Plesk is a right pain when it comes to having your site successfully audited as being PCI compliant, as it has it’s own versions of everything that it uses that you need to patch/fix/SSL upgrade or disable.
Luckily most of these are started with the xinetd daemon, so for SMTPS certificate problems (port 465 if my memory servers me correctly) simply create a folder to move the ones you don’t want into (in my case I used /etc/xinetd.disabled) and move the following files out of /etc/xinet.d
SSL throws a weird error in that if you have http (port 80) bound to one IP address [say an internal one] and you bind https (port 443) to a different IP address [say an external one] then SSL throws the following very undescriptive error:
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
To fix, edit your Apace configuration file in /etc/httpd/conf/httpd.conf (or similar) and make sure that both virtual hosts have the same IP address – job done 🙂
More PCI compliance checks meant that we found a number of scripts in some of the simpler pages on our sites (email register for example) were subject to possible cross-site scripting attacks
(see the Wikipedia entry for a pretty good explanation of what they are and why you need to fix them http://en.wikipedia.org/wiki/Cross-site_scripting)
Anyway – here’s the quick code to fix pretty much any form using htmlspecialchars to encode the input.
Original: (note the weakness in using REQUEST_URI here)
Plesk as provided by Media Temple on all it’s servers is great, however I do ocassionaly get the ‘where the heck is button to do that’ feeling with it and as much as I try the very feature I’m looking for is there, just hidden away.
One that has thwarted me a number of times is how to change the default SSL certificate for a domain when you install a new SSL certificate. You would have thought Domains -> Certificates, or Server -> Certificates -> Make Default would do the trick, but nope neither works.
However… if you click on Server -> IP Addresses ->Â <Your IP Address> -> you get the ability to select which SSL ceriticate you want for the server et voila job done.
No if only that was easier to find (hence why the Abridged Learnings lives :-))
I’ve bitten the bullet with my Acer Aspire One and upgraded it to Windows XP Service Pack 3 from it’s original Linux based installation just to allow me to use it more easily when I’m travelling.
The good news is that if you chose to do this, most things work perfectly with a vanilla install of XP, and the drivers from the Acer site here , that is all except the High Definition Audio Driver which sturbonly refuses to work even with the Realtek drivers from the Acer site.
After reading around, this is because you also need to install the Intel/Microsoft UAA Bus Driver for High Definition Audio in order to enable these, which can be downloaded from the Intel site here by searching for UAA.zip in the drivers.
Now here’s the real kicker with this – the Intel UAA drivers only come with installations that work on Windows XP Service Pack 1 and 2 _not_ Service Pack 3 as when you run any of the other installations it tells you that these drivers cannot be installed on your service pack.
So…. you have to cheat a little. Run the installer from the US folder called ‘KB888111XPSP2.EXE’ and when the installer displays the alert box to tell you that the driver is in-compatible, open a new explorer window and you will see that the installer has created a temporary folder on your C Drive called c:\24e6bea25c91f82885b372e21 or similar.
Copy the whole contents of this folder off to another folder of your own (I used c:\drivers\intel\unpacked) and then go and find your broken PCI device in your Control Panel -> System -> Properties display and update the driver by telling it that you Have a Disk (Google how to install drivers from a disc if you get stuck at this point) and tell it that the drivers it needs are in <the directory you copied the files to>\commonfiles
Your Aspire One should now whizz away for a while and find a new driver called Microsoft UAA Bus Driver for High Definition Audio, and once installed will leave you with another uninstalled device called ‘Audio Device on High Defition Audio Bus’.
Now install the Realtex drivers from Acer for your sound card and after a significant wait the above yellow icon disappears and you get a nice ‘Realtek High Definition Audio’ speaker and driver installed.
Drag the TTFs into FontLab 4 (a great tool from Fontlab (http://www.fontlab.com/) and then File -> Generate Fonts to get the resultant PC TTF files ready to go
I’ve always had problems trying to run Java based application servers on Media Temple Dedicated Virtual Servers (DV Servers), as although they have lots and lots of disk space and bandwidth, they seem to have very small memory spaces that you can run containers in.
Java by default powers up with about 1024Mb of memory requirements, so if you are installing Apache Tomcat (java servlet engine) or Red 5 (Open Source Flash Video server – very good, try it out) you have to seriously reign in the memory these guys try and use when powering up.
For reference the best way to achieve this is using the -Xms and -Xmx parameters, so in my case I added the following to the startup.sh script for Tomcat
JAVA_OPTS=’ -Xms128M -Xmx128M’
export JAVA_OPTSÂ
Ideally I’d like a bit more memory to play with, but at least it works like this and the old application I’m supporting can run 🙂
My iPhone is on T-Mobile as the ex-owner wanted to keep the O2 number that came with it, and I have a corporate account with T-Mobile.
All works nicely, but obviously you want to configure your T-Mobile account to mimick the default iPhone account that it originally came with, so here’s what you need.
1. T-Mobile Web & Walk
You need to add the very reasonable £7.99 package to your account and wait a few hours for it to be activated, then you get up to a Gig of data a month (I believe) to play with.
2. Configure the EDGE settings on your iPhone
Settings -> General -> Network – EDGE
APN = general.t-mobile.eu
Username = user
Password = pass
et voila – off browsing we go when we’re away from the wireless network!