PlanetJoel.com

ActionView::TemplateError (no block given) when using find_all

Joel joelh-website@planetjoelDOTcom — Fri, 11 Jun 2010 00:34:47 +0000

No block given aye? One of the problems with the magic of rails is that you get very magic error messages back. In my case the fix was to use find(:all) instead of find_all() which has now been deprecated

OpenVPN: Dynamically create IPtables rules based on LDAP group membership

Joel joelh-website@planetjoelDOTcom — Fri, 14 May 2010 08:19:21 +0000

I'm releasing two small perl scripts I wrote which provide the client-connect and client-disconnect scripts for OpenVPN such that you can dynamically create IPtables firewall rules based on LDAP group memberships. You push out routes to all your internal networks to the user then using IPtables only allow traffic to specific destinations and ports. This allows you to give out customized and limited VPN access, or VPN access based on roles.

Rules are looked up in an LDAP database using the common name of the certificate as the unqiueMember to a groupOfUniqeMembers. Details of how to install it are in the zip.

Currently it only supports TCP protocol. It could easily be extended to support other protocols.

Download: openvpn_ldap_iptables.0.1.zip

Webfaction

Joel joelh-website@planetjoelDOTcom — Sat, 10 Apr 2010 11:08:45 +0000

I signed up my django project to WebFaction. I'm currently evaluating their service and will post my opinion of them once I get the site up and running.

Wikileaks

Joel joelh-website@planetjoelDOTcom — Sat, 10 Apr 2010 11:07:58 +0000

I just donated $25USD to Wikileaks. Please go there and watch their latest video, it was very disturbing but its important that you we the war in Iraq as it really is.

Music Blog: Sound Fleet

Joel joelh-website@planetjoelDOTcom — Sat, 10 Apr 2010 07:33:18 +0000

So me and some friends decided it would be a good idea to start up a group music blog.

Its still very fresh but I enjoyed hammering out a few posts. If your also a music lover contact me and we will continue adding you to the blog (after a rigorous interview process of course).

Sound Fleet Blog

Background/Wallpaper Desktop Switcher

Joel joelh-website@planetjoelDOTcom — Sat, 10 Apr 2010 06:40:42 +0000

Was looking around for a good free background desktop switcher, and I found so much crap. Google struggles to find good free software and instead preferences spam websites and commercial software, its very frustrating. Anyway I've started using John's Background Switcher and so far it works great.

Choosing the right SSL certificate

Joel joelh-website@planetjoelDOTcom — Thu, 25 Mar 2010 11:30:52 +0000

Not all SSL certificates are the same, here is a rough round-up of differences:

Verification Levels

There are three basic levels of verification: domain only, domain and business, and domain business and identity of representative. Domain only is actually quite weak authentication when you think about it, it doesn't prove you are who you say you are or that you have the right to use the brand. However to most end-users they won't know the difference and they will see the locked icon. Domain and business is what is typically provided, and they normally require something trivial like a corporate credit card to verify you are the business in question.

Extended Verification is the new standard that requires extra steps by the CA to verify you are actually who you say you are and are the legal entity allowed to trade under that name. See wikipedia's entry for more details. In Firefox an EV certificate will show as a Green box slightly to the left of the URL itself with the company name.

Indemnity

Each SSL provider will give different Indemnity insurance should you someone else fraudulently either use your certificate or your domain coming from the same CA. I think its very rare that people actually need to go down this path

Coverage across browsers

Typically all major SSL providers will be supported on all major OSes out of the box straight away. Some may require you to serve an intermediate chain bundle, which can be a hassle. Revocation

Revocation

Not all CA's support the ability to revoke certificates - surprisingly to me when I last looked at this only a handful had certificate revocation url's listed. If your serious about your security pick one that does have a revocation URL. Summary

Cost

Certificates can vary wildly in cost. Consider the vendors reputation and staying power when considering a certificate, and don't assume more cash means a better product. Consider the interface and flexibility you have in your CSR - all should support uploading a CSR directly.

Encryption Support

All modern certificates should support 256-bit encryption.

Summary

If your needs sound basic and simple, I would recommend you purchase something cheap. RapidSSL, InstantSSL, GoDaddy or any of the other large players are all fine.

If you are a bigger player, considered upgrading to a new EV certificate. It gives your site a professional look especially among internet savvy users. The process can be timing consuming so budget extra time to get an EV certificate

. See also: Wikipedia Comparison of SSL certificates.

Subversion Pre-Commit hook to check sudoers file syntax

Joel joelh-website@planetjoelDOTcom — Tue, 06 Jan 2009 21:32:23 +0000

In my short running series extremely obscure pieces of code that hopefully someone else in the universe will find useful I bring you a pre-commit hook for subversion that checks to make sure your sudoers file has correct syntax. This is useful for us because we have a very large sudoers file and once commited into subversion it will get deployed to all of our boxes. If it contains a syntax error this would be quite nasty.

While coding it I ran into a fun little bug that means if you try and print too much to stderr it hangs which made things a bit more interesting.

Enjoy

lshw

Joel joelh-website@planetjoelDOTcom — Sun, 28 Dec 2008 19:56:34 +0000

Every now and then you come across a genuine new command that you haven't heard of before that does something useful. lshw lists basically everything hardware related you would want to know about a new box you have just jumped on to. It is extremely detailed and easy to read and should be available with a simple "apt-get install lshw" on either ubuntu or debian.

Flickr-CAPTCHA v0.2 using PHP and the FlickrAPI for human recognition

Joel joelh-website@planetjoelDOTcom — Tue, 16 Dec 2008 04:16:29 +0000

Flickr-CAPTCHA is a captcha program that uses flickr images and tags to decide whether someone is human. A random thing is selected (from a list of things) and a random number of flickr images are chosen a long with a set of decoys. Each decoy contains at least one other thing in order to prevent images that are ambigious and to try and keep it obvious they are decoys. The user must then select all images and if they get 50% right (with minus marks for wrong answers) we consider them definitely human. It should be quite difficult for a computer to guess which images to select but fun and enjoyable for a human. It requires only very basic english skills.

SECURITY

Image ID's are hashed then proxied through a PHP page so that a bot cannot simply lookup the image themselves through the flickr API. They could potentially use the author and the title so an option exists to hide the title as well if you are paranoid. You will also want to adjust the acceptedRatio if you are really paranoid.

IMAGE LICENSING

We are only selecting images that have attribution licenses, not those that are all rights reserved. Every image being displayed is attributed to the author with a link to their flickr page. I am not a lawyer, see the LICENSE file for warranty (hint: there is none).

Pros

Fun and easy to use
Easy for human / hard for computer
Customizable

Cons

Slow to load all the images
Not secure

To get started check out the README file

Download Flickr-CAPTCHA v0.2

Flickr-CAPTCHA online tester

Older Releases: 0.1.