*.scripts.mit.edu certificate signed by Equifax
We’re glad to let you know that we’ve purchased an SSL/HTTPS certificate for *.scripts.mit.edu domain names that’s signed by a well-known signatory, Equifax, instead of by the MIT Certificate Authority. This means that you can use HTTPS URLs for those domain names in any popular browser without having to download and trust the MIT CA in advance — great news for those of you running websites that target people outside the MIT community. MIT client certificates continue to work as normal.
We’ll also be installing an Equifax-signed certificate for https://scripts.mit.edu/ soon, but we continue to encourage the use of *.scripts.mit.edu names instead of scripts.mit.edu/~ names for their improved security properties.
For those of you with *.mit.edu names, you can continue to use or request MIT-signed certificates as always, or you can have the secure parts of your site use a *.scripts.mit.edu URL or discuss other arrangements with us.
Java no longer broken on scripts.mit.edu
Yesterday it was brought to our attention that our resource limits were preventing Java from working, because the JVM attempted to allocate more memory than our limits.
Because of problems in the past with Java instances using 2 GB or more memory causing out-of-memory conditions, we recently reimplemented a 1 GB per-process resource limit. However, the Java startup code’s attempt at allocating a “reasonable fraction” of the total physical memory on the server makes it attempt to grab about 1.05 GB. (This is a known issue in Java.) This amount might be reasonable for a server running nothing but Java, but is entirely too much for a shared host like scripts.mit.edu. So, we’re setting the JAVA_TOOL_OPTIONS=-Xmx128M environment variable to limit the maximum Java heap size, and Java should be working again.
If this isn’t enough for your application, you can create a .hotspotrc file in the same directory as your script or Java code, containing the option MaxHeapSize=256M (or possibly 512M; note that we’ve tested 768M and found it to be unstable), or you can pass -Xmx256M on your Java command line.
It looks like we don’t have very many Java users at all because this problem went unreported, but if you have any questions, as always, please let us know at scripts@mit.edu.
phpBB autoinstaller now installs version 3.0.4
We’ve just upgraded the phpBB autoinstaller on scripts.mit.edu to install version 3.0.4 by default. This is the most current version available from phpBB.
Gallery2 autoinstaller now installs version 2.3
On April 25, we upgraded the Gallery2 autoinstaller on scripts.mit.edu to install version 2.3 by default. This is the most current stable version available from the authors of Gallery2.
Problems with some scripts sites over the weekend
Over the weekend we had some issues with content for scripts.mit.edu virtual hosts/CNAMEs (*.mit.edu sites, only not *.scripts.mit.edu sites) that had not requested a SSL server certificate assigned to them. The issue mostly affected these sites when accessed over SSL on port 444.
First, for a couple of minutes on Friday night, I made a change to one of our web servers that accidentally caused requests to all such sites to receive the content for axo.mit.edu (the alphabetically first vhost with its own certificate). That change did not reach the other server, and the misdirection was fixed as soon as I realized my mistake.
However, this only fixed http and https, and did not take effect for port :444. This was corrected earlier today after one of our users reported it while testing a site that he had requested an SSL certificate for.
I sincerely apologize for any trouble this may have caused. Hopefully this did not affect many sites, because those intending to use SSL should have a certificate, and sites with certificates installed were not affected.
WordPress autoinstaller upgraded to version 2.7.1
We’ve upgraded the WordPress autoinstaller on scripts.mit.edu to install WordPress version 2.7.1. This is the most current stable version of WordPress and features an improved user interface, improved control over your blog’s layout and settings, and many other improvements.
MediaWiki autoinstaller now installs version 1.14.0
We’ve just upgraded the MediaWiki autoinstaller on scripts.mit.edu to install version 1.14.0 by default. This is the most current version available from MediaWiki. We plan to conduct automatic upgrades of existing wikis (most of which are at either version 1.5.8 or 1.11.0) to this new version in the near future.
Trac autoinstalls updated
We’ve performed an update of Trac autoinstalls for all users who accept Scripts security updates. This update corrects a data confidentiality bug caused by a typo which was discovered by a member of the Scripts Team. The specific problem was a malformed .htaccess file in the tracdata directory. This file is in place to prevent people from viewing configuration and other private data over the web.
Subversion upgraded to version 1.5
Coincident with the svn locker and with Linerva, Subversion on scripts.mit.edu has been upgraded to version 1.5. This is mostly of interest in case your scripts website is a SVN checkout; unless you’re using BDB (which doesn’t really work in AFS anyway), v1.4 and v1.5 can be used against the same repository.
We have not yet enabled GSSAPI authentication for our Subversion hosting service because it is not directly compatible with our virtual hosting security model, although we’re looking into how to make this work, and it is a planned feature.
PLT Scheme (mzscheme) command line changed
As part of a standard system upgrade, we upgraded PLT Scheme to a newer version that seems to have different command line options. In particular, if you were using the syntax
mzscheme -L plt-pretty-big-text.ss lang
to enable the “Pretty Big” language, you now need to say
mzscheme -l lang/plt-pretty-big-text.ss
(note the change from capital to lowercase L). In addition, to get a REPL, you’ll need to say -i with this option. Some other options have also been removed; run mzscheme —help to see what is available.
These pages may be reused under either the GFDL 1.2 or CC-BY-SA 3.0.
Questions? Contact scripts@mit.edu.
You are currently connected to busy-beaver.mit.edu.
