Google Code could be EXTREMELY dangerous

 Engineering, Google, JCatapult, Life, Tech  1 Response »
Apr 102008
 

I host a number of projects including JCatapult over at Google code. We use the wiki over there for our documentation because it is simple and centralized. The wiki is stored inside the SubVersion repository and when you update the wiki it performs a commit to the repository. Pretty straight-forward.

One of the project members, James Humphrey, was editing our wiki last night, finished editing a page and hit Save. Rather than just updating the wiki page in SubVersion, Google’s custom built SubVersion server decided it wanted to completely revert our entire project back to revision 1. Yeah, I’m totally serious!

Well, the old revisions appear to be in the repository, but in order to clean this clandestine (hehe) mess up I’ll have go in by hand and revert our entire repository. This consists of roughly 10 sub-projects and 5 tags for each project plus branches, etc, etc. Really nasty.

So, here is my warning to all those out there that might be using Google Code, be careful. I’m working with Google right now on trying to figure out what happened and how to fix it. I’ll update this post once we figure it out.

Locking down a shared MySQL database server without firewalls, routers, etc.

 Distributed Computing, Linux, Misc, Tech  No Responses »
Mar 252008
 

I’m setting up a shared database server in a data center and I don’t have any direct connections between the machines that are local (i.e. meaning they only connect between boxes and don’t let external traffic in), no firewalls, no routes or any networking goodies. These machines only have a single ethernet card that accepts connections from anywhere. So, my concern is that my new database server needs to allow the other servers in the cluster access to MySQL without opening it up to everyone in the world, which might allow hackers access. Instead, I want to lock things down so that only certain machines can connect to MySQL and everyone else is rejected.

In order to pull this off, I’m making use of iptables, which allow me to control how IP packets are handled by the kernel. There are loads of materials out there on iptables, so I won’t go into how it works exactly. Instead, I’ll just show you all how I did it. All these commands are run as root (via sudo or as root directly):

$ iptables -A INPUT -s <ip-of-current-box> -p tcp --dport 3306 -j ACCEPT
$ iptables -A INPUT -s <ip-of-other-box> -p tcp --dport 3306 -j ACCEPT
$ iptables -A INPUT -p tcp --dport 3306 -j DROP

This allows access on port 3306 (MySQL default) to only two IP addresses and drops all other traffic on the floor. I can add as many IPs as I want by repeating the second command with a different IP.

Do we really need code reloading?

 Engineering, Java, JCatapult, Rails, Tech  4 Responses »
Mar 072008
 

With Grails, Rails, Python, etc offering developers the chance to change code, hit refresh and see the changes I often wonder if reload truly a feature that is a must have these days? It seems like it is one of the main selling point by most of the folks pushing those frameworks.

I think this is not a requirement, and doesn’t really increase productivity. Here’s why:

  • This promotes less tested code as you can code an entire app without testing at all by simply hitting refresh
  • The testing cycle is lengthy by nature, so you do any testing during development, it is going to take some time
  • Rather than using reload, if you use the development cycle of write, test, run or test, write, run, than starting up the application incurs minimal overhead in addition to running the tests

  • So, what are we really trying to accomplish while developing? Better code, less code, better tests, faster development. These things seem to imply great conventions and excellent extensibility and not reloading.

Directv media sharing

 Life, Tech, UPnP  19 Responses »
Jan 262008
 

Okay, this took me a long time to get working and I wanted to set out my steps. The most important part is noted below and it is the step that nearly everyone misses and if you don’t do it, nothing will work.

  1. Ensure that you network layout is correct by plugging in a computer to the cat5 cable you will put into the Directv DVR
  2. Attach network cable to Directv DVR
  3. Reboot Directv DVR (red button next to card)
  4. Enable and test network using Setup->Network->Connect Now and also Setup->Network->Test
  5. Turn on the media server PC and install Windows Media Player 11
  6. Open My Computer and share your My Music folder by clicking “Share this Folder” on the left side
  7. Turn off Windows firewall
  8. IMPORTANT! Open My Network Places and click “Show icons for networked UPnP devices” on the left hand side
  9. Reboot Directv DVR again
  10. Open Windows Media Player 11 and click the menu under Library called Media Sharing
  11. Check the share checkbox and the new devices checkbox
  12. You should also see “Unknown Device” in the list and click on that
  13. Hit okay and you should now see the Music and Videos option on the Directv DVR menu

GMail IMAP doesn’t work for mailing lists (conversations)

 Google, Life, Tech  4 Responses »
Dec 222007
 

Well, I think I’ll have to ditch GMail’s hosted email completely because of the way that GMail handles conversations (i.e. threads and mailing lists). After switching Inversoft and Pontarelli email to Google, I realized that GMail IMAP has a huge problem handling email sent to mailing lists. Apparently, if you send an email to a mailing list, the GMail MX server doesn’t place that email into your inbox when the mailing list sends it back to you. This is usually done by mailing lists programs like mailman and elmzm to allow you to track an email thread correctly. If you don’t have your own messages in a threaded view, you won’t be able to determine who is replying to you or what emails you have replied to.

The reason they do this is because rather than managing the GMail conversation view based on the emails in a folder, it instead manages it based on the emails in the folder and the emails you have sent. This is pretty obviously not following the KISS methodology and is probably best dropped completely in favor of a more traditional approach to threaded views. Thunderbird 2.0 provides a pretty decent threaded view of any folder and I’ve never had any issues. This is completely handled using only the emails in that folder and Thunderbird doesn’t rely on you sending emails from Thunderbird in order to handle threaded views. This is pretty smart since in many cases you can send email from an account via different SMTP servers and different programs or web applications.

Here’s the note I sent to GMail support about this issue:

This issue is known, but I wanted to let you know that it is really painful and would be a good thing to fix. The issue is that email I send to a mailing list via the GMail SMTP server or my companies SMTP server do not show up in my GMail inbox ever. The mailing list daemon is sending the email to GMail’s MX server, however, since the email was sent by the account that is receiving the email, it is never put into my inbox. Here’s an example:

1. Open Thunderbird
2. Write an email to dev@struts.apache.org
3. Send the message via SMTP server at newton.inversoft.com
4. Apache’s elmzm daemon sends the email to all the list members including brian@pontarelli.com
5. GMail’s MX server receives the email from Apache’s elmzm daemon addressed to brian@pontarelli.com from dev@struts.apache.org
6. GMail’s MX server drops the message and doesn’t deliver it because it is addressed to the account it is receiving the message for.

This is a huge issue with IMAP support and makes using GMail extremely difficult because I cannot manage threads correctly from Thunderbird since I cannot see my replies or the root message if I started the thread.

Please fix this problem because it makes the entire hosted GMail solution unusable for anyone that uses mailing lists regularly (90% of my mail comes from mailing lists).

If you need more information about the issue or help testing, please feel free to contact me. For now I will have to switch over to another email hosting provider until this is fixed.

I really hope they fix this soon because with the Google hosted business solutions this is going to cause MAJOR issues for businesses that use mailing lists for internal communication.

 Older Entries  Newer Entries