Early IPv6 adopter

Linuxgems is now IPv6 enabled.  I’ve been waiting for a couple of years for a VPS provider to support IPV6. My old favorite, SliceHost has been slow to roll this feature out.   This past month a couple of hosting providers made changes that made transitioning to a new provider an obvious choice.

First was SliceHost who emailed last week to inform me that their new parent company was migrating all their customers to Rackspace Cloud.  The notice rubbed me the wrong way, because I don’t appreciate the nickel and dime billing that cloud providers use.  (bandwidth, cpu hours, etc).  All said, I’d probably save a couple of bucks a month, but I’d also be on the hook for the costs of any slashdotting event, which, while extremely unlikely, I was not interested in dealing with.

So I looked at my second favorite provider, Linode, and learned that just this month they rolled out IPv6 in selected data centers.  That made the transition win-win.

Linode has been around for several years.  I looked into them when initially signed up for SliceHost.  Looking back, I wish I’d have gone with Linode.  They supported 32-bit VMs when SliceHost didn’t and now they are supporting IPv6, which Rackspace (SliceHost’s new parent company) can only promise is coming soon.

Transition was painless.  I signed up.  Then I opened a support ticket to enable ipv6 (which was literally answered within a couple of minutes).  Then I rebooted and the machine came up and acquired an IPv6 address.  I installed a couple of programs, copied over some source code, migrated the database, and boom we’re in business.

The DNS is going to start transitioning tonight.  If you are read this article then you’re pulling from the new site.

 

Now on a 32-bit VM

One of the dirty little secrets of 64 bit computing is that it greatly impacts memory usage.  For the past year I’ve been hosting this blog and some other software on a 256MB 64 bit slice.  Getting a LAMP stack to run in 256MB is certainly possible.  When I started in this biz a decade ago that was a healthy amount of RAM.  However, when you run a 64 bit VM, memory does tend to be hard to come by.

The reason is really simple.  On a 64 bit processor your standard unit of data is twice as large as on a 32 bit processor.  This means that oftentimes you are using 64 bits of data to store a number that would fit just fine in 32 bits.  It’s possible to use smaller amounts, but most programs just tend to use the default machine “word” size.  So 64 bit programs tend to use A LOT more ram.

Tonight I “downgraded” my VM from a 64 bit VM to one of SliceHost’s new 32 bit VMs.  It couldn’t have been simpler.  I tar’ed up the source code, mysqldump’ed the database, copied those backups offsite and told SliceHost to rebuild the server.  When I brought the server back up I configured the database passwords, installed a couple packages, set up a couple virtual hosts, and restored my backups, and we’re back in business.   It was all ready by half time of the Lakers/Suns game, which means it probably took about an hour.

Facebook’s Hiphop

I spent several hours Saturday poking around in Facebook’s new Hiphop PHP source code compiler. I haven’t successfully built the program yet, but after taking some time to review the source code I’m very optimistic.

I would have a build already, but I tried to build the tool on a virtual server with 256Megs of ram. The only problem is that one of the source code files is 1.8 MB of text. The compiler footprint would balloon up to 800 Megs and swap thrash for a while before ultimately running out of memory when it tried to compile it. I’m going to build a 2Gig VM soon and that should be plenty of RAM to get it to build successfully.

VAIO smart network, not so smart

This is actually a Windows problem, but since I don’t run a Windows blog this rant goes here.  My wife’s Sony VAIO laptop has not had wireless networking for two days.  Today I figured out why and it was pretty frustrating.

The problem first occured the other day when one of the children did “something” to the laptop and the wireless networking had not worked since.  So the first thing I checked was the little slider switch on the front of the laptop.  That would have been an obvious cause of the problem.  Unfortunately, everything was fine with the switch.  I checked the windows device manager and it said the wireless adapter was functioning just fine.  I couldn’t figure out why the little green LED on the front of the laptop would not indicate wireless networking was on.

I’ve had miserable experiences with Vista wireless networking, so the next thing I tried was to power down the laptop, remove the battery, and leave it overnight to discharge any internal circuitry that may stay charged for a period of time.  The next day it still would not work.

Next I plugged the laptop into a wired network and installed the latest antivirus updates and then the latest windows updates.  I didn’t really think these would fix it, but at this point I was baffled.

Finally, I went to Google and found my problem.  The VAIO, like many laptops, has it’s own redundant dashboard software for managing a number of the laptop functions.  The standard windows dialogs all thought everything was on and running, but the VAIO specific “smart network” was not on.  I re-enabled WLAN in “smart network” and everything worked great.

I don’t know if there is a reason that vendors seem to ship redundant dashboards with their machines.  I’m really quite tired of it, though.  Either windows power management & wireless networking needs to be disabled or these redundant tools need to go away.  One way or the other, though, I need to be able to check a single spot to determine whether the network is on.

Now with dedicated resources!

We’ve upgraded from a shared hosting plan to a virtual private server.   A nice side effect of this transition is that the blog will have guaranteed cpu resources.  So things should be a bit snappier.  I’ll also have a shell login so I can play with Ruby for Rails or anything else that strikes my fancy.

The primary reason for the switch, however, was so that we can gain control of our DNS zone files.  This will allow us to do to cool things:

1) use Google Apps for domains to host @linuxgems email (goodbye backup concerns) and

2) set up SPF records to prevent modern email systems from accepting email that doesn’t legitimately originate from our servers. (goodbye spammers)

Is there a lower life form than spammers? I don’t think so.

If you are getting spam from an @linuxgems.com address this morning, they’re not really from us.  Somebody has been sending emails from various @linuxgems.com addresses that don’t even exist.  I know about it because all the bounces come to me and there have been dozens of them.

There isn’t a lot that can be done to avoid falsely being used as a from address on spam, but there is one thing I can do, and I’m going to do it:  As soon as possible I will be migrating to a better hosting company and setting up the appropriate DNS records to authorize only my IP address to send email.  I shouldn’t have to pay extra to prevent criminals from fraudulently using my domain in their emails, but I’ll do it anyway to put a stop to this nonsense.

My apologies to anyone that got a forged email today.

Avoiding javascript injection

The cardinal rule of web development is never trust user supplied data to be safe.  A surprising number of developers don’t take this seriously when inserting into a database.  An even larger group incorrectly trust their raw data for output.  This opens upon the browser to what are called injection attacks.

Injection attacks open up your web application to malicious users who can use it to get your application to output things you never intended it to, like a block of javascript that passes the session id to a remote server.  The solution is to always convert your data into a benign form before outputting.  With database queries this means adding slashes to both quotes and slash characters inside of your string variables.  In HTML this means converting dangerous characters into html entities.  (Those little < &gt, & things you’ll see all over the source for the better web sites.)

Usually following these two techniques religiously is enough to secure your application from injection attacks.  However, I ran into an interesting problem the other day that requires a third type of escaping.

Continue reading “Avoiding javascript injection”

Sometimes it’s easier than we make it.

I just lost a ridiculous amount of time burning an ISO so that I could update a blu ray player.  It all started when Quantum of Solace wouldn’t play in my new cheap  Insignia Blu Ray player.  At first I was worried that there was something wrong with the player, but eventually I decided to check for a firmware update.

I wonder what the less technically inclined do when their blu ray players need firmware updates.  Seems like a really poor idea to release movies in a format that requires a firmware update.   I’m sure it has to do with updating copy protection schemes.  Strike one against blu ray for making things more difficult than they should be.

Now, despite the ethernet port that is built in to the Insignia NS-2BRDVD player, they don’t offer direct Internet firmware updates.  Strike one against Insignia for making things more difficult than they should be.

So I ventured into my office to find a support website. Sure enough there was a firmware update available for my new Blu Ray player.  It comes in the form of a cd-iso image.  I’ve played with plenty of iso images in the past when burning linux distro’s so I figured no big deal.  Unfortunately, when I went to fire up the free third party cd burning software that came with Vista it complained that the software was not installed or had become corrupted.  I suspect it really means that my Windows registry is broken in some form or another. Strike one for Windows.

“Not to worry”, I thought to myself, “I have other 3rd party software that I already own.  I’ll just install that.”  So I set about installing some old cd burning software I had sitting around.  After the install I was asked the standard, “Would you like to reboot now?” question.  For some reason, this was the first time I’d ever thought about that statement.  Who would ever actually like to reboot after installing software?  Obviously, any sane person would prefer to use their new software right away….  But I digress.  Strike two for Windows.

After installing the third party program I found that my CD/DVD burner wasn’t recognized.  (It’s a Lite-On, which I believe is one of the larger manufacturers right now).   Strike three for Windows.

So I went in search of a software update for the third party program.  I was pleasantly surprised to find an update, which I dutifully installed (again rebooting afterward.).  Once Windows restarted I tried the 3rd party software again and again it didn’t recognize my player.  I read the FAQ and it said the software may not have drivers for my drive.  This struck me as ridiculously silly because Windows has had built in hardware drivers for over a decade.  Indeed, I installed the software using a the drive the the burning software now declined to recognized.  Does the software really have to access the hardware directly to control a burner?   Strike four for Windows.

And the final strike was against yours truly and is perhaps the silliest (and also the one that makes this article appropriate for Linuxgems).   After all this trouble I copied the iso to my MythTV (sitting literally inches from the blu-ray player).   I right clicked the iso, and followed the prompts and 30 seconds later I had an iso ready for my blu ray player.  I was so used to the decade old idea that it was easier to burn stuff in Windows that I didn’t even try it in Linux.  When I did my eyes were opened by how overly complicated I had made things by not trying Linux first.

Final tally:

Blu ray: 1 strike

Insignia: 1 strike

Windows: 4 strikes

Me: 1 giant strike

Virtualization for consultants

Virtualization has really taken off over the last couple of years.  One of the sites I work on is hosted on a virtual machine over at SliceHost (they’re excellent BTW).

A company I was with a few years back has switched their whole development environment to be fully automated VMs.  They can create a new clone of a VM and fire up a clean copy in a matter of minutes.

In my consulting work I’ve stumbled onto a problem that virtualization solves wonderfully.  The problem is this: small clients never have a development server for me to work on.  Many clients would prefer that I just develop directly on their production machine.  My position, however, is that I will never write/debug code on a production server, even if your site gets practically zero traffic.  It’s just a matter of priniciple.  What’s more, if you ever want to be a big site, you should make sure that your site isn’t down with errors all day long while people are coding up the next version.

What I did when I first started consulting was grab an old PC that I had snatched up at a surplus sale for $10 and loaded Linux on it.  When I started work with a new client I could usually configure a LAMP stack in less than an hour for the peculiarities of that client and then I’d be in business.  Of course, if I wanted to juggle multiple clients I had to use shell scripts to swap out the apache/php configs.

Then one day I decided to give virtualization a try.  It is absolutely fabulous!  I upgraded my little $10 machine with a 300 Gig hard drive, and set up a VM for each client on it.  Each client can have 10-20 gigs.  If I ever outgrow my 300 Gig drive it will be a no brainer to go grab a terabyte drive for whatever ridiculously cheap price they’re selling for and I’ll have plenty of room to grow.

Now if I want to switch from my VentureReturns VM to my HumanServicesHQ VM, I simply issue the following command.

xm shutdown vr -w;xm create hshq -c

Back on my desktop machine I just switch eclipse from one workspace to another and within about a minute I’m ready to work on an entirely different platform.  How cool is that!

BlackBerry Curve is Linuxgems approved!

Recently, my Sprint contract expired and I found myself looking for a new cell phone.  I spent a ridiculous amount of time researching my next carrier and phone.  Here is what I decided:

  • Sprints “Everything” plans are nice, but to save money I needed a family plan plus data for 1 line, which you can’t do on Sprint.
  • 3G phones tend to have short battery life.  My primary needs were voice, calendar, and email,  so I don’t really care about 3G.
  • The T-mobile dash is a great phone.  I almost signed with T-mobile just for this phone.
  • AT&T is my preferred carrier for my part of the country.  I live in the city so most carriers would work for me, but my family warned me that in their area I might not get a signal with T-mobile.
  • The Samsung Black Jack II is being closed out in various places right now and you can get one almost for free.  This is great because the Blackjack II is a windows phone.  Windows phones are supposed to have really nice calendar functionallity.

In the end I settled on AT&T and a Black Jack II which I was going to get for free from Walmart.   However, I visited an AT&T store told them I wanted a BlackJack II for free (to see if they would match Walmart.)  Unfortunately, they had already sold their last Black Jack II, but they wanted my business so they made a ridiculous deal for me on a BlackBerry Curve.

I hadn’t really considered any blackberry phones because I figured they were more than I wanted to spend.  With the deal I got I happily bought the blackberry and it is wonderful.

The phone comes with some decent themes, including “today” themes that show you a couple of your upcomming appointments.  I wanted to see more than 2 appointments on my today theme, though.  After surfing the Internet for a bit I found a nice “today” theme that shows my next 7 appointments.   That is usually enough to get me through several days, so at a glance I can always see what my week is shaping up like.

Battery life on the Curve is pretty good.  If I surf the Internet a lot then it lasts about 24 hours.  If I just use it for phone,email,calendar stuff then I can get at least 2 days and could probably get 3.  (I haven’t tried yet.)  From what I’ve heard about smartphones that is pretty good battery life since some of the newer phones can only last from sunrise to sunset.

I’ve loaded an ssh client on my BlackBerry and used it to control a server.  In a pinch I could restart apache or stop a slow database query if I had to.