If you write your own PHP scripts that allow file uploads, we’ve discovered an unusual issue that might affect you. The “permissions” PHP gives to newly uploaded files aren’t always the same — and a recent change to our servers may have altered the permissions your script sees.
This coming Saturday (August 4th), we’ll be upgrading the MySQL database software on all our servers from version 4.1.11 to version 5.0.32 (plus appropriate security updates). MySQL 5 adds many features that customers have requested, and some Web site scripts now require it.
The upgrade will take place between 11:00 PM and 11:59 PM Pacific time (the times will be slightly different for each server). We’ll be making a full backup of all databases on each server before the upgrade, and as a result, customers should expect MySQL to be unavailable for about 15 minutes during this period. In addition, large databases may be slow for several minutes after the upgrade, because MySQL automatically converts databases to the new version format the first time they are accessed, which can be time consuming.
If your site doesn’t use MySQL databases, it won’t be affected at all. If it does, you almost certainly won’t see any effects other than the 15 minute outage. That said, we do recommend checking your scripts for MySQL 5 compatibility.
We have installed Midnight Commander on all of our servers. Midnight Commander is a file manager program which runs in a shell window and lets you manage the files on your Web site. Midnight Commander splits the screen in two, letting you select different directories on each side. You can then move, copy, and rename files and directories, and perform many other operations.
Midnight Commander is designed for users who connect to the shell but may not be fully comfortable with typing commands on the command line.
Our Web-based MySQL interface, phpMyAdmin, has been updated to version 2.10.2. This version includes some security and general bug fixes. Customers should not notice any major changes.
We’ve installed several security updates recently. We’ve updated PHP 4, PHP 5, the ClamAV antivirus scanner, and some XFree86 libraries. In addition, we’ve updated our own blog to use WordPress 2.2 — if you use WordPress, make sure you’ve done the same.
We’ve updated the default version of Ruby on Rails on our servers to version 1.2.3.
A couple of times in the last week, we’ve seen one of our MySQL database servers have an unusually high number of connections. That’s a serious issue: If there are too many connections to a MySQL server, customer scripts won’t be able to connect to a database, so we’ve spent some time looking at the cause and fixing it.
We’ve updated PHP 5 on our servers to cover sixteen recently identified security issues. This only affects customers who have chosen to use PHP 5 — but since this upgrade only fixes security bugs, even those customers shouldn’t notice any changes.
No matter how hard we try to make sure that other ISPs never block mail from our servers, it happens occasionally. All it takes is someone at another ISP clicking “this is spam” on a few legitimate messages sent by one of our customers, and some automated system at the other ISP thinks “hey, one of these tigertech.net servers is sending spam; let’s block it for a while without bothering to notify them, ‘for your convenience'”.
Now, we should emphasize that this is actually quite rare.
We’ll be talking a lot about “security updates” on the blog, so a word about what these are and how we handle them is probably in order.
There are literally thousands of software programs on our servers, most of which are written by other people and used by many companies. From time to time, “security vulnerabilities” with these kinds of programs are discovered. A security vulnerability is something that could allow a “hacker” (or “cracker”, for purists, although that battle has been lost) to take advantage of a programming bug to do something unauthorized with the program, such as send spam or delete files.
