Blogging web software development

For a bit of fun we posted an simple online tool to convert text to HTML.  We even added an API so you can use it to get results in JSON or XML.

And for more fun we added an HTML to text tool and an HTML simplifier/sanitizer/cleaner tool.

Every few months I setup a new Tomcat based website. It is mostly the same, simple steps. And I keep needing to re-remember those steps. So for my own reference and to maybe help some others I have gone and documented my process.

First up: order a VPS. I do that at http://launchtimevps.com/ Anything with 768MB of memory is going to be OK for tomcat. Go with 1.5GB is a reasonable option.

Wait a couple of minutes for the server to install. Then log in and install a few extras:

apt-get install rsync subversion sun-java6-jdk ant

Per http://rimuhosting.com/mod_jk2_and_mod_proxy_ajp.jsp we will need this enabled to connect up Apache and Tomcat:
a2enmod proxy proxy_ajp
Read More »

MacOSX Lion’s Safari crashing on you?  Reloading a page after clicking on a select field?  Running Safari Version 5.1 (7534.48.3)?

There appears to be a bug triggered when you have:

a) a woff format webfont (not eot, or svg, or ttf) and

b) a select field (being clicked)

c) a border css set (e.g. border:none, or boder:1px).

The solution is to not have a woff format webfont and border specified on a select field.

 safari-woff-fail.html

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>

<head>
<style>

@font-face {
    font-family: 'MuseoSans';
    src:
        /*url('http://localhost:8080/mailserv/type-face/Museo-Sans/museosans_500-webfont.eot?') format('eot')*/

    url('http://www.huqueerpress.com/type/chaparralpro-regular-webfont.woff')
    format(
    'woff'
    )
}

select {
    border: 1px;
    font-family: 'MuseoSans';
}
</style>

</head>
<body>
    <form method='post' action='signup.jsp'>
        <select id='foo'>
            <option value='' selected='selected'>Select Country*</option>
            <option value='Zimbabwe'>Zimbabwe</option>
        </select>
    </form>
</body>
</html>

Go to your Tomcat directory.  e.g. cd /usr/local/tomcat/

Create a certificate:

keytool -genkey -alias tomcat -keyalg RSA   -keystore .keystore –storepass ‘password’

Use your domain name for the first/last name field.  e.g. example.com or localhost.

Then in conf/server.xml uncomment the SSL connector and set the keystore file and password attributes.

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
clientAuth=”false” sslProtocol=”TLS”
keystoreFile=”.keystore”
keystorePass=”password”
/>

Then restart tomcat.

Ideally I would be able to use my PEM files from my apache configuration.  Anyone know how to convert those to a keystore?  Or how to get tomcat to use a PEM file?

Most of us are Linux geeks running Ubuntu and Firefox (and every now and then Chrome).  We also have one PC for the devs to do IE testing on Windows.  Safari ends up not that well tested.  Since most of us don’t have Macs.

Recently a few safari users pointed out that our VPS ordering system at http://launchtime.ri.mu was not working.
We spent an age messing about with the Firefox lite extension and not making progress (it is a little too light).

Eventually we found the magic command (to run in Terminal) which will enable the Develop menu:

defaults write com.apple.Safari IncludeDebugMenu 1

After that is is a quick matter of reloading the page. And getting the javascript error (javascript object attribute name of class without the quotes). And fixing it.

To disable it (but why?):

defaults write com.apple.Safari IncludeDebugMenu 1

Note to self: this tcp dump command will grab the first 1024 bytes (vs. smaller 68 or so) and line buffer the output for all packets going to example.com.  e.g. letting me see exactly what headers are being sent by my browser.

tcpdump -s 1024 -l -A dst example.com

Read More »

I typically implement permission checks at interface ‘boundaries’.  e.g. asserting permissions at the start of a JSP page.  e.g. on REST requests I ensure all @Path parameters have them.  e.g. each DWR method starts with a permission check.  Even if a permission is not required to access a page/resource/function I’ll throw in a guest (no-op) permission check.  Just to be explicit about that fact.

I went against this pattern, just recently.  Implementing a permission check down in the bowels of some application object.  Since that seemed to be the place where we knew enough about the action (what user account we were modifying, what action was being performed). Read More »

The MVC (model-view-controller) software pattern for user interfaces

A UI (user interface/interaction) isn’t necessarily an application’s window on your PC.  It can be a web page (or set of pages).  A command line application.  Or a REST-ful web interface.

A good UI should flow well.  It should make it easy for a user to achieve their goals.

The Model View Controller MVC pattern is a popular pattern that is used to implement user interfaces.

A question of coupling

Should the model, the view and the controller all be beautifully and cleanly decoupled from each other?  How much should the view know about the controller and vice versa?  How much should the view know about the model, and vice versa? Read More »

HTTPOnly is a setting on cookies that some browsers can implement by not making the cookie available to the HTML document dom or via javascript.

i.e. The cookie is only visible to the browser and the server but not to any code on the page itself.

This can help prevent a user injecting malicious code into a page that hijacks or exploits the content of the cookie (e.g. session/state information, or passwords or usernames, etc).

Tomcat 7 implements HTTP Only by default on session IDs.

DWR uses the session cookie to protect against cross site scripting attacks.  See also http://directwebremoting.org/dwr/security/script-tag-protection.html

With HTTPOnly set that does not work and DWR will start popping up “CSRF Security Error” dialogs.  Ugh.

Read More »

Note to self about mysql scale, precisions and roundings:

mysql> select 123.1231 as traw, convert(“123.1231” , decimal(10,1)) as t10_1, convert(“123.1231” , decimal(2,1)) as t2_1, convert(“123.1231” , decimal(4,1)) as t4_1, convert(“123.1231” , decimal(4,0)) as t4_0;
+———-+——-+——+——-+——+
| traw     | t10_1 | t2_1 | t4_1  | t4_0 |
+———-+——-+——+——-+——+
| 123.1231 | 123.1 |  9.9 | 123.1 |  123 |
+———-+——-+——+——-+——+

Scale = number of significant digits to store.  Precision controls maximum number of decimals.

At RimuHosting we do a lot of support. Thousands of emails a month. And we have a good sized crew of sysadmins handling those requests.

To help us better manage how we respond to our customer emails our software developers created a software application which we call Envelope. Envelope hooks up to our IMAP email server. And stores a copy of the email requests we receive and send. Our sysadmins then use the Envelope web pages to manage those emails. They can ‘grab’ them (meaning they will be working on them); add notes (e.g. to help other team members better respond) and edit attributes like due dates and urgencies. So that we can better triage and manage which emails to deal with in which order.

Envelope is basically a ticket system help desk for your emails (for people who don’t like ticket systems).

We think that Envelope is so key and helpful in the way we provide support to our customers that we want to make the application service available to others.

If you work in an organization that provides a good amount of customer support or sales via email, and you have 2-20 people providing support (i.e. its more than ‘just you’) then you may find that Envelope really helps the way you manage your emails.

Read on to see if Envelope, the email-based ticket-free help desk could help your organization better managed your support and sales emails.

Got a path param like this:
@Path(“person-{oid:[0-9]+}-{person_name}”)

e.g. to match /people/person-123-alfred-back

In this case we only really care about the oid and the person_name is to just make the url more readable.

I wanted to make that name more optional (so that /people/person-123- so work, for example).

I tried:
@Path(“person-{oid:[0-9]+}-{person_name:.*}”)

That certainly worked for /people/person-123-

But it also worked for /people/person-123-alfred-back/name (resulted in person_name being asdf/name, rather than alfred-back).

So I changed it to this, which works more as expected:
@Path(“person-{oid:[0-9]+}-{person_name:[^;/]*}”)

i.e. the person name will include everything up to the first semicolon or forward slash.

I got this error from Resteasy:

SEVERE: Exception sending context initialized event to listener instance of class org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
org.jboss.resteasy.spi.LoggableFailure: You cannot have 2 locators for same path: export-{id:[0-9]+}

The fix for anyone who is interested was to clean out the old class files in the webapp (this error was a result of me renaming a JAX-RS class and having the old class left in there causing the error).

So after developing for a few months we are beginning to have an application that is somewhat functional.

Only it looks ugly (or, I may possibly get away with saying it merely looks plain).

That is because we have focused on functionality, not on presentation, layout, colors and graphical elements.

But now we need to start adding a pretty face to our application.

So I am looking for a web designer.

Our ideal designer:

• Creates clean, simple pages that look good.
• Has worked on sites with that have forms and presents data (vs. a typical ‘content’/browsing site like a newspaper site, or blog).
• Has a lot of input on application<->user interactions

We will likely want to implement everything using CSS, but given a design PSD/image/drawing we’re likely very capable of converting images to HTML/CSS ourselves.

Here are some examples of web interfaces that we ‘like’ to give an idea of the direction we wish to go:

• http://invoicemachine.com/home
• http://clearleft.com/ *
• http://sprawsm.com/work/ *
• http://www.mailchimp.com/pricing/
• http://www.zerigo.com/watchdog
• http://www.mailchimp.com/signup/
• http://webdesignfromscratch.com/web-design/web-2.0-design-style-guide.php
• http://www.joyent.com/products/publiccloud/
• http://freelanceswitch.com/
• http://shotgunsoftware.com/features
• http://www.rethinkdb.com/wiki/
• http://www.livefront.com/ourapproach/ *
• http://www.eventfinder.co.nz/add-event
• http://www.project2manage.com/tour/
• http://www.noodlebox.net/ *
• http://leevigraham.com/ *
• http://www.jingproject.com/
• http://www.instabox.com/labels/
• http://www.linuxjournal.com/
• http://www.activecollab.com/pricing/#tour
• http://www.tactilecrm.com/
• http://www.jomsocial.com/support.html

(* means web designer)