All posts by rbowen

Hungry hungry hungry

As often happens when I am upset about something, I did not actually eat anything yesterday. And, about the time when I was going to do so, the gentlemen from the Church of Jesus Christ of the Latter-Day Saints showed up, and stayed for a little more than an hour. I should probably write something about that visit, but I need to get to work. Perhaps later.

After they left, I wrote one recipe for the Apache Cookbook. One. That’s the sum of my accomplishments for this week. And so, somehow, in the next 48 hours, I need to accomplish something useful, and hopefully meet a few of the deadlines that I’m supposed to be working towards.

Meanwhile, I am very hungry, and don’t feel particularly great. I might end up having to skip this evening’s festivities, just so that I can get done a few of the things that have been left undone in the hell of this week.

Day wrapup

About 5:20, I solved the mod_perl problem, but I don’t understand why what I did solved the problem. This is almost as frustrating as having it not work in the first place, and makes me feel utterly incompetent.

The main problem here is that I’m working with a large amount of code that I did not write, do not completely understand, and lack the time to either rewrite or investigate. Much of it was written by a former minion who was one of the most talented programmers I’ve had the pleasure of working with. Which is all well and good, but when stuff breaks, I frequently run across cryptic lines of code that I don’t really understand, and certainly don’t know the reasoning behind. Like today. And, of course, he’s been gone long enough that I’m sure he no longer would know what it was there for.

Anyways, I seem to have things working now. Seems to be something that works under Perl 5.6, but not under 5.8, but I don’t know why, or if it’s a bug, or whether it should have been expected, or much of anything.

And now, it is almost 7:30, and I have not had anything to eat because I’ve been on the phone, and am rather … shall we say … irritated about something, and have been unable to think about food until this very moment.

Another week, half over before I have accomplished anything. Fortunately, I’m doing training next week, and won’t have to deal with crap like this. I hope.

mod_perl frustrations

I have spent almost the entire day thus far chasing a mod_perl problem, and I don’t appear to be any closer now than I was first thing this morning. It seems that almost nothing has worked, mod_perl-wise, since I upgraded to Perl 5.8 a week or so ago, but it had not really mattered until today, because I wasn’t working with any of that stuff. Now, today, I have to get a few trivial bugs fixed on a customer site, and I can’t get anything working on this test server. I think I might just uninstall everything and start all over from scratch. There’s only so much frustration I can take in one day.

:wq

Superbowl and geek toys

At the SuperBowl-watching-event, I took my LCD projector, which we looked up to provide a big-screen version of the action. We also got the wireless network going, and hooked up my laptop to the projector, so that we could switch back and forth between the action and the stats on the web site, or various other web sites.

I’d like to mention, for posterity, that Dexter Jackson was the first Safety to win SuperBowl MVP, and that he was chosen based in part on the overwhelming number of votes he received via the web.

On a somewhat unrelated note, I’d also like to mention that SuperBowl.com is running Apache 1.3.22 and mod_perl 1.26 on some Unix variant – possibly Linux.

And, finally (of course completely unrelated) I’d like to note that their web site was very happily able to handle 30 or 40 requests per second without any noticeable slowdown.

TRACE works as designed! Panic! Run for the hills!

WhiteHat Security, perhaps in an attempt to make themselves appear important, or, perhaps because they really thought it was true, released a security alert a few days ago. You can read it HERE (http://www.whitehatsec.com/press_releases/WH-PR-20030120.txt)

In summary, here it is.

HTTP provides a TRACE method, for debugging purposes. When you send a TRACE request, you get it back, including the message body, headers, etc.

WhiteHat’s security alert said that when you send a TRACE request, you get it back, including the message body, headers, etc.

Pretty scary, huh?

So, basically, they are saying what the rest of us have known since 1992. After all, it is in the HTTP specification, and you have read that, right?

Apparently, they think that you should not be able to get at information that you just sent to the server. It is secret or something.

And they provide a variety of scary JavaScript examples that allow you to intercept your own request, and send that request to some third-party site. Now, this is actually where they say that the vulnerability lies. They seem to think that this is the fault of the TRACE command. The fact of the matter is that the client has always had access to this data. Perhaps – just perhaps – this could be construed as a flaw in JavaScript – that you could possibly gain access to cookies, or auth information, and send it to some other site. But that is possible via other means which are not quite so tortuous.

So, folks, if you are in a panic about TRACE, you might want to read http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=104333761011676&w=2 which talks about it a little more scientifically than I have, and explains why it is a bunch of hogwash. You can feel free to disable TRACE on your Apache server if you really want to, but it won’t gain you anything other than a false sense of security.

New wine store

There’s a new wine store in Nicholasville. Frankly, it seems entirely too nice and upclass to be downtown Nicholasville. I wish them much success. I went in there yesterday, and was very very impressed, both with the store itself, as well as the staff, who are very knowledgeable. They were doing a Yalumba wine taststing (Oxford Landing, I believe it was) in honor of Australia’s Founders Day. The chard was great – fruity, bright, and easy on the oak. The Shiraz was even better, although it could stand to stay in the cellar for another year or two. Huge nose. Berries and plums and leather. Lots of tannins and earthy flavors. Yummy.

Migrating to 2.0, part two

I got done migrating to Apache 2.0 on Eris. I’m actually still running two daemons. I’m running Dav in its own process, on an alternate port. I built a very stripped-down Apache, taking out all the modules that I did not think I would need. I’ll bet I could make it even more stripped down, but it seems to be pretty good. I’m running it with Worker, and just a few threads.

The other process is bigger – ie more modules – and running SSL as well. I’m running worker on that also, and it really seems to be running faster. I suppose I could be imagining this, but it feels snappier. This could also be because I’m running mod_deflate. I was using mod_gzip before, but this cause some problems, as mentioned in an earlier note.

My other main server is still running 1.3, because I feel better with 1.3 and mod_perl. Hopefully, I can move that to 2.0 real soon now also.

Migrating to Apache 2.0

Now that I have given a “Migrating to Apache 2.0” talk a few times, I
thought it might be a good time to try it myself. Actually, my last PHP
web site went away, and I’m not using mod_perl on the server in
question, so it seemed like a reasonable thing to try. Also, after my
latest frustrations with mod_gzip, a move to mod_deflate seemed like a
good idea as well.

So, I’m moving one of my two main servers to Apache 2.0.

The hardest part of the entire process really seems to be the swap
itself, because there are so many hard-coded path-names laying around
pointing to /usr/local/apache. So I’m building Apache2 in
/usr/local/apache2, I’ll do some symlinking for a bit while I rebuild it
in /usr/local/apache, and then … well, it should just work. I think.

Linux World Expo, summary

LinuxWorld 2003

I just wanted to write a few last thoughts on my experience at Linux World, lest I leave the wrong impression – or no impression at all, which is more likely to be the case – about the conference.

I arrived Monday evening, and left Tuesday almost immediately after giving my presentation. This was not condusive to actually experiencing anything of the conference, which did not start for real until Wednesday. I tried to get out onto the show floor, so that I could at least talk to a few of the companies there, even though they were not really set up for business yet. However, the various people in charge of such things did not feel very cooperative in that regard, so I did not even get to do that.

The nice things that did happen was that I was able to talk with some folks that I only see about 2 or 3 times a year, at most. In particular, I talked with Adam Turoff about the copyright/patent stuff surrounding Calendrical Calculations. I don’t know if I’ve mentioned that here before, but I expect it will come up again.

And, as I was submitting an article to slashdot about the 2.0.44 release, Chris DiBono conducted a mini-interview so that he could write a few additional words about the topic for the article.

In all, I came away from the conference with just a few observations.

First, New York City is an awful place, and one would have to be a lunatic to live there voluntarily. It is cold, crowded, noisy, smelly, and everybody seems to be in an absolute panic of hurry. These people need to calm down, get their priorities in order, and move somewhere where people aren’t quite so reticent to look one another in the eye.

Second, I’m unclear how any conference even remotely connected to technology can not have network in the session rooms. Perhaps I’m spoiled, but I’m really coming to expect wireless networking, or, at the very least, wired networking, at conferences. IRC is an integral part of conference-going. And, no, I’m not being facetious.

Third, I know that conference budgets are really tight lately, but if I may make a comment/suggestion. The speakers are an integral part of what makes the conference happen. It is a Good Thing to encourage them (ie, pay) to stay for the whole conference, mingle with the attendees, conduct late-night BOFs, have informal “guru is in” sessions, and so on. In addition to the fact that I *hate* rushing around, it is annoying to fly in, speak, and fly out, being unable to participate in the conference, have people be able to ask follow-up questions after ruminating on the talks, or just being able to feel like more than a hired hand. I suppose I’m whining, but I tend to feel that I’m wasting my time doing these kind of gigs, where it ends up costing me a few hundred dollars in expenses, and I don’t really get anything out of it for my troubles.

mod_gzip

It appears that mod_gzip keeps work files FOREVER. Don’t say that you want to keep work files, because it will. I appear to have GIGABYTES of mod_gzip work files. And I’ve been backing them up. For months. This is an enormous pain.