Using SendMail and SELinux on RHEL-based distros

If you’re using SendMail in Linux and have SELinux installed, you may find emails are not being sent. More specifically, you may notice errors appearing in your /var/log/httpd/error_log file:

chdir /var/spool/postfix: Permission denied

SELinux is known to cause unexpected behaviour with many server functions if the defaults are left configured – in this case, Apache doesn’t have SELinux permissions to send email through Postfix.

Check whether this really is the case by issuing the following command in a bash terminal:

/usr/sbin/getsebool httpd_can_sendemail

The expected response will be (depending on the current setting):

httpd_can_sendmail --> (on|off)

If it is off, this can be changed to on by issuing:

sudo setsebool -P httpd_can_sendmail 1

-P in the command sets it to persist, which will retain your setting change when you reboot.

An exciting announcement

WARNING: This post is full of soppy, sentimental content. You have been warned!

Today was a very exciting day for both me and my wife.

My beautiful wife is currently 20 weeks pregnant, and today we went off to hospital for her scan. Those things are really quite amazing – they take your breath away in an instant when you’re sat there looking at your unborn child moving around, its little legs curled up and its hands waving around. The way you can see your baby’s heart beating, and the way the sonographer can actually tell body what is what. I know they’re trained to do that, but they move along at such a pace.

To think that in just over 4 months I’m going to be holding our developing baby in my arms. Those scans are just one amazing way of bonding with your baby in one way or another, even though it hasn’t actually arrived yet.

As it was the 20 week scan, we were asked if we wanted to know the gender. It’s something we have been waiting so long for, and of course we said yes. We were hopeful for a girl, and had gut feelings it was a girl – but if it wasn’t, we wouldn’t be bothered. As long as it’s healthy.

“It’s a girl,” said the sonographer. Big smiles all around :-)

I’m sat here 9 hours on, and still don’t think it’s quite sunk in that we’re having a girl. We already have a name for her, and I’m really, really looking forward to seeing her next year.

Roll on March 2014.

Remote database administration security

I’ve experienced a few cases recently where website owners have requested some work, FTP and MySQL details have been requested and for some reason, remote access to the MySQL database via a GUI such as Navicat or Sequel Pro has been disallowed. Instead, the hosting provider or website owner has insisted specifically on the use of phpMyAdmin, and very often this is for “security reasons”.

This statement alone worries me. phpMyAdmin, as the name suggests, is an administration panel for MySQL written in PHP. It can run on any web server running PHP, and allows a database admin to administer a database from anywhere. It is also open-source and used on a variety of systems, making it a good, useful target for opportunists to look for vulnerabilities, exploit them and potentially access your data.

Remote access can be restricted to certain IP addresses, either via MySQL user accounts or a firewall on the network. It’s really simple to do, and will provide far more security than using an open source application, simply because if done correctly, only the IP addresses specified will be able to connect to the server.

The verdict
phpMyAdmin is a great tool for quickly accessing a database and running small updates. In terms of efficiency, it’s going to fall flat on its face for anything more than an update here or there. Use remote access in conjunction with correctly configured firewall rules and MySQL user accounts to securely access your data.

For extra security goodness, and if your hosting provider allows, use SSH when connecting to MySQL to ensure your data transfers are encrypted between computer and server.

Why drummers post videos on YouTube

I recently had a comment on one of my YouTube videos asking why I would put covers on YouTube, as “1,000,000 other people in the United States can do that.”

Of course, the first thing that is so great about YouTube is that it’s not just limited to the US. I’m from the UK, so maybe 1,000,000 other people in the US can do it – I’m not one of them! ;-)

There are a number of really good, really constructive reasons why drummers and other musicians post their videos on YouTube. Let’s look at the obvious first:

Audience
The YouTube audience is massive. More than 1 billion unique visits per month. Ironically for the commenter, 70% of YouTube traffic comes from outside the US. Both part of a collection of statistics found on YouTube’s “Statistics” page.

Recognition
Tied in with the audience factor above, there are always people scouting YouTube, looking for that next big thing. Imagine if today was your lucky day! Certainly happened for Justin Bieber…

And now on to the less obvious…

It’s like a personal log
People improve with any skill when they practice. Over and over again. Having videos as you practice can help you see your progression. It can also help you see where you’re going wrong and where you need to improve.

So many other people do it
This was the point raised in the comment. The comment was posted in a negative, trolling fashion (and I’ve looked at the other comments by this person to other people – said person really does come across as a troll!) However the fact that so many other people do it is a massive benefit to any drummer – personally I watch other drummers before I embark on a cover attempt or try to learn something new. Just by watching people’s techniques you can quickly build up your skills and learn new techniques – and it hasn’t cost you a thing! My next cover video – filmed yesterday – is a cover of Paramore’s “Now”. It’s taken me around 14 hours to learn, refine and film the song on the kit, but if I had to do it all from ear it would have taken so much longer.

Community
The fact that YouTube allows comments on videos means that you can establish a community with people from all over the world, who have similar interests to you. Comments allow you to post constructive feedback to fellow drummers and receive constructive feedback from others. “The sticking at 0:45 isn’t quite right” or “I think there’s a triple bass hit at 2:11″ for example. Another resource to help you learn, refine and improve. Maybe when you listened to the song the first time you missed that triple bass hit, but after seeing the comment and listening back over the song, it’s blaringly obvious.

YouTube is… free?
There’s nothing better than utilising freesources to their full potential – for you. Other people may not benefit and it may take you a while to become established or to find benefits yourself. Certainly the biggest benefit – and inspiration – to me is Cobus Potgieter. He is a drummer that – you guessed it – became “famous” by posting drum covers on YouTube. He’s certainly one of the most talked about YouTube cover drummers on the site, and has done some great things that I am really envious of. It takes serious dedication to fly out complete strangers who have auditioned over the internet to a recording studio, and record an album with them. This formed the band Ventura Lights, and they’re actually pretty good! The cover this comment was placed on was actually a competition entry relating to their band, and is clearly written on the video biog. I guess some people just don’t like reading! :)

My music
I’ve been playing music since I was very small. I find it difficult to write my own original content, but I enjoy simply playing music. There are so many talented artists out there who are able to use their instruments to produce outstanding pieces, over so many genres, and one day I would perhaps like to write a piece or two. My channel is over here, if anyone wants a listen!

MVC Frameworks: The Final

…and semi-final, and heats. All in one post.

I’ve spent a lot of time recently looking at MVC frameworks. PHP ones. And when I say a lot of time, I don’t mean I’ve obsessed over the subject like it’s the difference between life and death. Maybe.

Truth is, there are so many PHP frameworks out there and so many “mainstream” ones that all claim they are the best. And maybe they all are… in their own way. However what they all assume is that you – the developer/user – will be willing to conform to the ways and opinions of the developers behind any one framework.

I personally think that a framework should be a means to get up and running quickly. It should be lightweight and flexible enough to allow plugins to be easily installed and used, and easy enough to learn so that you can write your own. It should be secure. It shouldn’t, then, require a CLI script to install a new website, requiring pages of documentation to get you up and running. It shouldn’t, by default, contain every function and method known to man – realistically you’re only going to use 1% or so of those functions. It shouldn’t be so strict that you have to effectively learn a whole new “language” to get going. I want to be able to download the latest release of a framework, drop it into some web space and get going.

Looking at all of the frameworks on a list I found here I decided on CodeIgniter. Why? It was the most flexible framework out of all of them, and allowed me to simply drop in the files and get developing. I fancied a stab at CakePHP, but when I couldn’t even get their built-in authentication module to work I gave up. Using a framework shouldn’t be that complicated!

The other reason my choice rested on CodeIgniter was because, as part of a team effort, I have been involved in writing a PHP MVC framework at my job. I wrote the core code for the framework before everyone else joined in and started writing plugins and adapting the core to our needs, but this framework was loosely based on CodeIgniter. This meant that it was a natural progression from a custom-built framework to a mainstream one, as I already had a good idea of the structure requirements.

I’m not saying CodeIgniter is for everyone and people will have preferences of the other frameworks. But I am saying I think it’s worth a developer looking closely at the different frameworks available before settling on one – choosing the wrong framework could mean extended development times or limitations if you can’t work out how to do something in the chosen framework.

My first potential PR opportunity

Today I received an email with a rather interesting start:

I know you have recently been emailing Xenios, our CEO. I wondered if you’d be interested in being a case study.

I’ve been a member of a site called PeoplePerHour for quite some time as both a “buyer” and a “seller”. It took a while to win any work on there, but I’ve been able to win a few small coding jobs recently and am building up a portfolio – regardless of whether most of the jobs I’ve won are small slide-and-code-email jobs, they’re still jobs.

So these case studies get posted to their blog, which is great in itself. With over 300,000 service providers on the site that’s a hell of a lot of exposure! They also posted a couple of links to news articles where case studies have been used, including one from the Daily Express online. Incredible exposure!

I told Holly I wanted some kind of media exposure by the end of 2015 after seeing Twitter contacts getting interviews in .Net Magazine, but didn’t expect the opportunity to arise so soon!

Obviously I said yes, so am now awaiting a question set from them to complete and send back. Very excited by this prospect!

Raspberry Pi, anyone?

I’ve had a Raspberry Pi for a while now and been using it as a cheap web server to host my projects and various files on. I realised, after three power cuts in a row and a corrupted operating system, that these things don’t really enjoy just having the power snatched away from them. Advice people – get a UPS if you want to use this thing as permanent server!

NOTE TO SELF: I really need to do this. Before the next power cut screws up my OS…

So anyway, after restoring the operating system and Samba configuration to its previous state, I started to wonder if I could also utilise it to be an iTunes server. Bit of a pain in the neck sitting at my desk on my iMac, streaming my music from my MacBook over Home Sharing… not to mention inefficient as far as energy usage goes.

I started reading up on the best ways of achieving this and decided there were two viable solutions: DAAP or SMB. DAAP is the protocol properly optimised for this kind of application, so you can kinda see where I wanted to go. Two OS reinstalls later and I decided it just wasn’t going to work (good ol’ Linux, eh?) so opted for SMB instead. Not so elegant, but if I could get the job done…

Media files went onto the USB drive on the Pi, then config for the SMB share done and tested. I could pull the media over the network into both iTunes installs on MacBook and iMac (taking care to not copy into iTunes libraries… actually that’s a slight lie. The MBP is set to copy so I can take my library on the train with me every day). Test… worked.

What’s so great about this solution is that I don’t have to worry about connecting to shares or authenticating… if I’m not connected to the media share when I open iTunes and hit Play, it will connect for me and just… play! All my media in one single location… to complete it, I just need to get iTunes to check the media location for new files automatically. Shouldn’t be too difficult…

Why LinkedIn endorsements aren’t valuable

Has anyone had a flurry of emails in their inbox, “Contact name has endorsed you!”? Yeah, me too. But what does it actually mean, and is it actually worth anything?

Latest statistics show that some 10 million endorsements are being recorded on the site every day.  Well, that’s 10 million extra clicks on the site every day they didn’t have, but a lot of endorsements I have received lately have been from people who don’t actually know my full skillset and certainly haven’t seen me use the skills they have endorsed me for. It’s kinda turned LinkedIn into a popularity contest – are people endorsing to try and get endorsements back to look more… popular? The lack of proper, validated endorsements (meaning, by people who know me and know I am perfectly capable of the skill) says there is no value. On top of that, how does an endorsement tell someone what level of skill that person holds? I might be capable of programming in PHP, but am I an expert or do I only just scrape the barrel?

A lot of people I’ve talked to or read posts from (and indeed LinkedIn themselves) have said you should only connect on LinkedIn with people you actually know; personally I feel that goes against the point of the site in the first place. Call me a bluff old traditionalist, but if you go to a business networking event would you only give your card to those people you already know? No, of course not. So why follow the same ethos on a business networking website?

My personal thoughts on LinkedIn as a whole question the very purpose of the social networking service. Granted the site has been around for a while, and I’ve been on it for quite a few years. But in those years I’ve been a member, I have only ever had one action that could be considered useful. Only the other day actually – asking me if I would be interested in contract web development work in Slough, working for Amazon. Aside from the fact I would never give up my permanent job for contract work and an unsteady future (family requires stability), the potential usefulness of that one message outweighs the scores of endorsement emails I’ve received since September.

High availability web applications, and how to optimise them

There comes a time in a serious web developer’s life, where he/she will have to deal with a high availability web application. For many, the sudden realisation that their code will no longer cope on the server it’s running on is normally met with, “what next?” I asked myself this question three years ago, when a group of websites I develop and manage outgrew a couple of dedicated servers they were hosted on. They were two separate servers with two separate providers, with round robin DNS as a means of load balancing. Pretty poor config.

You may have heard the terms “horizontal scaling” and “vertical scaling”. Vertical scaling is the practice of adding more resources to an existing server – more RAM for example. The reasons for this should seem obvious. Horizontal scaling means adding more servers rather than resource as such; the idea being that requests and work can be shared out among multiple servers, reducing response times (assuming a well thought out structure and a good load balancing solution is in place).

Currently, the group of websites I mentioned earlier runs on three load-balanced web servers – none of them host any databases – instead, this is done on a completely dedicated database server, and it works really well. Of course, there’s more to just setting up a bunch of servers and a load balancer, and hoping they work. For example, how are you going to control file updates within the server cluster? I use rsync on a scheduled script basis and only upload to one server but it’s worth making sure you only rsync relevant directories. For example, should you set it to copy log files? In my honest opinion, the answer here should be no – you would get mismatched data and it would make your life very difficult if you needed to diagnose issues with a specific server in your cluster.

It’s not just about servers.
Okay, so hardware is one hurdle. Of course, horizontal scaling means your code has to be scale-aware as well. In a PHP application, by default if you use sessions ($_SESSION), session data is stored in flat text files in a temporary directory on the server. Unless you’re rsyncing this directory (don’t, it will get messy), you will need to look at a session handling method that all of your servers can use. Two solutions here spring to mind – set up the temporary directory to be a shared directory available to all servers. The other (my favourite, and the one I have deployed) is to use a database session handler. Be aware though that the session database tables used in a HA application will be heavily used, and so will need appropriate configuration and indexing to ensure it doesn’t become a bottleneck.

Once you’ve tackled scaling of the code, you should then start looking at optimising your code and databases. Could your database tables benefit from more indexes? Yes indexing increases disk space, but this is a relatively cheap commodity compared to an extra second or two for your application to load a feature, because you didn’t index your database properly. What about database queries – are you pulling out more data than you need? Are you running more queries than you have to? One thing I learned last year was Foreign Keys in MySQL. Previously, if I was deleting records in a relational database I would be running a query to delete data for each table. Foreign Keys allow you to set up relationships and cascade those deletes, so one delete query to the parent table will crank up the database server and automatically process the other deletes for you.

Code optimisation.
Next comes image optimisation, minification of CSS and Javascript, and optimisation of your server side code. Consider:

$x = array(1, 2, 3, 4, 5);
for ($i=0; $i<@count($x); $i++) {
 echo $x[$i]."\n";
}

This is perfectly valid code, and will produce the following output:

1
2
3
4
5

However, if you look closely at it there are two flaws. Firstly, it is using inline error suppression (the @ sign before a function suppresses any errors PHP might generate for said function) – this slows down your script a little which would be fine in a little used application, but many of them in one script will cause slowdown. The other one is the use of the count() function in the for() line. This function is counting the number of elements in the array $x every time the for() loop iterates. This is a waste of server resource. A better way to write this would be:

$x = array(1, 2, 3, 4, 5);
$xCount = count($x);

for ($i=0; $i<$xCount; $i++) {
 echo $x[$i]."\n";
}

Never stop optimising.
Tuning your application is like a car enthusiast tuning a car. There’s always some tweak you could make that might get a little extra performance. For example, today I calculated that the bandwidth that I could save on a HA application I built, simply by using a Google CDN hosted version of jQuery, was close to 20 GB per month! Naturally, I have now switched it and am awaiting bandwidth reports to see how it has affected it. I’ve also enabled more aggressive image caching across websites by using .htaccess modifications.

One of the next forms of optimisation I will be making is using gzip compression to reduce the bandwidth usage further – this compresses data on the server before sending it out so impacts the CPU, but reduces bandwidth consumption. It’s a trade off, but when your server cluster is pushing upwards of 2TB a month on just three servers, it may be a compromise worth making!

Monitoring changes and progress.
How do you know whether your changes are working? Keep an eye on CPU utilisation and memory usage on the server, hard drive wait times and review bandwidth graphs. Use free services such as Google Analytics, and download the PageSpeed Chrome so you can check whether your page load times have improved.

It’s a lot of work and something that should be done on an ongoing basis. Your ultimate aim is to keep those applications online at all times. Finally, you should change one thing then review – never make multiple changes at the same time, as you don’t know for certain what provided the biggest benefit.

Holly’s Jewels letterhead design

As part of the ongoing campaign to propel my wife’s startup to success, I have finally been able to put together a letterhead design for Holly’s Jewels. I’ve applied the programmer’s analogy KISS here (Keep It Simple, Stupid) – so you won’t see any fancy clipart or jewellery photographs here.

Letterhead design for Holly's Jewels

Letterhead design for Holly’s Jewels

I’ve also opted for a little branding appearance change since the branding used on the leaflets won’t work here – rather than a swooshy purple line dividing the white/deep purple backgrounds, I’m now using a simple double-vertical line in the purple and blue colours the logo uses for the vital contact details. The purple line is wider than the blue, replicating the font size differences between the two colours in the logo. I think it will be interesting to see how that will work on literature footers, and whether I might have to rethink the swoosh entirely – although I still want a divider between literature content and contact details.

This has been designed for the sole purpose of using the letterhead as pre-printed stock, rather than writing letters on a letterhead template in Word, and it should also help to keep overall printing costs down as letter contents can be printed on a mono laser printer, rather than having to put the whole document through an inkjet.