The SSH host key has changed on 8 April, 2022 to this one: SHA256:573uTBSeh74kvOo0HJXi5ijdzRm8me27suzNEDlGyrQ

Redesign for Github Pages

sqla-i18n-post
Gergely Polonkai 8 years ago
parent c76175799b
commit 1501da4d18
  1. 14
      _config.yml
  2. 20
      _includes/about.html
  3. 29
      _includes/blog-post-list.html
  4. 14
      _includes/disqus.html
  5. 14
      _includes/head.html
  6. 44
      _includes/header.html
  7. 17
      _includes/pagination.html
  8. 43
      _layouts/default.html
  9. 14
      _layouts/page.html
  10. 36
      _layouts/post.html
  11. 13
      _layouts/posts_by_tag.html
  12. 31
      _make_tags.sh
  13. 29
      _posts/2011-05-12-ethical-hacking-2011.markdown
  14. 88
      _posts/2011-05-12-gentoo-hardened-desktop-with-gnome-3-round-one.markdown
  15. 35
      _posts/2011-05-13-zabbix-performance-tip.markdown
  16. 29
      _posts/2011-05-18-gentoo-hardened-desktop-with-gnome-3-round-two.markdown
  17. 41
      _posts/2011-05-27-citrix-xenserver-vs-debian-5-0-upgrade-to-6-0.markdown
  18. 25
      _posts/2011-05-27-oracle-database-incompatible-with-oracle-linux.markdown
  19. 30
      _posts/2011-06-10-proxy-only-non-existing-files-with-mod-proxy-and-mod-rewrite.markdown
  20. 30
      _posts/2011-09-18-inverse-of-sort.markdown
  21. 16
      _posts/2011-12-11-why-you-should-always-test-your-software-with-production-data.markdown
  22. 29
      _posts/2012-03-20-php-5-4-released.markdown
  23. 34
      _posts/2012-03-27-fast-world-fast-updates.markdown
  24. 28
      _posts/2012-06-14-wordpress-madness.markdown
  25. 28
      _posts/2012-06-18-ssh-login-failed-on-red-hat-enterprise-linux-6-2.markdown
  26. 35
      _posts/2012-06-22-upgrades-requiring-a-reboot-on-linux-at-last.markdown
  27. 80
      _posts/2012-09-05-some-thoughts-about-that-dead-linux-desktop.markdown
  28. 76
      _posts/2012-09-07-how-to-start-becoming-a-web-developer.markdown
  29. 19
      _posts/2012-09-10-do-not-track-in-ie10-vs-apache.markdown
  30. 78
      _posts/2012-09-16-symfony-2-create-role-and-class-based-acls-with-your-roles-coming-from-the-orm.markdown
  31. 25
      _posts/2012-10-07-smsgateway-and-smssender.markdown
  32. 26
      _posts/2012-10-13-changing-the-session-cookie-s-name-in-symfony-2.markdown
  33. 56
      _posts/2012-12-20-symfony-2-configuration-array-of-associative-arrays.markdown
  34. 14
      _posts/2013-01-05-development-man-pages-on-fedora.markdown
  35. 99
      _posts/2013-01-06-registering-an-enum-type-in-glib-s-type-system.markdown
  36. 17
      _posts/2013-01-14-git-rm-cached-madness.markdown
  37. 52
      _posts/2013-01-17-jms-diextrabundle-s-greppatternfinder-grep-exits-with-status-code-2-on-fedora-18.markdown
  38. 32
      _posts/2013-02-19-mount-device-or-resource-busy-after-enabling-multipath.markdown
  39. 27
      _posts/2013-02-27-why-i-stopped-using-annotation-based-routing-in-symfony-today.markdown
  40. 67
      _posts/2013-03-01-programming-as-i-see-it.markdown
  41. 38
      _posts/2013-03-05-fedora-can-t-change-active-directory-password-via-kpasswd.markdown
  42. 26
      _posts/2013-03-05-haversine-in-mysql.markdown
  43. 28
      _posts/2013-03-13-dvorak-and-me.markdown
  44. 28
      _posts/2013-04-09-renaming-a-symfony-2-bundle.markdown
  45. 111
      _posts/2013-05-06-installing-otrs-in-fedora-18-with-selinux-enabled.markdown
  46. 30
      _posts/2013-09-16-swe-glib-final-release.markdown
  47. 25
      _posts/2013-09-24-from-symfony-to-django-in-two-days.markdown
  48. 29
      _posts/2013-11-05-first-impressions-of-windows-8.markdown
  49. 64
      _posts/2014-07-18-list-git-branches-and-their-remote-tracking-branches-side-by-side.markdown
  50. 148
      _posts/2014-08-16-registering-an-enum-type-in-glib-glib-mkenums-magic.markdown
  51. 16
      _posts/2014-09-17-nyanmacs.markdown
  52. 43
      _posts/2014-10-07-rounding-numbers-to-n-decimals-in-emacs.markdown
  53. 51
      _posts/2015-02-26-using-git-bisect-to-find-the-first-good-commit.markdown
  54. 6
      about.html
  55. 26
      blog/index.html
  56. 4
      blog/tag/active-directory.html
  57. 4
      blog/tag/apache.html
  58. 4
      blog/tag/astrology.html
  59. 4
      blog/tag/c.html
  60. 4
      blog/tag/citrix-xenserver.html
  61. 4
      blog/tag/command-line.html
  62. 4
      blog/tag/conference.html
  63. 4
      blog/tag/debian.html
  64. 4
      blog/tag/development.html
  65. 4
      blog/tag/django.html
  66. 4
      blog/tag/emacs.html
  67. 4
      blog/tag/fedora.html
  68. 4
      blog/tag/gentoo.html
  69. 4
      blog/tag/git.html
  70. 4
      blog/tag/glib.html
  71. 4
      blog/tag/gnome3.html
  72. 4
      blog/tag/heartbeat-cluster.html
  73. 4
      blog/tag/kerberos.html
  74. 4
      blog/tag/linux.html
  75. 4
      blog/tag/monitoring.html
  76. 4
      blog/tag/mysql.html
  77. 4
      blog/tag/oracle.html
  78. 4
      blog/tag/otrs.html
  79. 4
      blog/tag/php.html
  80. 4
      blog/tag/ranting.html
  81. 4
      blog/tag/red-hat.html
  82. 4
      blog/tag/selinux.html
  83. 4
      blog/tag/ssh.html
  84. 4
      blog/tag/symfony.html
  85. 4
      blog/tag/technology.html
  86. 4
      blog/tag/testing.html
  87. 4
      blog/tag/windows.html
  88. 4
      blog/tag/wordpress.html
  89. 4
      blog/tag/zabbix.html
  90. 26
      css/blog.css
  91. 45
      css/code.css
  92. 248
      css/front.css
  93. 51
      css/resume.css
  94. 310
      css/style.sass
  95. 729
      css/templatemo_style.css
  96. 20
      disclaimer/index.md
  97. 62
      export.php
  98. BIN
      favicon.ico
  99. 20
      feed.xml
  100. BIN
      images/close.png
  101. Some files were not shown because too many files have changed in this diff Show More

@ -0,0 +1,14 @@
# Site settings
title: Gergely Polonkai
email: gergely@polonkai.eu
description: "developer, systems engineer and administrator"
baseurl: ""
url: "http://gergely.polonkai.eu"
timezone: Europe/Budapest
name: Gergely Polonkai
paginate: 10
paginate_path: "/blog/page/:num"
# Build settings
markdown: kramdown
permalink: pretty

@ -0,0 +1,20 @@
<p>
Gergely Polonkai is a systems engineer of a telco company, and
also a freelancer developer.
</p>
<p>
He is learning about different IT subjects since the late
1990s. These include web development, application building,
systems engineering, IT security and many others. He also dug his
nose deeply into free software, dealing with different types of
Linux and its applications,
while also writing and contributing to some open source projects.
</p>
<p>
On this site he is writing posts about different stuff he faces
during work (oh my, yet another IT solutions blog), hoping they
can help others with their job, or just to get along with their
brand new netbook that shipped with Linux.
</p>

@ -0,0 +1,29 @@
<article class="col-sm-5 col-md-6 blog_post">
<ul class="list-inline">
<li class="col-md-8">
<header>
<h4><a href="{{post.url | prepend: site.baseurl}}">{{post.title}}</a></h4>
<div class="pull-left">
<span>Posted by : <a class="link_orange" href="mailto:{{post.author.email}}"><span class="txt_orange">{{post.author.name}}</span></a></span>
</div>
<div class="pull-right">
<span class="post-date">{{post.date | date: "%b %-d, %Y"}}</span>
<span class="post-time">{{post.date | date: "%H:%M" }}</span>
</div>
</header>
<div class="clearfix"> </div>
<p class="blog_text">{{post.excerpt}}</p>
<footer>
<p class="article-tags">
Tags:
{% for tag in post.tags %}
<span class="blog-tag"><a href="{{tag | prepend: '/blog/tag/' | prepend: site.baseurl}}">{{ tag }}</a></span>
{% endfor %}
</p>
</footer>
<li>
</ul>
</article>
{% if counter == 'even' %}
<div class="clearfix"></div>
{% endif %}

@ -0,0 +1,14 @@
<div id="disqus_thread"></div>
<script type="text/javascript">
var disqus_shortname = 'gergelypolonkai';
(function() {
var dsq = document.createElement('script');
dsq.type = 'text/javascript';
dsq.async = true;
dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
})();
</script>
<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>

@ -0,0 +1,14 @@
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="keywords" content="{{ page.keywords }}">
<meta name="description" content="Personal page of Gergely Polonkai">
<title>Gergely Polonkai{% if page.title %}: {{ page.title }}{% endif %}</title>
<link rel="icon" type="image/x-icon" href="{{site_url}}/favicon.ico">
<link href="http://fonts.googleapis.com/css?family=Open+Sans:400,300,300italic,400italic,600,600italic,700,700italic,800,800italic" rel="stylesheet" type="text/css">
<link rel="alternate" type="application/rss+xml" title="Gergely Polonkai's Blog - RSS Feed" href="{{site.url}}/blog/atom.xml">
<link rel="stylesheet" type="text/css" href="//maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css">
<script type="text/javascript" src="//code.jquery.com/jquery-2.1.3.min.js"></script>
<script src="//maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>

@ -0,0 +1,44 @@
<div class="navbar navbar-inverse">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#gp-navbar">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="{{site_url}}/"><img src="{{site.baseurl}}/images/profile.svg" alt="Gergely Polonkai" style="background-color: white; height: 45px; margin-top: -13px;"></a>
</div>
<div class="collapse navbar-collapse" id="gp-navbar">
<ul class="nav navbar-nav">
<li><a href="{{site_url}}/about">About me</a></li>
<li><a href="{{site_url}}/blog">Blog</a></li>
<li><a href="{{site_url}}/resume">Resume</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li><a href="{{site_url}}/disclaimer">Disclaimer</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false"><span class="glyphicon glyphicon-pencil"></span> Contact me <span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="mailto:gergely@polonkai.eu" target="_blank"><img src="{{site_url}}/images/email_16.png" alt="" /> E-mail</a></li>
<li><a href="http://www.linkedin.com/in/gergelypolonkai" target="_blank"><img src="{{site_url}}/images/linkedin_16.png" alt="" /> LinkedIn</a></li>
<li><a href="skype:gergely.polonkai" target="_blank"><img src="{{site_url}}/images/skype_16.png" alt="" /> Skype</a></li>
<li><a href="http://facebook.com/Polesz" target="_blank"><img src="{{site_url}}/images/facebook_16.png" alt="" /> Facebook</a></li>
<li><a href="https://plus.google.com/+GergelyPolonkai/about" target="_blank"><img src="{{site_url}}/images/google_plus_16.png" alt="" /> Google+</a></li>
<li><a href="gtalk:chat?jid=gergely@polonkai.eu" target="_blank"><img src="{{site_url}}/images/googletalk_16.png" alt="" /> Hangouts</a></li>
<li><a href="http://twitter.com/GergelyPolonkai" target="_blank"><img src="{{site_url}}/images/twitter_16.png" alt="" /> Twitter</a></li>
<li><a href="http://gergelypolonkai.tumblr.com" target="_blank"><img src="{{site_url}}/images/tumblr_16.png" alt="" /> Tumblr</a></li>
<li><a href="http://gergelypolonkai.deviantart.com" target="_blank"><img src="{{site_url}}/images/deviantart_16.png" alt="" /> deviantArt</a></li>
<li><a href="{{site_url}}/blog/atom.xml"><img src="{{site_url}}/images/rss_16.png" alt="" /> RSS Feed</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div class="jumbotron">
<h1 class="text-right">
Gergely Polonkai<br>
<small>developer, systems engineer and administrator</small>
</h1>
</div>

@ -0,0 +1,17 @@
<nav>
<ul class="pagination">
<li{% if paginator.previous_page == null %} class="disabled"{% endif %}>
<a href="{{ paginator.previous_page_path | prepend: site.baseurl | replace: '//', '/' }}" aria-label="Previous page">
<span aria-hidden="true">&laquo;</span>
</a>
</li>
{% for page in (1...paginator.total_pages) %}
<li{% if paginator.page == page %} class="active"{% endif %}><a href="{% if page == 1 %}{{ '/blog' | prepend: site.baseurl }}{% else %}{{ site.paginate_path | prepend: site.baseurl | replace: '//', '/' | replace: ':num', page }}{% endif %}">{{ page }}</a></li>
{% endfor %}
<li{% if paginator.next_page == null %} class="disabled"{% endif %}>
<a href="{{ paginator.next_page_path | prepend: site.baseurl | replace: '//', '/' }}" aria-label="Next page">
<span aria-hidden="true">&raquo;</span>
</a>
</li>
</ul>
</nav>

@ -0,0 +1,43 @@
<!DOCTYPE html>
<html>
<head>
{% include head.html %}
</head>
<body>
<div class="container">
{% include header.html %}
{{content}}
{% if page.name != 'about.html' %}
<div class="well well-sm small">
<div class="pull-left"><img src="{{'/images/profile.png' | prepend: site.baseurl}}" alt=""></div>
{% include about.html %}
<div class="clearfix"></div>
</div>
{% endif %}
</div>
<script type="text/javascript">
$(document).ready(function() {
$('#tagcloud-button').click(function() {
$('#tag-cloud').toggle('slow');
});
});
(function() {
var po = document.createElement('script');
po.type = 'text/javascript';
po.async = true;
po.src = 'https://apis.google.com/js/client:plusone.js?onload=start';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(po, s);
})();
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-43569023-1', 'polonkai.eu');
ga('send', 'pageview');
</script>
</body>
</html>

@ -0,0 +1,14 @@
---
layout: default
---
<div class="post">
<header class="post-header">
<h2>{{ page.title }}</h2>
</header>
<article class="post-content">
{{ content }}
</article>
</div>

@ -0,0 +1,36 @@
---
layout: default
---
<div class="post">
<header class="post-header">
<h3>{{ page.title }} <div class="plusone-container"><div class="g-plusone" data-annotation="inline" data-size="small" data-width="300"></div></div></h3>
<p class="meta">{{ page.date | date: "%b %-d, %Y :: %H:%M" }}{% if page.author %} • {{ page.author.name }}{% endif %}{% if page.meta %} • {{ page.meta }}{% endif %}</p>
</header>
<article class="post-content">
{{ content }}
</article>
<footer>
<p class="article-tags">
Tags:
{% for tag in page.tags %}
<a href="{{tag | prepend: '/blog/tag/' | prepend: site.baseurl}}" class="label label-default">{{ tag }}</a>
{% endfor %}
</p>
<div class="g-plus" data-action="share" data-height="15"></div>
<nav>
<ul class="pager">
{% if page.previous %}
<li><a href="{{page.previous.url | prepend: site.baseurl}}">&larr; {{page.previous.title}}</a></li>
{% endif %}
{% if page.next %}
<li><a href="{{page.next.url | prepend: site.baseurl}}">{{page.next.title}} &rarr;</a></li>
{% endif %}
</ul>
</nav>
</footer>
{% include disqus.html %}
</div>

@ -0,0 +1,13 @@
---
layout: default
---
{{content}}
<h3>Articles under this tag</h3>
{% if site.tags[page.tag] %}
{% for post in site.tags[page.tag] %}
{% include blog-post-list.html %}
{% endfor %}
<div class="clearfix"></div>
{% else %}
No posts with this tag.
{% endif %}

@ -0,0 +1,31 @@
#! /bin/sh
#
# Find all tags in all posts under _posts, and generate a file for
# each under blog/tag. Also, if a tag page does not contain the tag:
# or layout: keywords, the script will include them in the front
# matter.
for tag in `grep -h ^tags: _posts/* | sed -e 's/^tags: \[//' -e 's/\]$//' -e 's/, /\n/g' | sort | uniq`
do
tag_file="blog/tag/${tag}.html"
if [ ! -f $tag_file ]
then
cat <<EOF > $tag_file
---
layout: posts_by_tag
tag: $tag
---
EOF
else
if ! grep "^tag: ${tag}$" $tag_file &> /dev/null
then
sed -i "0,/---/! s/---/tag: $tag\\n---/" $tag_file
fi
if ! grep "^layout: " $tag_file &> /dev/null
then
sed -i "0,/---/! s/---/layout: posts_by_tag\\n---/" $tag_file
fi
fi
done

@ -0,0 +1,29 @@
---
layout: post
title: "Ethical Hacking 2012"
date: 2011-05-12 20:54:42+00:00
tags: [conference]
permalink: /blog/2011/5/12/ethical-hacking-2011
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
Today I went to the Ethical Hacking conference with my boss. It was my first
appearance at such conferences, but I hope there will be more. Although we
just started to redesign our IT security infrastructure with a 90% clear goal,
it was nice to hear that everything is vulnerable. I was thinking if we should
sell all our IT equipments, fire all our colleagues (you know, to prevent
social engineering), and move to the South Americas to herd llamas or sheep,
so the only danger would be some lurking pumas or jaguars. Or I simply leave
my old background image on my desktop, from the well-known game, which says:
Trust is a weakness.
Anyways, the conference was really nice. We heard about the weaknesses of
Android, Oracle, and even FireWire. They showed some demos about everything,
exploited some free and commercial software with no problem at all. We have
seen how much power the virtualisation admin has (although I think it can be
prevented, but I’m not sure yet). However, in the end, we could see that the
Cloud is secure (or at least it can be, in a few months or so), so I’m not
totally pessimistic. See you next time at Hacktivity!

@ -0,0 +1,88 @@
---
layout: post
title: "Gentoo hardened desktop with GNOME 3 – Round one"
date: 2011-05-12 20:32:41+00:00
tags: [gentoo, gnome3, selinux]
permalink: /blog/2011/5/12/gentoo-hardened-desktop-with-gnome-3-round-one
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
After having some hard times with Ubuntu (upgrading from 10.10 to 11.04), I
decided to switch back to my old friend, Gentoo. As I’m currently learning
about Linux hardening, I decided to use the new SELinux profile, which
supports the v2 reference policy.
Installation was pretty easy, using the [Gentoo x86
Handbook](http://www.gentoo.org/doc/hu/handbook/handbook-x86.xml). This profile
automatically turns on the `USE=selinux` flag (so does the old SELinux
profile), but deprecated `FEATURE=loadpolicy` (which is turned on by the
profile, so portage will complain about it until you disable it in
`/etc/make.conf`).
For the kernel, I chose `hardened-sources-2.6.37-r7`. This seems to be recent
enough for my security testing needs. I turned on both SELinux, PaX and
grsecurity. So far, I have no problem with it, but I don’t have X installed
yet, which will screw up things for sure.
After having those hard times with Ubuntu mentioned before, I decided not to
install Grub2 yet, as it renders things unusable (eg. my Windows 7
installation, which I sometimes need at the office). So I installed Grub 0.97
(this is the only version marked as stable, as I remember), touched
`/.autorelabel`, and reboot.
My first mistake was using an UUID as the root device on the kernel parameter
list (I don’t want to list all the small mistakes like forgetting to include to
correct SATA driver from my kernel and such). Maybe I was lame, but after
including `/dev/sda5` instead of the UUID thing, it worked like…
Well, charm would not be the good word. For example, I forgot to install the
lvm2 package, so nothing was mounted except my root partition. After I
installed it with the install CD, I assumed everything will be all right, but
I was wrong.
udev and LVM is a critical point in a hardened environment. udev itself
doesn’t want to work without the `CONFIG_DEVFS_TEMPFS=y` kernel option, so I
also had to change that. It seemed that it can be done without the install CD,
as it compiled the kernel with no problems. However, when it reached the point
when it compresses the kernel with gzip, it stopped with a `Permission denied`
message (although it was running with root privileges).
The most beautiful thing in the hardened environment with Mandatory Access
Control enabled) is that root is not a real power user any more by default.
You can get this kind of messages many times. There are many tools to debug
these, I will talk about these later.
So, my gzip needed a fix. After digging a bit on the Internet, I found that
the guilty thing is text relocation, which can be corrected if gzip is
compiled with PIC enabled. Thus, I turned on `USE=pic` flag globally, and
tried to remerge gzip. Of course it failed, as it had to use gzip to unpack
the gzip sources. So it did when I tried to install the PaX tools and gradm to
turn these checks off. The install CD came to the rescue again, with which I
successfully recompiled gzip, and with this new gzip, I compressed my new
kernel, with which udev started successfully. So far, so good, let’s try to
reboot!
Damn, LVM is still not working. So I decided to finally consult the Gentoo
hardened guide. It says that the LVM startup scripts under `/lib/rcscripts/…`
must be modified, so LVM will put its lock files under `/etc/lvm/lock` instead
of `/dev/.lvm`. After this step and a reboot, LVM worked fine (finally).
The next thing was the file system labelling. SELinux should automatically
relabel the entire file system at boot time whenever it finds the
`/.autorelabel` file. Well, in my case it didn’t happen. After checking the
[Gentoo Hardening](http://wiki.gentoo.org/wiki/Hardened_Gentoo) docs, I realised that the `rlpkg` program does exactly the same
(as far as I know, it is designed specifically for Gentoo). So I ran `rlpkg`,
and was kind of shocked. It says it will relabel ext2, ext3, xfs and JFS
partitions. Oh great, no ext4 support? Well, consulting the forums and adding
some extra lines to `/etc/portage/package.keywords` solved the problem (`rlpkg`
and some dependencies had to have the `~x86` keyword set). Thus, `rlpkg`
relabelled my file systems (I checked some directories with `ls -lZ`, it seemed
good for me).
Now it seems that everything is working fine, except the tons of audit
messages. Tomorrow I will check them with `audit2why` or `audit2allow` to see if
it is related with my SELinux lameness, or with a bug in the policy included
with Gentoo.

@ -0,0 +1,35 @@
---
layout: post
title: "Zabbix performance tip"
date: 2011-05-13 19:03:31+00:00
tags: [zabbix, monitoring]
permalink: /blog/2011/5/13/zabbix-performance-tip
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
Recently I have switched from [MRTG](http://oss.oetiker.ch/mrtg/) + [Cacti](http://www.cacti.net/) + [Nagios](http://www.nagios.org/) + [Gnokii](http://www.gnokii.org/) to [Zabbix](http://www.zabbix.com/), and I
must say I’m more than satisfied with it. It can do anything the former tools
did, and much more. First of all, it can do the same monitoring as Nagios did,
but it does much more fine. It can check several parameters within one
request, so network traffic is kept down. Also, its web front-end can generate
any kinds of graphs from the collected data, which took Cacti away. Also, it
can do SNMP queries (v1-v3), so querying my switches’ port states and traffic
made easy, taking MRTG out of the picture (I know Cacti can do it either, it
had historical reasons we had both tools installed). And the best part: it can
send SMS messages via a GSM modem natively, while Nagios had to use Gnokii.
The trade-off is, I had to install Zabbix agent on all my monitored machines,
but I think it worths the price. I even have had to install NRPE to monitor
some parameters, which can be a pain on Windows hosts, while Zabbix natively
supports Windows, Linux and Mac OS/X.
So I only had to create a MySQL database (which I already had for NOD32
central management), and install Zabbix server. Everything went fine, until I
reached about 1300 monitored parameters. MySQL seemed to be a bit slow on disk
writes, so my Zabbix “queue” filled up in no time. After reading some forums,
I decided to switch to PostgreSQL instead. Now it works like charm, even with
the default Debian settings. However, I will have to add several more
parameters, and my boss wants as many graphs as you can imagine, so I’m more
than sure that I will have to fine tune my database later.

@ -0,0 +1,29 @@
---
layout: post
title: "Gentoo hardened desktop with GNOME 3 – Round two"
date: 2011-05-18 10:28:14+00:00
tags: [gentoo, gnome3, selinux]
permalink: /blog/2011/5/18/gentoo-hardened-desktop-with-gnome-3-round-two
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
After several hours of `package.keywords`/`package.use` editing and package
compiling, I managed to install GNOME 3 on my notebook. Well, I mean, the
GNOME 3 packages. Unfortunately the fglrx driver didn’t seem to recognise my
ATI Mobility M56P card, and the open source driver didn’t want to give me GLX
support. When I finally found some clues on what should I do, I had to use my
notebook for work, so I installed Fedora 14 on it. Then I realised that GNOME
3 is already included in Rawhide (Fedora 15), so I quickly downloaded and
installed that instead. Now I have to keep this machine in a working state for
a few days, so I will learn SELinux stuff in its native environment.
When I installed Fedora 14, the first AVC message popped up after about ten
minutes. That was a good thing, as I wanted to see `setroubleshoot` in action.
However, in Fedora 15, the AVC bubbles didn’t show up even after a day. I
raised my left eyebrow and said that’s impossible, SELinux must be disabled.
And it’s not! It’s even in enforcing mode! And it works just fine. I like it,
and I hope I will be able to get the same results with Gentoo if I can get
back to testing…

@ -0,0 +1,41 @@
---
layout: post
title: "Citrix XenServer 5.5 vs. Debian 5.0 upgrade to 6.0"
date: 2011-05-27 17:33:41+00:00
tags: [citrix-xenserver, debian]
permalink: /blog/2011/5/27/citrix-xenserver-vs-debian-5-0-upgrade-to-6-0
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
Few weeks ago I’ve upgraded two of our Debian based application servers from
5.0 to 6.0. Everything went fine, as the upgraded packages worked well with
the 4.2 JBoss instances. For the new kernel we needed a reboot, but as the
network had to be rebuilt, I postponed this reboot until the network changes.
With the network, everything went fine again, we successfully migrated our
mail servers behind a firewall. Also the Xen server (5.5.0, upgrade to 5.6
still has to wait for a week or so) revolted well with some storage disks
added. But the application servers remained silent…
After checking the console, I realised that they don’t have an active console.
And when I tried to manually start them, XenServer refused with a message
regarding pygrub.
To understand the problem, I had to understand how XenServer boots Debian. It
reads the grub.conf on the first partition’s root or `/boot` directory, and
starts the first option, without asking (correct me, if I’m mistaken
somewhere). However, this pygrub thing can not parse the new, grub2 config.
This is kinda frustrating.
For the first step, I quickly installed a new Debian 5.0 system from my
template. Then I attached the disks of the faulty virtual machine, and mounted
all its partitions. This way I could reach my faulty 6.0 system with a chroot
shell, from which I could install the `grub-legacy` package instead of grub,
install the necessary kernel and XenServer tools (which were missing from both
machines somehow), then halt the rescue system, and start up the original
instance.
Next week I will do an upgrade on the XenServer to 5.6.1. I hope no such
problems will occur.

@ -0,0 +1,25 @@
---
layout: post
title: "Oracle Database “incompatible” with Oracle Linux?"
date: 2011-05-27 17:53:31+00:00
tags: [linux, oracle]
permalink: /blog/2011/5/27/oracle-database-incompatible-with-oracle-linux
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
Today I gave a shot to install [Oracle
Linux](http://www.oracle.com/us/technologies/linux/overview/index.html). I thought I could easily install
an Oracle DBA on it. Well, I was naive.
As only the 5.2 version is supported by XenServer 5.5, I downloaded that
version of Oracle Linux. Installing it was surprisingly fast and easy, it
asked almost nothing, and booted without any problems.
After this came the DBA, 10.2, which bloated an error message in my face
saying that this is an unsupported version of Linux. Bah.
Is it only me, or is it really strange that Oracle doesn’t support their own
distro?

@ -0,0 +1,30 @@
---
layout: post
title: "Proxy only non-existing files with mod_proxy and mod_rewrite"
date: 2011-06-10 14:20:43+00:00
tags: [apache]
permalink: /blog/2011/6/10/proxy-only-non-existing-files-with-mod-proxy-and-mod-rewrite
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
Today I got an interesting task. I had to upload some pdf documents to a site.
The domain is ours, but we don’t have access to the application server that is
hosting the page yet. Until we get it in our hands, I did a trick.
I enabled `mod_rewrite`, `mod_proxy` and `mod_proxy_http`, then added the following
lines to my apache config:
{% highlight apache %}
RewriteEngine on
RewriteRule ^/$ http://172.16.72.131:8080/ [QSA,L,P]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/(.*) http://172.16.72.131:8080/$1 [QSA,L,P]
Order allow,deny
Allow from all
{% endhighlight %}
I’m not totally sure it’s actually secure, but it works for now.

@ -0,0 +1,30 @@
---
layout: post
title: "Inverse of `sort`"
date: 2011-09-18 14:57:31
tags: [linux, command-line]
permalink: /blog/2011/9/18/inverse-of-sort
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I’m using \*NIX systems for about 14 years now, but it can still show me new
things. Today I had to generate a bunch of random names. I’ve create a small
perl script which generates permutations of some usual Hungarian first and
last names, occasionally prefixing it with a ‘Dr.’ title or using double first
names. For some reasons I forgot to include uniqueness check in the script.
When I ran it in the command line, I realized the mistake, so I appended
`| sort | uniq` to the command line. So I had around 200 unique names, but in
alphabetical order, which was awful for my final goal. Thus, I tried shell
commands like rand to create a random order, and when many of my tries failed,
the idea popped in my mind (not being a native English speaker): “I don’t have
to create «random order», but «shuffle the list». So I started typing `shu`,
pressed Tab in the Bash shell, and voilà! `shuf` is the winner, it does just
exactly what I need:
**NAME**
shuf - generate random permutations
Thank you, Linux Core Utils! :)

@ -0,0 +1,16 @@
---
layout: post
title: "Why you should always test your software with production data"
date: 2011-12-11 12:14:51+00:00
tags: [development, testing, ranting]
permalink: /blog/2011/12/11/why-you-should-always-test-your-software-with-production-data
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I’m writing a software for my company in PHP, using the Symfony 2 framework.
I’ve finished all the work, created some sample data, it loaded perfectly. Now
I put the whole thing into production and tried to upload the production data
into it. Guess what… it didn’t load.

@ -0,0 +1,29 @@
---
layout: post
title: "PHP 5.4 released"
date: 2012-03-20 13:31:12+00:00
tags: [php]
permalink: /blog/2012/3/20/php-5-4-released
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
After a long time of waiting, PHP announced 5.4 release on 1 March (also,
today they announced that they finally migrate to Git, which is sweet from my
point of view, but it doesn’t really matter).
About a year ago we became very agressive towards a developer who created our
internal e-learning system. Their database was very insecure, and they didn’t
really follow industry standards in many ways. Thus, we forced them to move
from Windows + Apache 2.0 + PHP 5.2 + MySQL 4.0 to Debian Linux 6.0 + Apache
2.2 + PHP 5.3 + MySQL 5.1. It was fun (well, from our point of view), as their
coders… well… they are not so good. The code that ran “smoothly” on the
old system failed at many points on the new one. So they code and code, and
write more code. And they still didn’t finish. And now 5.4 is here. Okay, I
know it will take some time to get into the Debian repositories, but it’s
here. And they removed `register_globals`, which will kill that funny code again
at so many points that they will soon get to rewrite the whole code to make it
work. And I just sit here in my so-much-comfortable chair, and laugh. Am I
evil?

@ -0,0 +1,34 @@
---
layout: post
title: "Fast world, fast updates"
date: 2012-03-27 06:18:43+00:00
tags: [linux]
permalink: /blog/2012/3/27/fast-world-fast-updates
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
We live in a fast world, that’s for sure. When I first heard about Ubuntu
Linux and their goals, I was happy: they gave a Debian to everyone, but in
different clothes. It had fresh software in it, and even they gave support of
a kind. It was easy to install and use, even if one had no Linux experience
before. So people liked it. I’ve even installed it on some of my servers
because of the new package versions that came more often. Thus I got an up to
date system. However, it had a price. After a while, security updates came
more and more often, and when I had a new critical update every two or three
days, I’ve decided to move back to Debian. Fortunately I did this at the time
of a new release, so I didn’t really loose any features.
After a few years passed, even Debian is heading this very same way. But as I
see, the cause is not the same. It seems that upstream software is hitting
these bugs, and even the Debian guys don’t have the time to check for them. At
the time of a GNOME version bump (yes, GNOME 3 is a really big one for the
UN\*X-like OSes), when hundreds of packages need to be checked, security bugs
show off more often. On the other hand however, Debian is releasing a new
security update every day (I had one on each of the last three days). This, of
course, is good from one point of view as we get a system that is more secure,
but most administrators don’t have maintenance windows this often. I can think
of some alternatives like Fedora, but do I really have to change? Dear fellow
developers, please code more carefully instead!

@ -0,0 +1,28 @@
---
layout: post
title: "Wordpress madness"
date: 2012-06-14 06:40:12+00:00
tags: [wordpress, ranting]
permalink: /blog/2012/6/14/wordpress-madness
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I’m a bit fed up that I had to install [MySQL](http://www.mysql.com/) on my
server to have [Wordpress](http://wordpress.org/) working, so I’ve Googled a
bit to find a solution for my pain. I found this:
[http://codex.wordpress.org/Using_Alternative_Databases]. I don’t know when
this post was written, but I think it’s a bit out of date. I mean come on, PDO
is the part of PHP for ages now, and they say adding a DBAL to the dependencies
would be a project as large as (or larger than) WP itself. Well,
yes, but PHP is already a dependency, isn’t it? Remove it guys, it’s too
large!
Okay, to be serious… Having a heavily MySQL dependent codebase is a bad
thing in my opinion, and changing it is no easy task. But once it is done, it
would be a child’s play to keep it up to date, and to port WP to other
database backends. And it would be more than enough to call it 4.0, and
raising version numbers fast is a must nowadays (right, Firefox and Linux
Kernel guys?)

@ -0,0 +1,28 @@
---
layout: post
title: "SSH login FAILed on Red Had Enterprise Linux 6.2"
date: 2012-06-18 18:28:45+00:00
tags: [linux, selinux, ssh, red-hat]
permalink: /blog/2012/6/18/ssh-login-failed-on-red-hat-enterprise-linux-6-2
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
Now this was a mistake I should not have done…
About a month ago I have moved my AWS EC2 machine from Amazon Linux to RHEL
6.2. This was good. I have moved all my files and stuff, recreated my own
user, everything was just fine. Then I copied my
[gitosis](https://github.com/tv42/gitosis) account (user `git` and its home
directory). Then I tried to log in. It failed. I was blaming OpenSSH for a week
or so, changed the config file in several ways, tried to change the permissions
on `~git/.ssh/*`, but still nothing. Permission were denied, I was unable to
push any of my development changes. Now after a long time of trying, I
coincidently `tail -f`-ed `/var/log/audit/audit.log` (wanted to open `auth.log`
instead) and that was my first good point. It told me that `sshd` was unable to
read `~git/.ssh/authorized_keys`, which gave me the idea to run `restorecon` on
`/home/git`. It solved the problem.
All hail SELinux and RBAC!

@ -0,0 +1,35 @@
---
layout: post
title: "Upgrades requiring a reboot on Linux? At last!"
date: 2012-06-22 20:04:51+00:00
tags: [linux]
permalink: /blog/2012/6/22/upgrades-requiring-a-reboot-on-linux-at-last
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I’ve recently received an article on Google+ about Fedora’s new idea: package
upgrades that require a reboot. The article said that Linux guys have lost
their primary adoo: “Haha! I don’t have to reboot my system to install system
upgrades!” My answer was always this: “Well, actually you should…”
I think this can be a great idea if distros implement it well. PackageKit was
a good first step on this road. That software could easily solve such an
issue. However, it is sooo easy to do it wrong. The kernel, of course, can not
be upgraded online (or could it be? I have some theories on this subject,
wonder if it can be implemented…), but other packages are much different.
From the users’ point of view the best would be if the packages would be
upgraded in the background seemlessly. E.g. PackageKit should check if the
given executable is running. If not, it should upgrade it, while notifying the
user like “Hey dude, don’t start Anjuta now, I’m upgrading it!”, or simply
denying to start it. Libraries are a bit different, as PackageKit should check
if any running executables are using the library. Meanwhile, PK should also
keep a notification somewhere telling the users that some packages could be
upgraded, but without stopping this-and-that, it can not be done.
I know these things are easier said than done. But I think (a) users should
tell such ideas to the developers and (b) developers (mostly large companies,
like Microsoft or Apple) should listen to them, and at least think of these
ideas. Some users are not as stupid as they think…

@ -0,0 +1,80 @@
---
layout: post
title: "Some thoughts about that dead Linux Desktop"
date: 2012-09-05 09:01:31+00:00
tags: [linux]
permalink: /blog/2012/9/5/some-thoughts-about-that-dead-linux-desktop
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
There were some arguments in the near past on [What Killed the Linux
Desktop](http://tirania.org/blog/archive/2012/Aug-29.html). After reading many
replies, like [Linus
Torvalds’](http://www.zdnet.com/linus-torvalds-on-the-linux-desktops-popularity-problems-7000003641/),
I have my own thoughts, too.
I know my place in the world, especially in the online community. I’m a Linux
user for about 15 years and a Linux administrator for 10 years now, beginning
with WindowMaker and something that I remember as GNOME without a version
number. I have committed some minor code chunks and translations in some minor
projects, so I’m not really into it from the “write” side (well, until now,
since I have began to write this blog, and much more, but don’t give a penny
for my words until you see it).
I’m using Linux since 2.2 and GNOME since 1.whatever. It’s nice that a program
compiled years ago still runs on today’s Linux kernel, especially if you see
old DOS/Windows software failing to start on a new Windows 7 machine. I
understand Linus’ point that breaking external APIs is bad, and I think it can
work well on the kernel’s level. But the desktop level is much different. As
the Linux Desktop has such competitors (like OS/X and Windows’ Aero and Metro),
they have to give something new to the users almost every year to keep up with
them. Eye candies are a must (yes, of course my techy fellows, they are
worthless, but users *need* it), and they can not be created without extending
APIs. And the old API… well, it fades away fast. I don’t really understand
however, why they have to totally disappear, like
[GTK_DIALOG_NO_SEPARATOR](http://developer.gnome.org/gtk/stable/GtkDialog.html#GtkDialogFlags)
in Gtk3. It could be replaced with a 0 value (e.g: it won’t do anything). This
way my old Gtk2 program could compile with Gtk3 nicely. Also, there could be a
small software that goes through your source code and warn you about such
deprecated (and no-doer but still working) things. Porting applications between
Gtk (and thus, GNOME) versions became a real pain, which makes less enthusiast
programmers stop developing for Linux. Since I’m a GNOME guy for years, I can
tell nothing about Qt and KDE, but for the GNOME guys, this is a bad thing. As
of alternatives, there is Java. No, wait… it turned out recently that [it has
several security
bugs](http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java).
Also it’s not that multiplatform as they say (I can’t find the article on
that at the moment, but I have proof). Also, the JVMs out there eat up so much
resources, which makes it a bit hard and expensive to use.
Also, I see another problem: those blasted package managers. RPM, DPKG,
Portage, whatever. What the hell? Why are there so many? Why do developers
reinvent the wheel? The nave is too small or there are to few spokes? Come on…
we live in an open source world! Contribute to the one and only package manager
(which one is that I don’t actually care)! I’m sure the two (three, many)
bunches of develoeprs could make a deal. Thus, it could become better and
“outsider” companies would be happier to distribute their software for Linux
platforms.
And now that we get to the big companies. I don’t really understand them.
nVidia and ATI made their own closed source drivers for Linux. Some other
hardware vendors also write Linux drivers, and as the kernel API doesn’t really
change, they will work for a long time. But what about desktop
application vendors? Well, they try to stick to a desktop environment or two,
and if they change too frequently, they stop developing for Linux, like Skype
did (OK, maybe Skype has other reasons, but you see my point). But why? The
main part for Linux programs is the Linux kernel and the basic userland like
libc/stdlib++. If you write graphical software, it will have to use X-Windows.
Yes, it’s much different in many ways, mostly because they have a… well… pretty
ugly design by default. But still, it’s the same on every Linux distributions,
as it became somewhat an industry standard, as it was already on the market
back in the old UN\*X days. The protocol itself changed just like the Linux
kernel: almost no change at all, just some new features.
So what kills the Linux desktop in my opinion is these constant wars inside,
and the lack of support from the outside. Open Source is good, but until these
(mostly the first) problems are not resolved, Linux Desktop can do nothing on
the market. It’s a downward spiral hard to escape.

@ -0,0 +1,76 @@
---
layout: post
title: "How to start becoming a web developer"
date: 2012-09-07 18:12:12+00:00
tags: [development, technology]
permalink: /blog/2012/9/7/how-to-start-becoming-a-web-developer
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
A friend of mine asked me today how to become a web developer. It took me a
while, but I made up a checklist. It’s short, but it’s enough for the first
steps.
#### First of all, learn English
Well, if you read this, maybe this was a bad first point…
#### Choose a language and stick to it!
For the UN\*X/Linux line, there is PHP. It’s free, easy to learn, and has many
free tools and documentations available. It can be used in a functional or an
object-oriented way.
C# is another good way to start, but for the Windows line. It’s fully object-
oriented, and the web is full of tutorials, how-tos and other resources.
#### Learn the basics of the system you are working on
To become a good developer, learn at least the basics of the system you are
working on. Basic commands can always come in handy. Debugging (yes, you will
do tons of bugs for sure) can become much easier if you know the huge set of
tools provided by your OS. You should also try to develop in the chosen
environment. Chose PHP? Get a Linux desktop! ASP.NET? Get a Windows.
Everything will be much easier!
#### Learn the basics of the web server you are using
PHP can run on [Apache](http://httpd.apache.org/) (as a module), or any
CGI-capable webserver, like [lighttpd](http://www.lighttpd.net/) or
[nginx](http://nginx.org/) (well, it can also run on IIS, but trust me: you
don’t want that). ASP.NET is designed for IIS, and although some scripts can
be run under a mono-capable server, it should still stay there.
Whichever you choose, learn the basics! How to start and stop the service,
basic configuration methods, modules/extensions, and so on. It’s more than sure
that you will face some issues while developing, so it can never hurt.
#### Keep your versions under control
Version control is critical nowadays. It gives you a basic backup solution,
can come in handy with debugging, and if you ever want to work in a team, you
will badly need it.
Subversion is a bit out of date now, and it’s kind of hard to set up.
Git is no easy. You will have to learn a lot of stuff, but basicly it’s just
another version control system. Just choose if you want to stick to
merge-then-commit or rebase-then-commit, get a client, and get on the run.
Microsoft’s Team Foundation is another good way if you are working in a team.
It provides several other features besides version controlling, and is well
integrated into Visual Studio, which is highly recommended for Windows based
development.
#### Choose an environment to work in
There are so many good tools out there. You should choose according to the
language and OS on what you are working on. [Zend
Studio](http://www.zend.com/en/products/studio) or
[Netbeans](https://netbeans.org/) are both good tools for PHP development,
while [Visual Studio](http://www.visualstudio.com/) is a best buy for Windows
development. Both of these have many ups and downs, but once you get in touch
with their deeper parts, you will like them.

@ -0,0 +1,19 @@
---
layout: post
title: "Do-Not-Track in IE10 vs. Apache"
date: 2012-09-10 20:22:32+00:00
tags: [apache, technology]
permalink: /blog/2012/9/10/do-not-track-in-ie10-vs-apache
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
[Apache developer decided not to accept Do-Not-Track headers from IE10
users](http://arstechnica.com/security/2012/09/apache-webserver-updated-to-ignore-do-not-track-settings-in-ie-10/),
because it’s enabled by default. So… if I install a plugin that hides the
fact from the web server that I’m using IE10, I become eligible of using
it. But if I do this, I simply became eligible because I consciously installed
that addon, so I could actually use it without hiding the fact. Sorry if
I’m a bit Philosoraptorish…

@ -0,0 +1,78 @@
---
layout: post
title: "Symfony 2 – Create role- and class-based ACLs with your roles coming from the ORM"
date: 2012-09-16 18:39:25+00:00
tags: [php, symfony]
permalink: /blog/2012/9/16/symfony-2-create-role-and-class-based-acls-with-your-roles-coming-from-the-orm
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
During the last weeks I had some serious issues with one of my private Symfony
2 projects. One of my goals was to create a dynamic security system, e.g my
administrators wanted to create roles, and grant these roles access to
different object types (classes) and/or objects.
So I have created a `User` entity, which implements `UserInterface` and
`AdvancedUserInterface`, the latter for the possibility to enable/disable
accounts and such. It had a `$roles` property, which was a `ManyToMany` relation
to the `Role` entity, which implemented `RoleInterface`. Also I have created my
own role hierarchy service that implements `RoleHierarchyInterface`.
So far so good, first tests. It soon turned out that if `User::getRoles()`
returns a `DoctrineCollection` as it does by default, then the standard
{% highlight php %}
$this->get('security.context')->isGranted('ROLE_ADMIN');
{% endhighlight %}
doesn’t work. I know, it should not be hard coded, as my roles and permission
tables are dynamic, I have just tested. So I fixed my `User` entity so
`getRoles()` returns an array of `Role` objects instead of the
`DoctrineCollection`. Also I implemented a `getRolesCollection()` method to
return the original collection, but I think it will never be used.
After that, I had to implement some more features so I put this task away.
Then, I tried to create my first ACL.
{% highlight php %}
$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
$objectIdentity = new ObjectIdentity('newsClass', 'Acme\\DemoBundle\\Entity\\News');
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
{% endhighlight %}
I was about to check if the user who is logged in has an `OWNER` permission on
the `User` class.
{% highlight php %}
$this->objectIdentity = new ObjectIdentity(self::OBJECT_ID, self::OBJECT_FQCN);
if ($this->securityContext->isGranted('OWNER', $this->objectIdentity) === false) {
throw new AccessDeniedException('You don’t have the required permissions!');
}
{% endhighlight %}
The ACL was defined based on a role, so everyone who had the `ROLE_ADMIN` role
should gain access to the user listing page. But they didn’t. It took several
weeks to find the cause, I have put it on
[stackoverflow](http://stackoverflow.com/questions/12057795/symfony-2-1-this-getsecurity-context-isgrantedrole-admin-returns-fa)
and the Symfony Google Group, but no usable answers.
Then I went off for debugging. Setting up NetBeans for xdebug-based PHP
debugging was real fun under Fedora, but that’s another story. After a while I
have found that Symfony’s basic access decision manager checks for
`$role->getRole()` only if `$role` is an instance of
`Symfony\Component\Security\Core\Role\Role`, instead of checking if the object
implements `Symfony\Component\Security\Core\Role\RoleInterface`. So I’ve
checked if the bug is already reported. It turned out that it was, and my
solution was available in a specific commit about a year ago, but as [Johannes
Schmitt commented, it would introduce a security
issue](https://github.com/symfony/symfony/commit/af70ac8d777873c49347ac828a817a400006cbea),
so it was reverted. Unfortunately neither Johannes Schmitt, nor Fabien
Potencier (nor anyone else) could (or wanted) to tell about this issue. So the
final (and somewhat hack-like) solution was to extend
`Symfony\Component\Security\Core\Role\Role`. And boom! It worked.

@ -0,0 +1,25 @@
---
layout: post
title: "SmsGateway and SmsSender"
date: 2012-10-07 00:10:26+00:00
tags: [development, php, symfony]
permalink: /blog/2012/10/7/smsgateway-and-smssender
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I have just uploaded my SmsGateway, SmsSender and SmsSenderBundle packages to
[GitHub](http://github.com/gergelypolonkai) and
[Packagist](http://packagist.org). I hope some of you will find it useful.
* SmsGateway
* [GitHub](https://github.com/gergelypolonkai/smsgateway)
* [Packagist](https://packagist.org/packages/gergelypolonkai/smsgateway)
* SmsSender
* [GitHub](https://github.com/gergelypolonkai/smssender)
* [Packagist](https://packagist.org/packages/gergelypolonkai/smssender)
* SmsSenderBundle
* [GitHub](https://github.com/gergelypolonkai/smssender-bundle)
* [Packagist](https://packagist.org/packages/gergelypolonkai/smssender-bundle)

@ -0,0 +1,26 @@
---
layout: post
title: "Changing the session cookie’s name in Symfony 2"
date: 2012-10-13 12:49:28+00:00
tags: [symfony, development]
permalink: /blog/2012/10/13/changing-the-session-cookie-s-name-in-symfony-2
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I have a development server, on which I have several Symfony 2.x projects under
the same hostname in different directories. Now I’m facing a funny problem
which is caused by that the cookies Symfony places for each of my projects have
the same name.
To change this, you will have to modify the `config.yml` file like this:
{% highlight yaml %}
session:
name: SiteSpecificSessionName
lifetime: 3600
{% endhighlight %}
I hope it helps some of you.

@ -0,0 +1,56 @@
---
layout: post
title: "Symfony 2 Configuration – Array of associative arrays"
date: 2012-12-20 12:03:23+00:00
tags: [php, symfony]
permalink: /blog/2012/12/20/symfony-2-configuration-array-of-associative-arrays
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
Few days ago I have struggled with a problem using Symfony2 configuration. I
wanted to add the following kind of configuration to `config.yml`:
{% highlight yaml %}
acme_demo:
transitions:
- { hc_cba: 180 }
- { cba_hc: -1 }
{% endhighlight %}
The problem was that the stuff under `transitions` is dynamic, so those
`hc_cba` and `cba_hc` tags can be pretty much anything. After hitting many
errors, I came to the solution:
{% highlight php %}
<?php
$rootNode
->children()
->arrayNode('state_machine')
->requiresAtLeastOneElement()
->beforeNormalization()
->ifArray()
->then(function($values) {
$ret = array();
foreach ($values as $value) {
foreach ($value as $transition => $time) {
$ret[] = array('transition' => $transition, 'time' => e);
}
}
return $ret;
})
->end()
->prototype('array')
->children()
->scalarNode('transition')->end()
->scalarNode('time')->end()
->end()
->end()
->end()
->end()
;
{% endhighlight %}

@ -0,0 +1,14 @@
---
layout: post
title: "Development man pages on Fedora"
date: 2013-01-05 18:20:41+00:00
tags: [development, fedora]
permalink: /blog/2013/1/5/development-man-pages-on-fedora
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
If you use Fedora (like me), and can’t find the development manual pages for
e.g. `printf(3)` (like me), just `yum install man-pages` (like me).

@ -0,0 +1,99 @@
---
layout: post
title: "Registering an enum type in GLib’s type system"
date: 2013-01-06 02:34:03+00:00
tags: [c, development, glib]
permalink: /blog/2013/1/6/registering-an-enum-type-in-glib-s-type-system
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I faced a problem in my [GLib](https://developer.gnome.org/glib/) self-teaching
project, [wMUD](https://github.com/gergelypolonkai/wmud) today. I wanted to
register a signal for a `GObject`, whose handler should accept two `enum`
parameters for which I had to register a new `GEnum` type in the `GObject` type
system. However, the [documentation on this
feature](https://developer.gnome.org/gobject/unstable/gtype-non-instantiable.html)
(thanks for pointing out goes to hashem on `#gnome-hackers`) is not… uhm…
obvious. Making the long story short, I have checked with the `GIO` sources for
an example, and using that, I have created this small, working chunk:
{% highlight c %}
#ifndef __WMUD_CLIENT_STATE_H__
#define __WMUD_CLIENT_STATE_H__
#include <glib-object.h>
/**
* WmudClientState:
* @WMUD_CLIENT_STATE_FRESH: Client is newly connected. Waiting for a login
* player name
* @WMUD_CLIENT_STATE_PASSWAIT: Login player name is entered, waiting for a
* login password
* @WMUD_CLIENT_STATE_MENU: Authentication was successful, player is now in the
* main game menu
* @WMUD_CLIENT_STATE_INGAME: Character login was successful, player is now
* in-game
* @WMUD_CLIENT_STATE_YESNO: Player was asked a yes/no question, and we are
* waiting for the answer. client.yesNoCallback MUST be set at this point!
* TODO: if wmudClient had a prevState field, and there would be some hooks
* that are called before and after the client enters a new state, this
* could be a three-state stuff, in which the player can enter e.g ? as
* the answer, so they would be presented with the question again.
* @WMUD_CLIENT_STATE_REGISTERING: Registering a new player. Waiting for the
* e-mail address to be given
* @WMUD_CLIENT_STATE_REGEMAIL_CONFIRM: E-mail address entered séms valid,
* waiting for confirmation
*
* Game client states.
*/
typedef enum {
WMUD_CLIENT_STATE_FRESH,
WMUD_CLIENT_STATE_PASSWAIT,
WMUD_CLIENT_STATE_MENU,
WMUD_CLIENT_STATE_INGAME,
WMUD_CLIENT_STATE_YESNO,
WMUD_CLIENT_STATE_REGISTERING,
WMUD_CLIENT_STATE_REGEMAIL_CONFIRM
} WmudClientState;
GType wmud_client_state_get_type (void) G_GNUC_CONST;
#define WMUD_TYPE_CLIENT_STATE (wmud_client_state_get_type())
#endif /* __WMUD_CLIENT_STATE_H__ */
{% endhighlight %}
{% highlight c %}
#include "wmudclientstate.h"
GType
wmud_client_state_get_type (void)
{
static volatile gsize g_define_type_id__volatile = 0;
if (g_once_init_enter(&g_define_type_id__volatile)) {
static const GEnumValue values[] = {
{ WMUD_CLIENT_STATE_FRESH, "WMUD_CLIENT_STATE_FRESH", "fresh" },
{ WMUD_CLIENT_STATE_PASSWAIT, "WMUD_CLIENT_STATE_PASSWAIT", "passwait" },
{ WMUD_CLIENT_STATE_MENU, "WMUD_CLIENT_STATE_MENU", "menu" },
{ WMUD_CLIENT_STATE_INGAME, "WMUD_CLIENT_STATE_INGAME", "ingame" },
{ WMUD_CLIENT_STATE_YESNO, "WMUD_CLIENT_STATE_YESNO", "yesno" },
{ WMUD_CLIENT_STATE_REGISTERING, "WMUD_CLIENT_STATE_REGISTERING", "registering" },
{ WMUD_CLIENT_STATE_REGEMAIL_CONFIRM, "WMUD_CLIENT_STATE_REGEMAIL_CONFIRM", "regemail-confirm" },
{ 0, NULL, NULL }
};
GType g_define_type_id = g_enum_register_static(g_intern_static_string("WmudClientState"), values);
g_once_init_leave(&g_define_type_id__volatile, g_define_type_id);
}
return g_define_type_id__volatile;
}
{% endhighlight %}
Still, it can be made more perfect by using the
[glib-mkenums](http://developer.gnome.org/gobject/stable/glib-mkenums.html)
tool. I will read through the GLib Makefiles tomorrow for some hints on
this.

@ -0,0 +1,17 @@
---
layout: post
title: "git rm --cached madness"
date: 2013-01-14 21:38:00+00:00
tags: [development, git]
permalink: /blog/2013/1/14/git-rm-cached-madness
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I have recently learned about `git rm --cached`. It’s a very good tool, as it
removes a file from tracking, without removing your local copy of it. However,
be warned that if you use `git pull` in another working copy, the file will be
removed from there! If you accidentally put the configuration of a production
project, and remove it on your dev machine, it can cause a lot of trouble ;)

@ -0,0 +1,52 @@
---
layout: post
title: "JMS\\DiExtraBundle’s GrepPatternFinder – grep exits with status code 2 on Fedora 18"
date: 2013-01-17 00:32:12+00:00
tags: [fedora, selinux, symfony]
permalink: /blog/2013/1/17/jms-diextrabundle-s-greppatternfinder-grep-exits-with-status-code-2-on-fedora-18
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
Yesterday I’ve upgraded my development machines from Fedora 17 to Fedora
18. Although it went well, my [Symfony](http://symfony.com/) projects stopped
working with a message like this:
RuntimeException: Command "/usr/bin/grep --fixed-strings --directories=recurse --devices=skip --files-with-matches --with-filename --color=never --include=*.php 'JMS\DiExtraBundle\Annotation'
'/var/www/html/gergelypolonkaiweb/app/../src'
'/var/www/html/gergelypolonkaiweb/vendor/symfony/symfony/src/Symfony/Bundle/FrameworkBundle'
'/var/www/html/gergelypolonkaiweb/vendor/symfony/symfony/src/Symfony/Bundle/SecurityBundle'
'/var/www/html/gergelypolonkaiweb/vendor/symfony/symfony/src/Symfony/Bundle/TwigBundle'
'/var/www/html/gergelypolonkaiweb/vendor/symfony/monolog-bundle/Symfony/Bundle/MonologBundle'
'/var/www/html/gergelypolonkaiweb/vendor/symfony/swiftmailer-bundle/Symfony/Bundle/SwiftmailerBundle'
'/var/www/html/gergelypolonkaiweb/vendor/symfony/assetic-bundle/Symfony/Bundle/AsseticBundle'
'/var/www/html/gergelypolonkaiweb/vendor/doctrine/doctrine-bundle/Doctrine/Bundle/DoctrineBundle'
'/var/www/html/gergelypolonkaiweb/vendor/sensio/framework-extra-bundle/Sensio/Bundle/FrameworkExtraBundle'
'/var/www/html/gergelypolonkaiweb/vendor/jms/aop-bundle/JMS/AopBundle'
'/var/www/html/gergelypolonkaiweb/vendor/jms/security-extra-bundle/JMS/SecurityExtraBundle'
'/var/www/html/gergelypolonkaiweb/vendor/doctrine/doctrine-migrations-bundle/Doctrine/Bundle/MigrationsBundle'
'/var/www/html/gergelypolonkaiweb/vendor/friendsofsymfony/jsrouting-bundle/FOS/JsRoutingBundle'
'/var/www/html/gergelypolonkaiweb/vendor/avalanche123/imagine-bundle/Avalanche/Bundle/ImagineBundle'
'/var/www/html/gergelypolonkaiweb/vendor/genemu/form-bundle/Genemu/Bundle/FormBundle'
'/var/www/html/gergelypolonkaiweb/src/GergelyPolonkai/FrontBundle'
'/var/www/html/gergelypolonkaiweb/src/GergelyPolonkai/GeshiBundle'
'/var/www/html/gergelypolonkaiweb/vendor/symfony/symfony/src/Symfony/Bundle/WebProfilerBundle'
'/var/www/html/gergelypolonkaiweb/vendor/sensio/distribution-bundle/Sensio/Bundle/DistributionBundle'
'/var/www/html/gergelypolonkaiweb/vendor/sensio/generator-bundle/Sensio/Bundle/GeneratorBundle'" exited with non-successful status code "2".
After getting through my logs and such, I’ve finally found out that the new
SELinux policy is causing the trouble together with git. Eventually, my
`.git/logs` directory is tagged as `unconfined_u:object_r:httpd_log_t:s0`.
`httpd_log_t` type is not readable by the `system_u:system_r:httpd_t:s0` user,
which makes `/usr/bin/grep` throw an access denied error. To fix this, I needed
to do
semanage fcontext -a -t httpd_sys_content_t '/var/www(/.*)?/\.git/logs(/.*)?'
as root. This makes `.git` directories readable for the httpd process, thus,
for `grep`. The optimal solution would be to tell `GrepPatternFinder` to ignore
version control stuff, so the `httpd` process would have no access to them at
all. Also, in production, removing the `.git` or `.svn` directories could be a
good idea.

@ -0,0 +1,32 @@
---
layout: post
title: "mount: device or resource busy after enabling multipath"
date: 2013-02-19 23:09:05+00:00
tags: [linux, heartbeat-cluster]
permalink: /blog/2013/2/19/mount-device-or-resource-busy-after-enabling-multipath
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
We have a heartbeat cluster with two nodes. It has been running for several
months without problems. The shared storage is on an IBM DS3400, on which we
have a large volume formatted with ext4.
Today I decided to reboot the active node for security reasons. So I’ve
switched to the passive node, which failed at the first step: it was unable to
mount the storage (`/dev/sda1`). After whining for a few moments, I tried to
mount it by hand, which told me
/dev/sda1 already mounted or /data is busy
I’ve quickly made sure that none of that was true. After checking
this-and-that, it turned out that the passive node had `multipathd` running, so
I looked under `/dev/mapper`, and found two symlinks there, `<long-long WWN>`
and `<long-long WWN>-part1`. As the partition table and the disk size was the
same as on `/dev/sda`, I tried to
mount /dev/<long-long WWN>-part1 /data
and voilà! It worked like charm!

@ -0,0 +1,27 @@
---
layout: post
title: "Why I stopped using annotation based routing in Symfony today"
date: 2013-02-27 23:10:24+00:00
tags: [development, symfony]
permalink: /blog/2013/2/27/why-i-stopped-using-annotation-based-routing-in-symfony-today
published: true
author:
name: Gergely Polonkai
email: gergely@polonkai.eu
---
I have read several opinions about routing configuration in Symfony. I stayed
with annotation based routing as it was convinient for me to see the URL right
above the controller action. This was because by just checking the URL, I
remembered the controlling code, as they always were fresh ones. Well, until
today.
I had to take a look into an old (Sf 2.0, last commit was about 3 months ago)
project of mine. In the same run I’ve upgraded the whole project to 2.2 (it was
a fast one, thanks for [JMikola@GitHub](https://github.com/jmikola) for the
quick reply on my issue with
[JmikolaJsAssetsHelperBundle](https://github.com/jmikola/JmikolaJsAssetsHelperBundle)
again!). After that I went on to the requested change. Now, finding a route in
about 40 controller files spread between 3 bundles can really be a pain! So
I’ve finished with annotation based routing. It’s still a nice feature, it’s
simply not for me.

67