Recently, I read an article on the Sucuri Blog about the fundamentals of filesystem permissions, and how to apply some these fundamental concepts to securing web applications. When I noticed the article, I was quite happy to see that this issue was getting what I believed to be some much needed attention. As a security administrator working for a mid-sized web hosting company, I have found filesystem permissions to be one of the most misunderstood fundamentals of managing web applications. This misunderstanding can have colossal consequences when paired with unpatched, vulnerable web applications.

Having been the first responder to the ensuing incidents (which I assure you, are not pretty), I was hoping Sucuri’s post would be the champion of that cause which I have recently found so near and dear to my heart. While it is an excellent overview of UNIX filesystem permissions for someone who has no knowledge of such things, it stopped short of answering what, in my mind, is the real question that needs to be answered about filesystem permissions. Principally:

How do I decide what modes to apply to which filesystem resources?

With the aforementioned blog article having stopped short of answering that question, I decided to take it upon myself to build on the article, and deliver the unambiguous answer which so badly needs delivering. So without further adieu, we will explore the question.

For as long as I have cared about technology, I’ve hated Apple. I’ve hated their products. I’ve hated their users. Alright, so I tolerate their users. I do so, however, in the most begrudgingly possible way. But their MacBooks, their iPads, and their iPhones I have absolutely no toleration for. In stark contrast with most of the technology using world, I actually value my freedom as a user. In the land of desktop computing, that’s no problem, because I can just load some flavor of Linux onto all my machines. In the land of mobile, that’s a huge problem, as Linux-based options have turned out to be nothing but broken promise after broken promise. So I’ve settle on Android, where I’ve been very happy, and very free of iOS. Unfortunately, I have an incredibly uncanny ability to lose my phones. In these situations, I usually have to scrape up whatever I can find, and call it a victory just to have something that works. Fortunately enough for me, I’ve always had the dumb luck to chance across an Android in these situations.

Until now.

A Rare Off-Topic Look at a Social Issue

I have a niche here, and my niche is writing about techie stuff. I like to try to keep it that way, but the unshakable reality is that I am a student of Political Science and Philosophy, and so occasionally need to sink my teeth into the uncomfortable conversations that people don’t like to have at the dinner table.

Today I break my niche to join the conversation about an issue that has not only spent a lot of time in the news, but spent a lot of time sparking heated discussions amongst people all around me. I don’t really feel like naming the specific incident that everyone is talking about though, because you probably already know what it is, and there are already plenty of other people willing to name it. Above all though, the reason I don’t feel the need to bring up the specific incident everyone is buzzing about it because to do so would run contrary to the very core of what really needs to be understood in the wake of yet another one of these dumbfounding tragedies.

What does need to be named though, is what has sadly become a regular and recurring issue in the United States. Those awful times when someone (or a group of someones) makes an irreversible decision to indiscriminately end as many lives as they can touch, and a mass murder is christened.

So why does this now need to be talked about? Well, it’s always needed to be talked about, but the discussion on this issue always goes so far off the rails, that nothing of worth actually ever comes from it. This time though, all of that unproductive conversation has come back to haunt us. The tens of thousands of hours spent on media coverage of legislation, expert studies, people at tables yelling at each other, and other worthless garbage which has yielded no preventative results had gone on to actually propel one of these mass murders rather than the typical doing nothing to stop them. So it’s time to talk about altering the course of the discussion. Now it’s time for more people to step up and say what not enough people have been saying, and what more people should have started saying 15 years ago. So this blog post might never be read by anyone who can do anything about it, but who knows. Maybe it can inspire someone smarter than me to inspire some people more powerful than them. All I know for sure is it needs to be said, so I’m here to say it.

Python is a wonderful programming language. It is far and away my high level language of choice, and useful for all kinds of endeavors. Its “batteries included” style makes it a remarkably flexible tool which can be used to build any kind of application you can think of, and makes it highly accessible to newcomers. For veterans whose applications have performance critical components, CPython has a low level C API which allows you to wrap pure C and introduce it into the execution of your Python code. Hell, Python even has a Java implementation for Python developers who want their applications to run on JVMs.

As if that wasn’t cool enough, you can easily push out a graphical interface for your Python application, since there are language bindings for the wxWidgets, QT, and GTK widget kits… just to name a few. Or if you want your Python application’s interface to be web-based, then the WSGI standards and compliant servers can get you there.

Writing for the web is where I have been spending most of my time lately, and it truthfully makes me wonder why anyone would write for the web using anything else. I admittedly haven’t yet ventured down the Ruby/Rails path, but I’ve gone on record before as calling PHP the web development language for chumps, and the more time I spend with Python, the less I regret my inflammatory choice of insult.

However, as delighted as I have been with my Python experience thus far, it has definitely not been without its share of annoyances. Most of them are trivial, but some of them, such as the one I’m about to sound off about, genuinely make me want to rant. So that is exactly what I intend to do.

Every once in a while, I like to post on topics which are more accessible to a wider audience. Often times however (which will probably become even more often in 2014), I like to really just nerd out about things I think are cool to talk about. Unfortunately, this tends to make for less accessible posts. I would apologize for that, but whatever. It’s my blog, and I’m not sorry. The point is, this is one such post. If you aren’t either a Linux user or a morbidly curious individual, then this isn’t the post you’re looking for. Move along.

For the last two and a half years in which I’ve been a Linux user, two of those have been spent quite happily in the (not so) tender care of Arch Linux. Arch is a truly fantastic Linux distribution for a whole host of reasons which could merit an entire blog post of their own. Since we don’t have time for two blog posts though, I’ll just leave it at “Arch is awesome”.

It’s actually because I took such an early liking to Arch Linux that I was driven to try Gentoo for the first time. Gentoo and Arch share many similarities in both philosophy and design which I found myself liking in my Arch expericne. However, despite the commonalities, my first attempt at Gentoo convinced me that I absolutely hated it. All I could chalk it up to was linux for masochists, and every configuration I performed felt like a run through suicide linux.

Yet today, I write to you from the desktop of my fresh new Gentoo Linux installation, which now serves as my primary operating system. In fact, not only is it my primary operating system, but I now vouch for Gentoo as being one of the finest Linux distributions in existence, both for a general purpose computer and for a highly specialized machine with a specialized task.

So how did such a drastic 180 overtake me? The only way Gentoo can: in stages.

Although I have admittedly not always been a nerd, I have always had a certain inclination in my approach to technology which has involved searching for and discovering alternative methods to solving conventional problems. This mentality has no doubt played an indispensable role in my pursuit of the nerd’s life, but it started with ventures as simple as discovering the wonderful capabilities of a slightly lesser known piece of software. Today, I make it my mission to blather on about exactly about one such piece of software, and why you might choose it in favor of a more mainstream solution.

If you know anything about me, and you read this title, I probably don’t even need to write a lead to get you interested in this post. In fact, you’re probably salivating in anticipation of what appears to be the greatest word-eating of all time, materializing before your very eyes. If you’re an ardent Windows user, you probably feel betrayed a bit, because for so many years, I had your back against those annoying apple-loving, coffee shop dwelling, snot-nosed hipster brats who were always word vomiting nonsense about how their computer “just works” and how it doesn’t get viruses. Well, Microsoft-loving ignoramus, don’t start your helpless tantrum throwing just yet, because this bit of writing might not be quite as capitulatory as it seems on first appraisal.

Make no mistake about it though: OS X is a truly awesome piece of software architecture, and I would choose it any day of the week over ever going back to Windows.

I hope you weren’t holding your breath

So for those of you who were daring enough to start following my blog, you have noticed that it’s been nearly a month since my last post. Well, as you might imagine with nerds, I have been quite busy, and it turned out the making of the blog series is quite an involved writing endeavor. So with how much time I’ve sunk into getting myself just half way through the series, I have made the difficult determination that it simply isn’t worth the strain on my time. While I know that I have broken hearts all over the world and several of you have probably resorted to tears, all of this disappointment comes with a glimmer of good news. I will be releasing making of the blog part II for humans at some point, but it will be the final installment of the series. Really, even that is only being released because it’s most of the way completed anyways, and the idea of throwing away the several hours spent crafting it makes me nauseous.

All in all, this is a positive thing though, as you will notice that the volume of posts will increase, and I will be much happier. Also, with some of my competitors stepping up their game with promises of weekly blog posts, obviously I need to get with the program or get out of the game. Which leads me into my next exciting announcement…

A disclaimer to human beings

If you read my last post, then you’re in a fairly good position to follow this one. However, that post was by no means a comprehensive coverage of everything I’m about to blast through a paragraph from now. The “for nerds” installments in this series will be very much a sink-or-swim affair, and I won’t be stopping to thoroughly explain concepts the way I do in the “for humans” installments. At best, you’ll see a link to a location you can read more about something, and even then, this is only likely to happen if the technology or concept I’m explaining is somewhat obscure. If a little challenge never daunted you though, and you wanna give this post a run anyways, I applaud you. Remember who your best friend is if you ever find yourself scratching your head.

Ready to roll with the nerds? Yeah, you’re ready to roll with the nerds. So as some moronic Italian plumber once said, “Here we go!”

The Preface

This blog is something which has been kicking around my head since right around the beginning of the year. Wanting to launch some sort of personal web space for myself has been a goal since well before that. There have been a few barriers which conspired to keep this from happening, the most prominent of which was simply expectations for myself. I wanted the website to be entirely mine. I wanted to build the code from scratch, build the environment from scratch, and host the damn thing myself on my own home internet connection. This was a perfectly valid idea in my overzealous mind. I know how to write HTML, I know how to write CSS, and although my PHP is garbage, my Python is pretty tight, so I have a very good dynamic web programming language under my belt. Besides, for some (not so?) coincidental reason, most of today’s coolest web frameworks/applications/technologies are all either written in Python or Ruby… so I’m not saying those are better languages than PHP (personally, I find Ruby to be quite repulsive), but the people who wield them certainly seem to be of a different caliber. Feel free to flame me for that one in the comments ;)

Before we begin, a bit of justification…

Blogs. Blogs are cool. You might want one. You might read one. You might just be curious about what goes on out in that magical black box we call the internet. Whatever your reasons for curiosity, you are but a mere human. You don’t have time to worry about why your browser gives you a search box when you punch ‘www.google.com’ into it, or about why the pretty colors are pretty colors. This is nerd stuff, and you’re not a nerd. Well I’m about to solicit you some free advice, human. Firstly, every responsible blog operator should understand some basics about the architecture of their content delivery medium. Just as a radio DJ should know a thing or two about the airwaves, and a musician should know a thing or two about the travel of sound, the blogger ought have the basics of the internet firmly under his or her belt. Secondly, as intimidating or foreign as this may seem, these concepts are totally within the grasp of human beings. If you’ve learned how to operate your PC (Or Mac, if you’re truly helpless), and you’ve learned how to operate your web browser, you’ve already done most of the heavy lifting. Unless you’re using Internet Explorer, in which case you’re beyond my ability to help you. In fact, if you’re using internet explorer, you might just want to stop reading this blog, because I promise you it will not be the last time I rip on that wretched piece of worthless filth that the morons over at Microsoft have the audacity to call a browser. I digress, though.

Getting to the down and dirty

Moving right along. In my last post, I made mention of 3 components every blog needs in order to firstly exist, and then secondly be viewable by the world. Today’s post will focus on the web host portion of that trio. I’m covering the web host first not because I work for one (…alright, maybe because I work for one), but because the costs (or lack thereof) associated with maintaining your blog are determined almost exclusively by the cost of your web hosting package. Depending on how much experience you’ve had with actually operating a website before, the feeble human part of you may be crying out, “BUT WTF IS A ‘WEB HOSTING PACKAGE’?!?!” That’s an excellent question, feeble human, and I’ll gladly use it as a segway into my next section.