Basic Information

First off, you need a SSL-Certificate for HTTPS. This certificates are usualy checked by your browser against SSL providers such as VeriSign for validity. If the outcame is invalid, some website may have been replaced with a fake-version by a hacker. The result is, that your browser warns you that the certificate for the site is invalid and it probalby was hacked or stuff like this (there was also a bug on creating invalid certificates on Debian-Linux some time ago *G*).

Anyway, you can still add the certificate as exception and get SSL-connection to the website, so no one is seeing what you are actually doing on that site or what data is beeing transferred (e.g. your E-Mail Client).

Basic Setup

The easiest way to setup this stuff is as of following (assuming using Debian/Ubuntu and Apache2):

$ apt-get install openssl
$ mkdir -P /etc/apache2/ssl/
$ openssl req $@ -new -x509 -days 365 -nodes -out server.crt -keyout server.key

Then add something like this to your Apache2-Configuration:

NameVirtualHost 443

<VirtualHost *:443>

SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
# SSLProtocol -all +TLSv1 +SSLv3
SSLProtocol all -SSLv2

[...]

</VirtualHost>

Basically, that’s it! Don’t forget to restart apache and also note that SSL2 is outdated and therefore unsecure. Be aware of that on using MSIE-Browsers from Microsoft! So i just disallowed it here in the example above. It also has opions set for using Basic HTTP-Auth on HTTPS and sets also some SSL-specific apache environmental veriables.

If Apache doesn’t start up look under /var/log/apache2/ for error messages!

Extended Setup

Some snippets if you already have a server key or want need to create your own, for having it signed and so on. If you set a password for a server key – which is indeed required for secuerity reasons – note, that Apache asks for it on startup.

Create a server key

openssl genrsa -des3 -out server.key 1024

You can convert the secure key to an unsecure („without password“):

$ openssl rsa -in server.key -out server.key.insecure

Create a basic  certificate for your key by using this:

$ openssl req -new -key server.key -out server.csr

Then sign it:

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Same stuff with insecure key:

$ openssl x509 -req -days 365 -in server.csr -signkey server.key.insecure -out server.crt

Ever minded that moment you wanna post just some cool links to your blog but didn’t want to write a whole article. So you you just close the browser windows, and that’s it? No!

No more! I remembered twitter.com today and thought it would be cool to include that service here. After hammering repeatingly twittrrrr into the address bar I noticed Twitter is not that stylish Web 2.0 R-thing. Oh dear! Damn Web 2.0!

Nonetheless just look at the top of this page and you see a nice twitter box . Implementation is done via SimplePIE. Same thing on the right side about the shared headlines

Great things to come! Browser support for Webfonts via CSS @font-face:

• Internet Explorer 4–7 : Embedded OpenType (EOT)
• Safari 3.1: TrueType, OpenType(TT), OpenType(PS)
• Opera 10 alpha: TrueType, OpenType(TT), OpenType(PS)
• Firefox 3.1 beta: TrueType, OpenType(TT), OpenType(PS)

Somehow i knew the browser from hell plays the devil’s game again MSIE8 probably should have it, too. But I would have to check back for it.

Here’s a nice presentation and a font matrix about the topic by Richard Rutter:

• Presentation on web typography
• Font Matrix

Well, as he tells us typographers will go wild on beeing scared about seeing their oh sooo expensive fonts everywhere embedded in the web. Perhaps it will be so. I don’t mind. This is a good chance for creative common fonts and yet unknown font designers to get known at least among the good web designers!

There are several kinds of virtualization techniques which provide similar features but differ in the degree of abstraction and the methods used for virtualization. Here is a little overview I copied and pasted from some websites (links at the end of the article).

Virtual machines (VMs)

Virtual machines emulate some real or fictional hardware, which in turn requires real resources from the host (the machine running the VMs). This approach, used by most system emulators, allows the emulator to run an arbitrary guest operating system without modifications because guest OS is not aware that it is not running on real hardware. The main issue with this approach is that some CPU instructions require additional privileges and may not be executed in user space thus requiring a virtual machines monitor (VMM) to analyze executed code and make it safe on-the-fly.

• The hardware emulation approach is used by VMWare, QEMU, Virtual PC, VirtualBox and Parallels Workstation.
• Runs a complete virtualized OS as a separate process, sometimes with a mix of virtual and real hardware.
• Probably the slowest virtualisation technique, but due to some recent changes to CPU support for virtualisation this can be run a bit faster than it could be before.
• Does not need root privilege to run.

Paravirtualization

This technique also requires a VMM, but most of its work is performed in the guest OS code, which in turn is modified to support this VMM and avoid unnecessary use of privileged instructions. The paravirtualization technique also enables running different OS on a single server, but requires them to be ported, i.e. they should “know“ they are running under the hypervisor.

• Used in Xen, UML, CoLinux
• The Kernel has to be part of the guest OS.
• Runs as a mix of virtual and real hardware.
• Xen is often considedered to be buggy so most users prefer therefore UML, but Xen may be faster.
• A UML guest OS runs around 2x slower than the host OS.
• Kernel changes are basically not necessary, but often required by the hypervisor and can lower the overhead by taking advantage of the host CPU support for virtualisation.
• Both Xen and UML have support for Thread Local Storage (introduced by Xen)

Operating system-level virtualization

This method seperates the kernel of an operating system and therefore allows multiple isolated user-space instances, instead of just one. Such instances (often called containers, VEs, VPSs or jails) may look and feel like a real server, from the point of view of its owner. On Unix systems, this technology can be thought of as an advanced implementation of the standard chroot mechanism.

OS-level virtualization systems have been designed to provide the required isolation and security to run multiple applications or copies of the same OS (but different distributions of the OS) on the same server. In addition to isolation mechanisms, the kernel often provides resource management features to limit the impact of one container’s activities on the other containers.

• OpenVZ, Virtuozzo, Linux-VServer, Solaris Zones and FreeBSD Jails are examples of OS-level virtualization.
• little or no overhead due to sharing a host kernel
• not as flexible as other virtualization approaches
• can not host a guest operating system different from the host OS
• host system can be detected by intruder
• good mix between security and speed
• OpenVZ is probably the fastest solution
• chroot: Shares process space. File system access is restricted. Further restrictions can be imposed by the use of capabilities.
• chroot does not virtualize system calls, access to block devices or virtual file systems (such as /proc and /sys on Linux; not provided by default!)
• vserver: Access to process space is restricted. The use of capabilities and contexts is made simpler by vserver-utils. Needs kernel changes.
• useful for honeypotting by simulating a real system running network services.

Short comparison

The three techniques differ in complexity of implementation, breadth of OS support, performance in comparison with standalone server, and level of access to common resources. For example, VMs have wider scope of usage, but poor performance. Para-VMs have better performance, but can support fewer OS because of need to modify the original OS.

Virtualization on the OS level provides the best performance and scalability compared to other approaches. Performance difference of such systems can be as low as 1…3%, comparing with that of a standalone server. Virtual Environments are usually also much simpler to administer as all of them can be accessed and administered from the host system. Generally, such systems are the best choice for server consolidation of same OS workloads.

Working under linux UML provides a quick and easy way for creating linux test systems.  For doing the real deal my choice would be OpenVZ, because it is not only the fastest solution but more easy to handle than chroots. If you ever need other operating systems use Zen for productive virtualisation, and the good old Virtual Machines for test systems – i recommand Sun’s VirtualBox, which probably can run a little bit instabil. Therefore use VMWare on windows!

Ah yeah… sorry, i couldn’t test the Solaris and BSD solutions, but i would be very interested in them. I guess Unix is stil a little bit ahead in enterprise features. I wonder what my Red Hat Enterprise pal would say

Here are some links on tutorials, wikis and so on:

• Debian Tutorial on UML (1)
• Debian Tutorial on UML (2)
• Ubuntu Tutorial on OpenVZ
• OpenVZ Template Systems
• Wikipedia: Comparison of platform virtual machines
• OpenVZ Wiki: Introduction to virtualization (most is ripped from there)
• Wikipedia: Operating system-level virtualization
• Pro-Linux: Article on Xen and high availibility virtual servers (german language!)
• HPs review on Xen vs. OpenVZ
  

So stupiiiid! But a trick I didn’t know yet… from the Drupal Zen Theme.

A little snippet you may need from time to time

Still I don’t have an Apple Mac or Keynote to make one of these smooth candy-like presentations.But now but there is now another more standard-compliant (OASIS) solution out there to flavor up your presentations.

It has been around awhile under the name of KeyJnote which Apple didn’t like, so now it is called Impress!ve – hopefully FOSS will like. It simply displays your presentations using full OpenGL eye-candy and adds also some nice features.

All you have to do ist to export your Presentations to PDF, best done in OpenImpress that allows javascript’ed “animated” PDF

There’s also an option to add more specific scripting to your presentation using an .info-file like:

The project is around version 0.2.x so has still to develop. It runs stable and I like the approach – better than converting everything to Flash for consistency. I guess the thing we really need is a new extension to an XML-based presentation format like we have in OpenImpress. Or probably Apple’s Keynote XML which seems to be also an open format. But still i muss cool looking templates for presentations and beveled header text and so on…

More information and downloads can be found here:
http://impressive.sourceforge.net/

UPDATE: Following switch does make much sense on slower computers…

-R <X>x<Y> or --meshres <X>x<Y>

Most effects subdivide the visible screen into a mesh of rectangular or quadratic pieces, each with its own coordinates and alpha blend values. Using this parameter, the resolution of the subdivision mesh can be defined. The default value is 48×36. On slow machines, lower values like 24×18 or 12×9 can heavily speed up transition rendering at the cost of visual quality. On the other hand, higher values like 64×48 or 96×72 improve quality, but use much more CPU cycles.

…or why for some still oldskool editors rule. Not really convincing me

http://dojotdg.zaffra.com/2009/01/becoming-more-productive-with-dojo-and-vim-screencast/

Probably you know the glslideshow-Screensaver from Linux (also on OS X):

• A1:1 conversion of the screensaver is Nostalgic by Gregg. Set image delay to 24sec and a transition of 5sec to run it smoothly.
• The MotionPicture-Screensaver is similar. You better also tweak the setting here or it might run to fast.
• Microsoft has also a similar screensaver, but it cannot read subdirectories of your image folder. You may consider to download the Images of Ireland (Validation required) which includes the screensaver instead of paying $20
• Last but not least you should have a look at the Google Photos Screensaver from the english Google Pack. You won’t see it in the german Google-Pack, probably because it is fed by Photofeeds like the one on flickr. Anyway i encountered two or three problems with the screensaver, not wanting to switch back from the OpenGL or DirectX-Mode on exit and so let me see my desktop again. The only chance was to reboot. Also i dislike not beeing able to switch of the info-bars and the Google-logo and i also don’t like also seeing mini-sized photos.

Here are some feeds i found interesting:

• Earthshots.com
• flickr: Club pictures
• flickr: Club pictures II
• flickr: Club pictures III (Ministry of Sound)
• flickr: Erotic Photos I – Playboy Bunnies I
• flickr: Erotic Photos II – Playboy bunnies II
  
• flickr: Erotic Photos III – Sexy Models
• flickr: Erotic Photos VI – b/w
• flickr: Polar and Arctic Pictures
• flickr: Photos from Lone Cypress
• LiveScience.com – Image of the Day
• LiveScience.com – Amazing Pictures
• PicasaWeb from Google.com
• Space.com – Image of the Day
• Space.com – Amazing Images

Anyway, it’s easy to find more pictures:

http://api.flickr.com/services/feeds/photos_public.gne?tags=<your tags here, separeted by comma>&tagmode=all&format=rss2

Even in the days of Web 2.0 you encounter many errors when it comes to Uploads via HTTP. The protocol was never made for uploads or better to say: there are still enough bugs in implementations and the protocol itself.

Very familar, e.g. is the problem of having a meter on upload progress. And i also don’t want to mention the problems of WebDAV implementation of Windows for now, or the limitations of firewalls or proxies…

But let’s have a look on solutions provided today in the Web for Uploads…

Flash/HTTP

We have a modified version of R6 running on a webshop with regular uploads of 20-70MB files. If upload goes to fast – like on business lines with upstream ≥3Mb – Flash is likely to throw errors telling the visitor a script is running too slow. Then the customer has to choose „continue“ or to „cancel“, which usually ends up in canceling the job

This behavior is caused by Flash calling the „onFileChunkComplete“-Event (or something) too often, or let’s say after every 4096 bytes sent, which can result in many many calls if you have a good upstream bandwidth.

Second, there are also those „unknown errors“ in Flash caused at runtime. The source yet is unknown and it seems to continue with Flash10 and  some little amount of customers smaller than one percent share. Sorry, unknown means unknown and Adobe won’t give support here! we’re back to Flash9

Yet the same thing happens to JavaScript if update goes too fast and too often, e.g. by using a progress bar constantly being updated (20-50times in the second). Therefore I had to split up the graphical update process to a seperate class that just goes on update intervals calling the current/total-values of the FileUpload-Class.

Well using Flash as upload client is nice, especially with the ability to use real sockets. For Flash9 the HTTP methods don’t provide the possibility of splitting large files – so you could upload them in seperate chunks. It’s about  security.

Then Flash10 possibly could do now (by accepting local files), but here we have the issue of having the upload beeing fired from Flash itself – scripting doesn’t work anymore, so no hidden flash uploader, that could do the job

But customer complaints still continues… especially form those using MSIE and don’t get a thing right.

PHP and APC, for now. HTTP again…

Okay, usually you gotta think this works now. It’s out now for long enough.  But fail of proof!

I leeched some script form PHPRiot yesterday by Quentin Zervaas, fixed some bugs (while(1=1) is great idea in JavaScript ), added a file limit check and hoped i finally would have something that really works.  But it didn’t:

• Multiple file-fields do not work with APC
• If file uploaded is greater than far greater than limit, apc throws out 0-values for current and total
• Sometimes just seems stop working somehow; but after an apache restart apache it works again

I tried so many ‘solutions’ now and somehow it really seems to me, that monitoring the upload by calling a server-side status-script always has some problems. Probably it is really an Apache-issue… we’ll have too see…

Sliced HTTP Upload via Plugins – a solution?

I already mentioned it in the Flash/HTTP section, and indeed it’s more safe, because the file chunks are simply smaller!

I did many tests with Apache, and often it just happens that Apache closes a TCP connection on big file uploads. The source is yet unknown to me. Probably it has to do with Apache itself. I didn’t encounter the problem when using FastCGI and a Perl-Script to handle my upload.

So, i guess doing sliced upload is a good option. But then you could only use Flash10 which has other restrictions or Java. Yep, that thing that only works on 70-80%  of user browsers, MSIE for the rest that reports about having Java supported – true indeed – the other problem is: does it really run on those often misconfigured and compromised customer systems?

Well Flash10 now does, but have some limitations we probably could live with:

• load() and save() APIs can only be called in response to user interaction (such as a button click).
• locations of the loaded and save files are not exposed to ActionScript.

Since the API is now asynchronous (non-blocking),

Final match: HTTP vs. FTP-Uploads in the client

• HTTP was not made for upload!
• use more bandwidth than you actually need (base64!)
• HTTP is not resumeable (but you could retry on splitted chunks)

Let’s summariuze: You can only monitor what was uplaoded by having control over your client and you can only split files, when you have access on it.

Use a Java-Applet or code a Flash-Client that works over FTP! And use a FTP-Server that is secure and can handle virtual users, like vsftpd. Then code some backend,

Yes! Probably it is a solution. But you still have the problems with users not supperting Java, or who complain about Java „loading“ too long. Here are some other good tries, that usually work:

• http://www.aurigma.com/
• http://www.jupload.biz/
• http://www.javaatwork.com/
• http://upload.thinfile.com/

We’ll see further when the first FTP libraries for Flash 10 are finished.