Redesign for Github Pages

_config.yml

@@ -0,0 +1,14 @@
+# Site settings
+title: Gergely Polonkai
+email: gergely@polonkai.eu
+description: "developer, systems engineer and administrator"
+baseurl: ""
+url: "http://gergely.polonkai.eu"
+timezone: Europe/Budapest
+name: Gergely Polonkai
+paginate: 10
+paginate_path: "/blog/page/:num"
+
+# Build settings
+markdown: kramdown
+permalink: pretty

_includes/about.html

@@ -0,0 +1,20 @@
+<p>
+    Gergely Polonkai is a systems engineer of a telco company, and
+    also a freelancer developer.
+</p>
+
+<p>
+    He is learning about different IT subjects since the late
+    1990s. These include web development, application building,
+    systems engineering, IT security and many others. He also dug his
+    nose deeply into free software, dealing with different types of
+    Linux and its applications,
+    while also writing and contributing to some open source projects.
+</p>
+
+<p>
+    On this site he is writing posts about different stuff he faces
+    during work (oh my, yet another IT solutions blog), hoping they
+    can help others with their job, or just to get along with their
+    brand new netbook that shipped with Linux.
+</p>

_includes/blog-post-list.html

@@ -0,0 +1,29 @@
+    <article class="col-sm-5 col-md-6 blog_post">
+        <ul class="list-inline">
+            <li class="col-md-8">
+                <header>
+                    <h4><a href="{{post.url | prepend: site.baseurl}}">{{post.title}}</a></h4>
+                    <div class="pull-left">
+                        <span>Posted by : <a class="link_orange" href="mailto:{{post.author.email}}"><span class="txt_orange">{{post.author.name}}</span></a></span>
+                    </div>
+                    <div class="pull-right">
+                        <span class="post-date">{{post.date | date: "%b %-d, %Y"}}</span>
+                        <span class="post-time">{{post.date | date: "%H:%M" }}</span>
+                    </div>
+                </header>
+                <div class="clearfix"> </div>
+                <p class="blog_text">{{post.excerpt}}</p>
+                <footer>
+                    <p class="article-tags">
+                        Tags:
+{% for tag in post.tags %}
+                        <span class="blog-tag"><a href="{{tag | prepend: '/blog/tag/' | prepend: site.baseurl}}">{{ tag }}</a></span>
+{% endfor %}
+                    </p>
+                </footer>
+            <li>
+        </ul>
+    </article>
+{% if counter == 'even' %}
+    <div class="clearfix"></div>
+{% endif %}

_includes/disqus.html

@@ -0,0 +1,14 @@
+<div id="disqus_thread"></div>
+<script type="text/javascript">
+    var disqus_shortname = 'gergelypolonkai';
+
+    (function() {
+        var dsq = document.createElement('script');
+        dsq.type = 'text/javascript';
+        dsq.async = true;
+        dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
+        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+    })();
+</script>
+<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
+<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>

_includes/head.html

@@ -0,0 +1,14 @@
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <meta name="keywords" content="{{ page.keywords }}">
+        <meta name="description" content="Personal page of Gergely Polonkai">
+        <title>Gergely Polonkai{% if page.title %}: {{ page.title }}{% endif %}</title>
+
+        <link rel="icon" type="image/x-icon" href="{{site_url}}/favicon.ico">
+        <link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic" rel="stylesheet" type="text/css">
+        <link rel="alternate" type="application/rss+xml" title="Gergely Polonkai's Blog - RSS Feed" href="{{site.url}}/blog/atom.xml">
+
+        <link rel="stylesheet" type="text/css" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css">
+
+        <script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
+        <script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>

_includes/header.html

@@ -0,0 +1,44 @@
+            <div class="navbar navbar-inverse">
+                <div class="container-fluid">
+                    <div class="navbar-header">
+                        <button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#gp-navbar">
+                            <span class="icon-bar"></span>
+                            <span class="icon-bar"></span>
+                            <span class="icon-bar"></span>
+                        </button>
+                        <a class="navbar-brand" href="{{site_url}}/"><img src="{{site.baseurl}}/images/profile.svg" alt="Gergely Polonkai" style="background-color: white; height: 45px; margin-top: -13px;"></a>
+                    </div>
+                    <div class="collapse navbar-collapse" id="gp-navbar">
+                        <ul class="nav navbar-nav">
+                            <li><a href="{{site_url}}/about">About me</a></li>
+                            <li><a href="{{site_url}}/blog">Blog</a></li>
+                            <li><a href="{{site_url}}/resume">Resume</a></li>
+                        </ul>
+                        <ul class="nav navbar-nav navbar-right">
+                            <li><a href="{{site_url}}/disclaimer">Disclaimer</a></li>
+                            <li class="dropdown">
+                                <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><span class="glyphicon glyphicon-pencil"></span> Contact me <span class="caret"></span></a>
+                                <ul class="dropdown-menu" role="menu">
+                                    <li><a href="mailto:gergely@polonkai.eu" target="_blank"><img src="{{site_url}}/images/email_16.png" alt="" /> E-mail</a></li>
+                                    <li><a href="http://www.linkedin.com/in/gergelypolonkai" target="_blank"><img src="{{site_url}}/images/linkedin_16.png" alt="" /> LinkedIn</a></li>
+                                    <li><a href="skype:gergely.polonkai" target="_blank"><img src="{{site_url}}/images/skype_16.png" alt="" /> Skype</a></li>
+                                    <li><a href="http://facebook.com/Polesz" target="_blank"><img src="{{site_url}}/images/facebook_16.png" alt="" /> Facebook</a></li>
+                                    <li><a href="https://plus.google.com/+GergelyPolonkai/about" target="_blank"><img src="{{site_url}}/images/google_plus_16.png" alt="" /> Google+</a></li>
+                                    <li><a href="gtalk:chat?jid=gergely@polonkai.eu" target="_blank"><img src="{{site_url}}/images/googletalk_16.png" alt="" /> Hangouts</a></li>
+                                    <li><a href="http://twitter.com/GergelyPolonkai" target="_blank"><img src="{{site_url}}/images/twitter_16.png" alt="" /> Twitter</a></li>
+                                    <li><a href="http://gergelypolonkai.tumblr.com" target="_blank"><img src="{{site_url}}/images/tumblr_16.png" alt="" /> Tumblr</a></li>
+                                    <li><a href="http://gergelypolonkai.deviantart.com" target="_blank"><img src="{{site_url}}/images/deviantart_16.png" alt="" /> deviantArt</a></li>
+                                    <li><a href="{{site_url}}/blog/atom.xml"><img src="{{site_url}}/images/rss_16.png" alt="" /> RSS Feed</a></li>
+                                </ul>
+                            </li>
+                        </ul>
+                    </div>
+                </div>
+            </div>
+
+            <div class="jumbotron">
+                <h1 class="text-right">
+                    Gergely Polonkai<br>
+                    <small>developer, systems engineer and administrator</small>
+                </h1>
+            </div>

_includes/pagination.html

@@ -0,0 +1,17 @@
+<nav>
+    <ul class="pagination">
+        <li{% if paginator.previous_page == null %} class="disabled"{% endif %}>
+            <a href="{{ paginator.previous_page_path | prepend: site.baseurl | replace: '//', '/' }}" aria-label="Previous page">
+                <span aria-hidden="true">&laquo;</span>
+            </a>
+        </li>
+{% for page in (1...paginator.total_pages) %}
+        <li{% if paginator.page == page %} class="active"{% endif %}><a href="{% if page == 1 %}{{ '/blog' | prepend: site.baseurl }}{% else %}{{ site.paginate_path | prepend: site.baseurl | replace: '//', '/' | replace: ':num', page }}{% endif %}">{{ page }}</a></li>
+{% endfor %}
+        <li{% if paginator.next_page == null %} class="disabled"{% endif %}>
+            <a href="{{ paginator.next_page_path | prepend: site.baseurl | replace: '//', '/' }}" aria-label="Next page">
+                <span aria-hidden="true">&raquo;</span>
+            </a>
+        </li>
+    </ul>
+</nav>

_layouts/default.html

@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html>
+    <head>
+{% include head.html %}
+    </head>
+    <body>
+        <div class="container">
+{% include header.html %}
+
+            {{content}}
+
+{% if page.name != 'about.html' %}
+            <div class="well well-sm small">
+                <div class="pull-left"><img src="{{'/images/profile.png' | prepend: site.baseurl}}" alt=""></div>
+{%     include about.html %}
+                <div class="clearfix"></div>
+            </div>
+{% endif %}
+        </div>
+        <script type="text/javascript">
+            $(document).ready(function() {
+                $('#tagcloud-button').click(function() {
+                    $('#tag-cloud').toggle('slow');
+                });
+            });
+
+            (function() {
+                var po = document.createElement('script');
+                po.type = 'text/javascript';
+                po.async = true;
+                po.src = 'https://apis.google.com/js/client:plusone.js?onload=start';
+
+                var s = document.getElementsByTagName('script')[0];
+                s.parentNode.insertBefore(po, s);
+            })();
+
+            (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
+
+            ga('create', 'UA-43569023-1', 'polonkai.eu');
+            ga('send', 'pageview');
+        </script>
+    </body>
+</html>

_layouts/page.html

@@ -0,0 +1,14 @@
+---
+layout: default
+---
+<div class="post">
+
+  <header class="post-header">
+    <h2>{{ page.title }}</h2>
+  </header>
+
+  <article class="post-content">
+  {{ content }}
+  </article>
+
+</div>

_layouts/post.html

@@ -0,0 +1,36 @@
+---
+layout: default
+---
+<div class="post">
+    <header class="post-header">
+        <h3>{{ page.title }} <div class="plusone-container"><div class="g-plusone" data-annotation="inline" data-size="small" data-width="300"></div></div></h3>
+        <p class="meta">{{ page.date | date: "%b %-d, %Y :: %H:%M" }}{% if page.author %} • {{ page.author.name }}{% endif %}{% if page.meta %} • {{ page.meta }}{% endif %}</p>
+    </header>
+
+    <article class="post-content">
+        {{ content }}
+    </article>
+
+    <footer>
+        <p class="article-tags">
+            Tags:
+            {% for tag in page.tags %}
+            <a href="{{tag | prepend: '/blog/tag/' | prepend: site.baseurl}}" class="label label-default">{{ tag }}</a>
+            {% endfor %}
+        </p>
+        <div class="g-plus" data-action="share" data-height="15"></div>
+
+        <nav>
+            <ul class="pager">
+{% if page.previous %}
+                <li><a href="{{page.previous.url | prepend: site.baseurl}}">&larr; {{page.previous.title}}</a></li>
+{% endif %}
+{% if page.next %}
+                <li><a href="{{page.next.url | prepend: site.baseurl}}">{{page.next.title}} &rarr;</a></li>
+{% endif %}
+            </ul>
+        </nav>
+    </footer>
+
+    {% include disqus.html %}
+</div>

_layouts/posts_by_tag.html

@@ -0,0 +1,13 @@
+---
+layout: default
+---
+{{content}}
+<h3>Articles under this tag</h3>
+{% if site.tags[page.tag] %}
+{% for post in site.tags[page.tag] %}
+{% include blog-post-list.html %}
+{% endfor %}
+<div class="clearfix"></div>
+{% else %}
+No posts with this tag.
+{% endif %}

_make_tags.sh

@@ -0,0 +1,31 @@
+#! /bin/sh
+#
+# Find all tags in all posts under _posts, and generate a file for
+# each under blog/tag. Also, if a tag page does not contain the tag:
+# or layout: keywords, the script will include them in the front
+# matter.
+
+for tag in `grep -h ^tags: _posts/* | sed -e 's/^tags:      \[//' -e 's/\]$//' -e 's/, /\n/g' | sort | uniq`
+do
+    tag_file="blog/tag/${tag}.html"
+
+    if [ ! -f $tag_file ]
+    then
+        cat <<EOF > $tag_file
+---
+layout: posts_by_tag
+tag:    $tag
+---
+EOF
+    else
+        if ! grep "^tag:    ${tag}$" $tag_file &> /dev/null
+        then
+            sed -i "0,/---/! s/---/tag:    $tag\\n---/" $tag_file
+        fi
+
+        if ! grep "^layout: " $tag_file &> /dev/null
+        then
+            sed -i "0,/---/! s/---/layout: posts_by_tag\\n---/" $tag_file
+        fi
+    fi
+done

_posts/2011-05-12-ethical-hacking-2011.markdown

@@ -0,0 +1,29 @@
+---
+layout:    post
+title:     "Ethical Hacking 2012"
+date:      2011-05-12 20:54:42+00:00
+tags:      [conference]
+permalink: /blog/2011/5/12/ethical-hacking-2011
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Today I went to the Ethical Hacking conference with my boss. It was my first
+appearance at such conferences, but I hope there will be more. Although we
+just started to redesign our IT security infrastructure with a 90% clear goal,
+it was nice to hear that everything is vulnerable. I was thinking if we should
+sell all our IT equipments, fire all our colleagues (you know, to prevent
+social engineering), and move to the South Americas to herd llamas or sheep,
+so the only danger would be some lurking pumas or jaguars. Or I simply leave
+my old background image on my desktop, from the well-known game, which says:
+Trust is a weakness.
+
+Anyways, the conference was really nice. We heard about the weaknesses of
+Android, Oracle, and even FireWire. They showed some demos about everything,
+exploited some free and commercial software with no problem at all. We have
+seen how much power the virtualisation admin has (although I think it can be
+prevented, but I’m not sure yet). However, in the end, we could see that the
+Cloud is secure (or at least it can be, in a few months or so), so I’m not
+totally pessimistic. See you next time at Hacktivity!

_posts/2011-05-12-gentoo-hardened-desktop-with-gnome-3-round-one.markdown

@@ -0,0 +1,88 @@
+---
+layout:    post
+title:     "Gentoo hardened desktop with GNOME 3 – Round one"
+date:      2011-05-12 20:32:41+00:00
+tags:      [gentoo, gnome3, selinux]
+permalink: /blog/2011/5/12/gentoo-hardened-desktop-with-gnome-3-round-one
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+After having some hard times with Ubuntu (upgrading from 10.10 to 11.04), I
+decided to switch back to my old friend, Gentoo. As I’m currently learning
+about Linux hardening, I decided to use the new SELinux profile, which
+supports the v2 reference policy.
+
+Installation was pretty easy, using the [Gentoo x86
+Handbook](http://www.gentoo.org/doc/hu/handbook/handbook-x86.xml). This profile
+automatically turns on the `USE=selinux` flag (so does the old SELinux
+profile), but deprecated `FEATURE=loadpolicy` (which is turned on by the
+profile, so portage will complain about it until you disable it in
+`/etc/make.conf`).
+
+For the kernel, I chose `hardened-sources-2.6.37-r7`. This seems to be recent
+enough for my security testing needs. I turned on both SELinux, PaX and
+grsecurity. So far, I have no problem with it, but I don’t have X installed
+yet, which will screw up things for sure.
+
+After having those hard times with Ubuntu mentioned before, I decided not to
+install Grub2 yet, as it renders things unusable (eg. my Windows 7
+installation, which I sometimes need at the office). So I installed Grub 0.97
+(this is the only version marked as stable, as I remember), touched
+`/.autorelabel`, and reboot.
+
+My first mistake was using an UUID as the root device on the kernel parameter
+list (I don’t want to list all the small mistakes like forgetting to include to
+correct SATA driver from my kernel and such). Maybe I was lame, but after
+including `/dev/sda5` instead of the UUID thing, it worked like…
+
+Well, charm would not be the good word. For example, I forgot to install the
+lvm2 package, so nothing was mounted except my root partition. After I
+installed it with the install CD, I assumed everything will be all right, but
+I was wrong.
+
+udev and LVM is a critical point in a hardened environment. udev itself
+doesn’t want to work without the `CONFIG_DEVFS_TEMPFS=y` kernel option, so I
+also had to change that. It seemed that it can be done without the install CD,
+as it compiled the kernel with no problems. However, when it reached the point
+when it compresses the kernel with gzip, it stopped with a `Permission denied`
+message (although it was running with root privileges).
+
+The most beautiful thing in the hardened environment with Mandatory Access
+Control enabled) is that root is not a real power user any more by default.
+You can get this kind of messages many times. There are many tools to debug
+these, I will talk about these later.
+
+So, my gzip needed a fix. After digging a bit on the Internet, I found that
+the guilty thing is text relocation, which can be corrected if gzip is
+compiled with PIC enabled. Thus, I turned on `USE=pic` flag globally, and
+tried to remerge gzip. Of course it failed, as it had to use gzip to unpack
+the gzip sources. So it did when I tried to install the PaX tools and gradm to
+turn these checks off. The install CD came to the rescue again, with which I
+successfully recompiled gzip, and with this new gzip, I compressed my new
+kernel, with which udev started successfully. So far, so good, let’s try to
+reboot!
+
+Damn, LVM is still not working. So I decided to finally consult the Gentoo
+hardened guide. It says that the LVM startup scripts under `/lib/rcscripts/…`
+must be modified, so LVM will put its lock files under `/etc/lvm/lock` instead
+of `/dev/.lvm`. After this step and a reboot, LVM worked fine (finally).
+
+The next thing was the file system labelling. SELinux should automatically
+relabel the entire file system at boot time whenever it finds the
+`/.autorelabel` file. Well, in my case it didn’t happen. After checking the
+[Gentoo Hardening](http://wiki.gentoo.org/wiki/Hardened_Gentoo) docs, I realised that the `rlpkg` program does exactly the same
+(as far as I know, it is designed specifically for Gentoo). So I ran `rlpkg`,
+and was kind of shocked. It says it will relabel ext2, ext3, xfs and JFS
+partitions. Oh great, no ext4 support? Well, consulting the forums and adding
+some extra lines to `/etc/portage/package.keywords` solved the problem (`rlpkg`
+and some dependencies had to have the `~x86` keyword set). Thus, `rlpkg`
+relabelled my file systems (I checked some directories with `ls -lZ`, it seemed
+good for me).
+
+Now it seems that everything is working fine, except the tons of audit
+messages. Tomorrow I will check them with `audit2why` or `audit2allow` to see if
+it is related with my SELinux lameness, or with a bug in the policy included
+with Gentoo.

_posts/2011-05-13-zabbix-performance-tip.markdown

@@ -0,0 +1,35 @@
+---
+layout:    post
+title:     "Zabbix performance tip"
+date:      2011-05-13 19:03:31+00:00
+tags:      [zabbix, monitoring]
+permalink: /blog/2011/5/13/zabbix-performance-tip
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Recently I have switched from [MRTG](http://oss.oetiker.ch/mrtg/) + [Cacti](http://www.cacti.net/) + [Nagios](http://www.nagios.org/) + [Gnokii](http://www.gnokii.org/) to [Zabbix](http://www.zabbix.com/), and I
+must say I’m more than satisfied with it. It can do anything the former tools
+did, and much more. First of all, it can do the same monitoring as Nagios did,
+but it does much more fine. It can check several parameters within one
+request, so network traffic is kept down. Also, its web front-end can generate
+any kinds of graphs from the collected data, which took Cacti away. Also, it
+can do SNMP queries (v1-v3), so querying my switches’ port states and traffic
+made easy, taking MRTG out of the picture (I know Cacti can do it either, it
+had historical reasons we had both tools installed). And the best part: it can
+send SMS messages via a GSM modem natively, while Nagios had to use Gnokii.
+The trade-off is, I had to install Zabbix agent on all my monitored machines,
+but I think it worths the price. I even have had to install NRPE to monitor
+some parameters, which can be a pain on Windows hosts, while Zabbix natively
+supports Windows, Linux and Mac OS/X.
+
+So I only had to create a MySQL database (which I already had for NOD32
+central management), and install Zabbix server. Everything went fine, until I
+reached about 1300 monitored parameters. MySQL seemed to be a bit slow on disk
+writes, so my Zabbix “queue” filled up in no time. After reading some forums,
+I decided to switch to PostgreSQL instead. Now it works like charm, even with
+the default Debian settings. However, I will have to add several more
+parameters, and my boss wants as many graphs as you can imagine, so I’m more
+than sure that I will have to fine tune my database later.

_posts/2011-05-18-gentoo-hardened-desktop-with-gnome-3-round-two.markdown

@@ -0,0 +1,29 @@
+---
+layout:    post
+title:     "Gentoo hardened desktop with GNOME 3 – Round two"
+date:      2011-05-18 10:28:14+00:00
+tags:      [gentoo, gnome3, selinux]
+permalink: /blog/2011/5/18/gentoo-hardened-desktop-with-gnome-3-round-two
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+After several hours of `package.keywords`/`package.use` editing and package
+compiling, I managed to install GNOME 3 on my notebook. Well, I mean, the
+GNOME 3 packages. Unfortunately the fglrx driver didn’t seem to recognise my
+ATI Mobility M56P card, and the open source driver didn’t want to give me GLX
+support. When I finally found some clues on what should I do, I had to use my
+notebook for work, so I installed Fedora 14 on it. Then I realised that GNOME
+3 is already included in Rawhide (Fedora 15), so I quickly downloaded and
+installed that instead. Now I have to keep this machine in a working state for
+a few days, so I will learn SELinux stuff in its native environment.
+
+When I installed Fedora 14, the first AVC message popped up after about ten
+minutes. That was a good thing, as I wanted to see `setroubleshoot` in action.
+However, in Fedora 15, the AVC bubbles didn’t show up even after a day. I
+raised my left eyebrow and said that’s impossible, SELinux must be disabled.
+And it’s not! It’s even in enforcing mode! And it works just fine. I like it,
+and I hope I will be able to get the same results with Gentoo if I can get
+back to testing…

_posts/2011-05-27-citrix-xenserver-vs-debian-5-0-upgrade-to-6-0.markdown

@@ -0,0 +1,41 @@
+---
+layout:    post
+title:     "Citrix XenServer 5.5 vs. Debian 5.0 upgrade to 6.0"
+date:      2011-05-27 17:33:41+00:00
+tags:      [citrix-xenserver, debian]
+permalink: /blog/2011/5/27/citrix-xenserver-vs-debian-5-0-upgrade-to-6-0
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Few weeks ago I’ve upgraded two of our Debian based application servers from
+5.0 to 6.0. Everything went fine, as the upgraded packages worked well with
+the 4.2 JBoss instances. For the new kernel we needed a reboot, but as the
+network had to be rebuilt, I postponed this reboot until the network changes.
+With the network, everything went fine again, we successfully migrated our
+mail servers behind a firewall. Also the Xen server (5.5.0, upgrade to 5.6
+still has to wait for a week or so) revolted well with some storage disks
+added. But the application servers remained silent…
+
+After checking the console, I realised that they don’t have an active console.
+And when I tried to manually start them, XenServer refused with a message
+regarding pygrub.
+
+To understand the problem, I had to understand how XenServer boots Debian. It
+reads the grub.conf on the first partition’s root or `/boot` directory, and
+starts the first option, without asking (correct me, if I’m mistaken
+somewhere). However, this pygrub thing can not parse the new, grub2 config.
+This is kinda frustrating.
+
+For the first step, I quickly installed a new Debian 5.0 system from my
+template. Then I attached the disks of the faulty virtual machine, and mounted
+all its partitions. This way I could reach my faulty 6.0 system with a chroot
+shell, from which I could install the `grub-legacy` package instead of grub,
+install the necessary kernel and XenServer tools (which were missing from both
+machines somehow), then halt the rescue system, and start up the original
+instance.
+
+Next week I will do an upgrade on the XenServer to 5.6.1. I hope no such
+problems will occur.

_posts/2011-05-27-oracle-database-incompatible-with-oracle-linux.markdown

@@ -0,0 +1,25 @@
+---
+layout:    post
+title:     "Oracle Database “incompatible” with Oracle Linux?"
+date:      2011-05-27 17:53:31+00:00
+tags:      [linux, oracle]
+permalink: /blog/2011/5/27/oracle-database-incompatible-with-oracle-linux
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Today I gave a shot to install [Oracle
+Linux](http://www.oracle.com/us/technologies/linux/overview/index.html). I thought I could easily install
+an Oracle DBA on it. Well, I was naive.
+
+As only the 5.2 version is supported by XenServer 5.5, I downloaded that
+version of Oracle Linux. Installing it was surprisingly fast and easy, it
+asked almost nothing, and booted without any problems.
+
+After this came the DBA, 10.2, which bloated an error message in my face
+saying that this is an unsupported version of Linux. Bah.
+
+Is it only me, or is it really strange that Oracle doesn’t support their own
+distro?

_posts/2011-06-10-proxy-only-non-existing-files-with-mod-proxy-and-mod-rewrite.markdown

@@ -0,0 +1,30 @@
+---
+layout:    post
+title:     "Proxy only non-existing files with mod_proxy and mod_rewrite"
+date:      2011-06-10 14:20:43+00:00
+tags:      [apache]
+permalink: /blog/2011/6/10/proxy-only-non-existing-files-with-mod-proxy-and-mod-rewrite
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Today I got an interesting task. I had to upload some pdf documents to a site.
+The domain is ours, but we don’t have access to the application server that is
+hosting the page yet. Until we get it in our hands, I did a trick.
+
+I enabled `mod_rewrite`, `mod_proxy` and `mod_proxy_http`, then added the following
+lines to my apache config:
+
+{% highlight apache %}
+RewriteEngine on
+RewriteRule ^/$ http://172.16.72.131:8080/ [QSA,L,P]
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^/(.*) http://172.16.72.131:8080/$1 [QSA,L,P]
+
+Order allow,deny
+Allow from all
+{% endhighlight %}
+
+I’m not totally sure it’s actually secure, but it works for now.

_posts/2011-09-18-inverse-of-sort.markdown

@@ -0,0 +1,30 @@
+---
+layout:    post
+title:     "Inverse of `sort`"
+date:      2011-09-18 14:57:31
+tags:      [linux, command-line]
+permalink: /blog/2011/9/18/inverse-of-sort
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I’m using \*NIX systems for about 14 years now, but it can still show me new
+things. Today I had to generate a bunch of random names. I’ve create a small
+perl script which generates permutations of some usual Hungarian first and
+last names, occasionally prefixing it with a ‘Dr.’ title or using double first
+names. For some reasons I forgot to include uniqueness check in the script.
+When I ran it in the command line, I realized the mistake, so I appended
+`| sort | uniq` to the command line. So I had around 200 unique names, but in
+alphabetical order, which was awful for my final goal. Thus, I tried shell
+commands like rand to create a random order, and when many of my tries failed,
+the idea popped in my mind (not being a native English speaker): “I don’t have
+to create «random order», but «shuffle the list». So I started typing `shu`,
+pressed Tab in the Bash shell, and voilà! `shuf` is the winner, it does just
+exactly what I need:
+
+    **NAME**
+      shuf - generate random permutations
+
+Thank you, Linux Core Utils! :)

_posts/2011-12-11-why-you-should-always-test-your-software-with-production-data.markdown

@@ -0,0 +1,16 @@
+---
+layout:    post
+title:     "Why you should always test your software with production data"
+date:      2011-12-11 12:14:51+00:00
+tags:      [development, testing, ranting]
+permalink: /blog/2011/12/11/why-you-should-always-test-your-software-with-production-data
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I’m writing a software for my company in PHP, using the Symfony 2 framework.
+I’ve finished all the work, created some sample data, it loaded perfectly. Now
+I put the whole thing into production and tried to upload the production data
+into it. Guess what… it didn’t load.

_posts/2012-03-20-php-5-4-released.markdown

@@ -0,0 +1,29 @@
+---
+layout:    post
+title:     "PHP 5.4 released"
+date:      2012-03-20 13:31:12+00:00
+tags:      [php]
+permalink: /blog/2012/3/20/php-5-4-released
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+After a long time of waiting, PHP announced 5.4 release on 1 March (also,
+today they announced that they finally migrate to Git, which is sweet from my
+point of view, but it doesn’t really matter).
+
+About a year ago we became very agressive towards a developer who created our
+internal e-learning system. Their database was very insecure, and they didn’t
+really follow industry standards in many ways. Thus, we forced them to move
+from Windows + Apache 2.0 + PHP 5.2 + MySQL 4.0 to Debian Linux 6.0 + Apache
+2.2 + PHP 5.3 + MySQL 5.1. It was fun (well, from our point of view), as their
+coders… well… they are not so good. The code that ran “smoothly” on the
+old system failed at many points on the new one. So they code and code, and
+write more code. And they still didn’t finish. And now 5.4 is here. Okay, I
+know it will take some time to get into the Debian repositories, but it’s
+here. And they removed `register_globals`, which will kill that funny code again
+at so many points that they will soon get to rewrite the whole code to make it
+work. And I just sit here in my so-much-comfortable chair, and laugh. Am I
+evil?

_posts/2012-03-27-fast-world-fast-updates.markdown

@@ -0,0 +1,34 @@
+---
+layout:    post
+title:     "Fast world, fast updates"
+date:      2012-03-27 06:18:43+00:00
+tags:      [linux]
+permalink: /blog/2012/3/27/fast-world-fast-updates
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+We live in a fast world, that’s for sure. When I first heard about Ubuntu
+Linux and their goals, I was happy: they gave a Debian to everyone, but in
+different clothes. It had fresh software in it, and even they gave support of
+a kind. It was easy to install and use, even if one had no Linux experience
+before. So people liked it. I’ve even installed it on some of my servers
+because of the new package versions that came more often. Thus I got an up to
+date system. However, it had a price. After a while, security updates came
+more and more often, and when I had a new critical update every two or three
+days, I’ve decided to move back to Debian. Fortunately I did this at the time
+of a new release, so I didn’t really loose any features.
+
+After a few years passed, even Debian is heading this very same way. But as I
+see, the cause is not the same. It seems that upstream software is hitting
+these bugs, and even the Debian guys don’t have the time to check for them. At
+the time of a GNOME version bump (yes, GNOME 3 is a really big one for the
+UN\*X-like OSes), when hundreds of packages need to be checked, security bugs
+show off more often. On the other hand however, Debian is releasing a new
+security update every day (I had one on each of the last three days). This, of
+course, is good from one point of view as we get a system that is more secure,
+but most administrators don’t have maintenance windows this often. I can think
+of some alternatives like Fedora, but do I really have to change? Dear fellow
+developers, please code more carefully instead!

_posts/2012-06-14-wordpress-madness.markdown

@@ -0,0 +1,28 @@
+---
+layout:    post
+title:     "Wordpress madness"
+date:      2012-06-14 06:40:12+00:00
+tags:      [wordpress, ranting]
+permalink: /blog/2012/6/14/wordpress-madness
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I’m a bit fed up that I had to install [MySQL](http://www.mysql.com/) on my
+server to have [Wordpress](http://wordpress.org/) working, so I’ve Googled a
+bit to find a solution for my pain. I found this:
+[http://codex.wordpress.org/Using_Alternative_Databases]. I don’t know when
+this post was written, but I think it’s a bit out of date. I mean come on, PDO
+is the part of PHP for ages now, and they say adding a DBAL to the dependencies
+would be a project as large as (or larger than) WP itself. Well,
+yes, but PHP is already a dependency, isn’t it? Remove it guys, it’s too
+large!
+
+Okay, to be serious… Having a heavily MySQL dependent codebase is a bad
+thing in my opinion, and changing it is no easy task. But once it is done, it
+would be a child’s play to keep it up to date, and to port WP to other
+database backends. And it would be more than enough to call it 4.0, and
+raising version numbers fast is a must nowadays (right, Firefox and Linux
+Kernel guys?)

_posts/2012-06-18-ssh-login-failed-on-red-hat-enterprise-linux-6-2.markdown

@@ -0,0 +1,28 @@
+---
+layout:    post
+title:     "SSH login FAILed on Red Had Enterprise Linux 6.2"
+date:      2012-06-18 18:28:45+00:00
+tags:      [linux, selinux, ssh, red-hat]
+permalink: /blog/2012/6/18/ssh-login-failed-on-red-hat-enterprise-linux-6-2
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Now this was a mistake I should not have done…
+
+About a month ago I have moved my AWS EC2 machine from Amazon Linux to RHEL
+6.2. This was good. I have moved all my files and stuff, recreated my own
+user, everything was just fine. Then I copied my
+[gitosis](https://github.com/tv42/gitosis) account (user `git` and its home
+directory). Then I tried to log in. It failed. I was blaming OpenSSH for a week
+or so, changed the config file in several ways, tried to change the permissions
+on `~git/.ssh/*`, but still nothing. Permission were denied, I was unable to
+push any of my development changes. Now after a long time of trying, I
+coincidently `tail -f`-ed `/var/log/audit/audit.log` (wanted to open `auth.log`
+instead) and that was my first good point. It told me that `sshd` was unable to
+read `~git/.ssh/authorized_keys`, which gave me the idea to run `restorecon` on
+`/home/git`. It solved the problem.
+
+All hail SELinux and RBAC!

_posts/2012-06-22-upgrades-requiring-a-reboot-on-linux-at-last.markdown

@@ -0,0 +1,35 @@
+---
+layout:    post
+title:     "Upgrades requiring a reboot on Linux? At last!"
+date:      2012-06-22 20:04:51+00:00
+tags:      [linux]
+permalink: /blog/2012/6/22/upgrades-requiring-a-reboot-on-linux-at-last
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I’ve recently received an article on Google+ about Fedora’s new idea: package
+upgrades that require a reboot. The article said that Linux guys have lost
+their primary adoo: “Haha! I don’t have to reboot my system to install system
+upgrades!” My answer was always this: “Well, actually you should…”
+
+I think this can be a great idea if distros implement it well. PackageKit was
+a good first step on this road. That software could easily solve such an
+issue. However, it is sooo easy to do it wrong. The kernel, of course, can not
+be upgraded online (or could it be? I have some theories on this subject,
+wonder if it can be implemented…), but other packages are much different.
+From the users’ point of view the best would be if the packages would be
+upgraded in the background seemlessly. E.g. PackageKit should check if the
+given executable is running. If not, it should upgrade it, while notifying the
+user like “Hey dude, don’t start Anjuta now, I’m upgrading it!”, or simply
+denying to start it. Libraries are a bit different, as PackageKit should check
+if any running executables are using the library. Meanwhile, PK should also
+keep a notification somewhere telling the users that some packages could be
+upgraded, but without stopping this-and-that, it can not be done.
+
+I know these things are easier said than done. But I think (a) users should
+tell such ideas to the developers and (b) developers (mostly large companies,
+like Microsoft or Apple) should listen to them, and at least think of these
+ideas. Some users are not as stupid as they think…

_posts/2012-09-05-some-thoughts-about-that-dead-linux-desktop.markdown

@@ -0,0 +1,80 @@
+---
+layout:    post
+title:     "Some thoughts about that dead Linux Desktop"
+date:      2012-09-05 09:01:31+00:00
+tags:      [linux]
+permalink: /blog/2012/9/5/some-thoughts-about-that-dead-linux-desktop
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+There were some arguments in the near past on [What Killed the Linux
+Desktop](http://tirania.org/blog/archive/2012/Aug-29.html). After reading many
+replies, like [Linus
+Torvalds’](http://www.zdnet.com/linus-torvalds-on-the-linux-desktops-popularity-problems-7000003641/),
+I have my own thoughts, too.
+
+I know my place in the world, especially in the online community. I’m a Linux
+user for about 15 years and a Linux administrator for 10 years now, beginning
+with WindowMaker and something that I remember as GNOME without a version
+number. I have committed some minor code chunks and translations in some minor
+projects, so I’m not really into it from the “write” side (well, until now,
+since I have began to write this blog, and much more, but don’t give a penny
+for my words until you see it).
+
+I’m using Linux since 2.2 and GNOME since 1.whatever. It’s nice that a program
+compiled years ago still runs on today’s Linux kernel, especially if you see
+old DOS/Windows software failing to start on a new Windows 7 machine. I
+understand Linus’ point that breaking external APIs is bad, and I think it can
+work well on the kernel’s level. But the desktop level is much different. As
+the Linux Desktop has such competitors (like OS/X and Windows’ Aero and Metro),
+they have to give something new to the users almost every year to keep up with
+them. Eye candies are a must (yes, of course my techy fellows, they are
+worthless, but users *need* it), and they can not be created without extending
+APIs. And the old API… well, it fades away fast. I don’t really understand
+however, why they have to totally disappear, like
+[GTK_DIALOG_NO_SEPARATOR](http://developer.gnome.org/gtk/stable/GtkDialog.html#GtkDialogFlags)
+in Gtk3. It could be replaced with a 0 value (e.g: it won’t do anything). This
+way my old Gtk2 program could compile with Gtk3 nicely. Also, there could be a
+small software that goes through your source code and warn you about such
+deprecated (and no-doer but still working) things. Porting applications between
+Gtk (and thus, GNOME) versions became a real pain, which makes less enthusiast
+programmers stop developing for Linux. Since I’m a GNOME guy for years, I can
+tell nothing about Qt and KDE, but for the GNOME guys, this is a bad thing. As
+of alternatives, there is Java. No, wait… it turned out recently that [it has
+several security
+bugs](http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java).
+Also it’s not that multiplatform as they say (I can’t find the article on
+that at the moment, but I have proof). Also, the JVMs out there eat up so much
+resources, which makes it a bit hard and expensive to use.
+
+Also, I see another problem: those blasted package managers. RPM, DPKG,
+Portage, whatever. What the hell? Why are there so many? Why do developers
+reinvent the wheel? The nave is too small or there are to few spokes? Come on…
+we live in an open source world! Contribute to the one and only package manager
+(which one is that I don’t actually care)! I’m sure the two (three, many)
+bunches of develoeprs could make a deal. Thus, it could become better and
+“outsider” companies would be happier to distribute their software for Linux
+platforms.
+
+And now that we get to the big companies. I don’t really understand them.
+nVidia and ATI made their own closed source drivers for Linux. Some other
+hardware vendors also write Linux drivers, and as the kernel API doesn’t really
+change, they will work for a long time. But what about desktop
+application vendors? Well, they try to stick to a desktop environment or two,
+and if they change too frequently, they stop developing for Linux, like Skype
+did (OK, maybe Skype has other reasons, but you see my point). But why? The
+main part for Linux programs is the Linux kernel and the basic userland like
+libc/stdlib++. If you write graphical software, it will have to use X-Windows.
+Yes, it’s much different in many ways, mostly because they have a… well… pretty
+ugly design by default. But still, it’s the same on every Linux distributions,
+as it became somewhat an industry standard, as it was already on the market
+back in the old UN\*X days. The protocol itself changed just like the Linux
+kernel: almost no change at all, just some new features.
+
+So what kills the Linux desktop in my opinion is these constant wars inside,
+and the lack of support from the outside. Open Source is good, but until these
+(mostly the first) problems are not resolved, Linux Desktop can do nothing on
+the market. It’s a downward spiral hard to escape.

_posts/2012-09-07-how-to-start-becoming-a-web-developer.markdown

@@ -0,0 +1,76 @@
+---
+layout:    post
+title:     "How to start becoming a web developer"
+date:      2012-09-07 18:12:12+00:00
+tags:      [development, technology]
+permalink: /blog/2012/9/7/how-to-start-becoming-a-web-developer
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+A friend of mine asked me today how to become a web developer. It took me a
+while, but I made up a checklist. It’s short, but it’s enough for the first
+steps.
+
+####  First of all, learn English
+
+Well, if you read this, maybe this was a bad first point…
+
+####  Choose a language and stick to it!
+
+For the UN\*X/Linux line, there is PHP. It’s free, easy to learn, and has many
+free tools and documentations available. It can be used in a functional or an
+object-oriented way.
+
+C# is another good way to start, but for the Windows line. It’s fully object-
+oriented, and the web is full of tutorials, how-tos and other resources.
+
+####  Learn the basics of the system you are working on
+
+To become a good developer, learn at least the basics of the system you are
+working on. Basic commands can always come in handy. Debugging (yes, you will
+do tons of bugs for sure) can become much easier if you know the huge set of
+tools provided by your OS. You should also try to develop in the chosen
+environment. Chose PHP? Get a Linux desktop! ASP.NET? Get a Windows.
+Everything will be much easier!
+
+####  Learn the basics of the web server you are using
+
+PHP can run on [Apache](http://httpd.apache.org/) (as a module), or any
+CGI-capable webserver, like [lighttpd](http://www.lighttpd.net/) or
+[nginx](http://nginx.org/) (well, it can also run on IIS, but trust me: you
+don’t want that). ASP.NET is designed for IIS, and although some scripts can
+be run under a mono-capable server, it should still stay there.
+
+Whichever you choose, learn the basics! How to start and stop the service,
+basic configuration methods, modules/extensions, and so on. It’s more than sure
+that you will face some issues while developing, so it can never hurt.
+
+####  Keep your versions under control
+
+Version control is critical nowadays. It gives you a basic backup solution,
+can come in handy with debugging, and if you ever want to work in a team, you
+will badly need it.
+
+Subversion is a bit out of date now, and it’s kind of hard to set up.
+
+Git is no easy. You will have to learn a lot of stuff, but basicly it’s just
+another version control system. Just choose if you want to stick to
+merge-then-commit or rebase-then-commit, get a client, and get on the run.
+
+Microsoft’s Team Foundation is another good way if you are working in a team.
+It provides several other features besides version controlling, and is well
+integrated into Visual Studio, which is highly recommended for Windows based
+development.
+
+####  Choose an environment to work in
+
+There are so many good tools out there. You should choose according to the
+language and OS on what you are working on. [Zend
+Studio](http://www.zend.com/en/products/studio) or
+[Netbeans](https://netbeans.org/) are both good tools for PHP development,
+while [Visual Studio](http://www.visualstudio.com/) is a best buy for Windows
+development. Both of these have many ups and downs, but once you get in touch
+with their deeper parts, you will like them.

_posts/2012-09-10-do-not-track-in-ie10-vs-apache.markdown

@@ -0,0 +1,19 @@
+---
+layout:    post
+title:     "Do-Not-Track in IE10 vs. Apache"
+date:      2012-09-10 20:22:32+00:00
+tags:      [apache, technology]
+permalink: /blog/2012/9/10/do-not-track-in-ie10-vs-apache
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+[Apache developer decided not to accept Do-Not-Track headers from IE10
+users](http://arstechnica.com/security/2012/09/apache-webserver-updated-to-ignore-do-not-track-settings-in-ie-10/),
+because it’s enabled by default. So… if I install a plugin that hides the
+fact from the web server that I’m using IE10, I become eligible of using
+it. But if I do this, I simply became eligible because I consciously installed
+that addon, so I could actually use it without hiding the fact. Sorry if
+I’m a bit Philosoraptorish…

_posts/2012-09-16-symfony-2-create-role-and-class-based-acls-with-your-roles-coming-from-the-orm.markdown

@@ -0,0 +1,78 @@
+---
+layout:    post
+title:     "Symfony 2 – Create role- and class-based ACLs with your roles coming from the ORM"
+date:      2012-09-16 18:39:25+00:00
+tags:      [php, symfony]
+permalink: /blog/2012/9/16/symfony-2-create-role-and-class-based-acls-with-your-roles-coming-from-the-orm
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+During the last weeks I had some serious issues with one of my private Symfony
+2 projects. One of my goals was to create a dynamic security system, e.g my
+administrators wanted to create roles, and grant these roles access to
+different object types (classes) and/or objects.
+
+So I have created a `User` entity, which implements `UserInterface` and
+`AdvancedUserInterface`, the latter for the possibility to enable/disable
+accounts and such. It had a `$roles` property, which was a `ManyToMany` relation
+to the `Role` entity, which implemented `RoleInterface`. Also I have created my
+own role hierarchy service that implements `RoleHierarchyInterface`.
+
+So far so good, first tests. It soon turned out that if `User::getRoles()`
+returns a `DoctrineCollection` as it does by default, then the standard
+
+{% highlight php %}
+$this->get('security.context')->isGranted('ROLE_ADMIN');
+{% endhighlight %}
+
+doesn’t work. I know, it should not be hard coded, as my roles and permission
+tables are dynamic, I have just tested. So I fixed my `User` entity so
+`getRoles()` returns an array of `Role` objects instead of the
+`DoctrineCollection`. Also I implemented a `getRolesCollection()` method to
+return the original collection, but I think it will never be used.
+
+After that, I had to implement some more features so I put this task away.
+Then, I tried to create my first ACL.
+
+{% highlight php %}
+$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
+$objectIdentity = new ObjectIdentity('newsClass', 'Acme\\DemoBundle\\Entity\\News');
+$acl = $aclProvider->createAcl($objectIdentity);
+
+$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
+$aclProvider->updateAcl($acl);
+{% endhighlight %}
+
+I was about to check if the user who is logged in has an `OWNER` permission on
+the `User` class.
+
+{% highlight php %}
+$this->objectIdentity = new ObjectIdentity(self::OBJECT_ID, self::OBJECT_FQCN);
+if ($this->securityContext->isGranted('OWNER', $this->objectIdentity) === false) {
+    throw new AccessDeniedException('You don’t have the required permissions!');
+}
+{% endhighlight %}
+
+The ACL was defined based on a role, so everyone who had the `ROLE_ADMIN` role
+should gain access to the user listing page. But they didn’t. It took several
+weeks to find the cause, I have put it on
+[stackoverflow](http://stackoverflow.com/questions/12057795/symfony-2-1-this-getsecurity-context-isgrantedrole-admin-returns-fa)
+and the Symfony Google Group, but no usable answers.
+
+Then I went off for debugging. Setting up NetBeans for xdebug-based PHP
+debugging was real fun under Fedora, but that’s another story. After a while I
+have found that Symfony’s basic access decision manager checks for
+`$role->getRole()` only if `$role` is an instance of
+`Symfony\Component\Security\Core\Role\Role`, instead of checking if the object
+implements `Symfony\Component\Security\Core\Role\RoleInterface`. So I’ve
+checked if the bug is already reported. It turned out that it was, and my
+solution was available in a specific commit about a year ago, but as [Johannes
+Schmitt commented, it would introduce a security
+issue](https://github.com/symfony/symfony/commit/af70ac8d777873c49347ac828a817a400006cbea),
+so it was reverted. Unfortunately neither Johannes Schmitt, nor Fabien
+Potencier (nor anyone else) could (or wanted) to tell about this issue. So the
+final (and somewhat hack-like) solution was to extend
+`Symfony\Component\Security\Core\Role\Role`. And boom! It worked.

_posts/2012-10-07-smsgateway-and-smssender.markdown

@@ -0,0 +1,25 @@
+---
+layout:    post
+title:     "SmsGateway and SmsSender"
+date:      2012-10-07 00:10:26+00:00
+tags:      [development, php, symfony]
+permalink: /blog/2012/10/7/smsgateway-and-smssender
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I have just uploaded my SmsGateway, SmsSender and SmsSenderBundle packages to
+[GitHub](http://github.com/gergelypolonkai) and
+[Packagist](http://packagist.org). I hope some of you will find it useful.
+
+* SmsGateway
+  * [GitHub](https://github.com/gergelypolonkai/smsgateway)
+  * [Packagist](https://packagist.org/packages/gergelypolonkai/smsgateway)
+* SmsSender
+  * [GitHub](https://github.com/gergelypolonkai/smssender)
+  * [Packagist](https://packagist.org/packages/gergelypolonkai/smssender)
+* SmsSenderBundle
+  * [GitHub](https://github.com/gergelypolonkai/smssender-bundle)
+  * [Packagist](https://packagist.org/packages/gergelypolonkai/smssender-bundle)

_posts/2012-10-13-changing-the-session-cookie-s-name-in-symfony-2.markdown

@@ -0,0 +1,26 @@
+---
+layout:    post
+title:     "Changing the session cookie’s name in Symfony 2"
+date:      2012-10-13 12:49:28+00:00
+tags:      [symfony, development]
+permalink: /blog/2012/10/13/changing-the-session-cookie-s-name-in-symfony-2
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I have a development server, on which I have several Symfony 2.x projects under
+the same hostname in different directories. Now I’m facing a funny problem
+which is caused by that the cookies Symfony places for each of my projects have
+the same name.
+
+To change this, you will have to modify the `config.yml` file like this:
+
+{% highlight yaml %}
+session:
+    name: SiteSpecificSessionName
+    lifetime: 3600
+{% endhighlight %}
+
+I hope it helps some of you.

_posts/2012-12-20-symfony-2-configuration-array-of-associative-arrays.markdown

@@ -0,0 +1,56 @@
+---
+layout:    post
+title:     "Symfony 2 Configuration – Array of associative arrays"
+date:      2012-12-20 12:03:23+00:00
+tags:      [php, symfony]
+permalink: /blog/2012/12/20/symfony-2-configuration-array-of-associative-arrays
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Few days ago I have struggled with a problem using Symfony2 configuration. I
+wanted to add the following kind of configuration to `config.yml`:
+
+{% highlight yaml %}
+acme_demo:
+    transitions:
+        - { hc_cba: 180 }
+        - { cba_hc: -1 }
+{% endhighlight %}
+
+The problem was that the stuff under `transitions` is dynamic, so those
+`hc_cba` and `cba_hc` tags can be pretty much anything. After hitting many
+errors, I came to the solution:
+
+{% highlight php %}
+<?php
+$rootNode
+    ->children()
+        ->arrayNode('state_machine')
+            ->requiresAtLeastOneElement()
+            ->beforeNormalization()
+                ->ifArray()
+                    ->then(function($values) {
+                        $ret = array();
+
+                        foreach ($values as $value) {
+                            foreach ($value as $transition => $time) {
+                                $ret[] = array('transition' => $transition, 'time' => e);
+                            }
+                        }
+
+                        return $ret;
+                    })
+                ->end()
+                ->prototype('array')
+                ->children()
+                    ->scalarNode('transition')->end()
+                    ->scalarNode('time')->end()
+                ->end()
+            ->end()
+        ->end()
+    ->end()
+;
+{% endhighlight %}

_posts/2013-01-05-development-man-pages-on-fedora.markdown

@@ -0,0 +1,14 @@
+---
+layout:    post
+title:     "Development man pages on Fedora"
+date:      2013-01-05 18:20:41+00:00
+tags:      [development, fedora]
+permalink: /blog/2013/1/5/development-man-pages-on-fedora
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+If you use Fedora (like me), and can’t find the development manual pages for
+e.g. `printf(3)` (like me), just `yum install man-pages` (like me).

_posts/2013-01-06-registering-an-enum-type-in-glib-s-type-system.markdown

@@ -0,0 +1,99 @@
+---
+layout:    post
+title:     "Registering an enum type in GLib’s type system"
+date:      2013-01-06 02:34:03+00:00
+tags:      [c, development, glib]
+permalink: /blog/2013/1/6/registering-an-enum-type-in-glib-s-type-system
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I faced a problem in my [GLib](https://developer.gnome.org/glib/) self-teaching
+project, [wMUD](https://github.com/gergelypolonkai/wmud) today. I wanted to
+register a signal for a `GObject`, whose handler should accept two `enum`
+parameters for which I had to register a new `GEnum` type in the `GObject` type
+system. However, the [documentation on this
+feature](https://developer.gnome.org/gobject/unstable/gtype-non-instantiable.html)
+(thanks for pointing out goes to hashem on `#gnome-hackers`) is not… uhm…
+obvious. Making the long story short, I have checked with the `GIO` sources for
+an example, and using that, I have created this small, working chunk:
+
+{% highlight c %}
+#ifndef __WMUD_CLIENT_STATE_H__
+#define __WMUD_CLIENT_STATE_H__
+
+#include <glib-object.h>
+
+/**
+ * WmudClientState:
+ * @WMUD_CLIENT_STATE_FRESH: Client is newly connected. Waiting for a login
+ *     player name
+ * @WMUD_CLIENT_STATE_PASSWAIT: Login player name is entered, waiting for a
+ *     login password
+ * @WMUD_CLIENT_STATE_MENU: Authentication was successful, player is now in the
+ *     main game menu
+ * @WMUD_CLIENT_STATE_INGAME: Character login was successful, player is now
+ *     in-game
+ * @WMUD_CLIENT_STATE_YESNO: Player was asked a yes/no question, and we are
+ *     waiting for the answer. client.yesNoCallback MUST be set at this point!
+ *     TODO: if wmudClient had a prevState field, and there would be some hooks
+ *     that are called before and after the client enters a new state, this
+ *     could be a three-state stuff, in which the player can enter e.g ? as
+ *     the answer, so they would be presented with the question again.
+ * @WMUD_CLIENT_STATE_REGISTERING: Registering a new player. Waiting for the
+ *     e-mail address to be given
+ * @WMUD_CLIENT_STATE_REGEMAIL_CONFIRM: E-mail address entered séms valid,
+ *     waiting for confirmation
+ *
+ * Game client states.
+ */
+typedef enum {
+	WMUD_CLIENT_STATE_FRESH,
+	WMUD_CLIENT_STATE_PASSWAIT,
+	WMUD_CLIENT_STATE_MENU,
+	WMUD_CLIENT_STATE_INGAME,
+	WMUD_CLIENT_STATE_YESNO,
+	WMUD_CLIENT_STATE_REGISTERING,
+	WMUD_CLIENT_STATE_REGEMAIL_CONFIRM
+} WmudClientState;
+
+
+GType wmud_client_state_get_type (void) G_GNUC_CONST;
+#define WMUD_TYPE_CLIENT_STATE (wmud_client_state_get_type())
+
+#endif /* __WMUD_CLIENT_STATE_H__ */
+{% endhighlight %}
+
+{% highlight c %}
+#include "wmudclientstate.h"
+
+GType
+wmud_client_state_get_type (void)
+{
+	static volatile gsize g_define_type_id__volatile = 0;
+
+	if (g_once_init_enter(&g_define_type_id__volatile)) {
+		static const GEnumValue values[] = {
+			{ WMUD_CLIENT_STATE_FRESH,            "WMUD_CLIENT_STATE_FRESH",            "fresh"            },
+			{ WMUD_CLIENT_STATE_PASSWAIT,         "WMUD_CLIENT_STATE_PASSWAIT",         "passwait"         },
+			{ WMUD_CLIENT_STATE_MENU,             "WMUD_CLIENT_STATE_MENU",             "menu"             },
+			{ WMUD_CLIENT_STATE_INGAME,           "WMUD_CLIENT_STATE_INGAME",           "ingame"           },
+			{ WMUD_CLIENT_STATE_YESNO,            "WMUD_CLIENT_STATE_YESNO",            "yesno"            },
+			{ WMUD_CLIENT_STATE_REGISTERING,      "WMUD_CLIENT_STATE_REGISTERING",      "registering"      },
+			{ WMUD_CLIENT_STATE_REGEMAIL_CONFIRM, "WMUD_CLIENT_STATE_REGEMAIL_CONFIRM", "regemail-confirm" },
+			{ 0,                                  NULL,                                 NULL }
+		};
+		GType g_define_type_id = g_enum_register_static(g_intern_static_string("WmudClientState"), values);
+		g_once_init_leave(&g_define_type_id__volatile, g_define_type_id);
+	}
+
+	return g_define_type_id__volatile;
+}
+{% endhighlight %}
+
+Still, it can be made more perfect by using the
+[glib-mkenums](http://developer.gnome.org/gobject/stable/glib-mkenums.html)
+tool. I will read through the GLib Makefiles tomorrow for some hints on
+this.

_posts/2013-01-14-git-rm-cached-madness.markdown

@@ -0,0 +1,17 @@
+---
+layout:    post
+title:     "git rm --cached madness"
+date:      2013-01-14 21:38:00+00:00
+tags:      [development, git]
+permalink: /blog/2013/1/14/git-rm-cached-madness
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I have recently learned about `git rm --cached`. It’s a very good tool, as it
+removes a file from tracking, without removing your local copy of it. However,
+be warned that if you use `git pull` in another working copy, the file will be
+removed from there! If you accidentally put the configuration of a production
+project, and remove it on your dev machine, it can cause a lot of trouble ;)

_posts/2013-01-17-jms-diextrabundle-s-greppatternfinder-grep-exits-with-status-code-2-on-fedora-18.markdown

@@ -0,0 +1,52 @@
+---
+layout:    post
+title:     "JMS\\DiExtraBundle’s GrepPatternFinder – grep exits with status code 2 on Fedora 18"
+date:      2013-01-17 00:32:12+00:00
+tags:      [fedora, selinux, symfony]
+permalink: /blog/2013/1/17/jms-diextrabundle-s-greppatternfinder-grep-exits-with-status-code-2-on-fedora-18
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Yesterday I’ve upgraded my development machines from Fedora 17 to Fedora
+18. Although it went well, my [Symfony](http://symfony.com/) projects stopped
+working with a message like this:
+
+    RuntimeException: Command "/usr/bin/grep --fixed-strings --directories=recurse --devices=skip --files-with-matches --with-filename --color=never --include=*.php 'JMS\DiExtraBundle\Annotation'
+    '/var/www/html/gergelypolonkaiweb/app/../src'
+    '/var/www/html/gergelypolonkaiweb/vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/symfony/symfony/src/Symfony/Bundle/TwigBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/symfony/monolog-bundle/Symfony/Bundle/MonologBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/symfony/swiftmailer-bundle/Symfony/Bundle/SwiftmailerBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/symfony/assetic-bundle/Symfony/Bundle/AsseticBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/doctrine/doctrine-bundle/Doctrine/Bundle/DoctrineBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/sensio/framework-extra-bundle/Sensio/Bundle/FrameworkExtraBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/jms/aop-bundle/JMS/AopBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/doctrine/doctrine-migrations-bundle/Doctrine/Bundle/MigrationsBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/friendsofsymfony/jsrouting-bundle/FOS/JsRoutingBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/avalanche123/imagine-bundle/Avalanche/Bundle/ImagineBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/genemu/form-bundle/Genemu/Bundle/FormBundle'
+    '/var/www/html/gergelypolonkaiweb/src/GergelyPolonkai/FrontBundle'
+    '/var/www/html/gergelypolonkaiweb/src/GergelyPolonkai/GeshiBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/symfony/symfony/src/Symfony/Bundle/WebProfilerBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/sensio/distribution-bundle/Sensio/Bundle/DistributionBundle'
+    '/var/www/html/gergelypolonkaiweb/vendor/sensio/generator-bundle/Sensio/Bundle/GeneratorBundle'" exited with non-successful status code "2".
+
+After getting through my logs and such, I’ve finally found out that the new
+SELinux policy is causing the trouble together with git. Eventually, my
+`.git/logs` directory is tagged as `unconfined_u:object_r:httpd_log_t:s0`.
+`httpd_log_t` type is not readable by the `system_u:system_r:httpd_t:s0` user,
+which makes `/usr/bin/grep` throw an access denied error. To fix this, I needed
+to do
+
+    semanage fcontext -a -t httpd_sys_content_t '/var/www(/.*)?/\.git/logs(/.*)?'
+
+as root. This makes `.git` directories readable for the httpd process, thus,
+for `grep`. The optimal solution would be to tell `GrepPatternFinder` to ignore
+version control stuff, so the `httpd` process would have no access to them at
+all. Also, in production, removing the `.git` or `.svn` directories could be a
+good idea.

_posts/2013-02-19-mount-device-or-resource-busy-after-enabling-multipath.markdown

@@ -0,0 +1,32 @@
+---
+layout:    post
+title:     "mount: device or resource busy after enabling multipath"
+date:      2013-02-19 23:09:05+00:00
+tags:      [linux, heartbeat-cluster]
+permalink: /blog/2013/2/19/mount-device-or-resource-busy-after-enabling-multipath
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+We have a heartbeat cluster with two nodes. It has been running for several
+months without problems. The shared storage is on an IBM DS3400, on which we
+have a large volume formatted with ext4.
+
+Today I decided to reboot the active node for security reasons. So I’ve
+switched to the passive node, which failed at the first step: it was unable to
+mount the storage (`/dev/sda1`). After whining for a few moments, I tried to
+mount it by hand, which told me
+
+    /dev/sda1 already mounted or /data is busy
+
+I’ve quickly made sure that none of that was true. After checking
+this-and-that, it turned out that the passive node had `multipathd` running, so
+I looked under `/dev/mapper`, and found two symlinks there, `<long-long WWN>`
+and `<long-long WWN>-part1`. As the partition table and the disk size was the
+same as on `/dev/sda`, I tried to
+
+    mount /dev/<long-long WWN>-part1 /data
+
+and voilà! It worked like charm!

_posts/2013-02-27-why-i-stopped-using-annotation-based-routing-in-symfony-today.markdown

@@ -0,0 +1,27 @@
+---
+layout:    post
+title:     "Why I stopped using annotation based routing in Symfony today"
+date:      2013-02-27 23:10:24+00:00
+tags:      [development, symfony]
+permalink: /blog/2013/2/27/why-i-stopped-using-annotation-based-routing-in-symfony-today
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I have read several opinions about routing configuration in Symfony. I stayed
+with annotation based routing as it was convinient for me to see the URL right
+above the controller action. This was because by just checking the URL, I
+remembered the controlling code, as they always were fresh ones. Well, until
+today.
+
+I had to take a look into an old (Sf 2.0, last commit was about 3 months ago)
+project of mine. In the same run I’ve upgraded the whole project to 2.2 (it was
+a fast one, thanks for [JMikola@GitHub](https://github.com/jmikola) for the
+quick reply on my issue with
+[JmikolaJsAssetsHelperBundle](https://github.com/jmikola/JmikolaJsAssetsHelperBundle)
+again!). After that I went on to the requested change. Now, finding a route in
+about 40 controller files spread between 3 bundles can really be a pain! So
+I’ve finished with annotation based routing. It’s still a nice feature, it’s
+simply not for me.

_posts/2013-03-01-programming-as-i-see-it.markdown

@@ -0,0 +1,67 @@
+---
+layout:    post
+title:     "Programming, as I see it"
+date:      2013-03-01 23:32:35+00:00
+permalink: /blog/2013/3/1/programming-as-i-see-it
+published: false
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+Since my age of around 11, I write code. I began with BASIC, which is, well,
+the most basic language I have ever seen. Simply writing
+
+{% highlight basic %}
+10 PRINT "Hello World!"
+{% endhighlight %}
+
+does the job (with Assembly it would be tens of lines as I recall). Then I
+moved to Pascal, then Delphi (which is basically the same thing). The next step
+was a bit longer, as I started learning more languages after this, like Perl
+(for dynamic web pages), C (for desktop applications), TCL (for eggdrop
+programming. Yes, I might have been a weird kid), PHP (again, for dynamic web
+pages. It was becoming mainstream back then).
+
+Many of my classmates looked down on me, as they thought I was a geek (hell I
+was, but I wouldn’t have confessed it then), and called me a nerd. For a few
+months maybe I was depressed, but after that I realised that this is the thing
+I want to do in my life, this is the thing I’m good at.
+
+Most people I ask why don’t they code say “it’s too hard”. I’ve attended some
+courses (both online and offline, and I was like “Whoa! Coding is extremely
+hard! What the hell! I will never learn it!”, but right after the course I
+realised that everything is just fine, I can still write programs, and it’s
+eeeeasy. So then, what’s the problem?
+
+After looking through many course papers, I found that most teachers do it
+totally wrong. A programming language is just that: a language. You don’t start
+learning Spanish by going into a classic literature conference in Madrid and
+doing a speech, but learn the basic vocabulary and grammar. The same goes for
+coding. You learn the vocabulary (the basic commands or keywords) and grammar
+(syntax). I had several ideas how this could be taught, just didn’t have the
+background to do it.
+
+The idea of teaching programming lingers in my head for years now, and a few
+days ago, I’ve bumped into [this
+video](https://www.youtube.com/watch?v=dU1xS07N-FA). So it seems that
+technology superstars like Bill Gates and Mark Zuckerberg wants to do the same.
+Maybe they don’t have enough high quality coders at hand. Well of course,
+if teachers make it awfully hard to learn it! So a bunch of guys sat together
+and created [code.org](http://www.code.org/) to achieve my old dream. I like
+the idea. And although I have almost no visitor on this blog of mine, allow me
+to give you a few points on how I see programming.
+
+####  Great learning process
+
+When you write programs, especially during the first years, you adapt a new way
+of thinking and learning. If you learn it as an adult, it can be a bit of a
+pain, but as a child, it’s easy as learning how the wheels of those little cars
+spin).
+
+####  A job
+
+####  Art
+
+####  Magic
+

_posts/2013-03-05-fedora-can-t-change-active-directory-password-via-kpasswd.markdown

@@ -0,0 +1,38 @@
+---
+layout:    post
+title:     "Fedora can’t change Active Directory password via kpasswd"
+date:      2013-03-05 08:55:04+00:00
+tags:      [fedora, kerberos, active-directory]
+permalink: /blog/2013/3/5/fedora-can-t-change-active-directory-password-via-kpasswd
+published: true
+author:
+    name: Gergely Polonkai
+    email: gergely@polonkai.eu
+---
+
+I wanted to change my AD password today. As the AD is actually a Kerberos
+server, I was pretty sure that `kpasswd` will do the trick. However, `kpasswd`
+output looked like this:
+
+    $ kpasswd
+    Password for polonkai.gergely@EXAMPLE.LOCAL:
+    Enter new password:
+    Enter it again:
+    kpasswd: Cannot find KDC for requested realm changing password
+
+I’ve checked `kinit` and `klist`, everything looked fine. After a while it came
+to my mind that password changing is done through the kadmin server, not
+through the KDC. It seems that when I set up the Active Directory membership,
+the `admin_server` directive is not get written to `krb5.conf`. So all I had to
+do was to put
+
+    admin_server = ad.example.local
+
+in that file, and voilà!
+
+    $ kpasswd
+    Password for polonkai.gergely@EXAMPLE.LOCAL:
+    Enter new password:
+    Enter it again:
+    Password changed.
+