Friday, October 30, 2009

URLs and domain names in international characters

Looks like ICANN has finally approved domain names with international characters. I'm a huge fan of this change away from the english centered web. Regexes that validate domain names aren't going to cut it much longer.

Wednesday, September 16, 2009

improving mysql performance: some notes and links

  • NDB mysql clusters. Handles transactions, is about as fast as memory tables, can do replica / master-master clusters, but because it's multi-server it's fundamentally more scalable as a transaction engine.

Tuesday, September 15, 2009

ec2 security groups restrictions within the cluster

According to the Ec2 security groups documentation, within your ec2 cluster of servers, it is not possible to setup access rules within the cluster that reference both multiple groups of servers (by aws account or security groups) and ports/protocols. You authorize between multiple groups of servers, but it must be for all ports and protocols. If you are restricting by CIDR (ip addres) you can restrict by port and protocol, but not within your own cluster.
When authorizing a user/group pair permission, GroupName, SourceSecurityGroupName and SourceSecurityGroupOwnerId must be specified. When authorizing a CIDR IP permission, GroupName, IpProtocol, FromPort, ToPort and CidrIp must be specified. Mixing these two types of parameters is not allowed.
http://docs.amazonwebservices.com/AWSEC2/latest/APIReference/index.html?ApiReference-soap-AuthorizeSecurityGroupIngress.html

http://docs.amazonwebservices.com/AWSEC2/latest/CommandLineReference/index.html?ApiReference-cmd-AuthorizeSecurityGroupIngress.html

However, this documentation is straight up WRONG. It is indeed possible, although completely undocumented, to add access restrictions that reference amazon accounts, security groups, protocols, and ports all together. You can only use the SOAP API (as well as the command line tool ec2-authorize, which uses the SOAP api) to do this, not the Query API (what the amazon-ec2 and right-aws gems both use):

~> ec2-authorize backendservers -P tcp -p 8080 -u $AWS_USER_ID -o frontendservers
GROUP backendservers PERMISSION frontendservers ALLOWS tcp 8080 8080 FROM USER (redacted) GRPNAME frontendservers

Someday this will likely showup in the Query API, but until then, we're stuck coding for SOAP or referencing the command line tools to make use of this lovely feature that you'd expect would be standard. This feature has been live for well over a year (I started using it in spring of 2008), so it's really surprising that it's not available in all of the apis.

Tuesday, September 8, 2009

collectd versus munin

http://collectd.org/

* more efficient C interface than munin's cron/perl-based polling mechanism
* cleaner C interface versus munin's perl
* nice interfaces for ruby, java, C, erlang http://collectd.org/related.shtml
* lots of options for graphing, data manipulation/utilization
* similar default out-of-the-box plugins for all the major stuff; all the other ones had to be customized for munin anyhow.

Friday, August 21, 2009

Vidar tweeted this a little bit ago: http://github.com/ileitch/hijack/tree/master

Hijack: Provides an irb session to an existing ruby process.

Intro

Hijack allows you to connect to any ruby process and execute code as if it were a normal Irb session. Hijack does not require your target process to require any hijack code, Hijack is able to connect to any ruby process. It achieves this by using gdb to inject a payload into the process which starts up a DRb server, Hijack then detaches gdb and reconnects via DRb. Please note that gdb will halt your target process while it is attached, though the injection process is very quick and your process should only be halted for a few milliseconds.

Hijack uses DRb over a unix socket file, so you need to be on the same machine as the process you want to hijack. This is by design for security reasons. You also need to run the hijack client as the same user as the remote process.

Wednesday, August 12, 2009

Design Patterns for Social Experiences

A good article in ASIS&T's Bulletin about the information architecture of social experiences/interfaces.

http://asis.org/Bulletin/Aug-09/AugSep09_Crumlish.html

The associated wiki seems pretty good, too. It's a set of design patterns for these things:

http://designingsocialinterfaces.com/patterns.wiki/index.php?title=Main_Page