Sunday, March 01, 2009
This is one reason I hate firewalls—they make troubleshooting network issues so much harder …
Yesterday's issues were partly caused by an issue with our upstream provider doing something to our TCP traffic, and now the single packet authentication is working.
Grrrrrrrrrr …
Monday, March 02, 2009
Using signed certificates with OpenSSH
A few months ago, I started playing around with secure certificates. I downloaded TinyCA, a simple interface to OpenSSL that's enough to run a simple certificate authority. Using that, I created a secure site (it's signed by my own certificate authority so you'll get a warning if you visit that page; if you don't want to get the warning and you trust me enough, you can install my certificate authority certificate and check the fingerprints).
Once that was done, I went further and protected a directory using signed certificates for client authentication (and you'll get a very cryptic error when you visit that link without installing the proper certificate). TinyCA makes the process painless to play around with this stuff (and for the curious, the configuration file).
Now, the recent mess with logging in via ssh
got me thinking. It would be nice if we (as in, The Company) could use secure certificates to log in via ssh
. Sure, we can generate key files to have password-less logins, but we have a few customers that also need ssh
access, and having a secure certificate would be nice. Not only could we set the expiration date, but we could also revoke the certificate should it be become necessary (a compromised account, non-payment of bills or an employee (heaven forbid) being let go).
Now, given that TinyCA is a basic frontend to OpenSSL, and that OpenSSH uses OpenSSL, I expected OpenSSH to have support for signed certificates.
Apparently not, but there is a patch for it. This is something I need to look into.
Update on Thursday, May 18th, 2023
https://secure.conman.org/
is no longer as all my sites are
now secure.
Wednesday, March 04, 2009
Bedtime for Bonzo
[The rant that was here has been removed, but don't worry—the sentiments expressed in this rant will be discussed at a later time. Suffice to say, I don't like change. —Sean][You can say that again. —Editor]
Insane “out-of-the-box” thinking
Last night's redacted rant (okay, technically very early this morning) had to do with a crisis of confidence at work (the proverbial straw last night was replying to a trouble ticket with a huge rant with some fairly strong language <cough cough> about package management systems and forgetting to tick the “staff only” option—oops) and wondering why Smirk even puts up with my curmudgeonly tendencies.
I guess I found out why today. Smirk called with a rather interesting problem. One of our clients lost the administrative password to MySQL and could we reset it? We didn't have the administrative password either. Smirk tried the “recommended procedure” in this case:
- Shutdown MySQL:
/etc/init.d/mysql stop
- Restart MySQL with an option to bypass authentication:
mysqld_safe skip-grant-tables &
- Reset the administrative password:
mysqladmin -u root password "newpassword"
(or some variation on this—there are several different ways to do this actually) - Shutdown MySQL—here you may need to find the process id and kill it, since you didn't use the startup scripts to start it.
- Restart MySQL using the startup scripts:
/etc/init.d/mysql start
only to fail in step three. That's when he called me.
I did get the password reset, which is what Smirk (and the customer) really wanted. What I did not do was:
- Shutdown MySQL:
/etc/init.d/mysql stop
- Create the text file
$HOME/mysql-init
with the following contents:UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root'; FLUSH PRIVILEGES;
- Restart MySQL:
mysqld_safe --init-file=$HOME/mysql-init &
- Delete the text file:
/bin/rm $HOME/mysql-init
(as I found out after the fact). No, I think differently. I live on the edge. I do things the hard core way:
- Shutdown MySQL:
/etc/init.d/mysql stop
- Copy critical files:
/var/lib/mysql/mysql/user.* /tmp/
- Using a binary editor, zero out the administrative password in
the file
/var/lib/mysql/mysql/user.MYD
(told you I live on the edge, and yes, I used a binary editor I wrote for this—Muahahahaha!) - Restart MySQL:
/etc/init.d/mysql start
- Reset the administrative password for MySQL
I think Smirk keeps me around for my “out-of-the-box” (or is that “out-of-my-ever-loving-mind”?) thinking.
MTV's The Real World: “Work”
In this week's episode of MTV's The Real World “Work” we find Devyn (and to a small degree, Sarah) working for Jovani, Chet working as an interviewer and an interviewee, Baya (and to a small degree, Sarah) working out at dancing, Katelynn working to launch a website for a local commuity outreach center, Ryan working the guitar, JD working the camera for Chet, and Scott working hard to avoid any camera time whatsoever.
I think this episode answered my question temporal changes in editing as an incident that “happened” a month and a half ago—Baya turned down a chance to work with a hiphop dance troop and only now did someone ask her about it. So to me, it's clear that each episode of the show is “scripted” around a person (or persons) or a theme (as this week it seems to be “work”).
Katelynn, for the most part, is portrayed much better in this episode than last week, explaining more about the transgendered process she's going through. And Chet was quite likeable (and he pulls off wearing a bowtie for not being an economist), although his taunting of Kayelynn bugged me.
Monday, March 09, 2009
“Dünyayi Kurtaran Adam” (aka “The Turkish Star Wars”)
I'm 10 minutes into watching “Dünyayi Kurtaran Adam” and I'm speechless. In said ten minutes, we get about four minutes of, dare I say it, stock “Star Wars” footage (which amazingly enough, looks like stock footage taken in the 50s by the United States government) and minutes of exposition whereby we learn that the Earth has been blown up a few times, but still survives in pieces and that there's an enemy force out there trying to destroy the rest of humanity.
Then, using … um … stock “Star Wars” footage intercut and projected behind … um … native footage, we get this horribly confusing space battle where the good guys are flying around in Tie fighters and Star Destroyers (with the Death Star playing the part of “The Earth”) fighting the bad guys in Rebel transports, X-wing fighters and the Millenium Falcon.
I think.
It's all horribly confusing. And it seems that the two fighter pilots engaging the enemy are finally defeated, yet the bad guys lost because of a “brain shield” around the Earth.
I think.
I don't speak Turkish and the subtitles are a very amusing bit of.
Where translation some of is off another screen.
placed.
“Plan 9 From Outer Space,” for all it's continuity errors and cheap sets, is more coherent than “Dünyayi Kurtaran Adam.” Wierder still, my impression of the opening ten minutes don't quite match this impression of the film, but that's okay—it's Turkish translated into Engrish of a film that is seriously infringing upon copyright law.
Huh … had I watched the film for another 30 seconds, I would have seen our two intrepid fighter pilots weren't killed, but instead crashed on a desert planet. And frankly, I think the film would have been better served starting here than with the horribly confusing ten minutes of rear projected stock “Star Wars” footage.
Two more minutes, and at least they had the foresight (or the budget) to use a real desert wasteland than the rock quarries of Dr. Who. And man, the dialog alone is great (I know the two characters are Murat and Ali, although I'm not sure which one is actually which, so I'm arbitarily picking here):
- Murat
- We must know where we are. Otherwise here we may die in a famine and thirst.
- Ali
- I am tired like a dead. Let's rest a while.
- Murat
- This is what they want. Once we drop down we are done.
- Ali
- Would you condemn me if I tell you that I'm affraid [sic]?
- Murat
- Be afraid but don't show it.
- Ali
- Why?
- Murat
- Maybe we crashed on a planet inhabited only by women. They could be testing us to check which of us
- Murat
- is more courageous.
- Ali
- Then I take the lead.
- Murat
- But don't forget to inflate your chest.
(That's not all you better inflate. Thank you! I'll be here all week! Try the veal! Don't forget to tip your waiter)
Man … bad cinema … no, scratch that … bad foreign cinema!
Pass the popcorn.
One should not see how the sausage is made.
While I'm on the subject of entertainment that's so bad it's actually entertaining, I forgot to mention a particular episode of UFO Hunters about a small patch of Nevada known as Area 51.
Bunny recorded the show (watch it while you can before it's taken down) and it was amusing, but for me, it wasn't anything I didn't know before. Really, I only watched it because Glenn Campbell was on the show; far more fascinating than the show was the show behind the show and just how ridiculous a hike up a mountain with a camera crew really is. On screen you see two people, the host, and Glenn. And since you're seeing it, there's obviously the camera man. But in reality there were a total of 15 people on that hike, most lugging tons of camera, sound and lighting equipment.
Quite amusing really.
I'm reminded of all this because Glenn is fact checking the UFO Hunters on their presentation of Area 51. And as he reminds us:
The recent Area 51 episode of UFO Hunters was fine entertainment, but let's make it clear: This was not journalism. It was never intended as journalism, so don't get your knickers in a bunch about factual accuracy. It's only a TV show, designed to appeal to a certain market and sell advertising.
Tuesday, March 10, 2009
Wheeeeeeeee!
The Ticket Comment Du Jour™:
Thanks for your help. This was truly bizarre. You'd think the people working WWW backbone would be doing top jobs now to keep their jobs, but apparently everyone was out to lunch this week.
And if you don't get why this is the Ticket Comment Du Jour™ be glad you don't work as part of the WWW backbone (but a bit more context for those interested: DNS propagation issues).
From the “I'm doing this so you don't have to” department …
I should know better. But alas, one of the latest virtual gewgaws a friend sent me via MyFaceSpaceBook intrigued me enough to click on it. Yes, sign me up for this MyFaceSpaceBook “application” and okay, I see what it is. Fine. But right at the top of the page I see:
(2) of your Friends Challenged you at the IQ Quiz
(1) of them thinks you are dumb!Accept Challenge
Alright, fine. I'm curious.
Click.
I'm taken off MyFaceSpaceBook to some other website that's asking some very easy questions. I answer a bunch and have to type in my phone number to get to my results. No way I'm doing that, so it's “555-555-1212” and …
More questions. And one of the questions leads off to yet another site asking questions. I answer all those questions, answer for my phone number as “555-555-1212” and got back “Thank you. We'll text your results.”
Heh. Good luck.
But the quiz that lead off to that quiz is still open. I type in my birthday, and then I have to fill in all this personal information. It didn't like my first name of “S”—apparently that's not a valid name. And it didn't like my address of “123 Main St., Boca Raton.” When I typed in the address of The Company, it somehow knew it wasn't a residential area and required an apartment number. Oh, and it didn't like my phone number, so I made one up (sorry to whomever that is).
Good lord!
Okay, fine.
Then a screen asking if I'm interested in any of the following optional promotional items, select “Yes” or ”No” for each one. I answer “no” to each one, and then I'm informed that I need to answer “yes” to at least one of them.
So much for optional.
I pick one (I think it was for a motorized wheelchair) and get yet another screen of “optional promotional items.” Same story, I have to select “yes” to one of them. A third page of “optional promotional items.” This time, I disable Javascript so I can answer ”no” in peace. Next page comes up saying I need to enable Javascript and a “submit” button, and nothing else.
I can't get past this screen, so I re-enable Javascript, and hit
“submit.” Now I get a page asking for my preference for cancer
sticks cigarettes (really? Did I say “yes” to cigarettes?).
Sorry, I don't have one. I de-select the “I certify that I am of legal age” checkbox and hit submit. I then get the following:
There were errors in your submission:
- The 'Optin to Receive Mail' field is required
- The 'USUAL BRAND of cigarettes' field is required
- The 'Usual Brand Style' field is required
- The 'USUAL BRAND menthol?' field is required
- The 'USUAL BRAND of cigarettes 2' field is required
Electronic Signature*
Please enter your name and address as they appear on your driver's license or official ID:
No! While yes, I am of legal age to consume tobacco products, I do not want to receive offers, premiums, and/or coupons from a tobacco company. And yes, I do understand that giving false information in order to accept these offers may constitute a violation of law, but I don't want the offers! I just want my results.
There simply is no way on this page to say “No thank you.” So therefore, I am unable to continue, and get my results.
Oh, and the quiz?
It's the “How Smart DUMB Are You?” quiz.
Sigh.
To my MyFaceSpaceBook peeps: I love ya, but I'm simply going to ignore all virtual gewgaws from now on. Just saying …
Wednesday, March 11, 2009
I'm a bit upset that they didn't cover Nine Inch Nail's “Head Like A Hole”
In his spare time, Gregory sings in a jazz band. Tonight, Bunny and I went to see him do his 'Ol Blue Eyes impression.
As far as I can remember, every opening act I've seen has been terrible, including tonight. The less said about the orchestral band that opened, the better (I see I have written “I've died and gone to a middle school recital” in my notes for the night; Bunny told me not to be so critical, and I shot back “Why is this better than Songsmith?” She conceeded that I did have a point).
The jazz band was excellent, and so was Gregory (he had his jazz hand techinque down cold), singing out the standards and getting half the crowd there up on the dance floor, and a fun time was had by all.
MTV's The Real World: “Delivery from Angst”
You know the drill. MTV. The Real World. “Delivery from Angst.”
The gang has to put on a show, but first Mickey Rooney Scott and Judy Garland Katelynn have to learn to work together.
Once the show is past (although not without some angst from JD and Chet), Scott and Katelynn have to realize they're not on the set of “War of the Roses.” Both appear to be reliving their high school years in this episode; Scott upset that Katelynn decided to work (as a go-go dancer) instead of coming to his birthday party; Katelynn is freaking out because she has no money what-so-ever, and thus has to work (although it would help if she actually got paid). Things go downhill from here.
This very special episode of The Real World eventually ends with Scott and Katelynn realizing their friendship is worth more than some angst, and Scott offers to help Katelynn through her financial troubles with a sizable loan.
Is this show over yet? Why hasn't anyone gotten voted off the island?
Why am I still watching?
Saturday, March 14, 2009
Because it's there
Bunny and I got up early today, way early, to head on down to Shark Valley for a 15 mile bike ride.
Why?
Because we're stupid, that's why.
Or masochistic.
Quite possibly both.
Anyway, this whole thing started a few months ago when Kurt first proposed the idea in January. Much to everyone's surprise, I decided to go along. At the time, Bunny suggested that I might want to try riding a bike a bit first, seeing how it's been almost twenty years since I last did any serious bike riding.
It didn't go well. Maybe
five four miles worth of riding around the neighborhood, and I
was practically dead. And surprised at just how hilly the streets are
around these parts of Chez Boca.
But the trip was put off. And bumped. And postponed. And delayed.
Until today.
Woot.
We arrived at Shark Valley at the ungodly hour of 8:30.
Kurt did warn us that the bicycle seats would become unconfortable towards the end of the ride, so Bunny made some seat cusions for our bikes. Unfortunately, they were too thick to be effective so we ended up not using them at all.
Now, the loop runs north/south, with the western edge (outbound, away from the visitor's center) a straight seven miles long, and the eastern edge (inbound, back to the visitor's center) a curvy eight miles. And on Google Maps, it doesn't appear all that daunting.
But the map is not the territory.
The first half the ride wasn't bad. The road was flatter than paper and the wind was slowly blowing mostly across the path. Optimum biking conditions.
A few hours later, we arrived at the half-way point, an observation tower at the southern end of the loop. A nice sturdy structure with easy access to the main level.
We spent perhaps half an hour resting, munching on some snacks (walnuts, raisins, pretzels, mini-chocolate bars) and gulping down water. The view from the observation deck was impressive, but the stairs leading up to the very top were closed off for some reason—perhaps for safety.
The other half of the trip, the trip north back to the visitor's center was horrible. The bicycle seat suddenly got rock hard and I found it very difficult to sit down for any length of time. Shame, since the wind was now coming from slightly behind us, making it all the much easier to ride. In fact, the only thing that really hurt at this point was my butt. My legs? Fine. Back? Fine. Butt? Screaming at me to get the XXXX off the seat.
I was never so glad to see the parking lot after eight long miles.
“Pain? Try aspirin.”
Oh My God! The Pain! The Pain!
Aieeeeeeeeeeeeeeeeeeeeee!
Monday, March 16, 2009
I'm now down to whimpering and silently sobbing to myself
I'm feeling better now. Plenty of water, aspirin and the constant shots of morphine have done me well. The pain has now subsided enough that I can drag myself around the house without the screams of agony.
Wednesday, March 18, 2009
MTV's The Real World: “Saving Private Ryan”
Another Wednesday, another MTV's The Real World and another week where I ask myself, again, why I'm even bothering to watch the show anymore. Ostensibly, it's because Katelynn, who I know, is on the show, but she gets so little screen time that frankly, I wouldn't miss much if I didn't watch the show.
But I did, and if I'm suffering, so are you.
So, this week: “Saving Private Ryan (how about that—MTV's title is better than anything I could come up with).
As if we couldn't see this happening from a mile away (Bunny: “the show is scripted! Scripted, I tell you!”) Ryan, just after Election Day (although frankly, the temporal liberties they take, only the cast know for sure when this happened) gets a call from his brother that “The Paperwork” has arrived—his orders calling him back into service.
There's also Ryan's film “No More Tomorrow,” which the less said, the better (“bad” comes to mind, so does “cliché” and “predictable”). And I'm sure that if Ryan didn't have a girlfriend, he and Baya would have become “roommates” by now (that is, if they haven't already).
The real shock this week was that Chet and Scott both came out of the closet. Chet wasn't so surprising really, but Scott? Republican? It's amazing that both of them weren't lynched in a predominately pro-Obama household. I give them both kudos for coming out on national television.
Tuesday, March 24, 2009
Rube Goldberg would have love modern software development
“In a system of a million parts, if each part malfunctions only one time out of a million, a breakdown is certain.”
Stanislaw Lem
“Project: Leaflet” is a web based application written in PHP, so there's a dependency on a webserver (in our case, Apache) and PHP itself. There's also a database involved, so throw in MySQL, and, oh heck, Linux to run the whole mess, and you have a pretty standard LAMP stack going on.
Although in our case, we use PostgreSQL (and yes, I have two active versions of “Project: Leaflet”) so that means we have a pretty standard LAPP stack going on.
Now, “Project: Leaflet” is designed to help manage mass emails, like a
newsletter, or a product announcement, or perhaps to notify customers of an impending company name
change, so it requires an SMTP server of some sort. At first we used whatever
SMTP server came
with the distribution of Linux we used (at first sendmail
but now we also use
postfix
).
Then came the automatic handling of bounced emails, which meant a bit more involvement with the SMTP server (sending emails to a particular address to a program). It also meant parsing the incoming message and given that there really isn't a standard for bounce messages (or rather, quite a few, take your pick) the stock configuration for the SMTP server wasn't going to cut it anymore.
First off, we needed to enable address
extensions, and at least under postfix
, that's just adding
one line to the configuration, but it's still a change from the default
install (such a configuration may be enabled by default under
sendmail
, but we don't run “Project: Leaflet” with
sendmail
, so it's a moot point). The point of the address
extension is to encode the outgoing email address in our return address so
we don't actually have to parse the body of the bounce.
It also helps with handling confirmation replies.
But there's still the issue of parsing the headers from the incoming
email, and well, I know procmail
, and I know that's what
it's there for, to help in dealing with incoming emails. I mean, it's there
right? (Well, actually, not by default any more. And that means yet more
changes to the SMTP configuration to enable procmail
processing). And yes, the syntax is horrible, but it's the very model of
clarity compared to some other syntaxes you come across on a Unix system
(like, oh, sendmail.cf
anyone?).
So now the dependencies for “Project: Leaflet” are: Linux, Apache,
PostgreSQL, PHP, sendmail
or postfix
(with some
custom configurations) and procmail
.
Oh, and then there's the change from a few weeks ago, where I made it such that a single copy of the code can serve multiple instances (clients) on a single server. I did that not to save disk space (heaven's no! The uncompressed source code doesn't even come close to a megabyte of disk space) but administrative overhead—I can update the code in one location per server instead of, say, 25 individual copies.
But that necessitated some changes in layout and assumed locations of files and well … let's just say that while a company could take our code base (and at one point the topic of releasing the code as Open Source™ did come up), it's less and less likely that an average website owner would be able to install this program, given the dependencies and somewhat custom configurations made thus far.
Now, this version (the “Install Once And Use Everywhere On A Server” version) mandated yet another “feature”—support of a per-client IP address.
We have the IP addresses. No problem there.
And Linux supports multiple IP addresses. No problem there.
And Apache supports multiple IP address. No problem there.
sendmail
/postfix
support multiple IP addresses. No probl—
Uh … hold on a second …
Er, mu.
Incoming email isn't an
issue—sendmail
/postfix
can be set up to listen
on all interfaces. It's outgoing email that's an issue.
See, it's all too easy for certain ISPs to blacklist IP addresses that send an excessive amount of spam (and that happens to us all the time), so if that happens, we want the customer's assigned IP address to get banned, and not the IP address of the server (otherwise, all our customers on said server have “an issue”).
But, when sendmail
/postfix
send email, they use
the default server IP address,
which isn't what we want.
So, mu.
After some searching, we found that exim will do what we want (great! Yet
another SMTP server we need to learn and support), but not out
of the box (nor will it support address extensions, virtual hosts or
procmail
, so there're quite a bit of configuration changes going
on).
So, this little PHP app I wrote requires Linux, Apache, PHP (of course),
PostgreSQL, exim
and procmail
. Talk about your
debugging nightmare.
Today, I spent several hours tracking down an issue where emails were
being sent out via the server's primary IP address and not the client's IP address. That meant I had to track
the issue through half the chain there, PHP, exim
and
procmail
. I ended up chasing (now that I look at it after the
fact) a potential red herring.
The problem was compounded by the fact that it worked for the test
account.
I fixed the issue by replacing the call to the PHP mail()
function (which calls the external program sendmail
—which
isn't really sendmail
but a simple replacement
provided by exim
, which injects the email directly into the
outgoing queue) with a bunch of PHP code that talks to the local email
server via SMTP.
That worked. Only later, I realized that the client was using the incorrect email address for sending emails, which was probably why the primary IP address was showing up when it shouldn't (and if that makes no sense to you, Welcome to My World!).
It certainly feels as if the modern web development world is held together with chewing gum and bailing wire (and we're all out of chewing gum) and nobody really understands what's going on underneath the covers (and frankly, are as scared of it as they are of seeing how sausage is made).
Wednesday, March 25, 2009
It's nice to see Joe Lo Truglio's career finally take off …
I've mentioned before that my friend Hoade made some films with actor Joe Lo Truglio when they were kids, but I just read the following on my MySpaceFaceBook page from Hoade's sister:
Joe Lotruglio fans—check out Carson Daly show tonight. Sean said they'll show the movies Sean & Joe made together as kids, with me as the “scared townfolk.”
That “Carson Daly show” would be Last Call with Carson Daly, but warning—it's on late, so fire up the DVR.
MTV's The Real World: “Viva Lost Wages”
MTV.
Yo, word! It's Wednesday. Time for “Viva Lost Wages”, Real World style.
Half the episode the cast spent worrying about saving Ryan's privates as he heads back towards Iraq, and the other half of the episode the cast spent all their money at an Atlantic City casino. It was especially upsetting to watch Katelynn blow over $600 at the blackjack tables, given how Scott saved her financially two weeks ago (show time).
Devyn, too young to actually lose her wages at the casino, lost her mind instead when she got a lapratdog, so, you know, she could be responsible and stuff. The only person who didn't lose anything was JD, who won about $3,000 as a slot zombie.
This show had better end soon, as by now, I would have voted everybody off the island, except for Scott, who seems to be the only genuine person there.
Thursday, March 26, 2009
Bummer
Well, Bunny and I watched “Last Call with Carson Daly, all mind-numbing thirty minutes of it.
No movies made as a kid. Heck, no Joe Lo Truglio. We checked the site, and yes, he was supposed to show up on Wednesday, but seeing how it technically was Thursday, perhaps that's why. But Thursday's show is yet to be announced, so we'll be recording that show, just in case Joe got bumped.
From gray skies to grey skies, using git.
This tutorial, then, will take a conceptual approach to Git. My goal will be, first and foremost, to explain the Git universe and its objectives, and secondarily to illustrate how to use Git commands to manipulate that universe.
Understanding Git Conceptually
I came across this wonderful explanation of git
. Reading through that helped clear
up some aspects of git
and I found myself merging and clearing
out a bunch of dead branches of my greylist daemon.
I then kept going, and decided to clean up the code a bit, by changing every occurance of “gray” to “grey” (yes, I can be a bit anal at times).
Which is a way to announce, the latest version of the greylist daemon (the “From Gray Skies to Grey Skies” version if you must know).
Friday, March 27, 2009
JAWS PARTY
Yup. “Last Call with Carson Daly bumped Joe Lo Truglio to tonight's show. It was an okay interview, but no homemade movies.
Joe did, however, plug his site where, if you poke around you will find the films of The Early Years (which, are amusing in that “middle school tastelessly amusing” type of way—and yes, when we were kids we didn't have no fancy schmancy digital video recorders with THX Surround Sound Recording™ capabilities—nope, we had steeeenking 3′40″ of silent Super8 film and we liked it, up hill, both ways, in the snow!).
The animation is my friend Hoade all the way (who also makes a few appearances in this magnum opus, by the way, along with Hoade's sister).
Don't say I didn't warn you.
I swear I heard someone once say that control panels supposedly made things easier
Sigh.
Just received the following ticket:
Client uploaded their own work on the site and need to change the document root for the domain: XXXXXXXXXXXXXX
Please set it from “/var/www/html/” to “/var/www/html/app/webroot/”
The site is on: XXXXXX
No problem, right? Just go into the Apache configuration file and change
DocumentRoot
for the virtual domain in question. Trivial.
Only, the server the site is on has a <shudder> control panel on it, and whenever there is a <shudder> control panel involved, even the most trivial of changes suddenly involves rocket science [I thought I wrote about redirects involving a control panel, but I've yet to find an entry that does. Guess what's coming up next? —Sean]
Just for laughs, I decided to change DocumentRoot
on the
virtual site in question and make a change via the <shudder>
control panel and just as I expected, my changes did not survive
Insipid
's mucking about.
A few searches revealed this bit of wisdom:
The following FAQ discusses how you can change httpd.conf on a per-site basis or globally such that the changes are not wiped out by XXXXXXXXXXX.
http://www.XXXXXXXXX/support/wpls/faqs/3.6.html
Wonderful! I thought. That's exactly what I need. I click on the link—
404
Oh, lovely I thought. I check the date on the answer I found, and
it's dated July 8th, 2002. I guess Insipid
doesn't
quite realize that cool URLs don't change.
So, I go to the Insipid
site and try searching on “FAQ”. The results of
that search were:
404
But I was at some subdomain of the Insipid
site. Okay, I went
to the main page, searched for “FAQ” and got much better results. Apparently, the
Insipid
subdomain uses some now dead search engine, while the
main Insipid
site uses Google. Ah, I see a link labeled
“Insipid
Forum—FAQ” and click that.
I'm right back at the main Insipid
page. Brilliant! Instead
of serving up a “Page Not Found” page, they simply redirect to the main
page. Wunderbar!
Poking around some more, it seems that the inspired leadership at
Insipid
has felt that there is no longer any need for any
forums at their site, and thus, it's gone. I keep getting the main
page.
So far, my searches have lead to pages that are either missing, or
selling support, or are simply nothing more than link farms—ah wait! It
seems Insipid
was bought out by the company Perpendicular.
Okay, try their site and look for “Insipid
FAQ”.
And nothing that will help me.
Oh wait, this seems promising:
Document Root Problem with Ensim
February 8, 2006
I am trying to point the default
/var/www/html
folder to a subfolder of the site. I am trying to acomplish this by doing the following:
# pico /etc/httpd/conf/virtual/siteXX
<VirtualHost XXX.XXX.XXX.XXX:80> ServerName XXX.XXX.XXX.XXX ServerAdmin me@mysite.com DocumentRoot /home/virtual/siteXX/fst/var/www/html/toanother/folder RewriteEngine on
# /etc/rc.d/init.d/httpd restart
After Apache restarts I am placed in the new folder structure, but the PHP code on the page is not being parsed.
I am at a loss as to what the problem may be. Any help is appreciated.
Okay … where are the answers? Answers? Um … answers? Nothing on that page. Go up one level, find the link to that page, and see “Replies: 0”.
Well XXXX! In three years no one has answered this person's cry for help!
On a lark, I decided to try the following:
GenericRootPrompt# ls -l total 20 total 20 drwxr-xr-x 2 admin229 admin229 4096 May 27 2008 cgi-bin drwxr-xr-x 9 admin229 admin229 4096 Mar 25 01:06 html drwxr-xr-x 2 root root 4096 May 27 2008 icons drwxr-xr-x 2 admin229 admin229 4096 May 27 2008 interpreters drwxr-xr-x 2 admin229 admin229 4096 May 27 2008 usage GenericRootPrompt# mv html html.orig GenericGootPrompt# ln -s html.orig/app/webroot/ html GenericRootPrmopt# ls -l total 20 drwxr-xr-x 2 admin229 admin229 4096 May 27 2008 cgi-bin lrwxrwxrwx 1 root root 22 Mar 27 16:19 html -> html.orig/app/webroot/ drwxr-xr-x 9 admin229 admin229 4096 Mar 25 01:06 html.orig drwxr-xr-x 2 root root 4096 May 27 2008 icons drwxr-xr-x 2 admin229 admin229 4096 May 27 2008 interpreters drwxr-xr-x 2 admin229 admin229 4096 May 27 2008 usage GenericRootPrompt#
It was a nice try, but it didn't work.
Can somebody remind me why we're using control panels?
It's the simple things that are impossible to do
I briefly mentioned in my last post something about <shudder> control panels and redirects requiring rocket science. It's true.
Several months ago a client wanted to improve their search engine rankings with Google. Their current configuration at the time was:
<VirtualHost 10.10.10.10:80> ServerName www.example.com ServerAlias example.com ... </VirtualHost>
Their site reponds to both www.example.net
and
example.net
, and while we can see they're the same
site, technically speaking, search engines treat them as two
separate sites. In fact, they pretty much have to, as they're, again,
technically, under two different names and in theory, there could be a
different site under each name.
Now the problem—while Google can probably figure this out, there's no
indication to Google as to which “site” is the proper location, so it
calculates the page rank for example.net
separately from
www.example.net
, thus diluting the pagerank for the entire
site.
There is a way of telling Google which site is considered “the site” and it involves redirecting requests at “the lesser site” to “the site.” The easiest way of doing this, using Apache, is:
<VirtualHost 10.10.10.10:80> ServerName example.com Redirect permanent http://www.example.com/ </VirtualHost> <VirtualHost 10.10.10.10:80> ServerName www.example.com ... </VirtualHost>
And now every request to a page at example.com
will
be redirected to “the site” at www.example.com
. Simple,
trivial, and therefore, impossible to do via a control panel!
When I tried that very method on the webserver (which has a <shudder> control panel on it), I broke the entire webserver!
And sadly, there is no option to set this up under the
<shudder> control panel. Sure, you can set an alias for the
site, but that gets slapped under the ServerAlias
directive,
which is not what the client wanted (as that's what the client had currently
and wanted changed).
We got it working, but it involves a secondary webserver (without a XXXXXXXXX control panel on it) and changes to DNS files. Here's how it works.
The client tells us which address is “the site” and which should be
redirected. For our example, we're redirecting example.com
to
www.example.com
. We then edit the DNS file for their domain and set the IP address for example.net
to our non-control panel webserver.
Then, on our non-control panel webserver, we add:
<VirtualHost 10.10.10.10:80> ServerName example.com Redirect permanent http://www.example.com/ </VirtualHost>
to the configuration. It works, and it's only slightly Rube Goldbergesque.
And yes, there's a solution that could be done on the server
with the <shudder> control panel, but that involves mucking
with mod_rewrite
(and the horrors involved in debugging
that) and .htaccess
files, so it's a toss-up which method
is more Rube Goldbergesque.
Saturday, March 28, 2009
“I take out your units before your units take out my units before they take out your units.”
Achron is the world's first meta-time strategy game, a real-time strategy game where players and units can jump to and play at different times simultaneously and independently.
Over a year ago I mused about making a computer game involving time travel, but it seems, a group of programmers have gone ahead and made a game where pieces can travel in time, and from the videos, it looks like they've done a great job with the user interface.
Q. Dude, paradoxes?! You know, grandfather paradox, units fighting side by side?
A. Paradoxes can exist, but since the window of time is limited (e.g., an 8 minute window) all events eventually fall off. A paradox will oscillate between its different states until one of the states reaches the edge of the time window, leaving the players locked into one of the two states. Example: in the case of the grandfather paradox (where you use a factory to build a tank, have the tank time travel to before it was built, and then use it to destroy the factory) you will play with the paradox until it 'falls off' the time window, at which point there is a 50/50 chance of either the tank lives and the factory is destroyed, or the factory remains and the tank was never created. All paradoxes are nicely resolved with time.
Q. How stable/buggy is this game? I can't imagine a game engine this complex without bugs!
A. Very stable. We have taken QA extremely seriously because of how complex time travel is, and we have been testing multiplayer games for 4 years.
Q. Is it true that I can keep sending units back in time to have them fight along side themselves and duplicate an entire army?
A. Yes you can, but not without consequences. It costs chronoenergy to command units from the past to travel further into the past, and obviously you use more chronoenergy to control more units in the past. Also you are using up your playing time to manage this instead of building units or controlling your armies. And finally, if the original 'parent' units are damaged, the time traveled version will wind up being damaged and if the original units are destroyed and don't travel back in time, you wind up undoing the entire cycle.
Q. My head is exploding already. Are you sure this is easy?
A. Yes, though grandfather paradoxes are the most complicated aspect of the game, they don't tend to happen much in actual gameplay. The rest is super quick to learn. It's like learning to use a DVR control to rewatch a tv show or using your DVD control to jump around chapters in a movie - once you start using time travel it's really simple, but if you've never picked up a remote controller before, those play and 'next-chapter' buttons look scary. We've been play-testing for 4 years and have learned how to make this game accessible, taking people who never played an RTS before and have them effectively using time travel 5 minutes into the game. We do this by unveiling time travel gradually to the player, so you are not fully thrust into it right away, but can learn to play it one step at a time.
Cool … just way cool …