Archive for the ‘Internet’ Category

Why Nginx+Passenger is No-Go in a Secure Environment

Posted 13 days ago by Alex in Interesting Links, Internet, Linux, Software, Technology

I’ve heard a lot of good things about Nginx. Shawn Wall mentioned how much he likes using it and how easy it is to configure. My experience with it has only been tangential at best. I’ve heard good things about it (lightweight, performant and scalable) on Hacker News and /r/programming, so when it came time to deploy a ruby application I’ve been developing, I thought I would give it a whirl.

There are many competing mantras about how to best deploy a ruby web application into a ‘production’ state. Some people just say, ‘start up your framework’s WEBrick server on 80 and go for it!’ Others, like myself want more stability and security — for that we turn to Passenger. Passenger provides support for Rackable ruby apps on Apache and Nginx.

I’ve always liked the Apache+Passenger configuration when installing on CentOS — I can schedule regular yum updates to upgrade Apache and gem updates to upgrade Passenger. This way, I know that I’ve got the latest and most secure versions running on my systems. With monitoring and testing, I know if something breaks and can fix it promptly.

After setting up my fresh CentOS 6 machine, I found the Nginx yum repos which will happily keep Nginx updated. Great. I then went about doing the usual rvm+ruby+gem+passenger dance. I ran passenger-install-nginx-module to initiate the passenger+nginx config and ran into this:

Nginx doesn't support loadable modules such as some other web servers do,
so in order to install Nginx with Passenger support, it must be recompiled.

Do you want this installer to download, compile and install Nginx for you?

 1. Yes: download, compile and install Nginx for me. (recommended)
    The easiest way to get started. A stock Nginx 1.0.15 with Passenger
    support, but with no other additional third party modules, will be
    installed for you to a directory of your choice.

 2. No: I want to customize my Nginx installation. (for advanced users)
    Choose this if you want to compile Nginx with more third party modules
    besides Passenger, or if you need to pass additional options to Nginx's
    'configure' script. This installer will  1) ask you for the location of
    the Nginx source code,  2) run the 'configure' script according to your
    instructions, and  3) run 'make install'.

Whichever you choose, if you already have an existing Nginx configuration file,
then it will be preserved.

Enter your choice (1 or 2) or press Ctrl-C to abort: 

‘Doesn’t support loadable modules’… ‘stock Nginx 1.0.15′… ‘compile’. Nope.

So… I can allow passenger to build itself into an old version of nginx (1.0.15) or I can download the Nginx source and recompile it with Passenger support. This is where Nginx lost me.

If I want to run a ruby app through Nginx using Passenger (or any other module that integrates Ruby support) I’ll have to recompile Nginx every time there’s an update to either system. Judging by the release frequency of Nginx, that requires recompiling at least once per month. Or, of course, I could just let my system languish and not upgrade regularly. That’ll only leave me open to vulnerabilities in either system, which is not cool.

So I’ll return to Apache+Passenger which supports dynamic module loading and independently updating components. A secure system is a happy system.

Stop PIPA/SOPA!

Posted 137 days ago by Alex in Interesting Links, Internet, Site updates

Happy New Year everyone!

I just got notifications that all my domains were successfully transferred to my new registrar. I’m now using DynaDot which is a vocal opponent of SOPA. The reason I transferred was partially to promote anti-SOPA messages and also for privacy reasons. Hopefully I’ll be much happier with my new service.

Check out the video below for information about PIPA/SOPA and why you should join the fight to oppose these proposed laws.

Installing FreeNAS to a flash drive on a Mac

Posted 451 days ago by Alex in Hardware, Interesting Links, Software, Technology

I’m building a NAS and decided to use FreeNAS to deploy it (rather than buy a hardware solution). The installation instructions were easy enough though they didn’t include instructions on how to install FreeNAS onto a flash drive while running a Mac. I found a 512MB flash drive that was perfectly suitable for the install.
Note: The instructions below include terminal commands. The command is presented with an example of expected output.

  1. Download the latest release of FreeNAS from the downloads page. The version I downloaded was titled ‘FreeNAS-amd64-embedded-0.7.2.5543.img’. Make sure you get the .img file, not the .iso.
  2. Plug your flash drive into your computer and open a new terminal window.
  3. Using diskutil, find the device node for your flash drive:
    mac:~ alex$ diskutil list
    /dev/disk0
       #:                  TYPE NAME                    SIZE       IDENTIFIER
       0: GUID_partition_scheme                        *500.1 GB   disk0
       1:                   EFI                         209.7 MB   disk0s1
       2:             Apple_HFS Macintosh HD            499.8 GB   disk0s2
    /dev/disk1
       #:                  TYPE NAME                    SIZE       IDENTIFIER
       0:                       CDROM                  *512.5 MB   disk1
  4. The flash drive’s device node in the above output is /dev/disk1. Now, unmount the drive:
    mac:~ alex$ diskutil unmountDisk /dev/disk1
    Unmount of all volumes on disk1 was successful
  5. Next, we’ll extract the image’s contents onto the flash drive. Warning: This will delete all of the data off of the drive.
    mac:~ alex$ sudo dd if=~/Downloads/FreeNAS-amd64-embedded-0.7.2.5543.img of=/dev/disk1
    203632+0 records in
    203632+0 records out
    104259584 bytes transferred in 66.608632 secs (1565256 bytes/sec)
  6. Lastly, eject the drive.
    $ diskutil eject /dev/disk1
    Disk /dev/disk1 ejected

Now you can use the flash drive to boot off of and run your FreeNAS instance from. Good times!

MAMP? More like LAMP.

Posted 455 days ago by Alex in Interesting Links, Internet, Software, Technology

So I was looking for web servers to run on my MBP. I came across MAMP which looks like a pretty good piece of software. While downloading I became curious if the MAMP team actually used MAMP servers.

Checking the HTTP headers revealed the following:

Server: Apache/2.2.4 (Linux/SUSE)

I’ll take that as a No.

For the record, I use the LAMP stack for my sites. I am messing around with offline development and needed an environment.

MineDraft.net

Posted 571 days ago by Alex in Interesting Links, Internet, Software

MineDraft

I, like many other Minecrafters, have lots of wonderful ideas to share with the Minecraft community. Frequently, we share our ideas by starting Minecraft, building our idea and taking screenshots and videos. These images and videos are uploaded to imgur or youtube and the links are shared. I found this to be a bit of a hassle.

Thus, MineDraft was born. With MineDraft, you can create your ideas in a simple to use interface, create a link to the design and share it with your friends. No more video editing or image cropping. No need to upload anything. Just draft and share.

MineDraft.net

Check it out on Reddit too!