Ten Books in 2014

So I managed to read ten books in 2014.  I’m still loving my Kindle Keyboard, but I may have just about worn it out.  Something is rattling around inside, and occasionally I have to reboot it.  I read six books on the Kindle.  I read one on the new Kindle Fire that I won at Hack4Reno because it was a PDF tech book with lots of formatting and just not great on the e-ink display.  Three were good old dead tree books.  If a book is not available for my Kindle though, I will seriously just consider reading something else.  I still have a hellova backlog.  Here’s what I read in 2014:

King Harald’s Saga
Snorri Sturluson

The original biography of King Harold Hardrada, one of history’s most interesting characters. The story of his exploits, generally regarded as true, are absolutely shocking. You should at least read his wikipedia page.


 

The Dream Cycle of H.P. Lovecraft
H.P. Lovecraft

Just a step to the left of Lovecraft’s better known horror stories are, I think, his best works. They all have a pervasive mood of unease, because, I think, you can still sense something horrible is just offstage. But they are, you know, dreamy. I’ve found myself rereading my favorite, the 9 page, “Strange High House in the Mist,” at least yearly since high school. It’s lyric and beautiful and a just short of scary.


 

Infinite Jest
David Foster Wallace

But so yeah, this is how I spent my summer. 1100 pages, like 200 pages of end-notes – some chapter-long that themselves have dozens of end-notes. Crazy, encyclopedic references on dozens of subjects; Hamlet, etymology, drugs, cinema, tv, advertising, tennis, rehab, Canada, etc, on and on. This thing was insane and wonderful. It was the best book of the year. But so then, you know how you get to that last chapter of a mystery novel where the detective gathers everyone in the parlor and cuts through all the hints and misdirections and reveals the murderer? This book is like that with the last chapter missing. You just wake up on the beach with a bad hangover wondering what happened to your summer, and you have to puzzle it out for yourself.


 

The Strangest Town in Alaska: The History of Whittier, Alaska and the Portage Valley
Alan Taylor

Great book for anyone who grew up in Whittier. I learned a ton of stuff I didn’t know. My favorite bit of trivia was that when Columbus first landed in the new world, Whittier was still under about a mile of glacier. That’s crazy, but I look at Portage Glacier on Google Maps now, and it’s just about gone, and I guess I can’t doubt it.


 

Stars of the New Curfew
Ben Okri

Down and out in West Africa. It’s fun to peak into other worlds.


 

Invisible Cities
Italo Calvino

This was a fun collection of short of vigenettes of imaginary cities, as told to Kublai Khan by Marco Polo. It has that fairy tale feel of Lord Dunsany. Very enjoyable read.


 

If on a Winter’s Night a Traveler
Italo Calvino

This was a strange and difficult and wonderful post-modern book about… well about reading books. A man begins to read a book but there is a problem, and he can’t continue. He reads books alone, with a friend, out loud, a manuscript, a journal, letters, in translation, examining how those are all different experiences, always starting but but never getting to finish them. It has a little romance, a little intrigue, ten (10) first chapters of ten very compelling books, a lot of talking to the fourth wall, and it actually all comes together in the end. I highly recommend this!


 

The Autobiography of Malcolm X
Malcolm X and Alex Haley

Politics aside, this is a fantastic and vivid biography. There’s a lot of detail missing from the popular image of Malcolm X.


 

A Supposedly Fun Thing I’ll Never Do Again
David Foster Wallace

DFW’s editor sends him to report on things chosen to make him maximally uncomfortable.


 

Developing Backbone.js Applications
Addy Osmani

I love that Backbone is a very general library, and not overly-opinionated about how JS apps should be structured, but gawd it’s idiosyncratic! I can follow it, but how well can I write it? It seems like your choice of JS client frameworks is still a head-or-gut proposition. I’m going to keep practicing, anyway.

Hello Self-Employed Xmas Partiers

sapSo I went to the Self-Employed Christmas Party that The Hub threw, and did the socially-awkward-penguin thing for two hours.  It was fun, and that red wine from Craft was quite nice.  But on the way out the door going to the party, I couldn’t find my real business cards and just had some calling cards with my personal phone and a URL for this mostly-stagnant blog.  If you got here from one of those, well sorry.  This is just WordPress with the simplest theme I could find.  Give me a call, and I’ll show you something better.  Merry Christmas.

The Two Party System (Mostly Lizards)

Here’s an excerpt from Douglas Adam’s So Long, and Thanks for All the Fish.  It does a good job of summing up the problem with America’s two-party system.

“I come in peace,” it said, adding after a long moment of further grinding, “take me to your Lizard.”

Ford Prefect, of course, had an explanation for this [deletia]

“It comes from a very ancient democracy, you see…”

“You mean, it comes from a world of lizards?”

“No,” said Ford, who by this time was a little more rational and coherent than he had been, having finally had the coffee forced down him, “nothing so simple. Nothing anything like so straightforward. On its world, the people are people. The leaders are lizards. The people hate the lizards and the lizards rule the people.”

“Odd,” said Arthur, “I thought you said it was a democracy.”

“I did,” said ford. “It is.”

“So,” said Arthur, hoping he wasn’t sounding ridiculously obtuse, “why don’t the people get rid of the lizards?”

“It honestly doesn’t occur to them,” said Ford. “They’ve all got the vote, so they all pretty much assume that the government they’ve voted in more or less approximates to the government they want.”

“You mean they actually vote for the lizards?”

“Oh yes,” said Ford with a shrug, “of course.”

“But,” said Arthur, going for the big one again, “why?”

Because if they didn’t vote for a lizard,” said Ford, “the wrong lizard might get in. Got any gin?”

“What?”

“I said,” said Ford, with an increasing air of urgency creeping into his voice, “have you got any gin?”

“I’ll look. Tell me about the lizards.”

Ford shrugged again.

“Some people say that the lizards are the best thing that ever happened to them,” he said. “They’re completely wrong of course, completely and utterly wrong, but someone’s got to say it.”

Emphasis added by me.

See also:

 

Hulu sucks

Hulu sucks. Full stop. That is really all you need to know. Why?

Ads. I’m paying for it, and I still have to watch ads? I seriously haven’t waited through an ad since I got a Tivo in 2002, and I haven’t listened to an ad since my parents got a TV with a remote and a mute button in the mid 80s. I’m not paying for it AND watching unskipable ads.

It didn’t work very well on my Roku. It crashed frequently and the user interface was endlessly frustrating on any platform.

They have a bunch of idiot rules about where you can watch stuff. A lot of content only works in a web browser, on a computer. Doesn’t work on an iPad, doesn’t work on the Roku. If I want to watch the Simpsons, for example, they insist that I be inconvenienced.

Do you really even want to sell this Hulu? Or are you just there to make cable seem reasonable?

Apache with PHP-FPM, chroots and per-vhost UIDs

I’ve finally got a working config for Apache with PHP-FPM, per-vhost pools, UIDs and chroots.  There seem to be a lot of tutorials around the net to help set up FPM with nginx, but very little with Apache.  The following instructions are for FreeBSD, but they would be easy to adapt to most any OS.  This document is still evolving, but I wanted to get it out to people in FreeNode #php-fpm who have been asking for help.

Why am I setting up PHP like this??

I have been using Apache with mod_php for years, and it works, but it has a number of problems, especially in a virtual hosting situation. All PHP scripts will run with the webserver’s UID, which is crummy for security. Users’ scripts can see the whole file system. When Apache services a non-PHP requests, such as an image or style sheet, it still has to load the whole PHP interpreter, using a bunch of memory.

This setup addresses each of these issues, hopefully making PHP sites more secure, and less memory hungry. Instead of including the mod_php interpreter in Apache uses the “FastCGI” protocol to parcel requests to a long-running “PHP-FPM” server. Each website I’m hosting is has its own configuration. Each runs under its own UID. Each is chroot-ed in the owner’s home directory. Only PHP requests are handled my PHP-FPM. Everything else stays in Apache.

Let’s get to the details

We’re going to install and configure a bunch of stuff software, and then set up a chroot environment.

Install Apache 2.2

cd /usr/ports/www/apache22
make install clean

Be sure to enable suexec in the Apache options dialog.

Enable Apache

Add apache22_enable=”YES” to /etc/rc.conf and start it up

service apache22 start

Install PHP-FPM

cd /usr/ports/lang/php5
make install clean
  • Do NOT build the Apache module.
  • DO build the FPM version
  • Building the CGI and CLI versions is fine as well
  • I add the mailhead patch too

Install the PHP extensions

This is a bit of a FreeBSD-ism, that you won’t have to do on most other OSs.  FreeBSD strips the PHP port down to a bare minimum, and moves all the plugins – including the default ones – into their own ports.  The php5-extensions meta-port collects them all into one place.

cd /usr/ports/lang/php5-extensions
make install clean

Add php_fpm_enable=”YES” to /etc/rc.conf and start it up

service php-fpm start

Install fastcgi

cd /usr/ports/www/mod_fastcgi/
make install clean

Edit httpd.conf, inserting:

LoadModule fastcgi_module     libexec/apache22/mod_fastcgi.so
LoadModule suexec_module        libexec/apache22/mod_suexec.so

and setting:

ServerAdmin webaster@example.com
ServerName server_ip_address_or_working_hostname

And un-comment the “Include” directives that make sense for me.
Now append:

NameVirtualHost *:80
Include etc/apache22/Includes/*.conf

and comment out this block:

#<Directory />
#    AllowOverride None
#    Order deny,allow
#    Deny from all
#</Directory>

Yes, that super-sucks.  Does anyone know of a workaround?

I like to keep each vhosts configuration in its own file, in a “vhosts/” directory, so I append:

Include etc/apache22/vhosts/*.conf

and

mkdir vhosts disabled-vhosts

You can guess what the second directory if for.  Now restart and see if that works.

service apache22 restart

You may get a warning like “NameVirtualHost *:80 has no VirtualHosts” because we haven’t added any yet.  Nothing to worry about.

Next create a Includes/php-fpm.conf for global fpm configs that will apply to every site.  Mine looks like:

FastCgiIpcDir /usr/local/etc/php-fpm/
FastCgiConfig -autoUpdate -singleThreshold 100 -killInterval 300 -idle-timeout 240 -maxClassProcesses 1 -pass-header HTTP_AUTHORIZATION
FastCgiWrapper /usr/local/sbin/suexec

<FilesMatch \.php$>
SetHandler php5-fcgi
</FilesMatch>

Action php5-fcgi /fcgi-bin

<Directory /usr/local/sbin>
Options ExecCGI FollowSymLinks
SetHandler fastcgi-script
Order allow,deny
Allow from all
</Directory>

See if Apache likes that:

service apache22 restart

Configure FPM

Now FPM needs some configuration.  Create a directory to store per-vhost fpm configs:

mkdir /usr/local/etc/fpm.d

Then edit the global php-fpm.conf, un-commenting:

include=etc/fpm.d/*.conf

switching the listen statement from a tcp port to:

listen = /tmp/php-fpm.sock

and changing the pm to:

pm = ondemand

There are a couple different types of process manager (pm).  On demand will prefork zero (0) processes.  They will only forked when needed.  I chose this for lots of small sites.  You may want a model that suits your setup better.

Now lets create a vhost.  Given a site named “example.com” owned by user “luser”, here’s my template:

<VirtualHost *:80>
ServerName        www.example.com
DocumentRoot    /home/luser/example.com/htdocs
SuexecUserGroup    luser luser
ServerAlias        example.com
ErrorLog        /home/luser/example.com/logs/example.com.error_log
CustomLog        /home/luser/example.com/logs/example.com.access_log combined

<Directory /home/luser/example.com/htdocs">
    Order allow,deny
    Allow from all
    Options +Indexes +FollowSymLinks +ExecCGI +Includes +MultiViews
    AllowOverride All
</Directory>

FastCgiExternalServer /tmp/fpm-example.com -socket /tmp/php-fpm-example.com.sock -user luser -group luser
Alias /fcgi-bin /tmp/fpm-example.com
<Location /fcgi-bin>
    Options +ExecCGI
    Order allow,deny
    Allow from all
</Location>

<LocationMatch "/(ping|fpm-status)">
    SetHandler php5-fcgi-virt
    Action php5-fcgi-virt /fcgi-bin virtual
</LocationMatch>
</VirtualHost>

And create a complimentary the FPM pool config:

[example.com]
user = luser
group = luser
listen = /tmp/php-fpm-example.com.sock
chroot = /home/luser
pm = ondemand
pm.max_children = 50
pm.status_path = /fpm-status
php_admin_value[doc_root] = /example.com/htdocs
php_admin_value[cgi.fix_pathinfo] = 0
php_admin_value[sendmail_path] = /bin/mini_sendmail -t -fwebmaster@internal.org

Living in a chroot
So PHP’s mail() function invokes your system’s sendmail binary, usually /usr/sbin/sendmail.  From within a chroot, that won’t be available.  However, there is the further problem that even if you copied sendmail and any libraries it needs into the chroot, it will want to write files to /var/spool, and again, that won’t be available.  We need a work around.  Install mini_sendmail.  It is a sendmail workalike that you can easily copy into a chroot, and instead of writing  to /var/spool, it will make an SMTP connection to localhost.  Be sure to set the -f envelope-sender in your fpm pool config, or mini_sendmail will use your username out of the environment when PHP or mini_sendmail was compiled, at the machine name.  PHP scripts can still override it using the mail() functions additional_parameters argument.

cd /usr/ports/mail/mini_sendmail
make install clean

Create a chroot environment for the vhost:

mkdir ~luser/tmp ~luser/bin
ln /tmp/mysql.sock ~luser/tmp/
cp /rescue/sh ~luser/bin/sh
ln /usr/local/bin/mini_sendmail ~luser/bin/mini_sendmail

PHP will need a /tmp directory.  If you are using MySQL, you will need to hardlink your mysql.sock into there or use TCP connections.  If you link the socket, you need to redo that EVERY time you restart MySQL.  (I should include my rc script here).  Hard link mini_sendmail into the chroot.  And finally, PHP needs a shell to invoke sendmail.  Yes this sucks.  You can copy /bin/sh in, but chances are, it needs libraries that aren’t in the chroot.  I could copy those too, but I just copied the crunched binary from FreeBSD’s /rescue dir.  Yes, this sucks even more because it includes stuff I don’t want or need, and I need a better solution.  TODO: crunch my own sh with a couple other useful items.  Maybe use busybox for this?

Set the tmp dir in php.ini to

upload_tmp_dir = /tmp

Update #1

I had a problem with a number of server variables not getting properly translated for use within the chroot, so I added a php prepend directive to the php-fpm conf files like:

php_admin_value[auto_prepend_file] = /bin/phpfix

And then linked this file into each chroot’s ~/bin/ directory:

$_SERVER['DOCUMENT_ROOT'] = ini_get('doc_root');
$_SERVER['PATH_TRANSLATED'] = str_replace($_SERVER['HOME'], '', $_SERVER['PATH_TRANSLATED']);
$_SERVER['SCRIPT_FILENAME'] = str_replace($_SERVER['HOME'], '', $_SERVER['SCRIPT_FILENAME']);

Update #2

PHP’s streams tools (like file_get_contents()) rely on openssl for HTTPS URLs, and many other plugins (like SOAP) in turn rely on those streams. Curl seems to function just fine in a chroot, but PHP’s openssl streams require certain device nodes to function. You will have to mount /dev inside your chroot in order to use them. More on this when I get a good system in place.