Apearently someone thought that the Coyote Linux web site would be a good place to put up some anti-war material this morning. The top 2 news items were replaced with a message of "stop this war" and a picture of somebody's hand in the form of a "peace" sign. However good intentioned this may have been, it has caused this site to become a little less interactive.
In retrospect, the choice of PHP-Nuke was probably not the best idea for the Coyote Linux site's content management engine. I have paid close attention to the security announcements and have hand wedged the security patches for PHP-Nuke into the mass amount of changes that I have worked into the PHP-Nuke back-end code. However, something obviously slipped by.
For the time being, I have removed the comment capabilities for polls and news items, disabled much of the account preferences module, and will be spending the next week or so auditing the remaining code for any of my sites that use PHP-Nuke. While PHP-Nuke has freed up a considerable chunk of time by easing the administration tasks of getting new content up on my web sites, it has been a real source of worry for me due to security problems. While this has been the first time that I have had any trouble with the site, it is very likely that I may end up redesigning the site from scratch again.
The web server crashes related to the download subscription channels have appeared again on multiple occassions over the last two days. A fix has been put in place to stabilize the web services provided by the server. The rest of the article details the problem a little better.
Over the course of the last two days the Apache web server that serves content for www.coyotelinux.com, www.vortech.net, secure.vortech.net, and downloads.vortech.net has experienced several periods of downtime related to the Apache 2.0.40 web server daemon spiraling out of control and consuming the entire 512Mb of RAM and 512Mb of swap present in the server. While the cause has been traced to the interaction of Apache with the Kylix CGI application that streams content to users that are downloading from the Subscription Channels, there does not appear to be a good reason for the crashes.
The meer couple hundred lines of code that make up the download manager CGI have been gone over several time and the Apache configuration has been checked as well. It would appear to be a bug in the 2.0.40 Apache server that comes with Red Hat 8.0, but I can not personally reproduce the problem to attempt further debugging. However, individuals that trigger this bug during downloads seem to always be able to repeat the event.
As a temporary fix, the services for downloads.vortech.net (the virtual host responsible for delivering subscription content) have been moved to thttpd. I will continue to look into the cause of the problem and post any causes/solutions that I can come up with.
My apologies to those that have had trouble getting to their files recently.
Wolverine v1.1 final has been released and is available for download from the subscription channels. This version includes PPPoE Internet connection support, a 2.4.20 kernel, improved NAT support for a greater number of applications, a greatly improved IPSEC subsystem (maximum encrypted throughput has been increased by up to 250%, tunnel stability has been improved, and automatic rebuilding of failed tunnels is now much more reliable), and additional system statistics and reporting options from the main menu.
Coyote Linux 1.40 release candidate 1 has been posted to the Coyote Linux FTP server. Both the Linux disk creator and the Windows Wizard have been released as RC1. Please see the development forum post for more information about the changes to this release.
The update server (update.coyotelinux.com) is now available for use by those with download subscription accounts. Currently, only the Wolverine v1.1 beta's are designed to talk to the new update server. I will be posting a new build of Wolverine v1.0 along with instructions on how to get your copy updated to talk to the new server shortly.
The update server is an SSL enable FTP server that has had its authentication system integrated with the download subscription database. In order to download updates from the main menu for your Wolverine product you will be asked to supply a username and password when connecting for the first time. The username and password are the those used to log into this web site. Please note that the username and password are case sensitive.