Hello all,
soon there will be Christmas and we all will eat delicious cookies, watching
the falling snow and kitschy TV-movies, listen to the same old xmas-radio-
songs again and get and give nice presents (if you don't celebrate xmas or
hate it, just eat cookies, ok? ;)) - the best time of year :-).
But before this, the second and last account-extending of the year will
happen. All accounts are going to expire at 1. December. So if you need your
account further, please send an eMail to
ts-accounts200902(a)daniel.baur4.info
before this date. The eMail should contain your login-name in the subject and
in the body. Please do NOT send the eMail to this mailing-list; write a NEW
eMail, DON'T use the answer-function of your eMail-client (because it will
send the eMail to this mailinglist). If you send the eMail to the mailinglist,
you will get the "Can't use his/her eMail-client"-price (and some jokes from
the regulars) and NO extending.
I will send an update-eMail every Sunday which accounts are not extended then,
to get you feedback that I got your eMail and as reminder for others.
The next expire-date will be at 1. June 2010 then.
Sincerly,
DaB.
Hello all,
the debian-security-folks updated php because of some security-problems (if
you like details, I added the report below). The update requires an update and
restart of apache too.
For this reason, I will update and restart php and apache on cassini tonight
(between 1 and 2 o'clock UTC) . The "downtime" of apache should be only a few
minute at maximum. You can see the progress at [1].
Sincerly,
DaB.
[1] https://jira.toolserver.org/browse/MNT-16
--- News for php5 (php-pear php5 php5-cgi php5-cli php5-common php5-curl php5-
gd php5-mysql php5-pgsql) ---
php5 (5.2.6.dfsg.1-1+lenny4) stable-security; urgency=high
* Maximum number of file uploads per request limited
To prevent Denial of Service attacks by exhausting the number of
available temporary file names, the max_file_uploads option
introduced in PHP 5.3.1 has been backported.
Due to the nature of this new option a default limit has been set
to 50, hoping it is sensible enough to not to cause disruptions on
existing services.
The value of this new limit can be changed in the php.ini file.
If you installed the php5-suhosin extension there was a limiting
mechanism in place already. In this case you may want to make sure
the new limit imposed by PHP itself is not smaller than suhosin's.
-- Raphael Geissert <geissert(a)debian.org> Sat, 21 Nov 2009 18:13:48 -0600
--- Changes for php5 (php-pear php5 php5-cgi php5-cli php5-common php5-curl
php5-gd php5-mysql php5-pgsql) ---
php5 (5.2.6.dfsg.1-1+lenny4) stable-security; urgency=high
* CVE-2009-2687: DoS via malformed JPEG images with invalid offset fields
(Closes: #535888)
* CVE-2009-2626: remote memory disclosure via ini_* functions
(Closes: #540605)
* CVE-2009-3292: multiple missing checks processing exif image data
* CVE-2009-3291: improper handling of nul character in CommonName fields
of X509 certificates
* max_file_uploads: prevent, by limiting, temporary files exhaustion DoS
* Add an entry to debian/NEWS about the new per-request file uploads limit
-- Raphael Geissert <geissert(a)debian.org> Sat, 21 Nov 2009 18:28:12 -0600
--
wp-blog.de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
one of the problems we often see on the Toolserver is users accidentally
using too much disk space (for example, broken tools generating 100GB
logfiles). to avoid this happening in the future, we will be bringing
back disk quotas over the next week or two. this will work as follows:
* newly created accounts will get 250MB disk quota
* users currently using less than 200MB will also get 250MB disk quota
* users using more than 200MB will get 1.5x their current usage.
(for example, a user currently using 500MB will get 500 * 1.5 = 750MB
quota).
this is a 'soft' limit; the 'hard' limit will be 2x the soft limit. you
can exceed the soft limit for up to 7 days, which allows people to
temporarily use more disk space if necessary. however, you can never
exceed the hard limit. if the soft limit is exceeded for more than 7
days, you will be unable to use any more space until your use is brought
back under the soft limit.
we recognise that users sometimes need to use more than 250MB of disk
space for legitimate reasons. therefore, if you need more quota than
you have, you may file a request in JIRA (TS project), specifying how
much space you need, and a general description of the purpose (for
example, "storing rendered map tiles"). if, based on the description
above, you think you will need more disk space than the amount you will
be assigned automatically, you should file a request in JIRA now, so
your initial limit is set correctly.
while it's always important to monitor your disk space, and avoid using
space unnecessarily, there is nothing wrong with needing more space than
your current quota allows. please don't feel like you can't run a tool
because it would need more disk space. (however, a tool using 200GB
disk space is probably excessive.)
you will be informed at login time if your disk usage exceeds your soft
or hard quota. you can always check your current usage by running
'quota -v'.
in the past we've had quotas on and off at various times; from now on,
it's likely to be permanent.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAksBleMACgkQIXd7fCuc5vKExwCfSfn1IqwLN6yAOIbArNYXZOpC
AeMAoJMOXlFn/esz226SSjEar3Bz+G3G
=lEwT
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
we need to remount the /home filesystem on the NFS server to change the
filesystem configuration. this will happen at around 2AM UTC, and will
cause 1-2 minutes of outage for the /home filesystem.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAksAO3UACgkQIXd7fCuc5vLm3ACfYUgCaowyGJBEnEar54FncI28
FiQAni6Ofa9dk3wuUFkvQ6rJIFThs4Nl
=eieG
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
here is a list of users using 1GB or more disk space on /home. if you
are on this list, please check if you really need to use this much
space.
72798MB daniel
35143MB sk
17245MB prolineserver
15153MB cmarqu
12103MB dschwen
10760MB saper
9039MB rriver
8983MB cbm
8543MB bryan
8426MB voj
7962MB hippietrail
6936MB werdna
5430MB gmaxwell
4947MB tparscal
4921MB kolossos
3710MB stwalkerster
2976MB darkdadaah
2696MB flacus
2528MB misza13
2266MB mzmcbride
2053MB danny_b
2005MB purodha
1786MB fmaunier
1547MB catrope
1423MB erenrich
1222MB tawker
1161MB joanjoc
1157MB vvv
1064MB magnus
1061MB emijrp
1030MB az1568
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkr/9OIACgkQIXd7fCuc5vIz8ACgwVXmcai4XjAB8G0jRCcQBGMA
7ToAnR+C2arhApjwTTbqc6z5qvLB4Oa9
=Qx/7
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
i am about to move the SGE qmaster to a new host. during the move it
will not be possible to submit jobs using SGE (qsub).
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkr+8YAACgkQIXd7fCuc5vIvowCgolRDQKHts9aXNVvVsuR8sGE3
dXUAn3wHUjK8ZHfR+mxzvfd9MPKH9elE
=oltl
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
we have now moved several services to the new HA cluster, and it appears
to be working as expected. we will therefore be moving the NFS server
for /home from hyacinth to the cluster on the above date. maintenance
will begin at around 1AM UTC, and should last no longer than 3 hours,
during which time the Toolserver will be offline.
the stable server will not be affected by this maintenance.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkr5tJwACgkQIXd7fCuc5vI4yACfSBSfu8qn0iKVMIjm1LHGT6mU
TcoAnitNcQVOuig72J63y6RE7gHzK8r6
=Eu4v
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
hi,
we have now moved LDAP to the HA cluster. as part of the move we
changed the LDAP server software from OpenDS to Sun DSEE. this might
cause odd interactions from 'setpass' or 'passwd'; if you notice any
problems, please file a request in JIRA.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkrzvGQACgkQIXd7fCuc5vI5EACeILDtpw/r6yyag8IidoILP767
88cAoLmKf/M3kwD/t0rxXDmPQ0hiv/4V
=6rUj
-----END PGP SIGNATURE-----