pid 21337

This is what it takes to run supervisord 3 in CentOS 5 or RHEL 5. If you have any comments and suggestions, please let me know in the comments below.

Related Articles

• High CPU usage while running CentOS as guest on Virtualbox or VMware
• Sticking with CentOS, RPMforge and yum-priorities for now
• YUM-Priorities Configuration for a CentOS Desktop
• Awaiting CentOS 6
• My running dog

Related Articles

• Creative Commons v3.0 Licenses Launched
• Best Practices of Software Licensing
• The importance of regular data backups
• Forking Apache-licensed software on Github and Bitbucket
• Project CodeTRAX discontinued

• Save pages to a reading list to read when you have time.
• Offline reading mode lets you read the items you’ve saved for later on the plane, train, or anywhere without an internet connection.
• Sync your list to all of your computers, at work or home.
• Sync your list to Read It Later apps for iPhone, iPod, iPad, Android and more.
• After reading, bookmark pages on your preferred bookmarking service or share them with friends.
• Click to Save Mode lets you quickly batch a reading list just by clicking on interesting links.
• Text view strips away images, ads, and layout from articles and presents them in an easy to consume way.

Until today I have been keeping content that I wished to read at a later time in the browser’s bookmark system or I left yet another tab open or stored the URL in a text file. This plugin seems that it will provide a decent solution and eliminate the trouble. I haven’t used the remote service yet and I am not sure if I will ever do. The local “read queue” works really well.

Related Articles

• Tab Links extension for the Epiphany browser
• Smart Bookmarks in Epiphany
• Tab Session Management extension for Epiphany
• Size text with em in your CSS – Explained with example
• Bot-Allow-Content WordPress plugin