Apache + SSL + SVN

(Feb 26, 2008)

(previous posts:
1. Apache+OpenSSL
2. SVN + Apache
)

From my two previous posts above, I discussed about SVN + Apache and Apache + OpenSSL separately. Now, it's time to put things together.

There are two possibilities for doing this. First, we may allow users to use SVN in both secure and insecure manners. Second, we may force users to only use SVN in a secure manner.

If we want to allow both, we put SVN configuration outside secured virtual host. If we want to enforce secured SVN, just move the SVN configuration inside secured virtual host configuration.


Note: the SVN configuration I mentioned is

<Location /super_angel>
 DAV svn
 SVNPath E:/svn_repos/super_angel

 AuthType Basic
 AuthName "Subversion Super-Angel repository"
 AuthUserFile c:/etc/svn-auth-file

 Require valid-user

 AuthzSVNAccessFile c:/etc/svn-acl
</location>

OpenSSL กับ Apache

(Feb 26, 2008)

สำหรับการติดตั้ง Apache 2.0 บน Windows ที่เราต้องการทำ self-signed certificate เราควรจะเริ่มจากการดาวน์โหลดแพคเกจ OpenSSL สำหรับนักพัฒนามาจาก http://www.slproweb.com/products/Win32OpenSSL.html

(ที่ต้องใช้แบบนักพัฒนาก็เพราะว่าเราต้องการที่จะ sign certificate เอง ถ้าดาวน์โหลดแบบ light เราจะ sign ไม่ได้
Note: if we do not use a developer package from http://www.slproweb.com/products/Win32OpenSSL.html, we might encounter a problem when we want to sign a certificate since it will look for a file bss_file.c in ./crypto/bio ... which is not available in a light package.
)

หลังจากนั้นเราก็สร้าง key กับ sign certificate ด้วยตัวเองด้วยคำสั่ง
openssl genrsa -out server.key 1024
openssl req -new -sha1 -x509 -key ca-key.pem -out server.crt -days 365

(เลขที่อยู่ด้านหลังสุดบอกจำนวนวันก่อนที่ certificate จะหมดอายุ)

เมื่อเราคัดลอกไฟล์ server.key กัล server.crt ไปไว้ในที่ๆ เหมาะสมแล้ว ก็ถึงคราวที่เราจะต้องไปแก้ไฟล์ httpd.conf ของ Apache

ขั้นแรกก็ต้อง uncomment บรรทัด LoadModule ssl_module modules/mod_ssl.so
จากนั้นไปที่ด้านท้ายของไฟล์ เราก็จะเห็น

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin


ให้เรา uncomment บรรทัด Include conf/extra/httpd-ssl.conf ออกตามระเบียบ แล้วก็เข้าไปแก้ไฟล์ httpd-ssl.conf ซึ่งจุดสำคัญมีดังนี้
1. บรรทัด SSLMutex ควรแก้จากตำแหน่งไฟล์เป็น default
2. ตำแหน่ง certificate file (ดูบรรทัดที่มี SSLCertificateFile)
3. ตำแหน่ง key file (ดูบรรทัดที่มี SSLCertificateKeyFile)
4. DocumentRoot
5. ServerName
6. ServerAdmin

Set SVN server with Apache on Windows

(Feb 19, 2008)

We can download subversion zip package and just expand it some where. Then, copy mod_dav_svn.so to Apache's module directory. To prevent confusion, I copied it to modules/svn directory. Next, add this line to httpd.conf

LoadModule dav_svn_module modules/svn/mod_dav_svn.so
LoadModule authz_svn_module modules/svn/mod_authz_svn.so

Finally, uncomment this line in the config file to allow dav. Note that this line must come before dav_svn_module line

LoadModule dav_module modules/mod_dav.so

But wait, this just makes Apache load itself with SVN capability. We need to config SVN server and create repository too. Also note that we should not assign the document root to the root of repository to avoid name conflicts. If name conflicts occur, we will normally get Error 301.

The best practice of configure SVN server is at http://svn.spears.at/. I claimed it the best practice since it elegantly separate SVN configuration from other of Apache by using an Include command :
Include c:/etc/subversion.conf

In subversion.conf, we may enter some thing like this:

<Location /super_angel>
  DAV svn
  SVNPath E:/svn_repos/super_angel

  AuthType Basic
  AuthName "Subversion Super-Angel repository"
  AuthUserFile c:/etc/svn-auth-file

  Require valid-user

  AuthzSVNAccessFile c:/etc/svn-acl
</Location>

This will create a virtual address at localhost:8080/super_angel. This virtual address will be mapped to E:/svn_repos/super_angel, which is an actual repository for a project. Thus, we need to create a repository there using a command:

svnadmin create --fs-type bdb E:/svn_repos/super_angel

Next, we need to create an authentication password file.  If the file is to be a brand new one, the command will have a c flag:
htpasswd -cm C:\etc\svn-auth-file john

For additional users, a command will be
htpasswd -m C:\etc\svn-auth-file Jane

Finally, we need to assign usage rights and groups for users in svn-acl file.  The content of the file will look like this.
#
# specify groups here
#
[groups]
team1 = moo, pinyotae

#
# team1 group has a read/write access to project1 repository
# all subdirectories
# all others have read access only
#
[super_angel:/]
@team1 = rw
* = r

This will ready our Apache.  We just need to restart it and access our repository at the virtual address we specify earlier.

Note: svn-acl is actually flexible.  Please refer to http://svn.spears.at/ for more details.

Special Olympics Oath

(Feb 18, 2008)

This special Olympics oath sounds very meaningful for me. I'm impressed.

"Let me win. But if I cannot win, let me be brave in the attempt."

Good and Free Utility Software

(Feb 12, 2008)

(references
Free Commander: http://www.freecommander.com/
FileAnt: http://www.fileant.com/
Capivara: http://capivara.sourceforge.net/

There are some software I expect to use often in the near future. First, I need a better file manager able to view Thai file names. Second, I need a software to synchronize my local folder with an FTP server.

For the file manger, there are two good candidates that catch my attention. The first one is 'FileAnt' and the second is 'Free Commander'. I have used FileAnt for a while and I like it. It has a unique feature--double click to go up one level. In details, if we double click on an empty space of a folder, we will go out of the current folder. This is very handy and make navigation fast. FileAnt, however, cannot view Thai file names.

So, I looked for another candidate and end up with Free Commander (http://www.freecommander.com/). Its user interface looks good and can view Thai file names. It has a shortcut to a favorite folder. If we set up favorite folders, ctrl-shift+1 (or 2, 3, 4, ..) will take us to a favorite folder. In fact, the shortcut can be set to a pair of folders. Namely, if we enter a shortcut, it will change an active panel to a folder and an inactive one to another folder we set. This should be very convenient when we need to transfer files between two specific folders often to back up data, for example.

For file synchronization, I chose Capivara (http://capivara.sourceforge.net/) since it has all features I need. These features are SFTP support and file change detection (the second is a must for file synchronizer). Its user interface is very intuitive too. With Capivara, we can have files at three places: home, office, and central server. We can choose to work at an office and just synchronize to the server when we are done. Then, we can retrieve updated files at home from the server to continue our work and synchronize again when we finish. This scenario will make every thing handy and safe (unless we force overwriting a newer files carelessly).

Tex2Im Tool

(Feb 4, 2008)

Today, Roger's Online Equation (http://rogercortesi.com/eqn/) almost put me in trouble when my friend used it and could not make it work on his equation with norm:

d_{S} = 2d_{D} + \left|\left|\left[\Delta x,\Delta y,\Delta z\right]^{T}\right|\right|

I don't know why it did not work in Roger's Online Equation Server. Perhaps, it does not have some important packages. Thus, I tried using tex2im locally.

I downloaded it from http://www.nought.de/tex2im.html

Since I already had LaTex tool on my Cygwin already, I could just copy tex2im directly to Cygwin's bin directory. Next, create a test.tex file with the equation above. Then, generate the output file with resolution 600 x 600, white text, black background, with transparency, without antialias. The above task can be done with the following command:

tex2im -r "600x600" -t "white" -b "black" -z test.tex

Note if we use the -z option, the anti-alias option will be disabled by default, but if we don't use the -z option, the anti-alias option will be enabled by default.

AMD Stream Processing

(Feb 2, 2008)

AMD recently announced its first stream processing board. Although it tried to promote and talked only about its flagship, AMD Firestream 9170 with 320 stream cores, from documents related to CAL requirements, we need only ATI Radeon HD2400 or better. This is good, but I'm sure that not many documents are around, and there must be some unseen issues waiting for me if I jump into stream processing stuff.

I think I should wait a year or two so that the platform will be matured.

Reference: http://ati.amd.com/technology/streamcomputing/

VirtaulBox

(Feb 2, 2008)

พอดีผ่านไปเจอ น่าสนใจดีเหมือนกัน น่าจะมาลองใช้ดูในอนาคต คงจะช่วยทำให้เรามี clean system ไว้ทดสอบการติดตั้งโปรแกรมเหมือนกัน วิธีติดตั้งก็ดูได้จากหมอนี่ http://linux.sothorn.org/node/258

พวกระบบแบบนี้น่าสนใจตรงที่ว่า ถ้าหากเรามี clean system มันก็จะทำให้เราช่วยทำ "Core Load" ได้ คือว่าถ้าเก็บ snapshot ของระบบเปล่าๆ พร้อมซอฟต์แวร์ที่จำเป็นสำหรับองค์กรเราแล้ว เราก็เติมซอฟต์แวร์เพิ่ม แล้วทำ snapshot อีก ก็จะได้สามารถขยาย Core system ที่เราคิดจะติดตั้งได้ง่ายๆ

อ่อ Virtual Box อันนี้รันได้ทั้งบน Linux, Windows และ Mac นะครับ เรียกได้เลยว่าครบเครื่อง พอๆ กับ VM Ware สนใจดูได้ที่ http://www.virtualbox.org/

Update (Feb 13, 2008): ไปเจอลิงค์รีวิวเปรียบเทียบโปรแกรม virtualization นี้มาจากเว็บคุณโสธร http://www.techthrob.com/tech/linux_virtualization.php พบว่า VirtualBox ดีจริง ทำงานเร็วปรี๊ดเทียบเท่า VMWare และมีปัญหาไม่มากนักด้วย

Suppressing First-chance Exception in Visual C++ 2005

(Feb 1, 2008)

I encountered a lot first-chance exceptions in my program when I debugged my program in Visual C++ 2005. Exception messages in the output window can be annoying if they cloud other important messages. After searching the Internet for a while, I found a simple solution about this on http://www.helixoft.com/blog/archives/24 . I can tell a window output not to show 'exception messages' by right clicking within the output window and uncheck 'Exeption Messages'.

If you want to know more about first-chance exceptions, follow links in the http://www.helixoft.com/blog/archives/24