Recent Blog Posts
Blogs ยป Archive for June, 2005
MySQL 4.1 Binary Log name change
We recently made the jump to MySQL 4.1 at SitePoint and it’s mostly been smooth sailing. Though I have to admit that it hasn’t offered any of the performance increases that I had hoped for.
Just a heads up – as I’ve not seen this covered anywhere yet – that the default filenames created by the binary logger have changed.
In all prior versions, they were of this format:
mysql_update_log.xxx
Where xxx increments by 1 every time the logs are rotated. 001, 002, 003, etc.
(Note that the “mysql_update_log” prefix is configurable)
In MySQL 4.1, however, they are of this format:
mysql_update_log.xxxxxx
The point obviously being to cater for installations that reset the counter a lot less frequently than we do. We never get beyond 30 before a complete snapshot and a restart of update logging.
This of course broke our script that compresses these (enormous) logfiles for backup purposes and required a little Friday hack to get back on track.
No mention of this behavioural change in the 4.0 -> 4.1 upgrade FAQ.
How are you making a difference?
As web professionals, most of you have probably been quite advantaged in terms of your education and ability to earn a living.
So how are you giving back with your skills?
Please post ways you use your expertise to help others.
For instance, one Sitepoint reader has what seems to me an inspiring cause to address poverty that you might check out on his blog:
http://www.oneafrikan.com/archives/2005/06/23/g8-reboot-help-to-spread-the-word/
His example is a simple one of raising awareness of causes of interest via a blog, as well as email, etc.
In my case, I’ve started up a website that matches people with resources to those who are struggling to meet their basic needs, and it continues to gain traction (http://www.actioncorps.org). This work gets me zero consulting business, and is pure volunteer, but it feels good and right to do.
Please post two types of activities:
- Good things you do in community that gets you more visible as a professional, and thus lets you do well while also marketing your business;
- Good things you do with your Web professional skills that help make things better in the world.
Atlas: Microsoft’s Ajax toolkit
Microsoft are putting together a toolkit for doing Ajax things, called Atlas. It looks like it’ll be an ASP.NET 2.0 thing, according to Scott Guthrie from Microsoft. Reassuringly, he says “the Atlas Client Script Framework will work on all modern browsers, and with any web server”, meaning that they’re implementing Ajax-style remote scripting in a cross-browser fashion, and that’s a really nice move; MS, in the past, have tended to be rather IE-specific in this sort of thing, and a move away from that toward proper cross-browser support from their development tools can open up remote scripting to a broad swathe of ASP.NET developers who will be building cross-browser code without even necessarily knowing it. It’ll be interesting to see where this goes, but clearly the MS developers’ hearts are in the right place, and we’d all love to see more of that.
Tighten Security with DShield
A fantastic resource was passed along to me called DShield – which bills itself as a distributed intrusion detection system.
What it is really is a powerful live reporting resource on the most attacked ports, types of attacks and who the attackers are. As the folks at DShield put it – “DShield.org is an attempt to collect data about cracker activity from all over the internet. This data will be cataloged and summarized. It can be used to discover trends in activity and prepare better firewall rules.”
I recently wrote about building a firewall using iptables, and with a source such as this, one can tailor packet filtering rules to block new ports and tighten the net around your servers.
The site’s home page provides a global map showing patterns of attack types as well as a “stock” ticker of ports that breakdown types of attacks by those ports and what applications commonly use the same port.
DShield also offers an “are you cracked” search function to see if a machine you use or manage has been cracked via an IP search of the group’s database.
Finally – firewall administrators can upload their logs and contribute to the coverage data DShield …
Securing MySQL (and other databases)
In light of recent news of massive intrusions into enterprise database systems holding sensitive customer information – it is obvious reminders on hardening databases is not old news. Especially considering some of the compromises were executed only because customer data was not encrypted.
Starting with MySQL – I have assembled several links I have collected over time on securing various dbs to make compromise that much more difficult. Some information is basic fundamentals – which is great for those just starting to explore these systems – along with some links to further reading.
Something to remember (and many readers have suggested they do this already) – always use ssh when administering your remote database servers. If using a GUI tool for remote admin – be sure to select an application that supports port forwarding to a secure port.
MySQL’s site has some solid basics as well as a great Security Focus article on building a strong MySQL installation.
Tips and techniques on some other popular systems include:
IBM’s DB2 – http://www.informit.com/articles/article.asp?p=102226&rl=1
Microsoft SQL Server:
1) http://www.sqlsecurity.com/DesktopDefault.aspx
2) http://www.microsoft.com/sql/techinfo/administration/2000/security/securingsqlserver.asp
Oracle – http://www.orafaq.com/faqdbase.htm
PostgreSQL – http://www.postgresql.org/docs/8.0/interactive/admin.html
Veerle’s Charts in Illustrator CS2
I’ve spent a bit of time recently talking about some of the newer and groovier features in Creative Suite 2, so it’s great to see Veerle chime in with this easy-to-follow tutorial on producing stylish pie charts using Illustrator CS2.
I think the nicest feature is Illustrator lets you to leave the data in a permanently editable state, making it trivial to export new chart graphics as new data becomes available. I remember older versions of Freehand forcing me to re-enter the data for each chart.
In my experience the chart tools can occupy a bit of a blindspot if you don’t use them often — after a while you don’t even see that button — so if that’s you, here’s the perfect chance to get up to speed. And, of course, once you’re ‘mastered of the pie’, there’s a selection of other equally useful chart formats for you to tinker with. Very slick and quick.
Tribute to a Friend
Last week I was deeply saddened to learn of the tragic and slightly bewildering passing of Nigel McFarlane– a great friend and colleague of all of us at SitePoint.
Nigel was a widely-respected open-source expert, advocate and commentator, who worked very closely with the publishing team on our soon-to-be-released ‘Firefox Secrets’ book. His astonishing technical knowledge, concise but elegant turn of phrase and typically geeky sense of humour made him an instant hit in the SitePoint office.
We all regret both the future book projects and the future beers we’ll never get the opportunity to share with him.
A greatly missed friend.
The unsell vs. consultative selling
A previous post discussed consultative selling vs. what I called “the unsell” (e.g. not pushing a solution on customers at all). It’s worth a separate blog thread here to compare and contrast both.
First, the unsell is not a broad philosophy of how to sell, while consultative selling is. In consultative selling, which I advocate strongly, you and the client work together to develop the best possible solution for the client. It involves asking lots of questions, collaborating, and negotiating. You are an advisor who sits on the same side of the table as the client, working with him/her/them to help them get results. This process can take a while, but is well worth the effort. In my line of consulting, it is a mandatory process, and really the only way to close business.
The “unsell” referenced in the blog comes from a similar philosophy. In the “unsell,” you basically step back and let the client decide what to do. You don’t push, at least not hard. You do ask great questions about what the client needs, and present information to help them make a decision. Then you step back and let them decide. Funny thing — stepping back like that is …
Acrobat Tricks
I must admit I’ve always had a bit of a love/hate relationship with Acrobat. I’ve never been particularly enamoured with the idea of text file format that requires a 25MB reader app. On top of that, it’s performance has never been exactly sizzling either.
On the other hand, if you’ve ever taken finished artwork to a printshop, you have to appreciate PDF’s reliability and consistency.
So, is Acrobat 7.0 a step forward?
In general, it does seem like an improvement. Firstly, although it’s still a monster, they don’t seem to be loading every component by default, speeding it up.
While the performance is better, without doubt the niftiest new feature are the upgraded client review facilities.
One of the most eternally useful things about MS Word, is you can generally expect a client/reviewer to have access to a copy of it, making the process of tracking changes and comments between between iterations relatively painless. In fact, that’s still how we manage the early editing process with our books.
Unfortunately, you can never assume any given client will own a copy of Acrobat Professional, meaning that only the document author can overlay comments and markup information — that is, until now.
Now after …
Inbound email with PHP and vpopmail
I suspect many of you – like SitePoint – use PHP to process inbound email for various purposes. For example, our warehousing / fulfillment company sends us an email with an XML attachment notifying us when an order has been shipped. It includes various useful details (shipping times, tracking numbers, freight costs, etc) that we need to store in our database.
I’ve hit problems in the past trying to shoehorn this behavior into our vpopmail installation. Vpopmail is a handy set of patches for qmail that ease the handling of large numbers of email domains and users.
The key problem is, vpopmail generally runs as the “vpopmail” user, and delivers all mail while executing under this UID. Hence any scripts it invokes do not have permission to access the PHP libraries that make our applications tick.
A lot of Googleing led me no-where, other than the questionable option of making all our PHP libraries world-readable. No thanks!
I discovered that our best bet was to create a local domain to have the relevant emails delivered to. In a vpopmail installation, local domains behave just like regular qmail domains rather than vpopmail’s “virtual domain” approach.
e.g someuser@yourlocal.domain.com
where “processing.sitepoint.com” …
