Last week I was contacted by the UoM Computer Club folks telling me they have a slot for the Linuxfest 2013. That was indeed a great news. I didn’t waste any more time & announced the same on LUGM’s mailing list. Secondly, I created a facebook event for LUGM mini-meetup and set the main topic as Linuxfest 2013.
By yesterday afternoon I had some 24 RSVPs on the event page. Yet I guessed not everybody would be able to make it today. So, I sent en email to Pizza Perfect to reserve a table for 15 people. If others show up, we would adjust accordingly. Seems like my guess was kinda right. 16 penguins (including me) showed up. Wohooo! That made a great meetup indeed. So, who were today’s penguins? Yuram (Kurtish), Nitin Mutkawoa, Nirvan, Pawan, Avinash Mayaram, Ajay, Selven, Tisha, Ashley, Nuvin, Adarsh, Neha, Darshini, Nayar, Toshan & me.
I reached Pizza Perfect exactly @ noon (while meetup time was set to 13h00). A few minutes later Yuram, Nirvan, Nitin & Pawan came. Everyone was kinda hungry, so we ordered one large pizza, chips & Nitin asked for a burger. The fun was ON!
Initially we had Internet connection issues. Nirvan & Yuram volunteered to help the Pizza Perfect folks to troubleshoot the same :)
Little by little others showed up. When Selven & Ajay came we started a full discussion about the upcoming Linuxfest 2013. Well, I won’t post the details to spoil the surprise but ideas that popped were awesome. We discussed & assigned who would share certain responsibilities. We also made a draft list of the kinds of presentations that should be happening. Everybody showed enthusiasm. The ladies Neha & Darshini; they got some nice roles as well :) Nirvan helped me by taking notes while the discussion remained ON (along with pizza munching).
Oh! Thinking about where are the ladies? Here they are … but for some weird reason the photo blacked-out (while one of the ladies, Tisha, was left out; couldn’t find her in any of the photos).
Around 16h00 Ajay tossed the topic on Apache configuration. I had completely forgotten about this one, which was in today’s technical discussion. I thought with all the fun talking on Linuxfest everyone would be tired but the penguins were not. In fact, all of them were so eager to have the technical fun on Apache.
Ajay described us a scenario where Apache does not load the PHP module leaving the content of PHP files view-able via the browser. This can expose database related credentials (username, password, hostname etc). To prevent such mishap he advised us to include a condition in httpd.conf that instructs Apache not to give access to files with certain extensions (like .inc) if mod_php isn’t loaded. We could therefore put the sensitive data in .inc files & they won’t be exposed when PHP module fails. Here’s how it goes into the Apache configuration :
<IfModule !mod_php5.c> <Filesmatch "\.inc$> Order allow,deny Deny from all Allow from none </Filesmatch> </IfModule>
We also talked a bit about mod_deflate. In case you have it enabled, put the following for older/buggy browsers :
BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0 no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
Next, Ajay pointed the vulnerabilities when using open_basedir in PHP (more reading here).
Finally, if the meetups gonna be like today’s, I’ll have to remove the word mini from the title :)
Me, having evil ideas brewing in the mind...