Monthly Archives: June 2007

Yet another new store

Posted on by
5

I wasn’t quite happy with my online store and was pleased to see a clean, open source store released. Andy Kim of Potion Factory released his store as open source. It’s Ruby on Rails, so it was a learning experience for me to get it running again. I learned a great deal in the 2+ days that I spent getting it running, but it is so much cleaner than my old stores. Hopefully I don’t have any problems with it as I just put the finishing touches on it this morning. It’s at store.receiptwallet.com. Things I learned from installing this on my server:

  • Even though there is an RPM for mod_fcgid on Fedora Core 5 with Apache2, FastCGI still needs to be installed from the source
  • The Apache configuration for FastCGI needs to have:
        DefaultInitEnv RAILS_ENV production
    SetEnv RAILS_ENV production

    in it. The first line for FastCGI to work and the second to work without FastCGI

  • ruby-debug gem has to be installed to get the store to work in development mode and MUST be commented out to work under Apache
  • To use multiple databases in RoR, the model has to look something like:
    class User < ActiveRecord::Base
  require 'yaml'
  set_table_name "users" # we need to set this explicitly
  extra_coord = YAML.load(File.open(File.join(RAILS_ROOT,"config/database.yml"),"r"))["userdatabase"]
  self.establish_connection(extra_coord)
end

    (my pool of serial numbers is stored in a separate database and so are my users; I modified the store to interact with these other databases)

  • On PayPal’s developer site, if you want to test Website Payments Pro, you need to use a Social Security Number of 111xxxxxx where x is any number, but this number can’t be used by another developer
  • STDERR.puts is your friend. It’s great for logging stuff to the console
  • RoR running under Apache must use FastCGI in a production environment or it is way too slow
  • In application.rb, it MUST have:
    class ApplicationController < ActionController::Base
	filter_parameter_logging "cc_number|cc_code|cc_month|cc_year"
end

    otherwise you have important stuff getting logged which is bad.

  • Turn off IPN on PayPal or you’ll have an error when processing orders and people will order multiple times because they think it fails

That’s about it for now. I’ll update this as I remember more stuff so that I don’t waste time in the future and it may help others.

Thanks, Andy, for the store! While I don’t have a use for your products right now, I’ll be purchasing them anyway as your store is such an elegant solution, it is the least I can do to repay you.

Apache MultiViews option is dangerous

Posted on by
Reply

I was poking through my web logs and saw requests to pages that didn’t exist on my server and the server returned something (200 return code), so I started looking at them. I was able to hit the pages with a browser and after much searching, I figured out how pages that obviously didn’t exist could return a valid page that was slightly messed up (image references were hosed). Turns out my sites had

Options MultiViews

in the Apache configuration files. MultiViews, as I have come to find out, guesses what page to load if the page doesn’t exist. Well, its guesses are whacked. So, disabling this feature fixed the problem and now pages that don’t exist get redirected to the home page.

Doing the right thing

Posted on by
Reply

My previous rants about Sandvox may have been harsh, but as I mentioned before, I see so much promise in it and the sites it creates. I want to offer an apology to the authors; they, like all software developers, do their best to create good products.

Karelia has made things (financial) right with me and I applaud them for that. I did find out that they offer a 30 day money back guarantee, but I wasn’t going to take them up on that as I wouldn’t feel right about getting a refund for a product I still wanted to use. They’ve given me a complimentary copy for my work in tracking down the SFTP issues (I hope the fixes work for others) and I really do appreciate it; my whining wasn’t to get a free copy, it was simply to express my frustration in getting my site uploaded.

Thanks Karelia and keep up the good work!

Another Sandvox bug

Posted on by
Reply

So this is my week to beat on Sandvox. I think the product has great potential, but still needs some work to do a basic website (my website isn’t all that complicated). Yes, I am reporting the bugs I find.

The first bug (which their support guy has reported with my test site) is that I can’t create links for pictures. Minor inconvenience, but all my links (except for screenshots) are text.

The second bug is that for my site logo, I made a 200×128 graphic (that’s what the box says the size should be). If you look closely and flip through the pages on the design I chose, the navigation bar height changes by a few pixels. Most people wouldn’t notice, but that’s the kind of person I am. After thinking that my site was hosed, I rebuilt most of the site (took over an hour) and had the same problem. I then tried logos that were smaller than 200×128 and didn’t have the problem. So, I made my logo 200×120 and the problem is gone. While not disastrous, very annoying.

So where am I? My site works and I’m moderately pleased with it. I think the look is cleaner than before. Next I have to hack on my store to clean it up. I wish I had a better store system, but for now, it will do.

New website uploaded!

Posted on by
Reply

After many days of fighting Sandvox and its underlying Connection Kit framework, I’ve managed to upload my website. All my uploading problems stem from Connection Kit’s poor implementation of SFTP. What basically happened is that the SFTP implementation was bolted onto the libssh2 library. Like most UNIX libraries, libssh2 uses UNIX socket calls such as recv, write and writev. Connection Kit is based around Apple’s stream calls with queued writes and basically non-blocking reads. So Connection Kit tries to merge the 2, but does a poor job. Apple’s stream calls actually give access to the UNIX sockets, so write, writev, and recv could have been used. I removed the hacked up write calls so that write was used, but when I tried to use recv, things got strange. I ended up changing the buffer size to 16K (from 32K) prompted by a comment in the code:

#warning this byte range was really out of hand for Terrence

The reason the byte range is a problem, as far as I can tell is that at some point down in the libssh2 library, it calls Read which is mapped to a stream call and doesn’t properly handle blocking calls.

So, what have I learned from this fiasco:

  • Sandvox produced a website that I like
  • Demos of programs should be time based and not feature limited; if this was the case, I wouldn’t have spent $79 and wasted days on this program
  • Open source sucks; there is a ton of open source code out there developed by anyone that wants to put out code. The quality of the code is sometimes suspect; while some parts may be good, there may be problems that are hard to solve. I’ve been in the same boat before using open source code without fully understanding how it worked and it has bit me a few times.
  • Open source is great; since the underlying framework was open source, I was able to examine it, find the flaws, and patch it (note I didn’t say fix as the SFTP stuff needs to be rewritten or at least thoroughly reviewed)
  • My blogging isn’t completely useless; I did get a response from one of the authors of Sandvox
  • I’m stubborn (OK, I already knew that). Most people would have given up and asked for their money back. I still should ask for my money back as I probably spent 10-12 hours on this at say $75 per hour (cheap engineer), that puts my time investment into solving their problem at well over $750.
  • The Apple Design Awards are only about pretty pictures; a friend of mine told me that someone at Apple kept raving about Coda’s leaf icon. I like Coda and think it is a decent app, but hey, it’s a website editor. In fact, several of the ADA winners were web design apps. Maybe if I want to win, I’ll have to do a web design app. Maybe I’m just bitter about ReceiptWallet not winning. (Hey, Apple, send me my scanner back!)
  • People don’t care about security or don’t have SFTP access to upload their website. Having SFTP pretty broken for one of 4 transport mechanisms seems kind of odd. My SSH server is sitting on a gigabit ethernet link to my machine and is a standard OpenSSH install, so it couldn’t just be my server.

There’s probably more that I’ve learned, but I can’t think of it now.

So, am I done with this? No, I have to redo my site because there are several bugs in Sandvox that are causing me problems. First off, the navigation bar is a different height in the main page and all sub pages; I can’t reproduce this on a new site, so something got hosed when I built it. Also, I can’t select a picture and create a link once I’ve entered my text. In addition, the text editor only sometimes supports undo. If I drag in pictures, things get kind of wacky.

I really need to stop trying to do my own website and hire someone to do it. It would save me a whole lot of time and frustration.