coldtobi's blog

• Main
• Archives
• Albums
• Links
• Admin

• Blog and Website [88]
• DSL RAM [2]
• Electronics and Atmel AVR [10]
• fanctrl [3]
• General [8]
• German [1]
• La Fonera [28]
• Lifetype [17]
• Linux / Debian [31]
• Monetizing A Blog [8]
• my 2 cents [19]
• Netzfunde [17]
• Nice Links [1]
• solarpowerlog [1]
• Thecus N2100 [15]
• Tips and Tricks [18]

• Configure lighttp to simulate .htaccess rules (Deny From All)
• WoW Money Laundering?
• Samba: No mount as user.
• Nice Links #1 -- How hardrives works and how they do recovery
• Squirrelmail and lighttpd -- An Installation Guide --
• Link Crosscompiling
• git cheat sheet

• RSS 0.90
• RSS 1.0
• RSS 2.0
• Atom

• Privacy Policy
• Disclosure Policy

Configure lighttp to simulate .htaccess rules (Deny From All)

Unfortunatly, lighhtpd does not support ".htaccess" rules directly. So if you want to use a script targeted for Apache, you have to implement your own rules.

Luckily, the most needed rule is to forbid the serving of a whole directory, the "Deny From All" rule.

This one can be emulated within the lighttpd.con -- but you have to list every affected directory.  A tedious task to find out every .htaccess contianing the rule and then adding the path to the configuration.

But this can be automated:

 (More)

WoW Money Laundering?

Today I want to share you a spam comment which was submitted some days ago. (I modified the comment and removed all external links. SPAM won't pay on this blog)

It seems that WoW has some reached some money laundery scheme, at least with "virtual money." I'm not playing the game, but it could also be that they (gold traders?) Use some victim as money mule to hide traces? Anti-Cheat detection prevention (you know, buying gold is considered cheating). I don't know, but I think it is an interesting development, and it might make sense to use caution. Especially if this is a way to launder real money, this can cause you real trouble (this could send someone to jail, worst case. IANAL! )

 (More)

Samba: No mount as user.

For security reasons (CVE-2009-2948) samba ceases to support setuid mount.cifs. Until at least a proper fix has been generated (saw patches for them, but at least in Debian they are not or defunc (Patches: http://archives.free.net.ph/message/20100326.142523.e959e38d.en.html, details of the problem http://www.samba.org/samba/security/CVE-2009-2948.html )

(IMHO the CVE is valid, but only makes sense in an multi-user enviorment and if you want to store your passwords in some files. Both are false for me. ) 

However, I need a working system. The other option is waiting until upstreams deciding what's better for me -- a security problem not touching my samba usage or no service at all. (Yes, I'm a little upset by this -- hitten cold by this "improvement" and finding out that they indeed choosen a way to "fix" it by disabling the execution at all. When I read the CVE notice from samba, it could also be done to disable the offending "information leaking" command options when run setuid... Well.)

Well *taking deep breath* lets stop ranting:

 (More)

Nice Links #1 -- How hardrives works and how they do recovery

I start a new series: Nice Links: Links I came around and I want to keep / share.

Today: Harddisks low level functionality explained, some types of errors and some approach to repair. (Interesting, but don't try this at home.)

http://www.myharddrivedied.com/presentations_whitepaper.html

I came accross this site, as my laptop's hardrive showed  some read erros in the log, and I wanted to know what the AMNF acrconym is all about. This was the error my drive showed. 

This also reminded me to do backups ;-)

 (More)

Squirrelmail and lighttpd -- An Installation Guide --

Today I installed the squirrel on my Thecus. The horde used before -- even if powerful -- was just to slow to make fun. As friends told me that the squirrel is slick and quick -- as its name suggests. (After installation, I can confirm this)

The squirrel -- is a web interface for accessing your mail, written in PHP. It does -- by default -- needs not to have any database. It can access your mail both by IMAP and by POP3.

As my setup is not the regular "Apache" based one, it might make sense to show how it has to be configured with lighttpd as web server.

Lets start.

 (More)

Link Crosscompiling

In case I port solarpowerlog to arm hardware....

http://pocoproject.org/wiki/index.php/CrossCompiling

git cheat sheet

A Cheat-sheet for not-so-often used or some command I frequently forget....

Some commands you just use too seldom. When you need them, you just thinking how you did it before... So I need a cheat sheet to note these down...