Linux File Permissions Best Practices August 27, 2009 No Comments

Hey all you Linux users, web site uploaders, and people who occasionally have to touch a Linux box despite your confusion or repulsion,

Here’s an APB on what not to do with file permissions.

-rw-rw-rw- permissions are from Satan. That’s why they are written as 666. -rwxrwxrwx is worse because it’s editable AND executable. And drwxrwxrwx is worse still, because it means that ordinary users may be able to break your machine with “while [ true ] ; do cat bigfile >> biggerfile ; done” (which is why /tmp is in its own partition on a “serious” server).

So, if you are installing a web application and you want the web server to be able to change files, then set the files to be owned by the user that the web server runs as. (I’m going to assume the username is “www-data”, but yours may be “apache” or “httpd”.)

If you want to own the files, and you want “www-data” to be able to change them, then set the group to “www-data”, and make it group-writeable.

And if you want “www-data” and a few special friends to be able to change the files, then create a new group called “www-data-and-friends”, and add them to it.

World-writeable is not OK. Think hard about what you are trying to do, and come up with a smarter way. Or learn how to use ACLs (”man acl”). Or just put the root password in a file called “ROOT_PASSWORD_HERE_EVERYONE” and let someone make the file world-writeable, so that you don’t have to incriminate yourself.

Yours in making the the world a safer place for those who just don’t know, so that it is only the truly stupid who fall prey to accidents,

N.

2 Things about Flex… August 23, 2009 No Comments

We’ve been developing a visually complex Flex app in the last couple of weeks or so. Its not complex from an ‘enterprisy’ type view, but it does have to achieve a few things visually which have been a challenge. I’ve really enjoyed developing in Flex so far, but have found a few issues which I didn’t expect to find in such a well presented set of development tools. It’s almost as if, just as I’m moving forward, someone yanks the carpet out from under me…

Flex comes with a number of pre-built container components… things like ‘Canvas’ and ‘HorizontalList’. These containers are the basic building blocks of your app. Each one is designed to be used in different situations. The HorizontalList is suited to a series of items, presented horizontally. Since it is commonly bound to an Array or ArrayCollection object, it often has more items in it than can be displayed at any one time. So you have a scroll bar… you also have the ability to scroll the list along by creating a handler for the click event and listening out for a click and firing off a ’scrollToIndex’ function, which the name suggests, scrolls you to the relevant item. Thats great, except that the scrolling isn’t your gentle glide to the next item. Its just sort of yanks it over. My application calls for a little more finesse… some gentle scrolling. Impossible. Or so it seems at first. You have to completely re-engineer the HorizontalList to accomodate smooth scrolling. Its a bit of a job, and others have done it before,  but its really one of those things you would expect to have built in. I implemented the HSmoothBox, and then found out that it only accomodates identically wide items if you’re loding them dynamically. Argh! Back to square one. Eventually I modified the HSmoothBox to accept a width parameter, and now I have smooth scrolling! As it turns out, smooth scrolling was left out of Flex 3 because the developers couldn’t put it in, in time… so here’s hoping its gets included soon…

The next frustrating issue I had, was that there appeared to be no discernable way to make a button’s background transparent, short of completely re-skinning it. This is a real annoyance, since every other element in Flex has an ‘alpha’ or ‘backgroundAlpha’ property. Such a simple little thing… and the solution entails jumping through multiple hoops and doing backstroke through a minefield.

I completely understand that there might be complex technical reasons behind why these features were not included, but really, software ought to fulfil the user’s expectations of what can be done. Every component has a property to make it’s background transparent… except the one you want to make transparent…

How To Manage Configuration Files With Subversion August 3, 2009 No Comments

Configuration files get changed every time you install an instance of a project. Then they sit there, annoying you every time you do a commit. OK, maybe not you. But certainly me. Here’s how to ensure they never get in your way again.

There are two aspects of this principle:

  1. Use configuration templates
  2. Ignore configuration files

Also useful is the idea of a versioned ignore file, which will help you with things like generated or compiled files.

Setting Up A Config File In A New Project

First copy your current config file to a template. Then add it to Subversion.

$ cp config.php config.template.php
$ svn add config.template.php

Now delete your old config file.

$ svn remove config.php

Next you need to ignore config files from here on. We’ll use an ignore file for this, so that we can ignore other files, and easily manage what we are ignoring.

Create a file called .svnignore in the root directory of your project. Add “config.php” to it, and any other files you’d like to ignore. I like to ignore my Komodo Project File too. e.g.

config.php
THIS_PROJECT_NAME.kpf

And tell Subversion to ignore the files listed, and add the ignore file.

$ svn propset svn:ignore -F .svnignore .
$ svn add .svnignore

Then commit.

$ svn commit -m "Now ignoring config"

Converting An Old Project

If you follow the instructions above, and you update an installation, you will end up deleting your config file. Oops! To avoid that, FIRST WARN ANYONE WHO MIGHT END UP WITH A DELETED CONFIG FILE, and when you update, do a quick switcheroo.

$ cp config.php config.tmp.php
$ svn update && mv config.tmp.php config.php

References

That New Machine June 16, 2009 No Comments

Recently, my primary workstation collapsed in a heap. When power was applied, no lights or whirring sounds. I diagnosed a dead motherboard (power supply was fine). Time for ‘The New Machine’.

Putting together a new workstation, and in particular one on which you do a bit of gaming, has to be considered carefully. You want the newer and therefore faster technology, but not the top ofthe line, super expensive hardware that costs disproportionately more. Theres a level of hardware, just before it gets ridiculously expensive, that affords great value. So I went on the hunt.

The first thing to decide, is your processor, this will determine a fair number of your future options. I looked at the higher end Core 2 Duos, but decided to reach up and grab some of that i7 core goodness. The i7 is Intel’s new chip architecture… with any luck, the future of Intel chips. Its blisteringly fast and runs 4 cores, which equates to 8 threads running concurrently.  (Linux identifies each thread as a processor, although its not quite the same thing.) Having decided to get the chip of the future, I moved onto motherboards.

Amongst the various suppliers I researched, I found a total of 3 i7 core motherboards as options. Obviously not yet totally mainstream. On a motherboard, you’ve got a number of decisions to make, particularly whether you’re happy with onboard graphics or whether you’re going to add a graphics card. After reading through a number of reviews, I settled on the DX58SO from Intel. Intel motherboards are a pleasure to set up and are super reliable. This board is designed as a workstation board. It has no onboard graphics, but that wasn’t a problem, since I was aiming for a addon card. DDR3 RAM was also an attraction… significantly faster than DDR2.

The graphics card was the cherry on the top. I’m an Nvidia fan… good drivers for Linux. The GTX275 is a card that Intel added to the market after losing out to a significantly powered ATI card which was reasonably priced. Because it came after the GTX280, it has most of the technology contained in the formidable GTX295. The GTX295 is of course basically 2 cards smacked together. The GTX275 is apparently half of the GTX295 sandwich. Needless to say, the price point is perfect if you are looking for bang-for-buck. Its a big card, 10 inches by 4 inches… the DX58so suffers from a small fault, in that an installed PCI express card, sits right on top of 2 of the SATA ports. (Solved by using a 90 degree elbow piece on the SATA.)

RAM-wise, I chose 2 2GB dimms. I’m sure I’m under-utilising the entire system by not running 64 bit OSs, but for the moment everything is running fantastically. The DX58so has 4 slots for RAM, but runs optimally with 3 DIMMS. Again, since 32 bit OSs can’t access more than 4 GB of RAM, this is moot for now.

So far, the machine displays nothing but sheer power. Kubuntu breezes along like nothing else. All applications load in a few short seconds. In windows, I have installed and played Flight Simulator X (with DirectX 10) and Armed Assault (one of my favourite games.) Both of the games are very graphics intensive, particularly FSX. FSX runs smoothly with all settings on high. So does Armed Assault. In the past, a small battle in Armed Assault, would grind the machine to a halt… now, it just cruises… and I can actually aim properly at fully automatic. Its an absolute pleasure.

I was a bit worried about the noise of 5 fans running… but so far, this machine is the quietest one I’ve ever owned. In summary… this is a great combination of hardware….

MonoRail StringClob fix June 9, 2009 No Comments

I am currently writing an application in C# (2.0) that uses SQL Server 2005 as a data store and, for my sins, I am sticking an ASP.NET interface onto the front of it.

To make life a little more bearable, I am using Castle Project’s well-considered MonoRail framework with their ActiveRecord ORM. I would have looked at Microsoft’s cheekily-named MVC framework, but it wasn’t ready at the start of the project to be a consideration for me.

I also looked to see if I could use Django with IronPython and SQL Server, but although Microsoft has done it, I didn’t consider the combination to be remotely production grade. I do hope it gets there, because I think Python is a great language, and well suited for web-related work, and Django is just lovely. For those who need to build a web interface on .NET with SQL Server, it would be the most enjoyable way, and probably the fastest to code.

Of the bits of C# and MonoRail I’ve got stuck on, all but one are a result of my newbiness. This post is about that one.

In MonoRail with ActiveRecord, C# strings are stored, by default, as NVARCHAR(255) in SQL Server, if you create your schema using your classes. For big strings, you can use the PropertyAttribute’s ColumnType property, as described in its ActiveRecord documentation. It does NOT, however, behave as advertised. It does not set the database type to Text.

I found three solutions:

Firstly, for strings where you know the length will be less than 4000 characters, use the Length property of PropertyAttribute. e.g.

[Property(Column = "reguser_bio", Length = 500)]
public string Bio
{
get { return bio; }
set { this.bio = value; }
}

This will result in an NVARCHAR(500) field.

Secondly, for strings of unknown maximum length, use the SqlType property instead. In SQL Server 2000, you probably want the NTEXT type. In SQL Server 2005, you probably want the NVARCHAR(MAX) type. (To see why, read this.)

[Property(Column = "thesis_content", SqlType = "NVARCHAR(MAX)")]
public string Content
{
get { return content; }
set { this.content = value; }
}

And thirdly — and this was the first solution I found, and I consider it the ugliest — you can manually alter the field type. It’s what Garth Williams suggests in his blog. I extended the ActiveRecordMediator class to do it.

public class ApplicationActiveRecordMediator : ActiveRecordMediator
{
public static void FixStringClobFields(string Table, string[] Fields)
{
// Build SQL string
string sql = “”;
foreach (string Field in Fields)
{
// From SQL2005, use NVARCHAR(MAX) instead of NTEXT
sql = sql + String.Format(@”
ALTER TABLE {0}
ALTER COLUMN {1} NVARCHAR(MAX) NULL; “, Table, Field);
}
// Execute SQL
ConnectAndExecuteNonQuery(sql);
}
public static void FixStringClobField(string Table, string Field)
{
string sql = String.Format(@”
ALTER TABLE {0}
ALTER COLUMN {1} NVARCHAR(MAX) NULL; “, Table, Field);
ConnectAndExecuteNonQuery(sql);
}
private static void ConnectAndExecuteNonQuery(string sql)
{
Execute(
typeof(ActiveRecordBase),
delegate(NHibernate.ISession session, object data)
{
IDbConnection conn = session.Connection;
IDbCommand cmd = conn.CreateCommand();
session.Transaction.Enlist(cmd);
cmd.CommandText = sql;
cmd.ExecuteNonQuery();
return true;
}, null);
}
}

Choose whichever suits you, but I expect that in future I’ll probably be going with option 2 for arbitrarily long strings.

The Difference Between Flex and Flash May 28, 2009 No Comments

Today I have been exploring the world of Flex/Flash development. The first question that usually gets asked is “what is the difference between Flash and Flex…” Well, interestingly, the difference is primarily in the development paradigm. Essentially the end result is the same, usually a ‘.swf’ file playing in a browser or running using Adobe AIR or as a standalone file.

There are a number of products and technologies involved at a very basic level.Firstly, the original Flash program. This is a package aimed primarily at designers and animators. It uses the ‘movie’ analogy and a drag and drop interface, much like a drawing program, to allow you to create and then export as a ‘.swf’ file. Flex Builder is an Eclipse based IDE designed to be more functional to the programmer. It has all the usual  IDE elements, and in fact also includes a basic ‘design’ view, which includes some drag and drop functionality. In Flex Builder, you develop primarily in ‘mxml’. This is a markup language a bit like HTML, but seemingly more organised. You build applications by adding tags which represent components, which are styled by the equivalent of style sheets. Running through these two apps like a thread, is Actionscript, the ECMAScript based programming language used to manually program SWF files. The two applications don’t require you to write any Actionscript, but when your application gets a bit more complicated, it starts becoming necessary. You can include Actionscript in your Flex Builder apps by adding ’script’ tags, a bit like you would Javascript in an HTML file.

The final option for Flex development, is the Flex SDK. You can download it for free. The SDK gives you a number of command line tools, which appear identical on Windows, Mac and Linux. The tools allow you to compile SWF files from handwritten Actionscript files. This allows you to use your text edite/IDE of choice. It is also the only way to build  a Flex application without buying expensive development tools from Adobe.

In summary, Flash is more suited to non-programmers and Flex is  more programmatic in it’s approach.They are capable of producing the exact same result, just through different methods.

Adobe Flex builder no longer on Linux… May 27, 2009 No Comments

This might seem like old news, but its actually just rare news, more than old. Did you know that Adobe was developing a Linux version of Flex builder? They have put the project on hold according to this artice: http://gruchalski.com/2009/04/22/flex-builder-3-for-linux-on-hold/ What is interesting here is that Flex builder is a plugin for Eclipse which runs on Java, so theoretically there can’t be a whole lot different between the Linux and Windows version of the plugin, surely? Okay, granted, there will be differences, but they can not possibly be so dramatic that you can’t develop all three?

Its a set back for Linux to see this happen. Go to http://bugs.adobe.com/jira/browse/FB-19053 this instance and vote the bug up!

ini_set() Can be your friend… May 18, 2009 No Comments

Just BTW. If you ever have that annoying ^M end of line issue in a php script, say someone created a CSV file on a windows machine and your script refuses to open the file as multiple lines… try this setting

ini_set('auto_detect_line_endings',TRUE);

It’ll auto detect not only MSDOS new line characters, but also Mac ones. This is normally set to FALSE by default. Oh, and you have to do this before you open the file. Duh.

The ^M problem occurs because DOS uses the pair “0×0A0D”  which are CRLF (Carriage Return and Line Feed) instead of the Unix “0×0A”  or CR (Carriage Return).

Kubuntu 9.04 with KDE 4.2 is smooth May 14, 2009 No Comments

In the past I have normally downloaded a pre-release version of Ubuntu or Kubuntu, and played with it a little. Linux is an exciting operating system to use, and especially the Ubuntu family with its frequent releases. (It’s like having two more Christmases a year.) And I really enjoy watching its progress.

But when it came to Ubuntu 9.04, “Jaunty”, I was just too busy to check it out before the release. So a couple of days ago I set my Kubuntu partition downloading the upgrade overnight, and then finished the installation at lunch time the next day.

And oh how sweet it is. KDE 4.2 is lovely.

KDE 4.2 desktop

KDE 4.2 desktop

Firstly, the panel. It is looking smooth, and neat. It is slightly narrower by default than previous versions of KDE 4, and it is more transparent, so it looks less austere than the black panel of previous releases. Also, the system tray has smaller icons, and they are slightly recessed, which is much neater.

(The weird flicker produced by a combination of the KDE 4.0 / 4.1 panel and my old NVidia card driver (nvidia-glx-173) has been resolved, either by some detective work on the part of the KDE or Xorg team, or as a side effect of the new-look panel. This might never have affected you, but it does make me happy.)

My Firefox, Thunderbird and Sunbird (so XUL I guess) scrollbars are working beautifully, which, despite clicking “Install scrollbar fix…” in System Settings / Appearance / GTK Styles and Fonts, never looked quite right before (… which could also have been a result of NVidia driver oddity, I’m not sure. But I am sure glad that everything looks so well finished).

In the past I’ve fluctuated between Gnome and KDE, usually returning to a Gnome home, but this month I’ve been using KDE as my standard desktop, to get that full-immersion feel for it. So I’ve been looking for KDE and Qt equivalents to some of the Gnome and GTK apps I’ve become accustomed to.

KDE’s Notes widget for sticky notes is nothing like Tomboy (and you could say it doesn’t try to be) so I’ve installed Tomboy here too. And I’ve chosen to use Getting Things Gnome as my task manager in KDE too. It has a great interface. In Gnome I rely on Project Hamster for keeping tabs on my time, and in KDE KTimeTracker does a very good job.

I do like Konqueror. I love Dolphin. Kate is great, and I use Kiki for regular expression testing in Gnome too.

I’m still getting used to Amarok (well, Amarok 2). It took a long time to move from XMMS to Rhythmbox, mostly because my XMMS playlists didn’t just appear as playlists in Rhythmbox, and because I organise my music using folders and not tags. But perhaps the transition from Rhythmbox to Amarok will be eased with Syncropated. I haven’t tried it yet, but it looks like it might make the switch smoother.

A client of mine (we’ll call him Fred) asked me about Linux yesterday. He has some Debian and Ubuntu web servers he’d like to become more familiar with. Fred’s a through-and-through Windows boy. He’s seen Ubuntu (with every possible Compiz setting enabled, and loads of Screenlets spread across the desktop) but he’s never used it. His techy has recently migrated to sunnier climes, metaphorically speaking, and is no longer around to answer Fred’s questions, so Fred has decided to jump in. I have suggested Kubuntu 9.04 would be a good place to start. I think KDE 4.2 is Fred-ready.

How to read a winmail.dat file May 7, 2009 No Comments

The other day I wanted to read an e-mail with an attachment called “winmail.dat”.

I’d seen them before, but I didn’t really know what they are, nor why Microsoft Outlook creates them.

It turns out winmail.dat is a package of e-mail attachments and RTF (rich text format) text. It is for Microsoft Exchange clients, and the RTF is so that e-mails can be nicely formated. It is created when you forward an e-mail with attachments in Microsoft Outlook. It has the MIME type “application/tnef”. (TNEF stands for Transport Neutral Encapsulation Format.)

Microsoft offers help on how to turn it off when sending Internet e-mails over here. But in my case I wasn’t the sender; I was the recipient, and I was still stuck with a useless binary attachment, and I needed a way to open it.

Yerase has created ytnef, Yerase’s TNEF Stream Reader, for those of us who use Linux. See below if you are a Mac or Windows user. At the time of writing this, the ytnef project’s homepage, http://ytnef.sourceforge.net, was having some trouble, but I just installed it using my distro’s package manager.

On Debian-based distributions, try

$ sudo apt-get install ytnef

or

# apt-get install ytnef

Save winmail.dat, and then extract the attachments it contains to the current directory with

$ ytnef -f . winmail.dat

Nice.

If you are a Mac user, check out Josh Jacob’s TNEF’s Enough.

For Windows users, I found the appropriately-named Winmail.dat Reader.

For Linux there is also tnef, ktnef, and an experimental plugin for Evolution.