Specify versions for your dependencies in your Gemfiles
By Kamil Ciemniewski
November 7, 2013
How often have you been too lazy to put a version spec for gems you depended on in your projects? Do you fear updating the gems your app uses in production?
Here is an elusive-obvious tip for you: Always specify version numbers for your dependencies in your app’s Gemfile.
Version specs should:
-
be strict numbers for very fragile gems like Rails
-
use the pessimistic operator for others (with ~>)
Updating apps with versionless Gemfiles is painful
Newer gem versions often break compatibility. That makes updating a disaster if you don’t have any restrictions in place for your dependencies.
We should coin a new term in the field of psychology: Update Anxiety.
That’s precisely the state the vast majority of us is in when proceeding to update dependencies in our projects.
In Rails, having a versionless Gemfile makes clean updates impossible.
Fearing the update makes your app susceptible to bugs
Newer versions of gems are there, not only for delivering new features. The history of changes between different versions mostly show changes related to bug fixes. If you see a gem which mostly delivers new features without fixing bugs—stay away from it!
If you do not update the gem set out …
ruby rails
Installing CentOS 5 on a 3 TB Drive
By Cas Rusnov
November 6, 2013
In collaboration with Spencer Christensen and Lele Calo.
The everyday problem: Set up a remotely-hosted machine with a 3 TB drive.
The bigger problem: It must be CentOS 5.
While this would be a trivial task with a newer OS, CentOS 5 only supports MBR style partitioning, which itself only supports drives less than 2 TB in size; well let us be clear, the installer and GRUB shipped with the installation disk only support MBR normally, the kernel supports the GPT format. GPT is a newer partition format that was introduced by EFI standard, which can support booting from large devices. From various documents and postings on the internet it seemed possible to still use MBR with more than 2TB, but in practice this turned out to be completely unsuccessful. So we moved on with a plan to use GPT.
Since the CentOS 5 installer cannot work with GPT partition tables, we needed to use something else to create the partitions we wanted. We did this by using a rescue CD, like SystemRescue CD from here http://www.sysresccd.org/Download.
-
Boot into the rescue CD
-
Use gdisk to first delete the old partition table to make sure you start cleanly.
- gdisk, then x (for extended commands), then z to delete. …
redhat devops
Slony Migration experience version 1.2 to version 2.2
By David Christensen
November 6, 2013
We recently had a client who upgraded from Slony 1.2 to Slony 2.2, and I want to take this opportunity to report on our experiences with the migration process.
A little background: This client has a fairly large database (300GB) replicated across 5 database nodes, with the slon daemons running on a single shared box. We wanted to upgrade to the latest Slony 2 version for stability and to resolve some known and unresolvable issues with the 1.2 branch of Slony when replication lags a specific amount.
As is usual for any large migration projects such as this, we had to deal with a set of tradeoffs:
-
Firstly, minimize any necessary downtime.
-
Secondly, allow for rollback due to any discovered issues.
-
Thirdly, ensure that we have sufficient redundancy/capacity whichever final state we were to end up in (i.e., successful migration to Slony 2 or reversion to Slony 1.2).
We of course tested the process several times in order to ensure that the processes we came up with would work and that we would be well-equipped to handle issues were they to arrive.
The upgrade from Slony 1.2 to Slony 2.2 necessarily requires that we uninstall the Slony 1.2 system and triggers from the indicated …
postgres replication
SELinux and the need of talking about problems
By Emanuele “Lele” Calò
November 5, 2013
It’s known common sense that when there’s a problem you should talk about it
Well sometimes it seems like SELinux doesn’t agree, so that it quietly blocks your software and silently fail.
In this case the issue with SELinux is that since it’s usually a very talkative type of software (through /var/log/audit/auditd.log and sometimes /var/log/messages), the poor busy system administrator would kinda take it for granted that when there will be a problem SELinux will shout it out as usual.
Unfortunately that’s not the case if the permission/property involved has the dontaudit setting applied.
So a quick solution is to temporarily set SELinux to “permissive” so to check that it is actually causing the problem; basically if your script works after setting SELinux to permissive and stops again when resetting to enforce, then you’re on the good path to find your solution.
The next step would be to temporarily disable dontaudit settings with
semodule -DBAnd then start to manually collect all the failing rules related to your problem and crafting a new custom SELinux module with these.
After finishing creating your module, follow your usual SELinux pluggable module management workflow and …
redhat selinux
jQuery contents() method
By Steph Skardal
November 4, 2013
I had an interesting JavaScript challenge recently and came across a jQuery method that I hadn’t heard of before, so I wanted to share my experience. Given the following markup, I needed a way to hide all the text not inside span.highlighted elements:
<p>Here is some text.
<span class="highlighted">Here is more text! </span>
Here is even more text! Here is some more un-wrapped text.
<span class="highlighted">Here is another wrapped span.</span>
</p>With standard CSS rules like visibility, display, and opacity, there’s not an easy way to hide only the unhighlighted text without additional HTML modifications. So, I set out to wrap the unhighlighted text in additional HTML elements dynamically, to produce the following markup from our example:
<p><span class="unhighlighted">Here is some text. </span>
<span class="highlighted">Here is more text! </span>
<span class="unhighlighted">Here is even more text! Here is some more un-wrapped text. </span>
<span class="highlighted">Here is another wrapped span.</span>
</p>With the markup above, the …
javascript jquery
ASTC Day 1
By Bianca Rodrigues
October 31, 2013
I recently attended ASTC—Association of Science Technology Centers in Albuquerque, New Mexico (also known as Breaking Bad territory). I was amazed by the interactive and unique exhibits I encountered, as well as the cool museums and science centers that attended.
On Day 1 we had a full day of sessions geared towards empowering museum directors and exhibit designers to create meaningful exhibits in order to engage their visitors.
As many of you know, End Point has installed our Liquid Galaxy display platform at several museums throughout the country and world, at places like the Ann Arbor Hands-On Museum, the San Jose Tech Museum and the Smithsonian Institution. Our experience working with museums has been absolutely positive thus far, so we wanted to meet others within the industry to not only promote the Liquid Galaxy further, but also learn how to expand our offerings for our museum clients.
One of the best sessions I attended was called Gaming in Museums to Engage Audiences. Experts from the Science Museum of Minnesota, Carnegie Science Center and the American Museum of Natural History all shared how they have utilized gaming experiences to enhance the visitor experience at …
conference visionport
Downstream Implications of Data Page Checksums
By Josh Williams
October 30, 2013
Now that Postgres 9.3 is all the rage, page checksums are starting to see use in production. It’s not enabled by default during initdb, so you may want to double check the options used when you upgraded.
What? You have already upgraded to 9.3, right? No? Oh well, when you do get around to updating, keep an eye out for initdb’s –data-checksums option, or just -k. To give the feature a try on my development desktop, after the initdb I created a table and loaded in some text data. Small text strings are being cast from integers so we can more easily see it in the on-disk structure. You’ll see why in a moment. The table was loaded with a good amount of data, at least more than my shared_buffers setting:
postgres=# CREATE TABLE filler (txt TEXT PRIMARY KEY);
CREATE TABLE
postgres=# INSERT INTO filler SELECT generate_series::text FROM generate_series(-10000000,10000000);
INSERT 0 20000001
postgres=# \dt+
List of relations
Schema | Name | Type | Owner | Size | Description
--------+--------+-------+----------+--------+-------------
public | filler | table | postgres | 761 MB |
(1 row)There. Maybe a little more than I needed, but it works. My storage (on this desktop) is …
postgres sysadmin
SSL Certificate SANs and Multi-level Wildcards
By Cas Rusnov
October 29, 2013
Some bits of advice for those that run their own Certificate Authorities or use self-signed certificates, related to multiple matches and wildcard domains.
In some circumstances it’s desirable to match multiple levels of wildcards in an SSL certificate. One example of this is in our Camp development system (whose domain names are in the format n.camp.foo.com, where n is a numeric identifier of the camp), where having a certificate which matches something like fr.0.camp.foo.com and also en.91.camp.foo.com would be needed.
The most obvious way to do this is to create a certificate whose commonName is ..camp.foo.com; unfortunately this is also not a working solution, as it is unsupported with current-day browsers. The alternative is to create a subjectAltName (which is an alias within the certificate for the subject of the certificate, abbreviated SAN) for each subdomain which we want to wildcard. For Camps this works well because the subdomains are in an extremely regular format so we can create a SAN for each [0..99].camp.foo.com. One caveat is that if SANs are in use they must also contain the commonName (CN) as an alternate name, since the browser will ignore the CN in that case …
security tls sysadmin