gmane.org.user-groups.unix.vague

Re: A friend in need...

Paul Flint — 2008-05-14T17:22:13

Dear Stan, Thanks for this idea, I would like to talk to Rick Bragg. For some reason computers and bicycles tend to occupy the same general area of my imagination. Please pass what limited "bona fides" I might posses on to Big Rick. Thanks again and... Kindest Regards, Paul Flint On Wed, 14 May 2008, Stanley Brinkerhoff wrote: /************************************ Based upon email reliability concerns, please send an acknowledgment in response to this note. Paul Flint Barre Open Systems Institute 17 Averill Street Barre, VT 05641 http://www.bosivt.org http://www.flint.com/home skype: flintinfotech Work: (202) 537-0480 Fax: (703) 852-7089 Consilium gratuitum .~. valet /V\ quanti /( )\ numerantur ^^-^^

No good deed goes unpunished

Paul Flint — 2008-05-14T17:20:09

Dear Rubin, You are a GOD! I was heavily engaged in tinapos, and thought it rocked. I could (over) extend it to include this current application, particularly the extensions you mentioned. This is for a non profit (obviously :^) summer activity here in "Scary Barre" if I can pull it off. Thanks and stay tuned... If tragic can be funny this may be hilarious! Regards, Flint On Wed, 14 May 2008, Rubin Bennett wrote: /************************************ Based upon email reliability concerns, please send an acknowledgment in response to this note. Paul Flint Barre Open Systems Institute 17 Averill Street Barre, VT 05641 http://www.bosivt.org http://www.flint.com/home skype: flintinfotech Work: (202) 537-0480 Fax: (703) 852-7089 Consilium gratuitum .~. valet /V\ quanti /( )\ numerantur ^^-^^

Re: A friend in need...

Rubin Bennett — 2008-05-14T15:53:41

Ugh... bad netiquette replying to myself... fifty lashes... Check out OpenBravo POS: http://www.openbravo.com/product/pos/ Openbravo is the new incarnation of TinaPOS, which looked cool and then died a while back. Also when I search Sourceforge, I tend to sort on 'last file' date to weed out projects that have languished on the SF servers for years with no updates. Rubin On Wed, 2008-05-14 at 11:44 -0400, Rubin Bennett wrote:

Re: A friend in need...

Rubin Bennett — 2008-05-14T15:44:08

Not free, but may fit what you're looking for: http://www.merchantos.com/sign-up/ More generic options: http://sourceforge.net/search/?words=point+of +sale&type_of_search=soft&pmode=0&words=%22point+of+sale% 22&Search=Search There are a number of pieces to keep in mind when deploying a point of sale solution: Inventory Sales Registers/ cash drawers Back office functionality Services: How to charge for Tune-ups/ overhauls, etc. Also how to do things that have 'recipes', like changing a flat: Labor rate Plus part(s). My very first network (back in 1995) was a Bicycle shop POS system, back in the bad old days of WFW3.11 and LANTastic (oh, the horror!). I used Checkpoint (a fairly ugly but functional POS system based on FoxPro, and we also used Bike-a-log for cataloging parts and ordering. I was the service manager of the shop and my boss and his wife needed a new network set up in the new, 15,000 square foot store we were building. We had wands for scanning barcodes, barcode printers, 4 registers, a rec

Re: A friend in need...

Stanley Brinkerhoff — 2008-05-14T15:29:28

You might want to talk to Rick Bragg (from gmnet - I think he is on this list.. email me off-list for his address if he doesnt pickup on this). He is doing some work with integrating an ecommerge package with a Bicycle POS system that a friend of his developed. It might be a workable commercial solution, if a commercial solution is on the list of options. Stan On Wed, May 14, 2008 at 10:55 AM, Paul Flint public.gmane.org> wrote:

A friend in need...

Paul Flint — 2008-05-14T14:55:21

Greetings List Lurkers, Does anyone out there have any recommendations for software to operate a Bicycle Rental and Repair store? Some of the requirements include: 1. Standard Point of Sale 2. Rental Form 3. Reservation via web These are notional and I am currently thinking flexibility. Maybe Sugar CRM? Regards, Flint /************************************ Based upon email reliability concerns, please send an acknowledgment in response to this note. Paul Flint Barre Open Systems Institute 17 Averill Street Barre, VT 05641 http://www.bosivt.org http://www.flint.com/home skype: flintinfotech Work: (202) 537-0480 Fax: (703) 852-7089 Consilium gratuitum .~. valet /V\ quanti /( )\ numerantur ^^-^^

Re: Input requested from ruby users

Scott Dellinger — 2008-05-14T14:40:32

Yes. This is approximately equivalent to how Java web applications are usually set up, where Apache talks to the user, proxying connections back and forth with a separate application server. mod_ruby is dead and has lots of issues. If you don't want to deal with Mongrel as an app server, you could try Passenger (), which provides an Apache module that does away with the need for a separate application server. It's quite new (only released a few weeks ago), but has been getting a lot of good press thus far, and is trivial to set up.

Debian/Ubuntu Users: update your OpenSSL packages!

Zack Colgan — 2008-05-13T18:18:22

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To all those using a Debian or Debian-based OS, it was discovered today that a change was made to the Debian openssl package in 2006 that causes the random number generator to be, um, not so random. This predictability has led to the recommendation that all keys using OpenSSL (SSH keys, OpenVPN keys, etc) should be regenerated after updating to a non-vulnerable version of OpenSSL. Read the full advisory here: http://article.gmane.org/gmane.linux.debian.security.announce/1614 - -Zack -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFIKdttjFVdEIeq2ygRAjUrAKCDnbiEvrFeTsLQjbEEjkZgbdHISwCcDs4V J5w9cal7+CsMN/T6WcdUsJ0= =eS64 -----END PGP SIGNATURE-----

Re: Apache Problem

Sue Fritz — 2008-05-11T12:25:13

DOS maybe, certainly looks like it, but I am not convinced. In any event, as soon as I got the IP we blocked it and the problems on the server went away (forgot to mention that part before). The IP is one registered to Comcast and was heading for the hanover website. sue ----- Original Message ----- From: "Rene Churchill" public.gmane.org> To: "Vermont Area Group of Unix Enthusiasts" public.gmane.org>, sue-2uMQh5fYgZauvtTkCOosKA< at >public.gmane.org Sent: Saturday, May 10, 2008 10:15:50 PM GMT -05:00 US/Canada Eastern Subject: Re: Apache Problem Hi Sue, Ok, 408 is a timeout error, which is indicative of a DOS attack. The attacker opens a port on your server and just lets the connection sit there until it times out (default 300 seconds). This ties up a connection for those 300 seconds without requiring the webserver to do anything. Max out the connections and nobody can connect to the webserver. So, first thing is to look up that IP ad

Re: Apache Problem

Rene Churchill — 2008-05-11T02:15:50

Hi Sue, Ok, 408 is a timeout error, which is indicative of a DOS attack. The attacker opens a port on your server and just lets the connection sit there until it times out (default 300 seconds). This ties up a connection for those 300 seconds without requiring the webserver to do anything. Max out the connections and nobody can connect to the webserver. So, first thing is to look up that IP address. If it's from someplace relatively untraceable like Romania, then just block it with your firewall or iptables. If the IP is from someplace you think you'd have a chance to complain about, go ahead and report it. You mentioned http://www.thehanovertheatre.org/. Is the IP address for http://www.thehanovertheatre.org/ where the request is coming from or where it is going to? I doubt it is a problem with the code on the page, otherwise you'd be seeing this problem constantly. Next, edit your httpd.conf file and reduce the Timeout value to something much smaller, like 5 or 10 seconds. http://httpd.apache.or

Re: Apache Problem

Sue Fritz — 2008-05-10T14:49:26

4000 is the default on the Centos5 servers I have installed. That's why I was surprised by the number. This server is Debian, maybe that default is that different? In any event, I agree with you - someone probably put it there for a reason so I would leave it alone until I had a good reason to do otherwise. Not sure I am willing to start trying different settings. This particular server hosts a lot of customers and we will be moving them off to virtualized OpenVZ VE's over the next few months. Since even this incident doesn't really disrupt service that dramatically, I am inclined to just hold tight and keep gathering more information. ----- Original Message ----- From: "Nick Floersch" public.gmane.org> To: VAGUE-Ybm7yGatA9A3r0Ub5QXD9Q< at >public.gmane.org Sent: Thursday, May 8, 2008 6:26:51 PM GMT -05:00 US/Canada Eastern Subject: Re: Apache Problem Sorry for the late reply - I didn't see this when it came in... Honestly, IANAAG - I am not an Apache guru. I remember fro

Re: Apache Problem

Sue Fritz — 2008-05-10T14:36:31

Sorry I dropped off - yesterday Phil and I went to do some work on our rack in Waltham. I am not 100% sure how much you got from Phil - we just recently started testing an anti-spoofing filter on our Postini account and now neither Phil or I are receiving our own posts to this list. I knew this kind of thing would happen, just didn't realize how much stuff out there actually validly spoofs. So, for the sake of filling in the missing pieces on the apache issue. We have been having this issue very intermittently for about 4-5 months. In the past, it would start and go away so fast I couldn't gather any info. We have a huge volume of logs on this server and I wasn't quite sure where to start looking without having the opportunity to get an IP to narrow the search. This time, it lasted long enough for me to do a netstat and find one IP that had over 500 connections open. In the logs, that IP generated an equally large number of timeout errors that look like this.... "-" 408 - "-" "-" The only web activit

Input requested from ruby users

Rion D'Luz — 2008-05-10T14:35:43

Hi Folks: I've been impressed with the look and feel of Typo (i'd heard of it some time ago, but mistakenly believed it was typo3-related). It sure seems like a nice web-app. Being a programming fool, I'd been intending to delve into ruby/rails for some time now and this seems like the impetus to get started. So i went through the install process on my dev box (Egdy), repleat with warts and all. First following the Typo instructions, then going over to http://www.typosphere.org/ when things didnt go as planned, then to rubyforge when gems became problematic. (FWIW, I really like ubuntu as a (laptop) workstation, but not too much as a development env) I'd be happy to share the process I followed to get everything up and running using apt, but suffice it to say that Typo finally installed OK, with only minor inconvenience: rake aborted! no such file to load -- openssl RION: apt-get install libopenssl-ruby and is running on http://localhost:4714/ OK. root 30149 1 0 17:01 ? 00:00:03 /us

Re: Apache Problem

Rene Churchill — 2008-05-08T23:33:36

Sue, Phil, We need to see some snippets of the access_log and error_log logfiles to have a shot at figuring this out. As for the config options you've got, those are pretty good for the vast majority of servers out there. MaxRequestsPerChild is there to prevent memory leaks. Since Apache often load many, many modules written by folks other than the Apache team, they don't have the highest confidence in their garbage collection. So it makes sense to restart the process every once in a while to free up any leaked memory. Don't bother changing it unless you see the Apache processes chewing up more and more memory over time. Since your current problem is too many Apache processes, tweaking MaxRequestsPerChild won't help any. Personally, I expect to see the logfiles showing a lot of unusual HTTP requests, perhaps malformed. Googling the browser string may be of some use. If someone is just opening a connection to port 80 and letting it timeout, then playing with the TimeOut directive may help. Also cons

Re: Apache Problem

Nick Floersch — 2008-05-08T22:26:51

Sorry for the late reply - I didn't see this when it came in... Honestly, IANAAG - I am not an Apache guru. I remember from my UNIX TCP/IP programming course that we discussed the entire worker/thread/pre-spawn model that Apache uses when we talked about writing servers. That said, I haven't examined statistics to know what great numbers are to plug into those settings. However, I would compare what you have to the defaults ... is 100000 a default? I don't know, but if it is, then it may not be a bad choice. If some previous SignalZ admin put that in there, unless it was Matt C. (who is the only SignalZ admin I knew well enough to know to trust his every action), I would research the number and why it was set to that. I personally would play with the numbers, too. Try setting the MaxRequestsPerChild to 100. See what happens. There must be lots of articles on this subject somewhere. What about the MaxKeepAlives and KeepAliveTimeout directives? Or just the Timeout directive? Perhaps another pro

Re: Apache Problem

Nick Floersch — 2008-05-08T22:29:10

Oh... and what version of Apache are we talking? Could this be a bug/exploit that is fixed by an upgrade, or downgrade? ________________________________ From: Vermont Area Group of Unix Enthusiasts [mailto:VAGUE-Ybm7yGatA9A3r0Ub5QXD9Q< at >public.gmane.org] On Behalf Of Sue Fritz Sent: Thursday, May 08, 2008 3:35 PM To: VAGUE-Ybm7yGatA9A3r0Ub5QXD9Q< at >public.gmane.org Subject: Re: Apache Problem Nick, this might be heading me in the right direction. How do you like the looks of these settings from my apache config? StartServers 10 MinSpareServers 5 MaxSpareServers 30 MaxClients 255 MaxRequestsPerChild 100000 I am guessing that the MaxRequestsPerChild might be a little high, ya think? "The MaxRequestsPerChild directive defines the maximum number of page deliveries that each server instance will carry out before closing down and respawning. The whole point of a periodic respawn is to prevent accumulation of eventual memory leaks. " Sue Fritz system admin Signal Advertising ----- Original Message -----

Re: Apache Problem

Nick Floersch — 2008-05-08T22:28:15

It is good to note that you max out at 255 processes and that that is what is set in your Apache config files... I mean, nice to see that the cap is working is all. ________________________________ From: Vermont Area Group of Unix Enthusiasts [mailto:VAGUE-Ybm7yGatA9A3r0Ub5QXD9Q< at >public.gmane.org] On Behalf Of Sue Fritz Sent: Thursday, May 08, 2008 3:35 PM To: VAGUE-Ybm7yGatA9A3r0Ub5QXD9Q< at >public.gmane.org Subject: Re: Apache Problem Nick, this might be heading me in the right direction. How do you like the looks of these settings from my apache config? StartServers 10 MinSpareServers 5 MaxSpareServers 30 MaxClients 255 MaxRequestsPerChild 100000 I am guessing that the MaxRequestsPerChild might be a little high, ya think? "The MaxRequestsPerChild directive defines the maximum number of page deliveries that each server instance will carry out before closing down and respawning. The whole point of a periodic respawn is to prevent accumulation of eventual memory leaks. " Sue Fritz system admin Sign

Re: Apache Problem

Sue Fritz — 2008-05-08T19:34:59

Nick, this might be heading me in the right direction. How do you like the looks of these settings from my apache config? StartServers 10 MinSpareServers 5 MaxSpareServers 30 MaxClients 255 MaxRequestsPerChild 100000 I am guessing that the MaxRequestsPerChild might be a little high, ya think? "The MaxRequestsPerChild directive defines the maximum number of page deliveries that each server instance will carry out before closing down and respawning. The whole point of a periodic respawn is to prevent accumulation of eventual memory leaks. " Sue Fritz system admin Signal Advertising ----- Original Message ----- From: "Nick Floersch" public.gmane.org> To: VAGUE-Ybm7yGatA9A3r0Ub5QXD9Q< at >public.gmane.org Sent: Thursday, May 8, 2008 2:35:17 PM GMT -05:00 US/Canada Eastern Subject: Re: Apache Problem Phil, this is the Apache config stuff I was thinking of. It *might* be helpful only in controlling what your server does with itself when lots of connections start rol

Re: Apache Problem

Rubin Bennett — 2008-05-08T19:20:25

In the meantime (and frankly, probably more elegant by far than what I wrote years ago before this existed...): http://www.wains.be/index.php/2007/03/29/allowing-apachemod_dosevasive-to-use-iptables-through-sudoers/ http://www.zdziarski.com/projects/mod_evasive/ HTH! Rubin On Thu, 2008-05-08 at 14:35 -0400, Nick Floersch wrote:

Re: Apache Problem

Rubin Bennett — 2008-05-08T19:15:22

Even if it's a DDOS, there is high likelihood that there are several hosts (zombies usually) that are working 'together' to flood your server. It would be reasonably trivial to implement a dynamic iptables script to cut those off at the knees as they're happening, and notify you about the attack... (looking for code now... I know I've done this in the past. Now where did I put those bits? ). When/ if I find my script I'll pass it on. Rubin On Thu, 2008-05-08 at 14:35 -0400, Nick Floersch wrote:

Re: Apache Problem

Nick Floersch — 2008-05-08T18:35:17

Phil, this is the Apache config stuff I was thinking of. It *might* be helpful only in controlling what your server does with itself when lots of connections start rolling in. If The 255 limit is eating up memory needed by other servers or processes, you could trim back that limit to allow other stuff to use the resources, for example. Here is an example from my config file: --- snip --- ## ## Server-Pool Size Regulation (MPM specific) ## # prefork MPM # StartServers ......... number of server processes to start # MinSpareServers ...... minimum number of server processes which are kept spare # MaxSpareServers ...... maximum number of server processes which are kept spare # MaxClients ........... maximum number of server processes allowed to start # MaxRequestsPerChild .. maximum number of requests a server process serves StartServers 5 MinSpareServers 5 MaxSpareServers 10 MaxClients 20 MaxRequestsPerChild 0 # pthread MPM # StartServers .........