iPad SDK 3.2 Beta 4 Clears Up Facts About iPad Camera And Give Some Gestures TO Developers.
Google Maps Adds Biking Directions
App Engine joins the Google over IPv6 Program
Good Artists Copy, Great Artists Steal
Tech Tour: Cambridge Innovation Center
Nippon Oil and Hitachi aim at mass-producing microbe-derived biofuel
SCALE8x, OpenVZ goodies, and new kernels (including 2.6.32)
Strategy: Planning for a Power Outage Google Style
The island phone system adventure… « Baby is 60 – Tim Panton on voice and computers
Frameless laptop screens expected soon
The blind camera shows you someone else’s pictures
Princeton TPM-ICN series Bluetooth bracelet.
YouTube Blog: The Future Will Be Captioned: Improving Accessibility on YouTube
Put a Spark into your Presentations with Ignite
muCPjK4nGY4&hl=en_US&fs=1&
Google Code Blog: Google PowerMeter API introduced for device manufacturers
Sparkfun free day tomorrow: 1/7
Need a recursive DNS server? Use 8.8.8.8 and 8.8.4.4
JIQL - Java JDBC wrapper for Google DataStore
Unicorn == Mongrel delayed_job
Remus - Transparent HA for Xen
Crossbow Virtual Wire Demo Tool
Eucalyptus MySQL SOLR RabbitMQ Varnish == Nebula.nasa.gov
Apple drops ZFS due to legal concerns
Peering disputes between Cogent and Hurricane Electric
Equinix to acquire Switch and Data for $689 million
Project kxen renamed project HXEN
Lessconf Jacksonville - followed the next day by Barcamp
Stick-figure guide to advanced AES crypto
Why you should pay attention to Google Wave
rails-primer - how to easily host rails projects on appengine
AppEngine-JRuby on google code
Ruby on Google AppEngine: appengine-jruby video
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Proxmox VE - OpenVZ KVM Cluster appliance management
Sun/Oracle kill of SXCE: Sysadmins everywhere cry in horror.
making water drinkable through nano-filtration
Pigin 2.6.1 adds Xmpp voice and video support
Setting up a Layer-3 tunnel VPN using ssh 4.3 and -w option tun devices
shadowserver.org - botnet hunting resources
OpenBSC - a Siemens BS-11 microBTS or a ip.access nanoBTS == your own GSM tower
Karesansui Project - a Xen management harness from Japan
Pygowave Server - Run your own Google Wave server
Xen clocksource0 time went backwards
Internet vs World Population stats
Apple pulls Google Voice app from iPhone - AT&T's fault
live-android boot ISO - very neat
How to update your GeoIP information in addition to SWIPping
Google Wave hackathon on 20th/21st, if you happen to be in Mountainview
Did I mention OTOY here before?
STuPiD - STUN/TURN using PHP in Dispair
Browser based Server-side 3D gaming from OTOY
Cisco's replacement for the WRT54GL is the WRT160NL
Spinn3r.com - Index the blogosphere
Parts of galaxy Messier 87 are missing
DRAEGER ALCOTEST 7110 MKIII-C Evaluation of Breathalizer Source Code
How Michael Osinski Helped Build the Bomb That Blew Up Wallstreet
Bruce Perens - A Cyber-Attach on an American City
How Google and Facebook are using R
adito - the new gpl fork of the old sslexplorer project
IP Address geolocation for free
Shapeways - $50 "3-D poem rings" until the end of the month
GrandCentral to become Google Voice
TurboVNC VirtualGL == FAST network GL
Ben Rockwood's presentation at the OpenSolaris Storage Summit: ZFS in the trenches
The Crisis of Credit Visualized on Vimeo
10gen - a java based app hosting infrastructure
Engineyard Vertebra - another cloud infrastructure management harness
Eucalyptus - an opensource EC2 compatible hosting infrastructure
railsbrain.com <-- ajaxified rdoc
AP IMPACT: SWAT Teams Deployed in 911 fraud
Lessons learned by people who have quit Google
Makwana indicted for Fanny Mae malware
Zentific svn repo: alpha available
DACS - Distribution and Configuration System - version 2.0
Video of Cisco IOS attack talk at Chaos Computer Conference
Cosmic radio background noise 6 times higher than expected
Grow your own bioluminescent algae
Quartz Composer and Cruise Control status
Sunay Tripathi's Solaris Networking Blog
Merry Christmas from Chiron Beta Prime
Google's Native Client... the next ActiveX?
kenai.com - xVM Server Project site
58% Spam Drop from one colo shutdown
Xenomips - a Xen friendly domU version of Dynamips - Emulate a Cisco 7200
Debian and Android dual-boot on the G1
Sipper (SIPr) - a SIP testing framework in ruby
DBslayer - a SQL abstraction layer using JSON
Fingerworks keyboard in a MacBookPro
The Phoenix BIOS hypervisor is Xen
Do you live in a Constitution-Free zone?
Puppet presentation at NYCOSUG this month
XenSmartIO - Infiniband IO for Xen
Starting with b100, OpenSolaris has virtual consoles
OpenSolaris testfarm build server interface now available
Firefox M9 Fenric - Maemo alpha
SystemZ - aka Sirius - a port of OpenSolaris to IBM System Z mainframe OS running in z/VM mode
Solaris and ZFS on a Dell 2950, tweaking notes
Early Access Windows PV drivers for xVM
Economics: The Theory of Interstellar Trade
The Financial Crisis: What Happened and What's Next?
Cisco to run Windows 2008 on their appliance virtually for services
Packetfence: an OpenSource Network Access Control system
persist.js - an alternative to gears
Chinese building "impossible" EM drive
COMSTAR SMTF - solaris FC, SAS, and iSCSI targets
Flexiscale - yet another control panel?
RightScale - cloud control panels?
Criticial ESXi remote vulnerability in openwsman
Microsoft FUD on VMWare: vmwarecostswaytoomuch.com
nmap builds zenmap topology maps
Don't forget about BarCampTampaBay
The LHC accelerates, and that's what it's all about.
Sun's launch of xVM, live webinar
Microsoft to give away Hyper-V for free, live migration by 2010
Ubuntu's Intrepid Ibex will be followed by Jaunty Jackalope
Why Xen traps negative segment offsets
Rails 2.1.1 more REXML bug fixes
Indiana OS2008.03 RN3 released - based on nv_b96
Skype Mobile Phone (Not in the US)
Youtube gets closed captioning support
Getting xVM to work on OpenSolaris 2008.05
How a VoIP E911 call is handled
MonetDB - a column based RDBMS, ideal for time series data
VMfaq's comparison of virtual storage IO
Xen and Solaris, a log of experience.
OpenSolaris CR#6654713 - 32G limit bug stemmed from bad USB hardware? Perhaps fixed?
OpenSolaris CommonArrayManager
Sharity-Light - smbfs derived samba clone
Drizzle, a thin mysql, generating buzz
VMWare to offer ESX hypervisor for free
Fan, the programming language.
Blackberry Thunder with Haptics keyboard
iPhone App Store Live Walkthrough now available
Overclocking tool for the Mac Pro
ADO.NET Entity Framework (Microsoft's new ORM) given a non-confidence vote by beta testers
Ruby interpreter flaws make the case for JRuby
AdvFS - Tru64 filesystem ported to Linux
OpenSolaris 2005.05 repository update to b91 - follow these instructions carefully
SXCE can ZFS install as of b90
Vertebra: EngineYard's Next Generation Cloud Computing Platform
Skype 4.0 beta overhauls video chat
Mozilla org receives traditional IE cake
Toyota Prius to go entirely Electric
Bill Gates steps down permanently for philanthropic activities
Men write code from Mars, Women write more helpful code from Venus
DRBD LVM Xen = Bug. A rather nasty one at that.
Intel unveils Ct as an extension for C/C to encourage threaded programming for multiple cores
VMWare ThinApp - Run any Windows app on any version of Windows
JRuby-Rack <-- a JRuby port of Rack
Rack <-- a lighter cousin to Merb, fully threaded and no Mutex.
Solaris Cluster Express (SCX) 6/08 released.
Changing solaris' default password hashing
Texas based service provider explosion affects 9,000 servers and 7,500 customers.
Jruby on Rails on Tomcat deployed as as WAR file
42 more of the best Linux games
Use Google's cached ajax libraries
Arduino microcontroller with OS/X
The metasploit page describing the full impact of the poor RNG.
Holger Bert's blog post on the openssl RNG fiasco
Cayac - Cherokee MySQL PHP5 phpMyAdmin
ZFS very slow under an xVM kernel
Dynamically editing libvirt xml configs while a VM is running to redefine reboot flags.
Chronoton - the time travelling robot who's best friend is a talking pie game
Rietveld - Google's code review tool
Opensource multitouch displays
Ono - an efficient way to locate nearby peers
Solaris CIFS integrated AD with ZFS acls
Samba Winbind and ZFS acl working together
Matt Pelletier queried the Mongrel mailing list asking for any personal experiences or tips regarding mongrel and rails hosting in general for some book currently underway.
This was my quick response:
At the moment, the largest site we host is Kapture (www.kapture.info), a Web 2.0 startup. I would be happy to cover our infrastructure in detail if you're interested.
To avoid missing class errors for your models, be sure to define all your models with "model" at the beginning of your application.rb. (NOTE: Edge rails deprecates the use of "model" for loading models, and should load models as it needs them). Alternatively, add something like the following to your application.rb:
# Pre-load every .rb file in the models dir
Dir.foreach(File.dirname(__FILE__) + "/../models") {|file|
model $1.to_sym if file =~ /(\w+).rb$/
}
If you build your mongrel by hand and have a http11.so, do not copy it willy nilly wherever you would like. I had copied it into my gems path (/usr/lib/ruby/gems/1.8/gems/mongrel-0.3.13.3/lib/http11.so) by building my own gem with a pre-compiled http11.so as the production boxes don't have a compiler. After installing the gem, I spent countless hours debugging what was causing bizarre SEGFAULT errors. Normally, mongrel installs http11.so to your local siteruby directory (/usr/local/lib/siteruby/1.8/i486-linux/http11.so). Apparently if you have http11.so in your gems lib dir, it causes some deep magic problem with ruby that you'd have to float by Zed or someone to fully explain.
Use a proxy that can quickly serve static content. We started with Pound but had problems with various satellite provider's transparent proxies spitting up 500 server errors for some weird reason. I then moved to Apache 2.2 with modproxybalancer, and static content noticably improved. Mongrel is "ok" at serving static content, but it doesn't hurt to have something in front of it to speed things up.
Mongrel will spin out of control. Use a tool like "monit" to monitor the individual mongrel daemons and kill them off and restart them if they stop responding.
Running mongrel with -B will spit out all kinds of fun debugging stuff to the mongrel_debug/ directory.
Sending a SIGUSR1 will cause a mongrel daemon to die off, and spit out a backtrace of the running state of threads when it recevied a signal. This is a good way to trace why mongrel is spinning.
Sending a SIGUSR2 turns on debugging on a running mongrel server. According to Zed, the debug impact is minimal, and thus fairly safe to use in production.
Use apache's mod_deflate (or turn on gzip content encoding in general). The speed improvement is noticable.
Get your application running. Worry about scaling later. Rails will scale, with only minor tweaking.
Use the exception_notifier plugin on your production boxes to send you email whenever a Rails error occurs.
Run memcached and memcache-client (or memcache-client-stats) instead of the default local file based session store.
Learn to use fragment caching and run memcache_fragments. It is well worth the optimization. Use page caching sparingly, particularly on your main page or pages that are being actively slashdotted.
If you run memcached, consider using memcache-client-stats to get some visibility into the activity to your memcache servers.
Keep complex objects out of your session store as much as possible. Avoid storing complex objects in pstore. Don't be afraid to use memcache directly, particularly with alternate namespaces.
If you're running a cluster, run a centralized syslogng and log to syslog. Consider turning off rails logging altogether in your production cluster.
While svn:externals is a wonderful thing for development (/vendors/plugins), freezing plugins, gems, and rails to your project makes it far happier in a production environment; also, much easier to deploy.
You can use Sequoia / C-JDBC with Carob's libmysql replacement with Rails to both mirror and stripe data across a large number of servers.
The Postgres pgcluster project is flakey, and the sole maintainer doesn't consider anything beyond 1.0.11 "stable" enough for anyone to actually use in a production environment. Unfortunately, that is tied to Postgres 7.3, which destroys any hope for ALTERing tables after they are created (among other things). Avoid it for now. If you must replicate, use something like Slony instead (I haven't found anything in ActiveRecord about shunting writes to one database connection and reads to a cluster of replicated slaves).
There are many more things to add to this list, these are just the items that came immediately to mind.
We've taken to writing rules on our whiteboards.
Today I was driven to write the following on my whiteboard:
Ian's Operational Rules
I'm sure this list will grow over time.
Venting this way feels much more constructive for some reason.
While playing with mod_auth_remote, it became apparent that libapr1's changes have slightly broken it.
There were two errors during compilation:
$ /usr/bin/apxs2 -i -a -c mod_auth_remote.c
mod_auth_remote.c: In function` get_remote_auth':
mod_auth_remote.c:109: warning: passing arg 4 of `apr_socket_create' makes integer from pointer without a cast
mod_auth_remote.c:109: error: too few arguments to function `apr_socket_create'
mod_auth_remote.c:117: warning: implicit declaration of function `apr_setsocketopt'
mod_auth_remote.c:117: error: `APR_SO_TIMEOUT' undeclared (first use in this function)
mod_auth_remote.c:117: error: (Each undeclared identifier is reported only once
mod_auth_remote.c:117: error: for each function it appears in.)
mod_auth_remote.c:126: warning: implicit declaration of function `apr_connect'
mod_auth_remote.c:143: warning: implicit declaration of function `apr_base64_encode'
mod_auth_remote.c:147: warning: implicit declaration of function `apr_send'
mod_auth_remote.c:158: warning: implicit declaration of function `apr_recv'
apxs:Error: Command failed with rc=65536
A quick couple of googles later, I worked up this patch to fix both of the above errors:
--- mod_auth_remote.c.orig 2006-09-14 13:33:51.000000000 -0400
+++ mod_auth_remote.c 2006-09-14 13:33:33.000000000 -0400
@@ -17,6 +17,8 @@
#include "http_protocol.h"
#include "http_request.h"
+#include "apr_version.h"
+
typedef struct {
int port;
@@ -106,7 +108,12 @@
apr_sockaddr_t *addr;
- if((val =apr_socket_create(&socket, APR_INET, SOCK_STREAM, r->pool))
+ if((val =apr_socket_create(&socket, APR_INET,
+ SOCK_STREAM,
+#if (APR_MAJOR_VERSION > 0)
+ APR_PROTO_TCP,
+#endif
+ r->pool))
!= APR_SUCCESS)
{
ap_log_rerror(APLOG_MARK, APLOG_ERR, val, r,
@@ -114,7 +121,12 @@
return HTTP_INTERNAL_SERVER_ERROR;
}
+/* APR_SO_TIMEOUT is deprecated in favor of apr_socket_timeout_{set|get} */
+#if (APR_MAJOR_VERSION > 0)
+ apr_socket_timeout_set(socket, (int)r->server->timeout);
+#else
apr_setsocketopt(socket, APR_SO_TIMEOUT, (int)r->server->timeout);
+#endif
if((val = apr_sockaddr_info_get(&addr, conf->remote_server, APR_INET,
conf->port,0,r->pool)) != APR_SUCCESS)
{
And now everything builds just fine.
Again, the patch is here: mod_auth_remote-apache2.2.patch
The Problem
We have been getting a "undefined class/module" error on 2 of our 6 app servers in one testbed.
Same sourcecode, same installs (systemimager and an isconf style configuration management harness), same binaries. Identical everything. Pound + mongrel + memcached + postgres (pgcluster).
The odd bit here is that our "dev" and "prod" pairs had one node reporting the error, but the other node did not. The "qa" pair worked just fine with both app servers, without incident.
Jason Hall reported the same thing on IRC, and we compared notes.
Basically, the problem looks identical to this unanswered RubyForge error.
Here is a snippet from the logs where I was seeing the problem:
/usr/lib/ruby/gems/1.8/gems/mongrel-0.3.13.3/lib/mongrel/command.rb:199:in `run'
/usr/lib/ruby/gems/1.8/gems/mongrel-0.3.13.3/bin/mongrel_rails:235
/usr/bin/mongrel_rails:18
undefined class/module Project
/usr/lib/ruby/gems/1.8/gems/memcache-client-1.0.3/lib/memcache.rb:128:in `get'
/usr/lib/ruby/1.8/thread.rb:135:in `synchronize'
/usr/lib/ruby/gems/1.8/gems/memcache-client-1.0.3/lib/memcache.rb:98:in `get'
All of them identical. An error restoring an object from a memcached session.
I caught Zed online and asked about it, he suggested removing any "complex datatypes from the session".
I was going this direction when Jason Hall found a "solution":
The Solution
Jason Hall found a workaround: merely add a "model" line to the app/controller/application.rb, and those
model :user, :group, :project
From what I've been told, "model" is deprecated in Edge Rails, so this isn't a permanent solution. But this does make for an interim workaround.
I guess my question is: why would a class be undefined? Is this some kind of a loadpath issue?
After patching up mod_auth_pgsql2, I ran into another painful wall.
In order to use ActiveRBAC's static_permissions schema to authenticate wether a user has permission to a specific repository path, I would need to parse the APR request_rec.uri path to pull out a repostory name and pass that to a rather complex SQL query:
SELECT users.id FROM users
LEFT JOIN groups_users ON groups_users.user_id = users.id
LEFT JOIN groups ON groups.id = groups_users.user_id
LEFT JOIN groups_roles ON groups_roles.group_id = groups.id
LEFT JOIN roles_users ON roles_users.user_id = users.id
LEFT JOIN roles ON roles.id = roles_users.role_id OR roles.id = groups_roles.role_id
LEFT JOIN roles_static_permissions ON roles_static_permissions.role_id = roles.id
LEFT JOIN static_permissions ON static_permissions.id = roles_static_permissions.static_permission_id
WHERE users.login = '%s' AND
( roles.title = 'Administrator' OR
static_permissions.title = ( 'View Project ' ||
( SELECT id FROM projects WHERE projects.name = '%s' )
))
Ouch.
So I started patching up mod_auth_pgsql2 even more, ending up with some mighty painful logic and configuration options. Argh. Not the Rails way.
Rather than make keep and maintain such a monstrosity, I googled one last time for an alternative.
And I found it: mod_auth_remote.
With mod_auth_remote, apache now makes HTTP requests to a configured Rails method that returns a 2xx result code if access is permitted.
Here's my mod_auth_remote apache config:
AuthRemotePort 3000
AuthRemoteServer localhost
AuthRemoteURL /repo/auth
And my RepoController method auth:
def auth
user = User.find_with_credentials(params[:login], params[:password])
if user.nil?
render :nothing => true, :status => "401 Unauthorized"
else
if user.has_role?("Administrator") or user.has_permission?("View Repo #{params[:path].split('/')[1]}")
render :nothing => true, :status => "200 OK"
else
render :nothing => true, :status => "403 Forbidden"
end
end
end
Now I did need to modify mod_auth_remote slightly to pass the user/password and path as parameters. Thankfully, this patch is a one liner:
req_b = apr_pstrcat(r->pool, "HEAD ", conf->remote_uri, "?login=", user, "&password=", passwd, "&path=", r->uri," HTTP/1.0",
CRLF,"Authorization: Basic ",encoded,CRLF,CRLF,NULL);
Simple! Subversion now uses ActiveRBAC to authenticate read requests.
What's more, I've written a generic ruby "hook" script for Subversion that makes SOAP calls to a Rails web services API, but that's for a future post.