The Life and Times of Michael Shadle

"A new website, data.gov.uk, will offer reams of public sector data, ranging from traffic statistics to crime figures, for private or commercial use.

The target is to kickstart a new wave of services that find novel ways to make use of the information."

Awesome. I had an idea like this for infoporn.org a while back - generic data being available for consumption, but I really don't have any origin feeds that aren't already exposed. I'd just be re-syndicating them. But this would be awesome to have, just think of all the mashups you could create depending on what data is exposed.

Ref: http://news.bbc.co.uk/2/hi/technology/8470797.stm

I've got two big bones to pick with Leverage this season.

1. Somehow, and I'm not alone in this, you've lost some of the initial flair. Eliot doesn't fight as awesome or as much. Parker isn't as quirky. This whole separation with Sophie is just annoying. A new character? Nah. Sophie was just fine.
2. The special effects are God-awful. The backgrounds behind Sophie look fake, the explosions look horribly fake. Come on guys, a bit more funding in the CG department please.

The show is a necessary staple in the US television market. It's basically the US version of "Hustle" - it's unique and quirky and always has that great reveal at the end.

The show needs to survive, I am in no means saying it's bad. I just would like it to be dressed up a little bit differently.

FUD FUD FUD FUD

So there's more annoyance polluting the blogopshere, and it's about Facebook's privacy practices again.

They keep your data, even if you delete it. Imagine that!

Anyone who thinks that their data is truly deleted because they click "delete" on anything needs to wake up. YOU own your own privacy. If you don't want it to stick around then DON'T SHARE IT. Period.

I'm going to drop some more knowledge for you, and this one is for free. Expect whatever you say, wherever you say it, to be there forever. True deletion should be considered a BONUS, not an EXPECTATION.

FUD FUD FUD FUD

Refs:

• http://technology.globalthoughtz.com/index.php/anonymous-employee-reveals-ugly-details-of-facebook/
• http://www.allfacebook.com/2010/01/anonymous-facebook-employee-interview-fact-vs-fiction/

I've been posting on the nginx mailing lists for a while that I've had a developer working on SPNEGO (Kerberos/GSSAPI/etc.) module for authentication for nginx. I never produced any code though, because I was constantly waiting for a bit more of a matured module before giving it out.

For now though, it might just be best to throw out there what I have, explain my findings, and let the community start testing it, hacking it, improving it, etc.

Download
ngx_http_auth_sso_module-0.3.zip

Opens for the developer still

• He said he'd like to remove the dependency on the bundled spnegohelp library (apparently it's not needed or it can be filled with a system package)
• Needs some more documentation

My questions, comments

• Should it be called "mod_auth_sso" or something like "mod_auth_gssapi" - I believe Apache's equivalent has "gssapi" in the title somewhere. It was hard to determine which was the most up to date version - mod_auth_kerb, modgssapache, etc.
• I cannot verify this still using my corporate domain setup. I did have to make a minor tweak in the source to change the principal name it was using (see below) and I still got access denied. I have no clue if the module is to blame, the machine's setup with the domain, or what.

A possible required tweak... around line 474 or so in ngx_http_auth_sso_module.c

- host_name = r->headers_in.host->value;
+ host_name = alcf->realm;

How to compile - yes, it's a bit messy, mainly due to the spnegohelp library dependency

wget http://sysoev.ru/nginx/nginx-0.8.31.tar.gz
tar xvfz nginx-0.8.31.tar.gz
cd nginx-0.8.31
./configure --conf-path=/etc/nginx/nginx.conf --prefix=/usr --user=www-data --group=www-data --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --with-http_stub_status_module --with-http_gzip_static_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --with-http_flv_module --with-http_ssl_module --with-http_dav_module --with-http_realip_module --with-http_xslt_module --with-debug --add-module=/usr/src/build/ngx_http_auth_sso_module-current --with-ld-opt="-L/usr/src/build/ngx_http_auth_sso_module-current/spnegohelp"
cp -f /usr/src/build/ngx_http_auth_sso_module-0.3/spnegohelp/libspnegohelp.so /usr/lib64/libspnegohelp.so
... make, make install, whatever ...

I copied the libspnegohelp.so into the system so nginx can use it without any special runtime LD_LIBRARY_PATH crap.

How to configure (again, I could not validate this 100%)

location /test {
   auth_gss on;
   auth_gss_realm YOUR.KERBEROS.REALM;
   auth_gss_keytab /etc/krb5.keytab;
   auth_gss_service_name YOURMACHINENAMEIBELIEVE;
}

Conclusion
Your mileage will definitely vary but hopefully some people with more experience with Kerberos, C, nginx modules, or anything else helpful can pick it apart. I will post updates as I get them and I do want to post this on github or something... unless someone else wants to take ownership over it who will actually actively maintain/keep it up to date with nginx internals and maintain the github/whatever repository for it.

This was self-funded personally with no company sponsorship or anything, part of the terms of the project were also to keep it BSD licensed. Feel free to do whatever you want with it. If you want to send me any money to reimburse, I'll never say no to that - paypal AT mike2k.com. Or, pay a developer who can ensure it works end-to-end, if there is something missing.

Sadly, it does require the machine to be on the domain, I was hoping I could get away with it not having to be on the domain. I confirmed with Sam Hartman, who was a chief technologist at the MIT Kerberos Consortium - you can't really get more knowledgeable than that. I would have hired Sam for the project but it would have been too expensive. However if a company is willing to take this initial coding and have Sam add his magic to it, he knows C and was able to give me a real quick estimate and check how nginx modules work. He could possibly do it for cheaper now since the initial work might be done, and he would definitely be able to confirm all the logic is intact.

Thanks to YoctoPetaBorg at RentACoder.com for the initial work (and for hopefully soon finishing up the last bits of this :p) - it will be exciting to be able to use this at work and be able to have a fully functional module out there that people find useful.

With the whole MySQL/Oracle issue going on, I find myself looking into the future and how I see it. As far as I'm concerned, MySQL will start to lose it's popularity as the landscape changes. As far as I am concerned, there will be two key players in the MySQL replacement market, those being Drizzle and MariaDB.

I am not just saying Drizzle just because I help out with the project in various ways, however, that should be a good sign that I believe in it if I am willing to put any effort into it. With people behind it like Brian Aker, Eric Day, Monty Taylor, Stewart Smith, Jay Pipes, you've got a coding powerhouse that could solve the cancer issue if it was up to software development to fix it. These guys work around the clock and have been refactoring and re-examining everything inside of MySQL. What's going to be left ideally is a superfast microkernel that supports plugins for everything - leveraging the best options out there for replication, messaging, storage engines, etc. Growing apart from the monolithic huge distribution model that MySQL currently follows.

The second key player is MariaDB. Another fork off of MySQL, led by Monty Widenius himself and with other MySQL key players behind it, there is no doubt it will continue Monty's legacy as being able to spin success out of a tiny little open source product. I believe it will stay more traditional in-line with MySQL, but will provide more advanced functionality and scalability as it is developed further.

I won't get into other options like PostgreSQL as I don't follow the rest of the community there much.

Also, we'll see more NoSQL (did we ever bottom out on a better term for that?) options. CouchDB and MongoDB (both of which from a 50,000 foot view look identical from a usage model) and options like Cassandra will also become important and your data needs will become the decision maker for going with a SQL or a NoSQL database. Both of which offer advantages. However, I see Drizzle as making huge strides in leveling the playing field (or attempting to) with it's replication work to make it as scalable as NoSQL databases seem to be with their ability to scale out and replicate changes easily (which to me are their main selling point right now...)

Anyway, this is from a user perspective, not a developer perspective, and from what I've seen from #drizzle on freenode, a few SQL and open source conferences, blog talk and my own gut feelings.

I should make a note that I still use MySQL and will probably continue for some time. Neither Drizzle nor MariaDB are production-friendly yet. However, I believe 2010 should see the first "production capable" release of Drizzle (not sure of MariaDB.)

It is an exciting time though as we're starting to be presented with more options by the day, in fact there are so many various NoSQL databases now, key/value stores, and even a few more SQL databases that it's too hard to keep track of them anymore. There's a lot of code being written and with this whole Oracle possibly inheriting MySQL depending on the EU's judgement, it could ultimately help usher in some of these smaller projects into the spotlight quicker depending on what Oracle does with MySQL...