War on drugs going well

I was reading an about recent drug busts at the Canadian border that utilized helicopters and planes. Buried within the article is some evidence on just how well the War on People Ingesting Stuff We Don’t Like Them Ingesting is going.

Despite the arrests, investigators this week conceded that they have not stopped the practice and are unlikely to ever do so.

So, let me get this straight, what you’re doing isn’t stopping this practice and it’s unlikely to do so? There’s a term for this: failure. Please insert my usual comment here about how drugs should be legalized, regulated and taxed like booze and cigarettes. Oh and the entire budget for War on People Ingesting Stuff We Don’t Like Them Ingesting could maybe go into education. Of course, we all know that only backwards third world countries with horrific crime rates and low life expectancies decriminalize drugs right? Places like Canada, Switzerland, the Netherlands and Mexico.

And don’t get me started on how much it costs to house potheads in prison. What a perfectly awesome way to waste my tax dollars.

Warren Buffett and Gates team up

Warren Buffett announced over the weekend he’ll be giving about $37 billion dollars away to charity. Most of it will be going to the Bill & Melinda Gates Foundation, which focuses mainly on world health issues and improving libraries and schools here in the US. In all the foundation will oversee about $60 billion in assets. Invested fairly conservatively you could expect them to make about 7% on that money each year, which is about $4.2 billion a year. Accounting for inflation (3%) you’re still looking at $2.4 billion a year in revenue. And this isn’t accounting anyone else dropping a few billion into the piggy bank. That’s more 61 nations’ GDP’s for 2003.

Say what you want about Bill Gates, Microsoft, Warren Buffett and rich people in general. The fact remains that the Gateses and Buffett have created the largest charitable organization in the history of human kind. It has noble goals such as curing HIV/AIDS in Africa and improving our schools and libraries. And, honestly, how can you argue with their goal.

The foundation’s global health mission is to help ensure that lifesaving advances in health are created and shared with those who need them most.

43 Miles

John, Carly and I took to the streets again today on our bikes. Our goal was the south loop around Lake Washington, which is about 40 miles. Due to some detours by our fearless navigator, John, it stretched into 43 miles. Amazingly, I’m not dead. I’m extremely tired, but the ride felt fine. The last hill up Eastlake and 10th almost killed me, but I managed and topped of the day with Kay at a local swimming pool. I need to get a camera so I can start taking pictures on my bike rides.

Some additionally interesting facts are that it was 85+ degrees the entire ride, I drank three liters of water (and didn’t pee, which means I sweated three liters of water) and it took us about 3.5 hours I believe.

A warning about REPLACE INTO and InnoDB

From time to time I get lazy and use REPLACE INTO instead of checking for records and then only inserting the ones that don’t exist. It works really well for importing records where some records might be already in the database. Today, I ran into a little snag due to my laziness.

MySQL uses the following algorithm for
REPLACE (and LOAD DATA ...
REPLACE
):

  1. Try to insert the new row into the table
  2. While the insertion fails because a duplicate-key error occurs for a primary key or unique index:
    1. Delete from the table the conflicting row that has the duplicate key value
    2. Try again to insert the new row into the table

When you combine this with foreign keys that are defined with ON DELETE CASDCADE you end up nuking child records when you REPLACE INTO a parent record. It only took me an hour and a half to debug this insanity.

You know you're from Michigan

  1. “Vacation” means going to Cedar Point.
  2. At least one member of your family disowns you the week of the Michigan vs. Michigan State game.
  3. Half the change in your pocket is Canadian.
  4. You drive 86 mph on the highway and pass on the right.
  5. Your idea of a traffic jam is 40 cars waiting to pass an orange barrel.
  6. You know how to play (and pronounce) Euchre.
  7. It’s easy to get Vernor’s Ginger Ale, Sanders Hot Fudge sauce and Faygo Pop.
  8. You know how to pronounce “Mackinac”.
  9. You’ve had to switch on the heat and the A/C in the same day.
  10. You bake with soda and drink a pop.
  11. The movie “Escanaba in Da Moonlight” wasn’t funny. You consider it a documentary.
  12. Your little league game was snowed out.
  13. The word “thumb” has geographical meaning, rather than anatomical significance.
  14. You show people where you grew up by pointing to a spot on the back of your left hand.
  15. Traveling coast-to-coast means driving from Port Huron to Muskegon.
  16. You measure distance in minutes.
  17. When giving directions, you refer to “A Michigan Left”.
  18. You know that Kalamazoo not only exists, but it is either raining or snowing there, and it’s not that far from Hell.
  19. Your year has four seasons: almost winter, winter, still winter, and road construction.
  20. Owning a Japanese car was a hangin’ offense in your hometown.
  21. You drive 60 mph thru 2 feet of snow in a raging blizzard, without flinching.
  22. You think Devil’s Night is celebrated everywhere.
  23. You know what a “Yooper” is.
  24. Octopus and hockey go together as naturally as hot dogs and baseball.
  25. The snow freezes so hard that you can actually walk across it and not break it or leave any marks.
  26. You lost your virginity up at Higgins or Houghton to some skank from Detroit.
  27. You know how to spell and pronounce “Ypsilanti”
  28. Your favorite holidays are Christmas, Thanksgiving, the opening of deer season and Devil’s Night.
  29. Your car rusts out before you need the brakes done.
  30. At least 25% of your relatives work for the auto industry.
  31. You know more about chill factors and lake effect than you’d ever like to know!
  32. Your snowblower has more miles on it than your car.
  33. Shoveling the driveway constitutes a great upper body workout.
  34. Half the people you know say they are from Detroit, yet you don’t personally know anyone who actually lives in Detroit.
  35. You learned how to drive a boat before you learned how to ride a bike.

Secure iDisk with WebDAV+SSL+PAM on Debian/Apache2

I’ve been putting together a new file server for personal use that I plan on hosting on my DSL at home (7mbit/896kbit). I have Gig-E inside my condo and just shy of 1mbit from outside my condo over a static IP address. More than enough bandwidth to serve my personal email, my website along with a few friends’ sites and email. The next question, of course, is what to do with the hundreds of gigabytes laying vacant on the server.

Being that I run OS X 10.4 and so do my other friends the obvious solution was WebDAV over SSL. I wanted to be able to mount my $HOME/public_html over SSL using PAM for authentication. Surprisingly, this actually works with a few hacks.

Warning

The rest of this article includes a few hacks that mess with permissions in a way that some people will scoff at. I understand this fully and am using this little space to warn you ahead of time that doing this will give Apache access to your /etc/shadow file.

List of Ingredients

  1. An installation of Debian GNU/Linux running Apache2 (specifically apache2, apache2-common, apache2-utils, and libapache2-mod-auth-pam)
  2. Everyone’s favorite scheduler, cron
  3. A text editor

Enabling/Disabling the appropriate Apache2 modules

Using the script a2enmod you’ll want to enable auth_pam, dav_fs, dav and ssl. These are the basic modules required to get this setup going. You might also be interested in installing the php5 module, etc. I won’t be covering that in this section. You will actually want to disable the userdir module. I did this mainly to disable WebDAV from working under the non-SSL Apache2 instances. I now include these files directly from my SSL <VirtualHost> configuration.

Setting up the SSL <VirtualHost> in /etc/apache2/sites-available/default


NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem
    DocumentRoot /var/www/
    Include /etc/apache2/mods-available/userdir.load
    Include /etc/apache2/mods-available/userdir.conf
</VirtualHost>

Setting up the WebDAV in /etc/apache2/mods-available/userdir.conf


<IfModule mod_userdir.c>
    UserDir public_html
    UserDir disabled root

    # Make sure to chown www-data:www-data this file
    DAVLockDB /var/lib/apache2/DAVLockDB
    <Directory /home/*/public_html>
        AllowOverride FileInfo AuthConfig Limit
        Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
        DAV On

        AuthPAM_Enabled On
        AuthPAM_FallThrough Off

        # This is so when you edit files over DAV they
        # aren't ran through pre-processors (ie. PHP)
        ForceType text/plain
    </Directory>
</IfModule>

Allow www-data to view /etc/shadow

By default only root and those in the group shadow can view /etc/shadow. Add the user www-data to the group shadow. Now is probably a good time to restart apache using /etc/init.d/apache2 force-reload if you haven’t already.

Setting up the $HOME/public_html

In your $HOME you’re going to want to create public_html and chown $USER:www-data public_html along with chmod 775 public_html. This allows both $USER and www-data to modify the contents of public_html.

Editing $HOME/public_html/.htaccess

After this cd into public_html and open up .htaccess and add the following lines to it (replace $USER with whomever’s $HOME you’re putting this in).


AuthPAM_Enabled on
AuthType Basic
AuthName "PAM"

# If the user you're creating this for is /home/jstump then
# replace $USER with jstump
require user $USER

This is pretty key as it allows you to keep authentication for your WebDAV and SSH tied together. It also specifies which user can log into this particular WebDAV share. If you don’t put require user $USER in there then anyone can log into anyone else’s share. That’s not good.

Fixing permissions

The problem with this setup as of now is that if you create a file from the mounted WebDAV folder in OS X it’s created as www-data and vice versus if you’re logged in via SSH.

Warning

The following is an ugly hack, but it works. It should be used with caution and not trusted on production servers you truly care about.


#!/bin/sh

# Loop through all users and chmod/chown files and directories in $HOME/public_html
# I'm sure there is a better way of doing this.
for i in `ls /home`
do
    find /home/$i/public_html -type d -print -exec chown $i:www-data {} ;
    find /home/$i/public_html -type d -print -exec chmod 775 {} ;
    find /home/$i/public_html -type f -print -exec chown $i:www-data {} ;
    find /home/$i/public_html -type f -print -exec chmod 664 {} ;

    # I did this to keep users from editing their .htaccess
    chown root:root /home/$i/public_html/.htaccess
    chmod 644 /home/$i/public_html/.htaccess
done

Set this up to run in root‘s cron every minute. This will fix permission problems so that, after sixty or so seconds, you can edit files via SSH or your WebDAV mount.

Connecting to your WebDAV share from OS X

  1. Open a Finder window
  2. Hit CMD+K
  3. Type in https://my.server.com/~username for the location
  4. Click “Connect”
  5. Click “Continue” when it asks about the boned SSL certificate (install a valid SSL certificate to avoid this annoyance)
  6. Enter your username/password when prompted

Known Issues/Problems

  1. Apache can read/write to all files in $HOME/public_html
  2. Apache can read /etc/shadow
  3. Requires a cron job to fix permissions
  4. You lose the ability to have publicly accessible http://www.mysite.com/~username URLs

Conclusion

I’ve added $HOME/www/www.joestump.net along with my other sites and can now edit them through Finder or Term from my Macs at work and home. It’s all done over SSL and authentication is done via PAM, which means it’s fairly secure and easy to use. Personally, the few sacrifices are worth it to me to have this kind of setup. It also allows me to, say, save media files from work to home and vice versus in a pinch. I could also use various backup software, such as rsync, to sync and back up my various applications and data from computer to computer. Overall, I’m pleased with the outcome.

Missy Higgins and Ian McFeron at The Crocodile

Last night Kay and I went to The Crocodile Cafe to take in a show. We saw Missy Higgins and Ian McFeron. Overall, I give the show a good grade. Though I always give good grades to shows where I can hear what the singer is singing and the music doesn’t totally sound like ass.

First up was Ian McFeron, who played last year at Bumbershoot. He sounded a little bluesy and a little honkey tonk, but was fun to watch. I always enjoy someone on an acoustic guitar on stage who looks like they’re really enjoying putting on a show. His fiddle player, on the other hand, looked awkward and uncomfortable. She had this smile on her face that said, “I have no fucking clue what I’m doing here. I thought learning to play the violin would land me a rich husband.”

After a brief intermission Missy Higgins came on. You could tell because all of the lesbian’s wallet chains were clanking with excitement. Seriously, the minute this girl started playing the piano every short haired Emo girl in the place let out a sigh. Her Wikipedia entry says her music has been described as “bland and underproduced” and I couldn’t agree more. She sounded fine, but she never really achieved full jamfest, which disappointed me a bit because it almost felt like she was holding back. Never the less, she did end up belting out a few good songs.

As a side note, I drank some Flat Tire beer that that tasted like it had been laced with farts. Seriously, I don’t remember Flat Tire tasting that bad. Luckily, they had New Castle so I was able to clear my palate (as a side note to my side note, I had to Google the correct spelling of palate/pallete/pallet).

Fremont 5k Fun Run

The gang

This last Friday I ran my first 5k with a time around 27:40 0:27:29.0 (I can’t seem to find my official time anywhere online I placed 272nd out of a field of 345 or 66th out of 75 for my division). Not too shabby considering I hadn’t ran 3.2 miles in forever and that I rode my bike a bit over 4 miles to get to the race, which wasn’t my wisest decision as of late.

At any rate, the run felt great and we had a great time at Norm’s after the race. Maybe by the end of the summer I’ll do something crazy like a half marathon or a sprint triathlon.

Novara Express

Novara Express

You’re looking at my new wheels. I decided to finally break down and get a bike because I didn’t have anything else better to do during the summer and I’m looking to explore Seattle in a bit more intimate setting. I’m also getting this insane idea that it might be fun to participate in a sprint triathlon or longer rides like the Seattle to Portland ride.

I was looking into getting the Cannondale Bad Boy Disc, but ended up going this route for a number of reasons. The Express came with handle bar extenders, a carbon fiber fork and shifters that I considered easier to maneuver than the BBD’s. I took it out for a spin a few days ago and did about 12 miles in Beacon Hill and Madrona. Good times.