Propeller-heads Unite!

Wahoo! Summer’s come early this year!

Well, sorta. Google Summer of Code for 2007 in on! The mentoring organizations have been selected and Google is currently accepting student applications. I’m proud to say that my great employer has been selected as a mentoring organization again this year.

Google’s spending a whopping $4,000,000 bucks on the program this year! We’re talking 800 students getting paid to write open source code for some of the coolest projects in the world!

Want to get paid $4,500 to write open source code over the summer? Apply now! The student applications are due by March 24th.

No Comments »

Found this little gem in my logs today:

Date: Feb 12 07:05:33 AM
Visitor: MSIE 6.0 Windows 2000 1024×768 Nigeria (83.229.91.135)
Page: Propeller-heads Unite! » 2007 » January
Referrer: www.google.com.ng/search?hl=en&q=email address january 2007 update by name and address&btnG=Search&meta=

Wanna bet he’s looking to reach me about depositing a large sum of money in my bank account? All I need to do is give him my account number. Such a generous and conscientious chap.

No Comments »

Jyte.com is a remarkably simple, yet interesting new site (just opened up this week!) that leverages the concept of an online identity, credibility via a web of trust-type mechanism, and claims that can be agreed or disagreed, and discussion about aforesaid claims - all tied up with OpenID identity/authentication.

Jyte is just one example of how disaggregation of authentification and identity from the actual tools can be useful. OpenID (and Jyte, for that matter) are based on open protocols and interfaces that can be worked into existing or new tools. Jyte claims can be embedded in blogs or web pages or course activities. Jyet “cred” is available for other systems to use and/or display. Jyte group membership might be used by other applications like discussion groups or online courses to customize content or control access. Private or members-only claims and group moderator membership management tools are coming, so an educator could use groups to organize students into teams for a group project that uses Zoomr.com (another OpenID-enabled tool) photo sharing and hooks into a LiveJournal blog (another OpenID-enabled tool) … or … sheesh, I don’t know. There are so many possibilities that more creative people than I can dream up - and Jyte is only one example of an OpenID-enabled application. OpenID is a new and rapidly-growing protocol that is seeing explosive growth in fascinating and novel new online applications.

Plus, it’s fun. I don’t quite know why, but I’m finding Jyte strangely addictive. And quite funny on occasion:

Descartes would have a field day with that one! And, no, I have no idea who Oscar J Carlton IV is … never met ‘em!

1 Comment »

User name validation - a quick look at the Drupal API reveals exactly the function I needed: user_validate_name()

To add user name validation to the OpenID Drupal module, add the following code to the openid_create_account_submit() function immediately after the $query = $_POST; statement:
if (user_validate_name($query['edit']['fullname']) != NULL) {
$error = user_validate_name($query['edit']['fullname']);
drupal_set_message('Name is invalid. '.$error, 'error');
header("Location: " . url('openid/get_email'));
exit(0);
}

Worked like a charm. Any user name submitted when registering using an OpenID is now validated against Drupal’s internal user name validation - alphanumeric characters and spaces only. Anything else drops the user back to the name and email request form with an error telling them why the name was rejected. Slick!

Now I just need to figure out how to map existing Drupal users in the database to OpenIDs. Anyone done that before?

UPDATE: Resolved the above question. Add a record to the authmap table with the user’s UID and OpenID. Make sure the OpenID is normalized (has the trailing slash).

UPDATE #2: Updated the diff file that shows what I changed from the stock OpenID Drupal module.

No Comments »

What can I say beyond, “It works!”

Oh, all right. I suppose I could say a few things. The stock OpenID Drupal module works, but it needed a bit of improvement to be useful to us. By default, the OpenID module creates a Drupal user whose name is their OpenID. That is somewhat problematic, since OpenIDs tend to be somewhat lengthy. So lengthy, in fact, that I have yet to find a Drupal theme that handles them well. They usually either get cropped or overflow into the next column, depending on the CSS. Less than optimal.

We really want to use OpenID as the authentication for the OVSD systems. Justin and I were talking in IRC about his efforts to get it running with Drupal 5. I was feeling inspired, so last night I took a whack at it. With a remarkably-small amount of head-scratching, I was able to modify the stock OpenID Drupal module (v1.1.1) to pull the user’s full name from their OpenID profile and use it as their Drupal name.

I cracked open the openid.module file and made the following changes:

1. First, we need to tell the OpenID consumer to grab the user’s full name from their OpenID profile. To do that, we change the request from this:
   $auth_request->addExtensionArg('sreg', 'optional', 'email');

   to this:
   $auth_request->addExtensionArg('sreg', 'optional', 'email,fullname');

2. Now that we have the user’s full name, we need to store it for use later. To do that, we add a line in this statement:
   if ($sreg) {
$_SESSION['sreg_email'] = $sreg['email'];
}

   to look like this:
   if ($sreg) {
$_SESSION['sreg_email'] = $sreg['email'];
$_SESSION['sreg_fullname'] = $sreg['fullname'];
}

3. Now that we have the information we need, we can use it in the registration form. When the module gets a login request from a user not already in the Drupal user table, it prompts them to enter their e-mail address:
   $form['email'] = array('#type' => 'textfield',
'#title' => t('Email Address'),
'#default_value' => @$_SESSION['sreg_email'],
'#size' => 25,
'#maxlength' => 64,
'#description' => t('Enter your email address.')
);
$form['submit'] = array('#type' => 'submit',
'#value' => t('Submit')
);
$form['#action'] = url('openid/get_email');
$content = sprintf("<h3>Create account with OpenID</h3><p>Before logging in " .
"with your OpenID (%s), you must enter an email address:</p> %s",
$_SESSION['openid'], drupal_get_form('openid_create_account',
$form));

   So we just need to add the user’s full name to the registration form:
   $form['email'] = array('#type' => 'textfield',
'#title' => t('Email Address'),
'#default_value' => @$_SESSION['sreg_email'],
'#size' => 25,
'#maxlength' => 64,
'#description' => t('Enter your email address.')
);
$form['fullname'] = array('#type' => 'textfield',
'#title' => t('Full name'),
'#default_value' => @$_SESSION['sreg_fullname'],
'#size' => 25,
'#maxlength' => 64,
'#description' => t('Enter your full name.')
);
$form['submit'] = array('#type' => 'submit',
'#value' => t('Submit')
);
$form['#action'] = url('openid/get_email');
$content = sprintf("<h3>Create account with OpenID</h3><p>Before logging in " .
"with your OpenID (%s), you must enter your name and email address:</p> %s",
$_SESSION['openid'], drupal_get_form('openid_create_account',
$form));

4. Lastly, we need to create the user. The stock OpenID module sets the Drupal “name” field in the “users” table to be their OpenID here:
   $user = user_save('', array('name' => $_SESSION['openid'],
'pass' => user_password(),
'mail' => $query['edit']['email'],
'init' => $_SESSION['openid'],

   To use the “fullname” variable we grabbed from the user’s OpenID profile, we just need to change it to this:
   $user = user_save('', array('name' => $query['edit']['fullname'],
'pass' => user_password(),
'mail' => $query['edit']['email'],
'init' => $_SESSION['openid'],

I’ve posted a diff file that shows the exact changes from the stock OpenID Drupal module.

Security note: If you decide to use this code, be aware that there is no verification done on the user’s name yet. Whatever the user enters in the name field of the registration form is submitted directly into Drupal as the user’s name. So it’s possible there is a security/exploit issue if a malicious user puts something wacky in there. I need to wade into it the code and see if Drupal already has some safeguards in place, or whether I need to add a bit of sanitizing code to the module to ensure there’s nothing nasty embedded in the name. In the mean time, use at your own risk.

No Comments »

Yes, it’s true. Space aliens really do prefer Firefox. The evidence is on Google Maps for all the world to see!

No Comments »

The dedicated hardware for the OVSD servers came in last week. Yay! Time to have some fun wrangling the new hardware.

With Ben’s welcome assistance, we got the boxes racked up and physically connected in record time. In the past I’ve run most of my servers on Ubuntu/Debian or Red Hat/Fedora but the sysadmins at the OSL use Cfengine and Gentoo. No problem, I think, it’s good to learn new things and Cfengine sounds interesting. So the guys stuck a Gentoo LiveCD into the first box for me, I rolled up my sleeves and waded in.

I couldn’t remember the last time I’d cracked open fdisk and partitioned a system’s drives by hand. Whoa. I think it was sometime in the late ’90s on a floppy-based Slackware install. Not a bad thing, bit it was the first indication of just how lazy I’ve gotten since then. I’d just been booting of the CD, running through the standard boot CD-based utilities (ala Disk Druid and its ilk) to partition/format the drives and install the base OS. Nope, not happening this time. The bootstrapping process isn’t complicated or difficult - and it certainly didn’t require much (beyond the Cfengine-specific stuff) that I haven’t done before - it’s just I haven’t done them manually in years.

Which leads to my little “whoops!” moment. These are HP Proliant servers with Compaq RAID cards in them. Unlilke every other RAID card I’ve dealt with, they don’t show the RAID arrays on /dev/sd(x). Spent a few minutes thrashing around trying to figure out why fdisk /dev/sda wasn’t working before Eric so kindly pointed out the proper /dev/cciss/c0d0 device path. (MutterMutterGrumbleGrumble).

Once I figured that bit out, things went pretty smoothly. I like what Cfengine can do and appreciate just how much work it can save when managing multiple servers. It’s a bit arcane at first, but once I got used to the logic it generally makes sense. Now that I think about it, the same can be said for Gentoo. Logical, very granular control, not necessarily the easiest to learn for an inexperienced user, and ideal for optimizing and securing servers.

Both Gentoo and Cfengine force you to adhere to good admin practices like only installing the bare minimum services and locking down the configs. All definitely Good Things ™ like vegetables and fiber but, dang, it highlights just how lazy one can get when the distro installer and package manager do all the work. So don’t mind all that muttering coming from my cube about emerge and Cfengine configs. It’s just me grumbling about having to eat my vegetables.

No Comments »

“Gimme your wallet!” or “Where’s Waldo?” … You choose. ;-)

Thank you to the fantastic folks at Google - especially LH, Chris, and Greg - for all your work. The Google Summer of Code program is a magnificent contribution to the open source community for which we are all profoundly thankful. Thank you to all the people and organizations who participated - both in the GSoC program and in the Mentor Summit last weekend. An especially big thanks to all the hard-working (and often under-appreciated) developers out there who contribute to open source projects. Without all of you and your hard work, the world would be a poorer place.

As a first-time GSoC mentor, I found the Mentor Summit to be invaluable. I knew before the summer ended that I had not done as good of a job as a mentor as I could have. But I didn’t have a good grasp on what, specifically, I personally and what we as a mentoring organization needed to do to improve. The Mentor Summit - especially the communication workshop facilitated by Robert Spier - greatly helped me solidify in my mind some concrete steps to take in preparation for next year’s GSoC. But that’s for another, much longer, post. Watch here for more once I get my notes cleaned up a bit.

Nice work everyone! Looking forward to GSoC 2007.

No Comments »

Note to self: Try to not schedule a bunch of stuff on the next Friday the 13th

Let’s see, today I had:

1. A major dog and pony show for the OVSD stakeholders
2. The second day of GOSCON
3. A flight down to SFO to participate in the Google Summer of Code Mentor Summit

#1 of course had plenty of Murphy’s Law moments - meeting room laptop didn’t have the right software and the staff didn’t have admin access to allow us to install anything, video projector misbehavior … you know, the typical, “Hi, my name is Bubba and I be a taychnologee gooroo. Now where is that durned rodent-thing so I can show you what we done through dem Internets tubes?” kind of moments. We survived. No angry mob of teachers with torches and pitchforks chased me out of Salem, so I’ll count that as a “near miss.”

#2 …. well, stuff like that sometimes takes a while to develop. You know, say the wrong thing to the wrong person at the wrong time in the hall between sessions. That whole squishy carbon-based networking thing. I don’t think I fubared anything so I’m calling it a definite “miss” until proven wrong.

#3, however. Oh, my. Part of it I brought on myself, so I can’t blame the curse for it all (as you’ll see). But it’s damn sure … enhanced … it. Walk into the airport - flight delayed. Then Corey and I both walk up to the self-check in kiosk. He strolls right on through no problem. I, however, am told I need to see an agent. Umm … oooookaaaay … same travel agent, same flight, same everything, but I get the “special” treatment. Corey says, “I bet it’s the hyphen.” Bingo. After a lengthy and entertaining monologue involving his third wife and the phrase, “I used to be a software engineer … they dropped all those symbols to save money” from the ticket agent, we learn that yes, indeed, the system barfed because it didn’t like the hyphen in my last name. Sheesh. Off to security. Ummm … remember that Leatherman I thought I lost months ago? Found it! (yay!) In my carry-on. (boo!) Points to the PDX TSA security staff for being so friendly and patient. Individually, nothing worth thinking about. But collectively … oh yes. A palpable “hit”, Mr. Murphey.

To be fair, I did get on an airplane and, even though it was a bit late, it went up in the air, flew a few hundred miles, and came down just exactly as it was supposed to do, so I shouldn’t be complaining. Nope. No complaints here. Just a bit of chagrin and a touch of self-mockery. :-)

P.S. - After watching Wenzel play Burnout over at the Mozilla offices tonight … perhaps I shouldn’t be so sad he’s headed back to driving on German roads instead of somewhere around here. ;-)

1 Comment »

OK, Woz. I can’t believe you have the nerve to claim in this NPR interview that:

The Apple ][ always worked. It never had one bug in the hardware or software.

Dude, get a grip. I love Apple products and agree they are some of the best-designed and thoughtfully-engineered systems available, but don’t be trying to claim something so completely bogus. What’s next? You have the Holy Grail and a functional perpetual motion machine in your basement?

No Comments »