Our Blog

Acts As Xapian — It Just Works

By Sean Schofield
August 26, 2008

I just recently started listening to the podcast done by the guys at RailsEnvy. It’s an excellent resource for keeping up on what’s new in the Rails world and it’s how I found out about the new acts_as_xapian search plugin for Rails. The podcast mentioned this blog post which contains a very thorough rundown of all the different full-text search options currently available for rails. The timing of this article couldn’t have been better since I was in the market for a new solution.

I was approaching a deadline on a client project here at End Point and I was having lots of trouble with my existing search solution which was acts_as_ferret. Setting up ferret was relatively easy and I was very impressed with the Lucene syntax that it supported. It seemed like a perfect a solution at first but then came “the troubles.”

Ferret is extremely fragile. The slightest problem and your server will just crash. What was causing the crash? Unfortunately the server logs won’t give you much help there. You will receive some cryptic message coming from the C++ library if you’re lucky. Note that I skipped the suggested Drb server setup since this was a development box.

After a while I would notice …

Review of The Book of IMAP

By Jon Jensen
August 26, 2008

Former End Point employee Ryan Masters had his book review of the No Starch Press published over at OSNews.com. Sounds like it was a decent book!

On excellence

By Ethan Rowe
August 21, 2008

The interwebular collective cup runneth over with blog articles addressing the subject of what makes good software engineers good. It is a topic about which many opinions are expressed. What is less commonly addressed, however, is the possibility that the very qualities that make for good software engineers may also make for good technical leaders, good managers, and just good coworkers, period.

At End Point, we toss the term “ownership” around quite a lot, in a variety of contexts. When a particular task or responsibility goes from one person to another, we mention “ownership” when we need to communicate the significance and scope of the responsibility in question. The term may apply to a software engineering task, in which “owning” the problem means taking responsibility for all aspects of the engineering work, across the software stack, from prototyping to full development to deployment. It may also apply to a managerial or leadership role, for which “ownership” implies responsibility for all parties involved on a given project, task, or team, with the “soft” issues of human beings mattering at least as much—​and probably more—​as the “hard” issues of machines, software, etc. …

Subversion or CVS metadata exposure

By Jon Jensen
August 20, 2008

At the talk “Rails Security” by Jonathan Weiss at LinuxTag 2008, he mentioned (among other things) a possible security problem for sites being run out of a Subversion (or CVS or even RCS) working copy, where the metadata inside the .svn/ or CVS/ directories may be exposed to the world. This post by someone else explains it nicely.

Interchange appears not to be vulnerable to this by default as it will only serve files that end in .html, and all the .svn/ and CVS/ filenames have no suffix, or end with .svn-base, so are not served by Interchange.

But if the docroot is served from a Subversion or CVS checkout, its metadata files are likely served to the world—​relatively harmless, but can reveal internal file paths, hostnames, and OS account names.

For PHP or SSI, on the other hand, this could be a disaster, as the complete source to all files could be revealed, since the .svn-base suffix will cause Apache not to parse the code as PHP but pass through the source.

If you use Subversion, CVS, or RCS on any project, I recommend you look into how your files are being served and see if there’s anything being exposed. Checkouts from Git, Mercurial, or Bazaar are not likely to be a problem, …

Some handy cryptography/networking tools

By Jon Jensen
August 19, 2008

Here’s a list of some nifty cryptography/networking tools Kiel’s pointed out lately:

• socat — multipurpose relay; think netcat gone wild—​we used this recently to tunnel UDP DNS queries over ssh
• cryptcat — netcat with twofish encryption (the Debian package adds a man page)
• rsyncrypto — partial transfer-friendly encryption (modified CBC for smaller change windows similar to gzip; less secure than regular CBC)

And a pretty unrelated but useful Red Hat Magazine article on the new yum-security plugin.

Alaska Basin

By Jon Jensen
August 18, 2008

From Thursday to Saturday I backpacked with a friend and some of our kids into Alaska Basin (in the Tetons, in Wyoming), saw some beautiful scenery, and became reacquainted with the other kind of bugs for a while.

The lake is Sunset Lake, where we went Friday night. I frolicked in the snowmelt water and lost my new glasses in the silt, but came back the next morning and found them after wading out 20 feet or so. It was a great trip.

On “valid” Unix usernames and one’s sanity

By Jon Jensen
August 13, 2008

Today poor Kiel Christofferson ran into an agonizing bug. A few weeks ago, building a custom RPM of perl-5.10.0 (that is, the Perl distribution itself) wasn’t a problem. The unit tests passed with nary a care.

But today it no longer worked. I’ll omit details of the many false paths Kiel had to go down in trying to figure out why an obscure test in the Module::Build package was failing. Eventually I took a look and noted that he’d tried all the logical troubleshooting. Time to look at the ridiculous. What if the test was failing because the last time he built it successfully it was under the user “rpmbuild”, while he was now trying with user “rpmbuild-local”?

That was exactly the problem. Module::Build’s tilde directory (~username) parser was of the (false) opinion that usernames consist only of \w, that is, alphanumerics and underscores. The reality is that pretty much anything is valid in a username, though some characters will cause trouble in various contexts (think of / : . for example).

I explained in more detail in CPAN bug #33492 which reports someone else’s experience with the test failing when the username had a backslash in it, such as the Active Directory name …

OpenAFS Workshop 2008

By Steven Jenkins
August 13, 2008

This year’s Kerberos and OpenAFS Workshop was very exciting. It was the first I’ve attended since the workshop was large enough to be held separately from USENIX LISA, and it was encouraging to see that this year’s workshop was the largest ever, with well over 100 in attendance, and over 10 countries represented. Jeff Altman of Secure Endpoints did a great job on coordinating the workshop. Kevin Walsh and others at New Jersey Institute of Technology did a fantastic job in hosting, providing the workshop with a good venue and great service.

My summary of the workshop is “energy and enthusiasm” as several projects that have been in the development pipeline are starting to bear fruit.

On the technical side, the workshop keynote kicked off the week with a presentation from Alistair Ferguson from Morgan Stanley, where he noted that the work on demand attach file servers has reduced their server restart times from hours, down to seconds, greatly easing their administrative overhead while making AFS even more highly-available.

Of particular technical note, Jeff Altman reported that the Windows client has had lots of performance and stability changes, with major strategic changes being …