Tuesday, 28 June 2011

Check Web-Site Permissions

I had to refresh a client's website recently; in a rather quaint way, the front-end consists of a set of static pages containing the general company info while the back-end holding the day-to-day business data is in a third party content management database.

I cheated (creatively) in creating a 'staging' area on the Linux server in which to edit and test the front-end changes which I would then promote to 'live' - which dropped me straight into a set of file permission issues. This is good, since it proves the server has a measure of security; nobody gets to read, write or execute files without the correct file permissions. Fine, as long as you know what they are and how to set them.

The first indication that file permissions are incorrect is when you upload to your server and can't see or run them. At this point, check if the permissions on your site appear to be valid. This will:
  • Check that the permissions make any sense at all, e.g. that a directory is accessible or that a script is executable
  • Check for conditions which would make the web server refuse to run a script for security reasons
  • Check for permissions which are likely to lead to security problems on your site.
If you have any kind of server management console or a decent FTP (File Transfer Protocol) program such as Filezilla (right), you should be able to see the permissions, either in the main file listing panel or by right-clicking for 'properties', 'attributes' or 'permissions' for each file. 

With luck, you get a grid-view showing permissions for read, write, execute; unless you're in an old-school environment using Unix-like permission codes of 3-digit identifiers. 

In some cases there might be a genuine need to have unusual permissions. However, lots of scripts assume an insecure environment in which all sites on a server run as the same user - such scripts will tend to want permissions like 777 and 666 which are not appropriate to a production environment. 

Permissions you will see listed include:
  • 755 This allows everyone to read and execute (or enter, for directories). Appropriate for CGI scripts and directories where you don't mind people knowing what's in there.
  • 711 Only you (and your scripts) can read the contents, but everyone can execute/enter. Appropriate for directories which the web server needs to access but you don't want everybody seeing what's in there.
  • 700 Only you/your scripts can do anything. Appropriate for directories which you don't want to be web-accessible but do use, e.g. to contain data files for your scripts.
  • 644 Allows everyone to read. Appropriate for non-script files which you intend people to access on the web, e.g. HTML, CSS.
  • 600 Only you/your scripts can read. Appropriate for script include or data files which you don't want people to access directly on the web.
You should be able to work out which permisssions to apply to server-side or administrator functions versus client-side or user functions. Remember, if in doubt, lock it down. RC

Monday, 27 June 2011

Full Circle #50: the half-centenary issue Out Now

Full Circle #50 – the half-centenary issue! is available from Full Circle Magazine.  

This month:
  • Command and Conquer.
  • How-To : Program in Python, LibreOffice, Ubuntu Development and Use KDE (4.6).
  • Linux Lab – Gnome Shell -vs- Unity.
  • Review – PAM Facial Recognition.
  • Top 5 – USB Installers.
  • I Think – Should Ubuntu keep it’s current schedule, or switch to a rolling release?
plus: Ubuntu Games, My Story, and much much more!

Sunday, 26 June 2011

How-to: Blogspot Recent Posts Widget


One of the things I like about Blogspot (as Blogger used to be known way back when), is the flexibility to change ANYTHING in your template. You should bear in mind the terms of service before you start ripping out branding and credits elements, but it is a free service, where the technically minded can do what they want - unlike the free equivalent in certain blog platforms I could mention!
There's a huge number of add-in gadgets available, so you can effectively upgrade a template with additional functionality using gadgets, without needing to code lots of scripts or HTML...

The new template used on the Catling Mindswipe has a lot of features out-of-the-box, but a Recent Posts gadget wasn't one. This is easily fixed. I added a Recent Posts gadget with text and thumbnails pre-built.

  1. Login to your Blogger account dashboard, then to Design.
  2. In the Page Elements section of your blog, select a page area and click Add a Gadget.
  3. The usual pop-up window appears containing a large list of gadgets. Continue by clicking on Featured. This contains an impressively long list.
  4. We're looking for the Recent Post Widget with Thumbnails for which I can do a quick search by typing “recent posts thumbnails” on the search bar at the top right
  5. At the Featured list of Gadgets you will find the Recent Post Widget with Thumbnails at the bottom. Click the plus sign to add it.
  6. This changes the gadget selector to the Configure Gadget window. You can changethe gadget title, height, number of posts to appear, the post summary length and other styling elements for layout, fonts, meta-data (date format, comment count). We want the thumbnail and summary text, so using the Snipped Style control, select Summary and Thumbnail. The bottom of this window contains a preview panel so you can see an approximation of your gadget; remember to click on Update each time you change the gadget properties above, so you can see the effect of each change.
  7. When you are happy, click Save to return to the Design/Page Elements area. You should preview your blog from here to see the thing the way it sits on your full blog page. You may not know right way what looks right, but you will know when it's wrong. Adjust the properties by selecting the gadget in Page Elements and clicking edit to bring up that Configure Gadget window.
  8. Click Save at the top of the Page Elements area to save settings and apply the gadget to your live blog page.
NOTE: the Pull Posts from... setting defaults to My Blog. Usually this is fine, unless you have a stack of scripts and code running which take priority over the Recent Posts gadget, in which case you can be looking at a blank gadget. Changing this property to the Blogger blog below and setting the URL to your own blog address seems to fix this problem. RC

Saturday, 25 June 2011

Full Circle Podcast Episode 21 Wibberty Wibberty Woo Out Now

Full Circle Podcast Episode #21, Wibberty Wibberty Woo is available from the main site.
In this episode; Why do we need Ubuntu? The desktop versus the Cloud
Feeds for both MP3 and OGG:
RSS feed, MP3:
http://fullcirclemagazine.org/category/podcast/feed
RSS feed, OGG: http://fullcirclemagazine.org/category/podcast/feed/atom

Full Circle Podcast is also a proud member of the Tech Podcasts Network.

File Sizes:
  • OGG 35.0Mb
  • MP3 23.6Mb
Runtime: 68 mins 23 seconds

Your Hosts:
Additional audio by Victoria Pritchard  

Show Notes

01:25 | WELCOME and INTRO  

02:16 | SINCE LAST TIME
06:53 | REVIEW: Full Circle Magazine Issue #49
  • Dave: - Ronnie's Thunderbird article p.20 - Smithie's opinion on Netbooks, p.26 - Ed's Revenge of the Titans review p.40
  • Ed: The open question 'I Think' article on Unity. p.27
  • Robin: Daniel Holbach's article on Ubuntu development, p.17
015:26 | NEWS
35:20 | CONTRIBUTE

35:51 | OPINION: Why do we need Ubuntu? The desktop versus the Cloud.  

56:27 | GAMING: Trine. Although it killed Dave's laptop. Or maybe Dave killed Dave's laptop...
59:39 | FEEDBACK: Call to action - anyone an expert in protecting yourself and your Open Source project against copyright and patent issues.

Friday, 24 June 2011

How-to: Blog Template Refresh

Regular visitors may notice that we have refreshed the template here on the Blogger site. Partly for a visual refresh and partly for functional reasons, we've finally left our original template behind to go with a feature-rich template Novato (itself based on Bloggerized).

The benefit of an established platform like Blogger is the wealth of free templates, code, gadgets and all-round expertise. I found this template at http://blogtemplate4u.com, alternatively http://www.premiumbloggertemplates.com, which feature templates for Blogger, Wordpress and other CMS...

Wednesday, 22 June 2011

Submit Sites to Search Engines

Google, Yahoo and Bing Indexing Simply being listed in search engines doesn't guarantee you traffic. However, not being in them guarantees near invisibility. Similarly submitting once doesn't guarantee a presence for life. The proper 'grown-up' Search engines send out web spiders to crawl for information regularly. They look for new and updated content, so you need to submit your site periodically to be crawled and updated in the search engines' indexes.

It's worth running through the process for sites in the big 'three' Google, Bing and Yahoo (despite Bing and Yahoo being effectively the same search provider since they linked up)...

Thursday, 16 June 2011

What Is: the Linux Operating System


It's possible that some visitors to this site don't actually know what is this thing Linux to which I keep referring.
The word Linux is generally used to describe an Open Source computer Operating System based on the Linux Kernel which forms the basis for free alternatives to Microsoft Windows or Apple Mac-OS. Linux runs on a variety of hardware platforms from mobile phones, PC's, embedded devices, right up to mainframes...

Sunday, 12 June 2011

Review: Living with the Dell 6400

The Dell Inspiron 6400 (also sold as the Inspiron e1505) is currently my main machine. We remain locked in the love-hate relationship we have shared since I bought it in 2007.

Its wasn't the cheapest Dual-Core Centrino laptop at the time, but a good, solid, mid-range workhorse...

Friday, 10 June 2011

Josh Peterson Photostream

Graphic designer, web designer and photographer Josh Peterson is still producing stunning images. His blog is at Noaesthetic.com which displays a selection of recent works and his photostream on Flickr showcases much more. 

The featured image is 'Assembling for the View'.

Tuesday, 7 June 2011

Demystifying Ubuntu Unity's Graphics Hardware Requirements

No credit claimed here,this is a straight pointer to the article on the Ubuntu wiki, Demystifying Unity's Graphics Hardware Requirements from the Ubuntu wiki.

Part requirements, part How-to, part FAQ page, part bench-mark, if you don't get what it takes to run Unity by the end of this, just give up. RC

Monday, 6 June 2011

Add Places Icons to Ubuntu Desktop

Ubuntu always had an option for adding icons for places such as Home, Network and Trash Can to the desktop. They're just not enabled by default.

If a bare Gnome or Unity desktop is a bit too stark and you want the convenience of these icons, you can enable them.

Run the Gnome Configuration Editor by typing gconf-editor into a terminal or the Alt+F2 run dialog...

Saturday, 4 June 2011

Review: Zoom H1 Handy Recorder

Working on the Full Circle Podcast and various other audio projects, I thought it expedient to pick up a handy-size portable audio recorder to take the place of a laptop or net-book with microphones and cables.

There are dozens of solid-state personal data recorders around, in all price ranges and all qualities. As usual I set myself a budget and settled on the Zoom H1, baby brother of the more capable H2...

Thursday, 2 June 2011

Review: Android 2.3.3 Gingerbread

Almost a month on from the upgrade and so far nothing but good to report on the latest stable release of Android CyanogenMod 7.0.0.buzz.

It's finally got my HTC Wildfire smart-phone where I wanted it all along.

The original article on rooting the phone can be found in the archive. Remember that rooting your phone will void the warranty and could do physical damage if used badly. But if you get it right...