Thursday, December 31, 2009

Help keep the Internet free by saving MySQL (Monty Says)


A big part of the Internet is built on LAMP (Linux, Apache, MySQL and PHP/Perl/Python). Now Oracle is trying to buy Sun, which owns MySQL.
It's not in the Internet users interest that one key piece of the net would be owned by an entity that has more to gain by severely limiting and in the long run even killing it as an open source product than by keeping it alive. If Oracle were allowed to acquire MySQL, we would be looking at less competition among databases, which will mean higher license and support prices. In the end it's always the consumers and the small businesses that have to pay the bills, in this case to
Oracle.

If this is the only blog post you read in 2010, then I highly encourage you to read the entire self-interview style blog post by clicking the "via" click above. "Monty" is the guy that started MySQL over 27 years ago.

I personally believe that Oracle can have Sun by should not have MySQL. The one critical part of the LAMP stack is at risk. Without MySQL, we only have Postgres which is great but does not have the same "business" community around it yet. So I encourage you to sign the Save MySQL petition at http://www.helpmysql.org which will be forwarded to the European Commission which must approved the Oracle / Sun deal. Considering the amount of time and money spent by Oracle to get this deal approved the future of MySQL is definitely at risk. Oracle could have quickly gotten the deal done if they had divested MySQL AB immediately, but they willingly have lost an estimated $1 billion in order to get MySQL.

Even if you don't use MySQL, you'll end up giving more money to Microsoft for their DB or pay Oracle for theirs then I highly suggest you sign the petition. The future of free internet is at stake!

Wednesday, December 30, 2009

Creating a VirtualBox Virtual Machine Using CrunchBang Linux

This tutorial assumes that you already have VirtualBox installed and that you have a CrunchBang Linux ISO downloaded.  You may choose a 32-bit or 64-bit version of CrunchBang depending if your target system supports a 64-bit system.

In VirtualBox:

1. Click on "New..."

2. VM Name and OS Type
  a) Enter a name for your new virtual machine
  b) Select an operating system.  In this case, select "Linux" and for the version select "Other Linux"
  c) Click "Next"

3. Memory
  a) Choose the amount of memory. The default is 256MB of memory.  Depending on the what you are going to do with the virtual machine you may need more memory.
  b) Click "Next"

4. Virtual Hard Disk
  a) You'll need to create a new hard disk for this virtual image.  Don't worry! You're not going to delete the contents of your current hard drive but create a virtual disk for your new virtual machine to use.
  b) Click "Next" and the New Virtual Disk Wizard will appear.

4a. Virtual Hard Disk Wizard
  a) Click "Next" on the welcome screen.
  b) I prefer a "dynamically expanding storage" type of hard disk so it doesn't eat up all the allocated space right away (i.e. the size of the "virtual" hard disk grows as you put things on it in your virtual machine).
  c) Click "Next"
  d) Select a location to put the virtual hard disk file.  Yes, the virtual disk is just a file on your host hard drive. I used the default 8GB size.  You may want to make it bigger depending on what you are going to do with the virtual machine.
  e) Click "Next"

5. Summary
  a).  Now you ready to create the virtual machine so click "Finish" to continue.

6. Start your new virtual machine.

Inside the Virtual Machine:

1. Since this is the first time you're starting your new virtual machine.  You'll need to mount the CrunchBang ISO as the CD-ROM so you can install the OS in your new virtual machine.  Select the "live" option when the machine boots into the ISO start menu.

N.B.  Once VirtualBox takes focus of your keyboard and mouse inside of your virtual machine you might be wondering how you can defocus the keyboard and mouse so you can use programs in your host OS.  The default option to deactivate focus is to simply press the right CTRL key on your keyboard.  The deactivate shortcut key in noted in on the bottom right on the virtual machine window.

2. Right click on the desktop or press super+space (super key is the "Windows" key) to get the CrunchBang menu.  Select "Install CrunchBang".  Follow the options for timezone, language, etc.  You'll be prompted on the hard drive to install CrunchBang.  When you setup the administrator user name and password make note of what you selected as you'll need this information later.  Also, the default option (and only option) to install CrunchBang should be virtual drive you created.  After it has finished installing, be sure to reboot.

3. Press super+u to do a system update.  We'll want to be sure that the OS is up to date.  You'll be prompted for the administrator user password that you created when you installed CrunchBang.  Follow the prompts on the screen.

4.  At this point, you'll only have maximum screen resolutions of 800x600 in CrunchBang.  In order to increase this, we'll need to install the VirtualBox Guest Additions.  We'll need to install the GNU C Compiler first in order to accomplish this.
  a) Go to the CrunchBang menu (super+space) -> System -> Package Manager.  You'll be prompted for the password of the administration user and since this is the first time that the Package Manager has been run, it will take a few moments to build an index of packages.
  b) Type "gcc" (without the quotes) into the Quick Search box.  Find "The GNU C Compiler" in the list and click on the checkbox on that line.  Select "Mark for Installation".  Click "Apply" at the top of the Package Manager and follow the prompts to install the package.
  c) Quit the Package Manager.

5. Now, at the top of the virtual machine goto Devices -> Install Guest Additions...  Unless you've downloaded the Guest Additions ISO follow the prompts to have VirtualBox download the ISO for you.  At the end, mount that ISO to the virtual machine's CD-ROM.  VirtualBox should ask if you want to mount the ISO to the CD-ROM for you.

6. Back in CrunchBang, press super+f to bring up the file manager.  We need root privileges to install the Guest Additions so goto the Tools menu -> Open Current Folder as Root.  You'll be prompted again for the root password.  Then navigate to the CD-ROM/DVD-ROM Drive (you should see it listed on the left side.  Run the "VBoxLinuxAdditions-x86.run" package.  After it finishes compiling and installing the Guest Additions then reboot the virtual machine (super+space -> Exit - Reboot).

7.  Once you've rebooted, you'll probably have higher screen resolutions automatically.  However, if you want to change them just use GrandR or LXrandR (super+space -> System -> Display Settings) to change the screen resolution.

Congratulations! You have a new CrunchBang virtual machine!

Tuesday, December 29, 2009

Monday, December 28, 2009

EOL of MySQL Query Browser, MySQL Administrator, MySQL Migration Toolkit (MySQL Workbench Team Blog)


With the beta releases of MySQL Workbench 5.2 well under way, we recently announced the EOL (http://www.mysql.com/support/eol-notice.html) of the MySQL GUI Tools Bundle.



Wow, this is news to me and it looks like they have a DEB for Ubuntu. It's about time MySQL pays attention to Linux on their GUI tools. Maybe this will replace my the old DBDesigner tool (which was "bought" my MySQL to make room for the Workbench about 3 years ago). I'll blog when I get a chance to try out the Workbench. Hopefully I can say goodbye to the older MySQL tools soon!

Sunday, December 27, 2009

Tuesday, December 22, 2009

Capacity Building with Open Source - Is it a reality? (Open Tech Exchange Podcast)


Governments in many countries have to realize that fostering open source adoption is not just a means to an end, to increase ICT [information and communication technologies] use, but it is the conduit to allowing citizens the opportunity to 'adapt and thrive' in our digital world.

I'd add in corporations in the quote above as well. I've seen all to much the lack of understanding of "computing" in industry and the fear of open source as bad. I am not saying that proprietary software "must die" but over time open source tends to make certain software products a commodity. The interesting thing is there is no hard line in the sand where commodity starts and proprietary ends. It usually ends up as a unique blend sort of like blending coffee. Open source is a key element in helping third-world countries with computer literacy. If you can't afford the software, why bother buying the hardware? I definitely see the world changing for the better one Linux desktop at a time.

Monday, December 21, 2009

Mouse Settings ~ CrunchBang Linux Wiki




Users of CrunchBang 9.04.xx (Jaunty) can use lxinput.



  • First add the U-lite Neko PPA to your sources.list


  • Open a terminal and run this command to add the PGP key and update your sources.list file:




sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 4E7CF744 && sudo apt-get update




  • Install lxinput:






sudo apt-get install lxinput



  • Then just run lxinput and change your mouse settings.



I thought I would post this because I'll forget how to add this the next time I install CrunchBang Linux. Personally, I think CrunchBang is the most awesome distro for netbooks available so far.

Friday, December 18, 2009

URL Session Tokens Easily Compromised (12 Robots - Jason Dean Blog)


I have said on several occasions that catering to users who insist on disabling cookies is a bad idea. I have blogged a couple times on the reasons.

So why am I suddenly bringing this topic up again? Well I recently read (I cannot recall where, it was probably on the OWASP site) about a way that session tokens in URLs can be easily compromised. I am a little embarrassed that I never realized that this vulnerability existed before. It is pretty simple.




The vulnerability in this case is the web browser's behavior of sending a CGI variable called REFERER or HTTP_REFERER onto the page that the request was directed from. So if I click on a link on index.cfm that takes me to test.cfm then in the CGI scope of test.cfm will be a variable called HTTP_REFERER.




This is a great post explaining some of the mechanics of fishing and how session tokens in the URL can be very dangerous. I still don't understand the problem of cookies these days. If you use session tokens or are considering it, this excellent post by Jason Dean is worth the read.

Thursday, December 17, 2009

Complying with the GPL: How to Avoid Being Named in the Next GPL Lawsuit (OpenLogic Blogs)


Once you determine that you have GPL or LGPL code in your software, make sure you understand and follow all of the appropriate requirements.  Some of those requirements may not be readily apparent, but they can include:



  • Including source code with your product OR including an offer to get source code with your product

  • Providing the exact "corresponding source" that goes with the binaries for each product and model

  • Providing instructions on how to create binaries from the source — including scripts, information on the tools needed, and details on how to replace the standard code in your product with the modified code

  • Providing the source code in electronic AND physical media

  • Maintaining the source code for a period of time after the latest distribution of your product



Wait! Before you say GPL is restrictive (which in my opinion it's more about philosophy than restrictions), remember that *you* should know where all your third-party source code is coming from -- whether it's GPL or not. The one bullet I'd suggest adding to the list is asking the open source projects you use to keep an up-to-date list of other open source projects/code they use with their respective licenses in with their source. A lot of problems could be mitigated by coming up with an XML format that would allow the sharing of this information which could be bundled with a tool (such as an ANT task) to combine them when building sources for distribution. At Mach-II, we do keep a list of other open source projects that are bundled with the project and their licenses.

There will not be a beta for Flash Professional CS5 (Adobe Flash Platform Blog)


Disagree with this strongly. Public betas mean better quality final releases. You know that. We all know that Flash has had some quite buggy releases in the past, and that you rarely put out more than one bugfix release. Put off the profits for a few months and give your customers a chance to help you make a successful product.


I'll preface this with the fact that I'm not a Flash developer at all, but this is disturbing news to me especially since the announcement of a public beta was one of the "big" announcements at Adobe MAX 2009.  However, I totally agree with the comment that was left on the blog post.


This is saddening news for a lot of people and the blog post cites the reason as "we want to make sure that we can provide the earliest possible delivery of the final software to the large number of designers and developers." I can only fathom "earliest possible delivery" means we need sales of this product now. Adobe is a for-profit company so they do need to make sales, however the decision to not have a public beta will probably hurt the quality of the product in the long term. This is an interesting dichotomy -- Flash CS5 will have no public beta whereas Adobe ColdFusion Builder went into Beta 3 on the same day. I hope the CF team continues with their public betas which is the right step in my opinion.


Personally, I believe the sooner you can deliver alpha/beta code to customers the better the product will be. This has always proved true for Mach-II (the open source project I'm involved in). The team can shake out a lot of bugs themselves, but it's always our users that find the interesting (and sometimes frustrating) edge cases. More brains are always better than fewer.


In all reality, I hope the Flash Platform Team at Adobe does well without the beta. Only the final release will tell if people will spend big money for the product. Remember, nobody likes paying for bugs!


Wednesday, December 16, 2009

Alex Payne on Criticism, Cheerleading, and Negativity




Criticism, Cheerleading, and Negativity


There is the perception, particularly in American culture, that criticism and negativity go hand-in-hand. We understand well the idea of being in favor or something, or against something, but we don’t particularly understand how criticism fits into this dichotomy. As someone with a penchant for criticism, I’ve often found myself misjudged as “being negative” when mere complaint is furthest from my intention. I’m here to explain myself and people like me.


Criticism Is Not Negativity


The reason a person is critical of a thing is because he is passionate about that thing. In order to have a critical opinion, you have to love something enough to understand it, and then love it so much more that you want it to be better. Passion breeds critical thinking. It’s why criticism as an academic practice comes out of deep research and obsession, and why criticism as a cultural product comes from subject matter experts, often self-taught.


Negativity, in contrast, is not the product of passion. There is a certain obvious duality to loving and hating a thing, but the kind of casual negativity that people read into criticism is really a product of apathy. You can’t truly a care about a thing only to casually dismiss it with a negative remark.


“That sucks” is negativity. “That sucks, here’s why, and here’s how to fix it” is criticism, and it comes from a place of love. That’s the difference.


Nobody Wants To Cook For A Chef


Friends who are professional chefs (or even accomplished amateurs) describe a social phenomenon. When someone who is not an accomplished cook is throwing a dinner party, the chefs are only reluctantly invited. It’s assumed that a professional chef must have such high critical standards for food that they couldn’t possibly enjoy anything less than a four-star gourmet meal. In actuality, most chefs I know enjoy a simple meal just as much as flights of culinary fancy.


As my own taste in spirits and beer have matured, I’ve experienced a variation on the above. I’ll show up at a party only to have the host apologize to me for their beverage selection. Though I’ve come to be an amateur critic of good drink, this certainly doesn’t mean that I can no longer enjoy a mass-market lager or a bottom-shelf bourbon. If anything, my experience has led me to a greater appreciation of the variation between styles.


A critic can certainly reduce her criticism to “good” or “bad”, but there’s far more context and nuance at work. Someone with an informed, critical opinion is, in my experience, far less likely to be negative than someone not as informed. If anything, critical thinking adds dimension to an appreciation of the world around you.


Everyone Wants A Cheerleader


Everyone says they’re comfortable with criticism and with critics, because not being able to handle criticism is a sign of immaturity. What people really want, though, are cheerleaders. Nowhere in life is this more true than in business.


A healthy business needs passionate employees to succeed. Critics are the most passionate people you can find, but we’re conditioned to assume that critics are negative curmudgeons with nothing more than slings and arrows to contribute. So rather than seeking out critics, employers seek out cheerleaders.


Cheerleaders are, on the face of it, lovely people to have around an office. They’re just super excited to be there, even if they haven’t had the time or inclination to really think about why. They abhor any suggestion of negativity, and pave over it with empty can-dos. A cheerleader might be a good worker or he might not be. It doesn’t really matter, because the guy is just so damn nice.


This might suggest a correlation between niceness and the capacity for critical thinking. I’m not proposing that. I’ve worked with “critical” people who actually didn’t have much to contribute (that is, they were really just negative), and I’ve worked with unfailingly nice people who also are quick to chime in with well-considered suggestions and improvements.


What I am suggesting is a correlation between critical thinking and passion. There are a million variations on “you don’t really know x until you hate it”. More apt, I think, would be: “you don’t really love x until you’re critical of it”.


Cheerleaders aren’t in love with your business. They care about your business, but from an emotional distance. If you treat them wrong, they’ll disappear and find a newer, happier company to cheerlead at. Critics, conversely, won’t just weather the storm with you, they’ll show up on Monday with a plan for a better umbrella. Who do you want to work with?


Conclusion


There’s a certain irony in criticizing the nature of criticism itself, but I’ve come accept that this is how I think. Part of me wishes I was a natural cheerleader; the selective ignorance, I imagine, is bliss.


Personally, I’m inclined to get involved exclusively with things that I’m truly passionate about, and that often means levying criticism and facing the subsequent conflicts.


For all the nights of sleep I’ve lost to the critical wheels in my head turning, I wouldn’t trade them for a moment’s rest. It’s not the easiest way to approach the world, but the cycle of passion, criticism, vulnerability, conflict, and resolution is perpetually educational.





This is one of the most poignant and true blog posts I've read in 2009 because it speaks to me personally. I know there are people that I've interacted with that think I'm "negative" or being "difficult". This always sadden me because if I'm passionate about something it's a special thing -- it means I truly care about the topic or issue at hand.


Thursday, December 10, 2009

Dear Amazon MP3 - Start Offering OGG Vorbis Formats


Why are Music Downloads only available in MP3 format?

MP3 is the most widely compatible music file format and is supported by most media player applications, hand-held music devices, and some CD and DVD players. Our MP3 format also provides you with the freedom to transfer music you buy at the Amazon MP3 store to any device you'd like or copy it to a CD without restrictions of any kind.




This is an open letter to Amazon.

Please start offering music in the OGG Vorbis format. The specification is in the Public Domain and the libraries are free from licensing / patent issues. Amazon, you're ahead of everybody else by offering the Amazon Downloader for Linux. You've already cast off DRM; now have a chance to "innovate" by adding OGG to your offerings instead of just offering the license plagued MP3 format. Plus, the OGG codec out performs MP3 in quality and most recent non-iPod devices now support it such as Android, SanDisk, Samsung and iRiver (and iPod if you use Rockbox software). Make a stand and be different than Apple!

Wednesday, December 9, 2009

CentOS / Linux: Change Timezone

I'm posting this for future reference and in the hopes that it might help somebody.  This works for CentOS5 (works on 3 and 4 as well).  I assume it works on RHEL as well since CentOS is just the open source version of that.


1. Go to the time zone directory


#cd /usr/share/zoneinfo


2. Find the timezone you want (in my case I prefer to run everything in UTC)
3. Copy the timezone you want to the localtime zone for the server.  In this case, we're going to switch the server to use UTC:


#cp UTC /etc/localtime


4. Type "y" to overwrite the current timezone.
5. The imezone should be changed automatically. Check the time by running:


#date


The "#" is the character for the command line prompt. Do not type this into your terminal.

Tuesday, December 1, 2009

Getting a repeatable numerical representation of a string

I've working on some test code that would allows us to serve assets from fake asset hosts (ex. assets0.example.com) in which a virtual domain is used to point that host to a real server. This would allow us to increase the total number of requests a browser can make at a single time (most browsers are limited to 2 HTTP requests per host - a subdomain is considered a single host).  However, the problem is that we do not want to randomly change the assets host in which a file served from one request to the next.  For example, serving "/img/peter1.jpg" from asset0.example.com and then asset3.example.com the next time as this would cause the browser to re-download the image again just because the host changed.  This would be pointless and actually be more harmful to us in the end probably.

The question is how to compute which asset host to serve the file from without having to provide a whole ton of configuration.  The simple question is to convert the each character in the path to the desired asset to an ASCII numerical representation, add each character to a total number and then perform a modulus on the result.  Here is some example code (in this example we are assuming that there will be 4 assets hosts from asset0.example.com to asset3.example.com):


<cfset test = ArrayNew(1) />
<cfset test[1] = "/img/peter1.jpg" />
<cfset test[2] = "/img/peter2.jpg" />
<cfset test[3] = "/img/peter3.jpg" />
<cfset test[4] = "/img/peter4.jpg" />
<cfset test[5] = "/img/peter5.jpg" />
<cfset test[6] = "/img/matt1.jpg" />
<cfset test[7] = "/img/matt2.jpg" />
<cfset test[8] = "/img/matt3.jpg" />
<cfset test[9] = "/img/matt4.jpg" />
<cfset test[10] = "/img/matt5.jpg" />

<cffunction name="totalAsc" access="public" returntype="numeric" output="false">
<cfargument name="str" type="string" required="true">

<cfset var result = 0 />
<cfset var arr = arguments.str.toCharArray() />

<cfloop from="1" to="#ArrayLen(arr)#" index="i">
<cfset result = result + Asc(arr[i]) />
</cfloop>

<cfreturn result />
</cffunction>

<cfoutput>

<cfloop from="1" to="#arraylen(test)#" index="i">
<cfset value = test[i] />
<p>FILENAME: #test[i]# = TOTAL ASC VALUE: #totalAsc(value)# | MOD: #totalAsc(value) MOD 4#</p>
</cfloop>

</cfoutput>

Running this code results in this output:





FILENAME: /img/peter1.jpg = TOTAL ASC VALUE: 1371 | MOD: 3

FILENAME: /img/peter2.jpg = TOTAL ASC VALUE: 1372 | MOD: 0

FILENAME: /img/peter3.jpg = TOTAL ASC VALUE: 1373 | MOD: 1

FILENAME: /img/peter4.jpg = TOTAL ASC VALUE: 1374 | MOD: 2

FILENAME: /img/peter5.jpg = TOTAL ASC VALUE: 1375 | MOD: 3

FILENAME: /img/matt1.jpg = TOTAL ASC VALUE: 1265 | MOD: 1

FILENAME: /img/matt2.jpg = TOTAL ASC VALUE: 1266 | MOD: 2

FILENAME: /img/matt3.jpg = TOTAL ASC VALUE: 1267 | MOD: 3

FILENAME: /img/matt4.jpg = TOTAL ASC VALUE: 1268 | MOD: 0

FILENAME: /img/matt5.jpg = TOTAL ASC VALUE: 1269 | MOD: 1




As you can see, the modulus will always be the same for each asset path (unless the case of the asset path differs) and we can use the result of the modulus to always serve "/img/peter1.jpg" from asset3.example.com. No more randomness!  Pretty cool math trick, huh?