Heartbleed Relief: Replace the Default SSL Certificate in Parallels Plesk Panel

Heartbleed logoIf you have a web site with an SSL certificate then you are probably affected by the Heartbleed vulnerability which popped into general visibility. If your server is vulnerable, you need to do two things:

  1. Update openssl
  2. Replace your SSL certificate (since you have to assume that the certificate’s private key has been stolen).

Anyone in possession of your private key can a) impersonate your web site; and b) decrypt all past, present, and future traffic.

One little piece of the recovery is replacing the default certificate for your control panel. If you only have one server then clicking around in the control panel is OK. But if you have a lot of servers, that will quickly drive you bonkers.

Here is a shell script which will replace the default SSL certificate for Parallels Plesk Panel. The new certificate will be valid for 1095 days (three years). It will then use the new SSL certificate to secure the Plesk Panel itself. Continue reading Heartbleed Relief: Replace the Default SSL Certificate in Parallels Plesk Panel

MySQL + UTF-8 + PHP 5.3.10 + JSON = Trouble

Yesterday, I spent longer than I care to admit debugging an update to an old PHP script. It fetched a string from a MySQL database and (here’s the new part) passed the string to json_encode(). That call failed when the data included the multibyte characters ¼ or ½ or ¾. All of my attempts to remove the multibyte characters from the strings (replacing them with “1/4″ or “1/2″ or “3/4″) failed.

The problem turned out to be PHP 5.3.10’s default for the character set of the MySQL connection and the fix was easy. Explicitly set the character set to UTF-8:

Once that was set, json_encode() properly recognized the string as UTF-8 and it ran without error.

This problem will not occur with newer versions of PHP. They have the default character set as UTF-8.

Python Singleton

I needed a singleton database class in a Python 2.7 program and wrote it this way.

I like this pattern but I realized that this is even more elegant:

It works because I do not really need the whole Database class to be a singleton. All I really want is a single database connection.

Read-Only Python Properties

Following onto yesterday’s post about Python Properties and @property, there is a neat little trick to create a read-only property of a Python class. All you have to do is omit the setter. This Hero class has a read-write property “name”

You can see it used in the the constructor and in the “superman.name=” statement at the bottom.

We can easily make the name attribute read-only like this:

Note that I had to change the constructor, directly setting self.firstname and self.lastname, since it is no longer valid to write “self.name =”.

Python Properties and @property

My son pointed me at PyCharm and, while poking through it’s built-in “intentions,” I discovered Python’s @property decorator, which led me to learn more about the Pythonic way to handle class properties. Unlike Java and C++, Python encourages you to create public class attributes (a/k/a properties). Here is an example:

That works while being beautifully readable. A hero has a name. You can print the name and, when the hero moves to a new planet, you can change the name.

Python makes it easy to change the behavior of the Hero class, and this is markedly different from what you can do in many other languages. Let’s say that you want the Hero class to store not just the hero’s name but also his first name and his last name. The obvious way to implement that would be in the “setter” for the name attribute. You would add some code to parse the name into first name and last name, and then store the two components separately. You might start with something like this:

The problem is that the simple assignment no longer works. Writing “superman.name = ‘Clark Kent'” no longer does what you expect; it only changes his name but does not change his firstname. Instead, you would need to write “superman.set_name(‘Clark Kent’)” which is painful; it requires you to hunt through your whole program and recode all occurrences of “superman.name =”.

This is where Python’s @property decorator comes in. It gives you a straightforward way to add behavior to the setter for the name attribute, so that you can still use “superman.name =” throughout your program.

Voila! Now the Hero class actually stores the firstname and the lastname while providing the illusion that it still has a simple attribute “name”. The @property decorator makes the syntax “superman.name” keep working to get the value of the name property. The @name.setter decorator, makes the syntax “superman.name =…” work to change the value of the hero’s name.

For more information on Python descriptors, see IBM’s excellent article, Introduction to Python descriptors.

$76 Media Center

Several years ago, we got a Sony PlayStation 3 as a home theater PC and it has been a fantastic way to watch Blu-ray discs, Netflix, etc. It has not been a good way to listen to music for two reasons. First, listening to music requires me to turn on the home theater projector, since we do not have a TV. Second, the PS3 does a lousy job of organizing a reasonable sized music collection. (I have about 4700 songs.) The PS3 web browser is pretty mediocre, too, making the PS3 a poor choice for YouTube, Vimeo, TED talks, and so forth.

Ever since then, I have been looking for my ideal media center computer to compliment the PS3. It needed to be silent, inconspicuous, usable (for simple stuff) without turning on the projector, and an awesome mechanism to get my music to the receiver in the den. Beyond my own music, it needed to give me access to internet media such as YouTube and Pandora. It has been possible to build such a machine for quite awhile, but the multi-multi-hundred dollar price tag has always put me off.

This winter, I finally got to see a Raspberry Pi computer running the XBMC media center software and immediately ordered one for myself. At last, the media center PC that I have been waiting for!

For a total outlay of $76, I pulled together this hardware

  • RaspberryPi – $35
  • 32 GB SD card – $41
  • leftover cell phone charger – $0
  • leftover cordless USB keyboard & mouse combo – $0

The Raspberry Pi is a full fledged computer running Linux. You add an SD card as a “disk drive,” plug in an ethernet cable, hook up an HDMI cable, and add power from pretty much any old cell phone charger. Here is mine (click on either picture to see it larger).

Raspberry Pi top
Raspberry Pi top
Raspberry Pi bottom
Raspberry Pi bottom

The SD card works like a disk drive, holding the Linux operating system, the XBMC software, all 22 GB of my music, and a few miscellaneous videos.

Beyond buying the hardware, here are the software components that I gathered together to make everything work.

XBMC

  • I grabbed Sam Nazarko’s excellent Raspbmc, which is a bootable version of XBMC version 12 (Frodo) for the Raspberry Pi. I followed the instructions and, within minutes, had a basic XBMC system up and running.
  • Since I am in the USA, I edited /etc/default/keyboard and set:
    XKBLAYOUT=”us”
    giving me a US keyboard layout. (The default is “uk”.)

The Official XBMC Remote for Android lets you use your Android phone or tablet as a remote control. This is key component, letting me play music without turning on the projector.

You can easily add plugins from within XBMC and the Pandora plugin was one of the first that I grabbed.

Oh, did I mention that all of this software is free? And did I mention that XBMC includes AirPlay, just like an Apple TV?

Be careful, though. A Raspberry Pi is an addicting toy! If you get one, you may find it hard to do anything other than play with it.

Software Jobs

By day, I own a software company and occasionally write software. Wally, Dilbert’s friend, reveals all about my job in today’s strip.

First two frames of today's Dilbert comic strip
The pointy haired boss and Wally begin to discuss software jobs.

Click the image to read the whole comic. The disturbing question is: Which job do I hold???

Real Virtual Alchemy

I have learned to change lead into gold, and back again, for real! Well, sort of. Thus far, it only works within the virtual world of programming languages like Python. Here is the recipe. (If you are not into geek-speak, skip to the bottom where I natter on about reading ebooks on an iPad.)

Voila! First it’s lead. Then it’s gold. Then it’s lead again.

I understand why you might want to do something like this but, at least within the projects that I work on, it would obfuscate the program too much for my liking.

I learned this from reading the Python Coookbook ebook on my iPad, which has been thoroughly enjoyable. I like the iBooks app more than I expected to. I can highlight portions of the book, without actually trashing the pages. I can scribble notes next to my highlights. I can easily browse a list of the sections that I highlighted/noted. Perhaps even more useful, I can select a word or phrase from the text of the book and instantly search either Google or Wikipedia for it.

Python Generators Neatly Untangle Loops

The Python programming language has become my first choice for most tasks over the last year or so. The more I use it, the more I find to like about it. I just stumbled across generators in a way that made them make sense to me and it is so cool that I want to share it with you. A generator can make a program immensely more readable by separating the task of producing (or generating) data from the task of processing the data.

This will make more sense with an example: print an alphabetized list of all the usernames for a Linux system. On a computer running Linux, the file /etc/passwd contains information about all of the users. Here is the file for my laptop:

Since the username is the first “word” on each line, up to the first colon, most of that file is drek and can be ignored. So given that file of stuff, the program breaks down into these tasks:

  1. Open the file /etc/passwd.
  2. Read every line from the file and get the username, the first word, off of each line.
  3. Construct a list of all the usernames.
  4. Sort the list.
  5. Print the results.

My first attempt at such a program would have been something like this:

This little Python program does what I just described, producing this output:

The ugliness is that the for-loop does two things which are unrelated to each other: It finds the usernames within the /etc/passwd file and it constructs a list of the usernames. Why does a piece of a program which finds usernames care what happens to the usernames after they have been found? Why does a piece of a program which constructs a list of usernames need to care where the names came from? This is an artificially contrived example, so each of these pieces is very simple, but it is generally A Good Thing if each piece of a program does exactly one task. This makes everything easier: design, coding, testing, and debugging.

By using a generator, we can pry these two tasks apart and the program becomes easier to understand:

The generator at the top does just one thing: it produces usernames, one at a time. Python takes care of all the complexities. We can simply use the generator wherever we need a list of usernames. On first use, the /etc/passwd file is opened. Then each line is read, the username split off the beginning of the line, and the username yielded up to whatever other part of the program needs it. When the file has been completely processed, it is closed.

The second part of the program has become an easy-to-read loop: for name in usernames() This loop processes each name. We can understand that without being distracted by the details of processing the /etc/passwd file. Sweet.

[Update: I particularly enjoy programming because there is always something new to be learned. I have updated the following example, shortening it by one line while simultaneously making it easier to understand.]

Of course, Python offers more shortcuts and we can make the program more concise. Try this flavor:

Reading from the inside to the outside: usernames() produces the list of usernames. sorted(...) produces an alphabetized list of usernames. '\n'.join(...) takes the alphabetized list of names and joins them together into a string, one name per line, which is ready to be printed.

I hope that this has not been too deep a peek into the machinations of a programmer’s mind. :)