Early last week, I presented at cPanel’s Automation Bootcamp 2011. The title of my talk was ‘PCI Compliance: It’s about to get real.” Since neither cPanel nor I recorded the presentation (and the EiC over at  the Whir mentioned having a hard time trying to keep up), I figured I’d recap it here. If you just want the slides from the presentation, you can get those here.

PCI (DSS) Compliance for e-Commerce Sites

As much as people love to hate PCI Compliance (or more specifically, the scanners), it is a necessary evil. In an industry-wide race to the bottom, the Payment Card Industry Security Standards Council (PCI-SSC) had to implement a standard to which they could hold everyone accountable, and by which they would judge the security of consumer data, in all payment card transactions.

In 2006, the PCI-SSC got together and composed a standard that everyone in the Payment Card Industry (everyone who accepts payment cards, from brick and mortar stores to e-commerce), which they called the Data Security Standard. They wanted to help streamline an increasingly complex process (getting approved to process credit cards through your own in-house-developed payment application), but without compromising the security of consumer data. While the importance and relevance of PCI DSS can be overinflated, it is just as necessary as any other standard. Treat it like a list of regulations to follow, use common sense, and you should be fine.

To help you along, I have outlined much of what’s included in the PCI-DSS, and what you can do to help secure your server, and help your server pass its scan.

(more…)

I found out on Wednesday that the position I’m in at LW (Quality Control) is being dissolved, so I was given a few choices: Support Supervisor, Monitoring Tech, and Support Tech. After lots of debate and hemming and hawing, it looks like I’m gonna do some support for a while. I’m actually kind of excited, which will probably make many of you think I’m crazy. A month or so ago I came in on a Saturday night, and spent a good 6 hours just doing tickets. It was the most fun I’d had at my job in quite a while. I miss the daily challenge and the weird stuff. I still have a lot of technical knowledge, but it’s slipped quite a bit from where I was when I stopped doing Monitoring full time (you know, three years ago).

I’ll have another week to tie up my loose ends in this spot, and then it’s back to the phones and helpdesk. I’m sure I’ll tire of it shortly, but I welcome the challenges.

Ani suggested we set up a cage match for the department heads, and let them fight over who gets me. Think we could make some money on that one?

So, what started as a post about how companies encourage and welcome women into their company has become a pretty good discussion about the actual barriers that women face entering any kind of strongly tech field.

Double the women = way cooler.

Comments are wide open on this one. What do you guys think?

I’ve got a new project going. For this project I wanted to be able to have a few different sections of the site act like different sites, and I wanted to be able to share administration with many people of varying admining abilities. From what I’d read about WordPress Multisite, I figured it was going to be the easiest way to do it.

I wasn’t entirely wrong, but it sure wasn’t as easy as I’d expected it to be. Mostly for two small reasons.

The setup

I decided I wanted to try some local development for this project, on my laptop. A google search revealed: the easiest way I found was using a piece of software called MAMP. It installs PHPmyAdmin, MySQL, and Apache, and has an easy interface to help you set everything up.

I followed these directions in order to install WordPress on my laptop, and started on these in order to get MultiSite set up. I got to step five before I encountered my first error.

The error

The second part of Step 5 is to add the lines that the network installation gives you to the wp-config.php. I did that, added the .htaccess lines. I then went back to my install to log in, and was faced with the giant error:

After a lot of troubleshooting and attempting to duplicate the error on my VPS, I figured out that WordPress Multisite is completely incompatible with InnoDB, and my MAMP install was set InnoDB by default.

(more…)

Today one of my very favorite people is leaving the company that we have worked for, fought for, sweat for, cried and sacrificed for together. I’ve been here 4.5 years. He’s been here about a year longer than me.

Most techs don’t deal well with emotions. The longer I’m in this industry, the more I’m convinced that a lot of us are boarder-line alcoholics because we both don’t know how to deal with our stress levels, and don’t know how to deal with our emotions. (That’s probably true for a lot of professions, but this one I know for sure.) And my eyes are wet. So I’m gonna write it out.

Jay was an amazing mentor when I first hired in. I knew almost nothing about Linux (which is crazy to think about). All I had was customer service, and even that waned when I got so frustrated at not knowing what I needed to know. Jay took very good care of me in those first few months. He talked me through fixing so much, and fed me information as quickly as I could gobble it up. … and he wasn’t even in training yet.

As he and I both worked up through the ranks, and worked together to make this company better than it thought it could be, we started taking trips to get coffee. It was a small thing, but it ended up being one of the defining moments of our weeks: coffee together. We bitched, we problem solved, we discussed, we congratulated.

More than that, though, we supported. If there was a question to which I didn’t have an answer, Jay was my man.

I have been touched by Jay’s kindness, his genuine-ness, and his enthusiasm. Even though he and I do not interact as much as we did when we were in the same building, I am scared that without him in my day-to-day life I will fall short of what I can achieve. Now that he’s moving on to bigger and better things, I’m wondering how many people will fall short because he’s not around as much.

To avoid it negatively affecting people, I am going to hold myself to a higher standard: I will be as kind, genuine, and enthusiastic as Jay has always been to me, to everyone I encounter every day.

<3 you Jay. Let’s coffee soon.

I have to admit that the difficulty I had with resolving this problem was probably self imposed, but it’s taken me a good 5 or 6 hours of research and reading to come to a very simple solution, so I figured a post was in order.

Short version of the problem:

I wanted to be able to have each post type (specifically Category in this situation) display as its own page on the site (which WordPress does on its own with a category-post link) on the Navigation Menu (which is also possible in combination with the Pages). There are a few plugins that say they’ll make it happen, but I couldn’t find anything that worked exactly the way I wanted it to. I spent a bunch of time researching page templates and thought about creating a different one for each category in an attempt to hack together my own way using The Loop, and to put it simply: it just wouldn’t work. I was convinced I was missing some huge link, and was staring at an obvious solution.

Not surprisingly it came down to the simplest of solutions ever: an .htaccess redirect.

I created a Page with the title I wanted to use (to make it show up in the menu), and then redirected to the category page.

Redirect 301 /$PageName http://example.com/archives/category/$CategoryName

… duh.

Much thanks to Ipstenu for the Aha! moment.

About two months ago, my mom got a new Dell Inspiron 5010. Soon after its purchase, she started complaining about her laptop exhibiting a symptom that I had never heard of before. She said her screen would lock up, but she could still move her mouse, and if she waited long enough it would start working again. I had her try all the normal phone-support things (close everything, reboot, kick it with your boot), and nothing seemed to alleviate it.

I got a chance to see it myself, and was amazed: At random intervals (but nothing longer than five minutes), her cursor would turn into the Windows7 version of the PinWheel of death and hang there for anywhere from 30 seconds to 90 seconds. There was nothing taking up enough CPU or Memory (task manager would continue to update while it was locked) to cause the symptoms, but programs would lock for long enough for Windows to mark them as ‘Not Responding’, and the whole computer would become useless until the screen unlocked.

In the last two months, to fix it, my brother and I have both tried our hands at it. We’d removed all of the pre-installed Dell software. We removed all of the software that Ma said she didn’t need. We scanned for viruses and mal-ware. We turned off PowerNow! (thinking it might be a power-saving problem) and we turned off Virualization (because, honestly, why the fuck not, right?). We did EVERYTHING we could think of. Finally, last week, we caved. Admitting defeat, I told my mom to back all of her files up on her external harddrive, and I’d be by Saturday afternoon to reinstall Windows.

Through an afternoon of adventures, which involved installing the wrong version of Win7 (Pro) twice, and the right version three times, I not only was able to correct the problem, I was able to CAUSE it again!

After the first installation of Windows7 Home, I used Dell’s CD that had all kinds of drivers for this model of laptop. Long story short, I fought to get the wireless card to work, and broke two installations doing it. I was able to figure out that the interface that Dell provides to help you get all of the drivers installed… leaves something to be desired. In that interface, a check mark next to a specified driver means that your computer contains that piece of hardware. *Not* (as one might normally assume) that the driver with the check mark designates that driver is installed.

Once I figured that out, I installed the correct driver for the wireless card over the top of the incorrect driver and all of the sudden the symptom started showing up again. Rather than risk it, I took the 20 minutes to wipe and reinstall again, and then went through and made sure that only the correct drivers were installed. Now it’s running like a top.

That made me both instantly happy, and ready to kick puppies.

Mom’s specs, pre-fixing:

OS Name    Microsoft Windows 7 Home Premium
Version    6.1.7600 Build 7600
OS Manufacturer    Microsoft Corporation
System Manufacturer    Dell Inc.
System Model    Inspiron M5010
System Type    x64-based PC
Processor    AMD Athlon(tm) II P320 Dual-Core Processor, 2094 Mhz, 2 Core(s), 2 Logical Processor(s)
Installed Physical Memory (RAM)    4.00 GB
Total Physical Memory    3.75 GB
Available Physical Memory    2.65 GB
Total Virtual Memory    7.49 GB
Available Virtual Memory    5.87 GB
Page File Space    3.75 GB
Virtualization disabled
PowerNow! disabled

I spent the better part of yesterday contemplating different php modules, in between mucking with my mom’s laptop (which will get its own post). I’ve decided to go with fCGI, but I really just wanted to share this chart. It’s terribly helpful.

I am going to try to post at least once every day during the month of November. Ideally, I’ll achieve a 500 – 1,000 word post each day during the month of November. I know I don’t have the stamina to do an entire novel (a-la Nanowrimo), but at least a few words of babbling about what is going on inside my head is something I think I can do.

Today’s moment of truth came while I was eating my (homemade) breakfast burritos, and sorting through my email: The things I do at work could qualify me for 1) Social Media Expert (bleh) 2) Event Planner 3) Site Designer 4) Technical Support 5) Office Manager 6) Site Manager, plus more. I wonder if other people are so versatile, or if there’s some crazy unique combination of skills/experiences that allow me to do all of these things.

Note: This is part 2 in a series on Apache in a LAMP environment. You can read part 1 here.

Now that we’ve covered the common directives, and how they relate to each other, let’s talk about some tweaks to make Apache hum in your environment. We will assume that you know where to find the referenced files.

What we’ll cover in this post is all contained here (a copy of my own VPS’s Apache directives).


KeepAlive On
MaxKeepAliveRequests 150
KeepAliveTimeout 5
<IfModule prefork.c>
StartServers 10
MinSpareServers 10
MaxSpareServers 20
MaxClients 150
MaxRequestsPerChild 500
</IfModule>
<IfModule worker.c>
ServerLimit 5
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 500


Timeout 300

Understanding the implications of any changes you make to your configuration is essential, but a lot of that knowledge will come with experience. Here is my take on three of the directives, and some of the things you can do with them.

1: MaxClients.

This directive defines how many simultaneous and independent requests will be served by Apache. There are two things to consider before you change this setting.

• What is the current setting?

By default Apache uses a setting of 150. This is a good starting point but it’s probably low for dedicated servers. Slowly ncrease it in increments of 25-50. If it’s already at 500 or 1000 then increasing it more may not be the right answer.

• How much memory/CPU does your site take per page load? How much memory/CPU do you have left?

You want to allow pages to be served. You don’t want to crash the server. If your site is normally memory or CPU intensive and you don’t have much to spare you will want to think carefully before increasing it.

If MaxClients is reached new requests are queued rather than being served immediately. This will appear to clients like a really long load time. Check your error log for this error:

[Sun Jun 06 18:00:15 2010] [error] server reached MaxClients setting, consider raising the MaxClients setting

There are a couple ways to handle this. The most obvious is increasing that number. You can also use a command like netstat to determine if there is a single IP address that has a lot of connections to port 80 on your server. My favorite piece of bash-fu:

netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head

That will collect a list of all of the open connections to port 80 and sorts the 5th field in that string. Depending on your system you might need to tweak the line to sort by the correct field. The ‘Foreign Address’ field is the one you want.

2. KeepAlive

KeepAlive is an on/off setting. It determines if a connection to the client will remain open after Apache serves its request. If your server is high traffic or is serving a lot of small and/or flat files then turning KeepAlive off can significantly reduce resource use by Apache.

Beware, though, that changing this directive is not as predictable as with the others. If you decide to change it on an a server that is experiencing problems at the time you should keep a close eye on your server’s load and your finger on the kill -9 trigger.

3: MaxRequestsPerChild

MaxRequestsPerChild defines how many requests a single Apache child would serve before it was killed and a new child spawned. In a shared environment this can be very helpful to negate the effects of memory leaks in the web server. By default this setting is 1000. A good value for this setting in a shared environment is 150% of your MaxClients directive.

If you are serving the same static, predictable content you can safely pump this directive up pretty high. This will decrease the amount of times that Apache has to kill and spawn new children. 10,000 is a good setting for higher traffic servers with stable/static content. If you like to live dangerously you can set it to ’0′ (unlimited). If you increase it beyond 150% you might consider writing a script that will monitor your server’s memory use and alert you if it gets too high.

---

Apache configurations are very subjective. Once you understand each directive you’ll find that you develop your own best practices. Since most configuration tweaks are born out of necessity you will probably find yourself making these changes under fire. Good luck. :)