Category Archives: Tech

2.1

1 Reply

Woke up, saw the tweets re: 2.1, which I thought was worth getting up to upgrade the phones… updates I really care about in bold.

Update includes:

* Decrease in call set-up failures and dropped calls
* Significantly better battery life for most users
* Dramatically reduced time to backup to iTunes
* Improved email reliability, notably fetching email from POP and Exchange accounts
* Faster installation of 3rd party applications
* Fixed bugs causing hangs and crashes for users with lots of third party applications

* Improved performance in text messaging
* Faster loading and searching of contacts
 * Improved accuracy of the 3G signal strength display
* Repeat alert up to two additional times for incoming text messages
* Option to wipe data after ten failed passcode attempts
* Genius playlist creation

[From Apple – iPhone – Software Update]

autocomplete with multiple related form fields (in rails)

2 Replies

I?m an advisor and consultant for a social network site where you go upload images and tag the stuff you own and the stuff you want. One of the thing we wanted to do in the stuff-tagging form was to have related autocompletion fields. In this case, we want an autocompletion of brand names, and then based on the brand name input, we narrow down the autocompletion for models to only the models for that brand. This should be a pretty commonly done, but the auto_complete plugin in Rails has no easy way to do this.

The obvious approach was to use Rails? autocompletion plugin to do the first field, and then use Scriptaculous directly for the second field, my first approach looked like this:

<%= text_field_with_auto_complete :product, :brand %> 

<input id="product_model" name="product[name]" size="30" type="text" />
<div class="auto_complete" id="product_model_auto_complete"></div>

<script type="text/javascript">
  new Ajax.Autocompleter(
    'product_model',
    'product_model_auto_complete',
    '/products/auto_complete_for_product_model',
    { parameter: 'brand=' + $F('product_brand') }
  );
</script>

But this didn?t work because the parameters are populated on instantiation of the Ajax.Autocompleter, so dynamic form content are not properly sent to the controller. Took some googling and playing around to figure this out, but the solution is to append the additional parameter by overriding the callback.

<%= text_field_with_auto_complete :product, :brand %> 

<input id="product_model" name="product[name]" size="30" type="text" />
<div class="auto_complete" id="product_model_auto_complete"></div>

<script type="text/javascript">
  new Ajax.Autocompleter(
    'product_model',
    'product_model_auto_complete',
    '/products/auto_complete_for_product_model',
    { callback: function(e, qs) {
        return qs + '&brand=' + $F('product_brand');
      }
    }
  );
</script>

Just for fun, I?m including the ajax endpoint to show how I generate the results in the desired unordered list format using the auto_complete_result helper. You should always specify a limit in these type of queries.

def auto_complete_for_product_model
  @results = Product.find_by_sql(
  [ %Q{select p.name from brands b, products p
      where lower(b.name) = ? 
      and p.brand_id=b.id 
      and lower(p.name) like ? limit 10}, 
    "#{params[:brand].downcase}", 
    "#{params[:product][:name].downcase}%" ]) if params[:brand] && params[:product][:name]    
    render :inline => "<%= auto_complete_result @results, 'name' %>"
end

BTW, this site is gonna make an appearance at the Techcrunch 50 demo pit, I should be there, check my Tweets, stop by and say hi if you happen to be around.

$100 off Kindle if you apply for the Amazon.com Chase card

Leave a reply

I know a couple of you guys have been wanting a Kindle and haven’t pulled the trigger yet for one reason or another. What if the Kindle can be had for only $259? Would that make your decision a bit easier? 🙂

I just got an email from Amazon that for a limited time if you get the Chase Amazon.com Rewards Visa Card you would get $100 off, not a bad deal.

[Link to Kindle on Amazon]

How to patch up Debian sarge bind9 TAKE TWO!

Leave a reply

The blogosphere is great, I wrote up on how I patched up my bind9 and quite a few people contacted me or posted comments informing me that it was the wrong patch. I looked into it more today and finally got a real fix for it.

I could not find a patch to fix the DNS cache poisoning problem for bind-9.2.4, it is probably no longer maintained. So I had to compile it from scratch, for the impatient I have hosted the .deb here.

First remove old bind9 package and download bind-9.5.0-P1.tar.gz from http://www.isc.org/index.pl?/sw/bind/view/?release=9.5.0-P2 and unpack:

$ mkdir /tmp/bind && cd !$ && tar -zxf bind-9.5.0-P1.tar.gz && cd bind-9.5.0-P1/

you might need one or all of these packages, if you’ve never build a .deb before you probably at least need dh-make

$ sudo apt-get install autotools-dev fakeroot dh-make

run dh_make and build:

$ dh_make

tweak configurations in the debian directory, I added –disable-openssl-version-check and –sysconfdir=/etc/bind to the configure options

$ sudo dpkg-buildpackage -rfakeroot

Now you should have a .deb in /tmp/bind, install it as usual

$ cd .. && sudo dpkg -i bind_9.5.0-P2-1_i386.deb

I think I didn’t configure the deb build options correctly so I didn’t get a /etc/init.d/bind9, if you’re missing that after the install, you can grab mine here. Also, when you removed bind9.2.4 it might’ve removed /var/cache/bin, if so, you need to create that directory, or whatever you specified as the directory in /etc/bind/named.conf.

If you have problems getting named to run, look for a named.run file, it should have the error message on why it exited execution. Finally, you should verify it by running something like this:

$ dig +short @localhost porttest.dns-oarc.net txt
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"x.x.x.x is GREAT: 26 queries in 1.6 seconds from 26 ports with std dev 19585"

If you see GREAT, it’s working, if you see POOR, then you’re still running an outdated version of named/bind9.

How to patch bind9 in Debian sarge to get DNS cache poisoning exploit patch

10 Replies

UPDATE (8/7/08):

The patch posted below actually does NOT fix the cache poisoning problem, please check out my follow up post instead. The original is included below but please note that it does not fix the security problem.

original blog post:

Most of you have heard about the DNS cache poisoning exploit, it is serious, most operating systems have security updates to get the latest bind9/named package and if you update you’re ok. However, Debian terminated security supports for Sarge/3.1 on March 1st. So if you’re like me still running sarge and don’t have the time to upgrade to etch or something newer, you’re kindda in a bad situation if you need to run a DNS. Luckily, Debian makes it really easy to compile and install custom packages, so here is how you can patch it up manually.

Check what you have installed, yup, it’s vulnerable:

$ dpkg -l | grep bind9
ii bind9 9.2.4-1sarge3 Internet Domain Name Server
ii bind9-host 9.2.4-1sarge3 Version of 'host' bundled with BIND 9.X

Install the source package for BIND9.

$ cd /usr/src && sudo apt-get source bind9
Reading Package Lists... Done
Building Dependency Tree... Done
Need to get 4667kB of source archives.
Get:1 http://ftp.us.debian.org sarge/main bind9 1:9.2.4-1sarge3 (dsc) [741B]
Get:2 http://ftp.us.debian.org sarge/main bind9 1:9.2.4-1sarge3 (tar) [4564kB]
Get:3 http://ftp.us.debian.org sarge/main bind9 1:9.2.4-1sarge3 (diff) [102kB]
Fetched 4667kB in 8s (534kB/s)
dpkg-source: extracting bind9 in bind9-9.2.4

Go patch it up:

$ cd bind9-9.2.4/

Apply this patch, either with patch(1) or manually, I did it manually just to be safe:

Index: inet_network.c
diff -u inet_network.c:1.5 inet_network.c:1.6
--- inet_network.c:1.5	Wed Apr 27 04:56:21 2005
+++ inet_network.c	Tue Jan 15 04:02:01 2008
@@ -84,9 +84,9 @@
 	}
 	if (!digit)
 		return (INADDR_NONE);
+	if (pp >= parts + 4 || val > 0xffU)
+		return (INADDR_NONE);
 	if (*cp == '.') {
-		if (pp >= parts + 4 || val > 0xffU)
-			return (INADDR_NONE);
 		*pp++ = val, cp++;
 		goto again;
 	}
$ sudo vi lib/bind/inet/inet_network.c

build the package, this will generate a .deb:

$ cd .. && sudo apt-get -b source bind9

install the package:

$ sudo dpkg -i bind9_9.2.4-1sarge3_i386.deb

Dealistic launched!

Leave a reply

I’m happy to tell you that we have finally launched Dealistic! It is a side project Ray and I spent most of our free time in the past 3 months on. We created Dealistic because both of us were frustrated on the existing deals sites on the interweb — they never deliver deals on the things we really want, so we created Dealistic to help us narrow them down to only the deals we care about.

The site is pretty simple, Sherry made an awesome walkthrough on what the site is about.


Dealistic Walkthrough from Andrew Ng on Vimeo.

Check it out, give us feedback and comments at our GetSatisfaction page, hope you find it useful as well.

Using SSHKeychain’s key agent in terminal/shell

Leave a reply

I’m not sure why I had to do this even if I told SSHKeychain to manage my environment variables, but anyway, to use SSHKeychain’s key agent in a shell, you do this:

Look up the socket location in preferences, it should look like this:

Preferences - General
Uploaded with plasq‘s Skitch!

and set the SSH_AUTH_SOCK environment variable in your shell to that location, you then should be good to go.

How to get display:block links working over images in IE

Leave a reply

One of my clients at work wanted different parts of the header and footer images to link to different pages, I used a CSS trick to have transparent a links to get and image map type thing to work, it worked great in Firefox, but didn’t work in IE6/7, here’s what I had:

#header a,#footer a {
  display: block;
  text-decoration: none;
  position: absolute;
}
a#header_link{top:17px;left:481px;width:166px;height:69px;}
a#footer_link_1{top:35px;left:0;width:450px;height:51px;}
a#footer_link_2{top:35px;left:453px;width:125px;height:51px;}
a#footer_link_3{top:35px;left:577px;width:63px;height:51px;}

Notice I used position:absolute, it works fine if you wrap them inside a position:relative div. To get it to work in IE6 and IE7, I had to specify a background color and set opacity of that element to 0:

#header a,#footer a {
  opacity: 0;
  filter: alpha(opacity=0);
  -moz-opacity: 0;
  background-color: #ffffff;
  display: block;
  text-decoration: none;
  position: absolute;
}

Not a huge fan of IE.