This pile of crap called OpenLDAP

In attempt to learn THE directory service called LDAP, I tried to setup OpenLDAP in Scientific Linux. The install went all right and slapd can be immediately started without much problem. Except that the config is one big mystery and there’s not even a rootpw defined by default. Being a complete newbie in LDAP thingy, I decided to build configuration and all from zero.

…except that it’s not actually trivial. Most examples/tutorials are for OpenLDAP prior to 2.4 which still uses slapd.conf which was obsoleted in favor of configuration in meta-format using LDAP’s ldif. Instead of one nice config, we have directories called cn=config etc inside slapd.d. Someone must’ve been into Linux too much (xxx.d – Linux users sure love “modularizing” their configs).

Anyway, the example in manual page of slapd-config doesn’t even work because the include syntax was wrong (should be file:///etc/… instead of /etc/…) and even after fixing that there still an error:

[root@charlotte openldap]# slapadd -F /etc/openldap/slapd.d -n 0 -l initman.ldif
str2entry: invalid value for attributeType olcSuffix #0 (syntax
slapadd: could not parse entry (line=626)
_#################### 100.00% eta   none elapsed            none fast!
Closing DB...
[root@charlotte openldap]# slaptest
slaptest: bad configuration file!

The example from the guide also gives exact same error.

In short, I kind of given up and tried to follow the “Quick Start” from the very same guide. Instead of using slapd.d format, it still uses slapd.conf format despite it being a guide for 2.4. Seems like following a pattern, the config example also spit out error:

[root@charlotte openldap]# vi slapd.conf
[root@charlotte openldap]# slaptest
/etc/openldap/slapd.conf: line 2:  invalid DN 21 (Invalid syntax)
slaptest: bad configuration file!

So much for an example. Few attempts later at both methods, I gave up and wrote this post.

WordPress Multisite with nginx (subdomain/wildcard domain ver.)

WordPress Multisite, previously known as WordPress MU (Multi User), is an application which allows hosting multiple WordPress blogs with just one installation. Instead of creating copies of WordPress for each users’ blogs, one can use one installation of Multisite to be used by multiple users, each with their own blogs. Personal/custom domain is also possible as used for this blog (this blog’s master site is Too bad, the official documentation only provided guide for installing on Apache. If you haven’t known, I usually avoid Apache – I simply more proficient with nginx. Of course, this blog is also running on nginx therefore it’s perfectly possible to run WordPress Multisite on nginx.

At any rate, reading the official documentation is still a must and this post will only cover the nginx version of Apache-specific parts (namely Apache Virtual Hosts and Mod Rewrite and .htaccess and Mod Rewrite) and only for subdomain install. Subdirectory one will or will not follow some time later.

Assuming you have working nginx and php-cgi (with process manager like php-fpm or supervisord), for starter you’ll want to create a specific file for this WP install. Let’s say this file named app-wordpress.conf. Obviously you have put WordPress installation somewhere in your server. In this example I put the files in /srv/http/ Its content:

client_max_body_size 100m;
root /srv/http/;
location /. { return 404; }
location / {
  root /srv/http/;
  index index.php;
  try_files $uri $uri/ /index.php?$args;
  rewrite ^/files/(.*) /wp-includes/ms-files.php?file=$1;
  location ~ .php$ {
    try_files $uri =404;
    fastcgi_pass unix:/tmp/php-genshiken.sock;
    fastcgi_read_timeout 600;
    fastcgi_send_timeout 600;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $request_filename;
    include fastcgi_params;

Simple enough. Actually, it’s exact same with normal WordPress install except one extra line:

rewrite ^/files/(.*) /wp-includes/ms-files.php?file=$1;

And you’re set. Note that I set fastcgi timeouts higher than default to work around the slow performance of Amazon EC2 Micro Instance. Should only needed on network upgrade and massive blog import.

Anyway, in your main nginx.conf file, put:

server {
  listen 80;
  server_name *;
  include app-wordpress.conf;

In proper place. The usefulness of separate file for WordPress configuration will become apparent once you want to tweak performance for some blogs. I’ll explain that later if I feel like to.

Solaris 10 Patch Where?

If you haven’t noticed, Solaris 10 is not available for free anymore. At least the patches. It’s Oracle after all.

Security patches were originally available for free when Sun stil exists but not anymore now. From PCA site:

Unlike before, even security patches are not available for free anymore.

So you’re screwed if you don’t have one. You’re better off installing OpenIndiana instead.

In case you’re one of the lucky folks (like me /hahahaha) having office Oracle account with Solaris support contract, I suggest checking out PCA to ease up installing patches. Also make sure to install it through OpenCSW for easiest update method.

User Management in Solaris 10

We’re back with Solaris 10 administration series. This time, it’s the user management part.

Securing the Password

For God knows why reason (probably legacy), the default password hashing algorithm in Solaris 10 is the classic UNIX DES hashing. To change it, edit /etc/security/policy.conf and find line starting with CRYPT_DEFAULT and change it to this:


(you can also set to other value but 2a should be good enough)

And to change the root password, first edit /etc/shadow and append $2a$ to the 2nd (password) field like this:


or else chaning the root password using passwd won’t be set using the newly configured algorithm.

Creating User

First of all remember that there’s character limit of 8 for username in Solaris. Linux doesn’t have this but it’ll break ps (displaying UID instead of username). Also creating directory in /home is not possible because of several reasons. The proper way is to create home directory somewhere and create relevant entry in /etc/auto_home.

useradd -s /bin/bash newuser
mkdir -p /export/home/newuser
chown newuser:staff /export/home/newuser
printf "%st%sn" "newuser" "localhost:/export/home/newuser" >> /etc/auto_home
passwd newuser

This will let Solaris to automount (loopback filesystem/lofs) the actual directory (in this case /export/home/newuser) to /home.

Of course you can set the directory somewhere else, though having home not in /home feels weird.

Networking in Solaris 10

Since *BSD is getting boring, I decided to try an old but largely used enterprise OS: Solaris 10. I’m trying the latest update so it’s got ZFS and all the bling.

Anyway, I’m posting this so I can find this again whenever I need to.


Here be hostname: /etc/nodename. Don’t forget to add relevant entries to /etc/hosts. And while at it, don’t forget to add loghost to on hosts entry. Don’t forget to set /etc/nsswitch.conf with content of /etc/nsswitch.dns since unless you know what you’re doing, that’s what you want.

Static IPv4

/etc/hostname.if. Fill in with relevant IP address.

Static IPv4 Default Route

/etc/defaultrouter. Fill in with relevant default gateway’s IP address

Static IPv6

/etc/hostname6.if. Fill in with IPv6 address in following format:

addif some:ipv6:add::ress/prefixlen up

Also disable service for network discovery protocol (IPv6 routing etc autoconfiguration) by issuing

/usr/sbin/svcadm disable routing/ndp

Or not. It’s an undead zombie. Just add that line to /etc/rc3.d/S99rclocal (or create the file and make it executable if it isn’t there yet) to really kill the service upon boot.

Static IPv6 Default Route

It’s buried in /etc/inet/static_routes. Modified using route -p. Execute this for setting default IPv6 route:

route -p add -inet6 default de:fa:ult::gw

And that’s about it. It’s more or less same in Solaris 11 but you need to disable physical:nwam service in there. Also there’s ipadm but I think it’s still pretty much a black magic.


For DHCP/dynamic, it is much easier:

touch /etc/hostname.if
touch /etc/hostname6.if
touch /etc/dhcp.if

no-www for nginx

If you happen to be in no-www camp and want to redirect people accessing to the no-www version but have lots of domain, instead of writing one by one and you’re not keen in using config generator (I’m not), you can use this:

server {
  listen 80;
  listen [::]:80 ipv6only=on;
  server_name ~^www.(?<domain>.+)$;
  rewrite ^ $scheme://$domain$request_uri? permanent;
  access_log /var/log/nginx/access-no_www.log;

Remove listen [::]:80 ipv6only=on; if you’re not using IPv6 and adjust the log file path to wherever you want (or just turn off or remove it altogether).

Note that this trick doesn’t work well with HTTPS/SSL domains since you’ll get big fat warning about incorrect domain name in certificate or about self-signed certificate if you’re using wildcard one.

OpenBSD 5.0

This blog is now running on OpenBSD 5.0. Too bad php-fpm didn’t get to 5.0.

OpenBSD 5.0 GENERIC.MP#59 i386

The upgrade process went without any problems. Upgrading packages also went relatively well apart of php being a failure because of change to infrastructure (which allowed multiple versions to be installed). Otherwise everything upgraded without hitch and finished quickly. Sure is nice depart from FreeBSD’s ports which takes hours to update a package (upgrading system is relatively quick though using freebsd-update).

Unless there’s critical security vulnerability or something happened to the datacenter, I expect there will be no reboot until next upgrade (6 month uptime). We will see.

MoinMoin Initial Impression

In some random event, I decided to try out a wiki engine: MoinMoin. Written in Python, it’s much different compared to MediaWiki which is another wiki engine I ever tried. It doesn’t even require a database – everything is in flat file.

Locking mechanism seems to be done carefully and certainly not designed to be done concurrently though I can’t imagine how non-wyswyg editor could be used concurrently. Additionally, configuration is done by editing a versioned (in hg) file: something I really don’t want to do. ACL is done partially in the config file (defining what group can do what) and in freaking wiki pages (<something>Group). Sure is quite unique but I don’t think I can come to like it mainly because it’s incomplete – part in wiki, part in config file. Simply feels wrong to me.

And then few minutes later came up another problem: apparently I’m missing language pack. Googled around and found out that checking out from source repository requires manual download of “packages”. Not a big problem, I guess, until I encountered this:

-bash-4.1$ make pagepacks
"Makefile", line 6: Need an operator
Fatal errors encountered -- cannot continue

Whoopsie, seems like some people think it’s funny requiring a GNU Make for this kind of thing. Not a big problem since this is usual thing when you’re running non-GNU system and everyone else in the world assuming Open Source == GNU. Installed gmake and I got this instead:

-bash-4.1$ gmake pagepacks
...crapload of output...
cp -a ./tests/wiki/underlay ./wiki/
cp: unknown option -- a
usage: cp [-fip] [-R [-H | -L | -P]] source target
       cp [-fip] [-R [-H | -L | -P]] source ... directory
gmake: *** [pagepacks] Error 1

Yeah, not only it requires gmake, it also requires certain cp version which supports -a parameter – something OpenBSD doesn’t have. It’s not defined in POSIX either.

And so that concluded my test with MoinMoin today. I guess I should check their bug reports or at least the development version but apparently I’m too lazy to do that.

On to next wiki (one day)…

Or perhaps I’ll retry this.

This ZFS thingy

Apparently a RAIDZ2 with 9 disks is computationally expensive: my system got as low as 34% CPU Idle when doing one disk rebuild (and one other disk offline). The CPU isn’t exactly fast (Athlon 64 X2 4600+) but I didn’t expect the usage to be this high. I’ll see how it goes after rebuild finished. Good thing I cancelled my plan of using an Atom for my other file server.

last pid: 62412;  load averages:  1.34,  1.28,  1.25                                                                   up 0+02:39:21  01:32:32
54 processes:  1 running, 52 sleeping, 1 zombie
CPU:  0.0% user,  0.0% nice, 63.2% system,  1.9% interrupt, 34.9% idle
Mem: 46M Active, 32M Inact, 4654M Wired, 104K Cache, 85M Buf, 1160M Free
Swap: 400M Total, 400M Free

Subtle differences between *nix and Windows

One of them is how file removal is handled:

On Windows, attempting to remove a file that is in use causes an exception to be raised; on Unix, the directory entry is removed but the storage allocated to the file is not made available until the original file is no longer in use.

One of the reasons why Windows is famous for its reboot cycle on initial setup and configuration (also application installation). Though one can argue that it ensures less confusion on files: in *nix you can let a application access a file, delete it and create a new file with same file name which later cause confusion on why the file isn’t updated properly – you simply can’t do that in Windows. Also if you can delete a file in Windows, then the file is deleted. This is unlike in *nix which if an application still accessing the deleted file, it can be recovered by accessing its file descriptor. Additionally, the space is not freed after deletion, only after all applications accessing the file released the file descriptor or closed – I know some people are confused why the free space doesn’t increase after deleting some files.

Test post

To ensure markdown works as expected, the following sentence must be block-quoted:

herp derp does it work?

And the following excerpt should show proper symbol:

100x + 5 >= 5

If it fails, then WordPress sucks.

Update: indeed it failed.

Update again: patched and now finally works.

ZFS on Desktop – Which OS?

I’ve been thinking about this lately, especially after seeing this:

[root@einhart ~]# pkg_version -vIL=>
binutils-2.21 < needs updating (index has 2.21.1)
bitstream-vera-1.10_4 < needs updating (index has 1.10_5)
chromium-12.0.742.112 < needs updating (index has 12.0.742.124)
droid-fonts-ttf-20100214_1 < needs updating (index has 20110324)
exiv2-0.21,1 < needs updating (index has 0.21.1,1)
gawk-3.1.8 < needs updating (index has 4.0.0)
gcc- < needs updating (index has
gnutls-2.12.7_1 < needs updating (index has 2.12.7_2)
libidn-1.19 < needs updating (index has 1.22)
openjdk6-b22_6 < needs updating (index has b23)
p5-Net-DBus-0.33.6 < needs updating (index has 1.0.0)
p5-libwww-5.837 Fetching ‘/usr/ports/www/chromium’

To build Chromium, you should have around 1 GB of memory
and a fair amount of free diskspace (~ 1.5GB).

===> Vulnerability check disabled, database not found
===> License BSD LGPL21 MPL accepted by the user
===> Found saved configuration for chromium-12.0.742.112
=> chromium-courgette-redacted-12.0.742.124.tar.xz doesn’t seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch
chromium-courgette-redacted-12.0.742.124.tar.x 0% of 114 MB 35 kBps^C

And did you notice that “you should have around 1 GB of memory and a fair amount of free diskspace”? Yeah, it does use that much memory to update a web browser. Something that takes few seconds on Windows and Fedora and few minutes on Ubuntu takes almost hours to do on FreeBSD. Downloading source notwithstanding, compiling it also takes long, long time.

If anything, this is why I hate FreeBSD. And you will mention use package except that there’s no H.264 video support and possible chance of conflicting package difference between my system and the buildbot. As much as I want to use binary packages, they come in unwanted forms:

* GNOME 2 pulls Samba4 for God knows why reason
* Some pacakges don’t have optimization enabled
* Mplayer doesn’t have VDPAU
* Some packages must be installed manually (Java, Opera)
* Portupgrade takes minutes to compute what to do (something which is done in seconds in Ubuntu)

As much as I can tolerate this shit, the very fact that VirtualBox under FreeBSD takes much more CPU certainly doesn’t help.

So, I guess I’ll try yet another OS. There are several options so here are overview of current choices.


* Extremely simple
* Up to date packages
* Highly customizable
* Stable ZFS


* Customization comes at cost: compile time
* No good virtualization option
* A package management that is comparable with slowpoke
* No flash (yes there’s linux flashplugin ports but it’s a joke)
* Awesomely slow video playback even optimized on Firefox


* Based on FreeBSD, has some of familiarity
* Binary packages that’s not too slow
* Stable ZFS


* Also no good virtualization
* Epic size of packages (eg. [a hundred megabytes for Firefox](


* Stable, greatest ZFS
* Zones
* Good VirtualBox support
* Flash support


* Complex
* Doesn’t survive trivial hardware change without Live CD/USB
* Outdated packages
* Non-existent packages
* Manual compiling of `mplayer` is a must since the defaults on various repositories are crap
* Still beta
* Doesn’t recognize FreeBSD’s GPT (at least on `oi_148`)
* Ugly freetype2 (no support for subpixel hinting apart of manual compile)

Ubuntu Linux

* Latest, greatest software
* Good software support
* Good virtualization


* Unstable ZFS
* Linux

Note that I only include Ubuntu in Linux category since it’s the only OS having both working nvidia driver and precompiled ZFS module, saving me lots of headaches.

Forcing SSL with nginx and Apache

Not really difficult but I guess it would be useful for some people.

First one is for nginx: create a file called `force-ssl.conf` and put in nginx’s config directory (check by `nginx -V`). And its content is:

if ($scheme = http) {
rewrite ^ https://$host$request_uri? permanent;

Include this file (by `include force-ssl.conf;`) in any `location … { }` block you want to force SSL on.

As for Apache, we can do it by using the usual `.htaccess` (and put in corresponding directories):

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

The nginx rule is written by me, Apache rule is written by [someone on internet]( with minor fix on skipping regex capture (`(.*)` replaced by `^`).

Announcing ecos – the collection of crappy scripts I wrote

Included in the package:

  • bash initialization script, mainly tested on OpenIndiana but should also good for Linux, *BSD and other *nix
  • tcsh initialization script. Mainly tested on FreeBSD
  • my hgrc. Obviously shouldn’t be used as is except if you want to give me the copyright of whatever you’re committing
  • tmux config. Blue bars instead of green. And minor tweaking
  • vimrc. Guaranteed to break vim-lite or whatever the default vi in Ubuntu. Also shouldn’t be used for most administrative task where tab should be tab and it should be 8 spaces long. Mainly for ruby development.
  • inputrc. Makes various application using readline much more awesome – especially if you’re not emacs user
  • Various scripts:
    • cek: check crc32 of a file and compares with the one in filename if exists. Useful for checking downloaded anime. Requires ruby
    • ed2k: generates ed2k link of a file. Useful for comparing against anidb database. Ruby is required.
    • putcrc: as the name says, puts crc32 of the file in its filename. Also requires ruby.
    • ren: rename anime files with whatever I like. In perl. Contains hundres of regexes. No test so it tends to break at unfortunate time.

Grab them here: [ bitbucket/edogawaconan/ecos ]

Status of mplayer’s screenshot filter

Basically speaking, the API for cleanly generate screenshot filename based on currently played name and time is not available yet.

In a bit more detail, the variable mpctx->filename is not passed to the vf.c which then not passed to vf_screenshot.c. My current hack involves moving mpctx to global variable and use it in vf_screenshot.c when generating filename. It works but really hack-ish. At least my directory now contains informative screenshot filename instead of shot####.png (which isn’t quite compressed png either).

And no, I don’t know C.

Audio volume control from shell in OpenIndiana

I might be missing something but the volume control for OpenIndiana is a bit lackluster in display department compared to FreeBSD’s. In FreeBSD, whenever I do a volume change I get to see the values; before and after – but not in OpenIndiana; its default shell-based mixer quite sucks and doesn’t give enough feedback whenever I change volume.

There’s a good reason I keep bash as my main shell – I can script in POSIX sh and keep the sane shell at the same time (as opposed to using actual POSIX sh). So here’s the function I recently created; when given no parameter will display current volume and when given one parameter will change the volume and display how the change goes.

vol() {
getvol() { audioctl show-control volume | awk ‘/^volume/ { print $2 }’; }
printf “%s: ” “Volume”
if [ -n “$1” ]; then
printf “%s => ” “$(getvol)”
audioctl set-control volume “$1”
printf “%sn” “$(getvol)”

It should be pretty much POSIX but remember that it will only work in Solaris Express 11 (probably) and OpenIndiana (tested with oi_148).

Solaris zones’ (first) boot error

If you encounter error like this on first zone boot:

SunOS Release 5.11 Version oi_148 64-bit                                        
Copyright (c) 1983, 2010, Oracle and/or its affiliates. All rights reserved.    
svc.configd: Fatal error: "boot" backup failed: rename(/etc/svc/repository-boot-tmpHSa4Hq, /etc/svc/repository-boot-20110427_123458): Permission denied         
svc.configd: Fatal error: unable to create "boot" backup of "/etc/svc/repository.db"                                                                            
Loading smf(5) service descriptions: 98/98                                      
svc.configd: Fatal error: "manifest_import" backup failed: rename(/etc/svc/repository-manifest_import-tmpJSa4Hq, /etc/svc/repository-manifest_import-20110427_123527): Permission denied                                                        
svc.configd: Fatal error: Backend copy failed: rename /etc/svc/repository.db-KSa4Hq to /etc/svc/repository.db: Permission denied                                
svc.configd: Fatal error: Backend copy failed: remove /etc/svc/repository.db-KSa4Hq: Permission denied                                                          
Requesting System Maintenance Mode                                              
(See /lib/svc/share/README for more information.)                               
svc:/system/early-manifest-import:default exited with status 95                 
Enter user name for system maintenance (control-d to bypass):

Check your zfs setting, particularly nbmand and atime parameter. I myself set nbmand to off and atime to on for the zones’ zfs filesystem and it booted fine.

mplayer2 on openindiana

Some points:

  • Yes, it’s doable. Use mplayer2-build helper
  • You have to install many things (mainly autotools and don’t forget system audio header). Also yasm from opencsw
  • With regard to autotools, you have to create symlink for few things and put it somewhere in your PATH, preferably before everything else (namely ginstall -> install, aclocal-1.10 -> aclocal, automake-1.10 -> automake)
  • Add –cc=gcc to common_options

Probably there are some more but that’s all I can remember right now. Should also applicable for opensolaris (why are you still using it) and Solaris Express 11.

If you want to enable SSE support, you have to apply some patches to mplayer.

If you want to use vdpau while using nvidia’s latest driver, you have to install libvdpau.

Dear WordPress

Please stop breaking my posts. And please remove this crappy “editor”.

Update: turns out one of the plugin (check broken links) caused this whole mess. Doesn’t change the fact that WP’s editor is shit though.

Debian’s sources.list

I kept forgetting them whenever I need one so I’ll put mine here and be happy:

###### Debian Main Repos
deb squeeze main contrib non-free
#deb-src squeeze main contrib non-free

###### Debian Security Update Repos
deb squeeze/updates main contrib non-free
#deb-src squeeze/updates main contrib non-free

###### Debian General Update Repos
deb squeeze-updates main contrib non-free
#deb-src squeeze-updates main contrib non-free

###### Debian Backports Repos
deb squeeze-backports main contrib non-free
#deb-src squeeze-backports main contrib non-free

###### Dotdeb Repo
#deb squeeze all
#deb-src squeeze all

It should cover mostly used packages and will keep me sane. Also debian-volatile has been replaced with debian-updates (god knows why it’s called like that) since squeeze (6.0) but in case I need to take care a lenny or earlier (derp) machines, this should also be added:

deb lenny/volatile main contrib non-free

Oh and Debian/kFreeBSD within a FreeBSD system is quite funny.

Update 2012-12-27: Use improved CDN.

Yet another server move

Three months have (almost) passed, which means the contract for webhost I use almost runs out. Luckily I discovered this cheap VPS (thanks to LowEndBox) which accepts bank transfer as payment method.

Installed lots of things I did, and here I moved this blog. Powered by FreeBSD (woohoo), nginx and php-fpm. The RAM is a little bit small (256 MB) which means this site probably not as responsive as it used to be. Or maybe not. Tell me if you noticed any slowdowns!

Or maybe I should have chosen that Xen HVM option…

On other note, the DNS is provided by Free DNS. They’re so awesome, you should try it if you need managed (and redundant) DNS with IPv6 and DDNS support.

Cheap Torrent Box

So, I recently subscribed to one of the cheapest cable Internet in nation (IDR 214k/mo for 1 Mbps unlimited). The connection is stable and I get one public IP (woohoo). Downlink is relatively good at 700-1000 kbps all time (unlike that crappy Smart EVDO which most of time gave me 100 kbps probably because of my room’s location) though the uplink is not as good at just ~100 kbps. As such, it’s just logical for me to set up a dedicated torrent box since half of my day is spent at office so I can download things while working.

Continue reading

danbooru for windows


This morning I randomly decided to try installing danbooru on Windows (7-x64). And indeed it works. Mostly.

Using mongrel and nginx since unicorn is not available on Windows.

Few things to note:

* system_timer is missing since I can’t seem to install it. Probably need to try ruby19 or ruby18-1.8.6-p27 (currently using ruby18-1.8.6-p383)
* manual initial database initialization since the script I made is specifically for *nix systems
* compiling danbooru_image_resizer is… *fun*
* for whatever reason I can’t install mongrel_service
* apparently there’s something missing. Or broken. Or both – there’s message “The system cannot find the path specified.” every time I start mongrel and do migrate

…anyone interested trying this on production server? 😛

_Last update 2011-07-18 21:01: formatting, also added rewrite rule for nginx to cope with uploaded media path change_

Secure password, version 2

There’s this link for tutorial how to create secure and easy to remember passwords.

More or less it’s the same as the one I posted months ago, just now with character-to-symbol replacement method. Reducing the need to create unnecessary long sentence to get symbols etc.

[ [Read]( | [My old post]( ]

_Last update 2011-07-11 10:31: markdown-fied, fixed link, added tags and categories_

nginx/php 404 proper handler

If you find “No file specified” error message disturbing (as I did), here’s the configuration to remove it!

location ~ .php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_index index.php;
fastcgi_param  SCRIPT_FILENAME    $request_filename;

Don’t use `if (-f $request_filename)` – it won’t work and if is evil. Also the `try_files` will ensure that the file actually exists – effectively disabling possible vulnerability with public file upload on certain conditions.

_Last update 2011-07-10 20:16: working version, markdown-fied_

nginx links

Here are the links I find useful:

* [Why nginx](
* [WordPress with nginx](

Note that the latter link should not be followed anymore.

_Last update 2011-07-10 20:24: markdown-fied_

Easy way to create rather secure and easy to remember password

Long title is looooooooooooong. LOL.

The steps:

* Create (long) sentences (usually two) that’s easy to remember and contains numbers and symbols (ex: I have smartly bought & waste money on manga that the anime has just aired this season, Zettai Karen Children, for $10. It’s a good read though!)
* Take first letter of each words, except for numbers and symbols (from above: Ihsb&wmomttahjats,ZKC,f$10.Iagrt!)
* That’s it, LOL. (and the example above is too long. 2 sentences with 5 word each should be sufficient 😛 )

Last update 2011-07-11 10:32: markdown-fied, tagged and categorized