GWT-WishList

As a sort of test project for a bunch of other things I was learning/doing such as AuthSub, iBatis, SQL joins, gwt authentication, etc. I created a little pet project to manage wishlists:

http://code.google.com/p/gwt-wishlist/

It is a good, relatively small, project for looking at how to integrate iBatis and GWT or AuthSub and GWT. The code is in a pretty ugly/uncommented state right now. If I get a chance I will make a blog entry about how it actually works... and comment my code.

Howto Ubuntu Intrepid Ibex 8.10 Xen Dom0

Intro

So... much to my dismay Ubuntu quit supporting Xen as a Dom0. The default kernel intrepid ships with is supposed to support being a domU, but that is just because of the addition of paravirt_ops into the standard linux kernel.

Anyway, they aren't supporting xen anymore because they are going with KVM as their server virtualization technology, and virtualbox as their destkop virt tech. Not that I am opposed to KVM, it just seems like this is a bit more complicated than xen-create-image... especially since I am not familiar with it.

As it so happens there are a couple branches of 2.6.27 linux xen kernels, and while they are not official, they seem to be working well. I think that the plan is to integrate dom0 functionality into the paravirt_ops, which basically means creating the backend drivers, but since that is not completed yet, we will need to use one of these unstable branches to get a functioning dom0 with a recent kernel (although they seem very stable to me -- the one I'm using is from Novell Suse).


Howto:

Install a fresh Ubuntu Server 8.10 AMD64. I opted for lvm, but that is certainly not necessary. Luckily Xen 3.3.0 is in the intrepid repos, unfortunately it doesn't have a compatible linux kernel, so we have to download, compile, and install one.

Note: MAKE SURE ITS AMD64, apparently there are build problems with 32bit. Besides there really is no point to have a 32bit dom0 -- it can't see more than like 3gb of ram, and you can always make 32bit domUs.


sudo apt-get install ubuntu-xen-server build-essential libncurses5-dev gawk mercurial
mkdir -p /home/#user#/build/linux-2.6.27-xen
cd /usr/src/
sudo hg clone http://xenbits.xensource.com/ext/linux-2.6.27-xen.hg
cd linux-2.6.27-xen.hg
make O=/home/#user#/build/linux-2.6.27-xen/ menuconfig
make O=/home/#user#/build/linux-2.6.27-xen/ -j12 #put number of cores X1.5 here#
sudo make O=/home/#user#/build/linux-2.6.27-xen/ modules_install install
sudo depmod 2.6.27.5
sudo mkinitramfs -o /boot/initrd-2.6.27.5.img 2.6.27.5


The most important part here is the menuconfig, by default none of the xen stuff is enabled. I had to disable 10000 Mbps ethernet (ixgbe), the slub allocator, and perfmon (or maybe I selected that and shouldn't have) because they wouldn't compile. You can either build two kernels, one with backend drivers (dom0), and the other with frontend drivers (domUs), or you can put both of them in one build and use the kernel for both dom0 and domUs. See this and this for various xen options. Pushing h in the menuconfig helps a lot

Now you have to edit your /boot/grub/menu.lst to boot to the new kernel under xen. It should look something like:


title Xen 3.3 / Ubuntu 8.10, kernel 2.6.27-xen
uuid 538bd858-c116-45e8-bbb5-93c073464889
kernel /xen-3.3.gz
module /vmlinuz-2.6.27.5 root=/dev/mapper/LVMVG-LV ro console=tty0
module /initrd-2.6.27.5.img


You should now be able to boot in to xen by simply rebooting. If your dom0 doesn't come up then simply reboot and change the grub selection to the non-xen and fix whatever it is you broke ;p.

Oddly the ubuntu-xen-server doesn't include hardy or intrepid configs for it's xen tools configs. This will fix that though:


sudo ln -s /usr/lib/xen-tools/edgy.d /usr/lib/xen-tools/hardy.d
sudo ln -s /usr/lib/xen-tools/edgy.d /usr/lib/xen-tools/intrepid.d


Now you can create an intrepid image using:


sudo xen-create-image --hostname=somehost.example.com --size=10Gb --swap=2Gb --ide --mac=00:00:00:00:00:00 --memory=2Gb --arch=amd64 --lvm=VolumeGroup --kernel=/boot/vmlinuz-2.6.27.5 --initrd=/boot/initrd-2.6.27.5.img --install-method=debootstrap --dist=intrepid --mirror=http://archive.ubuntu.com/ubuntu/ --passwd --accounts --dhcp

---------------------Cut---------------------------
You might be able to fix this somewhere in the default config, but you need to change the console both in the generated .cfg file and in the actual disk image it created:


sudo echo "console='xvc0'" >> /etc/xen/somehost.example.com.cfg
sudo mkdir /media/domudisk
sudo mount /dev/mapper/LVMVGroup--somehost.example.com--disk /media/domudisk
cd /media/domudisk/etc/event.d/
sudo nano tty1
cd ~
sudo umount /media/domudisk


On the last line change 'tty1' to 'xvc0'.
---------------------------------------------------
Update: You can fix this with a config:

sudo su
echo "console='xvc0'" >> /etc/xen-tools/xm.tmpl

(sudo echo doesn't work for me...)
Then add the line "sed -i "s/tty1/${serial_device}/" ${prefix}/etc/event.d/tty1" to /usr/lib/xen-tools/edgy.d/30-disable-gettys, so that last if section reads:

#
# Are we using an alternative serial device?
#
if [ ! -z "${serial_device}" ]; then

serial_device=`basename ${serial_device}`
echo "Setting DomU Serial Device to $serial_device"
# Let the user know.
logMessage "Replacing default serial device (tty1) with ${serial_device}"

# replace existing device.
sed -i "s/tty1/${serial_device}/" ${prefix}/etc/event.d/tty1
mv ${prefix}/etc/event.d/tty1 ${prefix}/etc/event.d/${serial_device}
sed -i -e s/tty1/${serial_device}/ ${prefix}/etc/inittab

# make sure that it is allowed to login.
echo $serial_device >> ${prefix}/etc/securetty
echo "Serial device set"
echo $serial_device
fi


and, finally, uncomment "serial_device = xvc0" and "disk_device = xvda" in /etc/xen-tools/xen-tools.conf

There are other goodies in /etc/xen-tools/xen-tools.conf (such as defaults for image creation) too.


The vanilla kernel that ships with Ubuntu as well as building a new kernel from kernel.org (if you enable the paravirt_ops and frontend drivers), will both run as domUs, you simply have to change the hda/sda references in the cfg file to xvda manually, or you can uncomment the "disk_device = xvda" in /etc/xen-tools/xen-tools.conf. MAKE SURE YOU COPY YOUR /lib/modules/2.6.27.whatever over to the domU drive!!! xen-tools will not do this for you (without more script mods at least -- a simple hack would be to replace what /usr/lib/xen-tools/edgy.d/80-install-modules does with cp -r /usr/lib/modules/* ${prefix}/usr/lib/modules).

To build the latest linux kernel:

mkdir -p /home/user/build/linux-2.6.27/
git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-2.6.27.y.git
cd linux-2.6.27.y
make O=/home/#user#/build/linux-2.6.27-xen/ menuconfig
make O=/home/#user#/build/linux-2.6.27-xen/ -j12 #put number of cores X1.5 here#
sudo make O=/home/xepra/build/linux-2.6.27.y/ modules_install install
depmod 2.6.27.9
mkinitramfs -o /boot/initrd.img-2.6.27-9 2.6.27.9


Notes:

I will update with some more details... hopefully

On another note -- I actually did this with a gentoo install cd initially and booted directly to a xen kernel. It worked surprisingly well, especially since I am a gentoo neophyte, but there weren't any image creation tools. After manually creating a domU and getting it running I had all sorts of networking problems that I never had with Ubuntu... so I went back to Ubuntu.

I also went through this process on Debian lenny, but also had some problems; I think xen 3.3 wasn't in the repos so I had to compile it from scratch... I also was using grub2, which was a bit different, but not hard to figure out and get working.

Update: It looks like Boris Derzhavets used this entry and did a follow up with a lot more detail, screen shots, and output.

Passwords

In this post I mentioned that you should not use the same password for everything due to a number of security reasons. I also mentioned that you shouldn't store your passwords unencrypted anywhere.

Most people aren't going to remember a different password for every website/computer/email address they use. So what should you do?

Well the first option is to store them in an encrypted file (which requires a password to access...). Also, if you ever lose that file (stolen, deleted, hard drive crash, etc) then you are SOL.

The way I solve this problem is to use a predefined pattern to modify a base password. For a simple example say your base password is "VerySecret7" then you could make your password for Gmail "GerySecret7" and your password for Facebook "FerySecret7". Granted this is not a very secure example (yet still much more secure than the same password!), but you can extend this to make more complicated patterns. For example:

1. Use the next letter of the alphabet so the connection isn't as apparent. (thus "HerySecret7" for Gmail and "EerySecret7" for Digg)

2. Convert letters to numbers. ("7erySecret7" Gmail and "25erySecret7" for Yahoo).

3. Take multiple letters from the service name. (IE take the first and third letter and put them at the end -- "VerySecret7Ga" for Gmail or "VerySecret7Fc" for Facebook)

4. Use classes of passwords. (For banks use "SuperSecret39" for your base password, then apply your normal pattern to it.) This is probably overkill if you have a half decent pattern/base password.

5. If the first letter of the service starts with a letter after M spell your base password backwards. (Also probably overkill)

6. You get the idea, basically whatever you can think of. Combinations of patterns will be more secure, and symbols, caps, and numbers always improve password security.


Get creative, but not so creative that you won't remember it... Just be consistent. A relatively simple pattern such as take the letter after the first letter of the service name and add it to the front, then convert the last letter to a number gives you a pretty secure password and fairly unrecognizable pattern ("Hery11ecret7" for gmail).

It would be very hard for someone who has one of your passwords to both know you are using a pattern and discover your pattern (if it is half decent, not VerySecret7Gmail...). On the other hand it *should* remain easy for you to remember all of your passwords without writing them down.

The big drawback of this is that you can't change just one password without breaking the pattern, so to change one password you need to change all of them...


This technique is essentially a simple hash function. If you have a better solution (IE it solves the above problem), please let me know :).

iPhone Goodness

Some useful iPhone tidbits:

1. All of the below is contigent on jailbreaking. Really this is the only way I could ever justify buying an iPhone... Thanks a lot to the iphone-dev team. You guys rock.

2. If you want to develop an iPhone application, and don't want to pay apple, wait for their certificate, or go through their application review process then you should try: http://www.saurik.com/id/8 and Cydia for development, deployment, and distribution. In general everything by saurik is badass and worth reading.

3. If you want to be able run official applications in the back ground (for example listen to pandora while looking up something on maps) checkout "backgrounder" on cydia.

4. If you write your own app, and don't care about releasing it in the app store, you can run it in the background using:



@interface Thing : UIApplication {
}
@implementation Thing
- (void)applicationSuspend:(UIApplication *)application {
[super applicationSuspend: application];
}



Thanks AlJaMa in iphone-dev irc for that. (I haven't tried it yet)


5. If you want to be able to use Fring (or other wifi limited applications) over the cellular network, then there is a patch on cydia for that too: Voipover3g. You can apparently specify which applications to spoof wifi access for by editing /Library/MobileSubstrate/DynamicLibraries/VoIPover3G.plist

The default config looks something like: "Filter = {Bundles = ("com.Fringland.Fring", "com.apple.AppStore", "com.audiofile.Interstate", "com.apple.MobileStore");};"


6. I haven't tried Erling's accelerometer hack on 2.x firmware yet, but hopefully it still works (allows you to adjust sample rate): http://blog.medallia.com/2007/08/iphone_accelerometer_source_co.html

UPDATE: It appears that there is a way to use the SDK to set the sample rate through UIAccelerometer.

7. http://www.cocoamachine.com/blog/ has also been a good resource. And of course there is always #iphone-dev on irc.osx86.hu

8. There are some headers missing from the official framework. You should be able to do a class dump:

class-dump -H /Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator2.0.sdk/System/Library/Frameworks/UIKit.framework/UIKit -o output-directory

The file it spits out is mach-o.

9. PDANet also from cydia, allows you to share the iphones 3g connection via wifi.

10. Netatalk appletalk / general storage.

11. DiskAid

Other: terminal, hp calc, stumbler plus, and on the app store Rooms (irc) and motionX dice.

GWT RPC Exceptions

So... Most of GWT's documentation is pretty good, but the part about RPC exceptions is kind of lacking.

I found some posts such as:

http://groups.google.com/group/Google-Web-Toolkit/browse_thread/thread/c048700dcaee7b2a
http://astithas.blogspot.com/2007/08/case-of-disappeared-exception-message.html
http://blog.platinumsolutions.com/node/198


But all of them mentioned the now deprecated SerializableException. According to the API this was deprecated because Exception implements Serializable, and thus a normal exception should work fine... (http://google-web-toolkit.googlecode.com/svn/javadoc/1.5/com/google/gwt/user/client/rpc/SerializableException.html)

Unfortunately I was still getting the "the call failed on the server see server log for details" message from exceptions that reached the client.

Anyway, the solution I reached was very, very, simple. My ServiceImpl class throws a standard RuntimeException ("throw new RuntimeException("Epic Fail");"). But this is what I was already doing that didn't work. I had to add "throws Exception" to the method, and thus the client side service interface as well. Worked like a charm after that.


public interface SomeService extends RemoteService {
void doSomething(Object someObject) throws exception;
}

public interface SomeServiceAsync {
void doSomething(Object someObject, AsyncCallback callback);
}

public class SomeServiceImpl extends RemoteServiceServlet implements SomService {
public void doSomething(Object someObject) throws Exception {
if(epic.fail())
throw new RuntimeException("Epic Fail");
else
doSomethingCool();
}
}


Too many choices for RIAs...

Notably this, like most of my ramblings, is mainly for thought aggregation and self-reference later, in this case mainly keywords to look up, but if it helps you out then good :).

The number of options for web development is overwhelming! The more complex the application is, the more options you have. For a simple web page its easy -- HTML, and if you want to get fancy you use javascript and CSS. More than that is when it starts to get complicated, you have Javascript libraries like jQuery and Dojo or embedded stuff like Flash, Java Applets, and, now, Silverlight.


Now what if you want to do something on the back-end? There's SSI, PHP, ColdFusion, Python, Java Servlets, JSP, Java Restlets, Ruby... and the list goes on. Hell, if you wanted to you could write the whole thing, web server and all, in C or C++ -- at least it would be fast as hell :).

Now what about databases? MySQL is kind of the open source standard that seems to scale well, but enterprises tend to lean towards PostgreSQL or commercial options like MSSQL and Oracle. I also took a look at FirebirdDB, which looks very interesting. In all honesty I am surprised that more people don't use FirebirdDB and PostgresSQL over MySQL. Then there is also Hadoop... but thats not even SQL.

Then there are database abstraction layers (DALs), and the selection depends on your language. With PHP the most promising ones (for me) are PEAR DB and adoDB (which actually can run some native C code to speed things up, very cool). adoDB works with Python too. In Java there are Spring, Hibernate, and iBatis. I don't even know all the options for the other languages. While there are arguments against database abstraction, some of the solutions make coding much simpler and faster. ORMs in particular look very useful.

Once you start getting more complex interfaces you have to worry about cross browser compatibility which is just nasty. Coding for IE6 as well as standards compliant browsers was awful, just awful. Not to mention debugging and writing maintainable code is non-trivial (thank god for firebug). In short it is a layer that a system architect for a complex RIA just does not want to deal with. There are various options for circumventing this, even some CMSs such as Drupal and Wordpress do this indirectly, but there are a couple packages that do this very elegantly and quickly such as OpenLaszlo, Adobe Flex, and Google Web Toolkit, and one other one I can't think of right off. Here is an interesting article comparing those three.

Next you need to consider reliability, performance, scalability, and code maintenance. In enterprises performance is irrelevant if it is scalable -- you can always just throw more servers at it. This is one reason Java has been so well adopted on an enterprise level; even though it is very slow when compared with C or C++, it is scalable, more flexible, and produces more maintainable code. "Programmer performance is worth far more than system performance ;-)." [1].

For scalability you can look at products like Squid which will do reverse caching and load balancing for web pages as well as sqlrelay which will do connection pooling and load balancing for sql servers. http://danga.com has some cool stuff too.

Since most of these technologies are interchangeable, you can mix and match almost any combination of them; this creates a huge number of deployment options. Hmm, maybe I will do GWT -> PHP -> adoDB -> SQLRelay -> MySQL. Or you could even do PHP -> Python -> PostgresSQL, if you decided you like Python for some of your server interactions and PHP just for templating, and, in this case, you opted not to have a DAL. These are important decisions to make before a project begins, as backtracking can be prohibitively expensive and choosing the wrong architecture can cause problems with stability and development; even worse is its hard to predict how it will scale until the application is completely written. Luckily for small, homebrew, applications almost all of these technologies will be able to handle any load you throw at it, so the common recommendation is do it however you are comfortable with, but when you get in to large enterprise applications then things like persistent database connections, clustering, stability, and collaborative code development need to be carefully considered.

This brings me to a minor point - in my experience it is much easier to write bad PHP code than good PHP code, where as it is much easier to write good Java code than bad Java code. Granted there are exceptions, but the loose typing and script like nature of PHP can very easily lead to unreadable code. Java, on the other hand, is strictly object oriented and tends to lead to better design patterns. Sure a bad coder can screw up either royally, but it is something to consider while choosing a collaborative language.


So far, after looking at all of these packages, GWT -> JBoss -> iBatis -> WhateverSQL [2] looks very, very, promising for quickly producing scalable and maintainable RIAs. GWT makes communication between a browser and a Java Servlet seamless and lets you stay away from the HTML/Javascript pit of death. JBoss has all sorts of neato scalability. iBatis looks like a great ORM that doesn't abstract the SQL too much; it also does connection pooling and balancing. Lets assume WhateverSQL has seamless clustering and replication ;). This looks much easier (and cleaner!) than HTML -> JavaScript -> PHP -> adoDB -> SQLRelay -> WhateverSQL. We'll see how it goes. Here is a nice little tutorial for GWT + iBatis.



[1] rycamor
[2] I actually just don't want to put that I am using Oracle for this particular project... Who the hell pays $40,000+ for one license when there are so many free options? It may have some cool features, which I have yet to see, but unless it writes the damn webapp for you then just use Postgres.


Alphabet Soup:

PHP -> PHP: HypeText Preprocessor
RIA -> Rich Internet Application
SQL -> Structured Query Language
HTML -> HyperText Markup Language
GWT -> Google Web Toolkit
MSSQL-> Microsoft SQL
CSS -> Cascading Style Sheet
adoDB-> Active Data Objects DataBase
ORM -> Object Relational Mapping
SSI -> Server Side Includes
JSP -> Java Server Pages

Multiple Desktops in Linux (even Remote ones...)

Although I love the ability to control Linux PCs and servers remotely with ssh and X tunneling, I was never satisfied with VNC as a complete Remote Desktop solution. For starters it is insecure and to secure it you have to jump through a couple hoops. The biggest problem, however, is that you already have to have a session running on the remote computer in order to use VNC.

I wanted an easy to use, built-in, secure way to get a complete remote desktop on a Linux machine at any time, from anywhere.

Luckily I found one:

1) go to a new terminal via ctrl-alt-f2 and login.
2) type "xinit -- :1". This should pop up a new instance of x with a terminal running. I had to mouse over the terminal to type.
3) type "ssh -CX user@host" and login to the remote server (C is compression...)
4) now type "gnome-session" or "startkde" or whatever desktop you want to start.

Thats it. No special programs and it is already encrypted through an ssh tunnel =).

To close this desktop type "ctrl-alt-backspace".
To get back to your primary desktop type "ctrl-alt-f7".
To switch back to the remote desktop type "ctrl-alt-f9".

You can open another desktop if you would like even with these two open, just use "xinit -- :2" which will be on the f10 terminal... You can do as many as 5 or 6.


If you want another local, rather than remote, desktop you can just ignore the ssh step (3) and just start the new desktop locally. This will allow you to run kde, gnome, and xcfe side by side and switch between them with a single key combo.


Also, you may find it useful to know that many programs have a --desktop option that allows you to open programs on any desktop from any terminal. ie "firefox --desktop :1". If you have multiple monitors you can even do "firefox --desktop :1.1" to specify the second monitor.


If you want to do this from windows just use a program like Xming :). Although the beta xrdp project is kind of interesting, it still seems a bit rough around the edges. The only thing that this doesn't really allow you to do is resume already running sessions :/

Update: What I was looking for was Xephyr. Works like a charm: http://ubuntuforums.org/showthread.php?p=3816948#post3816948 (The whole terminal thing is still cool tho =p)

Compiling VLC in 64 Bit Ubuntu 8.04.1

If you haven't compiled VLC recently then you may be caught off guard by a couple changes made. The --with-ffmpeg-tree is now deprecated because ffmpeg started using the pkg-config system. Also the version of live555 in the Ubuntu repositories is currently too old - you will have to compile that yourself as well.

Hopefully, since you are trying to compile something, you are tech savvy enough to understand a shell script just about as well as my ramblings, so I'll just paste that:


#!/bin/bash

#get dependencies
sudo apt-get install cvs build-essential subversion git git-core automake1.9 libtool libgcrypt-dev libfaad-dev libtwolame-dev libqt4-dev libjack-dev libfaac-dev liblame-dev libxpm-dev libcddb2-dev liblua5.1-0-dev libzvbi-dev libshout-dev wget

#get the latest live555
wget http://www.live555.com/liveMedia/public/live555-latest.tar.gz
tar -xzvf live555-latest.tar.gz live
cd live
#modify config.linux to add -fPIC to the first line (for 64bit only)
mv config.linux config.linux.orig
echo `head -1 config.linux.orig` -fPIC > config.linux
tail -16 config.linux.orig >> config.linux
./genMakefiles linux
make -j 8

#get vlc
cd ~
git clone git://git.videolan.org/vlc.git
cd vlc/
./bootstrap

#git x264
cd ~/vlc/extras/
git clone git://git.videolan.org/x264.git
cd x264
./configure --enable-pic --disable-asm
make -j 8
sudo make install

#ffmpeg (need amr?)
cd ~/vlc/extras/
svn co svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
cd ffmpeg
./configure --enable-gpl --enable-postproc --enable-pthreads --enable-libmp3lame --enable-libfaac --enable-swscale --disable-static --enable-shared
make -j 8
sudo make install

# this is for that pkg-config system ffmpeg now uses
export PKG_CONFIG_PATH="/usr/local/lib/pkgconfig/"

#build
cd ~/vlc
mkdir build
cd build


#originally I had this configured for no gui - you may need to play with it.
#watch for warnings - it will still compile with missing functionality if you are missing needed libraries
../configure --prefix=/usr \
--enable-snapshot --enable-debug \
--enable-dbus --enable-dbus-control --disable-musicbrainz \
--enable-shared-libvlc --disable-mozilla \
--enable-lirc \
--enable-x264 --with-x264-tree=../extras/x264 \
--enable-shout --disable-taglib \
--enable-v4l \
--enable-dvb \
--enable-realrtsp --enable-real --disable-xvmc \
--enable-svg --enable-dvdread \
--enable-dc1394 --enable-dv \
--enable-theora --enable-faad \
--enable-twolame --enable-real \
--enable-flac --enable-tremor \
--enable-skins2 --enable-qt4 --enable-x11 --enable-xvideo\
--enable-ncurses \
--enable-aa --enable-caca \
--enable-esd --disable-portaudio \
--enable-jack --disable-xosd \
--enable-galaktos --enable-goom \
--enable-ggi \
--disable-cddax --disable-vcdx \
--disable-qte --disable-quicktime --disable-lua \
--with-live555-tree=~/live \
--enable-libmpeg2 --enable-mkv \
--enable-ogg --enable-vorbis --enable-release --disable-hd1000v > config.out

make -j 8



Note that I use make -j 8 rather than just make because I am compiling with multiple cores (in this case it was 6 - it is usually good to start a couple more threads than the number of cores you have).

I had to add "--disable-static --enable-shared" to the ffmpeg or else it wouldn't compile - I think it had to do with some 64 bit PIC problems.

Notice the --disable-asm in the x264 config. This is BAD. The latest version of yasm in the Ubuntu repositories is not new enough for x264. This will be fixed in the next release of Ubuntu, but if I get around to it I will post an update before then.

Security

Most people, tech and non-tech alike, have some very basic, easily correctable, user created security holes. Here are the most common I run in to:


1. If you use Firefox to store your passwords and don't set a master password then anyone who uses your computer can view your password in clear text with about 5 clicks - or about three seconds. Either don't use Firefox to store your passwords or set a master password. Be aware that other browsers have similar security issues when storing passwords.

2. Do not use the same password for everything. If someone manages to hack, crack, steal, or find out your password any way then they will have access to all of your accounts that use that password. Anyone who runs a website has access to the password you use at their website; do you trust them? Also many sites do not use encryption while authenticating you, thus your password is sent in clear text over the internet for anyone to see.

3. Check to see if a website is using encryption, especially for authentication. (You can check by looking at the url, which should start with https://, and there is usually a padlock in the bottom right corner of your browser.) Gmail by default only uses encryption to authenticate you; all of your email is sent unencrypted - this includes any passwords that are emailed to you by other websites. Last month they (finally) added a setting to always use encryption, but it isn't enabled by default... If a website does not use encryption for authentication then be very, very, sure to use a different password for that website.

4. Your email is a security hole for all the accounts tied to it. Be careful to not leave your email logged on anywhere other people have access to it. If you use email on a mobile phone/device then be sure to that it is protected with a pin or password. (*cough* iPhone *cough*)

5. Anyone with physical access to your computer can access all of your files in the time it takes to reboot the PC, regardless of whether you have it password protected. It is ill-advised to store passwords in a text file on your computer. There are plenty of programs that allow you to store passwords in an encrypted format (including Firefox, if you set a master password). If you have a lot of sensitive data then you may want to look in to full disk encryption, such as LUKS (Linux only...).

Darwin Streaming Server 6.0.3 on Linux

Quick tutorial for installing DSS on Ubuntu 8.04.1 64bit (x86_64).

Most of these details can be found here: http://dss.macosforge.org/trac/ticket/6

Hopefully they will integrate these patches in to the next release, but until then here are the build instructions for Ubuntu:

Download DSS 6.0.3: http://static.macosforge.org/dss/downloads/DarwinStreamingSrvr6.0.3-Source.tar

Download this patch: http://dss.macosforge.org/trac/raw-attachment/ticket/6/dss-6.0.3.patch (Thank you Sverker Abrahamsson!)

And this patch: http://dss.macosforge.org/trac/raw-attachment/ticket/6/dss-hh-20080728-1.patch

Finally get the modified Install script: http://dss.macosforge.org/trac/raw-attachment/ticket/6/Install

The basic process is:

1. Get the build dependencies from the repositories.
2. Set up the qtss user (this is because the Install script does it in a way that is incompatible with Ubuntu)
3. Extract the source code.
4. Apply both patches.
5. Replace the Install script and chmod +x it.
6. Compile.
7. Install.

Notably for ssl admin you need the openssl and libnet-ssleay-perl packages, unfortunately even with these packages I was unable to get ssl admin to work.

I created the modified Install script; you can do a diff with the original if you want to see what I changed. Mostly just the paths were broken, but I am guessing that some other modules and such will probably not work.

Here is the bash script I used to do everything (including automatically download everything):


#!/bin/bash

sudo apt-get install build-essential wget
sudo addgroup --system qtss
sudo adduser --system --no-create-home --ingroup qtss qtss

wget http://static.macosforge.org/dss/downloads/DarwinStreamingSrvr6.0.3-Source.tar
tar -xvf DarwinStreamingSrvr6.0.3-Source.tar
mv DarwinStreamingSrvr6.0.3-Source DarwinStreamingSrvr6.0.3-Source.orig
wget http://dss.macosforge.org/trac/raw-attachment/ticket/6/dss-6.0.3.patch
patch -p0 < dss-6.0.3.patch
mv DarwinStreamingSrvr6.0.3-Source.orig DarwinStreamingSrvr6.0.3-Source
wget http://dss.macosforge.org/trac/raw-attachment/ticket/6/dss-hh-20080728-1.patch
patch -p0 < dss-hh-20080728-1.patch
#need to answer n then y
cd DarwinStreamingSrvr6.0.3-Source
mv Install Install.orig
wget http://dss.macosforge.org/trac/raw-attachment/ticket/6/Install
chmod +x Install
./Buildit
sudo ./Install



Update 2/2/2009: I changed the links to all point to dss.macosforge.org, which is a much more reliable host. Everyone should also take a look at that thread, as there are a lot of updates, including a newer patch from Horace Hsieh. I haven't played with this in a while, but if I get a chance I will try to update this with the newer patch. Please let me know if there are any problems (I just turned comment notifications on :/).