Fair use of web content

This news was buried among many other news, but I felt that it deserves more people knowing about it.

It is about “fair use” of publicly available web content. What is “fair use” and when can content be restricted.

The original article is here.

A small company called hiQ is locked in a high-stakes battle over Web scraping with LinkedIn. It’s a fight that could determine whether an anti-hacking law can be used to curtail the use of scraping tools across the Web.

HiQ scrapes data about thousands of employees from public LinkedIn profiles, then packages the data for sale to employers worried about their employees quitting. LinkedIn, which was acquired by Microsoft last year, sent hiQ a cease-and-desist letter warning that this scraping violated the Computer Fraud and Abuse Act, the controversial 1986 law that makes computer hacking a crime. HiQ sued, asking courts to rule that its activities did not, in fact, violate the CFAA.

James Grimmelmann, a professor at Cornell Law School, told Ars that the stakes here go well beyond the fate of one little-known company.

I will leave it up to you to read and make up your own opinion about it.

Using ldap and kerberos with ajaxplorer

12/18/12 Update: not all is peachy keen. Login and autocreate account works, but logout can be an issue. I need to clear the session cookie when someone logout. Have not gotten around to coding that yet.

After a bit of fiddling around, I finally got ajaxplorer working with (ldap) kerberos5 as the backend authentication/access.

We are using ldap for users directory and kerberos5 for password. It’s a little bit different than what I am used to.

Anyway, I needed to get ajaxplorer working on a large filer for users to be able to access — locally and remotely — essentially our private ‘dropbox’. But getting ajaxplorer working with kerberos was a bitch! At first, I tried using ldap, got that working…. except ldap does not have our password, that’s where kerberos comes in. I thought about writing my own plugin, but damn it, I don’t have time for this.

After lots of googling, experimenting, etc. I found mod_auth_pam, which uses pam for basic HTTP auth. And since we are already using pam_krb5 for logins on our boxes, it’s a perfect solution.

Here is the section in my bootstrap_plugins.php:

$PLUGINS = array(
        "CONF_DRIVER" => array(
                "NAME"          => "serial",
                "OPTIONS"       => array(
                        "REPOSITORIES_FILEPATH" => "AJXP_DATA_PATH/plugins/conf.serial/repo.ser",
                        "ROLES_FILEPATH"        => "AJXP_DATA_PATH/plugins/auth.serial/roles.ser",
                        "USERS_DIRPATH"         => "AJXP_DATA_PATH/plugins/auth.serial",
                        "FAST_CHECKS"           => false,
                        "CUSTOM_DATA"           => array(
                                        "email" => "Email",
                                        "country" => "Country"
                                )
                        )
        ),
        "AUTH_DRIVER" => array(
                "NAME"          => "basic_http",
                "OPTIONS"       => array(
                        "USERS_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.pam/users.ser",
                        "AUTOCREATE_AJXPUSER"   => true,
                        "TRANSMIT_CLEAR_PASS"   => false
                )
        ),
        array(
                "NAME"          => "serial",
                "OPTIONS"       => array(
                        "LOGIN_REDIRECT"        => false,
                        "USERS_FILEPATH"        => "AJXP_DATA_PATH/plugins/auth.serial/users.ser",
                        "AUTOCREATE_AJXPUSER"   => false,
                        "FAST_CHECKS"           => false,
                        "TRANSMIT_CLEAR_PASS"   => false
                )
        ),
        "LOG_DRIVER" => array(
                "NAME" => "text",
                "OPTIONS" => array(
                        "LOG_PATH" => (defined("AJXP_FORCE_LOGPATH")?AJXP_FORCE_LOGPATH:"AJXP_INSTALL_PATH/data/logs/"),
                        "LOG_FILE_NAME" => 'log_' . date('m-d-y') . '.txt',
                        "LOG_CHMOD" => 0770
                )
        )
);

And the section in my /etc/httpd/conf.d/ajaxplorer.conf file:

   
        Options FollowSymLinks
        AllowOverride Limit FileInfo
        Order allow,deny
        Allow from all
        AuthName "Ajaxplorer Access"
        AuthType Basic
        AuthPAM_Enabled on
        Require valid-user
  	php_value error_reporting 2
   

The trick is these two lines for the “basic_http” auth_driver:


"USERS_FILEPATH" => "AJXP_DATA_PATH/plugins/auth.pam/users.ser",
"AUTOCREATE_AJXPUSER" => true,

That then allow my users to login, and on first time, they auth via mod_auth_pam, and ajaxplorer create their account in “AJXP_DATA_PATH/plugins/auth.pam/users.ser”.

NOTE I have to manually create the directory plugins/auth.pam and create an empty users.ser file.

But after that, everything work perfectly.

dynamic robots.txt file in Rails 3.x

We have a need for dynamic handling of robots.txt file as we have different requirements for production, staging, dev, test, etc.

Google-fu shows various way to do this, some for Rails 2.x, some for Rails 3.x. Here is my version.

First is to edit config/routes.rb and add this line:


match '/robots.txt' => RobotsGenerator

Then add the following to app_root/lib/classes/robots_generator.rb.

NOTE: We have an old domain, foo.com, that redirects to our newfoo.com. We don’t want foo.com to get indexed, so I have special treatment for that in production

class RobotsGenerator
  # Use the config/robots.txt in production.
  # Disallow everything for all other environments.
  def self.call(env)
    req = ActionDispatch::Request.new(env)
    headers = {}
    body = if Rails.env.production?
      if req.host.downcase =~ /foo.com$/
        headers = { 'X-Robots-Tag' => "noindex,nofollow" }
        "User-agent: *\nDisallow: /"
      else
        File.read Rails.root.join('config', 'robots.txt')
      end
    else
        "User-agent: *\nDisallow: /"
    end

    [200, headers, [body]]
  rescue Errno::ENOENT
    [404, {}, "User-agent: *\nDisallow: /"]
  end
end

Finally, you want to move public/robots.txt to config/robots.txt.

I want to give credits to the people that inspired my version.

ActionMailer SSLError hostname was not match with the server certificate

So I am setting up a Continous Integration server using CruiseControl.rb and was getting these errors. I am on a RoR 3.1.x env and pointing to my local (same server) postfix for SMTP. I don’t need SSL.

OpenSSL::SSL::SSLError (hostname was not match with the server certificate):
/usr/lib/ruby/1.8/openssl/ssl.rb:123:in `post_connection_check’
/usr/lib/ruby/1.8/net/smtp.rb:582:in `tlsconnect’
/usr/lib/ruby/1.8/net/smtp.rb:562:in `do_start’
/usr/lib/ruby/1.8/net/smtp.rb:525:in `start’

http://scottiestech.info/2009/12/21/fixing-the-actionmailer-hostname-not-match-server-certificate-error/

Gave me a clue as to the problem. But adding this line

# Turn off auto TLS for e-mail
ActionMailer::Base.smtp_settings[:enable_starttls_auto] = false

to my config/environments/ci.rb does not work. I was still getting the same error. So poking around in ActionMailer gem source code gave me the last piece of clue I needed.

I also need to set this flag:

:openssl_verify_mode => false

Putting everything together,


ActionMailer::Base.smtp_settings[:openssl_verify_mode] = false
ActionMailer::Base.smtp_settings[:enable_starttls_auto] = false

is all I need. Turning off starttls is not needed, but I’d do it anyway because I am talking to my local SMTP server and don’t want the overhead.

google-spreadsheet-ruby and (Nokogiri::XML::XPath::SyntaxError)

I have a Ruby script that update our Google Doc spreadsheet as part of releases. The script has been working for years, then suddenly started failing with errors like this one:


/usr/local/lib/ruby/gems/1.9.1/gems/nokogiri-1.5.2/lib/nokogiri/xml/node.rb:159:in `evaluate': Invalid expression: .//xmlns:link[@xmlns:@rel = 'http://schemas.google.com/spreadsheets/2006#cellsfeed'] (Nokogiri::XML::XPath::SyntaxError)
from /usr/local/lib/ruby/gems/1.9.1/gems/nokogiri-1.5.2/lib/nokogiri/xml/node.rb:159:in `block in xpath'
from /usr/local/lib/ruby/gems/1.9.1/gems/nokogiri-1.5.2/lib/nokogiri/xml/node.rb:150:in `map'
from /usr/local/lib/ruby/gems/1.9.1/gems/nokogiri-1.5.2/lib/nokogiri/xml/node.rb:150:in `xpath'
from /usr/local/lib/ruby/gems/1.9.1/gems/nokogiri-1.5.2/lib/nokogiri/xml/node.rb:214:in `css'
from /usr/local/lib/ruby/gems/1.9.1/gems/google-spreadsheet-ruby-0.1.6/lib/google_spreadsheet.rb:648:in `block in worksheets'
from /usr/local/lib/ruby/gems/1.9.1/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:239:in `block in each'
from /usr/local/lib/ruby/gems/1.9.1/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:238:in `upto'
from /usr/local/lib/ruby/gems/1.9.1/gems/nokogiri-1.5.2/lib/nokogiri/xml/node_set.rb:238:in `each'
from /usr/local/lib/ruby/gems/1.9.1/gems/google-spreadsheet-ruby-0.1.6/lib/google_spreadsheet.rb:646:in `worksheets'
from /home/tin/bin/google-spreadsheet:125:in `

'

It took a bit of sleuthing to find out that Nokogiri version 1.5.2 broke google-spreadsheet-ruby. Downgrading to v 1.5.0 made it work again.

I am documenting it here for those of you running into similar problems.

Addtions. It turns out nokogiri and google-spreadsheet gems are written by same author, and he is aware of the bug, but not fixing it at this time. He recommends using nokogiri v1.5.0

https://github.com/gimite/google-spreadsheet-ruby/issues/31#issuecomment-4451659

Google-fu show a solution, since I can’t keep gems from updating on my systems. I just have to force my script to request a particular version.

http://stackoverflow.com/questions/2693862/how-do-i-require-a-specific-version-of-a-ruby-gem

And here is how I solved my problem.


gem 'nokogiri', '=1.5.0'

require 'optparse'
require 'ostruct'
require 'csv'
require 'rubygems'
require 'nokogiri'
require 'google_spreadsheet'

Summary of Overcoming RoR Performance Challenges Meetup on Wed 2/29/12

Overcoming RoR Performance Challenges Meetup

The talk was on best practices and some tips on looking for problems and how the panelists worked around them. There are no “magic” bullet like Ruby or RoR has 🙂

Essentials:

  1. Watch out when using ActiveRecord. It make it too easy to use DB. It make it too easy to use DB. One more time, it make it too easy to use DB.

    Essentially, ActiveRecord and DB is not always the right tool. Sometime using other tool could work better for a particular problem.

    Things mentioned:

    • Using Redis as a queueing system, to buffer writes, which later go to DB. (this is what Blitz, Bleacher Report use to increase their performance).
    • Use NoSQL (CouchBase, Mongo and Cassandara were mentioned as being used by panelists).
    • Cache results as much as possible. Don’t hit DB all the time.
    • Hand optimize queries might be needed. ActiveRecord is not the best at generating optimized DB calls.
  2. Cache as much as possible. Bleacher Reports put in caching layer everywhere, memcache, front end web cache, etc. They also have scripts that pre-warmed their cache (“goal is to never have users be the one who triggered a cache request”).

    Use the cache in newer RoR (3.2).

  3. Write code in ways that make it easy to update to latest Ruby and RoR.

    Ruby EE has flags to allow you to use more memory for internal cache. Sometime it make sense to test for and try different memory configuration there (based on 2 panelists’ experiences).RoR 3.2 has good Rack/Rails cache. Read the doc and use them.

  4. Background processes.
    • Use bg proc whenever possible.
    • Anytime you need to make calls to external website (external API), use a bg process, to not tie up your RoR web process.
    • Blitz put jobs into Redis queue, then bg server check Q for job, run it and put partial results back into Redis, Ajax call then check and format/display result to web client.
    • Bleacher Reports and Mixbooks also do similar things. They use Redis as a job queueing system, among other things (see 1 above).
  5. They all mention using other web server for production (not using webrick). The following were mentioned as being used by panelists.
    • Passenger
    • Thin
    • Unicorn
  6. Related to (ActiveRecord) above is the N+1 problem. Where you add 1 line of code and the DB calls increased manifold.
    • Advice essentially say to develop and use coding best practices and train developers to look out for them.
    • There is a possible test that can be use to automated looking out for N+1 issue.
    • Solving n+1 problem with special tests: http://en.oreilly.com/rails2009/public/schedule/detail/8615 Query testing – see PDF of slides page 75
    • Panelists all recommended RSpec for automated testing.
  7. Monitoring for issues and performance.
    • All panelists point to NewRelic as the tool they use all the time.
    • The host of the meeting Blitz also did a marketing spiel on their tool to use for performance testing (it look really good, and available as a plugin on Heroku). I am going to test it and see about using it for performance/load testing our site.
  8. For ease of scaling infrastructure, leverage AWS EC2, Heroku, Engine Yard and other cloud providers.