Category Archives: Technical

Using Inets – Erlang’s Builtin Web Daemon

A feature I’ve been meaning to add to Open Server Platform for a while is a web management system, where an administrator can login and manage the cluster and the servlets running on it. I’d like there to be a user friendly interface for administrators to start, stop and migrate servlets across the different nodes of the system and a way to upload a servlet file and have it compiled and distributed across the cluster.

The simplest way to start serving web content with Erlang is to use the inets server and the httpd service. This is a HTTP/1.1 server built into the Erlang distribution that supports some more advanced features, most interesting of all, the ability to use Erlang to dynamically generate content. It is however very poorly documented, and there are a few very annoying things I came across that I’m posting to hopefully help anyone else trying to get it working.

  1. The order of modules in the {modules, []} directive matters, if you want to have mod_dir work, it needs to be specified *AFTER* the mod_alias.
  2. The logging is rather horrid, the transfer.log will not log anything except for HTTP 200 for every request, even if it failed.
  3. You must specify {bind_address, any} in the configuration to use the httpd:reload_config function, otherwise it will return {error, not_started}
  4. If you just want to server static content, you will need at a minimum the following modules: mod_get, mod_head, mod_log, mod_actions and mod_range. However, adding mod_alias is recommended along with the {directory_index, ["index.html"]} directive to stop it from failing (HTTP 500) on a directory request.
  5. To use dynamic content, create a module that exports callbacks of the form: function(SessionID, _Env, _Input). To write Str back to the client, use the mod_esi:deliver(SessionID, Str) function.

I hope that this helps out!

Peace and chow,

Ranok

Open Server Platform Version 0.3 Released!

Today I finally got around to going through and testing the RC for version 0.3 of Open Server Platform. Everything seemed to work as planned, except for a few known issues that will be fixed in the next release, which should be coming down the pipe soon.

Improvements:

  • Added replication nodes to increase fail-safe reliability
  • Added commands to the administration console to stop and live migrate applications
  • Can use configuration files to assist in the start up of OSP
  • Many bug fixes and documentation updates
  • The HTTPd servlet example now supports large files and the HEAD command

So, please check it out and let me know what you think!

Peace and chow,

Ranok

Back in the Groove

After taking off the afternoon due to a migraine, and napping for a few hours until it passed, I was looking over some old projects, and decided to get motivated to work on my various Erlang hackery projects. I checked out a fresh copy of Open Server Platform on my new computer, and decided to hack on it some more. There are a number of loose ends I’d like to tie up before the 0.3 release, but, before I could get down to coding, SVN get my so frustrated that I could no longer deal with it and switched to git, creating a new repository on Github. I will keep the Google Code repository the ‘defacto’ repository, where the safer code gets committed, but use Github for the more bleeding edge development due to it’s simplified branching and merging (among other things).

In the new git setup, I have two branches (aside from master, which follows the SVN repository): otp and no-otp. The no-otp version is currently the stable code that runs just fine, but doesn’t take advantage of Erlang’s OTP framework. The otp branch is the more cutting edge OTP aware version, which I hope to fully migrate to soon. With full support for OTP, I should be able to use an already existing distribution platform, and more battle tested redundancy.

This evening, I fixed a long standing bug in the example HTTPd where the server would crash when opening large files due to a shortcut I took with first implementing the server. Originally, the server would read the entire file into a string and then send that to the client, as you can probably see, there is a problem when the server tries to read in a 3.9 GB file (my test file). Now, my servlet takes a much more sane approach, read in the file 1 kilobyte at time, sending that to the client before reading more. This new approach works perfectly, though I had to add some messiness for handling CGI/PHP files and different MIME types. I also added support for the HTTP HEAD command.

Peace and chow,

Ranok

Git and Wiki Wide Web

I admit it, I’ve finally jumped on the Git bandwagon. After toying with SVN and Darcs, I was convinced when I saw a screen-cast about branching and merging and how it makes the kind of random, skitzo programming that I do very easy and very maintainable. I started using it at work to keep track of some files as a test and finally bit the bullet and signed up for a GitHub account. Once I had gotten setup, I made a few repositories to upload some code I had made for my high school senior project, code that I haven’t looked at in years and probably never will again. Then I decided to share something a bit more exciting, Wiki Wide Web‘s bleeding edge source code. After some quick review to ensure I cleared the code of any hard coded passwords, I committed the source.

One thing I like about putting your code on a site like GitHub is that it guilts you into cleaning it up. If you hope that people are going to see it, then you feel slightly pushed to make an effort to clean it up. That pressure lead me to add some installation instructions and a make file for the Firefox extension, and clean up some code.

Peace and chow,

Ranok

Black Hat DC Day 2

Now that I knew what I was in for, the second day of Black Hat DC took quite a bit less adjusting to, I felt more okay to skip parts of a presentation to chat was presenters, which I did after the Tor presentation.

In the morning, Dan Kaminsky gave a brief review of the DNS exploit he found last year, and the current status of the source port randomization patch. The estimate for patch coverage was about 60% of DNS servers, though the unpatched servers are being pretty actively exploited. He also clarified his stance on DNSSEC, that he’s neutral to the technology, but feels that it can provide end to end trust, something that DNSCurve cannot do, and has a higher chance of being accepted on the root since it doesn’t require pre-operation cryptography. A big implementation hurdle that he sees is for the deployment of DNSSEC servers to be turn-key and not require extra maintenance or knowledge to use.

The following presentation was an interesting one that provided a technical solution to a political problem, how to share data without compromising the data privacy, and without letting the data sharing knowing what is being searched for.

After that, a researcher from Vietnam showed how to break the facial recognition software built into laptops. Simply by taking a photo of the user, and editing it for proper lighting and tones. I got to be the lovely assistant in this presentation, enrolling my face into one of his laptops, then having him take my picture through a Skype chat, then using that picture to unlock the computer. This got the crowd laughing and very impressed with how this technology can actually sell.

The presentation on Tor did very little for me, the research was of marginal value, but the talk after with the presenter and the creator of Tor was eye opening. The most important thing I brought back from that talk was that Tor is not meant to protect you from big brother, but to keep you anonymous from the sites you are browsing, and your ISP. After I saw that shift, I was able to accept the many attacks that have come out of the woodwork over the past few years, and finally put Tor in the proper place in my cyber tool chest.

Finally, the memory snorting presentation was very slick, it seemed to be a very clever way to reuse the signature data already in existence, and be able to both analyze a saved memory dump, and also potentially find malicious code before it hits the wire.

Overall, the show was a blast, and I hope to have the privilege of attending sometime in the future.

Peace and chow,

Ranok