coffee, black   no sugar

I just read the Zen of CSS design and got inspired to do some changes here as well. The book is really wonderful and inspirational, but not very technical. It is more a showcase of what you can do, commenting on the different designs and as such a good companion to the csszengarden.com. All the deep down technical things can be viewed in the source there anyway.

While I was at it, I restructured the static pages here as well. Similar to our company site I converted all my html pages to xml and use now a XSL to generate the html. This gives great flexibility and I would not write any html anymore ever again, where it not for blogging!

There is something missing here. Why do I need to write html in my blog editor? I don't even want to. And I surely don't want to store some html snippets on my blog server, where it gets shredded into some SQL tables and glued together with some velocity macros to make a weblog. How crude.

If I could find the time and will to do it, I'd make my own micro format and some engine to generate this whole site as plain files, only using xml, xsl, css and some portable code. I think I just need to start it...

Technorati Tags: css, zen

It's now about six months that I use Roller as my blog server software. My experiences are mixed and I am seriously thinking about writing my own software for publishing on the net. Let me explain.

Up front I have to say that Roller worked quite stable. I don't have the latest and greatest version (3.0) installed, but live on the 2.3. Customization has been a little bit of pain, but I read the this is supposed to be improved in the newer version. The server died unexpectedly only three or for times (tomcat gone) which could well have been memory related. The machine it is running on is not that big.

The dislikes came when the server was discovered by spammers. Partly I have to blame myself for keeping defaults on Roller features and not really trying to understand all and decide for myself. The other part I blame on Roller's insecure defaults: embedding referrer urls inside the page and enabling trackback comments.

When I say blame, I should correctly say was not behaving as I myself needed it. I think the software is fine, works well and has all features I want. But the features I do not need seem to require attention that I do not have to spare.

Here is what I want for my site software:

• all public resources served from static files by apache, e.g. no security issues, no performance issues, no tricky setups, deployable anywhere by copying the file tree
• a site builder software that runs offline (on my laptop) which generates the public file tree from a set of source files.
• source files under revision control in a software repository (cvs, svn or other).
• publishing by way of ssh/rsync
• writing blog entries/pages in a wiki dialect and controlling the generated HTML so that style/layout changes can be done for the complete site by a single rebuild

1. version control: as I think this is essential for everything. Even if you are the only person working on a set of files, it often happens that you work on different computers on them (so you are vitually another person) and software repositories are just made for that sort of thing. And often there is already a backup strategy for a software repository, so you have your site backed up without further hassle.
2. low admin: in this way of working, there is nothing to worry about once you have published. There are no user accounts to be hacked, no writes via HTTP to the server. Apache will handle any load gracefully and I have never ever experienced it going down unexpectedly in such a configuration.
3. flexibility: I don't want to write HTML no more. Nope. Nada. Not only is any wiki dialect easier to write, but computers are just better at generating good HTML. So let them. Also layout changes give no hassles, you can change generated classnames should the need arise. And last but not least: the HTML generation can be staged. I am free to invent a XML format for, say, documenting recipes and a HTML generator for it (or a wiki generator which is then converted to HTML). Lots of nice ideas come to mind...

There is one feature which almost every blogger uses which is not covered here: comments. I admit, I have no ready solution to it. A rather obvious idea would be to open a blog comment server on the internet where you can comment on any blog out there and bloggers just include a link or some jscript into their pages. Wouldn't that be neat? Google? Technorati? Yahoo? Do you already have such a thing? With a Web API so that my site generation can include/delete/moderate them if I want?

Technorati Tags: apache, experience, publishing, roller, simple, spam

Are among us tonight. I feel something's changed. Hopefully, Alice will remember everything.

There is the american saying "some days you're a bug, and some days you're the windshield." Well, the last couple of days i was more of a bug.

I switched my ISP on Tuesday and instead of the DSL router I wanted they sent me a modem. It's a ADSL2+ connection so I could not use my old router any more. I phoned them to send me a router which they promised.

On Wednesday, record time, the router arrived. It was 5 minutes to set it up and configure it. No problems, I was happy.

On Thursday I gave my Macbook into repair (the anti-whining part had been order) and got it back in the evening. When i arrived at home, the keyboard stopped working on the Book. Just dead. The computer is running and I now type this on a USB keyboard.

The same day on my PC (mainly used for gaming) I noticed heavy packet loss. Was the new ISP not keeping up its promise? I did some pings and traces and the ISP seemed to be ok. A look on my router showed a very busy LAN. And netstat revealed the misery: a process on my PC hat tons of connections to the net. My PC was hijacked!

A really nasty piece of software had gotten on my Windows system. It was a bot worm, remote controlled and now apparently used for some DOS attacks somewhere. It had two processes which restarted each other so fast, that the task manager was no help. It was monitoring the connections on all browsers and immediately shut down the browser when you tried to navigate to a known anti virus site. It closed regedit when you started it.

I finally with the help of cygwin managed to shut down the two processes and downloaded an anti virus application. The download was infected before it was complete. I started a new one. This one went through, but on running the setup, it detected that it had been tampered with and did not finish installation. I digged for a removal tool, had one scanning my disk during the night, and found in the morning that I had gotten the tool for another virus and it could not find the one it was looking for.

It was time to give up. On Friday I wiped the PC and reinstalled everything. I also visited the Apple shop where they apologized and told me they would order a new top casing which usually fixes the problems of a dead keyboard and mouse pad.

Today I feel a bit tired. I have the PC working again, I can use my laptop in a sort of way. It's now time to think things over and see what I can learn from that whole experience.

• The obvious thing is: never connect a desktop machine directly to the net. My PC was fully patched according to windows update. It was one evening of maybe 4-5 hours online that it needed to infect it. Partly I am to blame for this since I did not really put a lot of work into securing it. It was sitting behind a router for over a year and everything was fine. When I hooked up the modem, the SQL server port may have been open for example. Hard to say. I don't like Windows, but to be fair, any other OS with the same market share would have a hard time as well.
• Windows ACLs are beyond my understanding. I am sure there are people in the world who understand them, but I don't. When reinstalling the PC, I left a data partition intact and then tried to copy some files over to the new partition. Windows did not allow this for some files. Thing is, the old files still belonged to the no longer existing user account (the one on the shredded installation). The new installation had new UUIDs for its users. I gave the new user full permission on the old files and even made him owner, but Windows still refused. It is way to complex for the task of protecting file access on a desktop machine.
• I lost a couple of minor things, nothing important. But I am considering getting some net storage box now. A silent thing to install a ssh demon on to use rsync with. There are a couple of system at a good price to be had. My fondness for Macs would make a Mac mini an option, if it came with larger disks. I also thought about Amazon S3, but old-fashioned me wants to get his data also when offline. Maybe it could be backup for the net storage box...
• The only data I feel good about is the one I have in a repository on a server somewhere else. I think I will do that for more files now. Not only can it serve as backup, but it allows use and modification on several machines. Some kind of repository on top of S3 maybe? If all of it were public I could start my own open source project on sourceforge or google. The stefansvitaldata project...
• Last but not least: giving DSL modems to subscribers per default should be banned. The average PC will not survive it and ISPs should know better. I can understand the economics for them in a cost driven market, so some government regulation would be in order here.

Technorati Tags: backups, bots, macbook, virus, windows

My Macbook Pro goes on repair tomorrow. It's the whining noise thingie. Yes. For a time i thought i could bear it, but during the last week i realized I had to face it: we need to part for a couple of days. I feel terrible...well, a bit.

On the upside I hooked up some mp3 files on my main page and two videos are there two for your entertainment. So you can feel happy, while I tremble with anticipation of my laptop's return. (Which reminds me of the name "anticipation of a new lover's arrival" a sentient space ship gave itself in the brilliant Iain M. Banks "Excession". You should read it, you know?)

Ok, I start bubbling nonsense. Did I mention that my Macbook goes into repair? Oohhhhh....

Technorati Tags: despair, macbook, repair, whining

While moving to new hardware, I was suffering spambugs attacks. Which did not really help. Everything is now back to normal again though and hopefully will stay that way.

It all started with Roller (the weblogger software this blog runs on) offering this neat referrer list in the site menu. Since most bloggers are vain, including yours truly, it is nice to see the list of urls where visitors came from.

Yeah, right. Stupid me.

Turns out that not-so-honorable non-member of the community use such referrer lists to generate links onto their site. Which brings them up in google search and advertising fame. Roller has a feature to enter links to ignore and i used that in the beginning, but this week the server was hit by some serious spamming software and I turned the feature off.

Bots that they are, they continued hammering our little server with tons of fake referrers and - worst of all - the spambots software has bugs! It started sending in garbage request uris which our apache/ajp/tomcat setup did not like very much. Tomcat/Roller started eating up memory to the max and taking 100% cpu, but was not sending responses back. That did not feel very good in my stomach.

Finally it all settled down again after I told our firewall to send packets from certain addresses into nirvana. But do I feel safe now? Far from that! What would make me feel better? Well:

• A blog server that generates static files to be served by apache. All template driven layout and archive and views things done and updated right on publishing time when new articles are added or old ones are changed. While serving the public, the blog software itself is not involved. Only Apache.
• All really dynamic stuff to be included by links from something outside the blog hierarchy. Like the inclusions from flickr, last.fm or even youTube work. No plugin chains of extensions inside the blog server.
• A blog management/configuration UI that works like the one in TWiki. You just edit pages. One page lists people who manage a blog. One page lists the blogs. One page per blog lists the categories.
• Atom API behind SSL would be fine.

Technorati Tags: apache, roller, spam, tomcat

So, I have been busy the last two days to update my site layout. My english and german blog now uses the same one which is more consistent for people subscribing to both feeds at once using the aggregated roller feed.

I am rather proud of the new design and the image switching javascript magic. Kudos to the script.aculo.us guys for their effects library and to mnot for his hinclude.