Take back the web

Today was not a good day for the internet. First I read Seth’s post, then Kathy’s sad and upsetting story directly. Then countless others…

This is just plain and simple not acceptable behavior. Period.

Brad nails it when he says:

KathyÃ¢â‚¬â„¢s story sealed it for me Ã¢â‚¬â€œ reputation and trust are at a tipping point and are an issue that is going to have to be dealt with in 2007.

I agree.

And before someone mentions it, no, censorship is not the solution here.

Seth once said:

Have you ever noticed that people you know are far less likely to cut you off in traffic, curse at you, or steal your parking space than treal strangers seem to be? There’s a reason: Anonymity is the enemy of civility.

(From Small is the new Big)

Maybe it’s time we bring civility back, don’t you think?

Kathy, hang in there! We are here to help.

Brace for impact!

Tomorrow might prove to be interesting! So fasten your seatbelts…

Paul Hirsch, a moderator on WebHostingTalk.com got wind that hacker Billy Hoffman with SPI Dynamics is going to do a talk tomorrow at Schmoo titled: “Javascript Malware for a Gray Goo Tomorrow”.

He created Jikto, a web scanner written in javaScript:

This homogenous platform, coupled with JavaScriptÃ¢â‚¬â„¢s new features has enabled attackers to perform advanced attacks using XSS that were thought to be impossible even 2 years ago. Self-propagating XSS+Ajax worms, advanced keystroke and mouse loggers, port scanning, fingerprinting, and assaulting intranet applications, as well as stealing search engine queries or browser histories are now all components in an attackers toolbox.

If this does not concern you just a bit, I’m not sure what could…

The good news? Well, he’s not going to release Jikto, at least not yet…

But this will definitely bring XSS in the forefront.

Charlie Rose talks with Bill Gates

56 minutes, not one boring moment! Charming, insightful, fascinating, I’m just so impressed by those 2…

And I’m glad I took the time to watch them and so should you if you didn’t already

(via Search Engine Journal, from PBS on 11/23/06, courtesy of Google Video)

Out with Dream Host, in with Rails Playground

Well, well, well, almost a year after signing up with Dream Host, after going through many turbulent times, trying to fix things up myself, and again, surviving an unannounced, and not so welcome upgrade, after hoping for mongrel support, it really came down to a severe case of overselling. Performance had become abysmal, database connections hard to come by, site was down for longer and longer periods of time. Sometimes several hours without much I could do to revive it.

Don’t get me wrong, not all overselling is bad as long as it is managed properly. In my case, it came down to cpu and resource usage (database, memory). I mean, a rails application like typo is no small app. It routinely had 3 fcgi processes, each 70Mb plus, which on a 4 Gb machine is over 5% of memory, ouch! A good thing that not everyone there runs typo! But I don’t think that was the problem though. On average, the load of the machine was between 10 to 20, which is high but could be sustainable if it wasn’t for the fact that cpu usage seems to be above 90% all the time. This does not give much for a little boost when needed. And on that front, Dream Host needs to make some improvements quickly!

To be honest, this does not seem to be a big issue to run something like wordpress and my other sites on the same machine seem to be doing just fine and I don’t plan to move then anywhere anytime soon. I mean, it is hard to beat the amazing storage space and bandwidth allotment.

So with all that in mind, it was time for a new host! I knew what I wanted:

mongrel support
ssh support
no need for extravagant bandwidth
no setup fee, reasonable month to month cost

To find the best contenders, I used Google and the Hosting page on rubyonrails.org.

The best fit: Rails Playground. This post is hosted there, and so far, so good. For $12/month, that looks like a very competitive plan for a rails app. Granted I can only run one app with 2 mongrels, but that will do great for now.

The transition went really smoothly, all things considered.

First thing was to export the database, and I hit a first snag trying to get the data. I could not get a database connection to dump the data, fortunately, I was able to do the export using phpMyAdmin.

On the Rails Playground side, it came down to setting up a database, importing the data, setting up Capistrano, and putting out a request for mongrel setup. Less than a couple hours works and the request for mongrel setup was completed overnight.

Then the only thing left was to switch dns (so the old site was still up, at least as much up as it can be while the dns change propagates), and that’s where the only hitch happened. I ran into a perl error on the Dream Host control panel. Nothing their support couldn’t solve, and an hour later the whois database was updated, and dns servers all over started to pick up the change, and Voila! Rails Playground, here I come!

I now have the distinct (ahem… cough) advantage of having the 2 biggest processes running on this new machine but shush, don’t tell anyone…

And what a difference this makes. Average cpu usage seems to be below 5% and so far, not dreaded 500 error page :)

Note: if you read this via RSS, this may get delayed because as I write this, FeedBurner is still polling the old site. Hopefully this will update by tomorrow.

Want to join 9rules?

Here’s your chance. Starting at 9pm Eastern time (that’s in 90 minutes), you have 24h to submit your blog, so don’t delay!

For more details, read the official announcement.

If it is past 9pm EST already, you submit directly on the submission page .

Dreamhost router upgraded

DreamHost just completed the replacement of their main router and everything seems to be back to normal, hopefully for good.

If you’ve experienced some bumpy turbulences on this site over the past 4 days, please accept my apologies. This should not happen anymore.

Thank you DreamHost for keeping things mostly afloat while waiting for the new hardware and keeping us informed along the way. That helped!

Rails Documentation Drive

Court3nay from ~:caboose has started a fundraising to be able to pay professional tech writers to beef up the Rails documentation. It is true that it is not advancing quite at the same pace that rails is and Court3nay’s initiative is a worthy one.

He’s aiming to raise $5,000 and after just a few hours he has reached half his goal.

If you enjoy Rails, please consider making a small donation, $10, $20, or whatever you can spare. That’s an investments that is sure to provide a return! So please help.

Fund the Rails Documentation Drive.

Update: the total is now $13,310, from 94 contributors, in less than 24 hours. Thank you everyone that contributed! This is going to help improve the doc a great deal!

Switching back to MacOS

The main reason for switching back to MacOS is the switch back to Intel. That had been the main inhibitor for a long time. I have a few sotwares that only run on Windows and with Parallels, this looks like it is going to be easy to run them. So for father’s day, I got a shiny new 20” iMac (Thank you!). I have been quite impressed with Apple lately, both from a Design perspective, but also from their overall strategy and execution of that strategy. What a change from that near death experience. The iMac is really a neat machine. The screen quality is outstanding, and the speed is great; I haven’t done any benchmarks, but just judging by how Firefox behaves, that’s pretty impressive.

Over the years I’ve used computers, I have probably used the whole spectrum of personal computers. Primarily Windows and Linux for the past 10 years. Macs for the 5 years before that. I was never quite out of the Mac altogehter since my wife insisted that she needed a Mac (having worked at Apple and all that…), but that wasn’t mine, I was just doing the support if something went wrong.

My first Mac was a Mac IIx, with a whopping 1Mb of RAM, courtesy of Apple France, back in 1989. That wasn’t my first computer, that one was a ZX81 from Sinclair, with 2Kb of RAM. Seems hard to imagine now. Especially now that my shiny new iMac came with 512Mb, and I felt that wasn’t quite enough, so I had to go to Fry’s and get 2Gb. Now that’s better!

Installing the RAM was a no brainer. I only found that Apple article after the fact, but it was easy to figure out, plus underneath the base, there are some instructions too. There are only 2 apparent screws on the whole things, plus a couple or torx ones, but I started with the regular ones, and bingo, there was the RAM.

So now I’m off with my hair on fire running around and setting things up. I’ve got quite a long list of things to install, figure out and tinker with. Things like updating Ruby, install TextMate, get an Rails app running, … I’ve already scoped out a few pointers in case I run into trouble.

Oh, there’s one more thing I could not stand for very long: the single-button-no-wheel-mouse! As part of the same trip to Fry’s, I got a bluetooth mouse from macally, the BTMOUSEJR and I can now scroll, and context click right from the mouse. The Apple mouse is really slick looking, and totally unpractical too! Steve, do something please ;) I have had some trouble with that mouse after the system came back from sleep mode, because it was no longer paired, but after reading the FAQ, it was just a matter of clicking the left and right button for a few seconds, and the mouse wakes up and everything is fine.

So over the upcoming weeks, in addition to Debina/Ubuntu stories, you can expect to also see quite a few Mac related posts.

Now, back to my long list, starting with Windows and Dapper Drake… I’ll keep you posted!

nano Rails to become a 9rules network member!

I’m proud, honored and also quite humbled to report that nano Rails has been selected out of 700 sites submitted to round 4 as one of the new members of the 9rules Nework! Round 4 adds 111 new members.

This is not official yet, but I’m very excited and look forward to becoming one of the newest 9rules member!

A few others I’m reading on a regular basis are also on the list:

I haven’t had a chance to review the 108 others, but if the quality of these 2 is any indication (as I think it is), I’m eager to check out the rest. Just not that easy to do while away from home.

6/05 update: Tyme has a clickable list.

Can you host a modified GPL software and not release it?

Here’s the question I was faced with today.

If you install a software that is licenced under the GPL license on a server, and let people interact with the software, do you have to make the source available? And furthermore, if you did modify that software, are you obligated to release that software along with the source.

A good example of that would be Joomla!. It is not uncommon to want to customize it, fix bugs very specific to your use of the software, etc…

Based on my understanding on the GPL, my inital thinking that you had to make your modifications available. But I had enough doubts that I wanted to find out more. After a few hours of research, it turns out I was wrong.

Essentially, the section 0 of the GPL clearly states that it only covers distribution, copying, and modifications (that you allow others to copy or that you distribute).

In fact, the GPL FAQ specifically addresses that issues under

A company is running a modified version of a GPL’ed program on a web site. Does the GPL say they must release their modified sources?.

The GPL permits anyone to make a modified version and use it without ever distributing it to others. What this company is doing is a special case of that. Therefore, the company does not have to release the modified sources.

It is essential for people to have the freedom to make modifications and use them privately, without ever publishing those modifications. However, putting the program on a server machine for the public to talk to is hardly “private” use, so it would be legitimate to require release of the source code in that special case. We are thinking about doing something like this in GPL version 3, but we don’t have precise wording in mind yet.

In the mean time, you might want to use the Affero GPL for programs designed for network server use.

Interestingly enough, this is appears to be a question that comes up often enough to be included in the FAQ and it mentions that they were considering addressing that issue in version 3. Based on my reading of the current draft of GPL 3, this has not happened yet, and unlikely to happen at this juncture.

That FAQ entry also points to an alternative license that would require you to release the code if you host the GPL software on a server: The Affero GPL or AGPL. Section 2.d has additional requirements on top of GPL:

2…d) If the Program as you received it is intended to interact with users through a computer network and if, in the version you received, any user interacting with the Program was given the opportunity to request transmission to that user of the Program’s complete source code, you must not remove that facility from your modified version of the Program or work based on the Program, and must offer an equivalent opportunity for all users interacting with your Program through a computer network to request immediate transmission by HTTP of the complete source code of your modified version or other derivative work.

The fact that someone felt they had to modify the text of the GPL to make it more epxlicit should in itself be proof enough that GPL does not cover it, and that therefore does not require you to release sources.

The AGPL is not a license that has a very wide adoption, but you can find quite a few projects using it beyond affero.org.

I’ve also found a discussion between Richard Stallman himself and Steve- Parker that yields the same answer:

Scenario 2) I modify GPL code – eg a CGI library – to suit my own needs for
use on a publicly-available web server. This code is being run, by the
general public, on my web server. Should I, in this case, make the code
available? Under the GPL, must I?

And Richard Stallman’s answer:

The GPL does not require it. But is not very good for the community
when people do this, so I am looking at a way that GPL 3 could
require publication in this case.

You will also find the discussion on the Open Source Law Blog relevant. What makes it more interesting is that Paul Arne is a lawyer that specializes in Open Source Software licensing.

So in conclusion, you can be fairly confident that the answer to my original question is “Yes, you can host a modified GPL software, and not be required to release your modifications”. Of course, by doing so, you lose the benefits of GPL, but that’s a debate for another day.