Updates, upgrades …

Posted on November 3, 2006 by dreadpiratepj

I hadn’t realized so much time had passed since my last post. Mea culpa, I haven’t made time for new content. I’d been working my butt off and hanging out in Guild Wars to relax. :-) My apologies to my faithful and adoring readership (all four of you!)

I upgraded WordPress to version 2.0.5 just before I started this post. It was another textbook example of a successful upgrade.

Speaking of seamless and successful updates, I really can’t say the same about Microsoft’s upgrade to IE. IE7 has only been out two weeks, and it already suffers from a bug from the early IE6 days.

I would be willing to cut MS some slack if this was a new flaw. As a developer, I know that bugs happen. No one writes perfect code. But this is an old bug, and no developer worthy of the appelation “world-class” would have missed it. There’s no reason a “world-class” QA department should have missed it either.

If this is indicative of the Trustworthy Computing initiative that allegedly started with the development of Windows Server 2003, then I really, really wonder why anybody will bother to get Vista for anything but the computer games. I mean, that’s all Windows is good for, isn’t it? Oh yeah, I forgot. It’s great for spreading spam bots, too.

This IE7 bug simply proves there is no guarantee, no matter what monkey boy Ballmer and goodie-two-shoes Gates say, that IE7 and Vista won’t bite your ass with the same bugs that plagued IE and Windows for the last half decade.

For the guys up there in Redmond, here’s a freebie development mentoring lesson you have apparently not being taught by your “visionary leader”: regression test.

Trustworthy computing, my ass.

Technorati Tags:
,
,
,
,

Posted in trustworthy.computing, upgrades, windows.vista, wordpress | Comments Off on Updates, upgrades …

No more Thing A Week?

Posted on October 9, 2006 by dreadpiratepj

I just noticed my weekly $1 USD donation to Jonathan Coulton’s Thing A Week has been cancelled. I pay attention to all my Paypal notifications, 1) to catch any phishing attempts, 2) to make sure I really did buy what Paypal says I bought. I was surprised the weekly donation was cancelled by Jonathan himself and not by Paypal because of lack of funds or whatever.

I checked his site, and everything is alright. He is still putting new blog content out, and the Thing A Week podcast had a new song and all. Hmm, maybe I’m supposed to signup to the weekly donation again? Maybe I’m making a big deal out of nothing?

PS – This was in my drafts folder for a few days. I just noticed and published it. But it’s now moot, Jonathan and Thing A Week are doing fine.

Posted in jonathan.coulton | Comments Off on No more Thing A Week?

Which Hogwarts House am I in?

Posted on September 12, 2006 by dreadpiratepj

Congratulations on making Hufflepuff!

You’re one hard-working, loyal, compassionate little thing, aren’t you?! Well, there are some good things, and some bad things about that. Bad things first, so after you’re let down and crying your eyes out, plunging into a state of depression, I can cheer you up with the better facts. Bad thing, your house has a horrible rep for being a bunch of wimps. Sorry. Good thing, it’s not quite true. You’re tough! It’s hard to be loyal! And remember, Hufflepuff is you! Don’t be ashamed of yourself.

Posted in sillyness | Comments Off on Which Hogwarts House am I in?

Another seamless upgrade, and visitor comments.

Posted on August 14, 2006 by dreadpiratepj

I upgraded to WordPress 2.0.4 in thirty seconds, just a few minutes ago. After login in as administrator and deactivating my plugins, those thirty seconds included SSHing in to my server and running this:

#making an in-server backup in folder blawg.bak

cp -r blawg blawg.bak

#backup the database

mysqldump -u user -ppassword database-name > blawg-backup.sql

# upgrade the wordpress files

wget http://wordpress.org/latest.tar.gz

tar xzvpf latest.tar.gz

cp -r wordpress/* blawg/

Then I visited http/blawgupdate.php (which I’ve renamed, suckas.) And that was it, really! Many thanks to the WordPress developers for such an easy upgrade.

——-

A visitor sent me an email a few days ago, correcting my hack post for SSH tunneling of HTTP. Jim was his name, and he said that he wasn’t 100 % sure, but that he believed SSH only used the keys for authentication purposes, and that smaller session keys were created on the fly after authentication was successful. Therefore he believed the strength of the encryption wouldn’t be an order of magnitude better than SSL, as I claimed at the end of my post.

I am afraid Jim is correct. The session key size varies from one implementation of SSH to another, but they all support 168-bit triple-DES. This is the default for most OpenSSH installs on Linux and BSD these days. So while 168-bit triple-DES is believed to be better than SSL’s 128-bit RSA, it’s not an order of magnitude improvement.
Thanks Jim, for the correction.

Technorati Tags:
, , , ,

Posted in hacks, ssh, tunneling, upgrades, wordpress | Comments Off on Another seamless upgrade, and visitor comments.

PJTrix.com’s Hack #1 – SSH tunneling for ultra-secure web app administration

Posted on July 18, 2006 by dreadpiratepj

At long last, here is the first PJTrix.com hack. It’s longer than most of my entries, so plan to read a while. Come back when you have the time if it interests you.

Over the past few months, some friends and cow-orkers have come to my site, and invariably I get the “Where are the hacks?!? When you gave me the link, I was excited and assumed the site had all your hacks and tricks?!? What happened?!?” You see, my fellow cow-orkers specially, know me as a man of many technical talents. I can turn any normal workday into a techfest show-and-tell, just by emptying my pockets or laptop bag, or discussing my latest interests.

So without much further ado …

Hack #1 – SSH tunneling for ultra-secure web app administration

I’m a fairly paranoid person. OK, I take that back: I’m a really paranoid person when it comes to my online life, but only fairly paranoid in my real life. And just to set the record straight, simply because I am paranoid and admit it freely, doesn’t mean someone out there isn’t really out to get me! They just haven’t gotten me yet.

I’ve been around the tech block a few decades, and have had Commodore C64 and Amiga demo scene BBSs defaced, and later, a Sega Dreamcast demo scene website and a Yahoo! webmail account taken over, by a prankster who proceeded to send crap to various Dreamcast scene mailing lists I frequented, pretending to be me. With these experiences came lessons that I apply as much as I can. Because of them, I’ve been without security related problems for the last six years.

That’s six years with no virus attacks, no remote IRC bots, no trojans or backdoors installed, no rootkits on my personal computers or servers. Being paranoid pays dividends in serenity. I can sleep at night knowing I’m not sending out spam or aiding in DDOS attacks. Can you say the same, with certainty? :-)

The problem

One of the things I don’t like about the stock WordPress install, is that the administration pages are not secured with SSL. There are various write-ups on how to modify the code to accomplish this, but applying them makes it more complicated to upgrade WordPress. And I want my WordPress upgrade to be as painless as possible, or I’ll just put it off.

One of the reasons I put off upgrading from WordPress 2.0 to 2.0.1, 2.0.2, and finally 2.0.3, is that I had modified my WordPress install with one of these SSL hacks. I could feel the paranoia mount up as I thought “My username and password may be SSL secured, but there are known security holes in WordPress 2.0. I’ll better upgrade ASAP!” So after RailsDay, since I didn’t have any work, I upgraded to WP 2.0.3 and didn’t apply the SSL hack.

You see, I have a secure way of logging in to the admin pages, and still keep the WordPress upgrade as simple as possible. (By the way, this trick works for proxying all web access to a server, it’s not just for WordPress administration.)

Introducing SSH tunneling

SSH is called Secure SHell, and many people just think of it that way. But it does more than that, with secure remote file copying and secure FTP tranfering of files as built-in features. Under the hood of the secure terminal access and file transfers, lies a packet tunneling framework with great flexibility.

With SSH tunneling, it is possible to connect to one computer at one port, and forward the TCP request to any other computer at the same or any other port. This only works for TCP connections, though. UDP-heavy protocols such as BitTorrent peering and seeding can’t travel through “regular” SSH tunnels.

(There’s one kind of SSH tunnel, the SSH SOCKS proxy, that does allow UDP packets through, but only in one direction. So it’s not as effective for P2P tunneling anyhow. We’ll discuss SSH SOCKS proxying and its uses some other time.)

So how do you tunnel to a web host with SSH?

First, using a plain text editor (not Wordpad, Windows people; use Notepad) open your hosts file on your local host (not on the web server.) In Unix the file lives in:

/etc/hosts

In Windows, it lives in: ** usually **

C:/Windows/system32/drivers/etc/hosts

In Windows, the operating system isn’t always installed on drive C and not always in a folder called Windows. But ninety-nine thousand times out of a hundred thousand, it will probably be like this. So don’t sweat it, specially if you bought your Windows PC already set up. And if it wasn’t already set up, you probably already know where you installed your Windows. :-)

The hosts file wil contain a line like this:

127.0.0.1		localhost

While preserving the rest of the contents of the file, change that line to read like this (substitute serverName as appropriate for the web host you want to tunnel to):

127.0.0.1		localhost serverName

Second, install SSH on your local host. If you’re on Windows, this can be Putty or the SSH client for Cygwin. (There are plenty of writeups about both open source Windows products, so use Google search for further help with that.) Most Linux distributions come with at least the SSH client installed. Mac OS X and Solaris come with both SSH client and server software installed.

Third, you need an SSH login account on your web server. Not all shared hosting accounts give shell access, so it may be that you can’t use my little trick. Virtual private hosts and dedicated servers definitely have SSH if they’re Unix-based. If you host your weblog on Windows, you have other problems besides no remote secure shell access. It’s called gullibility. Again, look it up on Google. :-)

Now comes the good part. Once you have installed an SSH client, and have SSH access to your remote server and a shell account, you have to forward port 80 from your local host to the web server, with this command (substitute serverIP and accountName as appropriate; namely, you need the IP address of your web host, or a different domain name that resolves to the same IP as your web host):

ssh -L 80:serverIP:80 -N accountName@serverIP

If you’re using Putty, the command is:

plink -L 80:serverIP:80 -N accountName@serverIP

Make sure your Putty installation is on the command-line PATH. If you don’t know what that is, what are you doing reading this far?!? 😀

Now, when you browse to http://serverName (not serverIP), SSH will tunnel from your local host to the web server, and your connection will be encrypted just a tad better than industrial-strength SSL. Most SSH implementations let you choose from a variety of protocols and session key sizes, such as Blowfish and 256-bit session keys. That’s double the encryption power of the 128-bit RSA encryption in SSL. Ultra-secure, baby! :-) (Thanks to Jim for the clarification.)

And there you have it, PJTrix.com’s Hack #1.

(Soon, I’m putting up a Wiki to collect these. So consider this text as my second draft of this hack. Any comments, improvements, criticisms, are welcome in the comments. Thanks for reading this far!)

Technorati Tags:
, , ,

Posted in hacks, open.source, ssh, tunneling | Comments Off on PJTrix.com’s Hack #1 – SSH tunneling for ultra-secure web app administration

If you can see this in your aggregator …

Posted on June 22, 2006 by dreadpiratepj

… it means PJTrix is in its new home. I have upgraded to WordPress 2.0.3, and applied a new theme. I’ll be tweaking the layout a bit, adding my page “tabs” to the header. Why don’t you come over and kick the tires and leave a comment? That will help me shake things out and make sure things are working right.

Up next … well, you’ll just have to wait and see. I have 500 GB of paid up bandwidth to fill every month from here to February, and plenty of ideas on how to do that.

Ain’t unemployment grand? 😉

[Updated on 2006-07-18: I returned to work with Ruby on Rails three weeks ago, and I picked up a part-time customer last week, for a CMS migration from Postnuke to Drupal. I’m still planning to leave PR for the US mainland in August.]

Posted in Uncategorized | 2 Comments

Moving PJTrix to another server.

Posted on June 20, 2006 by dreadpiratepj

This is just to let you know, I’m moving PJTrix.com to another server, where I have more storage. The server PJTrix is on right now is actually owned by a friend of mine, Ernesto Diaz. He is one of my ex-employees at SNAP Platform, and is running a web hosting and web design business for the Latinamerican geek market. For the past four months, he has let me have 2 GB of space and 60 GB of bandwidth per month on his server for free. It’s served me well, but I gotta move on.

As PJTrix grows into hosting my open source project for Rails Day and other ideas, the domain needs more space and bandwidth. I actually own that space and bandwidth, on the server where I host my friend’s web store and my other friend’s web gallery. That server has 500 GB of bandwidth and 20 GB of space, which are currently underused.

So over the next few days, there will be a change of IP address, and you’ll see PJTrix updated to a new version of WordPress and a new theme.

See you on the flip side!

Posted in Uncategorized | Comments Off on Moving PJTrix to another server.

It’s down to the wire now, less than 1 hour to go

Posted on June 18, 2006 by dreadpiratepj

Well, I got about 50% of my planned features done. I’ll just keep correcting the layout till ten minutes to midnight, check in the last changes, and them I’m gonna crash till about noon tomorrow. My dad’s Father’s Day party is at 1 p.m.

On Monday, I’ll deploy my Rails Day entry on my server. So you can all laugh and point fingers at my naive web design. I never claimed to be a web designer, I am a developer. It’s not the same thing. I don’t have the graphical talent needed for web design, whereas development is mostly about logic. Right brain vs. left brain, and I don’t have the right brain for it (pun not intended, I swear!)

I’ll post a post-mortem later: why I didn’t finish, what held me up the most, what was simplest.

PS – Happy Father’s Day, Ken, and my other “childrened” readers. :-)

Technorati Tags:
, , , , ,

Posted in hacks, open.source, rails, railsday, ruby, software.development | 5 Comments

Less than eleven hours to go …

Posted on June 17, 2006 by dreadpiratepj

… and I need a nap. I’ll get an hour of shut eye, and have lunch when I get back up.

It doesn’t look like I’ll get 70% of the functionality in by midnight. It may be more like 50%. I’ll keep on truckin’, no sense quiting now.

If I’m gonna look like a fool, might as well go all the way, no?

Technorati Tags:
, , , , ,

Posted in hacks, open.source, rails, railsday, ruby, software.development | Comments Off on Less than eleven hours to go …

Breakfast time!

Posted on June 17, 2006 by dreadpiratepj

My stomach started hurting about 10 minutes ago. It could be from the coffee I had a few hours ago. But I think it’s just gastric juices from 10-11 hours without a meal (and that’s a guess. I don’t remember if I had dinner at 6, 7, or 8 last night.)

So I’m going to have breakfast. I’m doing good with the wakey wakey, so I’ll lay off the coffee for now. Save it for when I really need it.

PS – Preliminary functional tests for conversations are done. Now I just need to tailor them for typical webmail actions. Then I move on to implementing said actions, and adding unit tests for conversations and emails.

PS – … and miles to go before I sleep.

Technorati Tags:
, , , , ,

Posted in hacks, open.source, rails, railsday, ruby, software.development | Comments Off on Breakfast time!