Our Blog

SELinux and the need of talking about problems

By Emanuele “Lele” Calò
November 5, 2013

It’s known common sense that when there’s a problem you should talk about it

Well sometimes it seems like SELinux doesn’t agree, so that it quietly blocks your software and silently fail.

In this case the issue with SELinux is that since it’s usually a very talkative type of software (through /var/log/audit/auditd.log and sometimes /var/log/messages), the poor busy system administrator would kinda take it for granted that when there will be a problem SELinux will shout it out as usual.

Unfortunately that’s not the case if the permission/property involved has the dontaudit setting applied.

So a quick solution is to temporarily set SELinux to “permissive” so to check that it is actually causing the problem; basically if your script works after setting SELinux to permissive and stops again when resetting to enforce, then you’re on the good path to find your solution.

The next step would be to temporarily disable dontaudit settings with

semodule -DB

And then start to manually collect all the failing rules related to your problem and crafting a new custom SELinux module with these.

After finishing creating your module, follow your usual SELinux pluggable module management workflow and …

jQuery contents() method

By Steph Skardal
November 4, 2013

I had an interesting JavaScript challenge recently and came across a jQuery method that I hadn’t heard of before, so I wanted to share my experience. Given the following markup, I needed a way to hide all the text not inside span.highlighted elements:

<p>Here is some text. 
<span class="highlighted">Here is more text! </span>
Here is even more text! Here is some more un-wrapped text. 
<span class="highlighted">Here is another wrapped span.</span>
</p>

With standard CSS rules like visibility, display, and opacity, there’s not an easy way to hide only the unhighlighted text without additional HTML modifications. So, I set out to wrap the unhighlighted text in additional HTML elements dynamically, to produce the following markup from our example:

<p><span class="unhighlighted">Here is some text. </span>
<span class="highlighted">Here is more text! </span>
<span class="unhighlighted">Here is even more text! Here is some more un-wrapped text. </span>
<span class="highlighted">Here is another wrapped span.</span>
</p>

With the markup above, the …

ASTC Day 1

By Bianca Rodrigues
October 31, 2013

I recently attended ASTC—​Association of Science Technology Centers in Albuquerque, New Mexico (also known as Breaking Bad territory). I was amazed by the interactive and unique exhibits I encountered, as well as the cool museums and science centers that attended.

On Day 1 we had a full day of sessions geared towards empowering museum directors and exhibit designers to create meaningful exhibits in order to engage their visitors.

As many of you know, End Point has installed our Liquid Galaxy display platform at several museums throughout the country and world, at places like the Ann Arbor Hands-On Museum, the San Jose Tech Museum and the Smithsonian Institution. Our experience working with museums has been absolutely positive thus far, so we wanted to meet others within the industry to not only promote the Liquid Galaxy further, but also learn how to expand our offerings for our museum clients.

One of the best sessions I attended was called Gaming in Museums to Engage Audiences. Experts from the Science Museum of Minnesota, Carnegie Science Center and the American Museum of Natural History all shared how they have utilized gaming experiences to enhance the visitor experience at …

Downstream Implications of Data Page Checksums

By Josh Williams
October 30, 2013

Now that Postgres 9.3 is all the rage, page checksums are starting to see use in production. It’s not enabled by default during initdb, so you may want to double check the options used when you upgraded.

What? You have already upgraded to 9.3, right? No? Oh well, when you do get around to updating, keep an eye out for initdb’s –data-checksums option, or just -k. To give the feature a try on my development desktop, after the initdb I created a table and loaded in some text data. Small text strings are being cast from integers so we can more easily see it in the on-disk structure. You’ll see why in a moment. The table was loaded with a good amount of data, at least more than my shared_buffers setting:

postgres=# CREATE TABLE filler (txt TEXT PRIMARY KEY);
CREATE TABLE
postgres=# INSERT INTO filler SELECT generate_series::text FROM generate_series(-10000000,10000000);
INSERT 0 20000001
postgres=# \dt+
List of relations
 Schema |  Name  | Type  |  Owner   |  Size  | Description
--------+--------+-------+----------+--------+-------------
 public | filler | table | postgres | 761 MB |
(1 row)

There. Maybe a little more than I needed, but it works. My storage (on this desktop) is …

SSL Certificate SANs and Multi-level Wildcards

By Cas Rusnov
October 29, 2013

Some bits of advice for those that run their own Certificate Authorities or use self-signed certificates, related to multiple matches and wildcard domains.

In some circumstances it’s desirable to match multiple levels of wildcards in an SSL certificate. One example of this is in our Camp development system (whose domain names are in the format n.camp.foo.com, where n is a numeric identifier of the camp), where having a certificate which matches something like fr.0.camp.foo.com and also en.91.camp.foo.com would be needed.

The most obvious way to do this is to create a certificate whose commonName is ..camp.foo.com; unfortunately this is also not a working solution, as it is unsupported with current-day browsers. The alternative is to create a subjectAltName (which is an alias within the certificate for the subject of the certificate, abbreviated SAN) for each subdomain which we want to wildcard. For Camps this works well because the subdomains are in an extremely regular format so we can create a SAN for each [0..99].camp.foo.com. One caveat is that if SANs are in use they must also contain the commonName (CN) as an alternate name, since the browser will ignore the CN in that case …

Changing Postgres pg_dump warnings into errors with sed

By Greg Sabino Mullane
October 28, 2013

Turning off warnings when loading a PostgreSQL data dump can be a trickier task than it may first appear. One of the goals of a program I was working on was to automatically load the schema of a production database into a development system. The program needed to stay as quiet as possible - the users running it did not need to be distracted by annoying messages generated by Postgres as the schema was loaded.

The problem occurred when a text-based dump of the database (created via pg_dump with the –schema-only flag) was loaded into an existing database with the help of the the psql program. To load the file “test.sql” into the database wilber, one usually does:

$ psql wilber -U postgres -f test.sql

There are two general classes of “noise” that are generated by such an action. I’ll show how to make both kinds quiet.

The first problem is that psql by default is very verbose and every single command gives an echoing confirmation of what just occurred. Thus, a typical schema load outputs a lot of things like this:

$ psql wilber -U postgres -f test.sql
SET
SET
SET
SET
SET
CREATE EXTENSION
COMMENT
SET
SET
SET
CREATE TABLE
ALTER TABLE
ALTER TABLE
CREATE SEQUENCE

These types of …

Full Page Caching in Interchange 5

By Mark Johnson
October 28, 2013

I recently attended the eCommerce Innovation Conference 2013 with fellow End Pointer Richard Templet and presented on the work End Point has done to develop full-page caching in Interchange 5. The work is in final review currently for inclusion into core Interchange and should provide a roadmap for cache management in Nitesi/Interchange 6.

Parameters of a Caching Solution

In order to identify the full scope of what one means when one says an application uses caching, there are (at least) 3 aspects to define:

• Where in the application stack is the cache being applied.
• How long until the cache is expired.
• What level of user state must it support.

The issue of cache duration is not addressed here as any such formulation will be specific to business requirements and tolerance of stale data. I will state, however, that even very brief cache durations can have an enormous impact on performance, particularly for sites that have a relatively small number of resources that absorb the bulk of the traffic. Cache durations of several minutes to several hours can drop the traffic that makes it to Interchange to a small fraction of the overall requests.

Caching and the Application Stack

Let’s …

How to DRY out your Active Record queries with Squeel

By Kamil Ciemniewski
October 24, 2013

Active Record alone isn’t enough when it comes to having a data-access code-base that is DRY and clean in real world Rails applications. You need a tool like the squeel gem and some good practices in place.

Using JOIN with Active Record is cumbersome

Having JOINs in composable data-access Rails code, quickly makes the code ugly and hard to read.

Consider this snippet of code taken directly from Rails guides, that gives developer a full control over the joining part of the query:

Client.joins('LEFT OUTER JOIN addresses ON addresses.client_id = clients.id')

That’s 77 characters for something as simple as a left outer join.

Now—​when using Rails, we almost always have properly defined associations in our models, which allows us to put in code something like this:

Category.joins(:posts)

That’s much better—​there’s not much code and you immediately know what it does. It isn’t “left outer join” but is useful nevertheless. You could do more with that feature. For example you could join with multiple associations at once:

Post.joins(:category, :comments)

Also—​join with nested associations:

Post.joins(comments: :guest)

Which produces:

SELECT posts.* FROM posts
INNER JOIN …