What I Learned from the apache.org Break-in

Here’s my initial take-away after reading about the recent apache.org XSS-initiated break-in:

  • If you’re going to allow caching of credentials (Subversion or otherwise) on a server, don’t use an account that shares credentials with any superuser account. Personally, I can’t think of a good reason for these credentials to be cached in the first place (except on a development machine). As an aside, by default, Mercurial doesn’t do this; I suppose the fact that every ‘svn commit’ is also a push makes this more “necessary” with Subversion.
  • If you have an organization-wide login (say a Windows login that is automatically sync’ed with Subversion, your enterprise RDBMS, and who knows what else[1]), if at all possible use a different  password on any server where you’ve got superuser access.
  • All superuser accounts on servers should have different passwords; at a minimum, if you use a common password for superuser accounts across servers, don’t use this password for other accounts.
  • Use Trac instead of Jira. [2]

That’s a bare minimum; I’m still thinking about how vulnerable the organization I work for might be. Most of this probably seems obvious, but I’m betting that these and other less-than-best practices are extremely common.

Ref: https://blogs.apache.org/infra/entry/apache_org_04_09_2010

[1] This is a purely hypothetical scenario. ;)

[2] Just kidding?

Posted in planet python | Leave a comment

My Paste Pony

my-paste-unicorn

OK, so it’s actually a unicorn, but pony sounds better in the post title. Made in Gimp by tracing over the Paste ASCII Unicorn. Silly but fun. To see the ASCII original:

$ easy_install Paste
>>> import paste.pony
>>> print paste.pony.UNICORN.decode('base64').decode('zlib')

Posted in planet python | Leave a comment

Eclipse for Python Web Development on Ubuntu

Updated 14 July 2009 for Eclipse 3.5. Now using Aptana to install PyDev.

Updated 5 March 2010 for Eclipse 3.5.2 and Subversion 1.6.

Updated 20 July 2010 for Eclipse 3.6

Overview

So, I think I’ve finally decided that I prefer Eclipse for Python Web development over NetBeans. (I prefer Wing IDE over both for straight Python development, but that’s another post.) Eclipse’s Python support, via PyDev, seems more advanced and NetBeans has some annoying issues. Eclipse also seems a bit snappier, at least on my machine (YMMV, blah blah).

Eclipse takes a bit more effort to set up, but once you’ve done it a couple times, it’s pretty straightforward. The hard part is keeping track of the links to the Eclipse update sites and remembering a few odd bits of configuration. This document gives details on installing Eclipse for Python Web development with Aptana, PyDev, and Subclipse.

The instructions here are Linux/Ubuntu-centric, but the instructions for getting to the Platform Binary–the smallest possible Eclipse download, as far as I can tell–are applicable to all platforms.

Download Eclipse

If you go to the Eclipse downloads page, you’ll see packages for Java and C++ along with some other options. If you’re doing ONLY Python development, you might wonder which version to download. These versions install cruft I don’t want or need. I finally found what I think is the smallest possible Eclipse package, the so-called Platform Runtime Library.

Install Eclipse

Extract the downloaded package: tar xvzf eclipse-platform-3.6-linux-gtk.tar.gz. I rename the resulting eclipse directory to eclipse-3.6, move it to ~/.local,  and create a symlink in ~/.local/bin to the eclipse executable: ln -s ~/.local/eclipse-3.6/eclipse ~/.local/bin/eclipse

Configure Eclipse

Edit ~/.local/eclipse-3.6/eclipse.ini. Find the line containing “-vmargs”. Add a new line directly below that: -Djava.library.path=/usr/lib/jni. Save and close. Fire up Eclipse.

Install Aptana

  • Help > Install New Software… > Add
  • Click OK, click the Aptana Studio checkbox, click Next, click Finish, wait…, click Yes to restart Eclipse
  • When Eclipse restarts, a Customize Aptana Studio window should open automatically…

Install PyDev

Eclipse update URL: http://pydev.org/updates

Install MercurialEclipse

Eclipse update URL: http://cbes.javaforge.com/update

Install Subclipse

Prerequisite: sudo apt-get install libsvn-java

Eclipse update URL: http://subclipse.tigris.org/update_1.6.x (select all required items under Subclipse checkbox)

After installation:

  • Preferences > General > Editors > Text Editors > Quick Diff:
  • Check ‘Enable quick diff’ and ‘Show differences in overview ruler’
  • Use this reference source: Pristine SVN Copy
Posted in planet python | 2 Comments

Supervisor now supports Python 2.6

I’ve been using Supervisor for a few months now to manage some app servers at work. Good stuff; solid. My only gripe with it was that it didn’t run properly under Python 2.6[1,2]. I had to install Python 2.5 just to run Supervisor, which isn’t a super big deal but is kind of annoying. The latest release, 3.0a7, fixes this by including a “patched version of Medusa to allow Supervisor to run on Python 2.6.”

Note: I had to `wget http://dist.supervisord.org/supervisor-3.0a7.tar.gz` and easy_install that due to a network timeout[3]. I assume that’s because Supervisor is super popular and everyone’s upgrading.

[1] It did run under 2.6 but issued an error when starting up.
[2] This was due to changes in the Python 2.6 stdlib, not a problem with Supervisor itself.
[3] Suggestion: If possible, remove link from PyPI to http://supervisord.org/ so easy_install doesn’t get stuck there.

Posted in planet python | Leave a comment

oTidyBrowser is not defined

If you’re tired of seeing this annoying error in Firebug, here’s the fix on Ubuntu (I stole this from here and condensed it to its Ubuntu specific essentials, though, of course, the procedure would be similar on other OSes):

  • Locate tidy.jar in your Firefox profile
    • Open $HOME/.mozilla in File Browser (starting at $HOME doesn’t work for some reason)
    • Click Search and type tidy.jar in the search bar
  • Right click and Open with “Archive Manager”
  • Go into content directory, right click tidyBrowser.js, and Open With… your favorite editor
  • Change line 220 from if( oTidyBrowser.bTopLoadBusy==false ) to if(oTidyBrowser && oTidyBrowser.bTopLoadBusy==false )
    • (Note: formatting left as I found it)
  • Save and close tidyBrowser.js
  • Click Update in Archive Manager dialog that pops up after save
  • Restart Firefox
  • Rejoice at having removed one small annoyance from your life
Posted in planet python | Tagged , , | 1 Comment

“phrase from nearest book” meme

Via

  • Grab the nearest book.
  • Open it to page 56.
  • Find the fifth sentence.
  • Post the text of the sentence in your journal along with these instructions.
  • Don’t dig for your favorite book, the cool book, or the intellectual one: pick the CLOSEST.

Here’s mine, from Pragmatic Version Control Using Subversion 2nd Edition by Mike Mason:

“After creating our sandbox repository, we used a repository URL to tell Subversion  what we wanted to check out.”

Cool meme. Mine’s a little boring. Great book, though.

Posted in planet python | Tagged , , | Leave a comment

Implementation of Dijkstra’s Single-Source Shortest-Paths in JavaScript

I’m working on a project where the client wants a cool sliding navigation effect. We’re implementing this with JavaScript/AJAX/DHTML.

One of the constraints is that pages can only be reached via certain other pages. For example, if you’re on the /portland/contact page and want to go to the /seattle/contact page, you’ll first slide up to /portland, then over to /seattle, then finally down to /seattle/contact.

After a while, it occurred to me that there were some similarities with another project I’ve been working on off and on for the last few years, byCycle.org, which is a bicycle trip planner ala Google Maps.

I had written a Python version of Dijkstra’s Single-Source Shortest-Paths (SSSP) for byCycle.org. That’s available on PyPi as Dijkstar (so named because it also does has the potential to do A*). I figured it wouldn’t be too hard to port the Python version to JavaScript, and it wasn’t.

There were a few snags, though. Most of it was just syntactic and semantic differences between the two languages. The biggest issue was that I use “heapq“ in the Python version to maintain the costs to previously visited nodes in sorted order. JavaScript has no priority queue implementation that I could find, so I came up with a different solution that involves updating an Object (AKA “dict“) with costs to newly visited nodes and sorting the keys to pick the next node to visit. I’m assuming/hoping the underlying sort implementation is highly optimized.

Interestingly, I think I found at least one bug in the Python version, although I’ve been using that version for a couple years now with no known problems, so it must only be applicable in certain edge (no pun intended) cases (or maybe it’s due to some difference in the languages–need to take a closer look). I think the JS version came out cleaner, too.

If anyone’s interested, I’m releasing this under an MIT license. For now, you can get it from here. Note that it depends on the util module that you can get from here. The util module contains some other Python-inspired JavaScript, in particular a couple of functions for generating namespaces and classes. I might write another post about that at some point.

Posted in planet python | Tagged , , , , , | 3 Comments

YUI TreeView with Ruby on Rails

Here’s some code I’m using to generate a dynamic tree view using an acts_as_tree model with slug and title fields, the TreeView widget from YUI, and a Rails helper. I chopped out some of the code for clarity, so all this does is create a menu with the titles from the model, but the basic idea is there to expand on.

Rails view/JavaScript

<script type="text/javascript">
  var page_tree;
  page_tree_init = function () {
    page_tree = new YAHOO.widget.TreeView('page_tree');
    var root = page_tree.getRoot();
    <% generate_page_nodes(@root) {} %>
    page_tree.draw();
  };
  page_tree_init();
</script>

Ruby

def generate_page_nodes(node, &block)
  parent = node.parent
  node_name = node.slug.gsub('-', '_')
  parent_node_name = parent.nil? ? 'root' : parent.slug.gsub('-', '_')
  js = <<-JS
    var #{node_name} = new YAHOO.widget.MenuNode('<span class="node_title">#{node.title}</span>',
                                                 #{parent_node_name});
  JS
  concat(js, block.binding)
  children = node.children
  children.each { |c| generate_page_nodes(c, &block) } unless children.empty?
end
Posted in dev | Tagged , , , , | 4 Comments

Forest Park

Posted in play | Tagged | Leave a comment

Decluttering the Desk

Today I read a post about decluttering your desk. Right now, I can’t find that post, but this page links to a bunch of similar and related articles. Those links are on the Zen Habits site, which I’ve started reading lately. Lots of interesting food for thought there.

So, I’m pretty tidy already, and my desk wasn’t that much of mess to begin with, but there were still quite a few unnecessary items accumulated there, like a printer I’m never going to use, a stapler I use maybe once a month, etc. I only spent about ten minutes decluttering, but the benefits were huge. So huge that I had to write it again in bold AND italics.

Along with office type stuff, I cleared off some knick knacks–little bits of art and what have you.

Did I mention the huge effect all this had? Wow. There’s a sense of openness and space. There’s more room to work and breathe. There’s also less distracting visual clutter.

This is only an anecdote, but I was more productive today than I’ve been in a while.

I recommend giving this a try. What do you really need on your desk and in your immediate working environment? What I’ve found, at least for myself, is that it’s actually not much. I’m guessing everyone’s got at least a couple items that can be tossed or sold or given away. Things that only get used once in a while can be put out of sight in an easy to reach place. Things that are visually interesting (photos, say) eventually become visually distracting, especially when there’s too much of it.

Of course, there’s no precise recipe, and everyone’s got their personal preferences. For me, just thinking about this, or anything, consciously is what’s important. The “right” changes naturally precipitate from awareness.

Posted in planet python, work | Tagged , , , , , , | Leave a comment