Helion-Prime Solutions blog

Advices for customer as part of project

August 26th, 2009 by vasiliy.kiryanov

Today even great application can die alone .. world has too many great applications.
me

Do you know what software development company sell?
Not just some abstract peace of software but application that can solve customer’s problems .. we should understand what customer wants from the application, what tasks he/she wants to solve with application.

We provide to customer our vision and suggest technology/platform/approach, customer provide ideas/plans/limitations .. together we will end with some satisfied result. But what then?
Then as usual we get our money and leave customer alone with his application.

What else we can give to them?

We should give business advices that can bring closer customer’s target.
Client can take them or not but part of our work is to give ones. Customers see that we care, that help to build better relationship and get great satisfaction .. we make great applications that work!

Share if you like:

Posted in be smart, business, internet | 2 Comments »

Fast scalability of Ruby on Rails with mongrel under OpenBSD

August 12th, 2009 by alex.shapovalov

preamble

Everybody who works with ruby on rails more then month knows at least 2 things:
it’s great framework, but can’t handle multiple requests simultaneously due to it still doesn’t use threads.

fast start

As scalability is common issue, rubyonrails site wiki provides full set of solutions:
[http://wiki.rubyonrails.org/#deployment_stacks]

But we as fast solution will use great OpenBSD pf (Packet Filter) that capable to do many cool things.
First issue is standard mongrail cluster that can start several instances of mongrail can only create them on one IP with different ports, and pf can’t distribute requests among different ports on same IP.

Here we can create 2 simple scripts that start and destroy server instances:
# cat start.sh

1
2
3
4
5
6
7
8
9
10

count=1
for ip in 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5
do
mongrel_rails start -e production -d --user myapp --group myapp --chdir /var/www/railsdocs/myapp \
--address ${ip} \
--pid /var/www/railsdocs/myapp/tmp/pids/mongrel.${count}.pid \
--log /var/www/railsdocs/myapp/log/mongrel.${count}.log

count=$(($count + 1))
done

# cat stop.sh

1
2
3
4
5

for instance in {1..5}
do
mongrel_rails stop --wait 3 --chdir /var/www/railsdocs/myapp \
--pid /var/www/railsdocs/myapp/tmp/pids/mongrel.${instance}.pid
end

And we need to enable pf:
#/etc/rc.conf.local

1 2	pf=YES #pflogd_flags= # add more flags, ie. "-s 256"

add one string to configuration file for load distribution:
#/etc/pf.conf

1 2	rdr pass log on re0 proto tcp from any to SOME_IP port 80 -> {10.0.0.1, 10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5 } port 3000 round-robin

check work with:
# pfctl -s nat

monitor with:
tcpdump -n -e -ttt -i pflog0

for more info on pf:
http://www.openbsd.org/faq/pf/
man pf.conf (especially ‘TRANSLATION’ and ‘POOL OPTIONS’ sections)

Then when you see you need more advanced solution for load distribution you can install haproxy.
Check it with [http://www.openbsd.org/4.5_packages/i386/haproxy-1.3.15.7.tgz-long.html]

Share if you like:

Posted in internet, openBSD, ruby, web-development | 1 Comment »

Twitter directory: our look on how it should work

July 6th, 2009 by vasiliy.kiryanov

“Be the change you want to see in the world.”
Mahatma Gandhi, Indian political and spiritual leader (1869 – 1948)

There are a lot of twitter directories on Internet today. Here I would want to check few most popular ones and provide our look on good directory.

Structure of directory

1. plain list of categories
There is a number of categories on top page, user select one category, and browse all members in that category.

example from: [http://justtweetit.com/]

disadvantages:
a. enormous list of categories on main page.
b. cutting the list of categories creates too broad categories where too many entries are placed.

2. tags for naming of entries
For every entry user can provide number of tags, then users can select appropriate tag.
In theory user has ability to select most narrow meaning and thereby limit number of entries.

example from: [http://wefollow.com/twitter/tags/]

disadvantages:
a. there are still too broad tags like ‘celebrity’ with enormous amount of entries.
b. number of tags, so it is hard for user to select most narrow tag.

3. search engine style
Like in search engine user provides search term, and system search for similar entries.

example from: [http://twitdir.com/]

disadvantages:
a. user should know twitter name.
And if so user can use build-in twitter search [http://search.twitter.com]. But what if he/she wants to find for example pop style singer? Then user needs directory again!

Administration of directory

All current directories provide possibility to any user to add himself/herself and so suffer from spammers and common(uninterested) users. There should be some quality criteria and some administrators that ensure continues quality of twitter IDs and correctness of provided information.

As it is money consuming tactic directory should make some money to cover costs or use open-source model where authorized users can check entities as it works in DMOZ directory [http://www.dmoz.org/help/become.html]

Will follow Gandhi’s idea

After some discussions within our company we have decided finally to create our own directory of twitter users.
We are taking into account disadvantages of current directories, and so our directory:
*has tree structure to reduce complexity, and size of categories
*uses moderators that ensure quality of twitter IDs before they add them.

Start exploration at: [http://twitwho.net].

Of course there is unlimited ways to improve everything, and so we are open to any suggestions and complains:
helion-prime’s twitter: [http://twitter.com/helionprime]
twitwhohq’s twitter: [http://twitter.com/twitwhohq]

Share if you like:

Tags: twitter, twitwho
Posted in internet, web-development | 2 Comments »

Authorization with LDAP on OpenBSD

May 7th, 2009 by vasiliy.kiryanov

preamble

common case: you have LDAP server and want to use it to authorize your users on OpenBSD.

First thing is to understand if you really want to use LDAP server for authorization due to OpenBSD doesn’t have build-in support for it.

But has such support for many others authorization styles:
# passwd local password file
# krb5 Kerberos V password
# radius radius authentication
# skey S/Key authentication
# activ activCard X9.9 token authentication
# crypto CRYPTOCard X9.9 token authentication
# snk Digital Pathways SecureNet Key authentication
# token Generic X9.9 token authentication

see for details: man login.conf

setup as pain

1. login_ldap – contact ldap directory server for authentication

install login_ldap package:
# pkg_add -iv login_ldap

use example files in: [/usr/local/share/examples/login_ldap/]
configure it in /etc/login.conf

you should add something like this:

1
2
3
4
5
6

ldap:\
:auth=-ldap:\
:x-ldap-server=127.0.0.1,,ssl:\
:x-ldap-basedn=ou=Users,ou=auth,dc=helion-prime,dc=com:\
:x-ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\
:tc=default:

look for details: man login_ldap

test it with: # /usr/libexec/auth/login_-ldap -d -s login USERNAME ldap

2. ypldap – YP map server using LDAP backend (provide users’ info)

as OpenBSD has great support for YP using of ypldap provides soft integration of LDAP server.

use example in man: man ypldap.conf
configure it in /etc/ypldap.conf

you should have something like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

interval 100
domain "helion-prime.com"

provide map "passwd.byname"
provide map "passwd.byuid"
provide map "group.byname"
provide map "group.bygid"

directory "127.0.0.1" {
# directory options
binddn "cn=Manager,dc=helion-prime,dc=com"
bindcred "password" #we don't need it if anonymous searches are allowed
basedn "ou=Users,ou=auth,dc=helion-prime,dc=com"

# passwd maps configuration
passwd filter "(objectClass=posixAccount)"

attribute name maps to "uid"
fixed attribute passwd "*" # we do no need passwords - we use login_ldap for authentication
attribute uid maps to "uidNumber"
attribute gid maps to "gidNumber"
attribute gecos maps to "cn"
attribute home maps to "homeDirectory"
fixed attribute shell "/bin/ksh" # no bash in default install (check it)
fixed attribute change "0" # we can have issues with time format (check it)
fixed attribute expire "0" # we can have issues with time format (check it)
fixed attribute class "ldap" # class of login.conf

# group maps configuration
group filter "(objectClass=posixGroup)"

attribute groupname maps to "cn"
fixed attribute grouppasswd "*"
attribute groupgid maps to "gidNumber"
list groupmembers maps to "memberUid"
}

test it with: # ypldap -dv

as ypldad currently doesn’t support ldap over ssl, you should configure your ldap server to listen over regular ldap.
I believe developer soon will create appropriate support for it.

3. ypbind – create and maintain a binding to a YP server

add your domainname to /etc/defaultdomain
# echo DOMAINNAME > /etc/defaultdomain

the standard way to enable YP passwd support in /etc/master.passwd is to add string: +:::::::::/bin/ksh
use vipw to edit master.passwd

see for details: man 5 passwd

same with groups:
# echo “+:::” >> /etc/group

see for details: man 5 group

4. automate execution

worst part is: we should modify: /etc/rc script

1
2
3
4
5
6
7
8
9
10
11
12

if [ X`domainname` != X ]; then
if [ -d /var/yp/`domainname` ]; then
# YP server capabilities needed...
echo -n ' ypserv'; ypserv ${ypserv_flags}
#echo -n ' ypxfrd'; ypxfrd
fi

#if [ -d /var/yp/binding ]; then
# # YP client capabilities needed...
# echo -n ' ypbind'; ypbind
#fi
....

second entry will run ypbind before ypldap that we exec according to OpenBSD rules in rc.local

Then we should add something like this to: /etc/rc/local

1
2
3
4
5
6
7

if [ X"${ypldap_flags}" != X"NO" ]; then
echo -n ' ypldap'; /usr/sbin/ypldap ${ypldap_flags} 1> /dev/null &
fi

if [ -d /var/yp/binding ]; then
echo -n ' ypbind'; ypbind
fi

And to /etc/rc.conf.local:

1 2	portmap=YES ypldap_flags=""

When I review text I see that it is quite easy and it is hard to believe someone can spend more then hour on this ..
Good luck, guys..

Share if you like:

Tags: ldap, login_ldap, ypldap
Posted in openBSD | 3 Comments »

The Crisis of Credit Visualized

April 9th, 2009 by henadiy.atroshko

preamble

Wonderful guy Jonathan Jarvis created great video as part oh his thesis work in the Media Design Program, a graduate studio at the Art Center College of Design in Pasadena, California. Here we can see simple story of the credit crisis.

“The goal of giving form to a complex situation like the credit crisis is to quickly supply the essence of the situation to those unfamiliar and uninitiated.”

Thanks Jonathan for good work, keep working, we will be watching you..

His site: [http://jonathanjarvis.com]
He works now as interaction & media designer.

Share if you like:

Posted in be smart | No Comments »

Blogs

Categories

Meta

Advices for customer as part of project

What else we can give to them?

Fast scalability of Ruby on Rails with mongrel under OpenBSD

preamble

fast start

Twitter directory: our look on how it should work

Structure of directory

Administration of directory

Will follow Gandhi’s idea

Authorization with LDAP on OpenBSD

preamble

setup as pain

The Crisis of Credit Visualized

preamble