Adam Leach

Dear Nestorfuns,

Our true fans will know the "geo fun" feature that allows you to use our property search with OSM Maps.

I am happy to report that we have updated this feature with brand new, customized maps curtesy of Cloudmade. Cloudmade allows you to create your own designs for OSM maps and integrate them on your website via their API.

Check out Spitalfields, London:

We are very pleased with the result, big thank you to the people at Cloudmade!

We hope you'll have fun playing with this new feature. Have a nice bank holiday weekend!

Permalink | Leave a comment  »

Following on from the discussion on the FlashMessenger action helper, I thought I'd also cover another supplied helper: Redirector.

Redirector does what it says on the tin and redirects the user to another page. I mostly use this when coming back from filling a form in, so that the user is then redirected to another page. In admin systems, this is usually a list page. On front end websites, this is usually a thank you page. Though for log-in forms, I tend to try and return the user to where they were going!

It's used in a controller action method like this:

$urlOptions = array('controller'=>'index', 'action'=>'index');
$this->_helper->redirector->gotoRoute($urlOptions);

gotoRoute() takes the same set of parameters are the url() view helper which is not a surprise as they both proxy through to the Front Controller's router object. It's handy though as one you know one, you know the other :)

If you are using the default route, then you can use gotoSimple(). For example to redirect to the news controller's list action, you would do:

$this->_helper->redirector->gotoSimple('list', 'news');

The gotoSimple() method signature is:

gotoSimple($action, $controller = null, $module = null, array $params = array());

As you can see, it provides defaults for the controller and module and params parameters so you only need to set them if you need to. This works well for admin system as I tend to be redirecting within the same controller (from the edit or delete action to index, usually).

You can also use the Redirector with an absolute URL, by using the gotoUrl() method:

$url = 'http://www.akrabat.com';
$this->_helper->redirector->gotoUrl($url);

I tend to use this one much less frequently - so infrequently, that I can't think of a use-case off the top of my head :)

By default, Redirector sets a 302 status code, however you can also set a 301 if you want to:

$this->_helpers->redirector->setCode(301);

There are a few other options that can be set like setExit() and setUseAbsoluteUri(), but to be honest, I don't think I've ever used them!

I find that I use Redirector fairly frequently as its gotoRoute() uses the same parameters as url() which makes it easy to remember how to use it. Like url(), it also benefits from remembering which route was used to get you to the current page and reuses that when creating the next one which is handy.

Douglas Crockford’s latest installment in the “Crockford on JavaScript” series, a talk in which he covers the role of event loops and the importance of server-side JavaScript, is now available on video. Flash video is embedded below, or you can download the HD video (480p ~370MB). Video from the first five lectures is available on the Crockford on JavaScript page.

• Download HD video (480p ~370MB)
• Download video (m4v)
• Download slides

Other Recent YUI Theater Videos:

• Nicholas Zakas and Victor Tsaran: Accessibility on the Yahoo Homepage — Nicholas Zakas, a principal developer of the Yahoo! homepage, and Victor Tsaran’s, Yahoo!’s senior accessibility manager, discuss the strategies and methods that made one of the most visited websites in the world fully accessible. The talk took place at the June 2010 BayJax meetup at Yahoo.
• Dennis Lembree: Making JavaScript Accessible — Dennis Lembree, an accessibility expert and the creator of AccessibleTwitter discusses the challenges of making JS-enabled sites accessible. The talk took place at the June 2010 BayJax meetup at Yahoo.
• Ryan Dahl: Introduction to NodeJS — Ryan Dahl, the creator of NodeJS, introduces the project and talks about performance improvements and new architecture. The talk took place at the May 2010 BayJax meetup at Yahoo.
• Elijah Insua: jsdom: a CommonJS Implementation of the DOM — Elijah Insua introduces a server-side implementation of the JavaScript DOM at the May 2010 BayJax meetup at Yahoo.
• Nicholas Zakas, Stoyan Stefanov, Ross Harmes, Julien Lecomte, Matt Sweeney: High Performance JavaScript — Five contributors to O’Reilly’s High Performance JavaScript discuss advanced JavaScript and DOM scripting optimizations at the April 2010 BayJax meetup at Yahoo.

Subscribing to YUI Theater:

• YUI Theater RSS feed
• YUI Theater on iTunes

This post was written and contributed by Major Hayden, Linux Systems Engineer for the Rackspace Cloud.He’s also known as “Racker Hacker.”

Regardless of the type of hosting you’re using – dedicated or cloud – it’s important to take network interface security seriously. Most often, threats from the internet are the only ones mentioned. However, if you share a private network with other customers, you have just as much risk on that interface.

Many cloud providers allow you access to a private network environment where you can exchange data with other instances or other services offered by the provider. The convenience of this access comes with a price: other instances can access your instance on the private network just as easily as they could on the public interface.

Here are some security tips for your private interfaces:

Disable the private interface

This one is pretty simple. If you have only one instance or server, and you don’t need to communicate privately with any other instances, just disable the interface. Remember to configure your networking scripts to leave the interface disabled after reboots.

Use packet filtering

The actual mechanism will vary based on your operating system, but filtering packets is the one of the simplest ways to secure your private interface. You can take some different approaches with them, but I find the easiest method is to allow access from your other instances and reject all other traffic.

For additional security, you can limit access based on ports as well as source IP addresses. This could prevent an attacker from having easy access to your other instances if they’re able to break into one of them.

Configure your daemons to listen on the appropriate interfaces

If there are services that don’t need to be listening on the private network, don’t allow them to listen on your private interface. For example, MySQL might need to listen on the private interface so the web server can talk to it, but apache won’t need to listen on the private interface. This reduces the profile of your instance on the private network and makes it a less likely target for attack.

Use hosts.allow and hosts.deny

Many new systems administrators forget about how handy tcpwrappers can be for limiting access. If your firewall is down in error, host.allow and hosts.deny could be an extra layer of protection. It’s important to ensure that the daemons you are attempting to control are built with tcpwrappers support. Daemons like sshd support it, but apache and MySQL do not.

Encrypt all traffic on the private network

Just because it’s called a “private” network doesn’t mean that your traffic can traverse the network privately. You should always err on the side of caution and encrypt all traffic traversing the private network. You can use ssh tunnels, stunnel, or the built-in SSL features found in most daemons.

This also brings up an important point: you should know how your provider’s private network works. Are there safeguards to prevent sniffing? Could someone else possibly ARP spoof your instance’s private IP addresses? Is your private network’s subnet shared among many customers?

With all of that said, it’s also very important to have proper change control policies so that administrators working after you are fully aware of the security measures in place and why they are important. This will ensure that all of the administrators on your instances will understand the security of the system and they should be able to make sensible adjustments later for future functionality.

We’ve been opening new Stack Exchanges left and right on a variety of topics. In almost every case, the Stack Exchange appears to duplicate the content of an existing community. For example, our WordPress answers site (now in beta) covers the exact same material as WordPress.org’s existing forums.

This is nothing new to us at Stack Overflow, which purported to cover the exact same material as hundreds (if not thousands) of other programming sites. There’s no rule that says that there needs to be exactly one Q&A website per topic.

There is, however, a compelling case for the Stack Exchange technology. WordPress.org’s forums don’t have voting, so you have to read through every answer and decide for yourself which one might solve your problem. They don’t have reputation, so there’s no way to see whether you’re getting an answer from someone who knows what they’re talking about. They don’t have wiki-style editing, so collaboration is impossible. You have to log on to ask or answer a question, so the burden of participation is higher. Stack Overflow is simply better than traditional forums, which is why it largely replaced proprietary forums. I remember hours of discussion with John Resig and the folks at jQuery who couldn’t decide whether to replace the jQuery Google Group with a forum or with a Stack Exchange. Ultimately it didn’t matter that much, because most of the jQuery Q&A activity happens on Stack Overflow anyway.

One day, the features that are standard on Stack Exchange will be copied everywhere. Until then, we’ll keep churning out new sites.

Need to hire a really great programmer? Want a job that doesn't drive you crazy? Visit the Joel on Software Job Board: Great software jobs, great people.

The development cycle is moving right along for the community’s newest MySQL benchmarking script. I’m pleased to announce that we now officially support FreeBSD (version 8.1 tested) so go ahead and download now and test your FreeBSD, Linux, or OSX MySQL server! Click here for the download.

Courtesy of Darren Cassar and some generous coding this weekend, we’re going to be releasing a auto-installer / updater for the application which you can use to automate that part of the process. Stay tuned for information on that release.