nginx and lighttpd deployments growing
Apache httpd is great. But it’s good to see Netcraft report that nginx and lighttpd continue to grow in popularity as well. Having active competition in the free software web server space is really beneficial to everyone, and these very lightweight and fast servers fill an important niche for dedicated static file serving, homegrown CDNs, etc. Thanks to all the developers involved!
nginx hosting
Moose roles
Perl programmers,
Moose roles give a really nice way of maximizing code reuse within an object system, while favoring composition over inheritance. This makes for shallower inheritance trees, reduced method dispatch spaghettification, and a more comprehensible, maintainable, extensible codebase overall. Revel in the glory.
That is all.
perl
Acts As Xapian — It Just Works
I just recently started listening to the podcast done by the guys at RailsEnvy. It’s an excellent resource for keeping up on what’s new in the Rails world and it’s how I found out about the new acts_as_xapian search plugin for Rails. The podcast mentioned this blog post which contains a very thorough rundown of all the different full-text search options currently available for rails. The timing of this article couldn’t have been better since I was in the market for a new solution.
I was approaching a deadline on a client project here at End Point and I was having lots of trouble with my existing search solution which was acts_as_ferret. Setting up ferret was relatively easy and I was very impressed with the Lucene syntax that it supported. It seemed like a perfect a solution at first but then came “the troubles.”
Ferret is extremely fragile. The slightest problem and your server will just crash. What was causing the crash? Unfortunately the server logs won’t give you much help there. You will receive some cryptic message coming from the C++ library if you’re lucky. Note that I skipped the suggested Drb server setup since this was a development box.
After a while I would notice …
rails search
Review of The Book of IMAP
Former End Point employee Ryan Masters had his book review of the No Starch Press published over at OSNews.com. Sounds like it was a decent book!
books email
On excellence
The interwebular collective cup runneth over with blog articles addressing the subject of what makes good software engineers good. It is a topic about which many opinions are expressed. What is less commonly addressed, however, is the possibility that the very qualities that make for good software engineers may also make for good technical leaders, good managers, and just good coworkers, period.
At End Point, we toss the term “ownership” around quite a lot, in a variety of contexts. When a particular task or responsibility goes from one person to another, we mention “ownership” when we need to communicate the significance and scope of the responsibility in question. The term may apply to a software engineering task, in which “owning” the problem means taking responsibility for all aspects of the engineering work, across the software stack, from prototyping to full development to deployment. It may also apply to a managerial or leadership role, for which “ownership” implies responsibility for all parties involved on a given project, task, or team, with the “soft” issues of human beings mattering at least as much—and probably more—as the “hard” issues of machines, software, etc. …
culture
Subversion or CVS metadata exposure
At the talk “Rails Security” by Jonathan Weiss at LinuxTag 2008, he mentioned (among other things) a possible security problem for sites being run out of a Subversion (or CVS or even RCS) working copy, where the metadata inside the .svn/
or CVS/
directories may be exposed to the world. This post by someone else explains it nicely.
Interchange appears not to be vulnerable to this by default as it will only serve files that end in .html
, and all the .svn/
and CVS/
filenames have no suffix, or end with .svn-base
, so are not served by Interchange.
But if the docroot is served from a Subversion or CVS checkout, its metadata files are likely served to the world—relatively harmless, but can reveal internal file paths, hostnames, and OS account names.
For PHP or SSI, on the other hand, this could be a disaster, as the complete source to all files could be revealed, since the .svn-base
suffix will cause Apache not to parse the code as PHP but pass through the source.
If you use Subversion, CVS, or RCS on any project, I recommend you look into how your files are being served and see if there’s anything being exposed. Checkouts from Git, Mercurial, or Bazaar are not likely to be a problem, …
security conference
Some handy cryptography/networking tools
Here’s a list of some nifty cryptography/networking tools Kiel’s pointed out lately:
- socat — multipurpose relay; think netcat gone wild—we used this recently to tunnel UDP DNS queries over ssh
- cryptcat — netcat with twofish encryption (the Debian package adds a man page)
- rsyncrypto — partial transfer-friendly encryption (modified CBC for smaller change windows similar to gzip; less secure than regular CBC)
And a pretty unrelated but useful Red Hat Magazine article on the new yum-security plugin.
networking
Alaska Basin
From Thursday to Saturday I backpacked with a friend and some of our kids into Alaska Basin (in the Tetons, in Wyoming), saw some beautiful scenery, and became reacquainted with the other kind of bugs for a while.




The lake is Sunset Lake, where we went Friday night. I frolicked in the snowmelt water and lost my new glasses in the silt, but came back the next morning and found them after wading out 20 feet or so. It was a great trip.
travel