My current employer CARET, part of the University of Cambridge,  are looking for two intrepid folks to come and join us as developers here in Cambridge.

There are currently two positions, one as developer here, and one as a more senior developer/architect here.

I have been at CARET for just short of 6 months, and during that time I have almost adjusted to the academic way of life.

A little earlier we (the Infrastructure team) published our incident report for last week’s intrusion.  You can read the full report here

Essentially what happened was; the server that hosted the apachecon.com website was compromised, and after a short while they discovered the SSH key that allowed them to gain shell access on people.apache.org. From here they placed files in the webroot of several websites.  These were then rsync’d to the US and EU website mirrors.

As most of our sites used CGI to offer ‘nearest mirror’ downlaod service, we had to support the use of ExecCGI.  This meant these scripts were executable.  The CGI scripts essentially allowed the attacker to gain remote shells (in the context of the webserver) sending command via HTTP POST commands.

There are no remaining residual effects, and all services have been restored.  The full report contains all the details.

After all the fun and games of the past few days Aaron and I have managed to rebuild the entire VM, and apachecon website.  It was a lot of fun and games, and I’m sure in we’ll be buying each other a lot of beer in Oakland.

So, go, get your daily dose of apachecon fun, over at http://us.apachecon.com

Thanks to DrBacchus mod_pony has been resurrected, and I have it installed.

How do I get mod_pony?
(1) svn checkout http://svn.rcbowen.com/svn/public/mod_pony/mod_pony.c /tmp
(2) /usr/local/apache/bin/apxs -cia /tmp/mod_pony.c
(3) edit your httpd.conf (or variant there of) and add

SetHandler pony

(4) /usr/local/apache2/bin/apachectl restart

Now open your browser, and goto  http://foo.example.com/pony  and you should see :–

If you have your servertokens set to ‘Full” then you will also see mod_pony listed there too.

Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.8b DAV/2 SVN/1.4.5 PHP/5.2.6 PONY!

Tonight on Top Gear, the stig was unveiled.  It is no other than Michael Schumacher.   He even took the new Ferrari FXX round the Top Gear track in 1:10, which was a whole 7 seconds faster than anything else.  I was so impressed when I discovered that it was Schuey.

However there are already rumours whizzing around that this is/was not the real ‘thing’. Whatever, it was a great BBC moment.

Joe you are always there
Albeit some times quiet, but always with a percieved killer stare.
Joe sometimes you say you just don’t care.
But we know in the morning you’re like a grizzly bear.

It has been sometime since we have seen joes2.
Does he still live with you?
We know you work from home;
but do you always have to groan?

Now that LDAP is on it’s way,
We hope to make you proud one day.
Please don’t have any fear,
Just make sure you tell infrabot you owe us a beer.

We know you’re good with C and Perl
So we must find you a girl;
To take you out for a bit of a twirl.

Oh Joe we love you so.