[volunteers] svlug.com, lists.svlug.org redirect (was: Nameserver)

Rick Moen rick at linuxmafia.com
Thu May 19 03:41:51 PDT 2016


Quoting Daniel Gimpelevich (daniel at gimpelevich.san-francisco.ca.us):

> As I previously stated, www.svlug.com was previously serving up the
> installation-default index.html file <http://www.svlug.com/index.html>
> until I copied the PHP file in question from lists.svlug.org. According
> to the ChangeLog, this was on 5/4.

Your referenced posting was
http://lists.svlug.org/archives/volunteers/2016q2/004786.html , in which
you said:

  If that's so, then please explain why when I point a browser simply at
  <http://lists.svlug.org/>, it happily serves up a PHP file owned by
  _your_ UID. Thank you for leaving it where I was able to grab it and put
  it on the Linode host to serve up Don Marti's <http://www.svlug.com/>,
  which until that point showed only the default-installed document root
  page. Whoops.

At that time, I was so startled (and alarmed!) by the notion of
lists.svlug.org running PHP, and by the (incorrect) suggestion that I
had something to do with that horrific software architecture error, that
I (figuratively) hit the ceiling and completely failed to register your
second and third sentences.

Jesus Jehosaphat Christ, can you imagine how vulnerable that made the
lists.svlug.org host, especially with an antique Apache 1.3.x and after
the whole thing got scooped out of the Via.net host and run on a
non-grsecurity kernel?  All the more credit to you for getting us away
from both Apache 1.3.x and PHP on lists.svlug.org.

Anyway, I infer that browsing http://www.svlug.com/ hit a distro-default
generic HTML page for the simple reason that nobody has historically
given a damn about svlug.com at all -- except to make sure nobody else
could register that domain.  So, that was not a 'Whoops'; it was
deliberate disregard.

Of course, your copying the index.php redirect page from lists.svlug.org
to gruyere has made svlug.com functional in a redirect-to-somewhere
sense, albeit at the cost of giving Jesse something new to bitch about.
;->



Getting back to your site-docs/ChangeLog (gruyere) and
site-docs/RecentChanges[1] (lists.svlug.org) entries:  Ideally, one of
us reading such an entry (including you) should learn enough detail to
be able to reverse your change if necessary.

And you've not been within a country mile of doing that.  Here's a
trivial example:

We 2016-05-07 entry:  

  Removed all world-read/world-write/world-execute permissions below /home.

And what were those permissions?  What files?  We'll never know, because
you made them go away and destroyed the evidence.  Suppose some of those
permissions were useful and necessary.  How would we even know what
changed?  How will we find the missing permissions?  We cannot.

Same entry:

  Edited /etc/lighttpd/lighttpd.conf (see that file).

What did it _use_ to say?  Did you save the original file as 
/etc/ligthtpd/lighttpd.conf.ORIGINAL ?  No, you did not.
Which lines are yours and non-default?  Which lines got removed?
We cannot in any easy way find out, because you made the original
go away and destroyed the evidence

So, please, go back and read each of your ChangeLog and RecentChanges 
entries, and _try_ to make them useful to people who are not Daniel
Gimpelevich, and specifically to people wanting to know _sepcifically_
what you did, and (if necessary) how to undo the changes in question.

Do it now, please.




[1] I've renamed the file from your 'RecentChanges.txt', because we're
not Windows weenies and don't need three-letter filname extensions to
tell us what a file is.





More information about the volunteers mailing list