Brontesaurus Blog

Only about an hour ago it was announced that the droid has been rooted.

Alldroid.org post with download + instructions etc.

Authors Post:

md5sum of initial exploit zip: 94a0c30ea9104c2776d042e760bfd716

URL: http://rapidshare.com/files/318204448/d … t.zip.html (Down now?)
URL2: http://www.4shared.com/file/168496608/8 … -root.html (thanks, blunden)
URL3: http://www.mediafire.com/?ydaqjmditjh (thanks, blunden)
URL4: http://www.multiupload.com/XYPZLK4K22
Also attached in a thread post.

The exploit provides a /system/bin/su from AOSP (that is, you can only use it from adb shell).
Other payloads can be arranged, but I’m too lazy to make them myself.

Provide a decent payload and I will turn it in to an update.zip that the Droid will apply.
Restrictions: The payload zip must be <63k
I can add files already in the official update to it (update-binary).

Some possible install instructions (unconfirmed):

md5sum of the boot partition:
3e49d99b320cf5c20bedf09343c1155c /dev/mtd/mtd2

HOWTO

Download the zip file (see mirrors in posts below)
Rename to “update.zip” and copy to the sdcard

Power off the DROID and power back on while holding the X key
When you see a “/!\” symbol, press both vol+ and camera
Use the onscreen menu to install update.zip

Once installed you will be able to run “su” from your adb shell.

Thursday Chrome OS, Google’s new web only OS, was just released. Basically Google is seeing that 90% of our time on the computer is being spent on the internet. All our email, pictures, music, videos social network, etc are all on the web. In this sense everything else on your computer is bloatware.

Heres a quick video from Google explaining their new lightweight os.

Immediately with the release of a the code, copies began flying around the net. Specifically a virtual disk with the OS built (download) that you can just pop into a new VM on VMWare or Virtualbox and you are up and running. When it boots up you are prompted for your Google account login, after logging in its basically just like chrome. The tabs are a little more customized, and
the rest is just a browser. And thats the thing, its just a browser, its very far from an OS. Chrome “OS” is chrome, on top of a very stripped down ubuntu. In fact thats how you build it, take a copy of Ubuntu 8.04 or later, get all the pre-requisites, build chrome and you are done. It still feels a lot like linux, and you can easily tell it uses GTK for all the gui stuff.

I know this is just a dev build and its the very first source open to the public, but how exactly is Google’s vision going to pan out for this? There are some key things missing here such as being able to change the display resolution. Is the OS going to be useless if you can’t connect to the internet? If you are at all anything like me, you don’t like having all your eggs in one basket, having an offline copy is a must. I think Google gears is going to be a key player into making a local copy of the “cloud”. Though with all these features that a lot of people see that are lacking from chromium, does Google really have any intention of putting these sorta things in? I think a fine line is being walked right here between being simple, and being too simple. Being simple is good, yes. Keep things lightweight, fast, and too the point, but neglecting adding in more features, nobody is going to use it.

Through my continuing investigation of what it appears to be a file descriptor leak in apache, I discovered I am not completely crazy. I ran across some bugs written up against apache regarding file descriptor leaks which really turned me off to apache. I don’t want to mess around with rolling back or upgrading, and php as cgi is kind of messy with apache, etc so I started to look for alternative solutions. That’s when nginx (pronounced engine-x) comes in. Nginx is a very light weight high performance proxy and web server. The other two sites I have hosted here work fine under apache and I wouldn’t want to change them, so ngnix lets me have my cake and eat it to. I serve out wordpress directly from nginx with php fastcgi and I simply have the other two sites proxied to apache via nginx.

So far the I am pretty happy with the results. Here is a graph of number of file descriptors being used over time when all my sites were running under apache:

And here with wordpress running under nginx:

I’ve been monitoring it for around 10 hours or so now and everything seems to be ok throughout continuous use of everything. I haven’t really run into a problem like this before and everybody I talked to didnt seem to really have an idea either. 

Various resources I have found to be very useful:

• http://howtoforge.com/installing-nginx-with-php5-and-mysql-support-on-debian-etch-p2
• http://www.yawn.it/2008/04/30/nginx-php-php-fpm-on-debian-etch-40/
• http://wiki.nginx.org//NginxHttpRewriteModule
• http://lyncd.com/2008/10/running-wordpress-on-nginx/
• http://elasticdog.com/2008/02/howto-install-wordpress-on-nginx/
• http://blog.cantremember.com/wordpress-and-pmwiki-under-nginx/
• http://forum.slicehost.com/comments.php?DiscussionID=1609
• http://articles.slicehost.com/2009/3/11/ubuntu-intrepid-nginx-rails-and-mongrels

I’ts late, about 4am. Browsing around reddit, reading up on what I have missed throughout the day, and I happen to leave a browser tab open with my munin monitoring stuff up. I noticed that it stopped loading (it has an auto-refresh). When I tried to refresh manually it wouldnt load, neither would my blog,  or other sites on this box.

My immediate thought WTF. So I login and take a look. This was over the course of a few minutes or so.

[root@picard etc]# lsof | wc -l
45026
[root@picard etc]# lsof | wc -l
55112
[root@picard etc]# lsof | wc -l
125642
[root@picard etc]# lsof | wc -l
135719
[root@picard etc]# lsof | wc -l
135719
[root@picard etc]# lsof | wc -l
135719
[root@picard etc]# lsof | wc -l
135890

Seriously WTF. How is this possible? I have a limit of 100,000 open files and yet there are 135k open files? I know a lot of these are some sort of “pipe” file descriptors at stated in my previous post, but as some point shouldn’t it free up stale ones or at least stop? I doubled check to make sure I had my numbers straight and they were.

[root@picard etc]# cat /proc/sys/fs/file-max
100000

I also checked my apache logs and iptables denied logs and nothing was going on. It seems like linux is out to get me. Anyways I restart apache, things drop significantly to 1157. I browse around my blog a bit including admin pages, it jumps up to 1507, everything seems back to normal. Then I open up munin and let it sit there for a bit and I see it jumps up to 3233 and taking that the last thing this machine was doing was trying to refresh munin maybe it has to do with that? Well I hope its just munin, I uninstalled it and will continue to see how things pan out.

My adventures of self-managed hosting continues…

A couple of weeks ago I setup iptables on my Slicehost VPS. After a few days of watching it  I was suprised at how many connections were being denied. This machine has only been public for a couple days or so and I only had one domain pointing to it too. Its been a few weeks now and the information I have gathered is pretty interesting, take a look.

Top 10 countries based on number of denied hosts:

Top 10 ports based on number of denied connections:

Here is a mash up I made using the Google Maps API. This representation only shows around 500 of the denied hosts but I think its a good view of where all the connections come from throughout the world. Now to only AJAX‘ify this thing and have a live view of where the denied hosts are coming from in the world.

As an avid linux user, I can relate.

Unfortunately, I had to learn the hard way to start backing up my stuff locally, and backing that up too. On my old web host I had around 10 different websites hosted on there plus some other stuff that violated the TOS… Long story short, my host disabled my account without notice and I just lost many many hours of work and guess what, none of it was backed up.

/facepalm

So after that big fiasco and headache, no matter where something is hosted or how safe and reliable I think my data is, I always set up some sort of remote backup schedule. Since all my sites run on linux, the easiest way to do this is with rsync, crontab, and passwordless ssh.

Rsync:

This is my simple rsync command I use. I know there are some cool more advanced features of rsync like versioning and archiving but I like to keep things simple.

-v : verbose, lists exactly what files are being copied

-u : update,  updates files that have changed

-r : recursive, backs up entire directories

rsync -vur /path/to/backup user@remotehost.com:/path/to/backups

Passwordless ssh

I followed a guide to get passwordless ssh working. It was the most clear, concise, and straight forward tutorial I could find. Something that confused me at first was what machine the “remote host” and what machine the “local host” was. To clarify, the remote host is the host you are trying to log into and the local host is the machine you are trying to setup passwordless ssh on.

Towards the end of the article, the author talks about setting this up so you don’t have to re-enter the id_dsa password and so that passwordless ssh can work in cron and accross multiple sessions.

But I ran into a problem when I was attempting to execute rsync from cron and I was able to get around it with this script that simply sources the .ssh-agent.sh everytime a backup occurs.

#!/bin/bash
 
source ~/.ssh-agent.sh
 
rsync -vur /path/to/backup user@remotehost.com:/path/to/backups

Crontab:

0 3 * * * /path/to/backup.sh > /path/to/backup.log

With this cron job it runs the backup.sh script every night at 3am and outputs stdout to backup.log

This crontab only shows what I do with rsync. I also have have a couple jobs to backup my mysql databases and puts them into one of the folders that are backed up. This can easily be done with mysqldump.

Then then I have my backups backed up to a raid 5 array on my file my file server at home. I am still contemplating whether to backup my local backups to an off site backup service.

-Adam