preamble

common case: you have LDAP server and want to use it to authorize your users on OpenBSD.

First thing is to understand if you really want to use LDAP server for authorization due to OpenBSD doesn’t have build-in support for it.

But has such support for many others authorization styles:
# passwd local password file
# krb5 Kerberos V password
# radius radius authentication
# skey S/Key authentication
# activ activCard X9.9 token authentication
# crypto CRYPTOCard X9.9 token authentication
# snk Digital Pathways SecureNet Key authentication
# token Generic X9.9 token authentication

see for details: man login.conf

setup as pain

1. login_ldap - contact ldap directory server for authentication

install login_ldap package:
# pkg_add -iv login_ldap

use example files in: [/usr/local/share/examples/login_ldap/]
configure it in /etc/login.conf

you should add something like this:

ldap:\
        :auth=-ldap:\
        :x-ldap-server=127.0.0.1,,ssl:\
        :x-ldap-basedn=ou=Users,ou=auth,dc=helion-prime,dc=com:\
        :x-ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\
        :tc=default:

look for details: man login_ldap

test it with: # /usr/libexec/auth/login_-ldap -d -s login USERNAME ldap

2. ypldap - YP map server using LDAP backend (provide users’ info)

as OpenBSD has great support for YP using of ypldap provides soft integration of LDAP server.

use example in man: man ypldap.conf
configure it in /etc/ypldap.conf

you should have something like this:

interval 100
domain "helion-prime.com"

provide map "passwd.byname"
provide map "passwd.byuid"
provide map "group.byname"
provide map "group.bygid"

directory "127.0.0.1" {
   # directory options
   binddn "cn=Manager,dc=helion-prime,dc=com"
   bindcred "password" #we don't need it if anonymous searches are allowed
   basedn "ou=Users,ou=auth,dc=helion-prime,dc=com"

   # passwd maps configuration
   passwd filter "(objectClass=posixAccount)"

   attribute name maps to "uid"
   fixed attribute passwd "*" # we do no need passwords - we use login_ldap for authentication
   attribute uid maps to "uidNumber"
   attribute gid maps to "gidNumber"
   attribute gecos maps to "cn"
   attribute home maps to "homeDirectory"
   fixed attribute shell "/bin/ksh"  # no bash in default install (check it)
   fixed attribute change "0" # we can have issues with time format (check it)
   fixed attribute expire "0" # we can have issues with time format (check it)
   fixed attribute class "ldap" # class of login.conf

   # group maps configuration
   group filter "(objectClass=posixGroup)"

   attribute groupname maps to "cn"
   fixed attribute grouppasswd "*"
   attribute groupgid maps to "gidNumber"
   list groupmembers maps to "memberUid"
}

test it with: # ypldap -dv

as ypldad currently doesn’t support ldap over ssl, you should configure your ldap server to listen over regular ldap.
I believe developer soon will create appropriate support for it.

3. ypbind - create and maintain a binding to a YP server

add your domainname to /etc/defaultdomain
# echo DOMAINNAME > /etc/defaultdomain

the standard way to enable YP passwd support in /etc/master.passwd is to add string: +:::::::::/bin/ksh
use vipw to edit master.passwd

see for details: man 5 passwd

same with groups:
# echo “+:::” >> /etc/group

see for details: man 5 group

4. automate execution

worst part is: we should modify: /etc/rc script

if [ X`domainname` != X ]; then
        if [ -d /var/yp/`domainname` ]; then
               # YP server capabilities needed...
               echo -n ' ypserv';              ypserv ${ypserv_flags}
               #echo -n ' ypxfrd';             ypxfrd
        fi

        #if [ -d /var/yp/binding ]; then
        #       # YP client capabilities needed...
        #       echo -n ' ypbind';              ypbind
        #fi
....

second entry will run ypbind before ypldap that we exec according to OpenBSD rules in rc.local

Then we should add something like this to: /etc/rc/local

if [ X"${ypldap_flags}" != X"NO" ]; then
        echo -n ' ypldap'; /usr/sbin/ypldap ${ypldap_flags} 1> /dev/null &
fi

if [ -d /var/yp/binding ]; then
        echo -n ' ypbind';              ypbind
fi

And to /etc/rc.conf.local:

portmap=YES
ypldap_flags=""

When I review text I see that it is quite easy and it is hard to believe someone can spend more then hour on this ..
Good luck, guys..

Preamble

Some weeks ago I discovered new social network – Lunch [http://www.lunch.com], based in Los Angeles.
It was in deep beta when I had bumped into it and had worked only by invitation. More important that NDA forbad any comments about service. So I had to ask permission to write article, finally CEO of Lunch, J.R. Johnson gave to me that right. When I found time for writing I had found out: service was fully available without any invitations. Great.

Lunch’s CEO, J.R. Johnson, founded Lunch in the summer of 2008 after selling [http://virtualtourist.com], a user-generated travel review community of over 1 million members, to [http://expedia.com].

In a press release where J.R. Johnson announced the beta launch, he said: “Lunch is doing something different by creating a place to share and discover with people you wouldn’t otherwise have access to. Instead of connecting with people you already know, Lunch puts the focus on sharing what’s important to you and finding the most relevant information. … We foster a community of people who appreciate good conversation and respectful dialogue, and have a passion for understanding more in life.”

Creators of any new network believe that it will be new twitter. We all know limitations of twitter: external services to keep all our content (photo, music, video), wish to make user profile, browse members by some categories and of course need in URL compression, then impossibility to check content type of compressed URLs.

Lunch time

So, in preamble I’ve noted several issues with twitter, and lunch solved them, they even added much more features.
Do we happy now? Unfortunately not, now we have another good social network.
Main idea: twitter is all about super simplicity, lunch is over-featured network.

Let’s look on it!

main page:
Quite pretty page. It seems top tags is useless widget, and I don’t think that someone needs facebook connect here.
Featured review text looks unformatted, and it is hard to read it.

interests tab:
In general it is useless tab, it is hard to believe that people use page with number of tags

view profile page:
In right top corner we have several buttons but it is not clear what means what.
To review review we have 4 buttons, an article can be good or bad, so I think 2 buttons is quite enough.
Ranking is arguable thing, people use lunch to communicate, and noone like low marks. But lunch employees that work with system constantly seems will have big ranks.

final words

In general service leave some feeling of complexity. I think lunch team should spend some time on discussion what are the main ideas behind lunch, and with usability engineers to provide simpler experience for users. Everything right only in projects that do nothing, lunch in turn working hard to provide us with better platform. I believe that their wish will make lunch good network very soon. Good luck, and thanks for all your work.

preamble

Finally I’ve got an invitation for hunch - web-oriented decision-making tool [http://hunch.com]. It is now is public beta so you can always request an invitation on their site.

What we know about creators:
One of co-founders is Caterina Fake [http://en.wikipedia.org/wiki/Caterina_Fake] is best known as the co-founder of Flickr [http://en.wikipedia.org/wiki/Flikr] acquired by Yahoo! in 2005.

Now 11 members working under hunch:

from co-founder Caterina Fake’s blog [http://www.caterina.net/archive/001169.html]:

What is Hunch?
Hunch is a decision-making site, customized for you. Which means Hunch gets to know you, then asks you 10 questions about a topic (usually fewer!), and provides a result — a Hunch, if you will. It gives you results it wouldn’t give other people.

Decision Trees
Take a question often asked by tech-clueless family and friends: Should I switch to a Mac? If you ask someone who knows a lot about computers she’ll start by asking you additional questions, like “What do you plan to use the computer for?” or “How much money are you willing to spend?”. Then she’ll give you an informed suggestion.
If you don’t have an expert handy you can try posting the question on a Q&A site, but you’ll often end up with arguments — even flamewars! — about the merits of PCs vs Macs. Or you can read lots of reviews and informational sites about Macs and PC - effectively become an expert yourself - but who has the time? Those toe rings are not going to buy themselves.

Follow the money
The business of Hunch will be referral fees from external sites for the subset of topics that have to do with products and services. Monetization is not really going on now, though we do have some affiliate links to Amazon and others. We’re not marketing things to people that they don’t want, or hoarding and selling people’s data, and of course the presence of a link has no effect on Hunch decision results.

Let’s go

So we have web-oriented expert system [http://en.wikipedia.org/wiki/Expert_system], and in current case expert is you. As for start you should answer about 900 basic questions that describe features of your character. Then based on that information and additional system can make predictions like what computer you should buy or where you will like to go for travel.

First conspicuous thing is system suppose that you grown in American culture due to it is impossible to answer some basic questions. Simply because you don’t know all these trademarks, popular shows, or just don’t understand American slang. To go worldwide I think they should revise questions.

Then I think we should worry about safety of Hunch DB due to some answers can easily compromise users.

As for general use even now system contains actual topics like: “Should I buy an Amazon Kindle?” or “What are some useful Firefox add-ons?”.

And base of answers allows to make some analytics, over 3 million Teach Hunch About You (THAY) questions answered.

For example: THAY question for “whether you’d be happy working at a startup?”
Those who answer “Maybe…just maybe” on question “Did you ever use a fake ID to try to do something you weren’t legally old enough to do” are very likely to be happy working at a startup, people who answer “Nope” are very likely to be unhappy working at a startup. They post such analytics information on their blog [http://blog.hunch.com/]

I would want to say that it is quite interesting to browse Hunch and it will be great entertaining service and creators possible can earn money on providing different statistical information to marketing companies. But as even professional expert systems can’t replace humans due to can’t feel mood or pay attention to non trivial regularity it will not be new epoch of services.

Last words: I like hunch, thanks guys, you have made good service.

preamble

Wonderful guy Jonathan Jarvis created great video as part oh his thesis work in the Media Design Program, a graduate studio at the Art Center College of Design in Pasadena, California. Here we can see simple story of the credit crisis.

“The goal of giving form to a complex situation like the credit crisis is to quickly supply the essence of the situation to those unfamiliar and uninitiated.”

Thanks Jonathan for good work, keep working, we will be watching you..

His site: [http://jonathanjarvis.com]
He works now as interaction & media designer.

preamble

Here at Helion-Prime we always check modern software development techniques and solutions. And so many people ask me if I can suggest something to look at. Thus I’m going to note few things that I consider interesting lately.

expression engine: one more CMS to try

What makes from CMS a good CMS? Good API, security, documentation, and support.

I guess that almost every customer understand that developing is a short phase of site life, a much longer phase: plain use of developed application. And of course CMS needs supports, among other reasons just to make changes that always needed and not to find your CMS hacked.

We have good list of open source CMSs like: Drupal, Joomla, Typo3, etc.

And of course we can download them for free, but support can’t come for free, so customer pays anyway for commercial CMS that comes with support or to third party that provides support.

With good support it doesn’t matter which variant to use, but still some customers like to understand their system better, and support their systems. In second variant I can recommend to check ExpressionEngine CMS, lots of people say good things about it so at least it worth to check it.

project site: [http://expressionengine.com/]

groovy for Java developers

Groovy is an object-oriented language for the Java Platform. It is a dynamic language with features similar to those of Python, Ruby, Perl, and Smalltalk.

Groovy is dynamically compiled to Java Virtual Machine bytecode which works seamlessly with other Java code and libraries. The Groovy compiler can generate standard Java bytecode to be used by any Java project.

Groovy adds both static and dynamic typing, closures, operator overloading, native syntax for lists and associative arrays, native support for regular expressions, polymorphic iteration, expressions embedded inside strings, additional helper methods, and the safe navigation operator “?.” to automatically check for nulls.

Example:

public class StdJava
{
  public static void main(String argv[])
  {
    for (String it : new String [] {"Rod", "Carlos", "Chris"})
      if (it.length() <= 4)
        System.out.println(it);
  }
}

can be expressed in Groovy as:

 ["Rod", "Carlos", "Chris"].findAll{it.size() <= 4}.each{println it}

project site: [http://groovy.codehaus.org/]

Ruby on Rails, relief in web-development

Platitude: Ruby on Rails makes development easier.

Ruby on Rails is open source web application framework for the Ruby programming language
It uses the Model-View-Controller (MVC) architecture pattern to organize application programming.

It is intended to emphasize:
Don’t Repeat Yourself (DRY) – writing the same code over and over again is a bad thing. Convention Over Configuration (CoC)– Rails makes assumptions about what you want to do and how you’re going to do it, rather than use endless configuration files.

Ruby on Rails provide many useful features ‘out of the box’ to make development tasks easier:
Scaffolding - automatic construction of basic models and views for fast start and testing.
WEBrick - small and simple ruby web server.
Rake - ruby based build system.
Object-Relational Mapping - maps database tables to classes.

Ruby on Rails simplify use of JavaScript libraries with special wrappers. It utilized lightweight RESTful web services, generate stubs for simple unit testing, .. db migrations, db fixtures, runtime environments.

project site: [http://rubyonrails.org/]

E-commerce that hurts less: Magento and Spree

While commercial platforms cost hundreds of thousands of dollars, they are heavy, and mostly are ugly. Lately I’ve meet: Magento and Spree.

Magento is an open source platform that based on php.

It already has good set of features [http://www.magentocommerce.com/features] and good
theme based structure that separates layouts, templates, and skins.

project site: [http://www.magentocommerce.com]

Spree is also open source but based on Ruby on Rails.
While Spree has less features then Magento due to it is young I like it a bit more for simplicity although it will not suit every need.

project site: [http://spreehq.org/]

Bespin — an experiment from Mozilla Labs that possibly will propose an open, extensible web-based framework for code editing that aims to increase developer productivity, enable compelling user experiences, and promote the use of open standards.

At this time we have initial working experimental prototype that we can use to understand concepts of Bespin and the possibilities that it opens up.
The protorype includes support for basic editing features, such as syntax highlighting, large file sizes, undo/redo, previewing files in the browser, importing/exporting projects.

As for me idea of web-based code editor is arguable due to we have enough excellent standalone open-source code editors like Netbeans [http://www.netbeans.org/] or Eclipse [http://www.eclipse.org/] that have good collaboration possibilities. Standalone code editors we can develop using pretty object-oriented languages like Java and don’t bother with Javascript. But time will say its word.

Mozilla wants you
The Bespin experiment is still in its infancy and just getting started. There are many ways to join the team and get involved: [https://bespin.mozilla.com/]

Melih Bilgil [http://www.lonja.de/] from Germany developed pictorial language. The aim was to find a common pictorial language for electronic communication and to ease the navigation.

Then he made a clip “History of the Internet”. It is an animated documentary explaining the inventions from time-sharing to filesharing, from Arpanet to Internet.

thanks Melih

Unknown thisMoment Inc presented new killer application, and service getting popular quite fast.
Who they want to kill? All our favorite social networks: Delicious, Facebook, MySpace, Flickr, Twitter.

All the conception behind is:
mark some moment in time
add some data(photos, video, music, text) to that moment
share your moment and look others

thisMoment is the latest creation of a team that has built and managed some of the Web’s biggest consumer properties, including GameSpot, MP3.com and TV.com, and more recently the Yahoo! Entertainment portfolio (Yahoo! Movies, Music, Games, Celebrity, TV and Video) and its Brand Universe initiative.
According to thisMoment

No API, or at least RSS aggregation at this time makes it arguable application for me but it is still Beta.
Look yourself, who knows .. perhaps it will be popular, and you will have problem with cool account name.

We all use twitter to read daily thoughts of famous people, friends or unknown men.
But yet year ago could we think it can be as popular as example of explosive growth — Digg.
Now they have same spread level: each control 0,021% of US traffic (number of visits).

“Last week, the market share of visits to Twitter surpassed Digg for the first time since launch and was ranked #84 (one above Digg at #85) in the Computers and Internet category. A big driver of traffic to Twitter last week was around the US Airways plane crash in to the Hudson River last Thursday, driving many posts and updates about the situation. One photo of the plane taken by Janis Krums, was viewed by many people via Twitter and was subsequently used across a number of traditional media outlets.”
via Hitwise Intelligence

Also UK Internet traffic to the site has increased 10-fold over past last 12 months. For the week ending 17/01/09 twitter ranked as the 291st most visited website in the UK, up from a ranking of 2,953 for the week ending 19/01/08. UK Internet traffic to the website has increased by 974% over this period.

Good steps twitter, go further ..

If you are web-developer you probably already heard about regression bug in recent Firefoxes, event latest Firefox 3.0.5 is affected.

Bug is described here on Bugzilla [https://bugzilla.mozilla.org/show_bug.cgi?id=441751], it is fixed, and should be available in new version of Firefox.

As the bug description notes Firefox ignores cache control attributes so we can’t just use them:
Cache-Control: max-age=0, no-store, no-cache, must-revalidate
Expires: Sun, 1 Jan 2000 00:00:00 GMT
Pragma: no-cache

Rare case is you need to tune cache then you can use browser.cache.check_doc_frequency parameter [http://kb.mozillazine.org/Browser.cache.check_doc_frequency] that can be accessed with about:config URL.

But for others question is what to do right now, event with new version of Firefox we can’t ask users to update their Firefoxes.

There are 2 solutions that we have found and tested:

1. If you want to make Firefox to reload some page
You can generate new URLs for any cache sensitive resources every time.
Add some insignificant parameters to URLs: http://www.google.com/something?aaa

2. If you need to make some actions within some page,
for example you need to provide an unique attribute for images in Ads campaign.
You can use Javascript to generate it.
Firefox uses same page but execute Javascript everytime.

You can use following code to generate random number:

<script type=”text/javascript”>
//<![CDATA[

var AdsId = '' + Math.floor(Math.random()*1999999999);

//]]>
</script>

I hope men will update their browsers fast so we will not stick with that like with IE6.