Worst legacy experience...

Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.

Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.

The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.

Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).

*Downloads Android Studio from the official Android website*
*Opens Android Studio*
Android Studio: "Error: Process command usr/local/android-studio/jre/bin/java finished with non-zero exit value 127
Me: I didn't even do anything yet. I guess I'll change the default Java directory to my native Java JDK
*One hour later*
Android Studio: 50 errors occurred during the Gradle Build.
Me: ( ._.)

The website for our biggest client went down and the server went haywire. Though for this client we don’t provide any infrastructure, so we called their it partner to start figuring this out.
They started blaming us, asking is if we had upgraded the website or changed any PHP settings, which all were a firm no from us. So they told us they had competent people working on the matter.

TL;DR their people isn’t competent and I ended up fixing the issue.

Hours go by, nothing happens, client calls us and we call the it partner, nothing, they don’t understand anything. Told us they can’t find any logs etc.

So we setup a conference call with our CXO, me, another dev and a few people from the it partner.
At this point I’m just asking them if they’ve looked at this and this, no good answer, I fetch a long ethernet cable from my desk, pull it to the CXO’s office and hook up my laptop to start looking into things myself.

IT partner still can’t find anything wrong. I tail the httpd error log and see thousands upon thousands of warning messages about mysql being loaded twice, but that’s not the issue here.
Check top and see there’s 257 instances of httpd, whereas 256 is spawned by httpd, mysql is using 600% cpu and whenever I try to connect to mysql through cli it throws me a too many connections error.

I heard the IT partner talking about a ddos attack, so I asked them to pull it off the public network and only give us access through our vpn. They do that, reboot server, same problems.

Finally we get the it partner to rollback the vm to earlier last night. Everything works great, 30 min later, it crashes again. At this point I’m getting tired and frustrated, this isn’t my job, I thought they had competent people working on this.

I noticed that the db had a few corrupted tables, and ask the it partner to get a dba to look at it. No prevail.

5’o’clock is here, we decide to give the vm rollback another try, but first we go home, get some dinner and resume at 6pm. I had told them I wanted to be in on this call, and said let me try this time.

They spend ages doing the rollback, and then for some reason they have to reconfigure the network and shit. Once it booted, I told their tech to stop mysqld and httpd immediately and prevent it from start at boot.

I can now look at the logs that is leading to this issue. I noticed our debug flag was on and had generated a 30gb log file. Tail it and see it’s what I’d expect, warmings and warnings, And all other logs for mysql and apache is huge, so the drive is full. Just gotta delete it.

I quietly start apache and mysql, see the website is working fine, shut it down and just take a copy of the var/lib/mysql directory and etc directory just go have backups.

Starting to connect a few dots, but I wasn’t exactly sure if it was right. Had the full drive caused mysql to corrupt itself? Only one way to find out. Start apache and mysql back up, and just wait and see. Meanwhile I fixed that mysql being loaded twice. Some genius had put load mysql.so at the top and bottom of php ini.

While waiting on the server to crash again, I’m talking to the it support guy, who told me they haven’t updated anything on the server except security patches now and then, and they didn’t have anyone familiar with this setup. No shit, it’s running php 5.3 -.-

Website up and running 1.5 later, mission accomplished.

The entire reason I became a developer was so that I could one day build something that I can say has/had a handful of users, that I could build something that helped save someone's life, that helped someone in their time of need.

That reason was fulfilled when I built my only successful and proudest project during a cold night in 2011. I was 16 at the time, and here in South India, there was a major cyclone affecting a portion of our country (Chennai/Tamil Nadu). A lot of my family were in affected areas, and I didn't know what I could do being so far away (around 400kms/250mi away, in Bangalore).

I stayed up all night to build what was then known as ChennaiRains.org. It was a simple website, a directory and a safe house for everyone's information. Whoever needed help, whoever was ready to give help, whoever was volunteering their travel, their time. I didn't think it would help much. I just wanted to make a small difference.

Next morning, after the hangover of the all-nighter I pulled faded away, I see that the website went viral after a few shares on Twitter. The community was so supportive of my little project to help my family and friends. It caught a peak traffic of a million users overnight, no ads, no money made from this, I just earned the experience of a lifetime. It eventually helped a lot of people in need, connected a lot of volunteers and victims.

It has been the epitome of my life. It's the reason I still develop applications to-date, even if they are simple. Somewhere out there, someone needs it, and I want to be able to help to them :)

Whilst I was browsing the university website I came across a directory that allowed directory listings. Amongst all the .pl files was one named something.pl.old. Rather than interpreting the file the web server returned the raw source, including domain credentials for one of the network admins.

Hey there!

So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.

Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.

Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.

Thanks in advance for enduring my rant and infodump 😅

Got a new website i should maintain... Code is a real mess... Why did some kids do something - it breaks my heart^^
The directory hasnt any seperate folder except the img-folder - css,html and js are inside the root dir...

I had spent the last year working on a online store power by woocommerce with over 100k products from various suppliers. This online store utilized a custom API that would take the various formats that suppliers offer their inventory in and made them consistent. Now everything was going swimmingly initially, but then I began adding more and more products using a plug-in called WP all import. I reached around 100k products and the site would take up to an entire minute to load sometimes timing out. I got desperate so I installed several caching plugins, but to no avail this did not help me. The site was originally only supposed to take three to four months but ended up taking an entire year. Then, just yesterday I found out what went wrong and why this woocommerce website with all of these optimizations was still taking anywhere from 60 to 90 seconds to load, or just timing out entirely. I had initially thought that I needed a beefier server so I moved it to a high CPU digitalocean VM. While this did help a little bit, the site was still very slow and now I had very high CPU usage RAM usage and high disk IO. I was seriously stumped the Apache process was using a high amount of CPU and IO along with MYSQL as well. It wasn't until I started digging deeper into the database that I actually found out what the issue was. As I was loading the site I would run 'show process list' in the SQL terminal, I began to notice a very significant load time for one of the tables, so I went to go and check it out. What I did was I ran a select all query on that particular table just to see how full it was and SQL returned a error saying that I had exceeded the maximum packet size. So I was like okay what the fuck...
So I exited my SQL and re-entered it this time with a higher packet size. I ran a query that would count how many rows were in this particular table and the number came out to being in the millions. I was surprised, and what's worse is that this table belong to a plugin that I had attempted to use early in the development process to cache the site. The plugin was deactivated but apparently it had left PHP files within the wp content directory outside of the actual plugin directory, so it's still executing scripts even though the plugin itself was disabled. Basically every time I would change anything on the site, it would recache the whole thing, and it didn't delete any old records. So 100k+ products caching on saves with no garbage collection... You do the math, it's gonna be a heavy ass database. Not only that but it was serialized data, so when it did pull this metric shit ton of spaghetti from the database, PHP then had to deserialize it. Hence the high ass CPU load. I had caching enabled on the MySQL end of things so that ate the ram. I was really desperate to get this thing running.
Honest to God the main reason why this website took so long was because the load times made it miserable to work on. I just thought that the hardware that I had the site on was inadequate. I had initially started the development on a small Linux VM which apparently wasn't enough, which is why I moved it to digitalocean which also seemed to not be enough, so from there I moved to a dedicated server which still didn't seem to be enough. I was probably a few more 60-second wait times or timeouts from recommending a server cluster to my client who I know would not be willing to purchase it. The client who I promised this site to have completed in 3 months and has waited a year. Seriously, I would tell people the struggles that I would go through with this particular site and they would just tell me to just drop the site; just take the money, just take the loss. I refused to, this was really the only thing that was kicking my ass. I present myself as this high-and-mighty developer like I'm just really good at what I do but then I have this WordPress site that's just beating the shit out of me for a year. It was a very big learning experience and it was also very humbling as well, it made me realize that I really don't know as much as I think I might. It was evidence that there is still so much more to learn out there, I did learn a lot from that experience especially about optimizing websites the different types of methods to do that particular lonely on the server side and I'll be able to utilize this knowledge in the future.
I guess the moral of the story is, never really give up. Ultimately things might get so bad that you're running on hopes and dreams. Those experiences are generally the most humbling. Now I can finally present the site that I am basically a year late on to the client who will be so happy that I did not give up on the project entirely. I'll have experienced this feeling of pure euphoria, and help the small business significantly grow their revenue. Helping others is very fulfilling for me, even at my own expense.

Anyways, gonna stop ranting. Running out of characters. If you're still here... Ty for reading :')

Storytime!

I got a ticket near the end of the day, asking to install a printer on a computer. The branch in question was in a different time zone (I'm in US-Pacific [GMT-07] and the computer was in US-Eastern [GMT-04]). I figured I wouldn't worry about it; after all, I had other tickets to work on that were much higher priority.

The next day I come into work and immediately get a message from one of my East Coast coworkers, telling me that this branch is calling and asking how the printer is coming. I told him to tell them I would call them a bit later. I do a couple of easy jobs and then begrudgingly call the branch. I listen to the phone tree that they have (which requires two button presses instead of one in order to speak with someone) and finally get in contact with a person... only to have the call disconnect.

I call back and ask for the person who called in the ticket and then followed up, who had apparently gone to lunch. I informed the person that I was just going to install the printer and it would be good to go. This would be fine... up until she mentioned she needed scanning functionality.

Now I wasn't sure if the driver we have in AD is set up with the scan functionality, so I said okay, but that meant I would have to get the driver from the website. The connection to our branches are about 1Mbps, so even downloading Java updates (60-ish MB) take about 5-10 minutes on a good day. The file for this printer was about 700MB (thanks HP). So I went and did other stuff while that downloaded.

I come back after it finished and started the install process. Right away it asks to re-seat the USB cable. So I call the branch. The call disconnects. I call again. It disconnects. I call one more time, and finally get the person who called the ticket in. I instruct him to re-seat the cable. He does. The driver starts doing its thing. I tell him I'll call back if I run into any issues and we hang up.

The driver goes through the install process for about 20 minutes, stops at 99%, then fails. I want to restart the computer, just in case there's a conflict somewhere, but that would require calling the store again, so I put it off.

About an hour later I get a message from another East Coast coworker, telling me the branch is calling about the printer again. I was in the middle of another call and said I would call back later. I do. It disconnects. I call again, and get the person who called the ticket in again. I tell him I want to restart the computer, but wasn't sure if it was okay. He checks with the people using it, who says it's okay, so I reboot. I hang up.

Once the computer comes back up I start the install process again. It asks to re-seat the cable. Fuck. I don't want to call the store again, so I open notepad and say "Please take out the printer's USB connection from the back of the computer."

Three. Fucking. People. Saw it. They moved the window and one even tried to close it, but they didn't re-seat the cable. I opened another window, telling them to call me at my number. They didn't. I called them. Got disconnected. I called them again, finally got someone, told them to re-seat the printer cable again. They do, thank god.

I say thank you and hang up. Continue the installer. It stops at 99% again and fails. I reboot the computer; screw it, I'm just going to install the driver from Active Directory. Check Devices and Printers. It's installed successfully. Hallelujah!

I get the printer set up for the various programs they use and print a test page. I call them one last time; their phone system sounding like they were connected via an underwater line connected by tin cans. I get someone.

$me: Hi, I want to know if the printer has printed something.

$them (garbled): -et me shee... yesh, it -rint-d a *beezelborp*.

$me: Perfect, I'm going to close this ticket! Thanks, goodbye! *hangs up*

tl;dr - I hate printers

Me and my developer friend worked with my ex-colleague with this fitness directory website because he promised to give us {{ thisAmount }} upon the {{ completionDate }}.

He was my friend and I trusted him.

It took me weeks of sleepless nights building the project. I had a full-time job that time, and I worked on the project during evenings. All went well, and as we reach the {{ completionDate }}, the demo site is already up and running.

A week before the {{ completionDate }}, he hired his new wife as the COO of the startup. It was cool, she keep noticing things on the site which shouldn't be there, and keeps on suggesting sections that has to be there. I was okay with it, until I realized that we are already a month late with the deadline.

Every single hour, I get a message from them like, "it's not working", "when can you finish this feature?", blah blah blah.. and so on.

I got frustrated.

"I want my fucking life back", I told them. No one cared about the {{ completionDate }}, the sleepless zombies they are working with and our payment. They keep on coming up with this "amazing" ass features, and now they are not paying because they said "it's not complete".

Idiot enough to trust a friend. I was unprotected, there was no legal-binding document that states their obligation to pay.

My dev friend and I handed over the project to this web development company which they prefer, and kept a backdoor on the application.

I kind of moved on with the payment issue after a month. But without their knowledge, I kept an eye on the progress and made sure that I still have the access to their server, DNS, etc..

BUT when they announced the official launch on social media, I realized that I was on the wrong train the whole time.

They switched to a different server.

They thanked all the people involved with the project via social media, EXCEPT me and my coding partner who originally built the site from ground up. A little "thank you" note from them will make us feel a little better. But, never happened.

I checked up the site and it was rewritten from originally Laravel 5 to CodeIgniter 1. That is like shifting from a luxury yacht where you can bang some hot chicks, to a row boat where your left hand is holding the paddle whilst your right hand is wanking yourself.

I almost ran out of bullets.

Luckily, CodeIgniter 1 was prone to SQLi by default.

I was able to get the administrator password in plain text and fucked with their data. But that didn't make me feel better because other people's info are involved.

So, I looked for something else to screw with. What I found? A message with the credit card details.

Finally, a chance to do something good for humanity. I just donated a few thousand dollars to different charity websites.

I work as a front end developer at a company. This site is using WordPress and I need a paid plugin, but I wanted to test the full version first without paying, so I googled it. Downloaded it and installed it right away.
NOTE I was working on the test server, where all other projects are placed in a subdirectory of public_html (public_html/websites/<other websites>), but instead on placing the website folder where are the others, I placed it in the parent directory (public_html), (where are some others folders and files). Everything goes fine, but a few days later, I wanted to modify something in functions.php of that theme and I noticed a strange code, base64 format, so I decrypted it and turns out it's a backdoor that puts code in other files of the theme, so it can add an Admin in the DB anytime, so it can remotely connect to the website. Because, as I said, the website was in the public_html directory, and the virus search for the other folders and files in the same directory and his children, it affected the rest of the websites (50+).
I reported that to my boss, but says it's fine and to give more attention next time and to install the website in the same directory as the others. Couldn't fix automatically and I had to remove manually in every website every file created and the lines that the virus added.

...5 minutes ago per ssh on the productivity server...

"ok, let's delete this old test directory ..."
*types rm -r www*
....*thinking* ...*realising* ... "FUUUUUCK!!11"
*quickly types git clone gitadress"
*checks website* "phew!"

Boss wanted me to make changes in company's website which was based on wordpres s.

I knew it could be done by tweaking some JS code, but I have very less experience with wordpress

But wordpress is easy man(Internet told me).

Give me 5 minutes, you will see the changes in production.
Being lazy af I directly logged in to ftp, checked out some files, updated some code, I was good to go.

Before pushing it, I opened the website and it was GONE ٩(๑´0`๑)۶

Now there was no public_html in the root.
I was fucked. I have accidentally deleted the website that had no backup.

And the best part I was on leave from
next day.

I was looking everywhere for backups, looked into google cache to get the contents. I have to recreate the complete site now.

Just when I was asking questions on choice of my profession and simultaneously looking here and there in FTP for backups,
I found the jewel "public_html".

It happens out that I have accidentally moved the folder to some other directory.

Phewww.

Moved it back to root. Site was up and running.

Reassured myself that I deserve to be a dev.

Backed up complete site, made the changes.

Uploaded it.

And the best part, amount of wordpress I learned in those three hours was way more than I could have learnt in many weeks.

Lessons Learnt :

A) ALWAYS keep backups.
B) You SHOULD NOT make changes on prod directly
C) You become superhuman when your brain know you are going to be fucked 😂

First rant from my new job.
I got a position as backend-dev in a startup and for now i'm learning angular. Yes, you read that correctly, because the frontend-team is short-staffed i decided to switch teams. We are 3 people and neither one has sufficient angular-experience (the framework was a management decision).
First of all i got confused because we use slack and trello but the frontend-lead decided to do some stuff via google-spreadsheet too. Then we didn't have any code in our repository until yesterday. I tried to check out the repository after that, did an npm-install but when running ng serve i got an error "css-file not found". It turns out you had to download some files from the official website and put them in the unversioned node_modules directory. It was the teamlead's decision to do so and me and my coworker got really annoyed when we tried to set up everything on our end. But that's not all, yesterday the other dev's merged their first versions of the project. But not via git, that is way to mainstream. The coworker had to upload his code into the cloud and the teamlead copied the files into the project folder.
Aside from that the code already isn't the best, some things should be done differently imo and we have credentials in the code (not in some separate files, but in an if-else-clause that checks node.env.production).

We'll have a discussion about this tomorrow, let's hope things can be straightened out.

Ah, my brain, MY FUCKING BRAIN!

Got some work from the previous company. Need to update some stuff on their website.

Fine, got the files from the server via sFTP.

Made the changes, before uploading the files, wanted to create the latest backup.

Downloaded the files again, just to realize that I forgot to cd into a different directory before re-downloading the files. All the changes are now overwritten.

Half an hour of work lost. DAMN IT!

Over the summer I was recruited to be a supplement instructor for a data structures course. As a result of that I was asked (separately by the professor) to be a grader for the course. Because of pay limitations I've mostly been grading homework project assignments. In any case, it's a great job to get my foot into the department and get recognized.

Over the course of the semester I've had this one person, OSX, named after their operating system of choice, who has been giving me awkward submissions. On the first assignment they asked the professor for extra time for some reason or the other, and that's perfectly fine.

So I finally receive OSX's submission, and it's a .py file as per course of the course. So I pop up a terminal in the working directory and type "python OSX_hw1.py". Get some error spit out about the file not being the right encoding. I know that I can tell python to read it in a different encoding, so I open it up in a text editor. To my surprise it's totally not a text file, but rather a .zip file!

I've seen weirder things done before, so no big deal. I rename the file extension, and open it up to extract the files when I see that there's no python files. "Okay, what's goin on here OSX..." I think to myself.

Poking around in the files it appears to be some sort of meta-data. To what, I had no clue, but what I did find was picture files containing what appeared to be some auto-generated screenshots of incomplete code. Since I'm one to give people the benefit of doubt even when they've long exhausted other peoples', I thought that it must be some fluke, and emailed OSX along with the professor detailing my issue.

I got back a rather standard reply, one of which was so un-notable I could not remember it if my life depended on it. However, that also meant I didn't have to worry about that anymore. Which when you're juggling 50 bazillion things is quite a relief. Tragically, this relief was short lived with the introduction of assignment 2.

Assignment 2 comes around, and I get the same type of submission from OSX. At this time I also notice that all their submissions are *very* close to the due time of 11:59pm (which I don't care about as long as it's in before people start waking up the next morning). I email OSX and the professor again, and receive a similar response. I also get an email from OSX worried about points being deducted. I reply, "No issue. You know what's wrong. Go and submit the right file on $CentralGradingCenter. Just submit over your old assignment".

To my frustration OSX claimed to not know how to do this. I write up a quick response explaining the process, and email it. In response OSX then asks if I can show them if they comes to my supplemental lesson. I tell OSX that if they are the only person, sure, otherwise no because it would not be a fair use of time to the other students.

OSX ends up showing up before anyone else, so I guide them through the process. It's pretty easy, so I'm surprised that they were having issues. Another person then shows up, so I go through relevant material and ask them if they have any questions about recent material in class. That said, afterwards OSX was being somewhat awkward and pushy trying to shake my hand a lot to the point of making me uncomfortable and telling them that there's no reason to be so formal.

Despite that chat, I still did not see a resubmission of either of those two assignments, and assignment 3 began to show it's head. Obviously, this time, as one might expect after all those conversations, I get another broken submission in the same format. Finally pissed off, I document exactly how everything looks on my end, how the file fails to run, how it's actually a zip file, etc, all with screenshots. That then gets emailed to the professor and OSX.

In response, I get an email from OSX panicking asking me how to submit it right, etc, etc. However, they also removed the professor from the CC field. In response I state that I do not know how to use whatever editor they are using, and that they should refer to the documentation in order to get a proper runnable file. I also re-CC the professor, making sure OSX's email to me is included in my reply.

OSX then shows up for one of my lessons, and since no one had shown up yet, I reiterate through what I had sent in the email. OSX's response was astonished that they could ever screw up that bad, but also admits that they had yet to install python(!!!). Obviously, the next thing that comes from my mouth is asking OSX how they write their code. Their response was that they use a website that lets them run python code.

At this point I'm honestly baffled and explain that a lot of websites like those can have limitations which might make code run differently then it should (maybe it's a simple interpreter written on JavaScript, or maybe it is real python, but how are you supposed to do file I/O?) .

After that I finally get a submission for assignment 1!

Say that he's building a landing page and delete the entire root directory of the website. I didn't see it happen... But still...

My company is getting a new website. This involves getting new hosting.

I made the old one, and it's all just static html. I'm not that attached to it but it's an important detail.

The bosses want the switch to the new site to happen instantly, but I pointed out that with DNS propagation times etc it can't really happen that way.

So I suggested the new web guys host our old site for a few days and we change the DNS now. Then when they want to launch we don't have to wait for the DNS and they can just swap it out.

This involves dropping 10MB of html files into the web directory on the new server.

For this service they are charging us for 2 hours of their time!

I guess I'm in the wrong business...

When the teacher didn't know how to copy the path to the website directory.
He created a shortcut to the website directory then opened the shortcut properties and copied it there. Just to setup apache

Good: local news website has an interactive news paper online
Bad: You have to pay for it
Good: Found the exposed URL to all of the paper images
Bad: can't download from its parent directory
Good: made a shell script to download all images

I remember back when I was in pre calculus I decided to take a class online. So my teacher's website was made by him and run on go Daddy, he taught precalculus, calculus, algebra, algebra ii, and computer science. I decided to penetration test his website and use a web crawler. His directory that had the tests, test answers, exams, exam answers, and homework answer's as well as all the books he's written in PDFs, was unprotected, I could access and download them all. He also had a database directory that contained all the students' phone numbers, email addresses, home addresses, and their full names.

I alerted him to this and didn't get anything in turn :P

Just deleted the whole directory of my website, it was MESS. It's time to start from scratch again. It is now one of those side projects that I started but never finished.

Another great website error code fail (dumped its full error output to the website):
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/trac/web/api.py", line 436, in send_error
data, 'text/html')
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 808, in render_template
template = self.load_template(filename, method=method)
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 768, in load_template
self.templates = TemplateLoader(
File "/usr/lib/python2.4/site-packages/trac/web/chrome.py", line 481, in get_all_templates_dirs
for provider in self.template_providers:
File "/usr/lib/python2.4/site-packages/trac/core.py", line 78, in extensions
return filter(None, [component.compmgr[cls] for cls in extensions])
File "/usr/lib/python2.4/site-packages/trac/core.py", line 213, in __getitem__
component = cls(self)
File "/usr/lib/python2.4/site-packages/trac/core.py", line 119, in maybe_init
init(self)
File "/usr/lib/python2.4/site-packages/authopenid/authopenid.py", line 157, in __init__
db = self.env.get_db_cnx()
File "/usr/lib/python2.4/site-packages/trac/env.py", line 335, in get_db_cnx
return get_read_db(self)
File "/usr/lib/python2.4/site-packages/trac/db/api.py", line 90, in get_read_db
return _transaction_local.db or DatabaseManager(env).get_connection()
File "/usr/lib/python2.4/site-packages/trac/db/api.py", line 152, in get_connection
return self._cnx_pool.get_cnx(self.timeout or None)
File "/usr/lib/python2.4/site-packages/trac/db/pool.py", line 172, in get_cnx
return _backend.get_cnx(self._connector, self._kwargs, timeout)
File "/usr/lib/python2.4/site-packages/trac/db/pool.py", line 105, in get_cnx
cnx = connector.get_connection(**kwargs)
File "/usr/lib/python2.4/site-packages/trac/db/sqlite_backend.py", line 180, in get_connection
return SQLiteConnection(path, log, params)
File "/usr/lib/python2.4/site-packages/trac/db/sqlite_backend.py", line 255, in __init__
user=getuser(), path=path))
TracError: The user apache requires read _and_ write permissions to the database file /home/trac/morituri/db/trac.db and the directory it is located in.

Finally got my boss to allow us to use git so we have a source control for not just our applications but our websites. He told me he still won't use it. Should I make a copy of the sites then take it down and see how long it takes them to recover?

Also, the only backup of the websites is in the root directory of each website

I need to have a hosting company upgrade the Debian OS install on a VPS. But I also need to know things like what MySQL or Perl modules were added to the server by other admins prior to me outside the /home directory. I don't have any documentation on it at all. If I don't preserve custom stuff like that, it could result in a dead website. Anyone got any tricks for figuring out what was added and when?

So I found one of the most random bugs I've ever come across.

So we have this file management system as part of the website, showing breadcrumbs to the current directory, with 'home' as the root of the path. This path is passed to the back end whenever the user navigates to a new directory etc.. The back end code then does a replace on 'home' with the actual directory path.

Ended up with a directory for a person called Homer. Guess what happened..