Feb.2012
As much as we all love and admire github, it’s easy to forget that setting up and sharing a git repository on your own system is incredibly easy. And technically, you can find any information available in github’s lovely UI by using just plain-old git command mojo (granted, in some cases it would take some serious mojo).
The only issue is setting up the permissions properly so you don’t end up stomping on each other when pushing changes. This comes down to a basic combination of setguid and umask setting a simple core.sharedRepository flag on the shared repo.
Read more ›
Jul.2011
If you do testing in your Rails apps (which, you do, of course), you’ll get tired of waiting 45 seconds for poor little rake to run and load the entire Rack and Rails stack each time you want to test a tiny change. Spork makes things much more snappy. And snappy is good, it might actually cause you to enjoy brief flashes of serotonin production (i.e., pleasure) while testing – I can’t live without it.
Currently, spork seems to play along with the whole RSpec/Cucumber trend. But if you want to run it on ruby 1.9.2 and use Test::Unit, you basically have to go to edge, and dodge a couple gotchas along the way. Here is a step by step:
Read more ›
Jun.2011
Late last year, everyone’s favorite editor saw version 7.3 come to light. One of the interesting new features is built-in and easy-to-use Blowfish file encryption, a powerful and much-needed upgrade from the old UNIX crypt function available in older versions. crypt() is an old and very breakable algorithm, not suitable for anything except protecting plain text from non-technical users (e.g., protecting your diary from mom). Although, in practice, given a very good encryption key, it can be rather challenging to brute force an encrypted file.
But, Blowfish is the real deal. You may sleep soundly, knowing your diary, or the passwords to your bank accounts, are ciphered in Blowfish – and you could even post that file to a semi-secure cloudy-type place like S3 or Dropbox. Also, Blowfish is unpatented and public domain, a truly significant bit of public service, thanks to its author.
To make sure this is working, and fine-tune vim to avoid writing a plain-text swapfile, I’d recommend something like the following:
Read more ›
Jun.2011
When testing a Rails app backed by a postgreSQL DB, rake db:test:load and the unit tests drop and re-creates the entire database. As such, the database user used in the testing environment needs to be able to drop and create databases. In postgres, you do that by assigning the CREATEDB privilege directly to the testing user (and not by messing around with roles).
# su - postgres
$ psql -c "CREATE USER myapp_tester WITH PASSWORD 'xxxxxx'"
$ psql -c "ALTER USER myapp_tester CREATEDB"
a corresponding /config/database.yml might look like:
common: &common
adapter: postgresql
username: myapp
password: xxxxxx
host: 127.0.0.1
development:
<<: *common
database: myapp_dev
test: &test
<<: *common
database: myapp_test
user: myapp_tester
Dec.2010
Wanna speed up those php apps, while reducing your server’s memory footprint, and improve your security model all at once? Of course you do! All you have to do, is ditch the defaults and run PHP5 through fastcgi and suexec on Apache2. This is a fairly straightforward task, but there are several gotchas. This setup confers a couple advantages over the simple mod_php and pre-fork MPM (multi-process model):
- security: suexec gives you the option of running PHP scripts in different virtual hosts as different users. This is critical when you have to run un-trusted PHP for various sites on the same server.
- resources: FastCGI allows you to keep using mpm-worker (threaded) processing, as opposed to mpm-prefork. This will reduce the memory footprint of the Apache ecosystem significantly.
In our specific case, it was required to leverage an existing VPS server running mod_rails/Passenger to deploy WordPress on a virtual host and some other small PHP apps from 3rd-party untrusted developers. Caging the notoriously vulnerable WP and other questionable code is key. Just as importantly, using mpm-prefork with mod_rails would have resulted in 2-3x more memory usage (you can only use one MPM model per Apache install, and mod_php is still not thread-safe enough to use mpm-worker). Therefore, we use FastCGI to run PHP as a discrete set of processes outside of Apache, and mod_rails (or other modern, thread-safe components) can take advantage of a threaded MPM.
Read more ›
Sep.2010
Here is an object lesson in the old philosophy of simple, convenient tools that focus on doing one thing, and one thing well, and also combine and inter-operate well with other tools, to create one monster flying space robot with laserbeam eyes that crushes everything.
Here is what we want to do in a typical Rails site development/staging/production workflow.
- Deploy with ‘cap staging deploy’ and ‘cap production deploy’, nothing else
- Use Passenger/mod_rails on server, webrick or unicorn in dev
- Use RVM to manage ruby versions and gemsets
- Use git for version control
The default Capistrano configuration is perfect for simple development -> production workflows, but in our case the necessity of providing timely iterations on a staging site was also added. This staging site should be on the same server as the production site, to guarantee no unexpected gem version conflicts or other unanticipated system issues cause a headache. It also allows us to unroll new features for stakeholder review, or merge development branches from offsite developers.
Fortunately, there is now a ‘multistage’ component to the capistrano-ext plugin, that is ideally suited for this use case.
Secondly, we are of course using Passenger, also known as mod_rails, which is a no-brainer at this point.
In addition, the we are using git as a version control system as well, which takes a bit of configuration to change from capistrano’s default of subversion.
Finally, we will be using RVM on both development and the staging/production systems, mainly to enable us to use REE which provides a noticeably smaller memory footprint than the official ruby branch. (with RVM and bundler on the server you can also run separate gemsets for each app in a virtual host – this is going to be huge)
Read more ›
Jan.2010
Here, I’ll admit it. One of the things I’ve always been a little scared of, in terms of Linux server administration, is LDAP. It’s obviously incredibly useful in many ways, not the least of which, it’s the most current and secure way of centralizing user, group and system configuration information, even across the web. And it offers great inter-operability with other types of systems, whether big-blue Unices, things that Came from Redmond, or even those slick little units that are Designed in California.
But, the nomenclature and concepts can be rather slippery at first, to the young mind (but here is a good intro). And while there is tons of documentation out there, it is not easy reading in general. In fact, it will guarantee to cure insomnia.
This guide is the result of an attempt to get user authentication sharing working via LDAP. After many false starts, it boils down to something pretty simple really. This won’t really be useful in a enterprise production system, but is a good way to get your feet wet.
Read more ›
NIS is a bit of an old-school solution on UNIX systems for sharing user information, including logins, across systems. This allows administrators to centralize all user account information, as well as home directories, across any number of physical machines. There are some security implications (like having to disable iptables on the server, see below), and maybe LDAP would be a better choice. But for a home or small organization behind a good firewall, an NIS system could be a lot simpler to create.
Read more ›
Jan.2010
Something I found out today when I decided to make a quick edit to a video taken on my cellphone: Newer GSM cell phones and devices (such as my now-dated Android G1) now tend to save video in 3GP format. This shiny new multimedia format may have many advantages, but it is not widely supported yet on mainstream desktop software, and also may encapsulate certain codecs that are not free to use. This includes the AMR audio codec, which is patent-encumbered and cannot be freely distributed. Since this is what Android and many others use in their 3GP video output, it has become a common issue.
So, apparently there are people under the impression that you can only read and edit these videos using proprietary software such as Quicktime Pro, sketchy shareware or dodgy apps from questionable code houses. For just making the very occasional simple edit to a cheesy cellphone video, it’s a lot to ask.
Fortunately, there is a good alternative. All you need little command-line mojo and some patience.
Nov.2009
A minor UI detail in development required that we include the width and height of certain images in the HTML and XML views. Since we were using the file_column plugin, which doesn’t normally save any image information besides the file name, this turned out to require some hacking.
Read more ›
