I know these people well, and I know they don’t know much about technology.  I don’t know their granddaughter at all, but since she has no backup I assume that she’s not real savvy.  I really don’t like doing these things, but it’s for a friend and I understand the hardship this can create.  I also understand how much a repair shop would charge for this, and it wasn’t going to be pretty.

My guess was a virus finally destroyed the boot record, or some DLL and now refused to boot.  My idea was to boot from a CD, find the files,  copy them, and call it done.  However, it had been a while since I have done any search-and-rescue operations, so I started looking for the latest tools — meaning,  a Linux CD to boot with and to move those files off.  My choice, however, didn’t actually matter.

I got the laptop a couple of days later and verified that nothing came up on the screen.  And by nothing, I mean the light of the display as well.  “Odd,” I thought. I looked at the case and noticed that it was horribly cracked around the hinge of the screen. That means that it wasn’t an OS problem — the screen was broken.  A call to the granddaughter confirmed it, “Yeah, I dropped it a few times.”  My advice: “Don’t do that!”

So this is a bit of a different animal, but didn’t seem so hard. I hooked it up to a monitor, thinking that the VGA port would still work. Nope, no luck. No amount of switching the input would help it.  I guess all those drops ruined the port as well.

Now I was back to square one. I mucked around with moving the screen and could, as some points, get the screen light up so I could see the login screen. It may have only lasted a second, but at least it lasted.  After some toying around, I figured out if I left the laptop on the floor and moved the screen back as far as I could, I could see it well enough to log in.  After that, my plan was to install TightVNC, log in remote, and copy the files.

This was thwarted by the simple fact that Windows Vista couldn’t find my wireless network! No kidding!  It never ever listed it!  Maybe it was from the position the laptop was in, but I couldn’t move that because I knew I could see the screen consistently while sitting there. I then realized that this laptop had a CD burner on it. I got a blank CD, slipped it in, and burned a copy of the My Documents folder.  I barely had enough room but I got them all.

But then, of course, my MacBook Pro refused to read the CD!  So I went to the Linux box  I have and it could read the CD well  enough.  Then I uploaded the files to my Dropbox account, shared the folder with owner, and then I was done.

From their website:

Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

Why DBAN?  It seems faster, has more methods, and has a nice little package to install everything. If you still aren’t trusting, then simply smash your drive with a hammer — sounds strange, but it will work.

• Who knew that Microsoft Security Essentials was really that good? I would have never thought that.
• I agree with being very careful with Admin rights and only use them when you need to.  Nothing else gives you more security headaches than some malware installed as Admin.
• Revo is a good thing!  Most Uninstallers leave lots of stuff behind.
• I’m glad to know that defragging is finally going away in the Windows 7/Vista world and beyond.  It’s been around too long.

Maintenance on your PC is something you need to do,  just like you need to do dishes, take out the garbage, etc.  Do it regularly, before things start smelling, er, crashing.

I’m not sure how I stumbled onto it — I think I was reading something at Ars Technica and saw a link for this article about Mozilla Weave.  I never heard of it before — it sounded interesting.  After a month of heavy use, let me just say that it’s not just interesting — it’s downright, wicked cool.

Let me tell you my pattern — I use FireFox in two places: Work and at Home.  Many times I wish I stumble onto a site I want to read at home.  Usually I just save it to Diigo. But sometimes I forget.  The biggest annoyance is passwords. Yes, I save a ton of website passwords in FireFox.  But it stinks when I save it on the home machine but want to get into my account at work, and I can’t remember what password I used there.

Weave solves all these problems.  And ones that I didn’t know I even had.

So now when am I work, I don’t worry about saving an address to Diigo just so I can read it at home. Instead, I do nothing special.  When I go home, I start FireFox, I wait about 15 seconds and I see that it starts to sync. After that, I have all my history from my last session.  Yes, you read that.  All my history from my work browsing session.  Oh, and if I setup a web account during the day at work and save the passwords, that is synced too.  Preferences?  Check, but in a smart way. Like my proxy server config from the office is not moved to home.  That’s a good thing.  Bookmarks? Check. Yes, I still use bookmarks and I probably use them more now because they are synced between my machines.

A neat feature is tabs.  Yes, tabs are saved across browsing sessions on different machines.  So if I want to quickly see what I was looking at last night at home, I can go to History-> Tabs from other computers while at work.

Many of you may be thinking. “How is this different than FoxyMarks/XMarks that installs spyware and publishes your web history?”  Well, not only does Mozilla not publish or track your history but they also encrypt all data with a passphrase of your choosing. So, yeah, they thought of that too.  If you are truly paranoid you can setup your own Weave server.

So I think it’s worth a go, especially if you are still using FireFox instead of Chrome (which I still am on the fence about, but that’s another discussion.)

Note that you don’t pay $9.95 when you need to download it — you pay $9.95 up front and maybe you will need it. Or maybe you won’t.

What a rip-off!  Symantec should let you download it as long as that version is current — not just 60 days.  It really costs them little money to store a file on a server these days.

So I’ll tell you how you can keep your software available for a year — or longer — for a lot less money than $9.95.  Just burn it onto a well-labeled CD and put it in a safe place.  If you think you will lose it, then setup a free account at DropBox and upload your file there.

Please, don’t let Symantec still your money!

I tried it and I liked it. But it didn’t have everything that I used. But, heck it’s on github — easy forking.  So I did. My changes are:

• Change the xiong-chiamiov-plus theme to use vcs_info instead of being git-specific.  Gave the new theme the original name of mikeh.
• Option to configure a terminal with strange settings (labor intensive on the first run, perfectly wonderful after that.)
• Will automatically rehash the path, so new commands will be found immediately
• Added realias to quickly make a new shell alias/function (EDITOR env variable required)
• Removed upgrade checker (I don’t expect you to trust me)
• Share history with your zsh’s on the same host

More changes coming as time permits.  Enjoy!

Both BaseCamp and HighRise are excellent tools. You’d be remiss if you didn’t at least try them out.

2009 was a memorable year for a lot of people, as it was for the Hostetler house for several reasons.  For my little LLC, though, it was all really good.  I was as busy as I wanted to be — usually busier.  One surprising thing was how busy I was — there were really no lulls yet I didn’t have to market myself at all.  My customers usually found me, or at least inquired about getting help from someone.

What did I do the most of?  Nothing. Or, really, everything.  Including:

• PHP
• Django/Python
• JavaScript
• Networking
• Linux Administration
• SCO Administration
• Window Vista
• WordPress consulting
• Web Design
• Database Design
• eCommerce
• SEO

I did more of some things than others, of course.  But I still dipped my toes into each and every thing on that list.  Amazing, huh?

Thanks for a great first year — the shingle it out. Let’s keep it going.

But PHP the Platform is much more interesting to me. You can deploy PHP applications in just about any cheap web host solution. Run it inside of Apache via mod_php or maybe under FastCGI — doesn’t matter. It really is a write-once, run anywhere language. And lots of big applications use it — WordPress, Joomla, osCommerce, etc. You may not like the Language, but since it is married to the Platform, the Language is here to say.

I’ve mucked with CakePHP a time or two. It’s an interesting project to say the least. It’s a web development framework a la Ruby on Rails or Django, but for PHP. It strictly enforces the MVC pattern, which leans itself to more maintainable code. But, unlike RoR or Django, the Views are not written in a whole new templating language, but in PHP itself, and it gives you the objects that have your data in it to display.

Another interesting thing about CakePHP is how it creates Models. In RoR or Django, you create fields in Model objects and then run a script and it creates the database for you. In CakePHP, you just name your model appropriately and, when CakePHP needs that Model, it does a DESCRIBE on the table and populates the data points accordingly. This is good and bad — it means your database is the king. It also means that you have to follow strict set of conventions or configure everything in your Model object as to what is what. This means that you could use CakePHP with any database structure — in theory.  More on conventions later.

Anyway, CakePHP has been in the back of my mind for a year or so (at least) when I got approached with an opportunity to do a POC of a simple CRUD application. The POC would be hosted on a cheapo shared hosting provider, so anything like Django or Rails was out. So I dug out CakePHP and finished the POC. When it was over, the customer liked it and we really discovered what he was after — and it wasn’t just a simple CRUD application anymore! When we were specing it out and decided that the customer needed to get some high-quality, dedicated hosting, I asked if we wanted to write the real thing in Django or RoR. It was decided no for the simple thing that PHP developers are much easier to find. If I was unavailable and fixes were needed, they could easily find a PHP developer to do it. Not necessarily so with Django and with RoR (though I think there are more RoR developers than Django, but there are still more PHP people out there!).

So I put CakePHP through some tests and am still using it. Is it my favorite? No — that’s still Django. But it’s very livable, especially under the constraints I was in.  And, hey, it’s making PHP relatively painless to code in, and it’s not even making me feel dirty.

One thing nice about CakePHP is their console application, although they don’t tell you about that until you are on page, like, 100 of their docs. There is no mention of it in their tutorial! Blech!  It’s pretty easy though:

cake bake <name>

which will bring up a menu and you choose Model, View, or Controller.  You can also do:

cake bake model <name>
cake bake view <name>
cake bake controller <name>

More information here.

One thing about CakePHP that bugs me (and, actually, it bugs me about RoR, too) is that the naming conventions aren’t conventions I would use.   I finally  found this page which explains all the conventions in on place.  Also notice that it’s on the last page of their documentation.

This seems sort of a mixed review, but it’s not.  If you are working on a PHP application from scratch, it would behove you to at least look at CakePHP.  I like it — for PHP.  Would I rather be doing Django? Yes — but I can’t always be able to do that.  It’s good to have a framework on a ubiquitous, yet annoying,  language.

A long time customer got back in touch with me.  A web app he’s been working on was getting ready to go prime time and they ran a security audit on the server. That audit found several things wrong, and strongly recommended an upgrade to PHP 5.2.10.  As of this writing, PHP 5.2.10 was very new and Debian testing didn’t even have a package for it yet.  So I fiddled around and finally found did the right combination of pinning to install PHP 5.2.10 from unstable.  If you are thinking “Yikes!” then you are already ahead of me.

The next day, I get an email saying that their webapp just stops.  I get on and, sure enough, sometimes, randomly, you get a blank page.  Not a 404, 405, or another error — just a blank white page.  A reload it works fine.  I checked out /var/log/apache2/error.log and see tons of messages with the following:

[notice] child pid 24483 exit signal Segmentation fault (11)
[notice] child pid 24485 exit signal Segmentation fault (11)
[notice] child pid 24481 exit signal Segmentation fault (11)
[notice] child pid 24489 exit signal Segmentation fault (11)

Oh, that’s bad.   Playing around with it demonstrates that the seg fault happens when the page doesn’t show up — just like I thought.

Now I get into detective mode and try to figure out what the heck is going on.  I found DotDeb, which makes fresh Debian packages for older releases — like PHP 5.2.10!  But the installers of that package was having the same problems I had.  By careful reading, it seems that Debian installed at least part of the Suhosin patch and that seems to be culprit.  Users commented that disabling it seemed to stop the seg faults — but how do you do that?

I looked at the configurations in /etc/php5 and there was a file in conf.d called suhosin.ini, but no mention of it in the main apache2/php.ini file (the main PHP config for Apache2). In a lark I moved suhosin.ini to suhosin.ini.bad and restarted Apache.   And the problem when away.  Like magic.

This is the problem when you are forced to always have the latest and greatest tools. And PHP is a hard one — you are always chasing your tail with it’s security.  But it really should “just work”.