Great story in photos of a soldier from high school, through deployment, to coming home and getting married. via Kottke

Decent howto on doing stuff with a netapp machine. Saved my ass today in a complicated VMware / Tivoli / Multi- network thing. Thanks to buzzco for that.

marco:

World of Goo’s pay-what-you-want report has some great statistics about the average prices people paid. This one was surprising: I expected Windows users to be the cheapest, but I didn’t expect Linux users to be the most generous.

Anyway, if you haven’t played this ridiculously good game yet, go download the demo. If you like it, buy the full version ($20, direct download, DRM-free).

World of Goo is one of the best new games I’ve played this decade. Really. It’s that good.

Are you an aspiring poet who can't figure out why you're not making any money? You probably should have realized that this would happen the moment you bought your first Moleskine. If you want to sell out, however, the power of Google Suggest will ensure that your poems will, at least, resound well with the public.

Just start with a word or two. Type them into your Google search box, pick the most poem-like result, and go on to the next line. Encourage sentence-style results by sprinkling a few "is"s and "are"s in your queries. To stay with a theme, make sure your next few words are related to the first few.

Not only will this get you published and rolling in disposable cash, it's also fun! Here is an example. The seed words are in [square brackets].

[how long] how long does weed stay in your system
[your system] your system is infected
[your] your baby can read
[read] read books online free
[books] books to read before you die
[you die] you die in the game you die in real life movie
[real life is] real life is overrated
[real life is] real life islamic stories
[is real] is real hair real
[are hair] are hair extensions worth it
[extensions] extensions are not enabled

Now, add punctuation and spacing for something truly professional:

How long does weed stay in your system?
Your system is infected.
Your baby can read, read books online free.
Books to read before you die.
You die in the game, you die in real life.
Movie. Real life is overrated.
Real life Islamic stories: Is Real Hair Real?
Are hair extensions worth it?
Extensions are not enabled.

Such is the awesome power of Google Suggest.

Thursday (last week) was a pretty awesome day. I had a good project status for my COSI for credit, I learnt more about LaTeX (and started to typeset my summer research paper) thanks to Zach’s presentation, and there was a pumpkin carving contest for the robotics floor!

Last year I spent a lot of time soldering LEDs and shrink wrapping them, exactly for the purpose of pumpkin decorating!

This year I did one of those ‘etching’ carves of a robot, and used my LEDs to make it more awesome!

It looks pretty cool. Maybe next year I’ll go all out and add a distance sensor and a speaker so that it can sense if something approaches it, then play creepy music/sounds

Here’s a video of the pumpkin in action…

The pumpkin ended up landing itself in COSI for the holiday Hopefully spreading the Halloween joy of computer science to everyone!

Here's a quick tip for Eclipse users. When you double click on an image file in eclipse it typically opens up whatever program your OS has associated with that file type. You can configure eclipse to view images in the editor pane fairly easily, without installing any plugins.

Here's how:

1. Open Preferences from the Eclipse Menu (I think its the File menu on Windows)
2. Expand General » Editors and select File Associations
3. Click the Add button next to File Types
4. Enter *.png
5. Click the Add button next to Associated Editors
6. Select Internal Web Browser
7. Repeat for *.gif and *.jpg

Yesterday Amazon added a High-Memory section of EC2 instances, which included a “Quadruple Extra Large” size. According to the EC2 website, a Quadruple Extra Large instance has “68.4 GB of memory, 26 EC2 Compute Units (8 virtual cores with 3.25 EC2 Compute Units each), 1690 GB of instance storage, 64-bit platform.” As I wasn’t really clear what the 26 EC2 Compute Units would correspond to, I decided to spin one up and poke around. The results are below:

[root@ip-10-218-21-207 ~]# cat /proc/cpuinfo
processor	: 0
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping	: 5
cpu MHz		: 2666.760
cache size	: 8192 KB
physical id	: 0
siblings	: 1
core id		: 0
cpu cores	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca popcnt lahf_lm
bogomips	: 5338.47
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

processor	: 1
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping	: 5
cpu MHz		: 2666.760
cache size	: 8192 KB
physical id	: 1
siblings	: 1
core id		: 0
cpu cores	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc up pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca popcnt lahf_lm
bogomips	: 5338.47
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

processor	: 2
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping	: 5
cpu MHz		: 2666.760
cache size	: 8192 KB
physical id	: 2
siblings	: 1
core id		: 0
cpu cores	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc up pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca popcnt lahf_lm
bogomips	: 5338.47
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

processor	: 3
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping	: 5
cpu MHz		: 2666.760
cache size	: 8192 KB
physical id	: 3
siblings	: 1
core id		: 0
cpu cores	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc up pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca popcnt lahf_lm
bogomips	: 5338.47
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

processor	: 4
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping	: 5
cpu MHz		: 2666.760
cache size	: 8192 KB
physical id	: 4
siblings	: 1
core id		: 0
cpu cores	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc up pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca popcnt lahf_lm
bogomips	: 5338.47
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

processor	: 5
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping	: 5
cpu MHz		: 2666.760
cache size	: 8192 KB
physical id	: 5
siblings	: 1
core id		: 0
cpu cores	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc up pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca popcnt lahf_lm
bogomips	: 5338.47
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

processor	: 6
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping	: 5
cpu MHz		: 2666.760
cache size	: 8192 KB
physical id	: 6
siblings	: 1
core id		: 0
cpu cores	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc up pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca popcnt lahf_lm
bogomips	: 5338.47
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

processor	: 7
vendor_id	: GenuineIntel
cpu family	: 6
model		: 26
model name	: Intel(R) Xeon(R) CPU           X5550  @ 2.67GHz
stepping	: 5
cpu MHz		: 2666.760
cache size	: 8192 KB
physical id	: 7
siblings	: 1
core id		: 0
cpu cores	: 1
fpu		: yes
fpu_exception	: yes
cpuid level	: 11
wp		: yes
flags		: fpu tsc msr pae mce cx8 apic mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm syscall nx lm constant_tsc up pni monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr dca popcnt lahf_lm
bogomips	: 5338.47
clflush size	: 64
cache_alignment	: 64
address sizes	: 40 bits physical, 48 bits virtual
power management:

[root@ip-10-218-21-207 ~]# cat /proc/meminfo
MemTotal:     71687580 kB
MemFree:      70139596 kB
Buffers:          4496 kB
Cached:          41520 kB
SwapCached:          0 kB
Active:          15004 kB
Inactive:        35668 kB
SwapTotal:           0 kB
SwapFree:            0 kB
Dirty:             100 kB
Writeback:           0 kB
AnonPages:        4752 kB
Mapped:           5072 kB
Slab:             7960 kB
SReclaimable:     2176 kB
SUnreclaim:       5784 kB
PageTables:        780 kB
NFS_Unstable:        0 kB
Bounce:              0 kB
CommitLimit:  35843788 kB
Committed_AS:    24060 kB
VmallocTotal: 34359738367 kB
VmallocUsed:       180 kB
VmallocChunk: 34359738187 kB

And the results of kernbench were:

Wed Oct 28 15:30:56 EDT 2009
2.6.21.7-2.fc8xen-ec2-v1.0
Average Half load -j 4 Run (std deviation):
Elapsed Time 114.174 (0.646939)
User Time 356.632 (0.178802)
System Time 76.702 (0.189394)
Percent CPU 379.2 (2.16795)
Context Switches 38541.4 (379.793)
Sleeps 75838 (83.7735)

Average Optimal load -j 32 Run (std deviation):
Elapsed Time 65.466 (0.375673)
User Time 362.856 (6.58352)
System Time 84.936 (8.6855)
Percent CPU 542.4 (172.06)
Context Switches 62848.3 (25625.2)
Sleeps 88501.2 (13376.4)

Average Maximal load -j Run (std deviation):
Elapsed Time 65.036 (0.0260768)
User Time 364.585 (5.8557)
System Time 87.3113 (7.78531)
Percent CPU 597.333 (159.682)
Context Switches 64255.9 (20651.1)
Sleeps 83271.7 (13178.6)

Today I turned 22. I have neglected this blog for quite some time and figured today would be as good a day as any to post.

There are two main reasons for today’s post.  The first is that I have been trying to come up with an idea for a new project to work on. I’d like to do something web-related but can’t think of any good ideas that I see a need for. After our wedding I thought perhaps a universal gift registry site would be neat.  A place where items from any store/website could be added with some sort of system for keeping track of what has/hasn’t been purchased.  That idea didn’t last long since a quick Google search revealed several similar websites (none of which I particularly liked, but that’s beside the point).  So I decided I’d post my desire for a project here, perhaps one of the 5 people that reads this blog has a good idea for a web application that I could work on.  On a side note, I was recently taking a look at the Yii Framework for PHP development and I thought it might be interesting to try employing it in whatever project I take on.

The second reason is that I’ve been thinking of trying to take this blog in a more technical direction and possibly trying to post on a more regular basis.  It seems that the technical problems I run into and solve on a weekly basis at work would be good content for blog posts and may possibly draw others here who are facing similar issues.  Some of the topics I’ve considered include kernel compilation, ethernet interface bonding using the bonding kernel module (including an overview of the different bonding modes offered), hardware watchdog, diskless booting over a network, creating an automated install procedure using a Linux-based boot CD, and probably some others that are escaping me at the moment.  Some of those are less advanced than others, but each represent a different task/problem I’ve run into at work over the last few months.  If you are reading this and you have any ideas, please let me know in the comments.

The third reason (did I say two?) is to promote the COSI IRC server.  If you’re a COSI member, past member, wannabe member or otherwise you should definitely check out comm.cslabs.clarkson.edu.  Take a look at the wiki page for information on how to connect and say hello.

The fourth reason is to say you should check out openinternet.gov.  There are several Internet Service Providers in existence that are experimenting with internet plans that restrict access to certain lists of websites, charging customers more for further or unrestricted internet access.  Take a look at the website and educate yourself on Net Neutrality and how it may impact you.

That’s all I have to say about that.

A good security practice is to require SSL for ColdFusion administrator access (an even better practice is to limit access to localhost). This should only take less than five minutes on either Apache or IIS.

Require HTTPS on Apache 2

<Location /CFIDE/administrator>
	SSLRequireSSL
</Location>

Just add the above to your httpd.conf file, just make sure it appears below LoadModule ssl_module. Restart Apache, and you should get a 403 Forbidden response on http and it should work over https. I tested this on Apache 2.2, I think it should work on prior versions as well, but I have not tested them.

Require HTTPS on ISS

1. Open up IIS Manager Console
2. Right click on the CFIDE/administrator/ directory
3. Click Directory Security Tab
4. Under Secure Communications click Edit
5. Enable Require secure channel (SSL)

Maatkit is a pretty useful set of utilities for MySQL. From their site:

You can use Maatkit to prove replication is working correctly, fix corrupted data, automate repetitive tasks, speed up your servers, and much, much more.

One of the first things you can do after installing the toolkit (which may already be installed if you are running CentOS or Debian) is to run the mk-audit utility. It will give you a nice summary of your server, as well as point out potential problems in your configuration.

Here's a list of all the utilities included in Maatkit:

• mk-archiver Archive rows from a MySQL table into another table or a file.
• mk-audit Analyze, summarize and report on MySQL config, schema and operation
• mk-checksum-filter Filter checksums from mk-table-checksum.
• mk-deadlock-logger Extract and log MySQL deadlock information.
• mk-duplicate-key-checker Find duplicate indexes and foreign keys on MySQL tables.
• mk-fifo-split Split files and pipe lines to a fifo without really splitting.
• mk-find Find MySQL tables and execute actions, like GNU find.
• mk-heartbeat Monitor MySQL replication delay.
• mk-kill Kill MySQL queries that match certain criteria.
• mk-loadavg Watch MySQL load and take action when it gets too high.
• mk-log-player Split and play MySQL slow logs.
• mk-parallel-dump Dump sets of MySQL tables in parallel.
• mk-parallel-restore Load files into MySQL in parallel.
• mk-profile-compact Compact the output from mk-query-profiler.
• mk-query-digest Parses logs and more. Analyze, transform, filter, review and report on queries.
• mk-query-profiler Execute SQL statements and print statistics, or measure activity caused by other processes.
• mk-show-grants Canonicalize and print MySQL grants so you can effectively replicate, compare and version-control them.
• mk-slave-delay Make a MySQL slave server lag behind its master.
• mk-slave-find Find and print replication hierarchy tree of MySQL slaves.
• mk-slave-move Move a MySQL slave around in the replication hierarchy.
• mk-slave-prefetch Pipeline relay logs on a MySQL slave to pre-warm caches.
• mk-slave-restart Watch and restart MySQL replication after errors.
• mk-table-checksum Perform an online replication consistency check, or checksum MySQL tables efficiently on one or many servers.
• mk-table-sync Synchronize MySQL tables efficiently.
• mk-upgrade Execute SQL statements against two MySQL servers and compare the results.
• mk-visual-explain Format EXPLAIN output as a tree.

Just a quick howto for getting raindrop running on Ubuntu. For added points this server is ‘in the cloud’.

Couch DB

apt-get install automake autoconf libtool help2man subversion
apt-get install build-essential erlang libicu-dev libmozjs-dev libcurl4-openssl-dev

svn co http://svn.apache.org/repos/asf/couchdb/branches/0.10.x/

cd trunk
./bootstrap
./configure
make
sudo make install
adduser —system —home /usr/local/var/lib/couchdb —no-create-home —shell /bin/bash —group —gecos “CouchDB Administrator” couchdb

chown -R couchdb:couchdb /usr/local/etc/couchdb
chown -R couchdb:couchdb /usr/local/var/lib/couchdb
chown -R couchdb:couchdb /usr/local/var/log/couchdb
chown -R couchdb:couchdb /usr/local/var/run/couchdb

chmod -R 0770 /usr/local/etc/couchdb
chmod -R 0770 /usr/local/var/lib/couchdb
chmod -R 0770 /usr/local/var/log/couchdb
chmod -R 0770 /usr/local/var/run/couchdb

sudo -i -u couchdb couchdb -b

Raindrop Pre-reqs

sudo apt-get install python-twisted python-dev python-setuptools

wget http://launchpad.net/paisley/0.1/0.1/+download/paisley-0.1.tar.gz
tar -zxvf paisley-0.1.tar.gz
cd paisley-0.1
sudo python setup.py install

wget http://python-twitter.googlecode.com/files/python-twitter-0.6.tar.gz
tar -zxvf python-twitter-0.6.tar.gz
cd python-twitter-0.6
sudo python setup.py install

Get Skype4py from http://sourceforge.net/projects/skype4py/
tar -zxvf Skype4Py-1.0.32.0.tar.gz
cd Skype4Py-1.0.32.0
sudo python setup.py install

sudo apt-get install python-feedparser

The Rest

https://wiki.mozilla.org/Raindrop/Install

Today Mozilla Messaging released the Raindrop project

Raindrop is an experiment in the design of a new messaging platform in the open.

What I like most about Raindrop is our process.  We started with some simple designs, created a couple iterations and now we’ve opened up the whole process to share.  This isn’t another email client or a twitter client, we have been designing for the way people communicate on the web today.  And we’re looking to make it awesome.

If you’re a developer or just have lots of patience you could grab the source code, follow the instructions and get raindrop up and running.  But that’s not what we’re launching, we’re launching the next version, the one that we design and develop in the open.  Read that again, there is no download.

Design

Starting today, new raindrop designs will be uploaded into the Raindrop Design flickr group for discussion and review.  As designs are ready to be implemented we’ll be blogging about them in the Raindrop Design Blog.

Develop

Discussion of code and extension development takes place on the Raindrop Development Google Group.  We’re currently built on CouchDB, Python, and JavaScript.  (if you’re trying to get raindrop up and running make sure you read the INSTALL doc carefully)

Extend

From the ground up Raindrop was built as a set of extensions on top of extensions.  This architecture was a design choice so that others could easily continue extend on top of our work.

There are places to add Data Miners which can search messages for regular expressions and User Interface Extensions which can modify the layout and design of messages presented.

Check out James’ video on Raindrop Software Components for more on the extensions system.

Back in August Adobe released a series of ColdFusion security Hotfixes in security bulletin APSB09-12. One of the vulnerabilities that was supposed to be fixed was a Cross Site Scripting vulnerability that I found and reported to Adobe, known as CVE-2009-1877.

When the hotfix was released I tested it, and found that they didn't fully fix the issue. I reported this back to Adobe, they confirmed that the hotfix was not complete, and came back with another hotfix for me to test within a few days. I confirmed that it was fixed, and waited for Adobe to issue another security bulletin.

Two months go by, and still no bulletin, so I emailed the Adobe security team last week to get a status update. They told me that they updated the hotfix on August 20th. The APSB09-12 page made no mention of this update in the Revisions section. They quickly updated that to show that hotfix was updated, I suggested that they release another security bulletin for the folks that installed the update right away, but they let me know they have no intention of doing that.

To make a long story short, if you installed the security hotfixes when they first were released you need to reapply Hotfix CVE-2009-1877.

If you aren't sure when you installed it you can use my free Hack My CF service to test your server. It will let you know you need to apply Hotfix CVE-2009-1877 again.

Links for hotfix CVE-2009-1877 can be found here:

• Installation instructions for CVE-2009-1877
• CVE-2009-1877 Hotfix for ColdFusion 7.0.2
• CVE-2009-1877 Hotfix for ColdFusion 8
• CVE-2009-1877 Hotfix for ColdFusion 8.0.1

My company Foundeo Inc. released a new free web service today called HackMyCF that allows you to scan your ColdFusion server to detect the absence of recent ColdFusion security hotfixes as well as other security problems.

The site generates an email report detailing what security issues were found, here's an example:

I would love to hear your feedback!

When ColdFusion 8 added the ability to return data from remote functions formatted with JSON they also added some settings that allow you to put a prefix on the JSON string.

Why would I want to prefix my JSON?

The reason this setting exists is to prevent a hack called JSON hijacking. Services such as GMail, and twitter have suffered from JSON hijacking.

It works by embedding a script tag pointing to the JSON url on the attack site, eg hacker-site.com:

<script src="http://bank.example.com/account-info.json">

Now if you have recently logged into bank.example.com your authentication cookies will be sent in the script tag request to bank.example.com and your account info will be returned. Now the tricky part. In order for hacker-site.com to read the JSON data they can attempt to override the JavaScript Array constructor (which doesn't work on modern browsers) or on some browsers the __defineSetter__ (works on firefox) method.

So this brings us back to our question Why would I want to prefix JSON?. When you prefix with // it effectively makes the script evaluate as a comment, and these exploits won't work. Google takes a more nasty approach, they use while(1); as their JSON prefix, this will put the victim's browser in an infinite loop.

How do I enable a JSON Prefix in ColdFusion?

ColdFusion 8, and 9 added a setting in the ColdFusion administrator called Prefix serialized JSON with: which allows to to enter a prefix (the default being //.

It can also be toggled on in the Application.cfc by adding the following inside the cfcomponent tag:

<cfset this.secureJSON = true>
<cfset this.secureJSONPrefix = "//">

And finally you can enable the prefix within a cffunction call using the secureJSON attribute.

Will this break my code?

It might, if you are only using this feature with ColdFusion's ajax tags then it will automatically remove the prefix for you. If you are calling remote methods with returnformat=json using your own JavaScript then you need to remove the prefix before parsing the json.

The prefix will also be added when you call the SerializeJSON function. There is currently no argument in SerializeJSON to toggle this behavior, I have filed an enhancement request: 80423 for such as setting.

Examples, References:

Checkout Phil Haack's blog for more info about these vulnerabilities.

I have a client using the standalone FCKEditor on his server (not the one in /CFIDE/ it is located at /FCKeditor/), but after installing the security hotfix for ColdFusion 8's builtin FCKeditor, the file manager for uploading and inserting images stopped working. He was getting a JRun Servlet Error: 403 Access denied.

It turns out that hotfix (hf801-77218) will actually block any CFM request matching /fckeditor/editor/filemanager/ anywhere in the URI.

To bypass this feature you need to add the JVM argument: -Dcoldfusion.fckupload=true to your JVM arguments. This is found in the ColdFusion administrator under Java & JVM settings on Standard, or in the jvm.config file on Enterprise.

In general I think this is a good feature, though it probably will cause an issue with anyone who uses FCKeditor as outside of cftextarea.

Make sure when you enable FCKeditor's file connector that you do so in a secure manner. For example, don't just set config.enabled = true do something like this:

config.enabled = IsDefined("session.isAdminUser") AND session.isAdminUser;

Today in my Advanced Concepts in Operating Systems class I led the discussion on the Mnesia paper from PADL’99, while this paper has numerous typos it does do an excellent job highlighting the features and advantages of Mnesia. For those of you who are unaware, Mnesia is a distributed, fault-tolerant object DBMS written in Erlang. One thing about Mnesia that I have found to be lacking is a tutorial written for the lay person from the ground up, this gap I intend to try and fill. This multi-segment tutorial assumes you have knowledge of Erlang, and the basic  concepts of manipulating data with DBMSes, other than that, I hope to provide enough information and code to demystify a fairly complex system. However, I still am on the road to mastery, so if I make any errors, or you have any tips for improvement, I’d be happy to add them in.

To get started, start up the Erlang shell (erl) with a name, I will use -sname foo in the following examples. Below is a transcript of starting up and creating a disk-based

ranok@orion:~/Desktop$ erl -sname foo
Erlang R13B01 (erts-5.7.2) [source] [smp:2:2] [rq:2] [async-threads:0] [hipe] [kernel-poll:false]

Eshell V5.7.2  (abort with ^G)
(foo@orion)1> mnesia:create_schema([node()]).
ok
(foo@orion)2> mnesia:start().
ok

The most important call made here, create_schema, takes a list of nodes to replicate the schema table to on disk. You can add additional disk-based nodes or ram-based copies later (we’ll get to the details later). After you’ve created the schema (this will make a folder for all the Mnesia table data), you can start the application with the start function.

Now that we have the database running, we need at least one table to store the data in, we will start with a very simple record to just store simple key/value data. The nice thing about Mnesia, is that the data we store can be pretty much anything, from a simple atom to a function. We will start learning the basics from the mnesia_test module, which I have uploaded here.

The first few lines of the module start off like any Erlang code, a module declaration, what functions to export, including the QLC (Query List Comprehensions) include file (you may need to find it for your system) and a record definition:

-record(data, {key, value}).

Which will define our record for the table also named data. In the function setup_and_start/0, we tie in what we already went over with the create_table function, which in our case looks like

mnesia:create_table(data, [{disc_copies, [node()]}, {attributes, record_info(fields, data)}])

The create_table function has a number of options, the most basic of which we will deal with at the moment: the name of the new table, where and how the table will be stored and what fields the table has (this code used the record_info() function to pull those out of the data record for us). Now that we have our table, we need a way to get the data in and out of it.

Many databases provide the ability for multiple queries to be joined into one transaction to be executed atomically. Mnesia is no different, but for the most part, all queries are executed through the transaction manager (there is a dirty interface which will be discussed later), this makes working in a distributed environment much easier. The way to perform a transaction in Mnesia is to pass a fun to the mnesia:transaction() function that will atomically run.

The actual function to enter data (both insert and update) is write(Record). We wrap this into the mnesia_test:insert(Key, Val) function displayed below:

insert(Key, Val) ->
Record = #data{key = Key, value = Val},
F = fun() ->
mnesia:write(Record)
end,
mnesia:transaction(F).

To now retrieve this data back from the database, the read function is now used, the read function takes two arguments: the table name (in this case, data) and the key to retrieve. The mnesia_test retrieve function wraps this nicely for us, and is shown below:

retrieve(Key) ->
F = fun() ->
mnesia:read({data, Key})
end,
{atomic, Data} = mnesia:transaction(F),
Data.

mnesia:transaction will either return {aborted, Reason} or {atomic, Rows}, where Rows is a list of all the retrieved data. If the key we tried to retrieve could not be found, then it will return an empty list.

Say however, we want to search the table for certain values that are not the index of the table. For that there is the matching functions, the simplest of them is the match_object whose usage can be seen here:

search(Val) ->
F = fun() ->
mnesia:match_object(#data{key = '_', value = Val})
end,
{atomic, Data} = mnesia:transaction(F),
Data.

As you can see, simply fill in all the values that are known and that you want to search for, and use the ‘_’ unmatched value for all the other values. This transaction will return the same forms as the read transaction.

There is another method for filtering through Mnesia tables, which is very similar to the list comprehensions builtin to Erlang which is called QLC. The QLC version of the above function is below:

search_qlc(Val) ->
F = fun() ->
qlc:eval(
qlc:q(
[X || X <- mnesia:table(data), X#data.value == Val]
))
end,
{atomic, Data} = mnesia:transaction(F),
Data.

What the query here is doing is is returning a list of Xs where every possible X comes from our data table, and X#data.value == Val. This should be very intuitive for those of you who are familiar with list comprehensions. What qlc:q() does is form a query handle (much like a function object) which gets evaluated by qlc:eval() inside of our transaction object. Again, this will return the same values from mnesia:transaction.

Well, that about covers the basics of Mnesia, you now should be able to setup Mnesia on your computer, create a table and insert/retrieve data from it. In the next installment, we will look at distributed Mnesia and the dirty interface, which provides faster queries by bypassing the transaction manager. After that we will put all of what we’ve learned into creating a system that will take advantage of Mnesia and give a pseudo real-world problem a fitting solution. Please check back soon for the next installment!

Peace and chow,

Ranok

Adobe has posted the recording of my Adobe MAX presentation Building JEE Portlets with ColdFusion 9. Overall it was a great conference and I was happy to be a part of it. I was also happy to cover the topic of Portlets in ColdFusion 9, since it hasn't gotten much publicity as a new feature. This feature is also close to home for me, because I worked on this feature for Adobe as a consultant through Twin Technologies.

• Session Recording
• Slides
• Code
• Handout / Notes

This Friday I had the most awesome idea of a weekend project ever! A 21st century MusicBox, using an Arduino and have blinking LEDs!

I had a Sparkfun box lying around, which is an ideal size for an Arduino and a WaveShield.

I wanted to have LEDs outlining the box, so I went to work on it:

Just as a disclaimer- I designed it wrong, so the LEDs don’t work well. If you’re looking to follow my steps, DON’T DO IT!

Then, installing them into the box:

It looks nice!

Once all of the connections are made, it’s pretty tight in there:

The problem though, is that I designed it so that all the LEDs are in series. Since al LEDs aren’t created equally, some suck up more power and therefore can’t share it with the others. This is what happened:

It’s pretty sad! But, I think that I can fix it because I soldered the resistors together, not the actual LEDs together. I was too excited to start this project, so I didn’t bother to plan I guess planning would have been better, but it would also have been too boring.

I also worked on a NXT LED blinky thingy. There are these HiTechnic Protoboards that you can get, and basically you attach them to one of the sensor inputs, and you can control power to certain ports and such.

In this case, there’s 6 output pins that you can control. Sounds like an opportunity to use LEDs to me!

This is what the setup looks like:

It goes like this: NXT -> HiTechnic ProtoBoard Sensor Adapter -> 6 LEDs

In order to output instructions to the HiTechnic ProtoBoard, you need ‘drivers’, or headers. They’re located here.

Here is the code for the LEDs, in RobotC:

This is what the code does:

To wrap up this Friday Night Robotics, I checked out the Adafruit Ask an Engineer chat. It was pretty cool! I learnt about how LEDs work, and how much it costs to create a Teenyduino! Everyone should check it out, Saturday at 10:00PM EST.

The only things that I didn’t get to do that I wanted to was play with MANOI and the iRobot Create. I’m kinda worried that MANOI’s batteries are drying out as they haven’t been exercised in a while EEP!

This past week, we received the Blue-Bomber TGIMBOEJ! It came from Toronto, Canada. Here’s the blog post of the original creator of the Blue-Bomber box.

A TGIMBOEJ is a box of electronic junk! It stands for: The Great Internet Migratory Box of Electronic Junk. People put electronic junk into a box, usually take pictures and blog it, and send it to someone else. The process repeats and repeats. The general rule is that if you take something out, you have to put something back in it. Possibly the most awesomest thing to explain to anyone who hasn’t heard of one before!

This is what it looked like when we got it:

There is awesomeness inside:

This one is my favourite thing in the entire box:

Do you know what it is? It’s a NEWTON PEN!!!!!!!! A PEN FROM THE NEWTON!!!!! (A Newton was the first PDA, the pre-iPhone)! A NEWTON PEN IS IN THE BOX!!!!!!!!!! Rest assured, I’m going to be swapping something in for that.

(That giant resistor makes me laugh)

So that was some of the junk in the box. The pink flower camera is still in there. The funny thing is about that camera, is that I have one at home, and it still works. Hahaha!

One of the projects that was going on that night was someone (also a robotics floor member) was trying to open up an old computer that he bought on ebay for $0.99! It’s a Packard-Bell, and it’s really old, but uncannily looks like the netbooks of today:

Above is the battery for the laptop. They didn’t even try to make it not look like a capacitor!

I think at the end of it, what was wrong is that the CMOS battery is dead. I’m not sure why he hasn’t replaced it yet, but I think it’s along the lines of he doesn’t have one (that isn’t dead). It’s a pretty cool project, neat to see what others are doing!

Anyway, when I got the BlueBomber I sent out an email to the ARC members requesting electronic junk, so that we can have a lot of stuff to swap out. The amount of junk we received was phenomenal. It was MOUNTAINS of electronic junk. MOUNTAINS OF JUNK!!! It was a super giant electronic junk party!

This is what a CRT actually looks like without the box:

This is what a human actually looks like with the box: (Rofl)

There’s so much soldering/desoldering to be done! I can’t wait to continue the electronic junk party this Monday, and perhaps work on iSobot more. One thing is for sure- I won’t be forgetting the desoldering pump!

If you have some electronic junk or know of people with electronic junk, feel free to let me know and we’ll take it off of your hands. Eventually the stuff that we don’t use will either be used for a new TGIMBOEJ, or will stay in the ARC room!

A while ago, I was on the internet TV show – Fat Man and Circuit Girl! At that time, when I showed the robotics floor, we only had a camera and a desk. Now we have everything on the floor, and it’s virtually the closest thing to a paradise!

The robotics floor is basically a group of people that all really enjoy robotics- we’re all on the FIRST 229 team. We help out with 229 related activities, like remote mentoring. Basically any team that is in our county can call in and ask for help on their robot. I really like the feel of remote mentoring, it’s like being on-call for a robo-emergency. There hasn’t been any calls yet, though The fancy name for the floor is ‘Living Learning Community’… or LL Community. We would say LLC, but I was the nerd who pointed out we could easily be pwned for that, especially if someone had a company called Robotics LLC or Team 229 LLC. Plus, it’s just generally confusing if people look on the website and see a LLC, it wouldn’t make sense- so it’s LL Community.

This is the phone we use for remote mentoring. We’re going to be switching to VoIP soon, though:

We have a huge computer that has two displays, an extreme amount of graphical processing power, can record TV shows and has a Netflix account. It’s an amazing computer. The keyboard and mouse are really nice, too.

On top of this, we have a huge smart board! It’s really amazing! It stands up and has a projector sort of floating in front of it. You can touch the screen and it’s like your clicking!!! I tried some of the Processing applications that I made, and it works really good, and the particle finger painting looks extremely realistic!

We also have this intense camera! You can move it around from the internet, and it can zoom in super far, it’s creepy!!!

This is what it looked like with people in it, when it was in its most fire hazardous messy lego state:

It’s much cleaner now, though.

So yeah, that’s the Robotics Floor. I haven’t heard about this type of awesomeness at any other university, so Clarkson has done this first! Woohoo!

So, this floor is so super amazing, but what’s the worst part of it? I’d have to say the respect that the people on the floor have. There’s so little of it that it’s somewhat disgustingly sad

The main problem I have is Quiet Hours. For some reason, everyone on the floor doesn’t understand what QUIET means. So this means that I have to do the RA’s job and tell everyone to shut up, EVERY SINGLE NIGHT. I’ve tried being nice, angry, mean, aggressive, sad, happy, ignoring it, and telling the RA to shut everyone up, but nothing works! They don’t have the courtesy to respect anyone that likes to wake up at the beginning of the morning. How can such an amazing floor have that little respect for its floormates? It disappoints me and bedaffles me!

If I didn’t have respect though… I would play classical music super duper loud on my stereo, each morning, at 6AM. >:D But I haven’t done it yet, because I have respect. I respect people that don’t respect me… that doesn’t make sense.

Anyway, during the day this floor is the most amazing place on Earth!! This is what I see out of my window:

I hope that the bad part of the floor will improve, but it’s still the most amazing thing ever.

It's no secret by now that if your web site sees credit card numbers (even if they are passed to a third party gateway) you need to comply with the PCI DSS standards.

Requirement 4.1 states:

Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.

If you are running IIS there are typically several weak Protocols and Ciphers enabled, such as SSLv2, and 40-56 bit key ciphers. The Internet Information Services Management Console doesn't have a GUI to let you disable these protocols and ciphers. You need to use Regedit to make several registry changes in order to disable these.

While doing some consulting work last week a client mentioned how useful it would be to have a product for toggling ciphers and protocols in IIS. I agreed, and built the following:

I also built a web based tool to test your server for SSLv2. The testing tool works on both IIS and Apache Web servers.