Hard Drive Upgrade

By · Published · apple, mac, osx

So Sunday night, my iMac died.

been having strange problems the few months leading up to it. Mostly random freezes. I always notice when they happen because I leave Mail.app running all the time to filter my messages, so when my iPhone would start going crazy, I'd know it had crashed again. It actually happened while I was out of town in Atlanta earlier this year, so all weekend my phone was constantly buzzing.

Well, Sunday while we were working in the yard, I had set up a DVD rip job - my current project is digitizing all my DVDs for the AppleTV - to run, and while we were working it randomly reset itself and got all sluggish. That night, I tried to boot of the Snow Leopard DVD to run Disk Utility, and it couldn't even mount the drive and refused to repair it. Couldn't reboot either. I tried DiskWarrior, and that fixed things up enough to boot it, but it was REALLY SLOW (it took 10 minutes to boot). It was good enough to get the last few remaining files that hadn't been backed up yet onto the external drive. Then, I tried reinstalling, and it never came back. My conclusion, since I could still boot fine from the DVD, was dead hard drive.

The original hard drive was 500GB, but I figured I'd upgrade while doing this. Ordered a new 1TB hard drive via a deal at work and had it overnighted. It arrived yesterday. And, after some interesting surgery (who says you can't work on Macs!), got it installed, formatted, and Snow Leopard reinstalled.

You know, I remember the first computer I owned that crossed the 1GB barrier, back in late 1999. I guess I'll have to remember this one, too.


Scripting iTerm with AppleScript

By · Published · apple, applescript, mac, osx

Every day, when I get to work, there are a number of tasks I do. Among the first thing I do is connect to a number of servers via SSH. These servers - our development testing, staging, and code rolling servers - are part of the development infrastructure at dealnews.

So every morning, I launch iTerm, make three sessions and log into the various servers. Over time, I've written some helper scripts to make this faster. My "go" script contains the SSH commands (using keys) to log into these machines so that all I have to do is type "go rpeck" to log into my development machine.

Still, this morning, the lunacy of every morning having to open iTerm and execute three commands, every day without fail, struck me. Why not script this so that, when my laptop is plugged into the network at work, it automatically launches iTerm and logs me into the relevant services?

Fortunately, iTerm exposes a pretty complete set of AppleScript commands, so with a little work, I was able to come up with this:

tell application "System Events"
    set appWasRunning to exists (processes where name is "iTerm")

    tell application "iTerm"
        activate

        if not appWasRunning then
            terminate the first session of the first terminal
        end if

        set myterm to (make new terminal)

        tell myterm
            set dev_session to (make new session at the end of sessions)
            tell dev_session
                exec command "/Volumes/iDisk/bin/go rpeck"
            end tell

            set staging_session to (make new session at the end of sessions)
            tell staging_session
                exec command "/Volumes/iDisk/bin/go staging2"
            end tell

            set nfs_session to (make new session at the end of sessions)
            tell nfs_session
                exec command "/Volumes/iDisk/bin/go nfs"
            end tell

            select dev_session
        end tell
    end tell
end tell

What this little script does is, when launched, checks to see if an instance of iTerm is already running. If it is, it just creates a new window, otherwise creates the first window, then connects to the relevant services using my "go" script (which is synchronized across all my Macs by MobileMe).

Then, with it saved, I wrap it in a shell script:

#!/bin/bash
/usr/bin/osascript /Users/peckrob/Scripts/launch-iterm.scpt

And launch it with MarcoPolo using my "Work" rule that is executed when my computer arrives at Work. Works great!


DD-WRT Hacks, Part 2 - Setting up an OpenVPN Server

By · Published · dd-wrt, networking

In my previous entry, I wrote about how awesome DD-WRT is, and how it had replaced a number of network devices allowing me to reduce the number of machines at home I had to administer. I finished the article by talking about how I'd set up a VPN tunnel to the office so multiple machines - namely, my Macbook Pro and my iMac - could access company resources at the same time.

But at the end, I mentioned that PPTP was _not _what I was using to connect myself back to my home network when I'm on the road. But why?

Two words: broadcast packets.

PPTP, by default, does not support the relaying of broadcast packets across the VPN link.* For Mac users, this means Bonjour/Rendezvous based services such as easily shared computers on a network are not accessible as they rely on network broadcasts to advertise their services.

PPTP can support broadcast packets with the help of a program called bcrelay. This program is actually installed on DD-WRT routers even, but does not work even though the DD-WRT web GUI claims that they can support relaying broadcast packets. To verify, you can drop to shell and try yourself:

[email protected]:~# bcrelay
bcrelay: pptpd was compiled without support for bcrelay, exiting.
         run configure --with-bcrelay, make, and install.

The version of pptpd that ships with v24sp2 of DD-WRT lacks bcrelay support. It's important to note that this doesn't mean the services are completely inaccessible. You can still reach them if you know IP addresses. Good for people with and understanding of networking, but not good for people like my wife and definitely not the "Mac way."

So, what options are left, if no PPTP?

Enter OpenVPN

OpenVPN is a massively flexible (and therefore massively difficult to configure) open source VPN solution. DD-WRT ships with OpenVPN server available with support for broadcast packets, so that is what I decided to use.

A couple of notes before you begin. There are some tradeoffs to using OpenVPN. Perhaps the biggest is that it's not natively supported on any operating system (unlike PPTP). That means on Windows or Mac, you'll need a third-party client. And it's not compatible at all with iPhones, iPods or iPads (unless they're jailbroken). It is also much more difficult to configure that the relatively easy and reasonably well documented PPTP server setup. It was a worthwile tradeoff for me, but it may not be for you.

So, before you begin, you'll need the following:

  • You have already configured your router using DD-WRT and have the most recent release (as of this writing, v24-sp2), VPN version installed.

    • The version number should be in the upper right corner of the web admin. If it says “std” or “vpn,” you’re in good shape. If it says “micro,” you probably don’t have the necessary tools.
  • You possess some basic understanding of networking, and have the necessary settings to complete a VPN connection. If you’ve gotten as far as flashing with third-party firmware, you probably do.

  • You understand that there is the possibility, albeit remote, that you could brick your router. I am not responsible for that, which is why I suggest you purchase an additional router to get all this set up on first before sacrificing your primary router.

  • You're not scared of the shell.

  • You must sacrifice a goat to the networking Gods.

For reference, my network uses 192.168.1.x for addresses. This can cause problems as it's incredibly common for LANs. You may want to change your addresses to something less common. Not that big a deal for me, though. I also have mine set up in bridged, as opposed to routed, mode. I thing this is smarter (and easier), but if you're curious, the difference is explained here.

The first thing you need to do is install OpenVPN on your client machine. Even if you intend to use something different, you still need to install it so that you can generate all the certificates you'll need. On a Mac, I find the best way to do this is with MacPorts.

toruk:~ peckrob$ sudo port install openvpn2

It'll crank for awhile compiling and installing what it needs, so go get a snack. Then, once you have it installed, head over to /opt/local/share/doc/openvpn2/easy-rsa/2.0/ and run the following commands:

source ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
./build-dh

At each stage, it will ask you questions. It is important to provide consistent answers or you will get errors. Importantly, don't add passwords to your certificates. Once you are finished, you will find all your keys in the keys/ directory.

Now, the fun part.

Head over to the keys directory (/opt/local/share/doc/openvpn2/easy-rsa/2.0/keys). There should be a bunch of files in there. In a browser, open up your router's web admin, and go to Services -> VPN.

  1. Under OpenVPN Daemon, next to "Start OpenVPN Daemon," select "Enable"

  2. "Start Type," set to "WAN Up"

  3. CA Cert. Go back to your shell and "cat ca.crt". Past everything between the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" including those two lines. You must include the BEGIN and END for this to work on each one! (This was a major trip-up for me).

  4. "Public Client Cert," go back to shell and "cat server.crt". Past everything between the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" as above.

  5. "Private Client Key," go back to shell and "cat server.key." You need everything between "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----" as above.

  6. "DH PEM," go back to shell and "cat dh1024.pem". You need everything between "-----BEGIN DH PARAMETERS-----" and "-----END DH PARAMETERS-----" as above.

The important not above is to include the lines containing "----whatever----". Not doing this cost me about 3 hours of messing around until I figured this out.

With that all complete, it's now time for your server config. Here is my server config:

mode server
proto tcp
port 1194
dev tap0
server-bridge 192.168.1.1 255.255.255.0 192.168.1.201 192.168.1.210
 # Gateway (VPN Server)   Subnetmask   Start-IP   End-IP
keepalive 10 120
daemon
verb 6
client-to-client
tls-server
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem 

The important things here are "dev tap0", which creates an ethernet bridge and not a tunnel (as "dev tun0" would do), and the "server-bridge" line. The documentation for that line is below it. The start IP and end IP specifies an IP range that VPN clients will receive addresses from.

With all this complete, press "Save" and "Apply Settings" at the bottom of the screen. Wait patiently. Then, in the web admin, go to Administration -> Commands. If you already have a Startup script, edit it, otherwise, add this to the commands window:

openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up

Press "Save Startup." Then, if you already have rules in "Firewall," edit those, otherwise add:

iptables -I INPUT 2 -p tcp --dport 1194 -j ACCEPT

Press "Save Firewall." Now, reboot your router. When it comes back up, you should have a running OpenVPN server. To check, go to Administration -> Commands, and type this into the command window:

ps | grep openvpn

If you see something that looks like:

11456 root      2720 S    openvpn --config /tmp/openvpn/openvpn.conf --route-up
17606 root       932 S    grep openvpn

Then it worked. Congratulations, you have a working OpenVPN instance. But how to connect to it?

If you use Mac, you really have two choices: Tunnelblick or Viscosity. Tunnelblick is a little on the ugly side and difficult to configure, but is free and open source. Viscosity is reasonably pretty to look at and easier to configure, but is a commercial product. I chose Viscosity, so that's what I'm demonstrating here.

Once you have Viscosity downloaded and installed, go to Preferences and Connections, and add a connection. Enter a name and server address. Set the protocol to TCP and the device to tap.

Now, before you continue, go back to your shell. Go back to the /opt/local/share/doc/openvpn2/easy-rsa/2.0/keys directory, and copy those keys someplace in your home (~) folder that you'll be able to access.

Back in Viscosity, go to the "Certificates" tab. You should see three lines labeled "CA," "Cert," and "Key." For "CA," select the "ca.crt" file you just moved. For "Cert," select "client1.crt". And, for "Key," select "client1.key".

Under the "Options" tab, disabled LZO compression. For some reason this was causing a problem for me, so I just disabled it.

Click "Save." If all is right in the Universe and the goat you sacrificed to the Gods (you did do the goat sacrifice step, right?) was pleasing, you should now be able to connect back to your home network. Broadcast packets will work, and everything will be wonderful.


DD-WRT Hacks, Part 1 - Setting up a PPTP VPN Endpoint

By · Published · dd-wrt, networking

To celebrate the re-launch of my "blog," I'm going to do a multi-part entry about DD-WRT. But, first, a little history.

For the first time in 10 years, I have no servers running in my house. At one point, I had three servers running in here doing various things. Then, I moved my public server offsite (it's in the rack at the office now).

That left two more Gentoo boxes running here in the house. Late last year I picked up a 1TB external hard drive, which I attached to my iMac and deactivated the file server. I will probably eventually replace this with a Drobo FS, but for now it's fine.

That just left a single Gentoo box that was running Asterisk and various network services. But I finally convinced my wife to let me drop the goofy VoIP line that I was paying $30 for and just add more minutes to her cellphone. With Asterisk out of the picture, the only thing left running on that box was network services.

Well, a few weeks ago I ordered a TP-Link TL-WR1043ND router, intending to use it as a testbed for DD-WRT. Well, my experiments worked so well that I pulled my old router out and replaced it with the DD-WRT one. The faster processor also afforded a nice speed bump of about 7 Mb/s. With it handling all the services, I pulled out the final server and deactivated it. And my office is blissfully quiet now.

DD-WRT is now handling all the minor network services (DHCP, NTP, etc).

But what is it about DD-WRT that makes it so awesome - awesome enough to rip out some of my network infrastructure to make way for it? A few things that I will cover in this post.

1. DHCP static address assignments

Believe it or not, the built-in firmware of the WRT-54G did not give you the ability to define a static address to be assigned by DHCP based on MAC address. This seems like a glaring oversight to me, but it was the reason I ran my own DHCP server rather than use the built-in ones.

In DD-WRT (v24-sp2) you can go to the Services tab and set as many as you'd like. In my case, these are a couple of devices (like printers) that are addressed via IP address by the various machines, as well as my laptop and iMac.

So that's one nice thing, but it's not nearly as cool as ...

2. VPN Support

The standard and VPN versions of DD-WRT support both PPTP and OpenVPN varieties of VPN ... and I'm actually using both at the same time. My router is both a VPN server and VPN client as well. How? Why?

Well, as to why, at dealnews, we run a PPTP-based VPN to allow us to work at home as needed. Once connected, we have access to our testing servers and all our development services. It's like being directly connected to the work network, but I'm sitting at my iMac at home in my pajamas.

I had been connecting directly from my Macs to the VPN for some time but, sitting at home the other day, I reflected on how silly it was that I was connecting two machines to the VPN and only when I needed them, rather than using DD-WRT to have a single tunnel up all the time that any computer on the home network could use if needed.

Setting up a PPTP VPN Endpoint using DD-WRT

So how did I set it up? Trial and error, as, frankly, the DD-WRT documentation is a bit lacking. So if you find yourself in my position of wanting to have a tunnel to your workplace VPN, hopefully this documentation will help you.

I'm making a few assumptions before we begin:

  • You have already configured your router using DD-WRT and have the most recent release (as of this writing, v24-sp2), VPN version installed.

    • The version number should be in the upper right corner of the web admin. If it says "std" or "vpn," you're in good shape. If it says "micro," you probably don't have the necessary tools.
  • You possess some basic understanding of networking, and have the necessary settings to complete a VPN connection. If you've gotten as far as flashing with third-party firmware, you probably do.

  • You understand that there is the possibility, albeit remote, that you could brick your router. I am not responsible for that, which is why I suggest you purchase an additional router to get all this set up on first before sacrificing your primary router.

With that out of the way, let's begin!

  1. Log into your router's DD-WRT web admin, and go to the Services -> VPN tab.

  2. Under PPTPD Client, click the radio button next to Enable.

  3. In the "Server IP or DNS Name" box, enter your VPN server.

  4. In the "Remote Subnet" box, enter the network address of the remote network. In my case, this was 10.1.2.0.

  5. In the " Remote Subnet Mask" box, enter the remote subnet mask. In my case, this was 255.255.255.0.

  6. In the "MPPE Encryption" box, I have "mppe required,no40,no56,stateless". This was required to get mine to work, but may not be necessary for you. Try first without it, then try with it if it won't work.

  7. Leave the MTU and MRU values alone unless you know what you're doing.

  8. Enable NAT.

  9. Username and password are self explanatory.

WIth that done, press "Save" and "Apply Settings" at the bottom the page. With any luck, you should now have a VPN tunnel up to your remote host.

To test it, go to Administration -> Commands, and in the command box, enter the following:

ping -c 1 <some remote address on VPN>

If you get a response back that looks like:

PING <remote service IP> (<remote service IP>): 56 data bytes
64 bytes from <remote service IP>: seq=0 ttl=64 time=281.288 ms
--- <remote service IP> ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 281.288/281.288/281.288 ms

Then it's up and working. Now, try from your computer...

Probably didn't work, did it? This is because your router's firewall doesn't yet know about the remote network or to route packets to it appropriately. For some reason, the current version of DD-WRT does not add the appropriate configuration to the firewall automatically when the PPTP tunnel is established. So, we have to do it manually.

Go to Administration -> Commands, and enter the following:

iptables -I OUTPUT 1 --source 0.0.0.0/0.0.0.0 --destination <remote network address>/16 --jump ACCEPT --out-interface ppp0
iptables -I INPUT 1 --source <remote network address>/16 --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --in-interface ppp0
iptables -I FORWARD 1 --source 0.0.0.0/0.0.0.0 --destination <remote network address>/16 --jump ACCEPT --out-interface ppp0
iptables -I FORWARD 1 --source <remote network address>/16 --destination 0.0.0.0/0.0.0.0 --jump ACCEPT
iptables --table nat --append POSTROUTING --out-interface ppp0 --jump MASQUERADE
iptables --append FORWARD --protocol tcp --tcp-flags SYN,RST SYN --jump TCPMSS --clamp-mss-to-pmtu

At the bottom, press "Run Commands" and wait. It shouldn't take long, and should produce no output. Then, enter that command again, and press "Save Firewall" at the bottom. Give your router a few seconds to restart the appropriate services, then try again from your computer.

Your machine, and all machines on your network, should now be able to access the VPN. In this configuration, only traffic matching the remote network will pass over the VPN - the rest of your traffic will be routed to the Internet in normal fashion.

Now, in my next entry, I'll tell you why I'm not using PPTP to connect myself back to my home network when I'm on the road.


Welcome!

By · Published · news

Welcome to the new home for the Code Lemur blog ... robpeck.com! I've sat on this domain for six years - I don't know why it took me so long to port my blog from wordpress.com over to here.

Nonetheless, it is done now. And hopefully I'll find time to update it more with musings about my life and adventures writing code in dot-com.



MySQL-based Apache HTTP Authentication for Trac and Subversion

By · Published · apache, mysql, php

In working on a side project with a few friendly developers, we decided to set up a Subversion repository and a Trac bug and issue tracker. Both of these, in normal setups, rely on HTTP authentication. So, being that we already had an authentication database as part of the project, my natural first thought was to find a way to authenticate Trac and Subversion of these against our existing MySQL authentication database rather than to rely on Apache passwd files that would have to be updated separately.

Surprisingly, this was more difficult than it sounded.

My first thought was to try modauthmysql. However, from the front page, it looks as if this project has not been updated since 2005 and is likely not being actively maintained. Nonetheless, I gave it a shot and, surprisingly, got it mostly working against Apache 2.2.14.

Notice I said "mostly." It would authenticate about 50% of the time, while filling the Apache error logs with fun things like:

[Sat Feb 13 11:11:27 2010] [error] [client -.-.-.-] MySQL ERROR: Lost connection to MySQL server at 'reading initial communication packet', system error: 0
[Sat Feb 13 11:11:28 2010] [notice] child pid 19074 exit signal Segmentation fault (11)
[Sat Feb 13 11:34:14 2010] [error] [client -.-.-.-] MySQL ERROR: Lost connection to MySQL server during query:
[Sat Feb 13 11:34:15 2010] [error] [client -.-.-.-] MySQL ERROR: MySQL server has gone away:`

Rather than tear into this and try to figure out why a 5-year-old auth module isn't working against far newer code, and with very little to actually go on, I just concluded that it wasn't compatible and looked for a different solution.

That's when I came across modauthnzexternal. If your'e not familiar with this module, what it allows you to do is auth against a program or script running on your system, therefore allowing you to auth against anything you want - a script talking to a database, PAM system logins, LDAP, pretty much anything you have access to. All you have to do is write the glue code.

In pipe mode, modauthnzexternal uses pwauth format, where it passes the username and password to stdin, each separated with a newline. It uses exit codes to return back to Apache whether or not the login was valid. Knowing that, it's pretty easy to write a little script to intercept the username/password, run a query, and return the login.

#!/usr/bin/php
<?php`

include "secure_prepend.php";
include "database.php";

$fp=fopen("php://stdin","r");
$username = stream_get_line($fp,1024,"\n");
$password = stream_get_line($fp,1024,"\n");
$sql = "select user_id from users where username='%s' and password='%s' and disabled=0"; $sql = sprintf($sql, $db->escape_string($username), $db->escape_string($password));

$user = $db->get_row($sql); if(!empty($user)) { exit(0); } exit(1);

?>

Then, you just hook this into your Apache config for Trac or Subversion:

AddExternalAuth auth /path/to/authenticator/script
SetExternalAuthMethod auth pipe

<Location />
    DAV svn
    SVNPath /path/to/svn
    AuthName "SVN"
    AuthType Basic
    AuthBasicProvider external
    AuthExternal auth
    require valid-user
</Location>

Restart, and it should be all working.

Some may argue that the true "right" way to do this is LDAP. But with just three of us, LDAP is overkill, especially when we already have the rest of the database stuf in place. The big advantage to this, even over modauthmysql, is the amount of processing you can do on login. You basically can run any number of queries in your authenticator script - rather than just one. You can update with last login or last commit date, for instance. Or you can join tables for group checking; say you want someone to have access to Trac, but not Subversion. You can do that with this.


OSCON 2009 Summary

By · Published · conferences

Have to say that, everything that didn't involved air travel (I'll go ALL into that later) was awesome on this trip. Had a good time and learned some useful things at OSCON, enjoyed good company and had a good time exploring San Jose and the Bay Area in general.

OSCON was good this year but not as good as in years' past. This may be due to the new location, which doesn't seem as conducive as the Oregon Convention Center did to a conference like this. The OCC was round, and all the meeting rooms were clustered in a central area - there was never more than a short walk between panels. But the San Jose Convention Center is more of a traditional box design, with a single LONG hallway. This means that if you're in J3 and have to go to B2, good luck, because it's a 15 minute walk. For a conference like OSCON, this kind of sucks and absolutely kills the "community" feel of it.

Also, like many things, it suffers from diminishing returns. Because a lot of this is stuff I've seen before, every year that I come, I have to work harder and harder to find something new. Three years ago, I was doing well to decide what not to learn about. So this may be my last OSCON for a few years, though I'm thinking of attending Velocity (held down the road at the Fairmont) next year.

I did attend some interesting side panels, including one on home automation. I have some ideas that I'm sure will drive Sarah crazy.


Why Bing Sucks

By · Published · microsoft, ramblings

So I see Microsoft's is attempting to rebrand the old Windows Live Search as bing.com. The commercials on TV are advertising it as a different type of search engine - a "decision engine." Yeah, when I heard that, I, too, wondered exactly what a "decision engine" was. But the commercials are clever and somewhat funny to anyone who has ever spent time searching through hundreds of results for a single missing piece. But where's the meat?

My coworker Brian, a few weeks ago, provided a great example of how this claim of being a "decision engine" is kind of a joke. And it can be summed up in a single sentence: "How big is the sun?"

Maybe now you're confused about what I'm talking about. What does the sun have to do with search engines? Well, try plugging that sentence, word for word, into your favorite search engine. Our of curiosity, I ran this search on a number of top and up-and-coming engines to see what they returned.

  • Google is obviously the 900-pound gorilla in this space, so they're a logical place to start. When you ask Google "How big is the Sun?" Big Brother Google replies, right at the top "Mass: 1.9891 ×1030 KG 332 946 Earths," with most of the results relevant to the question at hand. In fact, all but two of the results were directly relevant to the question asked.

  • Yahoo didn't return a nice little piece of math like Google did, but all but one of the search results is _directly _relevant to the question asked. The only result that wasn't relevant was that VH1 has some videos by a band called Big Sun, but that was torwards the bottom of the SERP.

  • The newcomer Wolfram Alpha, which bills itself as a "knowledge engine" gives you a simple result, 432,200 miles, along with a handy formula for conversion. Not a traditional search engine, but closer to a "decision engine" than Bing ...

  • And finally, the "decision engine" Bing. So how does the vaunted "decision engine" handle knowing how big the sun is?It doesn't.

The first result is a garden furniture store in Austin, Texas. The second result is an Equine Product Store in Florida. The third was pictures of the sun from the Boston Globe - okay, that one was close. The next results are a realty company in Florida and an athletic conference. Only then, six results down, do we get into the meat of the question.

Look, it's easy to hate on Microsoft. It's no challenge anymore. I, personally, am not exactly a fan of Microsoft, but I'm hardly an enemy either. At worst, I'm indifferent.

And, as an aside, I really feel sorry for the poor guy they send to the OSCON keynote every year who literally gets hammered for no good reason by what can only be described as nerd rage from the questioners. And yet every year, they come back with more money and more people. I almost posted an entry about it last year. It was really kind of sad to watch.

Anyways, the point is, there are some things that Microsoft _has _done well. Office? Great productivity suite. Windows 7? From what I've seen, it looks pretty good. The XBOX and gaming units at Microsoft do gangbusters. But it just seems like they're irrationally pursuing this search thing, out of spite, at this point to the detriment of the rest of their business. Considering that bing doesn't appear, at the surface, to be any different from Windows Live Search in terms of its usefulness (that is to say, not), Microsoft is throwing tons of money in the form of development and marketing to something that just isn't very good when they could be focusing on the core parts of their business.

But, then again, I'm not Ballmer.


Drama? In My Developer Community?

By · Published · php, ramblings

... it's more likely than you think!

And here I thought drama was isolated to fandom mailing lists and MySpace!

I was not at php|tek this year. I keep meaning to make it to that conference, but, let's face it, the week before Memorial Day is a really lousy time to have a conference. I usually like to take that Friday off to make it a long weekend. I may finally make tek next year, though. But, even if I went, I don't usually get invited to the cool parties. It's really for the best, though. I usually end up drunk in a bar listening to good music rather than trying to discuss functions and benchmarking after having imbibed a large quantity of booze or making an ass out of myself by diving into bushes. Ask me about that some other time.

Apparently, at php|tek, at one of these "cool-people-only" parties (okay, it was apparently an after-hours panel), a bunch of people cooked up this idea of having a uniform PHP coding standards amomg their own projects with the goal of having them adopted as some type of official standard. Now, in and of itself, this sounds like a good idea. Most other languages have at least a suggested best practices (Sun's coding conventions for Java or Apple's for Cocoa come to mind) even if you don't use them. Every job I've worked in has had some standard, even if I had to write it. Most of them were derived from the PEAR standard, including what we do at dealnews. But hey, variety is the spice of life, right? What's the harm in another choice?

Nothing. So we've established that the idea of havng a[nother] PHP coding standard is not necessarily bad. The problem, as with all things, is what happened next...

  1. Somehow, they managed to get a closed mailing list on php.net. Think about that for just a second. This group, composed of some guys from some projects with no official relation to PHP other than being users of it, somehow ended up with [email protected] WTF? I would love to know how that happened.More to the point, this will cause conceptual confusion among new, and even existing users. When I first heard about this, my first thought was, hey, this is on PHP.net, right? It must have some kind of official recognition, right? Well, as far as I can tell, it doesn't. It's just ... some guys. Put yourself in the shoes of a new PHP user, visiting PHP.net for all your manual needs. Oh, what's this? Standards? Well, I better use those!

  2. It was a suspiciously closed action for such an open-source project. The original mailing list was a closed list until Rasmus himself opened it, and the members don't exactly seem keen on welcoming any input from anyone outside their little clique.Some of the things being said by the "PHP Standards Group," quite frankly, make me very suspicious of their motives. Things like "All of us are too busy, both with real jobs and our various projects, to fight the battles that come of trying to make this a completely open process where anyone with an email address can contribute" reek of self-aggrandizing nonsense.

I'm sorry, but that's bullshit. Plain and simple. And the fact that no one else in the group has stood up to say otherwise speaks volumes. There's a phenomenon that I have seen occur on mailing list called implicit acceptance. If you don't stand up and say otherwise, you are implicitly agreeing with the stated course of action. So, if anyone in this group disagrees with the stated opinions, guys, now's the time to man up.

If you're going to have a mailing list on php.net, and call yourselves the "PHP Standards Group," you need to welcome input from the PHP community - all of us - not just your group. Otherwise, you don't need to be on php.net, and you don't need to be calling yourselves the "PHP Standards Group."

  1. It is overly focused on OO. I know a lot of people think that objects are the answer to everything. I have strong disagreements, but I will save those for a later post. But (kind of tying into my previous point) there are a _lot _of people using PHP in a strictly functional way or in a way that sanely mixes functional and object oriented programming. Any standard - if it's going to be called a PHP Standard - needs to take all widespread uses of PHP into accout, and not just OO.

Now, as I said before, I'm not a "cool person." I don't have CVS commit access. I don't have thousands of followers on Twitter or a cool blog (no offense to my five regular readers - you guys rule and I'll buy you a round sometime!). I'm just some guy who's been writing PHP for the last nine years or so. So, while it appears this "group" probably won't care what I have to say anwyays, here is my humble suggestion for a path forward.****

*Figure out the semantics. *Notice that all this stuff we're talking is appearances and semantics. Nobody is discussing the actual proposals (as they have been made) so far, just the actions of the people involved. What exactly is this project trying to accomplish? Are you trying to write a standard for your project(s), or are you trying to produce something useful for the community? If this is just for your project(s), move it off php.net, call it something else ("The Shared Standards Working Group" or some other such nonsense), and do whatever the hell you want. But if you're going to call yourselves the "PHP Standards Group," and have your project on PHP.net, you have to welcome input from the community, even if you ultimately discard it.

The thing I don't understand is why this group appears so afraid of public input? Okay, the signal-to-noise ratio can get pretty high sometimes, sure. But for every ten, hundred or five hundred bogus suggestions you get, you may get one really good one. One you might not have thought of yourself or no one in your tight little circle might have seen. And this is the true power of any open-source project. I would urge the "PHP Standards Group" to overcome their fear of public input and let us - the users - have an input in the community process.

As always, this represents my own views only, and not those of my employer, the beer I'm drinking (Fat Tire Amber) or my cat.