Peter Woods

Web Services : I have been working with the Partner Support and Network Security teams to develop procedures for notifying customers of infected or vulnerable web content. Content monitoring is a new feature of the shared web hosting environment.

Several pre-approved standard changes have been created for the new web environment. RewriteRules and ModSecurity adjustments can now be done with notification at any time.  

The following web services have been load balanced:

• fevs01.its.vanderbilt.edu (its)
• fevs02.its.vanderbilt.edu (vanity domains)
• fevs03.its.vanderbilt.edu (blogs)
• fevs04.its.vanderbilt.edu (studentorgs)
• fesv06.its.vanderbilt.edu (www4)

Each of the load balanced services are being served from two data centers: Hill Center and Stevenson Center.  The content for each server is mirrored between the systems using rsync. Fevs05.its.vanderbilt.edu (www) is the remaining server to be load balanced, and this change is scheduled for Aug 5.

VUnetID Server Replacement: The IDEV team has been working to port the applications from the Solaris server to the new Linux server that I built.  I recently had to port a Perl script from Solaris to Linux.  This involved installing the appropriate  Apache2 modules that are comparable to the Apache1 modules referenced in the script, and recompiling the custom Perl module developed by the IDEV team.  I also modified the script to reference the new Apache2 modules.

System Patches: The AppHosting bastion hosts have been patched.  The updates for JTest1 are in progress, and they will be migrated to JProd1 and Jprod2 if successful.

Monitoring: I have been working with the App Hosting team to ensure that all of the necessary services are monitored in Nagios. We have identified several services that we not monitored, and have submitted the necessary requests to have the work completed.

Operational Tasks:

• I am creating the Weekly AppHosting incident management reports for the App Hosting team to review and add input.
• I replaced the SSL certificate on ldapa and ldapb.
• I have earned my ITIL Foundation Certification.

ITIL Foundation Certification

I periodically startup the Windows beta version of Safari to do some testing, and every once is a while I even check for a new version.  Unfortunately Apple does not include the version on their download page , and the file is simply called SafariSetup.exe.  Apple, please take a hint from the Firefox folks, and put the version on the page an in the filename. BTW, I still can't post to my Wordpress blog using the Safari.

Did you startup your AIM client and find mysterious unknown AIM buddies?  I did.  People have reported WSJ, Prof Gilzot, and others. Who are they?  After a little Google searching, I found this page.  They're AIM Bots.  How did they get there?  I don't know.  Since I didn't add them to my list, I'm assuming that there was a little "inside help" to get them into my buddy list.  Definitely not appreciated…

Today in one of my meetings, I heard that I had given out a WordPress tip to someone that they could not find from Google. What was the tip?  General consensus is that if you have SSL on the the front side of your website, then you need SSL on the backend as well. I have seen several documents on how to setup an HTTPS connection to a WordPress blog, but I haven't searched for how to encrypt the MySQL connection.  Anyway, here's a little fodder for the Googlebot…

Edit the wp-includes/wp-db.php file.  Find this line:

$this->dbh = @mysql_connect($dbhost, $dbuser, $dbpassword);

And modify it to look like this:

$this->dbh = @mysql_connect($dbhost, $dbuser, $dbpassword, true, MYSQL_CLIENT_SSL); 

As an added precaution, when setting up the database access, add "REQUIRE SSL" to the GRANT statement.  This syntax is necessary for any MySQL connections from the ITS SSL web servers.

According to the license agreement, you're not allowed to use Quicktime 7 SDA to make nuclear weapons. See paragraph 9. I've heard that iTunes has a similar clause.