the shallow thoughts of a simple mind

I’ve just started up my own personal subversion repository for any of the various (non-classified ;-)) projects that I’m working on. Everything in there will be open source of some sort and as time goes on I’ll be sorting through some older code that I’ve written to see if there is anything useful worth checking in. For now the only thing I’ve put in there is my pybind stuff. You can find the repository at http://mike.crute.org/svn

Lately I’ve been working with our hosting systems at work to try to squeeze out some more efficiency. Mostly this has resulted in automating a lot of mundane tasks that I should have never been doing by hand in the first place. My latest challenge is to completely automate our BIND DNS system. The bare mechanics of syncing the masters has been automated for some time but the management of the actual zonefiles is pretty much all done by hand.

Today, among a bazillion other things, I started writing a Python API for mainpulating BIND zonefiles. A quick and lazy google search didn’t turn up anything useful so I figured I’d just roll my own. I can see a lot of use for something like this. Things that where never possible before like web-based management of our DNS and dynamic DNS for my cable connection at home. It would be pretty cool to have a full API for BIND stuff and I’m sure there are many more ways to tie something like that into our other back-end systems.

Well, more update will follow as events progress. I’m hoping to have the time to finish up at least a functional version of the code by tomorrow, we shall see. If you’d like to follow along you can checkout the code from my subversion repository at https://svn.softgroupinteractive.com/cruteme/pybind/trunk/. It’s not terribly useful as it stands right now but it will be shortly.

For a while now I’ve been working to better secure our shared web hosting at SoftGroup Interactive. For ease of administration we like to keep all the sites on each server under the /var/www tree. For security this presents a few issues. First, we give our users FTP access to their sites and it is less than desireable for them to see the whole /var/www tree lest they get any ideas. Second it gives away a little bit too much about our other clients. It also isn’t very flexible for the end users because they can’t store “scratch” files anywhere on disk.

The ideal solution would be to somehow give users their own home directory and also give them access to their sites. Preferably we should be able to chroot the users into their home. Under the current system we used filesystem permissions to hide folders from users. Proftp had the option to now show users files they didn’t own so we could give them access to the /var/www tree without giving away too much information. This still isn’t awesome because users can’t upload “scratch” files, they are basically restricted to uploading stuff to their webspace.

Lately however, I’ve learned of an even better solution. We now create home directories for each client, real honest-to-goodness home directories. When we transitioned to Ubuntu server we also switched to vsftp and now had the option to chroot users into their homes (perhaps this was possible under Proftpd, I didn’t pay much attention). For the sites we use bound mounts (mount –bind) for each site the user owns. This gives us a lot of flexibility to secure the system however we like but also gives the users access to their sites and the ability to post files outside of their webspace.

There are two downsides to this solution, both of which should be easy to rememdy. We have to use real *nix users. This will be mitigated when we make our full leap to centralized user management in LDAP. The other annoyance is the need to update /etc/fstab with all the bind mounts. I’m thinking about just writing a quick script to interact with our billing system to generate that but for now it gets done by hand.

For a long time the state of PDF in Firefox has sucked pretty badly. For a while I had actually abandoned Firefox for Safari because it was bugging me so badly (Firebug ended up bringing me back). Well, today I decided to re-install Firefox on my Mac and did another google on the issue and ran across Firefox-Mac-PDF. The project is reasonably new, it has only been around since June of 2008, but it has a lot of promise. As it stands today the plugin just basically adds PDFKit rendering to Firefox, no frills, but it does a great job. Given some time I’m sure it’ll be as full featured as the implementation in Safari. I’m really excited to finally see my biggest gripe with Firefox solved. Now if somebody would do the same thing for Linux.

Because they encourage crazy people to do stupid stuff like post to their blog at 2:00am instead of getting some freaking sleep, that’s why. And you can do it all from the comfort of your bed. Oh wait… maybe that makes them awesome not evil :-).

Am I the only one to notice that Flickr Uploadr, as of version 3, totally sucks? Now don’t get me wrong, I’m a huge fan of Flickr but it seems like ever since they released Uploadr 3 large sets just fail to upload. I’m trying to upload a (not so) modest set of 283 pictures and I’ve had to restart the upload at least 2 dozen times. I’m going to go try jUploadr, maybe it’ll preform more admirably than the official software from Flickr.

Spaces finally brings to Mac OS X what Linux has had for ages, multiple desktops. On the surface spaces seems too basic but in true Apple fashion spaces is actually much more than meets the eye. 

Continue reading ‘Spaces : Cool Stuff In Leopard’

Compiling mod_python on Leopard is not as simple as it would appear.

Continue reading ‘mod_python on Leopard’

Why does it seem like all the important lessons in life, the ones that make you a better person that is, must be learned the hard way? Thinking back on my life I can’t think of a single life lesson that I just heard and learned from, no… I have to experience the pain to learn the lesson. Perhaps its just human nature or maybe I have lower than average people skills. Either way it sucks.

The lesson this time, I’m far too trusting of people. I actually can’t say that ever in my life I’ve been screwed quite the way I’ve just been screwed by someone I genuinely like. I’ll chose not to elaborate any more than that but the takeaway from this lesson: be very careful who you place your trust in, especially when you’ve just met them randomly. Furthermore, listen to your friends, your true friends; they really do know what’s best sometimes wether you want to believe it or not at the time.

And there you have it, your personal post for the month. Stay tuned for more posts that are (hopefully) less boring than my ramblings about my personal life.