Ever since Rails added support for declaring gem dependencies, there is really no (good) reason to use plain ol’ plugins.

Plugging Rack into Rails

Rails 2.3 has Rack baked in. It uses Rack for things like sessions and parameter parsing. But what if you want to add your own middleware to a Rails app?

The Meaning of Information Technology

The first commercial computer was the Lyons Electronic Office I and was used in 1951 to perform vast calculations pertaining to the making and consumption of biscuits. You see, after the war, J. Lyons & Co., a popular chain of British tea shops, was confronted with an appetite for pastries so astronomical (which is understandable given years of tedious disputes with Germany), that the human mind was incapable of solving unaided the problem of distributing tea cakes to their customers.

librelist.com

Librelist.com is a free as in freedom mailing list site for open source projects. It is a place for FOSS communities to discuss all the things they want without ads, censorship, signup requirements, bundled apps, or requirements that you use any particular email client or service.

Introducing Resque - GitHub

Resque is our Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later.

PersistentFS.com

PersistentFS is a fast and efficient POSIX-compliant file system that provides unlimited online storage in the Amazon Web Services (AWS) storage cloud. A PersistentFS file system can be mounted on any Linux computer connected to the internet and accessed like local storage. All data written to the file system is uploaded to Amazon S3 for reliable and cost effective off-site storage, while remaining instantly accessible. This allows you to take advantage of Amazon S3 using your existing software, without writing a single line of code.

CodeRack: Canonical Host

There are often times when you'll need to redirect requests for some domains or subdomains to a single canonical host. This middleware lets you specify the canonical host for your application, and will perform a 301 redirect for all non-canonical requests.

Rails Best Practices

[Nice overview.]

Why do we have an IMG element?

But none of this answers the original question: why do we have an element? Why not an element? Or an element? Why not a hyperlink with an include attribute, or some combination of rel values? Why an element? Quite simply, because Marc Andreessen shipped one, and shipping code wins.

gabriel's shrub

S3 Proxy for Google App Engine [Awesome.]

S3Hub: S3 Client (for Mac OS X)

View your S3 online storage, upload, download, set permissions, share with friends and more.

Official Google Blog: This week in search 10/30/09

On Wednesday, we rolled out our new music search feature, fully integrated into Google's web search. Now, when you search for a band, singer, song name, or album title, Google will recognize it and return a special music result on the top of the page. These new special music results do exactly what you want - they let you listen to the full song.

Traffic Server Podling Status Page - Apache Incubator

Traffic Server fills the need for a fast, extensible and scalable HTTP 1.1 proxy and cache. We have a production proven piece of software that can deliver HTTP traffic at high rates, and can scale well on modern SMP hardware. We have benchmarked Traffic Server to handle in excess of 35,000 RPS on a single box. Traffic Server has a rich feature set, implementing most of HTTP/1.1 to the RFC specifications.

Start-up studies: A pop quiz

There’s a classroom exercise that’s a part of the Stanford technology venture program hits its students with each year: If you had five dollars and two hours, what would you do to make as much money as possible?

One-handed computing with the iPhone

The easy single-handed operation of the iPhone1 is not one of its obvious selling points but is one of those little features that grows on you and becomes nearly indispensable. A portable networked computing and gaming device that can be easily operated with one hand can be used in a surprising variety of situations.

Netflix Everywhere: Sorry Cable, You're History

There are a million different ways for Netflix to fail. But that has always been the case. Netflix should have failed already, taken down by Blockbuster or Wal-Mart, kneecapped by Hollywood, made irrelevant by BitTorrent or iTunes. Yet time and again, the company has not only survived but quietly thrived—on the strength of its unique algorithms and its relentless focus on getting customers content they didn't even know they wanted.

Speaker's Tip: Don't tell the audience you aren't prepared

People take days off of work, spend hundreds on a conference ticket, travel for thousands of miles, and pay hefty rates for flights and hotels to come hear you speak, and you tell them you didn’t have time to prepare a talk? What’s cool about that?

Underscore.js

Underscore is a utility-belt library for JavaScript that provides a lot of the functional programming support that you would expect in Prototype.js (or Ruby), but without extending any of the built-in JavaScript objects.

The Y Combinator Startup School 2009 Summary

Y Combinator’s Startup School 2009 was an incredible learning experience for new and experienced entrepreneurs alike. There are ten talks. Here are their key points.

Module: Rack::Utils

Rack::Utils contains a grab-bag of useful methods for writing web applications adopted from all kinds of Ruby libraries.

Thoughts on the Whitehouse.gov switch to Drupal

Yesterday, the new media team at the White House announced via the Associated Press that whitehouse.gov is now running on Drupal, the open source content management system. That Drupal implementation is in turn running on a Red Hat Linux system with Apache, MySQL and the rest of the LAMP stack. Apache Solr is the new White House search engine. This move is obviously a big win for open source.

Things Caches Do

There are different kinds of HTTP caches that are useful for different kinds of things. I want to talk about gateway caches — or, “reverse proxy caches” — and consider their effects on modern, dynamic web application design.

WebSequenceDiagrams.com - Create sequence diagrams in seconds

Don't waste your afternoon drawing UML Sequence Diagrams. Just enter the description here, and click "draw". The SD/MSC Generator is an easy alternative to using mouse-centric tools like Microsoft Visio.

stefankroes's ancestry

Ancestry allows the records of a Ruby on Rails ActiveRecord model to be organised as a tree structure (or hierarchy). It uses a single, intuitively formatted database column, using a variation on the materialised path pattern. It exposes all the standard tree structure relations (ancestors, parent, root, children, siblings, descendants) and all of them can be fetched in a single sql query.

Treating User Myopia

When I said users don't read anything you put on the screen, I was lying. Users do read. But users will only read the absolute minimum amount of text on the screen necessary to complete their task. I can't quite explain it, but this kind of user myopia is epidemic. It's the same problem, everywhere I turn.

The Amazon Relational Database Service (RDS)

Today marks the launch of Amazon RDS - the Amazon Relational Database Service. Amazon RDS is a web service that makes it easy to set up, operate, and scale a relational database in the cloud. Amazon RDS handles all the "muck" of relational database management freeing up its users to focus on their applications and business.

Flickr! It’s made of people

We’ve launched People in Photos, a new feature that will help put a face to the Flickrverse and enable you to highlight members that you’ve photographed in a whole new way. People in Photos lets you add a member to a photo, find photos of people you know, and manage which photos you’re in.

How We Made GitHub Fast

Now that things have settled down from the move to Rackspace, I wanted to take some time to go over the architectural changes that we’ve made in order to bring you a speedier, more scalable GitHub.

Ruby Enterprise Edition Features Guide

With REE, one can tune the garbage collector’s behavior for better server performance. It is possible to specify the initial heap size to start with. The heap size will never drop below the initial size. By carefully selecting the initial heap size one can decrease startup time and increase throughput of server applications.

Passing environment variables to Ruby from Phusion Passenger

Some environment variables must be set before Ruby is started because the Ruby interpreter itself uses them. The RailsBench GC settings environment variables, which are now supported by Ruby Enterprise Edition, are examples of such environment variables.

Using the Nginx Memcached module with Passenger

Nginx, everyone's favorite speedy web server has a module to hook in directly to memcached. For those of us running Ruby servers behind nginx we can avoid hitting our running Ruby processes completely on a cache hit.

Surprises

Now, when coding, I try to think: “how can I write this such that if people saw my code, they’d be amazed at how little there is and how little it does”.

Railssummit Slides

Here are the slides of [Pratik Naik's] presentation at Railssummit 2009... about Rails focused tips/tricks.

Mint CEO Aaron Patzer on Startups

Mint CEO Aaron Patzer talks with entrepreneurs at a JuicePitcher event about the history of his startup, Mint.

Connecting to Multiple Databases Using ActiveRecord

You can call establish_connection with the key that points to another database config in your config/database.yml file

Shortwave

...is an extensible quick-search and shortcut bookmark. [Awesome.]

What problems does Google Wave solve?

It will probably take years before Wave fully penetrates large corporations and replaces the email systems everyone is used to. But it solves so many thorny problems with email that it might well manage to do so, where so many other tentative “email fixes” have failed.

21 Rack Middlewares To Turbocharge Your Ruby Webapps

In this post, we're going to highlight various Rack middlewares from CodeRack, an on-going Rack middleware competition...

hiddenloop's paging_keys_js

Keyboard short cuts for paging through listings one item at at time (and across entire pages). Inspired by the navigation at FFFFOUND!

This middleware catches requests that begin with “www” and redirects them to the more reasonable "non-www" address.

For example: http://www.example.com -> http://example.com

While such redirects might better be performed from within an Apache or nginx config, some hosts (i.e. Heroku) don't give you access to configure the server as such.

If you're unfamiliar with the no-www movement, the philosophy is simple. Websites should have a canonical address. This address shouldn’t begin with “www” because the use of "www" is unnecessary and wasteful. See http://no-www.org/ for details.

And, without further ado:

If you know what Rack is, you problably already know how to use this. Still, an example usage for a Rails app wouldn't hurt. Start by copying the above middleware into lib/no_www.rb. Then, configure your application to use the middleware by placing the following in config/environment.rb:

 
Rails::Initializer.run do |config|
  config.middleware.use “NoWWW” if RAILS_ENV == ‘production’
end

No more www.

As their docs describe, using Varnish is easy:

# This tells the cache (Varnish) to serve the page for 300 seconds (5 minutes).
 
class MyController < ApplicationController
  def index
    response.headers['Cache-Control'] = 'public, max-age=300'
    render :text => "Rendered at #{Time.now}"
  end
end

Simply setting the "Cache-Control" header like so allows you to serve up a page extremely quickly because requests completely bypass your application logic, database, and all of that related overhead and read straight from the cache.

If you're serving up the same page to all visitors, then setting up Varnish HTTP caching is a no-brainer. If you're serving up pages that are mostly the same for all users but have a custom header or something, you can still take advantage of the caching speed boost if you're willing to investigate the ins and outs of ESI and/or serving partials with Javascript. If you're serving pages that are different for each user, then you're out of luck :)

So, using Varnish for HTTP acceleration is great, but unfortunately for me the version of Ubuntu (8.10 intrepid) that we're using has a painfully out of date package in aptitude. If you're already running Varnish, you can check to make sure you're using a relatively recent release by running varnishd -V. If you see anything less than 2.0.4, you should seriously consider upgrading.

Thanks to the helpful people on the Varnish mailing lists, I was able to get things up and running by doing the following:

apt-get update
apt-get install subversion autotools-dev automake1.9 libtool autoconf libncurses-dev xsltproc quilt
cd /tmp
svn co http://varnish.projects.linpro.no/svn/tags/varnish-2.0.4
cd varnish-2.0.4/varnish-cache
dpkg-buildpackage
cd ..
dpkg -i libvarnish1_2.0.4-6_i386.deb
dpkg -i varnish_2.0.4-6_i386.deb

You can then use /etc/init.d/varnish to stop/start/restart the service.

But, we're not done yet. Since it took me a while to get the whole app server stack configured, I thought it might help someone else out if I covered the rest of the steps it took to get Varnish working properly with my Ruby application.

You can get nginx installed with Ruby Enterprise Edition and Passenger by following the excellent documentation on the Phusion website.

I might suggest, however, doing the installation like this in order to get the latest (secure) version of nginx. Even before that, you'll probably want to install Ruby Enterprise Edition, which I like to do the old fashioned way.

You may also be interested in this example nginx init.d config, which allows you to use nginx as you would if installed from a package. Make sure to consider doing some kind of log rotation with this kind of setup as well.

...

Now that you're using the fantastic nginx web server, you'll want to configure it to listen to port 8080, so that Varnish can listen to port 80 and forward any requests that aren't in its cache to the backend server (nginx). I'll just post the complete config we're using, and you can pick out the relevant details for your case.

Some interesting things to note is that this setup is configured to use Sinatra, the lightweight Ruby web framework. If the application throws an exception, we're routing to the /error page. We're also using various other settings that you may or may not agree with. The important part with regard to Varnish and nginx cooperating, however, is that you set nginx to listen to port 8080 in your config file. My config is located in /opt/nginx/conf/nginx.conf:

worker_processes 1;
pid /var/run/nginx.pid;

events {
  worker_connections  1024;
}

http {
  access_log /var/log/nginx_access.log;
  error_log /var/log/nginx_error.log;
  passenger_root /opt/ruby-enterprise/lib/ruby/gems/1.8/gems/passenger-2.2.5;
  passenger_ruby /opt/ruby-enterprise/bin/ruby;
  passenger_max_pool_size 10;
  include mime.types;
  default_type application/octet-stream;
  sendfile on;
  tcp_nopush on;
  keepalive_timeout 65;
  gzip on;
  gzip_comp_level 2;
  gzip_buffers 16 8k;
  gzip_disable "MSIE [1-6]\.";
  gzip_proxied any;
  gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

  server {
    listen 8080; # the important part!
    root /var/www/example/current/public;
    passenger_enabled on;
    passenger_use_global_queue on;
    rack_env production; # use rails_env for a rails app
    # serve static files without running more rewrite tests
    if (-f $request_filename) {
      break;
    }
    # disable site via capistrano (cap deploy:web:disable)
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html break;
    }
    # expires headers
    location ~* \.(ico|css|js|gif|jp?g|png)(\?[0-9]+)?$ {
      expires max;
      break;
    }
  }
}

Now, I'm fairly new to using Varnish, so perhaps someone can advise me about how to better configure things, but I'll cover how I did it. Varnish comes with a few example configs loaded up in /etc/default/varnish. I ended up using the following:

NFILES=131072
MEMLOCK=82000
INSTANCE=$(uname -n)
DAEMON_OPTS="-a :80 -f /etc/varnish/default.vcl -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G"

You can review the examples provided and see how you want to go about it, though.

Once you're all set with the general config, you'll need to provide a VCL config. I'm putting ours in /etc/varnish/default.vcl and it looks like this:

backend default {
  .host = "127.0.0.1";
  .port = "8080";
}

# Warning: read the following before using this config:
# http://varnish.projects.linpro.no/wiki/VCLExampleCacheCookies

sub vcl_recv {
  unset req.http.cookie;
}

The first part tells Varnish to forward any requests that aren't in its cache to a webserver running on localhost port 8080. That's nginx!

The second part unsets any cookies that are sent along with any requests. You won't want to do this unless you're serving the same pages for all users for your entire application. If you aren't careful here, you can very easily end up serving pages meant for one user to another. Be careful!

In my case this works fine because we're serving a site with no user-specific actions or views. It's all public. You're case might be different. Perhaps you can cache things like static files (images, etc) or certain areas of your application. Maybe you have a CMS with an admin interface that can't be cached, but with publically viewable pages that could be cached. I dunno. In any case, you should definitely read more about this on the Varnish wiki.

Finally, since we're using Monit to monitor the health of our systems, I'll throw in an example config that covers SSH, nginx, and Varnish. This Monit config would email you using a Google Apps Domain if there was a problem. You probably wouldn't want to use this as-is, but it should serve as a decent starting point for you to create your own. We've got the config in /etc/monit/monitrc:

# Alerts
set daemon 120
set logfile syslog facility log_daemon
set mailserver smtp.gmail.com port 587
    username "noreply@example.com" password "sldkjkfdsj"
    using tlsv1
    with timeout 30 seconds
set alert tech@example.com with reminder on 30 cycles
set httpd port 2812
allow example:slkdjlskdjflskjd

# SSH
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/ssh start"
stop program "/etc/init.d/ssh stop"
if failed port 22 protocol ssh then restarts
if 5 restarts within 5 cycles then timeout

# nginx
check process nginx with pidfile /var/run/nginx.pid
start program = "/etc/init.d/nginx start"
stop  program = "/etc/init.d/nginx stop"
if failed host 127.0.0.1 port 8080 then restart
if cpu is greater than 40% for 2 cycles then alert
if cpu > 60% for 5 cycles then restart
if 10 restarts within 10 cycles then timeout

# Varnish
check process varnish with pidfile /var/run/varnishd.pid
start program = "/etc/init.d/varnish start"
stop  program = "/etc/init.d/varnish stop"
if failed host 127.0.0.1 port 80 then restart
if cpu is greater than 40% for 2 cycles then alert
if cpu > 60% for 5 cycles then restart
if 10 restarts within 10 cycles then timeout

That's all folks!

Pomodoro

Pomodoro Desktop is a desktop application for Time Management on your Mac OSX. It is a simple but effective way to manage your (coding) time, and it's based on the Pomodoro technique

Clean CSS

Optmize and Format your CSS

Hacker News | GitHub's Unicorn Setup

[Interesting comments as usual.]

Picnik

Photo editing the easy way, online in your browser. Picnik makes your photos fabulous with easy to use yet powerful editing tools. Tweak to your heart’s content, then get creative with oodles of effects, fonts, shapes, and frames.

Unicorn! - GitHub

We’ve been running Unicorn for more than a month. Time to talk about it.

Munin

Munin the monitoring tool surveys all your computers and remembers what it saw. It presents all the information in graphs through a web interface. Its emphasis is on plug and play capabilities. After completing a installation a high number of monitoring plugins will be playing with no more effort.

On Gem Forking

So, GitHub has recommended Gemcutter as an alternative to hosting gems on GitHub...

Cloudvox

API-driven phone calls, in minutes (call your code: AGI/AMI, HTTP, Asterisk-Java, Adhearsion). Cloudvox is the most practical, stable, open environment for API-driven phone calls.

Gem Building is Defunct

We will continue to serve old gems at http://gems.github.com/ for at least one year. [New gems can't be built, though.]

* is Unix

Ryan’s I like Unicorn because it’s Unix appears to have started a mini-meme of folks writing simple forking network servers in their language of choice. I’m really enjoying reading ‘em — they’re a sort of Rosetta Stone of network code...

Chargify

Chargify simplifies recurring billing for Web 2.0 and SaaS companies.

Everything I know about Open Source I learned from Indie Hip Hop

Slides from an Aloha on Rails presentation.

FlipClock

Get the FlipClock Widget for your Dashboard!

nginx and varnish on Mac OS X

Since I'm a happy user of the macports collection already anyway, I let it do the 'heavy lifting' of actually installing nginx and varnish. In addition I provided a launchd startup item for varnish and also added a host entry for wahlcomputer to enable virtual hosting for nginx and varnish.

atmos's rack_hoptoad

A gem that provides exception notifications to hoptoad as rack middleware.

Ubuntu Intrepid - adding an Nginx init script

...let's go ahead and create one for easy control of Nginx, and to ensure it restarts on a reboot.

Generate gem.yml and .gems for Rails

A rake task which will generate gem configuration files based on your “config.gem” specifications in Rails. This comes in handy when deploying to Engine Yard, or Heroku.

Custom Chef Recipes with Engine Yard Cloud

One of the power user features of Engine Yard Cloud is the ability to use custom Chef recipes to install or configure anything that can run on Gentoo Linux that we have not already automated as part of the platform. This allows for extensive customizations of your environments and empowers you to run virtually all custom software you might need.

SHJS

SHJS is a JavaScript program which highlights source code passages in HTML documents. Documents using SHJS are highlighted on the client side by the web browser.

Getting ready for CouchDB 0.10

I’ve setup a local copy of CouchDB, from the 0.10 branch, just to see if my application code could handle its awesome powers. Here are my two big takeaways...

Paperclip, S3 & Delayed Job in Rails

Here’s how I use Paperclip (with storage on S3) and delayed_job to process images after they’re uploaded in the background.

Ryan Singer of 37signals - UI Fundamentals for Programmers

I gave a talk on “UI Fundamentals for Programmers” at WindyCityRails in Chicago last month. The talks covered modeling, breaking apps into screens, visual techniques, flows, and a few coding tips. [This is a great talk. Highly recommended viewing.]

Source code beautifier / syntax highlighter – convert code snippets to HTML

hilite.me converts your code snippets into pretty-printed HTML format, easily embeddable into blog posts and websites.

Keeping controllers empty with faux attributes - Momoro Machine

The barely any code way... use a fake attribute. Define an attribute setter on User, and then just make a small form in the view to set it.

Build it

The good innovation -- the innovation that makes the world a better place and builds real wealth in society -- that stuff is done by radically self-reliant creators who get their hands dirty. Not talkers. Not dreamers. Builders.

ActionRails

At ActionRails, we offer a variety of services designed to push your Rails developers to the next level... Application Evaluation; Weekly Code Reviews; Developer Hotline.

And if only 1% of those people...

...he forgot there was a number lower than one percent...

Working hard is overrated

Much more important than working hard is knowing how to find the right thing to work on.

Nginx_As_a_Reverse_Proxy - Couchdb Wiki

Nginx can serve as a reverse proxy to CouchDB for scenarios such as URL rewriting, load-balancing, access restriction, etc.

S3Sync

This is a ruby program that easily transfers directories between a local
directory and an S3 bucket:prefix. It behaves somewhat, but not precisely, like the rsync program. [I can verify that this is an awesome little tool.]

Full Stack ETag Support

The conclusion that I draw is that I definitely want to use Rack::Cache—100% improvement over reassembling the HTML on each request is too good to pass up. As for the 20% speed boost that full stack ETag buys me, I am not sure that the complexity that is introduced warrants the speed boost.

Browser Cache Usage Exposed

...reducing the number of HTTP requests has the biggest impact on reducing response time...

Place Pages for Google Maps

A Place Page is a webpage for every place in the world, organizing all the relevant information about it. By every place, we really mean *every* place — there are Place Pages for businesses, points of interest, transit stations, neighborhoods, landmarks and cities all over the world.

couchapp

CouchApp is designed to structure standalone CouchDB application development for maximum application portability. CouchApp is a set of scripts and a jQuery plugin designed to bring clarity and order to the freedom of CouchDB's document-based approach.

nginx, worker_processes, and passenger_max_pool_size

The Phusion Passenger pool size is independent from the number of
Nginx worker processes that you have. Setting the number of Nginx workers to the number of CPU cores should be sufficient.

Sinatra: Writing Extensions

Sinatra includes an API for extension authors to help ensure that consistent behavior is provided for application developers.

How Should Mac Apps Be Distributed?

...but to make this work for apps delivered by disk image, users have to understand that they must copy the app from the image to their startup drive. This is where some get lost.

Sammy.js, CouchDB, and the new web architecture

Welcome to the new world. HTTP Databases and JSON Storage. The simple act of making the database and the browser more powerful on either end has destroyed the need for the middle tier.

GitHub is Moving to Rackspace!

In just a few short weeks we will be moving GitHub to a new home at Rackspace. We’re aware of the current stability and performance issues, and we want to let you know what we’re doing about it.

hurl

Hurl makes HTTP requests. Enter a URL, set some headers, then view the response. Perfect for APIs.

To use it, simply POST to http://pygments.appspot.com with "lang" and "code" parameters in the body. You'll receive pygmentized HTML back, which you can store for later display on your site.

I'm using it so that I can host Flowcoder on Heroku. I was really impressed with the ease of getting this Pygments app running on Google App Engine. GAE is very much like a Python version of Heroku, which means it's awesome.

I'm hoping that this little project will spike my interest in learning a bit more about Python, which actually doesn't seem as evil as all my Ruby friends have made it out to be :P

The source code is on github, in case you're curious about how this all works.

Enjoy!

http://pygments.appspot.com

Start by making sure you have the most recent version of Passenger, then install the nginx module. This will actually install and compile nginx with the Passenger module enabled, which is handy. Choose the recommended/default options when the installer prompts you.

sudo gem update passenger
sudo passenger-install-nginx-module

Then, open up the nginx config file:

mate /opt/nginx/conf/nginx.conf

Add the following line to the top of the file:

daemon off;

This will prevent the "502 Bad Gateway" error you may see otherwise. I'm not sure why this is necessary, but I read about it here, and it seems to do the trick. nginx specifies that this should only be used for development, though.

Next, find the http { block, which should start around line 15 or so. You'll want to add a server { block within the http { block for each of your Rails/Rack applications, like so:

server {
   listen 80;
   server_name eldorado.local;
   root /Users/trevorturk/Code/eldorado/public;
   passenger_enabled on;
   rails_env development;
}

You'll need an entry in your hosts file if you don't already have one. Simply open up the file:

mate /etc/hosts

...and add lines for each of the apps you plan to run, like so:

127.0.0.1 eldorado.local 

Now, we can set up a launchd item, so that nginx will start up automatically after a system reboot. Create a new plist file by opening it up in TextMate:

mate /System/Library/LaunchDaemons/nginx.plist

...and paste the following code in, which was kindly provided for us by this helpful person:

Then, run the following command to load it:

launchctl load -F /System/Library/LaunchDaemons/nginx.plist

Now, you can reboot your system and make sure it's all working as expected by visiting http://eldorado.local, or whatever address you've configured your application to be on.

I believe this nginx installation will override the existing Apache installation you may have running. This doesn't bother me, so I opened up my System Preferences -> Sharing prefpane and unchecked the Web Sharing box, so Apache is no longer running. If you have any ideas about how to keep both services running cooperatively, please do let me know.

Update: Here are some additionally configuration options I'm using, which I cobbled together from various sources after Googling for things like "nginx, rails, gzip, expires" and such. Their powers combined, and I seem to have a YSlow-approved setup.

Just above your server { block, around line 40, add the following:

gzip on;
gzip_buffers 16 8k;
gzip_disable "MSIE [1-6]\.";
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

That should cover gzip well enough.

Then, amend the aforementioned server { block to include some far future expires goodness that takes advantage of the Rails asset_tag helpers:

server {
  listen 80;
  server_name eldorado.local;
  root /Users/trevorturk/Code/eldorado/public;
  passenger_enabled on;
  rails_env development;
  location ~* \.(ico|css|js|gif|jp?g|png)(\?[0-9]+)?$ {
      expires max;
      break;
  }
}

These two configuartion tweeks are, I believe, the rough equivalent of the technique previously discussed on this blog for Apache.

Of course, any additional suggestions, comments, or insights you may have would be most welcome. I'm new to this whole nginx thing, but I'm enjoying it so far.

Update: Here's an easy way to reload nginx, if you need to make a change to your conf. Make sure to have the following in your /opt/nginx/conf/nginx.conf file:

pid /var/run/nginx.pid;

Then, you can make an alias for the reload task in your ~/.bash_profile:

alias nr='sudo kill -HUP `cat /var/run/nginx.pid`'

In case you're interested, you can check out my full nginx.conf file for local development here:

http://gist.github.com/191331

I made this little app a few weekends back because it scratched a personal itch of mine. I maintain a few small "static" or "brochure" sites for friends, which means I get to do boring HTML updates whenever they have a new picture or video they want to add. I figured that I could do a little upfront work and let them to do the rest. So, I looked around for a simple Rails CMS, but I couldn't find anything simple enough. Thusly, Static was born.

It doesn't do much for you, but that's the point. You get a really simple little Rails app that lets you add pages, upload stuff, and wrap everything in a layout that can be updated online. If you ever need to add any cool new functionality (like displaying recent Twitter updates?) you can do it using Ruby/Rails. No more lame old hacked-together PHP sites ;) Static's well-tested, 175 line code base could be the solid foundation for a site that grows over time.

This thing does exactly and only what I need it to do, but I'm happy to accept patches and such. Give it a shot, fork away, and let me know if you have something good for me to pull.

http://github.com/trevorturk/static/

Enjoy!

Github and Engineyard part ways

[This Hacker News thread has some more detail from EY and GH. EY couldn't afford to continue with the preexisting arrangement, so GH is moving to Rackspace.]

Tornado Web Server

Tornado is an open source version of the scalable, non-blocking web server and tools that power FriendFeed. The FriendFeed application is written using a web framework that looks a bit like web.py or Google's webapp, but with additional tools and optimizations to take advantage of the underlying non-blocking infrastructure.

Twitter And The Revenue Dilemma

The company has to decide whether or not to turn revenue on. It sounds ridiculous, but it is a real decision. Once revenue is on, how the company is valued by the market can change dramatically.

Using Ruby Enterprise for Rails script/console

If you want to just use REE for script/console, without setting it for
everything, you can...

If architects had to work like software developers

Please don’t bother me with small details right now. Your job is to develop the overall plans for the house: get the big picture. At this time, for example, it is not appropriate to be choosing the color of the carpet. However, keep in mind that my wife likes blue.

Ravelry

What we’ve done only takes 1 not-even-fulltime (I have lots of other duties) programmer/sysadmin and it’s very cool that the software available today makes this possible. It’s important — we can’t be spending money on “professional services” and we only have 3.5 employees.

How Twitter works in theory

It is said that an economist is someone who sees something that works in practice and wonders whether it works in theory. Twitter clearly works in practice... and I wanted to write about some theories that help me understand it.

MiniBatteryStatus Widget

MiniBatteryStatus is a small Dashboard widget that monitors battery status, charge percentage and remaining battery life. Integrated with Growl to alert you when it's time to recharge your battery.

Protecting your Paperclip downloads

[Excellent write-up that covers protected downloads using Apache, nginx, the local filsystem, and/or Amazon S3. Awesome.]

Yehuda Katz Interview

A pretty good idea would be to contribute heavily to open source, and then look for work at companies that look at open source work as equivalent to a resume. If you build up enough really good open source work, you'll soon find people clamoring to hire you. [Even with my limited experience, I've found this to be true. Working in Open Source is a really efficient way to improve your skills, and helps immensely when looking for work.]

Mac OS X 10.6 Snow Leopard: the Ars Technica review - Ars Technica

Mac OS X 10.6, aka Snow Leopard has landed. This time around, Apple goes light on the glitz in favor of some heavy work under the hood. John Siracusa dives deep into Apple's new OS offering to see what's new, what's still the same, and whether it's worth upgrading.

aM laboratory

Simple sinewave synthesizer triggered by an ordinary 16step sequencer. Each triggered step causes a force on the underlaying wave-map, which makes it more cute.

Just add the following to your ~/.bash_profile, and you're good to go:

Definitly turn up your paranoia when dealing with e-mail, security or payements. If someone’s picture doesn’t upload occasionally due to an ill-conceived model, that not a huge problem. If 30k people get sent a bad e-mail, hacked, or overcharged due to three lines of code, that’s a serious bummer.

5 Tips for Sphinx Indexing

Sphinx is our favorite tool for the job. Written in C++ by Andrew Aksyonoff, and originally released to open source in 2001, Sphinx is a blazing fast search engine. Considering that fast and complex full-text searching is a somewhat frequent need, I’ve put together this post with my top five tips for implementing Sphinx.

Metal Lights Wallpaper by ~ToffeeNut on deviantART

Minimal desktop with two styles: Spotlights and Streaks.

Remove the Add Bookmark button from Safari 4

By default, the Add Bookmark button (+) is attached to the URL address in Safari 4. There isn't an option to turn it off, but there's a workaround...

Productivity Tip: Empty Your Dock

Inspired partially by my preparation for the Tiger upgrade and partially by my proficiency with QuickSilver, I’ve emptied everything out of the doc. Only the Finder and Trash are persistent. Everything else, in when in use, out when not.

The Menubar Challenge

...taking everything you own, save for the bare essentials, and moving it into storage. For a set period of time, retrieve items from the store when needed. Anything not accessed after said set period of time you likely do not really need and should be disposed of.

Dark Wood

The wood-like wallpaper pack. Hope u'll like it.

The Funded Publishes Ideal First Round Term Sheet

Start with the Y Combinator docs for your first early angel round, and move to Adeo’s document in your first real round of venture capital.

Poor Man's Deploy

Start a Sinatra server on port 4000; GET / to that server triggers a git pull and mod_rails restart; Hit port 4000 locally after pushing

Antares Trader Blog

Previous on this blog alluded to my misgivings about the big merge between Rails and Merb. I liked the trimmed-down, uncomplicated API of Merb. I knew what it was going to do and how to make non-standard things happen. Well it looks like Rails 3 is getting some of that mojo.

Rails Rumble :: Welcome to the '09 Rumble

The Rails Rumble is a 48 hour web application development competition. As a contestant, your team gets one weekend to design, develop, and deploy the best web property that you can, using the awesome power of Ruby and Rails.

SizeUp

SizeUp allows you to quickly position a window to fill exactly half the screen (splitscreen), a quarter of the screen (quadrant), full screen, or centered via the menu bar or configurable system-wide shortcuts (hotkeys). Similar to "tiled windows" functionality available on other operating systems.

MSNBC.com acquires EveryBlock

After considering a number of options (some wildly different from others), we decided that working with MSNBC.com was the best fit for our site and our team.

ChangeDetection

ChangeDetection.com provides page change monitoring and notification services to internet users worldwide. Anyone can use our service to monitor any website page for changes.

Video Game Lessons for Business Strategy

I see video games as a petri dish, a place where the challenges and rewards of the real world are simulated in a simpler, more discrete fashion. Often the challenges faced remind me of the same challenges I face in my work as an entrepreneur. In the spirit of Scott Berkun’s Management lessons from Gears of War 2, I present you three business lessons I’ve learned from video games.

Managing UI Complexity

I’ve spent the past year redesigning a particularly complex application with my primary focus being on reducing complexity. In this article, I’ll go over some of the issues surrounding complexity and techniques that can be used to manage it.

aanand's deadweight

Deadweight is RCov for CSS, kind of. Given a set of stylesheets and a set of URLs, it determines which selectors are actually used and reports which can be "safely" deleted.

Continuous Integration Spring Cleaning at GitHub

We’re currently in the process of revamping our test suite (which we’ll blog about in the future) and moving servers, so I thought it’d be a good time to re-evaluate our options.

I Hardly Know Her

IHKH is a minimalist Flickr viewer. Captions and titles are omitted and metadata is hidden until needed. Images can be made large in place.

laserlemon's vestal_versions

vestal_versions keeps in the spirit of consolidating to one versions table, polymorphically associated with its parent models. But it goes one step further by storing a serialized hash of only the models’ changes.

A kinder, gentler philosophy of success

Alain de Botton examines our ideas of success and failure -- and questions the assumptions underlying these two judgments. Is success always earned? Is failure? He makes an eloquent, witty case to move beyond snobbery to find true pleasure in our work.

RED: <>

RED is a robot that checks HTTP resources to see how they'll behave, pointing out common problems and suggesting improvements. Although it is not a HTTP conformance tester, it can find a number of HTTP-related issues.

What's New in Edge Rails: Default RESTful Rendering

Controller responders handle the chore of matching the HTTP request method and the resource format type to determine what type of response should be sent. And since REST is so well-defined it’s very easy to establish a default responder to handle the basics.

Out of the Kitchen, Onto the Couch

“Here’s an analogy,” Balzer said. “A hundred years ago, chicken for dinner meant going out and catching, killing, plucking and gutting a chicken. Do you know anybody who still does that? It would be considered crazy! Well, that’s exactly how cooking will seem to your grandchildren: something people used to do when they had no other choice. Get over it.”

Approaching a Minimum Viable Product

The purpose of the MVP is to answer your most pressing question, to validate your most pressing business assumption. To create an MVP work backwards from your question, not forwards from a feature list. Invest as little as possible to answer the question because after this there will be another question and another and you’ll need enough money to answer them all.

save! > save

When you’re not expecting something to fail, always use the methods that raise exceptions on failure.

What's New in Edge Rails: Cleaner RESTful Controllers w/ respond_with

REST is a first-class citizen in the Rails world, though most of the hard work is done at the routing level. The controller stack has some niceties revolving around mime type handling with the respond_to facility but, to date, there’s not been a lot built into actionpack to handle the serving of resources.

cldwalker's hirb

A mini view framework for console/irb that's easy to use, even while under its influence. Console goodies include a no-wrap table, auto-pager, tree and menu.

josevalim's simple_form

Simple easy contact form for Rails with I18n, validations, attachments and request information.

The Rails State Machine

Ruby on Rails recently added a built-in ActiveModel::StateMachine implementation and even more recently tied it in to ActiveRecord. And, for being a built-in library, it’s pretty damned fully-featured.

Deployment Script Spring Cleaning at GitHub

As we get ready to upgrade our servers I thought it’d be a good time to upgrade our deployment process. Currently pushing out a new version of GitHub takes upwards of 15 minutes. Ouch. My goal: one minute deploys (excluding server restart time).

Quick_magick

QuickMagick is a gem for easily accessing ImageMagick command line tools from Ruby programs.

GreenAsJade's s3-swf-upload-plugin

A rails plugin which allow user upload files to S3 through an embedded flash directly. This fork has environment setting of amazon creds (to avoid hardcode in app), configurable message for the select button, bugfix on submit-without-select, much improved feedback to the user about what is happening, ability to check the file they selected, before it gets actually uploaded.

RSS Subscribers or Twitter Followers: Which Are Worth More?

I would need to test first to find the optimal valuation, but I am guessing it would be between 5 and 10 Twitter followers for each RSS subscriber.

You Have to Choose Who To Read

The wonderful thing is that in A.D. 2009, the option of reading primary sources is open to anybody who’s willing to take a little trouble.

Anatomy of a feature

“Oh, it’s easy, just a quick http call. I could write a script to do it in like 20 seconds.” But of course it’s not as simple as just writing a quick script. It’s tempting to think that adding a feature like this is just about adding the functionality — but there’s a bunch more to it than that.

up and running with cassandra

I think that Cassandra is the most promising current implementation of a runtime distributed database, but much work remains to be done. We're beginning to use Cassandra at Twitter

Embrace technical debt

As in many scalability decisions, we’d have been much better off investing in agility, so that we could change the architecture in response to actual customer demand, rather than trying to predict the future. That’s what Just-in-time Scalability is all about. Sometimes quick and dirty actually incurs less debt.

CSS Prism

Enter the URL of any CSS file to view and modify its color spectrum.

Ramen Profitable

Now that the term "ramen profitable" has become widespread, I ought to explain precisely what the idea entails.

Basecamp, now with more vroom

To make a long story a little less long, we saw some pretty extreme performance improvements from moving Basecamp out of a virtualized environment and back onto dedicated hardware.

Pro Git Book

This is the website for the Pro Git book, written by Scott Chacon and published by Apress. Here you can find the full content of the book, a blog with tips and updates about Git and the book and open source projects related to Git or referenced in the book.

Drag & Drop Sortable Lists

Time has come for us to make a sortable list, and let’s face it, drag&drop are the prettiest ones. So, let me explain how to proceed.

Reputation - Yahoo! Design Pattern Library

A person participating in a social structure expects to develop a reputation and hopes for insight into the reputations of others, but each designed model of participation and reputation embodies its own set of biases and incentive structures. Balancing these forces determines in large measure the success or failure of a social system.

pubsubhubbub

A simple, open, web-hook-based pubsub protocol & open source reference implementation.

Death spiral!

As Tom Peters says, "You can't shrink your way to greatness," and yet that's what so many dying businesses try to do. They hunker down and wait for things to get better, but they don't. This isn't a dip, it's a cul de sac. It's over.

Pay Walls

Newsstand and subscription prices have never been the main source of revenue for newspapers anyway — advertising is. But they can’t make as much money from web advertising as from print for several reasons. Pre-Internet, newspapers had inordinate control over the supply of news, and therefore over the supply of advertising, and they grew fat on the profits.

Rails Rumble - This Bird's Ready to Rumble

Of course, even applications that aren’t quite so Twitter-centric can benefit from some Twitter integration. Here’s a list of some resources that may inspire you to include them in your Rumble application in some way.

Uploadify and Rails 2.3

A few weeks back we (Steve and I) added multiple asset upload to Harmony using Uploadify. If you are thinking that sounds easy, you would be sorely mistaken.

madx's rackable

Rackable is a tiny module that aims to make any Ruby object Rack-friendly and provide it with a REST-like interface. Basically, what it does is providing an object with a call() method that uses the Rack environement to dispatch to a method, giving helper objects such as headers, query parameters, ...

grosser's text_filter

ActiveRecord / Rails Filter Text Fields Before Assigning them

Railscasts Self-Referential Association

Creating a social networking site often requires a self-referential association on the User model to define friends/followers. In this episode I show how to do exactly that.

Developer Color Picker

A custom color picker designed specifically for developers. Makes getting colors out of Photoshop/Acorn mock-ups quick and easy.

Drupal Job Boards

If you're just getting started in computer science or looking to specialize in a web technology, then you should definitely look into Drupal. Jobs in the marketplace are in high demand, especially compared to some of the other CMS platforms. The number of Drupal job opportunities continues to increase.

Maker's Schedule, Manager's Schedule

Those of us on the maker's schedule are willing to compromise. We know we have to have some number of meetings. All we ask from those on the manager's schedule is that they understand the cost.

Do it Later With Delayed Job

The killer feature that delayed_job has is send_later, this lets you transparently turn a method call on a class or object into a delayed_job. It also supports declaring certain methods to be handled asynchronously in an environment file...

DropBox Y Combinator Application

Y Combinator Funding Application, Summer 2007, DropBox

TrafficServerProposal Apache Proposal from Yahoo

Traffic Server fills a need for a fast, extensible and scalable HTTP proxy and caching. We have a production proven piece of software that can deliver HTTP traffic at high rates, and can scale well on modern SMP hardware. We have benchmarked Traffic Server to handle in excess of 35,000 RPS on a single box. Traffic Server has a rich feature set, implementing most of HTTP/1.1 to the RFC specifications.

Daring Fireball: Charging for Access to News Sites

...and it’s not really surprising that they’re failing to evolve. The decision-makers — the executives sitting atop large non-editorial management bureaucracies — are exactly the people who need to go if newspapers are going to remain profitable.

cldwalker's alias

Creates, manages and saves aliases for class methods, instance methods, constants, delegated methods and more.

Why Does Time Go Faster As We Get Older?

If you travel to Australia, and the yield sign says "Give Way",you notice it again. That's why travel is so memorable... As we get older, unfamiliar things and new perceptions are fewer and fewer... Thus it seems that time is passing faster... My own philosophy, which I often forget to follow, is to optimize my perceived lifespan by doing as many unfamiliar things as possible.

I’m not sure what the solution is here. Feed readers as we’ve known them are dying, but it’s as yet unclear what will take their place. Filtering feeds for relevance algorithmically seems all but fruitless; filtering through the social graph is only a slight improvement, but misses the rare content that may only strike a chord with a small audience.

The Journey to Ruby 1.9

Here’s some tips and tricks for those who want to upgrade their own Ruby install and have their gems to be compatible.

Big Old Rails Template from A Fresh Cup

Here’s a list of what this template sets up...

Don’t offer $50 for your favorite feature

I bet every Mac and iPhone developer (and probably some Windows developers too) has heard this at least once, if not dozens of times, from someone who uses their software: “I will PayPal you $50 right now if you will add this feature for me.”

Structural Tags in HTML5

The HTML5 specification has added quite a few interesting and useful tags for structuring your markup. For a majority of everyday uses, these tags will replace many of our typical div entries from our code. So let’s dig in.

Five Features from Mercurial That Would Make Git Suck Less

This isn’t an attempt to convince you to use Mercurial exclusively. And I’m intentionally skipping any mention of Mercurial’s shortcomings. I want to see these features in upcoming versions of Git.

Serious doubts

I’ve never doubted the viability of running a serious business of writing iPhone apps before. For the first time, now, I am. [The developer of Instapaper on the state of the iPhone App Store.]

rails admin interface roundup

...I evaluated four plugins for admin UI...

Wolfram Alpha and hubristic user interfaces

Strangely, to the developers of intelligent control interfaces, these interfaces appear to work perfectly well. Moreover, when the developers demo these interfaces, the demo comes off without a hitch - and is often quite impressive. This is not the normal result of broken software. This "demo illusion" convinces the developers that the product is ready to ship, although it is not and will never be ready to ship.

Gah! Up is Down! Right is Wrong! Make it Stop!

I'm not a fan of the GPL quite simply because I don't see the GPL as "open". The GPL is not defined by what it is, it's defined by what it isn't. It's "against" proprietary closed source code. It's against corporations. It's against software as a commercial product... Knowledge is expanded when it is shared. When solutions to problems are shared, that frees us up to tackle the next obstacle rather than spending time solving problems that have already been solved by others... If you truly believe that knowledge is not a zero-sum game, and that sharing knowledge tends to increase the sum of societal knowledge, then you don't go putting petty restrictions on your knowledge.

There are no small changes

Adding a plugin to a codebase is easy. Integrating a new feature within an existing application is not. When you’re striving for quality there are no small changes.

How Capitalism Saves Ruby from Corporatism

...or... Owning the Means of Production. This talk was given at FutureRuby in Toronto, Canada in the summer of 2009.

Putting What Little We Actually Know About Chrome OS Into Context

I’m skeptical about the prospects of any new system or product that isn’t intended for use by the people creating it. Gmail, for example, is the best web mail system because it was designed to be used not just by “typical” users but by expert users, including the engineers at Google who made it.

One of the Most Time Consuming Startup Roadblocks

So take a risk this month: outsource your first task and see where it takes you. When was the last time a single tool or work habit offered the opportunity to save 20-60 hours in a month?

Paperclip file rename

While developing an application with Sebastián that allow users to upload videos with some file name restrictions, meaning that it must contain only A-Z and 0-9 digits, underscores (_) as a valid component as well, and also the name must be preceded by it’s own #id, we came up with the need of applying this custom filter to each uploaded video.

YouTube Will Be Next To Kiss IE6 Support Goodbye

Judging by this screenshot taken by an IE6 user who was watching some videos on YouTube, it appears the Google company will be phasing out support for the browser shortly. [Die!]

Hacker News on Zed Shaw: Why I (A/L)GPL

[Interesting comments, as usual. My take: the GPL is like half-assed open-source. Sure, you can see the source, but it's not really open.]

This means that deploying El Dorado is no longer a pain in the ass. It also means that you can get started with El Dorado for free. Just follow along with the installation and deployment instructions in the README and you're good to go.

If you need help along the way, drop by the support site: http://eldorado.heroku.com/

Enjoy!

pauldix's typhoeus

Like a modern code version of the mythical beast with 100 serpent heads, Typhoeus runs HTTP requests in parallel while cleanly encapsulating handling logic.

iPhone-like password fields using jQuery

That may have been the reason why Apple developed implemented an alternative method on iPhone/iPod Touch: passwords get masked while typing but the last character in row is shown in plain text.

Tango Palette Dashboard Widget

Colors from Tango Desktop Project with one-click! Click on color box will copy hex value (without #, useful, for example, with Photoshop) into the clipboard. Enjoy!

The EveryBlock source code

EveryBlock.com is an experimental news Web site that provides information at a "microlocal" level — by neighborhood or city block. It was funded by a grant from Knight Foundation, which requires the site's backend code to be open-sourced. Here is the code.

MongoMapper, The Rad Mongo Wrapper

A few weeks ago, I wrote about Mongo and how awesome it is. Towards the end of the article (and in the slideshow) I mentioned MongoMapper, a project I’ve been working on.

Cassandra Wiki

Cassandra is a highly scalable, eventually consistent, distributed, structured key-value store. Cassandra brings together the distributed systems technologies from Dynamo and the data model from Google's BigTable. Like Dynamo, Cassandra is eventually consistent. Like BigTable, Cassandra provides a ColumnFamily-based data model richer than typical key/value systems.

tmm1's youtube-g

youtube-g is a pure Ruby client for the YouTube GData API. It provides an easy way to access the latest YouTube video search results from your own programs. In comparison with the earlier Youtube search interfaces, this new API and library offers much-improved flexibility around executing complex search queries to obtain well-targeted video search results.

JaredKuolt's robustthread

This module allows for the creation of a thread that will not simply die when the process dies. Instead, it joins all RobustThreads in Ruby’s exit handler.

zilkey's active_api

ActiveApi allows you to define an XML schema in Ruby, and use that schema to convert ruby objects to xml. Features XSD or DTD generation; Versioning; The ability to represent your model in a way that is not tightly coupled to the model itself.

neerajdotname's admin_data

Rails plugin to browse and manage your data using your browser.

adamsalter's sitemap_generator-plugin

This plugin enables 'enterprise-class' Google Sitemaps to be easily generated for a Rails site as a rake task, using a simple 'Rails Routes'-like DSL. It allows you to take care of familiar Sitemap issues...

GooOS, the Google Operating System

Google isn't worried about Yahoo! or Microsoft's search efforts...although the media's focus on that is probably to their advantage. Their real target is Windows. Who needs Windows when anyone can have free unlimited access to the world's fastest computer running the smartest operating system? Mobile devices don't need big, bloated OSes...they'll be perfect platforms for accessing the GooOS.

Introducing the Google Chrome OS

So today, we're announcing a new project that's a natural extension of Google Chrome — the Google Chrome Operating System. It's our attempt to re-think what operating systems should be.

New on Posterous: Audio and video *plays* on your iPhone in Safari, no flash needed

Now, audio and video you attach and send to Posterous can be played on an iPhone in Mobile Safari. No more "missing flash" errors!

Getting Pretty Lonely

As the developer evaluates communities to participate in, they must evaluate the legal impact such participation will have on their own project. The closed source communities are, by definition uninviting to outsiders. GPL communities are open and embracing of other GPL developers, but generally off-putting to liberal-license and closed-license developers. Only the liberal-license communities are attractive to developers from all 3 camps.

The Mythical Man Weekend

The "I can do it in a weekend" beast reared its naive head on Hacker News recently which in turn generated some intelligent discussion on the topic. We've all been there and we've all learned the hard way.

When GitHub goes down...

There are quite a few ways to deploy without github… ah the wonders of git!

Adam Wiggins and Ryan Tomayko, Heroku

An interview in 3 parts with Adam Wiggins and Ryan Tomayko of Heroku from their recent visit to New Relic. They discuss the vision behind the creation of Heroku, their passion for helping developers create scalable, high-performance Rails apps in the cloud, taking full advantage of cloud deployment, and their tips and best practices to create a high-performance app.

[whatwg] Codecs for audio and video

After an inordinate amount of discussions, both in public and privately, on the situation regarding codecs for video and audio in HTML5, I have reluctantly come to the conclusion that there is no suitable codec that all vendors are willing to implement and ship. I have therefore removed the two subsections in the HTML5 spec in which codecs would have been required, and have instead left the matter undefined, as has in the past been done with other features like img and image formats, embed and plugin APIs, or Web fonts and font formats.

Secrets of Simplicity

Rules for being simple and usable (Giles Colborne)

Go Daddy DNS & Heroku

As easy as using Heroku is, setting up DNS seems to be one of the trickier parts.

The One in Which I Call Out Hacker News

The next time you see an application you like, think very long and hard about all the user-oriented details that went into making it a pleasure to use, before decrying how you could trivially reimplement the entire damn thing in a weekend. Nine times out of ten, when you think an application was ridiculously easy to implement, you’re completely missing the user side of the story.

Twitter, an Evolving Architecture

Most of the tools used by Twitter are open source. The stack is made up of Rails for the front side, C, Scala and Java for the middle business layer, and MySQL for storing data. Everything is kept in RAM and the database is just a backup. The Rails front end handles rendering, cache composition, DB querying and synchronous inserts. This front end mostly glues together several client services, many written in C: MySQL client, Memcached client, a JSON one, and others.

P2: The New Prologue

Prologue broke ground when it brought microblogging to WordPress.com. Now it’s cooler, faster, sleeker, and ready for 2009 and beyond.

fesplugas's typus

Effortless backend interface for Ruby on Rails applications. (Admin scaffold generator.)

Posterous is the best way to publish video and photos from your new iPhone 3G S

Posterous has always been about email, so when Apple announced the iPhone 3G S would shoot video, we already knew it would just work with our site! We've optimized Posterous to work well with the iPhone 3.0, so now it's better than ever. [The benefits of having a simple, universal input are obvious.]

Fails on Rails

The total cost of development for a failed Ruby on Rails system is much less than a failed Java EE system.

Development virtual machines on OS X using VMWare and Ubuntu

I’ve been using Linux as my primary development environment for a number of months now, despite being an abject Mac fanboy.

Here's the basic idea:

You have a config file that contains all of your local configuration variables. It looks a lot like database.yml.

 
# config/config.yml
 
development:
  session_key: example_development
  session_secret: ESl6X3oKM1i1RRrD2QLwUUzz9jr1zxNO
  domain: http://example.com
 
test:
  session_key: example_test
  session_secret: vrwPpJTvwnMVLP1wTSgqigSl7PMI7QcE
  domain: http://example.com
 
production:
  session_key: # any string identifying your app
  session_secret: # a random, secret string at least 32 characters long
  domain: # http://example.com
  mailer: # noreply@example.com
 

You perform a little trickery in environment.rb to prefer the Heroku ENV storage of config vars (in the production environment), but you fall back to your config.yml if the config vars aren't found in ENV (in the development and test environments).

 
# config/environment.rb
 
Rails::Initializer.run do |config|
  require 'yaml'
 
  # support yaml and heroku config vars, preferring ENV for heroku
  CONFIG = (YAML.load_file('config/config.yml')[RAILS_ENV] rescue {}).merge(ENV)
 
  config.action_controller.session = {
    :key => CONFIG['session_key'],
    :secret => CONFIG['session_secret']
  }
end
 

Then, you create a rake task (rake heroku:config) that can be used to send all of the config vars for your production environment up to Heroku. This task can be invoked once to set things up, but can also be run again if you need to make any additions or changes.

 
# lib/tasks/heroku.rake
 
namespace :heroku do
  task :config do
    puts "Reading config/config.yml and sending config vars to Heroku..."
    CONFIG = YAML.load_file('config/config.yml')['production'] rescue {}
    command = "heroku config:add"
    CONFIG.each {|key, val| command << " #{key}=#{val} " if val }
    system command
  end
end
 

This way, you've got all of your config vars stored with the project (.gitignored, of course)...

 
# .gitignore
 
/tmp/**/*
/log/*
*.log
/tmp/restart.txt
/config/config.yml
/config/database.yml
/db/*.sqlite3
 

...and you can easily set what you need on Heroku, like so:

 
$ rake heroku:config
Reading config/config.yml and sending config vars to Heroku...
Adding config vars:
  session_key => example_production
  session_secret => 1WlkMkYYi5611vtF...0ZMS2G3Xl67s4lEIK4sj65
  domain => http://example.com
  mailer => noreply@example.com
Restarting app...done.
 

The result is a pretty nice, I think.

You can see the installation and deployment instructions for my open source project El Dorado if you're curious about the overall flow.

I'd love to get some feedback on this approach, but I really like it so far :)

• You're running Debian Lenny and you've got root access
• You've got a functioning apache2 installation
• You know the basics of working on the command line (i.e. how to edit files, execute commands, etc.)

If the above is true of your situation, read on to learn how to install Ruby Enterprise, Phusion Passenger and El Dorado from scratch in a sort of "one-off" setting where you've got one server and you want it to run one site.

NB: These instructions don't use git or capistrano. The instructions contained in the El Dorado README describe how to install El Dorado using those tools. Using them makes for an easier and cleaner installation. It also makes for easier scalability, upgrading and patching: I highly recommend using those tools.

1. Resolve Dependencies

The first thing you'll need to do, even before installing RE or PP, is make sure that you've got the development files for the databases that RE and PP applications use:

apt-get install libsqlite3-ruby postgresql-8.3-plruby libmysql-ruby libmysqlclient15-dev postgresql-server-dev-8.3 libsqlite3-dev

If you don't resolve these dependencies now, you'll get a message during the RE installation that prompts you to install gems for mysql, postgres, etc. and then, when you go to install those gems, you'll get an error like this:

ERROR:  Error installing mysql:
	ERROR: Failed to build gem native extension.

So just go ahead and resolve those dependencies in advance.

2. Install Ruby Enterprise

The best practice for this, as far as I know, is to install the current stable release of RE in /opt/. First, download the release you plan to use:

lana:~# cd /opt
lana:/opt# wget http://rubyforge.org/frs/download.php/58677/ruby-enterprise-1.8.6-20090610.tar.gz

Once that's down, untar it and execute the installer script:

lana:/opt# tar -zxvf ruby-enterprise-1.8.6-20090610.tar.gz
[...]
lana:/opt# cd ruby-enterprise-1.8.6-20090610/
lana:/opt/ruby-enterprise-1.8.6-20090610# ./installer

That should run, after a few tappings of ye olde Enter key, to its error-free conclusion. If, during the installation, the installer finds that you're missing software packages, the installer will bail and you'll be given some commands that fill those holes. Resolve those dependencies and finish the installation.

At the end of the installation, you'll be given some syntax that will automatically install PP. You'll use that in the next step.

3. Install Phusion Passenger

Use the automatically generated syntax:

lana:/opt/ruby-enterprise-1.8.6-20090610# /opt/ruby-enterprise-1.8.6-20090610/bin/passenger-install-apache2-module

Again, the installer will bail and prompt you to resolve dependencies if you've got any:

Installation instructions for required software

 * To install Apache 2 development headers:
   Please run apt-get install apache2-prefork-dev as root.

 * To install Apache Portable Runtime (APR) development headers:
   Please run apt-get install libapr1-dev as root.

 * To install Apache Portable Runtime Utility (APU) development headers:
   Please run apt-get install libaprutil1-dev as root.

Resolve dependencies and finish the installation.

Once it's finished, you'll be given some lines to add to your "Apache configuration file". The best file to add these lines to is /etc/apache2/httpd.conf.

Just don't forget that you added them there (as opposed to somewhere else), as you'll need to modify them if you upgrade RE.

You'll also probably want to go ahead and add the following lines while you've got the file open:

PassengerPoolIdleTime 14400
PassengerMaxInstancesPerApp 2

Those lines do exactly what it looks like they do. They're also very sensible settings to start with, as they'll prevent El Dorado from hogging a bunch of system resources, etc. right off the bat.

You can find more information here.

Finally, your /etc/apache2/httpd.conf file should look something like this:

PassengerPoolIdleTime 14400
PassengerMaxInstancesPerApp 2

LoadModule passenger_module /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/passenger-2.2.4/ext/apache2/mod_passenger.so
PassengerRoot /opt/ruby-enterprise-1.8.6-20090610/lib/ruby/gems/1.8/gems/passenger-2.2.4
PassengerRuby /opt/ruby-enterprise-1.8.6-20090610/bin/ruby

Once you've made those changes, you're ready to begin installing El Dorado.

When it exits, the PP installer will show you some sample syntax for how to write an apache configuration file for your first application. You can ignore that for now, as we're going to come back to it later.

4. Install El Dorado

First, get the latest release of the software from Trevor's github: http://github.com/trevorturk/eldorado/tree/master

Once you've got the URL of the latest release, switch from root to a less privileged user, make a folder in your home dir for the site, download the latest release of El Dorado to that directory and untar it:

toconnell@lana:~$ mkdir example.com
toconnell@lana:~$ cd example.com
toconnell@lana:~/example.com$ wget wget http://download.github.com/trevorturk-eldorado-a37d0c71e928f605d111d5f48b5786ff613bf676.tar.gz
tar -zxvf trevorturk-eldorado-a37d0c71e928f605d111d5f48b5786ff613bf676.tar.gz

Now, get all of those files out of that big, ugly directory and into the current working directory and ditch those old files:

toconnell@lana:~/example.com$ mv trevorturk-eldorado-a37d0c71e928f605d111d5f48b5786ff613bf676/* .
toconnell@lana:~/example.com$ rm -rf trevorturk-eldorado-a37d0c71e928f605d111d5f48b5786ff613bf676*

Now, follow the instructions in the README and copy the example yml files to the places where the application will look for real, non-example files:

toconnell@lana:~/example.com$ cp config/database.example.yml config/database.yml
toconnell@lana:~/example.com$ cp config/config.example.yml config/config.yml

Now, use your favorite editor to edit the last stanza in config/config.yml so that it matches the information of your site:

production:
  session_key: example_production
  session_secret: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  # Replace these X's and make this string (at least) 32 random alpha-numerics for good site security
  domain: http://example.com
  mailer: noreply@example.com  

NB: There are "dev" and "test" entries in this default file. If you're not planning on doing anything development related with this installation, you can safely delete those entries.

Once you've edited that file, that's it, so far as the non-git installation is concerned. To get El Dorado up and running, you'll need to do some minor database tasks. Those are covered in the next section.

5. Configure the Database

Since MySQL is deprecated, I'll be using PostgreSQL for the remainder of these instructions.

If you look at config/database.yml, you'll notice that it's essentially a blank template:

development:
  adapter: sqlite3
  database: db/development.sqlite3
  timeout: 5000
  # adapter: mysql
  # database: eldorado_development
  # username:
  # password:
  # host: localhost

test:
  adapter: sqlite3
  database: db/test.sqlite3
  timeout: 5000

production:
  adapter:
  database:
  username:
  password:
  host:

First, edit that file:

production:
  adapter: postgresql
  database: example
  username: example
  password: XXXXXXXXXXXXXXXXXXXX
  host: localhost

NB: Again: once you've added your "production" entries to this file, you can feel free to delete the "test" and "dev" lines, as they do nothing and could cause confusion down the line.

Now, create the database and the user:

toconnell@lana:~/example.com$ sudo su postgres -c "createuser example"
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
toconnell@lana:~/example.com$ sudo su postgres -c "createdb example"

Next, start the postgres monitor as the postgres user and make the a few changes:

toconnell@lana:~/example.com$ sudo su postgres -c psql
Welcome to psql 8.3.7, the PostgreSQL interactive terminal.

postgres=# ALTER USER example PASSWORD 'XXXXXXXXXXXXXXXXXXXX';
ALTER ROLE
postgres=# ALTER DATABASE example OWNER TO example;
ALTER DATABASE

Now, if you've got your Postgres database configured correctly and your new user can access your new postgres database, you're ready to rake the El Dorado production database:

toconnell@lana:~/example.com$ /opt/ruby-enterprise-1.8.6-20090610/bin/rake rake db:schema:load RAILS_ENV=production

Once the database is successfully raked, all you've got to do to finish up is configure Apache.

6. Apache Configuration

The following assumes that you're doing apache the "Debian way".

If this is true, the first thing you'll do is create a symlink in /var/www/ that points at your install directory:

lana:/var/www# ln -s /home/toconnell/example.com/

Next, create a file in /etc/apache2/sites-available with the name of your site and then create a symlink to it in /etc/apache2/sites-enabled.

The file should look something like this:

#
# example.com
#
 
<VirtualHost *:80>
  ServerName example.com
  ServerAlias www.example.com
  ServerAdmin youremail@example.com
  DocumentRoot /home/toconnell/example.com/public
 
  <Directory "/var/www/example.com">
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>
 
  RewriteEngine On
 
  RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
  RewriteRule ^(.*)$ http://example.com$1 [R=301,L]
 
  RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
  RewriteCond %{SCRIPT_FILENAME} !maintenance.html
  RewriteRule ^.*$ /system/maintenance.html [L]
 
  ErrorLog /var/log/apache2/example_error_log
  CustomLog /var/log/apache2/example_access_log combined
  RewriteLog /var/log/apache2/example_rewrite_log
  RewriteLogLevel 9
 
</VirtualHost>

NB: I've added some apache custom logging. Logs are good.

Once you've got the file in /etc/apache2/sites-available and the symlink in /etc/apache2/sites-enabled that points at that file, you should be ready to restart apache and get rolling:

lana:/etc/logrotate.d# /etc/init.d/apache2 reload

And that, as they say, is that. Once you reload apache, provided that your DNS is set up correctly and you haven't got any system problems beyond the scope of this document, your single instance of El Dorado should be ready for prime time.

Navigate to your site in your browser and create an administrative account: the first user who attempts to login will be the administrator. Once you've got your admin created, you're ready to start tweaking your new El Dorado site's appearance and adding users.

A note on upgrades: if you find you need/want to upgrade an instance of El Dorado that has been installed thus, consult the README. The basic gist is that you're going to want to download/copy the new source/program files over the old ones (while being careful not to erase your user-uploaded files) and then run rake db:migrate RAILS_ENV=production.

Answer: Turn off ri and rdoc installation.

Perch

Perch is a really little content management system for when you (or your clients) need to edit content without the hassle of setting up a big CMS.

Installing Ruby on Rails and PostgreSQL on OS X, Third Edition

Over the past few years, I’ve helped you walk through the process of getting Ruby on Rails up and running on Mac OS X. The last version has been getting a lot of comments related to issues with the new Apple Leopard, so I’m going this post will expand on previous installation guides with what’s working for me as of January 2008.

Thoughts on Opera Unite

Opera’s CEO Jon von Tetzchner claims that “Opera Unite now decentralizes and democratizes the cloud." I call bullshit. Opera Unite does indeed rely on a P2P-like network to function, but the big problem is that you must push all your traffic through Opera’s proxy service.

LESS - Leaner CSS

Less is Leaner css. Less extends css by adding: variables, mixins, operations and nested rules. Less uses existing css syntax. This means you can migrate your current .css files to .less in seconds and there is virtually no learning curve.

YC Company Hosting Stats

[Interesting stats and discussion on hosting.]

Rip: a RubyGems Replacement?

This makes package management as simple as passing files between friends. Email me your latest library, and I can run rip install path/to/lib. That’s it — you don’t need spec files, and you don’t need to build anything before your send me your code.

BigTable

BigTable is a fast and extremely large-scale DBMS. However, it departs from the typical convention of a fixed number of columns, instead described by the authors as "a sparse, distributed multi-dimensional sorted map", sharing characteristics of both row-oriented and column-oriented databases. BigTable is designed to scale into the petabyte range across "hundreds or thousands of machines, and to make it easy to add more machines [to] the system and automatically start taking advantage of those resources without any reconfiguration".

Opera Unite reinvents the Web: a Web server on the Web browser

[Very interesting possibilities here. Making it easier for people to serve content on the web can only lead to good things.]

tenderlove's markup_validity

Test for valid markup with test/unit or rspec

Hemlock

Hemlock is an open-source framework that combines the richness of Flash with the scalability of XMPP, facilitating a new class of web applications where multiple users can interact in real time. Games, workspace collaboration, educational tools… The only limit is your imagination.

Rip: A New Package Management System for Ruby

But why a completely new package manager? What's wrong with RubyGems? We asked one of Rip's developers, Chris Wanstrath...

Ruby at ThoughtWorks

ThoughtWorks started using Ruby for production projects in 2006, from then till the end of 2008 we had done 41 ruby projects. In preparation for a talk at QCon I surveyed these projects to examine what lessons we can draw from the experience. I describe our thoughts so far on common questions about Ruby's productivity, speed and maintainability.

[git pull] drm-next

See? All the rules really are pretty simple. There's that somewhat subtle
interaction between "keep your own history clean" and "never try to clean
up _other_ proples histories", but if you follow the rules for pulling,
you'll never have that problem.

Don't just follow the projects that you're interested in — follow other users. Here's a list of people that I'm following. They're constantly turning me on to new and interesting projects, because I get to see everything they're working on, and everything they're following.

Dig around the users that I follow, check out what they're been up to, and try it out. If you find that your feed becomes a bit much to manage, try subscribing to your personal RSS feed. There's a link on the home page when you're logged in.

Thanks, GitHub. You're the best.

Here's a quick tip I picked up here that will set your logs to automatically rotate in the test and development environments. Just add the following line to these files:

• config/development.rb
• config/test.rb

config.logger = Logger.new(config.log_path, 2, 20.megabytes)

Make sure you've got these in your .gitignore file as well:

/log/*
*.log

That will keep your log files under control, but with plenty of room for digging in if need be.

• SSH onto your VPS
• Run the following commands: "a2enmod expires" and "a2enmod deflate"

Now, open up your Apache vhost config for your Rails app. Add the following:

Then, restart Apache by running: "/etc/init.d/apache2 restart"

This will gzip your html, css, and javascript. It'll also add far future expires headers for the appropriate cacheable filetypes. There's no downside, and it only takes a second. Bang for buck.

Edit: Check the comments for some possible downsides... ;)

Trevor's Links

Email. Twice daily. No more, no less.

So, using some motivation from The Four Hour Workweek1, I opted to come back to the studio and change my behavior. That morning, I emailed my entire team and my clients to let them know that I would only be checking my email at 10am and 4pm each day.

How to Build a Popularity Algorithm You can be Proud of

Many web sites allow users to casts vote on items. These visitors' votes are then often used to detect the items' "popularity" and hence rank the rated items accordingly. And when "rank" comes into play things gets tricky...

Online communities, etc.

Anyway, I'm bored on a long bus drive and there's no real moral to the story here, just writing. I will be tuning out of the social networking sites because at the end of the day it's now doing more harm than good in the bigger picture and the experiment seems to have yielded a result. Idiots rule.

Really Simple Rails Log Rotatation

I always used logrotate Linux tool to setup log rotation for my Rails apps which has worked fine although it required finding some external config file and understanding its config options and syntax. [Great tip for development/test environments. Might not be a good idea in production?]

Instapaper bookmarklet, modified to close the current tab

I modified the bookmarklet slightly so that the tab closes immediately, without disturbing the pop-up. This way, saving something for later is one simple action, instead of two.

DeliciousSafari

Use and create Delicious bookmarks from the Safari web browser.

So, about this Shopify Platform

The Shopify platform allows any programmer to create applications that integrate natively with the administration interface or storefront. These applications can be written in any language and communicate with Shopify using our handcrafted REST API. We even provide some amazing rails generators to get started quickly.

Introducing Trample: A Better Load Simulator

Most load sim tools make requests to a static list of urls. They spawn n threads and make requests to the urls on the list in succession, in each thread. Unfortunately, though, if your applicaition makes use of any kind of caching (including your database's internal caching facilities), this kind of load simulation is unrealistic.

TOSBack | The Terms-Of-Service Tracker

TOSBack keeps an eye on 44 website policies. Every time one of them changes, you'll see an update here.

Twitter Blog: Not Playing Ball

We do recognize an opportunity to improve Twitter user experience and clear up confusion beyond simply removing impersonation accounts once alerted. We'll be experimenting with a beta preview of what we're calling Verified Accounts this summer.

cdto

Fast mini application that opens a Terminal.app window cd'd to the front most finder window. This app is designed (including it's icon) to placed in the finder window's toolbar.

Trevor's GitHub Links

quirkey's sammy

Sammy is a tiny javascript framework built on top of jQuery inspired by Ruby's Sinatra.

kabuki's heresy

Heresy is a schema free wrapper around your database, heavily inspired by both CouchDB and FriendFeed.

paulmars's seven_minute_abs

ab testing for rails

binarylogic's searchlogic at v2

Searchlogic has been completely rewritten for v2. It is much simpler and has taken an entirely new approach. To give you an idea, v1 had ~2300 lines of code, v2 has ~350 lines of code.

semanticart's is_paranoid

ActiveRecord 2.3 compatible gem "allowing you to hide and restore records without actually deleting them." Yes, like acts_as_paranoid, only implemented differently...

brynary's webrat

Webrat - Ruby Acceptance Testing for Web applications.

mbleigh's twitter-auth

Standard authentication stack for Rails using Twitter to log in.

courtenay's splam

Simple, pluggable, easily customizable score-based spam filter plugin for Ruby-based applications.

jeremy's ruby-prof

a fast code profiler for Ruby

nakajima's roleful

Generic roles for you and your objects.

37signals's wysihat

A WYSIWYG JavaScript framework

binarylogic's authlogic

A clean, simple, and unobtrusive ruby authentication solution.

joshuaclayton's blueprint-css

A CSS framework that aims to cut down on your CSS development time.

stephencelis's dots

Free progress dots for your scripts. Test::Unit-style.

wycats's merb-extlib

Ruby core extensions library extracted from Merb core.

jodosha's plugin_migrations

Rake tasks for running plugin migrations.

tcocca's acts_as_follower

A Plugin to add "Follow" functionality for models

mojodna's active_queue

A toolkit for queueing tasks and creating worker processes

Trevor's Links

Stowe Boyd launches Microsyntax.org

Stowe Boyd launched Microsyntax.org... a number of ideas for making posts on Twitter contain more information than what is superficially presented, and this new effort should create a space in which ideas, research, proposals and experiments can be made and discussed.

Amazon Payments Account Management

Amazon Simple Pay Subscriptions enables you to charge your customers on a recurring basis using a single authorization from the customer. It is for those who offer digital content subscriptions, collect membership dues on a periodic basis, or provide premium services on their website.

7 Great Reasons Not To Take VC Money

Raising venture capital for early stage start-ups seems to be the prevailing path for most entrepreneurs; however, most would-be founders should reconsider.

The importance of stupidity in scientific research

The crucial lesson was that the scope of things I didn't know wasn't merely vast; it was, for all practical purposes, infinite. That realization, instead of being discouraging, was liberating. If our ignorance is infinite, the only possible course of action is to muddle through as best we can.

When to use self in Rails models

When I started with Rails, half the words in my models were self. This wasn’t necessary. Now, when I edit code by other people, I find myself constantly deleting “self” from their code.

The random person test

Why not try to write code that future programmers will thank me for because it was so clear and obvious? Programmer skill should be measured not only in the complexity of the problems that they can solve, but in the clarity of their solutions.

Patience and hard work

There is a gaping chasm between a web app sitting on a server somewhere, and the ingredients of a business. Establishing a brand, getting the right kind of people to listen, and growing your own customer-base doesn’t happen as a by product of really sweet Javascript effects.

Google Wave: What Might Email Look Like If It Were Invented Today

Google wants other providers to adopt Wave - the protocol allows federation between independent Wave clouds. The team hopes that Wave will become as ubiquitous and interoperable as email and instant messaging, not just a Google product.

Ask HN: I'm Tired of Hacking. What Do I Do? Please Advise.

I just can't do it anymore. I hate sitting on my ass all day writing some code. My neck has been hurting for two years for spending so many hours in front of the computer. I kind of have been hating my career for a couple of years now and I have no clue about what I should do.

MacRuby, changing the Ruby ecosystem

MacRuby is an Apple-sponsored, open source, full Ruby implementation on top of Objective-C runtime. In other words, whatever code runs on Ruby 1.9, should/will run on MacRuby. Yes, you read correctly, MacRuby can/will be able to run all your Ruby code.

Mac-friendly Autotest

ZenTest’s autotest is great, but it has one drawback: In order to detect whether you have modified a file, it relies on filesystem polling. In other words it constantly traverses the filesystem and thus causes a lot of CPU and harddrive load.

Include vs Extend in Ruby

Now that we know the difference between an instance method and a class method, let’s cover the difference between include and extend in regards to modules. Include is for adding methods to an instance of a class and extend is for adding class methods. Let’s take a look at a small example.

Class and Instance Methods in Ruby

Class methods can only be called on classes and instance methods can only be called on an instance of a class. It’s simple when you understand it, but I remember being confused when I was learning Ruby. Hope this helps. If I was unclear or incorrect at any point above, let me know. [Nice, easy to follow overview.]

djng—a Django powered microframework

djng is my experiment to see what Django would like without settings.py and with a whole lot more turtles. It’s Yet Another Python Microframework.

Django tip: Caching and two-phased template rendering

We've launched user accounts at EveryBlock and we faced the interesting problem of needing to cache entire pages except for "You're logged in as [username]" bit top page. The solution ended up using is two-phased template rendering.

Assembling Pages Last: Edge Caching, ESI and Rails

[Good overview of ESI pros/cons.]

The open, social web

If I told you that the iPhone was the best example of the success of standards and open source, you’d probably laugh at me, but check it out...

Timothy's Links

Server Monitoring with Cacti + ServerStats | HostingFu

This is kind of cool: if you've got a computer somewhere on your local network and you want the laity to have access to rough stats, all you've got to do is fire this package up, tweak xinetd a little bit, and voila--your boss can look over your shoulder from the comforts of his own office.

Slicehost for Android // Slicehost - VPS Hosting

Trevor pointed me in the direction of this one. It's a neat little app--very minimalist and very Linux-y--that lets you check on your bandwidth, slice stats (e.g. mem/proc/distro name and version) and gives you the option to do a remote /sbin/poweroff or an /sbin/shutdown -h now. Very neat.

Research: Password 'secret question' woefully insecure

Let's get a movement going here: if enough Internet types spread the word that no one in their right mind or who possesses any kind of meaningful credential endorses "secret questions" and that, in fact, the research shows that they make accounts _less_ secure, maybe we can kick up enough dust to get rid of them.

Three Letters

This take on the classic joke has a sysadmin slant; guaranteed to be appreciated by everyone from Exchange rebooters in silk cravats to consolemen who live on the metal.

Here's the situation: you're the admin of a Windows domain where the Domain Controller is a Linux box serving Samba. Your problem, other than the fact that you're surrounded by Windows users, is that you've got a user who's password you don't know and, for whatever reason, you need to log onto your Windows domain as that user: a simple RUNAS won't cut it this time.

Normally, you'd just nuke his password, change it to "password" (or whatever), log on as him, do your dirty, sinful business, log off, expire his password and then send him an email telling him that his password has been changed to "password" and that he'll be prompted to change it at his next log on.

But what if that wasn't an option? What if you needed to log on to your domain as that user and it was important that he be none the wiser?

Grab the Hashes

First, use your favorite smbldap-type tool to get the current password info on the user you're fixin' to use:

frances:~# smbldap-usershow toconnell
dn: uid=toconnell,ou=Users,dc=domain,dc=com
objectClass: top,person,organizationalPerson,inetOrgPerson,posixAccount,shadowAccount,sambaSamAccount
cn: toconnell
sn: toconnell
givenName: toconnell
uid: toconnell
uidNumber: 1007
[...]
sambaPwdCanChange: 1202398556
sambaPwdMustChange: 9223372036854775807
sambaLMPassword: BE41CD009FF0812C718CCFD7D98A52AA
sambaNTPassword: 9454453CBC8A48DEF442F6B0A10B3EAA
sambaPwdLastSet: 1202398556
userPassword: {SSHA}baSDvXS6C6DSBNkJGyEYplprZ3wslAa/

Copy everything that's bolded and stick it somewhere safe. That dn information is going to be necessary later on, as it contains the ldap tags that you'll need to specify the record you want to modify; those hashes at the bottom are the user's original passwords and, when you want to cover your tracks later on, you'll need that info.

Now that you've got those hashes, you're free to nuke the user's password (again, using your favorite smbldap-type-tool or however else you like to reset passwords), log in as him, do whatever you have to do, and then log out:

frances:~# smbldap-passwd toconnell
Changing UNIX and samba passwords for toconnell
New password:
Retype new password:

Once you're out, you're going to want to set his password back to what it once was. This is where ldapmodify comes into play.

Kerberos

Before you can do that, however, you'll need to get a kerberos ticket. This is because you'll need to be kerberos-authenticated to make your ldap modifications stick. So, first things first, get yourself an admin kerberos ticket:

frances:~# kinit toconnell/admin
Password for toconnell/admin@DOMAIN.COM:
frances:~# 

ldapmodify

A quick glance at the man page for ldapmodify shows that the most convenient way to make changes to an ldap entry is to use the -f flag and an input file. The example in the man page for how to construct the input file is this:

 dn: cn=Modify Me,dc=example,dc=com
           changetype: modify
           replace: mail
           mail: modme@example.com
           -
           add: title
           title: Grand Pooba

So, using the data we got above, we're going to make a similar file containing the original hashes from our target user in order to change his password back to what it used to be:

dn: uid=toconnell,ou=Users,dc=domain,dc=com
changetype: modify
replace: sambaLMPassword
sambaLMPassword: BE41CD009FF0812C718CCFD7D98A52AA
-
replace: sambaNTPassword
sambaNTPassword: 9454453CBC8A48DEF442F6B0A10B3EAA
-
replace: userPassword
userPassword: {SSHA}abSDvXS6C6DSBNkJGyEYplprZ3wslAa/

Remember to include those "-" characters and to give them their own line: if you fail to do that, you'll get mystery errors about unknown types, etc.

Once you've got your file, fire off your changes like this:

ldapmodify -f /path/to/file

And that's all you've got to do. When the original user attempts to log in with his old password, everything will look perfectly normal to him: you never saw his password in plaintext and, as far as he's concerned, none of this ever happened.

Interview with Ian Hickson, editor of the HTML 5 specification

You’ve heard it’s coming in 2012. Or maybe 2022. It’s certainly not ready yet, but some parts are already in browsers now so for the standards-savvy developers, the future is worth investigating today. Ian “Hixie” Hickson, editor of the HTML 5 specification, hopes that the spec will go to Last Call Working Draft in October this year.

The Mega RailsConf 2009 Round Up

A week ago, RailsConf 2009 kicked off in Las Vegas. As usual, it didn't fall short on drama, interesting sessions, and inspiration for the 1000+ attendees. This post is an after-event summary and long-term source of links to the best RailsConf 2009 related content found so far.

Nuts & Bolts: Campfire loves Erlang

Erlang definitely isn’t a replacement for Rails, but it is a fantastic addition to our collective toolbox for problems that Rails wasn’t designed to address. It’s always easier to work with the grain than against it, and adding more tools makes that more likely.

Tango Icon Theme Guidelines

The Tango icon theme's goal is to make applications not seem alien on any desktop. A user running a multiplatform application should not have the impression that the look is unpolished and inconsistent with what he or she is used to. While this isn't about merging styles of all desktop systems, we do aim to not be drastically different on each platform.

RightZoom Makes the OS X Maximize Button More Like Windows

Mac OS X only: System utility RightZoom runs in the background and modifies the OS X maximize behavior to fill the whole screen—perfect for readers that recently made the switch to Mac.

Railscasts - Factories not Fixtures

Fixtures are external dependencies which can make tests brittle and difficult to read. In this episode I show a better alternative using factories to generate the needed records. [I prefer Machinist to Factory Girl, but this is a particularly good episode all around.]

db/seeds.rb in Rails

Added db/seeds.rb as a default file for storing seed data for the database. Can be loaded with rake db:seed (or created alongside the db with db:setup). (This is also known as the "Stop Putting Gawd Damn Seed Data In Your Migrations" feature) [DHH]

Timothy's Links

The Security Implications Of Google Native Client

This is a really cool from Matasano about how things like ActiveX and Java work from the perspective of someone trying to execute compiled code from a remote source without giving away the whole store, security-wise. Nice pictures, very informative.

How to Add Date And Time To Your Bash History file -- Debian Admin

This is a neat one-liner for your .bashrc that just might make your .bash_history a little more searchable. Add it to your custom .bashrc lines.

Postfix main.cf analysis

Here's the setup: the one dude pastes his postconf -n and the other dude does through it, telling him what's what. Kind of a cross between a postmortem and an x-ray. Useful to test your postfix knowledge/skills.

SoS Wiki - - Split Screen Vi

If you use vi/vim and you don't do split screen, you are, in the immortal words of whatever Internet meme, doing it wrong. Study up!

Set Gmail as Default Mail Client in Ubuntu :: the How-To Geek

This is a neat little trick for writing a line or two of bash that will allow you to use gmail (via firefox) as your default email client in a gnome environment. It wouldn't take much to adapt the instructions for other desktop environments. (Props to Artie for sending this my way)

Reports: Thief holds Virginia medical data ransom

I guess, technically, that since I'm on the side of the law by virtue of my professional situation, I ought to regard this as terrifying or reprehensible or something. But you gotta admit: something about the idea of a blackhat utterly pwning someone's network to the extent of the pwnage described here is really, really exciting.

Postfix Backup MX eMail Server Anti-Spam Configuration

The English is a little messy on this one, but the conf text is right on. This is a nice little list of basic (yet above and beyond "stock") config options for reducing shenanigans and closing commonly exploited gaps.

Restore a single table from a large MySQL backup

I'm not sure that I understand the ruby syntax completely, but people are passing this link around, so this is my obligatory bump.

Since I was interested in hardening up two Debian boxes running Lenny, I started off by taking a look at the Securing Debian Manual, this very helpful page on LQ and the results of a tiger audit.

Do this to generate a tiger audit of your server:

# aptitude install tiger
tiger -E

The "-E" gets you what's called an "explanation report", which will be useful in helping you understand what can be some fairly cryptic output.

Additionally, the package version of tiger comes with some nice default settings for the main executable and for tigercron, which, as you might imagine, runs some minor scans on a pre-defined schedule.

At any rate, once I had my audit and had picked up a few bright ideas from the SDM, I made a number of changes to all of my web-facing production machines. What follows are some things that you might want to consider doing on your Debian Lenny servers:

Users and Permissions

1. Password Audit: first, I decided to get to know my user accounts a little better. This meant running john (formerly "john the ripper", a password cracker that reads hashed passwords and tries to decipher them) against my /etc/shadow to see who was using dictionary-based passwords and who was using other types of insecure passwords:

   # aptitude install john
   # john /etc/shadow 

   This took a while to run--a little over a day, but I had it niced pretty high--but of the 10 user accounts it cracked, it was good to know which ones were using hilariously insecure passwords and which ones probably weren't going to cracked by your garden variety brute force password cracker.

NB: if you run john against your /etc/shadow and realize that you've got a problem child on your hands, there's always chroot. Here is a really good how-to on chroot-jailing a user.

2. The Prunening: odds are, if you've been living on a system for more than a few months, you've accumulated some users (either from software that you've installed and then removed or by meeting user/developer needs, etc.) that aren't doing anything. One of the basic tenets of server security is having the smallest amount of users with the least amount of access to the smallest number of programs possible.

   In some environments, you've simply got to have a bunch of users in your /etc/passwd. In most situations, however, it makes good sense to just hit all the derelicts with a userdel and only having to worry about angry users not having enough access (rather than having to worry about unauthorized users having too much access).

Keeping Script Kiddies Under Control

In my (admittedly limited) experience, the most trouble you're going to run into from script kiddies are anonymous, unfocused attacks that attempt to gain access to your machine via either a.) the /tmp directory, b.) DoS-based exploints or c.) application attacks like SQL injections, XSS or directory traversal attacks.

Since guarding against application attacks is something that programmers are supposed to be handling, I decided to focus on stopping /tmp abuse and trying to stymie DoS attacks.

1. Mounting /tmp with noexec: in this age of VPSes and shared hosting, it's more often the case than not that you won't get to decide how your machine is partitioned. If, like me, you live on Slicehost and you're running Debian, your partition scheme looks like this:

   lana:/# df -h
   Filesystem            Size  Used Avail Use% Mounted on
   /dev/sda1              19G  9.0G  8.9G  51% /
   tmpfs                 256M     0  256M   0% /lib/init/rw
   udev                  256M   20K  256M   1% /dev

   What this means is that you've got your /tmp directory on your / partition. Which partition is, by necessity, allows files to be executable.

   And that, as I have learned (the hard way), is bad news. What this means is that, you've got a directory on your / partition--the partition where all your apps and data probably live--that is writable/readable by every Li, Ivan and Harry from Taipei to Yaktusk. And if one of the thousands of bots who knocks on your door every month knows how to write to /tmp and you don't catch him right away, it's pretty much game over for your TLD or your IP Address: one day, you'll wake up and find that your info is on every spam list on the Internet because your server has been under remote control via IRC for the last three weeks and now your full time job is trying to get your info off of those lists while planning a full OS re-install.

   Ideally, you would be able /tmp its own partition and mount that partition with noexec. And while it would be optimal, it sometimes isn't an option if you're a part of the VPS set.

   And if you can't control your installation or maybe you just can't take down a production server, what you can do is warn your users/developers that you're about to cause a little temporary chaos (get it? temporary chaos?), move your existing /tmp to some place else and create a small filesystem that you can mount noexec to use as /tmp. On Debian Lenny, that would look approximately like this:

   gonzo:/# mv /tmp /old_tmp
   # dd if=/dev/zero of=/.tmpfs bs=1024 count=1000000
   1000000+0 records in
   1000000+0 records out
   1024000000 bytes (1.0 GB) copied, 29.1302 s, 35.2 MB/s
   gonzo:/# mkfs.ext3 -j .tmpfs
   [...]
   gonzo:/# mount -o loop,noexec,nosuid,rw /.tmpfs /tmp/
   gonzo:/# mv /old_tmp/* /tmp/.

   Et voila! You've got a 1GB "drive" that's mounted noexec at /tmp that's ready to roll out. Any attempts to execute anything on that partition will result in a bad interpreter error. Check it:

   gonzo:/# ls -l tmp/
   total 20
   -rwxr-xr-x 1 root root    37 2009-05-15 14:54 executeMe.py
   drwx------ 2 root root 16384 2009-05-15 14:51 lost+found
   gonzo:/# test/executeMe.py
   bash: test/executeMe.py: /usr/bin/env: bad interpreter: Permission denied

   All you've got to do now is add that mount info to your fstab and you're ready to start sleeping at night again:

   /.tmpfs           /tmp            ext3    loop,nosuid,noexec,rw  0      0

   NB: don't forget that /tmp wants to have the sticky bit turned on (i.e. be chmoded to 1777). Also don't forget to make /var/tmp a symlink that points to /tmp.
   Also: props to Vincent Danen's post on /tmp at TechRepublic for the idea.

2. mod_evasive to Prevent DoS: after a recent DoS experience, I decided to install Apache mod_evasive to reduce the risk of getting flat-lined/broad-sided by DoS/DDoS attacks:

   # aptitude install libapache2-mod-evasive

   The beauty of using packaged software is that that's really all you have to do: apt will copy the files, create the symbolic links and restart apache for you. Nice.

3. sysctl real-time kernel Modifications: Additionally, you might also want to use a slightly obscure command called sysctl (which modifies kernel perameters while the kernel is running, so consider yourself warned) to take a precaution against a DoS tactic called "syn flooding":

   # sysctl -w net.ipv4.tcp_syncookies=1

   This is a sort of controversial measure--apparently it defies some RFC docs for TCP/IP--but setting tcp_syncookies to False has yet to have affected any of my computers.

   There are a number of additional security features you can activate with this command; Google it and prepared to be awed by some of the features of your OS you can control in real-time with sysctl.

For the Tin-foil Hat Crowd

What follows are non-specific countermeasures and settings that, while obscure and probably unlikely to save you from becoming an unwitting member of some Russian bot master's herd, might help you feel more secure in the knowledge that even if someone does get non-root shell access, he's probably not going to be able to do too much damage.

1. Add /usr/bin/mesg n to root's .bashrc File:
   executing mesg n on log in, prevents an admittedly rare exploit through which other users can execute arbitrary code as root by sending messages to his terminal.
2. Modify /etc/inittab to Prevent Non-root Users from Rebooting the System with ctrl+alt+del. In the stock /etc/inititab on Debian Lenny, you've got this line:

   # What to do when CTRL-ALT-DEL is pressed.
   ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now

   Which is hardly optimal: this lets pretty much anyone who figures out a way to execute programs in /etc/sbin reboot the system. I changed it to:

   ca:12345:ctrlaltdel:/bin/false

3. SMTPD Settings If you run postfix, you should probably check up on your relay settings and update your external blacklist providers if you haven't done it in a while. Your mail server is the world's first line of defense against everything from phishing/spear-phishing to headline-making super worms:

   smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
     reject_unauth_destination,
     reject_unauth_pipelining,
     reject_invalid_hostname,
     reject_rbl_client sbl-xbl.spamhaus.org,
     reject_rbl_client cbl.abuseat.org,
     reject_rbl_client bl.spamcop.net,
     reject_rbl_client zen.spamhaus.org
   smtpd_helo_required = yes
   disable_vrfy_command = yes
   
   smtpd_data_restrictions =
               reject_unauth_pipelining,
               permit
   

   That smtpd_help_required line might not seem like anything special, but I have a script that parses /var/log/mail.log output and, when you do get a spammer that responds to the helo request, a lot of times he'll come back with his actual domain.

   It's fun for research/study/personal amusement reasons, basically.

While some people might say that the above is overkill--that it's just not worth the time and effort to audit and harden at this level--but I'd say that this level of focus on security isn't so much "overkill" as it is "a pretty good start."

Because my thinking is that if you've got the root password, you're probably already the anxious type. And at the very least, being a little bit OCD about security on your all-important, mission-critical application servers might help you feel a little less anxious. Which is definitely worth the effort.

"Why Not?" replies the doc. "Who deserves one more?"

If you've got a Debian Lenny box out in the wild serving your email with postfix and you're not using spamassassin as a filter, you really ought to consider doing yourself a favor and throwing that spamassassin piece into the mix: it only takes a second, it will increase security for your users-- hardening up your network little bit--and make the world a slightly better place for everyone.

1. If you're OK with letting aptitude resolve your dependencies and manage your packages, all you need to do is install a single package:

   # aptitude install spamassassin

2. Once that's done, crack open /etc/default/spamassassin with your favorite editor and enable it to run as a daemon and update itself automatically:

   # Change to one to enable spamd
   #ENABLED=0
   ENABLED=1
   
   # Cronjob
   # Set to anything but 0 to enable the cron job to automatically update
   # spamassassin's rules on a nightly basis
   #CRON=0
   CRON=1

   (spamd is an old name for spamassassin: you'll notice a lot of the RHEL/CentOS/Fedora boxes out there running spamd.

3. Take a look at /etc/spamassassin/local.cf: there are some fun options that you can uncomment and enable in there. My personal favorite one is:

   rewrite_header Subject *****SPAM*****

   This does what it sounds like it does and rewrites the headers of suspicious emails: you can then easily configure your email client to recognize these headers and filter accordingly. Pretty sweet.

4. Start spamassassin:

   # /etc/init.d/spamassassin start

5. At this point, we're going to edit some postfix conf files, but we need to check on something first. Make sure SA is running, spawning children and listening on the right port:

   # netstat -anp |grep spam
   tcp        0      0 127.0.0.1:783           0.0.0.0:*               LISTEN      11724/spamd.pid
   unix  2      [ ACC ]     STREAM     LISTENING     9096119  1717/master         private/spamassassin
   unix  3      [ ]         STREAM     CONNECTED     9757173  30093/spamd child
   unix  3      [ ]         STREAM     CONNECTED     9757172  11724/spamd.pid  

6. Noting that SA is listening on 783, tack the following on to the bottom of your /etc/postfix/master.cf:

   spamassassin unix -     n       n       -       -       pipe
           user=nobody argv=/usr/bin/spamc -f -e
           /usr/sbin/sendmail -oi -f ${sender} ${recipient}

7. Now find the SMTP/SMTPS lines in your /etc/postfix/master.cf and add the following option:

   -o content_filter=spamassassin

   Assuming you're doing SMTP and SMTPS, you'll have something like this at the top of your /etc/postfix/master.cf:

   smtp      inet  n       -       -       -       -       smtpd     -o content_filter=spamassassin
   smtps     inet  n       -       -       -       -       smtpd     -o content_filter=spamassassin

8. Reload Postfix:

   # postfix reload

And that's it: you're done.

If you can bear in mind that no spam-detection scheme is perfect, my guess is that you'll be pleased with your decision to set up SA: some spam will make it through, of course, but most of makes it through will come a.) as plaintext with escaped characters and b.) a lengthy disclaimer and an itemized spam "score":

Spam detection software, running on the system "molly", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Having trouble viewing this email? Click here! pharmacy medicine
   cabinet FSA home medical vitamins personal care diet & fitness men's SALE
   Get 80% Discount TODAY: This email was sent to you by drugstore.com. To ensure
   delivery to your inbox (not junk folders), please add drugstore@e.drugstore.com
   to your address book. [...] 

Content analysis details:   (13.5 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.0 URIBL_BLACK            Contains an URL listed in the URIBL blacklist
                            [URIs: lewdozed.cn]
 0.5 FH_HELO_EQ_D_D_D_D     Helo is d-d-d-d

...and so on.

So go ahead: do yourself a favor.

Trevor's Links

Geocities: Lessons So Far

Geocities was once called Beverly Hills Internet. The company was founded in 1994 but it wasn’t until mid-1995 that they publically offered what people now think of as a Geocities trademark: free webpages, or “homesteads”. [An article about the Archive Team trying to save Geocities content before Yahoo takes it down.]

How the OAuth Security Battle Was Won, Open Web Style - ReadWriteWeb

At some point in conversation Hammer-Lahav realized that the problem went far beyond the Twitter implementation. The OAuth protocol had an inherent vulnerability; big companies like Google, Netflix and Yahoo had implemented OAuth and scores of tiny startups had too... OAuth has support, but it doesn't have a centralized authority ready to deal with problems like this. Over the next week a story unfolded as the community moved to deal with the security issue. It's a dramatic story.

Tell me your best worst joke, Reddit.

[Includes such classics as: What's brown and sticky? A stick. --- Why does Snoop carry around an umbrella? Fo Drizzle. --- and, my personal favorite: Two snares and a cymbal fall off a cliff.]

Welcome to the Anti-Pitch

We're sick and tired of hack developers ripping off naive clients. And while I'm completely disgusted by some of the horror-stories I've heard lately, clients keep asking the wrong questions. As real developers, it's our responsibility to make the tough decision to speak the truth. This is an example of what we call the anti-pitch. [Excellent. I'm using this technique next time I'm dealing with potential clients.]

What Twitter Looks Like For Twitter Employees

...hackers sent them screenshots from the site Twitter employees use to manage the microblogging service, admin.twitter.com... [It's amazing to see all of the back-end stuff necessary to run something so "simple" as Twitter.]

Honeypot filter as a Rack middleware

Our site’s suggestion box got hammered by a spambot recently, so I created this simple Rack middleware to protect our app from any requests that include a honeypot field.

Rails Edge: Implement FooController.action(:name)

Rails actions are now Rack endpoints, and can be retrieved via FooController.action(name) and called with an env.

Make your site faster and cheaper to operate in one easy step

Is your web server using using gzip encoding? Surprisingly, many are not. I just wrote a little script to fetch the 30 external links off news.yc and check if they are using gzip encoding. Only 18 were, which means that the other 12 sites are needlessly slow, and also wasting money on bandwidth.

Passenger: Command line done right

What’s really great about Passenger is that the attention to detail doesn’t end at the installer. The Linux process list is a list of programs that are currently running. Usually, programs are shown in this list by their command line name, often an indecipherable mix of letters and numbers. Passenger processes are easy to spot and easy to understand. Human readable names in a machine-centred interface.

Muxtape Pushes Play Again

Muxtape’s stock parts are highly regimented, allowing bands to express themselves with freedom, though not completely freely. Every component is 300 pixels square, and there is virtually zero layout flexibility; you can have whatever arrangement you like, so long as it comes in rows of three. What’s more, for now there are no ‘social’ components to draw upon; no commenting, no friending, no favoriting, etc. The new Muxtape platform is nothing if not regimented.

An Aspirational Twitter

Tweetie is a desktop version of an application of the same name for the iPhone which, in my limited experience, is the first time an application has migrated from the phone to the desktop. As a friend mentioned, “Platform merge in progress!” and he’s right... When I use Tweetie, I’m reminded that a maniacal attention to detail not only makes you want to reach out and touch the digitally untouchable, it describes the familiar as the new, and, most importantly, it speaks of an aspirational future.

adamsanderson's open_gem

Gem Command to easily open a ruby gem with the editor of your choice. [Awesome. See the Issues tab for detail, but you need to set GEM_OPEN_EDITOR to 'mate' in your bash profile despite what the instructions might say.]

Tweetie for Mac

You can download the free version, which is ad-supported, and try it out for as long as you want. [The only Twitter client I've been able to use, aside from Tweetie on the iPhone.]

Benchmarking your Rails tests

The first step to faster tests is knowing what is slow. Fortunately, this is dead simple with the test_benchmark plugin by Tim Connor, and originally built by Geoffrey Groschenbach. Install the plugin, and when you run your tests via Rake, you’ll see handy output showing you the slowest tests, and the slowest test classes.

Twitter Clients Are a UI Design Playground

But perhaps the most important factor that has made Twitter such a rich category for client software is that there is so little friction to switch between apps. There’s nothing to import or export, and zero commitment.

Venture Capital Down 50%. It’s Not Just the Recession, Folks.

There’s a huge difference between what venture capitalists say and what they do. [VC] fell off a cliff in 2001 and 2002 and it’s falling off a cliff now.

A Painful Decision

I can’t reveal details without breaking confidences, but suffice it to say that a significant number of Rails core contributors - with leadership (if that’s the right word) from DHH - apparently feel that being unwelcoming and “edgy” is not just acceptable, but laudable. The difference between their opinions and mine is so severe that I cannot in good conscience remain a public spokesman for Rails. So, effective immediately, I’m resigning my position with the Rails Activists. [I haven't gotten up to speed with the controversy around this issue, but I can say for certain that Mike Gunderloy stepping back from his participation in the Rails community is a real serious bummer.]

Heroku - Commercial Launch

We have over 25,000 apps running on the platform today, and many of our users have been asking for pricing and paid services for some time now. So today we’re pleased to announce that we are officially out of beta and available for commercial use.

ShakeItPhoto Launches

It’s been 3 months in the making and 3 months of waiting for Apple approval, but wait no more… ShakeItPhoto is ready for download at the iTunes App store for the low price of 99 cents. Take a photo and shake it like a polaroid to make it develop!

GitHub Issue Tracker

It gives us great pleasure to announce our integrated issue tracking system! On repository pages you’ll now see an “Issues” tab in the top menu.

Phusion Passenger 2.2.0 w/ Nginx support

After spending weeks on further development and intensive testing, we’ve now come to the point wherein we have the distinct honor to announce Phusion Passenger for Nginx as an addition to the Phusion Passenger server line-up.. Our thanks goes out to Engine Yard for financially sponsoring this first release of Phusion Passenger for Nginx, as well as all the people who have in some way donated in the past for making this release possible in the first place.

Is Open Source Experience Overrated?

Just as commercial software can't possibly exist without customers, perhaps open source experience is only valid if you work on a project that attains some moderate level of critical mass and user base. Remember, shipping isn't enough. Open source or not, if you aren't building software that someone finds useful, if you aren't convincing at least a small audience of programmers that your project is worthwhile enough to join... then what are you really doing?

Rails 2.3.2 upgrade gotchas

With the latest stable release of rails out the door for about a month, we’ve had a chance to upgrade the bulk of the applications we maintain to 2.3.2.1. Here are some “gotchas”, aka issues, aka roadblocks to Strategic Enterprise Adoption that we discovered while upgrading some of them.

Draft: The problem with Project Management tools

While I agree that it’s important to release code, I think pivotal and other similar tools lead to a mindset where releasing code is in itself the unit progress. But, as any successful team will tell you, completed tickets and releases released are horrible units of progress, since unless your customers love every single thing you do (they don’t), your unit of measurement becomes the amount of features and changes deployed.

Clone TinyURL in 40 lines of Ruby code

I wrote Snip with Sinatra then deployed it up to Heroku so this is also a good excuse also to describe Heroku, a truly amazing service for the Ruby programming community. The total number of lines in Snip is actually 43, in a single file named snip.rb. including the view template and layout. [It's amazing what you can accomplish with Sinatra and Heroku.]

ruby gc tuning

In my experience, a typical production Rails app on Ruby 1.8 can recover 20% to 40% of user CPU by applying Stefan Kaes's Railsbench GC patch to the Ruby binary, and using the following environment variables...

Customer driven iteration vs Whiteboard driven iteration

Customer driven iteration takes customer validation rather than released features as its core unit of progress. It assumes that you have not accomplished anything and therefore cannot feel good until your metrics tell you that your market will use and pay for your stuff.

Can the Statusphere Save Journalism?

...the discussion shifted to deep conversation about the future of journalism in the era of socialized media with one simple question, “are newspapers worth saving?” Walt thought for no more than two seconds and assertively replied, “It’s the wrong question to ask. The real question we should ask is if whether or not we can save good journalism.”

Are Blogs Losing Their Authority To The Statusphere?

Attention is engaged at the point of introduction, and for many of us, we’re presented with worthwhile content outside of our RSS readers or favorite bookmarks. Relevant and noteworthy updates are now curated by our peers and trusted or respected contacts in disparate communities that change based on our daily click paths... Retweets (RT) and favorites in Twitter, Likes and comments in FriendFeed and Facebook, posting shortened links that connect friends and followers back to the source post, have changed our behavior and empowered our role in defining the evolution of the connectivity and dissemination of information.

jamis's safe_mass_assignment

ActiveRecord plugin for allowing (careful) mass assignment of protected attributes, separate from values provided via users of your application.

Timothy's Links

Sébastien Wains » Howto : setting up dns2tcp

For the "I can't browse from work" crowd or the "stuck behind the Great Firewall of China" set, there are any number of high-visibility, high-availability solutions: tor, your buddy's apache proxy, etc. For those who want to try an obscurity/security/proxy solution that's a little closer to the metal, there's dns2tcp via ssh which, predictably, sends your encrypted traffic from your computer out of your network as a dns request and returns it the same way: you're secure going out and you're not sending up big, "hey everybody: look at my port 80 requests!" red flags to the secret police or the sysadmin or whomever. Cool stuff.

Securing a Web server

This is a pretty good read: it's got a little too much depth to be considered a crash course, but it's too abstract to be a tutorial or how-to. A nice, mid-level view of best security practices.

Twitter + Stimulus = Conservative Stupidity

Normally I wouldn't bookmark DailyKos--that would be kind of like bookmarking HuffPo or Reddit--but this is a neat little article about social engineering / industrial espionage that involves exploiting confirmation bias among partisans. Short read. Good read.

Lifehacker - Should Comic Sans Be "Banned"? - Fonts

This made me laugh out loud. It may make you laugh out loud as well.

Convert files and data online

Supposedly this is the best online format converter. Handy in a pinch (or if you're tired of your CLI converters screwing the pooch on higher ascii and spitting out comic book character swears in place of kanji).

Testing mail servers with swaks

At first glance, this looks like a "for Dummies" tutorial for a piece of software that is, essentially, "telnet for Dummes". But swak lets you do something that you can't (easily) do with plain, old-fashioned telnet. You can, for instance, set a timeout time, specify authentication types, etc. with a commandline flag or two. Handy if you're troubleshooting that new mail server install or doing some eyeball/ball park benchmarking.

Introduction to Quality Assurance and Metrics

If you're looking for a no-bullshit crash course in QA/QC that has decent depth, look no further.

Fujitsu Develops High-Speed Image-Capture Technology for Palm Vein Biometric Authentication : Akihabara News .com

Palm vein biometric authentication? Seriously? I mean, I guess super-futuristic biometric auth devices that scan _inside_ the body for unique identifiers are kind of cool in an aesthetic sense, but they're certainly not very cool from a security sense: I thought we had agreed as a global society that physical objects, no matter how apparently unique they are, are unsuitable for secure auth because they are, at the end of the day, still just objects. And all objects can be replicated.

Skimmers: Reader Finds Card Skimmer On Bank ATM

First reaction: "wow that's totally awesome--I can't believe someone came up with this." Two seconds later's reaction: "wow, my opinion of the human race just got ratcheted down a peg or two: I can't believe it took us this long to invent the ATM card data skimmer."

The peasant mentality lives on in America

You know, three weeks ago, I had no idea who Matt Taibbi was. Then, courtesy of reddit, I got put on to his write-up of the Meltdown and I've been hooked. This guy hits hard, doesn't pull punches and walks the stylistic tightrope between the unnaturally polite tenor of expose journalism and the warbling catachresis of incendiary blogging.

What happens if I don't pay my taxes?

This is a good article because a.) it's timely and b.) is written from a hacker perspective/mentality. It starts with the question, "what is the nature of the system?" and then wonders about different methods of potentially short-circuiting it or circumventing aspects of it. Kind of makes taxes fun. Almost.

What to do when the root partition is full?

This is a good list of comments to scroll through as it discusses Linux mounting tricks, how to use LVM and, basically, lists reasons why not to panic. And, I don' t know about you, but the fewer reasons I have to panic, the better.

Thanko's Latest 4GB Necktie Camera

Yeah, it's basically just a flat camera and a necktie that's been cut open in the back, but the idea is still totally effinf awesome.

A Short Introduction To Cron Jobs

There are two reasons that introductory level, "how to" type documents for the basics of Linux administration are so ubiquitous: those reasons are that they're useful for experienced users to a.) write and b.) comment upon and they're useful for inexperienced users looking things up. This one is about cron and using crontab. And it's a great example of that.

Unfortunately, due to the constantly changing array of exploits and threats coming at your Internet-facing server from all over the world, there's no best practices manual for a security audit. This is because no one knows exactly what level of openness is appropriate/optimal on a given application server.

But you gotta start somewhere. Because if you're just blithely running an un-hardened *nix server with stock configurations for service apps like Apache and ssh, you're pretty much giving away the store.

What follows is a short how-to dealing with how to get started, security-auditing-wise. It is by no means comprehensive and is only intended to provide a "leg up" for those who feel like they ought to be auditing their servers but aren't sure where to start. I'll be using Debian systems running the current stable release (i.e. Lenny) to demonstrate the techniques, but I'll try to keep things as OS agnostic as possible: most of the packaged software I describe below can be found in your generic, mainstream fedora repo.

The methodology will be to start from the outside and work inward. I recently saw a Linux Journal article that described doing things the opposite way (or at least that's the impression with which I was left), and that doesn't make much sense to me. From where I'm standing, it seems that if you're conducting a security audit, you ought to start out by looking at your server the same way everyone else does.

Accordingly, we'll begin from the outside and from as basic a perspective as possible: scanning ports and checking for known vulnerabilities and obvious mis-configurations. Once we've got a little perspective on how our server looks to the script kiddies and botnets of the world, we'll do some web-server specific scanning to attempt to detect vulnerable plugins, apache mis-configurations and application-level security holes. After that, we'll finish by checking for rootkits and doing some internal auditing.

OpenVAS: Port Probe and All-purpose scan
The first thing to do is to scan your ports.

The odds are good that if you've got a server out there on the Internet (in the DMZ of your intranet or in a hosting company's rack, for example) that it's got a bunch of open ports. You've probably got one or two listening for HTTP requests, one or two listening for SSH requests and so on. What you probably haven't got is a good idea of how those ports look to the world.

So the first part of any security audit is the portscan. In olden times, you'd use a combination of telnet and nmap for this: nmap would handle the port scanning and tell you which ports were listening/open and then you'd use your expert knowledge of various network protocols to use a telnet-like program to check out those ports and see what sort of access and information they were offering to the world.

There are, fortunately, labor-saving apps that will do the scanning and auditing for you. A few months back, you would have been using nessus, as it was the big name in F/OSS auditing. nessus, however, has gone commercial (proprietary and closed) and a new, open project (GPL) called OpenVAS has taken its place.

For anything other than security auditing, using commercial software is probably OK. At the very least it's not always counter-productive to use non-F/OSS for non-security-related tasks. In the case of security-related apps, however, it just doesn't make any sense to take a chance on using software that isn't available for public scrutiny.

At any rate, if you're familiar with the way that nessus works, you'll be happy to know that the big ideas and the general methodology/procedure behind using OpenVAS are essentially the same. If you're unfamilar with programs like nessus and OpenVAS, here's how they work, from an administrator/auditor's perspective:

1. Set up a server
2. Use a client to tell the server to probe the target site
3. View the audit report on the client

At present, if you're using the stock stable/unstable Debian repositories, you haven't got access to the packaged version of the OpenVAS server. That being the case, we're going to go ahead and get a little bit heroic here and do this the Cowboy Way (i.e. from source).

1. Dependencies and Source Files

Make sure that you've got the following packages (some of which the openvas developers list as dependencies, some of which you'll need to compile anything from source) before proceeding:
molluska:/opt/# aptitude install libgnutls-dev libpcap-dev libgpgme11 libgpgme11-dev libglib2.0 libglib2.0-dev build-essential bison

Now that that's handled, there are four "modules" that are required to run an OpenVAS server. The openvas developers say that you've got to install the modules in the following order:

1. openvas-libraries
2. openvas-libnasl
3. openvas-server
4. openvas-plugins

So that's what wer're going to do. I like to do this sort of thing in/opt, but it really doesn't matter where this happens.

Get the files:
molluska:/opt/openvas# wget http://wald.intevation.org/frs/download.php/572/openvas-libraries-2.0.2.tar.gz
molluska:/opt/openvas# wget http://wald.intevation.org/frs/download.php/561/openvas-libnasl-2.0.1.tar.gz
molluska:/opt/openvas# wget http://wald.intevation.org/frs/download.php/562/openvas-server-2.0.1.tar.gz
molluska:/opt/openvas# wget http://wald.intevation.org/frs/download.php/576/openvas-plugins-1.0.6.tar.gz
NB: these URL's are for the version that was current when this was written--no guarantees that they'll be there two hours from now.

2. ./configure && make && make install

Now, we start the compilation process which, thanks to our having resolved the dependencies enumerated above, should go off without a hitch:
molluska:/opt/openvas# tar -zxvf openvas-libraries-2.0.2.tar.gz
[...]
molluska:/opt/openvas# cd openvas-libraries-2.0.2
molluska:/opt/openvas/openvas-libraries-2.0.2# ./configure
[...]
molluska:/opt/openvas/openvas-libraries-2.0.2# make
[...]
molluska:/opt/openvas/openvas-libraries-2.0.2# make install

Once you've successfully installed the openvas libraries, you'll be prompted to modify /etc/ld.so.conf by adding the line "/usr/local/lib" to it and running ldconfig to update your linker. Do that, and then repeat the steps described above (untar, configure, make, make install) in the other three folders to finish installing the OpenVAS modules.

3. Add a User and Generate an SSL Cert

Once you've got everything installed, you'll need to create two things: an OpenVAS user and an SSL certificate. Fortunately, both of these tasks have been nearly fully automated and all you'll have do to get the job done is execute a couple of binaries (which should be on your path, now that you've installed everything according to the above instructions) and follow some on-screen prompts:

molluska:/opt/openvas# openvas-adduser
[...]
molluska:/opt/openvas# openvas-mkcert
[...]

And that's it. Make a note of the paths that the openvas-mkcert program gives you at the end of the certificate creation (as you might need to specify them at some later time; you won't need them again to follow these instructions).

4. Fire it up

Once you've got all your modules installed, your certificate created and your user added, it's time to fire up the server/daemon. The smartest way to do this is to pseudo-daemonize it and tail its output while it loads plugins:molluska:/# nohup openvasd &
[1] 4508
molluska:/# nohup: ignoring input and appending output to `nohup.out'
molluska:/# tail -f nohup.out

Should get you something like this:tail -f nohup.out
Loading the plugins... 714 (out of 10558)

...and so on. Once the plugins are all the way loaded, fire off a quick ps to make sure that the server is running and maybe a quick netstat to make sure you know what port it's listening at, and that's it: you're done with the server side of things and ready to move on to the client and auditing part.

molluska:/opt/openvas# ps aux |grep openvas
root     26129  1.1  0.2  16296    76 ?        S    06:29   1:46 openvasd: waiting for incoming connections
molluska:/opt/openvas# netstat -anp |grep openvas
tcp        0      0 0.0.0.0:9390            0.0.0.0:*               LISTEN      26129/openvasd: wai

Installing the OpenVas client is much easier.

While there is a packaged version of the OpenVAS client app, we're going to install one from source (mostly so our version of the server matches with our version of the client; this is mostly me being OCD, however, and you can probably get away with using the packaged version). To install the client, we'll follow the same steps as above, but on a different machine:

gonzo:/opt/openvas-client# wget http://wald.intevation.org/frs/download.php/575/openvas-client-2.0.3.tar.gz
[...]
gonzo:/opt/openvas-client# tar -zxvf openvas-client-2.0.3.tar.gz
[...]
gonzo:/opt/openvas-client# cd openvas-client-2.0.3
gonzo:/opt/openvas-client/openvas-client-2.0.3# ./configure
[...]
gonzo:/opt/openvas-client/openvas-client-2.0.3# make
[...]
gonzo:/opt/openvas-client/openvas-client-2.0.3# make install

NB: you may, depending on your client system, have to resolve some GTK dependencies and other build/compiler dependencies like the ones listed above: libgtk2.0-dev should solve most of your gtk problems, if you're running Debian Lenny.

Once the GUI client is installed, start it up:

toconnell@gonzo:~$ sudo aptitude install openvas-client
[...]
toconnell@gonzo:/opt/openvas-client/openvas-client-2.0.3/bin$ ./OpenVAS-Client &

Connection Screen, OpenVAS GUI Client

Once your client is connected with your server, you're ready to fill in the blanks and start your first round of tests. This is fairly self-explanatory and, honestly, you wouldn't be reading this if you couldn't figure out simple GUI interfaces: specify your target (i.e. the server you're auditing), make sure that all the plugins are enabled and then click the life preserver to start the "Scan Assistant" and execute the scan. Follow the on-screen prompts: easy as apple pie.

The best thing to do, once your scan starts, is probably to go do something else and come back in a little bit: in my experience these scans can take anywhere from 15 to 45 minutes, depending on your server and your pipe: my server is an old Linksys NSLU2 and my pipe is a consumer-grade Speakeasy residential connection, so I'm used to waiting close to an hour for the scan to finish. Using corporate resources will result in less idle time.

OpenVAS scan results report

Once the scan is done, you're treated to a report view. This is what we've been after all long. In it, you'll see a full run-down of what ports on your server are open and what open ports are listening for what. Additionally, you'll be treated to helpful recommendations about how to close security holes. And while closing those holes is beyond the scope of this article, I will say that almost every recommendation I've gotten from an OpenVAS report has been sane, been sensible and lead to a harder server.

nikto: Web-server Specific Auditing
The second thing to do, in order to perform a robust audit of your system, is to hit it with nikto (http://www.cirt.net/nikto2).

nikto, unlike OpenVAS doesn't require a server/client hook-up: just install the client with apt and fire off some tests, writing the output from those tests to plaintext files:

molluska:/# aptitude install nikto
molluska:/# nikto -h newathens.org -p 80 -output nikto_na80 && nikto -h newathens.org -p 443 -output nikto_na443

You'll get helpful output that points you towards an obvious solution like this:

+ mod_ssl/2.2.9 appears to be outdated (current is at least 2.8.30) (may depend on server version)

And you'll also get put on notice if you've got paths/folders/files with names that automatic exploiters and scripts tend to look for:

+ OSVDB-3092: GET /login/ : This might be interesting...

...to script kiddies and Chinese botnets.

You'll also get put on notice if you've got too much of your software's installation defaults hanging out in the open:

+ OSVDB-3233: GET /icons/README : Apache default file found.

Server-side Checks

chkrootkit
There are a few utilities that allow you to perform quick server-side audits of your security situation. Some of them, like rkhunter will run daily (like logwatch or apticron) and tell you if they've identified any new chinks in your armor. The first one to install and run is chkrootkit.

molly:/# aptitude install chkrootkit
[...]
molly:/# chkrootkit

This is a great place to start your internal audit because it'll tell you if you've picked up any known bugs and whether anything weird, filesystem-wise, appears to be going on with your computer.

The best use for this app is to give you a very quick idea of what sort of shape you're in. If you've got a system littered with suspicious files, odd-looking binaries, etc., you know exactly where to start plugging holes.

rkhunter
While we're on the subject of checking for root kits, let's do rkhunter:

molly:/# aptitude install rkhunter
[...]
molly:/# rkhunter --update
molly:/# rkhunter --check

This gets you a quick check of all your important binaries (to make sure they look like they're supposed to look, i.e. that they haven't been replaced by scripted exploits or an intruder with something that opens a back door) and a quick scan for known exploits of the rootkit variety. You'll also be told whether you're running inetd/xinetd (which tends to open ports in a manner whose security can be less than "ironclad") and other fun facts about potential vulnerabilities.

The best thing to do with this report is think long and hard about what ports/resources/pathways you actually want to make available to the Internet and then start disabling services. Once you've spent some time with that, you're pretty well on your way to having an idea of exactly how hard your server is and how much work you've got to do to keep it safe.

If anyone has any ideas about other utilities or techniques for security auditing, please feel encouraged to share them in the comments.

Sure, I'll mess around on the CentOS box under my desk on the production RHEL servers at work a little bit, but Red Hat is largely terra incognita for me and Debian is where I'm comfortable doing my admin thing and managing packages. I know apt. I am comfortable with apt. And while I wouldn't describe using yum as something that makes me uncomfortable, when I do have to use it, I find myself spending more time Googling and forum-searching than I'd like.

I'm beginning to accept that this is no one's fault but my own.

And so the purpose of this article, therefore, is not a.) to point fingers, b.) to compare apt to yum or c.) to explain yum from the perspective of someone who is accustomed to doing things the Debian way. The Internet is littered with stuff like that like the intersection of Paradise and Tropicana are littered with advertisements for escorts.

In this post you'll find some novice-level trouble-shooting tips, reminders and pointers for the casual yum user that are intended to help reduce the occurrence of forehead-slaps and to decrease the amount of time spent tailing logs and Googling obscure error messages.

1. Preemptive Troubleshooting.

It's not in the documentation, but I have noticed that a lot of dependency issues and version consistency problems are resolved by tossing off the following yum command and then trying again:

 # yum clean packages

It has become my general practice to do this before I do anything else. It's a nice preemptive step.

I've noticed that it's generally not the advice of performance-minded (read: impatient) admins to do the more scorched-Earth yum clean all, as this empties caches, dbcaches (i.e. sqlite files) and can causes longer check-update times.

2. filelists.xml.gz Download Times out.

Let's say you're doing a yum update or a yum upgrade and you get some output like this:

filelists.xml.gz          100% |=========================| 1.4 MB    00:01
filelists.xml.gz          100% |=========================| 1.3 MB    01:48
http://apt.sw.be/redhat/el5/en/i386/dag/repodata/filelists.xml.gz: [Errno 4] Socket Error: timed out
Trying other mirror.

There are good odds, especially if you're using non-standard repositories, that you copied/pasted some text into your yum.conf from somewhere out there on the Internets. If you did, there are even better odds that the text you copied includes something about using GPG to authenticate the repo. If you've got lines like that, you'll need the repository's key.

Generally speaking, you can navigate to a repository's http site and find the URL for their public key. Once you've got that, all it takes to import it is one of these:

# rpm --import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt

3. Know your repositories

You can save a lot of backtracking/head-scratching time if, before searching for a package on a machine you don't visit that often, you toss off a quick yum repolist. This handy feature will spit out the names and statuses of all of the repositories in all the files in your /etc/yum.repos.d/ directory and prevent you from doing that thing where you don't realize that you've only got the default CentOS repositories enabled but can't seem to figure out why the eff your yum search for htop just turned up a big goose-egg.

4. Automatic Notifications

If, like me, you're coming at yum from a Debian perspective, one of the first things you'll do when you start administering an RPM-based system is to install the apticron-equivalent known as yum-updatesd (# yum install yum-updatesd.noarch). Something you might forget, however, is that the default behavior of yum-updatesd is to not send emails.

Don't forget to edit /etc/yum/yum-updatesd.conf such that

mit_via = dbus

looks like

mit_via = email

or you won't get those all-important package update emails.

And that's about all that's coming to mind right now.

If anyone else can think of some things that you consistently forget--and then suddenly remember, 20 minutes later--to do when you're working with yum, feel free to leave a comment.

I already know that if you want to alter the default settings for all profiles that will be created by a given Firefox installation in the future, you add the line for the preference that you want to effect those profiles to the file FIREFOX_ROOT/defaults/profile/prefs.js.

Similarly, I already also know that if you want to push a preference to all currently existing users on the machine, you add the line for that preference to FIREFOX_ROOT/deftauls/pref/firefox.js.

The caveat there, of course, is that if the user of the profile have already changed a preference in his personal prefs.js (i.e. the one in HOMEDIR/.mozilla/firefox/RANDOMALPHANUMERICS.USERNAME/prefs.js) and it conflicts with your preference in the (global) firefox.js, then you (the admin) are SOL, because the program will defer to the user's personal prefs.js file.

Which brings us to the question: is there a way (short of writing a script to parse individual user's personal prefs.js files and modify them as needed) to push a preference to all users of a given Firefox installation?

Full disclosure: I'm posing this question for two reasons. The first reason is that I'm sort of passive-aggressive with Firefox: ours is a very love-hate relationship. The second reason is that I honestly don't think that what I'm describing--i.e. adding a preference to one, "master" preferences file that effects all users of a given installation, regardless of their personal prefs.js file--can be done.

Am I missing something? Maybe even something truly forehead-slap-worthy that's at the top of all the documentation? Or is this a real limitation of the program?