Now on a 32-bit VM

One of the dirty little secrets of 64 bit computing is that it greatly impacts memory usage.  For the past year I’ve been hosting this blog and some other software on a 256MB 64 bit slice.  Getting a LAMP stack to run in 256MB is certainly possible.  When I started in this biz a decade ago that was a healthy amount of RAM.  However, when you run a 64 bit VM, memory does tend to be hard to come by.

The reason is really simple.  On a 64 bit processor your standard unit of data is twice as large as on a 32 bit processor.  This means that oftentimes you are using 64 bits of data to store a number that would fit just fine in 32 bits.  It’s possible to use smaller amounts, but most programs just tend to use the default machine “word” size.  So 64 bit programs tend to use A LOT more ram.

Tonight I “downgraded” my VM from a 64 bit VM to one of SliceHost’s new 32 bit VMs.  It couldn’t have been simpler.  I tar’ed up the source code, mysqldump’ed the database, copied those backups offsite and told SliceHost to rebuild the server.  When I brought the server back up I configured the database passwords, installed a couple packages, set up a couple virtual hosts, and restored my backups, and we’re back in business.   It was all ready by half time of the Lakers/Suns game, which means it probably took about an hour.

Facebook’s Hiphop

I spent several hours Saturday poking around in Facebook’s new Hiphop PHP source code compiler. I haven’t successfully built the program yet, but after taking some time to review the source code I’m very optimistic.

I would have a build already, but I tried to build the tool on a virtual server with 256Megs of ram. The only problem is that one of the source code files is 1.8 MB of text. The compiler footprint would balloon up to 800 Megs and swap thrash for a while before ultimately running out of memory when it tried to compile it. I’m going to build a 2Gig VM soon and that should be plenty of RAM to get it to build successfully.

VAIO smart network, not so smart

This is actually a Windows problem, but since I don’t run a Windows blog this rant goes here.  My wife’s Sony VAIO laptop has not had wireless networking for two days.  Today I figured out why and it was pretty frustrating.

The problem first occured the other day when one of the children did “something” to the laptop and the wireless networking had not worked since.  So the first thing I checked was the little slider switch on the front of the laptop.  That would have been an obvious cause of the problem.  Unfortunately, everything was fine with the switch.  I checked the windows device manager and it said the wireless adapter was functioning just fine.  I couldn’t figure out why the little green LED on the front of the laptop would not indicate wireless networking was on.

I’ve had miserable experiences with Vista wireless networking, so the next thing I tried was to power down the laptop, remove the battery, and leave it overnight to discharge any internal circuitry that may stay charged for a period of time.  The next day it still would not work.

Next I plugged the laptop into a wired network and installed the latest antivirus updates and then the latest windows updates.  I didn’t really think these would fix it, but at this point I was baffled.

Finally, I went to Google and found my problem.  The VAIO, like many laptops, has it’s own redundant dashboard software for managing a number of the laptop functions.  The standard windows dialogs all thought everything was on and running, but the VAIO specific “smart network” was not on.  I re-enabled WLAN in “smart network” and everything worked great.

I don’t know if there is a reason that vendors seem to ship redundant dashboards with their machines.  I’m really quite tired of it, though.  Either windows power management & wireless networking needs to be disabled or these redundant tools need to go away.  One way or the other, though, I need to be able to check a single spot to determine whether the network is on.

Is there a lower life form than spammers? I don’t think so.

If you are getting spam from an address this morning, they’re not really from us.  Somebody has been sending emails from various addresses that don’t even exist.  I know about it because all the bounces come to me and there have been dozens of them.

There isn’t a lot that can be done to avoid falsely being used as a from address on spam, but there is one thing I can do, and I’m going to do it:  As soon as possible I will be migrating to a better hosting company and setting up the appropriate DNS records to authorize only my IP address to send email.  I shouldn’t have to pay extra to prevent criminals from fraudulently using my domain in their emails, but I’ll do it anyway to put a stop to this nonsense.

My apologies to anyone that got a forged email today.

Avoiding javascript injection

The cardinal rule of web development is never trust user supplied data to be safe.  A surprising number of developers don’t take this seriously when inserting into a database.  An even larger group incorrectly trust their raw data for output.  This opens upon the browser to what are called injection attacks.

Injection attacks open up your web application to malicious users who can use it to get your application to output things you never intended it to, like a block of javascript that passes the session id to a remote server.  The solution is to always convert your data into a benign form before outputting.  With database queries this means adding slashes to both quotes and slash characters inside of your string variables.  In HTML this means converting dangerous characters into html entities.  (Those little < &gt, & things you’ll see all over the source for the better web sites.)

Usually following these two techniques religiously is enough to secure your application from injection attacks.  However, I ran into an interesting problem the other day that requires a third type of escaping.

Continue reading “Avoiding javascript injection”

Sometimes it’s easier than we make it.

I just lost a ridiculous amount of time burning an ISO so that I could update a blu ray player.  It all started when Quantum of Solace wouldn’t play in my new cheap  Insignia Blu Ray player.  At first I was worried that there was something wrong with the player, but eventually I decided to check for a firmware update.

I wonder what the less technically inclined do when their blu ray players need firmware updates.  Seems like a really poor idea to release movies in a format that requires a firmware update.   I’m sure it has to do with updating copy protection schemes.  Strike one against blu ray for making things more difficult than they should be.

Now, despite the ethernet port that is built in to the Insignia NS-2BRDVD player, they don’t offer direct Internet firmware updates.  Strike one against Insignia for making things more difficult than they should be.

So I ventured into my office to find a support website. Sure enough there was a firmware update available for my new Blu Ray player.  It comes in the form of a cd-iso image.  I’ve played with plenty of iso images in the past when burning linux distro’s so I figured no big deal.  Unfortunately, when I went to fire up the free third party cd burning software that came with Vista it complained that the software was not installed or had become corrupted.  I suspect it really means that my Windows registry is broken in some form or another. Strike one for Windows.

“Not to worry”, I thought to myself, “I have other 3rd party software that I already own.  I’ll just install that.”  So I set about installing some old cd burning software I had sitting around.  After the install I was asked the standard, “Would you like to reboot now?” question.  For some reason, this was the first time I’d ever thought about that statement.  Who would ever actually like to reboot after installing software?  Obviously, any sane person would prefer to use their new software right away….  But I digress.  Strike two for Windows.

After installing the third party program I found that my CD/DVD burner wasn’t recognized.  (It’s a Lite-On, which I believe is one of the larger manufacturers right now).   Strike three for Windows.

So I went in search of a software update for the third party program.  I was pleasantly surprised to find an update, which I dutifully installed (again rebooting afterward.).  Once Windows restarted I tried the 3rd party software again and again it didn’t recognize my player.  I read the FAQ and it said the software may not have drivers for my drive.  This struck me as ridiculously silly because Windows has had built in hardware drivers for over a decade.  Indeed, I installed the software using a the drive the the burning software now declined to recognized.  Does the software really have to access the hardware directly to control a burner?   Strike four for Windows.

And the final strike was against yours truly and is perhaps the silliest (and also the one that makes this article appropriate for Linuxgems).   After all this trouble I copied the iso to my MythTV (sitting literally inches from the blu-ray player).   I right clicked the iso, and followed the prompts and 30 seconds later I had an iso ready for my blu ray player.  I was so used to the decade old idea that it was easier to burn stuff in Windows that I didn’t even try it in Linux.  When I did my eyes were opened by how overly complicated I had made things by not trying Linux first.

Final tally:

Blu ray: 1 strike

Insignia: 1 strike

Windows: 4 strikes

Me: 1 giant strike

Virtualization for consultants

Virtualization has really taken off over the last couple of years.  One of the sites I work on is hosted on a virtual machine over at SliceHost (they’re excellent BTW).

A company I was with a few years back has switched their whole development environment to be fully automated VMs.  They can create a new clone of a VM and fire up a clean copy in a matter of minutes.

In my consulting work I’ve stumbled onto a problem that virtualization solves wonderfully.  The problem is this: small clients never have a development server for me to work on.  Many clients would prefer that I just develop directly on their production machine.  My position, however, is that I will never write/debug code on a production server, even if your site gets practically zero traffic.  It’s just a matter of priniciple.  What’s more, if you ever want to be a big site, you should make sure that your site isn’t down with errors all day long while people are coding up the next version.

What I did when I first started consulting was grab an old PC that I had snatched up at a surplus sale for $10 and loaded Linux on it.  When I started work with a new client I could usually configure a LAMP stack in less than an hour for the peculiarities of that client and then I’d be in business.  Of course, if I wanted to juggle multiple clients I had to use shell scripts to swap out the apache/php configs.

Then one day I decided to give virtualization a try.  It is absolutely fabulous!  I upgraded my little $10 machine with a 300 Gig hard drive, and set up a VM for each client on it.  Each client can have 10-20 gigs.  If I ever outgrow my 300 Gig drive it will be a no brainer to go grab a terabyte drive for whatever ridiculously cheap price they’re selling for and I’ll have plenty of room to grow.

Now if I want to switch from my VentureReturns VM to my HumanServicesHQ VM, I simply issue the following command.

xm shutdown vr -w;xm create hshq -c

Back on my desktop machine I just switch eclipse from one workspace to another and within about a minute I’m ready to work on an entirely different platform.  How cool is that!

BlackBerry Curve is Linuxgems approved!

Recently, my Sprint contract expired and I found myself looking for a new cell phone.  I spent a ridiculous amount of time researching my next carrier and phone.  Here is what I decided:

  • Sprints “Everything” plans are nice, but to save money I needed a family plan plus data for 1 line, which you can’t do on Sprint.
  • 3G phones tend to have short battery life.  My primary needs were voice, calendar, and email,  so I don’t really care about 3G.
  • The T-mobile dash is a great phone.  I almost signed with T-mobile just for this phone.
  • AT&T is my preferred carrier for my part of the country.  I live in the city so most carriers would work for me, but my family warned me that in their area I might not get a signal with T-mobile.
  • The Samsung Black Jack II is being closed out in various places right now and you can get one almost for free.  This is great because the Blackjack II is a windows phone.  Windows phones are supposed to have really nice calendar functionallity.

In the end I settled on AT&T and a Black Jack II which I was going to get for free from Walmart.   However, I visited an AT&T store told them I wanted a BlackJack II for free (to see if they would match Walmart.)  Unfortunately, they had already sold their last Black Jack II, but they wanted my business so they made a ridiculous deal for me on a BlackBerry Curve.

I hadn’t really considered any blackberry phones because I figured they were more than I wanted to spend.  With the deal I got I happily bought the blackberry and it is wonderful.

The phone comes with some decent themes, including “today” themes that show you a couple of your upcomming appointments.  I wanted to see more than 2 appointments on my today theme, though.  After surfing the Internet for a bit I found a nice “today” theme that shows my next 7 appointments.   That is usually enough to get me through several days, so at a glance I can always see what my week is shaping up like.

Battery life on the Curve is pretty good.  If I surf the Internet a lot then it lasts about 24 hours.  If I just use it for phone,email,calendar stuff then I can get at least 2 days and could probably get 3.  (I haven’t tried yet.)  From what I’ve heard about smartphones that is pretty good battery life since some of the newer phones can only last from sunrise to sunset.

I’ve loaded an ssh client on my BlackBerry and used it to control a server.  In a pinch I could restart apache or stop a slow database query if I had to.

Now with captchas!

The last day or two somebody found the blog and started spamming the comments section.  All the emails for comment approval started to become a distraction.  So this morning I’ve enabled reCAPTCHA on LinuxGems.

There is a reCAPTCHA plugin for wordpress that makes the captchas a snap to set up.  It probably took about 5 minutes including signing up at

If you’re not familiar with reCAPTCHA, they are a bit different from some of the other captchas out there.  reCAPTCHA uses a pair of words.  One of which is a known word and one of which is a word that failed OCR.  To pass the captcha test the user has to get the known word right.

The second word, the one that failed OCR, is actually text from older literature that needs digitizing.  So using reCAPTCHA is a bit of a public service.  When a statistically significant group of people put the same value for a given word then reCAPTCHA knows that they have figured out what the word was.

Slick stuff.

jQuery UI redemption

I noticed today that the jQuery UI folks have gone about correcting the problems with the 1.6 release candidates.  They’ve chosen to tie UI version 1.6 to jQuery 1.2 and create a new UI 1.7 to work with jQuery 1.3.   I think this is a great idea.  Between the CSS changes in the new UI version and the UI tools that were already leveraging new jQuery 1.3 functionallity it was obvious that 1.6 would not work in both jQuery 1.2.6 and 1.3.

I notice tonight that the UI homepage shows jQuery 1.3 next to UI 1.6rc6 and jQuery 1.2.6 next to UI 1.5.3.  It would have been nice if the renumbered 1.6rc6 to 1.7rc1, but I’m at least glad that the site makes it clear what will work with what.

Over at Human Services HQ we’ve stabilized around jQuery 1.3, jQuery UI 1.6rc6, a third party autocomplete, and thickbox.   The only change I had to make to get jQuery UI to allow a calendar inside the thickbox was to add a z-index to the calendar div.  Since then it has been smooth sailing.

Despite the growing pains for jQuery UI this release I remain a big fan.  If you are looking for a lightweight javascript framework jQuery can’t be beat.  If you want some UI widgets to use on top of jQuery then jQuery UI is the obvious first place to look.