The Sysadmin's Daily Grind: Serendipity
Blog Me Up!
From time to time, sys admin Charly has to leave the beaten track and concern himself with topics outside of his core competency range. When this happens, it's good to have the right tools on hand.
Sometimes even Star Trek's Scotty  can't avoid tasks that are not his specialty, no matter how often he complains, "I'm a mechanic, not a doctor." The solutions he uses to rescue the Enterprise from what feels like hundreds of warp-drive meltdowns are correspondingly unorthodox.
When it comes to tools, Scotty has a clear opinion: "Always use the proper tool. If the proper tool isn't available, use a hammer."
When I'm asked to build websites, I can empathize with Scotty. I'm a sys admin, not a web designer!
The fact that I use vi to produce my HTML code gives the results an ascetic, reduced-to-the-max kind of feel. The code does the job, but the results look pretty bad. Scotty would love me for this.
Sometimes warp factor 1 just isn't enough. Recently, I needed a web page, similar to a blog, that gave users the option of commenting on part of the content. The Serendipity  blog engine is flexible enough to serve as a makeshift CMS, and it guarantees fast results.
S9y, as the Serendipity community likes to abbreviate its favorite product, needs fairly recent PHP packages and a database connection. After you finish unpacking the source files, copy them to a directory on your web server, change to the directory, and then enjoy the installation, which runs perfectly in a browser.
After you finish installing it, S9y looks just like you would expect a blog to look; however, the administrative interface provides a multitude of plugins just waiting for their marching orders (see Figure 1).
Using a couple of plugins, I can easily insert external HTML or PHP code into the page structure. I need this function quite often, for example, to integrate RRD graphs or Nagios results. I added some seasoning in the form of discussion forums, galleries, connectors for a huge number of instant messengers, and dozens of other nice things to have – all of them beamed directly from the plugin directory.
This doesn't mean that I neglected the security side, though. Developer Garvin Hicking's team loves clean code, so much so that they tag plugins with unequivocal warnings if the plugin seems best suited to shooting yourself in the foot.
Lawyer's Best Friend
The commentary system, which is important for my application, has had a double opt-in feature in its Subscribe function since Serendipity 1.4. Unfortunately, clever lawyers have been known to sue because, in their opinions, mails from a commentary thread you subscribe to are the legal equivalent of a newsletter, and you need a double opt-in for newsletters. Scotty would just say: "I'm a mechanic, not a lawyer."
Buy this article as PDF
3ROS attack tool lowers the technical bar so anyone can be an intruder.
Mozilla's latest browser offers powerful new privacy feature
If attackers are on your system, saving your passwords in a password vault is no protection.
Faulty hash algorithm persists, despite efforts by experts to raise awareness.
Powerful man-in-the-middle attack is now targeting online shopping.
Another high-profile coder says the kernel team needs a kinder, gentler culture.
Bug database has a bug of its own that could allow an intruder to create an unauthorized account.
Report focuses federal resources on achieving universal Internet access.
Leading browser makers say “no” to porous encryption algorithm