« January 2009 | Main | March 2009 »

February 28, 2009

Sharing the load between servers - httpd and Tomcat

If you're running a lot of traffic through an application, it's possible that one web server can't cope ... not so much because of the traffic levels, but because oomph the computer. Customer's applications range from financial to transport planning. The amount of compute behind the calculation of a Melksham to Altnabreac train journey schedule is large, even if the result is a tiny report.

Now you'll want to quote your customer a single URL, won't you, to process all your traffic, and you'll want to save yourself the £40,000 cost of a hardware load balancer. OK ... Scheme:

• A single server running Apache httpd forwarding the hard work to ...

• A whole batch of Apache Tomcat servers (if your application is in Java) which are doing all the compute and working out that you need to change at Chippenham, Paddington, Euston and Inverness!

You can do this very nicely, and the modern way of connecting the two servers is using mod_proxy_balancer. It's supplied with httpd (no need to source it extra and build it) and it's powerful and works well once you've come to terms with the various configuration options.

But then here comes the 'sting in the tail'. "What does a RETURN ticket cost" comes back a follow up request, and you need to ensure that your visitor is either routed to the same server as he was on before or that the server he gets send to may be a different one, but is aware of the enquiry he is continuing. The first of these approaches (load balancing) is far easier and lower cost in terms of resources than the latter (clustering) which, however, is far more robust in the unlikely event of a Tomcat server going off-line.

There are a number of actions that need to be taken in the configuration of your system to ensure that users DO get routed back to the same server if you take the balance approach:

1. You need to declare a sticky cookie at the Apache httpd mod_proxy_balancer

2. You need to set a jvmroute at the Apache Tomcat

3. Your programmer needs to set up a Session at Your Servlet

and perhaps

4. You need to set up a Reverse Cookie Path.

We've put all this lot in a training example ... and the example we chose was a front end server that receives guests and sends each newly arrived one to a randomly selected put for a drink, but on subsequent visits sends then back to the same pub, secure in the knowledge that they'll feel comfortable and an home there, and will be known to the barman.

Here are the sample files:

The important bit in the httpd.conf configuration file for Apache httpd

<Proxy balancer://barcrawl>

Balancermember ajp://192.168.200.218:8189/bar

Balancermember ajp://192.168.200.214:8189/bar

Balancermember ajp://192.168.200.219:8189/bar

Balancermember ajp://192.168.200.210:8333/bar

Balancermember ajp://192.168.200.215:8189/bar

ProxySet lbmethod=bytraffic

ProxySet stickysession=JSESSIONID

</Proxy>

ProxyPass /bar balancer://barcrawl/

ProxyPassReverseCookiePath /bar /bar

The setting up of the server route in the configuration file for Apache Tomcat - server.xml:

<Engine name="Catalina" defaultHost="localhost" jvmRoute="elm" >

And here are the pertinent lines from within our Barman application, each copy of which has been altered to welcome the visitor to a different pub:

HttpSession session = request.getSession(true);

out.print("<h1>Welcome. Please enter your name</h1>");

out.print("You are in the King Billy<br>");



We'll train you on setting up Apache httpd and Tomcat on our Deploying Apache httpd and Tomcat course (but please let us know when you book if you're particularly interested in load balancing and / or clustering and we may suggest an extra day.



And we'll train you on Java Programming on our Java Bootcamp if you're already a programmer, or on learning to program in Java if you're a programming novice.

Pictures - Melksham pubs - "The Bear", "The Unicorn" and "The Red Lion"



Posted by gje at 08:00 PM | Comments (0)

February 27, 2009

Invoker and cgi servlets on Tomcat 6

Related topics: via article database More about Graham Ellis of Well House Consultants

If you want to use the Invoker or cgi servlets on Tomcat 6, you need to change the privileged setting in the conf/context.xml file - change:

<Context>

to

<Context reloadable="true" privileged="true">

If you simply uncomment the Invoker and cgi sections of the web.xml file without making these changes, you'll break Tomcat completely and even the other servlets won't work - you'll just get a blank page when you browse to the site.

There is no longer any need (as there was at Tomcat 5.5 and previously) to rename jar files for the cgi and ssi servlets to work.

[From Apache / Tomcat deployment]

Posted by gje at 05:49 PM | Comments (0)

February 26, 2009

Train and Coach fares from London (and airports) to Melksham

Related topics: via article database

Advise on travel to Melksham for training course customers arriving via London. The advise is good for people coming to Melksham to visit other businesses too ...

If you fly into London's Heathrow airport, the best way to Melksham would actually be by express coach [bus] rather than by train as it would save you having to go into and out of the centre of London - there's a coach at 18:45 from Heathrow that passes right by our training centre and stops about 500 metres away, and it takes just over 2 hours. It returns from Melksham to Heathrow at 07:45 each morning. The standard return fare is 27.40 (twenty seven pounds 40p) return.

From Central London, the train [outside the peak hours, when they more than double] costs 45 pounds return - make sure you get a return ticket, because a one way ticket costs just a pound less. And that's to Melksham (with very few services) or to Chippenham - 8 km away.

If you arrived in a different airport (London also has airports at Stansted and Gatwick), you would transfer by train and it would cost rather more as they are both on the other side of London - the off peak return from Stansted is 56 pounds, and from Gatwick it's 53 pounds.



Extra notes:

If you get the train to Chippenham, there's a local bus service to Melksham that calls at the station during the evenings only, or you could get a taxi (allow just under 20 pounds). If you are on a Well House Consultants course or staying at Well House Manor, we may be able to arrange a lift or have a taxi from Melksham there to meet you.

If you're arriving into Heathrow at other times of day, it's still easier to catch the coach than the train, but to Chippenham where the bus will drop you off right beside the taxi rank.

Posted by gje at 04:55 PM | Comments (0)

Web Site Loading - experiences and some solutions shared

Related topics: via article database

I can recall a colleague of mine (OK, if you're reading this Peter, yes you were the boss) using the term "Open Kimono" to describe certain approaches at certain times, and (truth be told) I wasn't sure if there was something a little naughty in the connotations that the term conjured up. Yet the term came back to me this morning when I was wondering whether to post up some recent experiences / comments from the growth curve we have been seeing in resource usage on our web server. But I think I'm OK to use the term ... the My Open Kimono Blog uses it, for example.

Why move the web site?

Here goes. We moved our main domain to a dedicated server six months ago. Traffic levels were such that our daily Apache httpd logs on a shared server in the USA were around 15 Mbytes each, and we had concerns at the lag time taken for traffic from the UK (our primary market) to make the round trip. We were also concerned that search engines were seeing us, with a ".net" top level domain, as being located and trading in the country in which our server was located rather than in the UK. And we had some security concerns with regard to the peaky load that others were putting on the server, and the possibility of PHP injection attacks into our scripts by others on the machine (or, rather, due to loopholes left by others sharing the system - see here)

The first problem, and a warning sign

Anyway ... a few of the teething troubles that were only to be expected as we learned out way into the new server, and the web site was transferred and live in a quite remarkably short time. But then it died in the middle of one night. And that technical story is told here. Finding an issue like this is rather like looking for a needle in a lot of hay - not even in a single haystack, as the potential issues are many any varied, and there can be just the one trigger.

But there was a serious latent issue. How could a single script's running - even if it caused 20 seconds of cpu time to be burned up, cause an ongoing problem, as it appeared to have done when it ran that night?



The Current Issue

Traffic has now risen; from a 15 Mbyte daily log file in July, traffic has risen in less that 6 months to peak at nearly 50 Mbytes per day ... and we have seen other occasions when the server's queue length as reported by uptime - usually between 0.2 and 0.8 - has swept majestically upwards to 40, 50 or more and has stuck there. A temporary cure has proven to be easy enough - just a stop of the httpd and mysql daemons, then a restart and the whole thing has started purring along sweetly until the next time.

So have httpd and / or MySQL been stuck in some sort of loop?

No - I don't think so. I think we have simply filled up the server's memory and it's been running on the backup of 'swap space', with more processes / threads of httpd and MySQL than can fit in the real memory fighting for that space, and with the disk 'thrashing' about. And more requests will be joining the queue, now quicker than completed ones are being peeled off. In other words, it's a self perpetuating problem which, once it has started to occur, is likely to get progressively worse. Unlike a bus queue where you can see you've got a wait ... pop off and get a coffee and come back a bit later ... you have no such option on a web server ...

... and in effect it's made worse by the driver of each and every bus having to stop and re-organise the queue on every trip, thus cutting down the capacity for the queue to be handled at the very time it's most needed!

Evidence

What evidence do I have that it's pure load rather than one particular script? Well - the problem was triggering just after 6 a.m. in the morning, on some mornings - and that's the time an extra load (a server backup) gets added on to the job queue - actually several jobs, including a database dump and some tars. Each runs perfectly well manually, at a quiet time, but if the server happens to be busy they'll start popping it in to an unrecoverable overdrive.

And then the problem triggered, it seemed, at around lunchtime and again between 4:30 and 6:00 in the afternoon - the busiest times on our server, with the UK and European traffic heavy just after noon, and then the UK traffic still very busy at the time the USA traffic was picking up too towards then end of the afternoon / early evening. And Saturdays and Sundays, when our servers are notably quieter, it ran sweetly (this gave me false hope as I tried to fix the issues at the weekend!)

There's a technical article here in which I show a top report comparing our server when well behaved and when thrashing.

Possible Solutions

More buses, more efficient buses, and taking measures to turn the very occasional person away when the queue is starting to get to the "needs marshalling" stage. We can also make sure that everyone in the queue really wants to travel!

How do those work in web server terms?

• More buses.

For the moment, let's put that one on the back burner. We could cross the palms of our WSP with more silver each month, but there's little point in purchasing something that's not needed.

• More efficient buses.

If we can get the buses to run trips more quickly, the same number of buses will handle more customers and will stop the queue bursting. There are quite significant elements of PHP in most of our pages, and quite a bit of MySQL too - indeed, most of our images are fed from a database.

I have reduced bookkeeping operations in our scripts so that they're run not on every page, but only randomly on around one page in five. A few excess records in "what happened in the last quarter hour" really don't matter.

Various other smaller actions.

And the big one - I have added an index based on the URL to our 15,000 page stats database that we use to provide the relative importance map for Google, and the Google-like search results on our resources pages. It's probably significant that some of the problems only started to occur at around the time that these extra databases started to be collected! [detail]

• Fast track service desks

I have taken about a dozen images which are served several times each served very frequently indeed and moved them to plain files, rather than serving them via PHP and MySQL.

• Limiting the queue

I don't want to turn people away - in fact I HATE doing it - but a very few dropped connections from time to time is far, far better that having the whole queue come to a screaming halt until the server's heartbeat is missed on our monitoring machine which screams for the administrator.

I have tuned our queues ... and there is a technical article that I've added to the site here that tells you about how I've done that.



• Restricting to really wanted travellers

You may recall articles about libwww and Babycaleb earlier on this blog. This sort of traffic, generated by automata, is very peaky and (in the case of the examples quoted) totally unwanted .. the articles linked just above tell you how I have turned away a great deal of that traffic at the front door, and how I have ensured that much of the rest of it is "fast track"ed as above.

• Cutting out needless journeys

Do you like this picture of Charlie, our cat, who's in the habit of coming up to say "good morning" to me when I'm checking my email, and to ask for a stroke and breakfast? It's a nice picture ... perhaps you will come back to this page again in a couple of minutes for another look? Well ... please keep the original copy and look at it again! as there is little point in me giving you exactly the same information, or doing exactly the same work, time after time. The web server can add cache and store headers onto pages (and if you're using PHP to serve images, this is a real "must") and you can also use facilities like memcached to save repeated expensive server calculation operations.

Here's part of our PHP script which manages our image database - the part where it tells the browser to keep the information it's been given for up to an hour, and not to keep asking for it. This is very important for images like your logo which will appear on every page!

# Send out image

header("Content-type: image/jpeg");

header("Cache-control: max-age=3600");

print $imagebytes;

You will also have seen me talking about adding restrictions into our robots.txt file to avoid needless crawling of pages that really shouldn't be indexed, or where our scripts generate URL loops that can trip the spiders. See here and here for some past experiences, and there's a sample copy of our file here. I have added a few 'loop killers' since I wrote that example.

Have you ever seen a nice picture on someone else's web site and added a link to it on yours? It's called hot linking and if you link to an image on an obscure site from a very popular one, you can have a detrimental and sudden effect on that site. There are occasions where our web site suddenly gets hundreds or thousands of hits from our of the blue - and really it's theft of bandwidth and probably of images. We are monitoring / watching such images - you can use my monitor tool here and see what's a popular steal at the moment. And you can read about past comments I have made and technical ways to discourage the habit here.

Finally, you can cut out some excess traffic by telling people that pages are broken. You may recall past articles (possibly no longer around even here) showing how you can divert erroneous URL requests to your site search and return a good page. Fabulously useful technique for real visitors, but it's almost designed to set the search engines off in a feeding frenzy if they get a bad URL - especially if you suggest other searches. Take care with scripts like this ... and ensure that your automata users are sent "404" responses, while being much more helpful to the customer who has just guessed at a UTR by serving him with useful guidance and content.

Where now

I don't think I've reached the end of the story yet. Traffic will go on increasing and - at best - we've currently got something of a lid on it; occasional queues which will potentially get longer. Yes, I know there's a recession or depression on - but it's not depressed or recessed our traffic (perhaps people have more free time and spend more time browsing, quite apart from the fact that this is a rather good site!). So keep reading The Horse's Mouth and you'll see the story continue to unfold.

If you have found this article useful , please remember that we can help you with issues like this in relation to your own servers. We offer Linux / Unix Web Server courses and also a variety of PHP training and a MySQL course too. But in addition / as a starter, please feel free to ask! A day of help of advise may pay for itself a hundred times over - even if I can't come up with a complete solution, I can certainly give pointers and help look at your own, individual case. The easiest way to contact me is via this form and I'll be back to you within 24 hours.

Posted by gje at 09:27 AM | Comments (0)

Effect on server when memory runs out and swapping starts

Related topics: via article database

Here's an interesting example from a web server showing what happens when real memory runs out and the system starts swapping ... it can be something of a downwards spiral in terms of performance, as the majority of the resources are essentially tied up by the swapping / keeping going at all once memory is full, and a hard to recover backlog of processes can build up.

First, an example where the system is running in memory:

And this is what can happen with a slightly higher arrival rate, and / or a slightly slower processing rate such that a queue builds up:

You'll notice by comparing these two (look at the purple highlights):

1. The load average has rocketed from 0.23 jobs waiting (average in last minute) to 22.59 jobs.

2. The cpu utilisation remains low - under 10% - for user processes

3. The cpu idle time has dropped from nearly 90% to zero, with all the extra resource being burned up by device wait time - 93.6% no less.

4. Swap space has only increased slightly in its use, but every process in this machine is active and the whole thing hsa started thrashing which means a queue has built up ...

5. There's been a rise from 115 to 191 total tasks (remember that the majority of the initial 115 will be operating system background processes, so that this is a truly massive increase)

6. The process table itself is showing details of just how / where the queue has built up.

See here for some tuning information for httpd if it's the web server that's consuming all the space (there are MySQL notes there too!)

Posted by gje at 08:05 AM | Comments (0)

Tuning httpd / the supermarket checkout comparison

Related topics: via article database

Why do you have multiple copies of "httpd" running on your web server, even though you have only got one process in startup? It's because httpd spawns child processes which allow it to be handling several customers at the same time rather than have them stand in line and be processed sequentially. It's sensible / necessary because some of the clients may be a little bit slow (waiting on resources such as disc or network transfer) and rather than wait, the cpu should get on with other jobs.

There are various different models available within httpd ... I'm looking at the default prefork module here, and it's very tune-able. To understand how, I'll compare it with a supermarket checkout.

A supermarket has a certain amount of space available with checkouts installed, but when they open they only open a few at first. As they get busier, more are opened to keep ahead of the rush up to the maximum they have capacity for, and as business drops off, they will close some down - but they'll never drop below a minimum waiting to serve. After a certain number of customers, they may choose to service and then reopen a checkout.

Let's see how the mpm_prefork module does that. Firstly, in the httpd.conf file, you'll enable the extra configuration file to allow you to move it away from all the defaults:

# Server-pool management (MPM specific)

Include conf/extra/httpd-mpm.conf

The change was as simple as removing a #. Then make changes to the file in the extra subdirectory to reflect the new configuration you want. Let me translate the default into Supermarket terms:

<IfModule mpm_prefork_module>

StartServers 5

MinSpareServers 5

MaxSpareServers 10

MaxClients 150

MaxRequestsPerChild 0

</IfModule>

"Our store has 150 checkouts. Five of them are manned when the store is initially opened for business, and we always keep at least five in hand waiting to serve customers who walk up (until all are open). At times that our checkout staff are handling customers quicker than they're arriving, we'll close checkouts but we'll keep at least ten open anyway in case more people walk up. We do not set a limit for the number of customers an individual operator / checkout looks after in a single opening."



There is further tuning of the checkout behaviour which can be changed too, via other defaults. Once again, if you want to change these parameters you need to enable the settings via an extra file - here's the modified line (again, uncommenting is all I changed) in the httpd.conf:

# Various default settings

Include conf/extra/httpd-default.conf

And here are the default settings that I'm interested in:

Timeout 300

MaxKeepAliveRequests 100

KeepAliveTimeout 5

"If someone walks up to a checkout but then doesn't actually give the clerk anything to checkout or just stops, give that person 300 seconds to actually get on with something before you chuck 'em and move on to the next customer. When you finish selling something to someone, pause for up to 5 seconds to see if they have another item to purchase as well. But only a hundred of the checkouts may be tied up in this wait state at any time".

There are several different approaches to tuning these settings ... and also to tuning any back room services (such as MySQL) which the staff on the checkouts will be using:

• you could increase the number of checkouts available in order to reduce the amount of shutting down and starting up necessary, and to ensure that you have plenty of staff available at peak times or ...

• you could trim back and have a limited number of checkouts available that move quickly from one customer to the next, scarsely pausing for the slowcoaches.

The defaults are pretty middle - of - the - road, and the fact that you are reading this article is likely to mean you have issues - so have a look at the underlying cause before you do too much and be prepared to do a few tests!. Monitoring tools include top, vmstat and uptime from Linux, the Apache Server Status page from httpd that you can enable, mysqladmin status from MySQL ... and you can use tools such as ab and jmeter to generate traffic flows too to test your system.

To conclude - three sample (amended) configuration files ...

Keeping a lot more checkouts open (but be careful that you don't end up paying so much overtime (i.e. using swap space) that you loose more that you gain:

<IfModule mpm_prefork_module>

StartServers 10

MinSpareServers 10

MaxSpareServers 25

MaxClients 250

MaxRequestsPerChild 10000

</IfModule>

For a system which has limited memory ("you don't really want the expense and time consuming trouble of serving people in a portacabin, so make the very best use of your limited floor space!"):

<IfModule mpm_prefork_module>

StartServers 4

MinSpareServers 4

MaxSpareServers 8

MaxClients 35

MaxRequestsPerChild 10000

</IfModule>

And here are some tunings for the default file:

Timeout 60

MaxKeepAliveRequests 20

KeepAliveTimeout 3

Here's the rationale behind that one: "It's a fast moving site, and (let's face it!) people will get bored after waiting for a minute - so may as well time out them. Keep the number of checkouts waiting for a further purchase down; avoid the danger of the whole store being clogged up with checkouts waiting for Mrs Jones to run back for some sugar, or for Johnny Smith to dash over and get an extra Mars bar because he hadn't noticed the 2 for 1 offer. And keep the time that Mrs J and Johnny are allowed for such antisocial actions down."

[Sample file]; The image illustrating this article is public domain. detail.

Posted by gje at 07:32 AM | Comments (0)

February 25, 2009

What a difference a MySQL Index made

Related topics: via article database

If you add an index to a column in a MySQL table, you provide a very quick way of looking up a row or set of rows based on the value in a certain column, but at the expense of additional disc space and a bit more internal management.

Here's an example in which I look up a record (by URL) in a table of around 15000 records, some of which are quite large.

mysql> select url, halflife from cn_content where url = '/net/recents.html';

+-------------------+----------+

| url | halflife |

+-------------------+----------+

| /net/recents.html | 2 |

+-------------------+----------+

1 row in set (0.30 sec)

That's running at around 3 requests per second, which as a part of our web site logging is a significant load. Let's create an index, stating that the URL will be unique in the first 100 characters:

mysql> create unique index pagename on cn_content (url(100));

Query OK, 15176 rows affected (1.80 sec)

Records: 15176 Duplicates: 0 Warnings: 0

mysql

This did not work for me first time; the were a couple of lines where the pagename was not unique in my table, and I had the "opportunity" to resolve the issues. Once sorted, my enquiry gave the same results (so it was plug - and - play compatible) but much faster:

mysql> select url, halflife from cn_content where url = '/net/recents.html';

+-------------------+----------+

| url | halflife |

+-------------------+----------+

| /net/recents.html | 2 |

+-------------------+----------+

1 row in set (0.02 sec)

That's up from 3 requests per second to 50 - and a huge improvement!

Posted by gje at 06:28 AM | Comments (0)

February 24, 2009

How was my web site compromised?

Related topics: via article database Useful link: MySQL training

It looks to me as if this car has left the road and come to a sudden halt against the building, with the result that both have been somewhat damaged. But why did it happen? Was there a mechanical failure such as brakes or tyres? Did the driver fall asleep at the wheel or something distract him? Was he drunk? Or did he swerve to avoid a child on a cycle? Perhaps there's a more unlikely reason - perhaps there was no driver in the car, but it was left stopped on a slope and ran away, or it fell off the back of a lorry.

When presented with a web site that's been compromised - with new files created, databases and their records changed, or data injected into existing files, it can be rather hard to work out what has happened - rather like trying to find what caused a motor accident. And one photograph is going to give clues, but no more - the picture above is from a page of public domain images, and I know no more than that. So "educated guess" is my best hope.

If I'm going to be looking at a system that's been compromised, I'm going to look not only at the content of the file(s) and database(s) that are infected, but also for certain other tell-tale files that might have been added to the system - especially at around the same time. And I'm also going to take a very careful look at who is allowed to do what to which resources. In other words, file permissions, and user and group ownerships.

Here's an answer, just written, concerning infected files...

If you have infected files, have a look at the write permissions on the infected files .... who can write to them? If they're writeable by the web server user, then is that just yourself, or is this a shared hosting machine? If the scripts are PHP and it's a shared server, then the start of the hole may not be in your area, but the write permissions being wrong in your area have let the sh*t land on you.

What causes such scripts to allow files to be written? Typically scripts written with the best intent, but in which the file name can be taken from the user / seeded by a form. John can create a file called "John.html", perhaps. And Harry a file called Harry.html ... all perfectly good names in a directory called "users". Then along comes someone called ../index.html ... and he overrides the home page at the top of the site. Be aware, too, off the cross-site scripting possibilities of Mr "http://www.sheepbingo.co.uk/" who might find one of your scripts that he can pull his code into and have it run on your system. And these concerns apply not only to the scripts you have written yourself, but also those which you have sourced from elsewhere.

With Perl, the script may be run as the user (via setuid) or as the web server, and you should take a look at which of the two your setup uses in order to help you with the analysis.



Posted by gje at 08:28 AM | Comments (0)

February 23, 2009

A Presentation about our company - web and PHP

Related topics: via article database

In answer to a request for further information about our training centre, the town in which it's located, and our training methods and facilities, I've put together a "Slide show" style page. The images on the left, a few of which may look familiar from our image map demo of the other week, all make up a show which the user can step through gently and automatically, can step through by clicking forward at his own pace, or can "Cherry pick" from.

Just click on an image - or here - to start the demo

Always being one to re-use useful programs ... I have also published the source code in case you want to do the same sort of thing. You'll still need to find and crop all the good images (actually I had too many!) and write the text, but you can be saved the programming.



Source - Image Map demo and Full demonstration.

Posted by gje at 04:58 PM | Comments (0)

February 21, 2009

Why the Pony Tail?

Related topics: via article database Useful link: PHP training

I'm not sure if "why do you have a ponytail" is a question about a course or about a subject we teach ... actually it's rather personal... but it's a good question and I have chosen to answer in this case. Here are three possible answers for the beard - and - ponytail question. Which do you think it is?

a) I like it. I feel comfortable with it, and I have chosen it for that reason.

b) It's easily maintained. No need to be rushing to the barber's shop every few weeks, nor to be shaving on a daily basis ... and there's something exhilarating about trimming one's beard that you don't get from shaving.

c) It's a career choice. I used to train under contract for another company, and jobs were allocated by the "buggin's turn" (the selection of a trainer by rotation) principle unless one particular trainer was asked for. Now I got good reviews, and I wanted repeat bookings (= a more consistent income flow!), so I took on a distinctive look so that people could ask for me by name ... or by distinctive looks.



The answer is that all three reasons apply. If I didn't like it, if it wasn't easily(ish!) maintained or was unpleasant to maintain, I wouldn't have it. However it still, years later, provides that slightly different look that helps me to stand out in a crowd and, with my various roles, that's no bad thing at times. Take last night, but that's another story ...

Posted by gje at 07:40 AM | Comments (0)

February 20, 2009

Why Choose Well House Consultants for your course?

Related topics: via article database

The course must cover the right subject. From the right starting point. And at the right pace. It must be taught be someone who knows the subject, can present it in such a way that you can take in what you're being taught, and who can (and will) advise you on what is the best way for you to apply what you learn. The tutor must keep your interest and attention during the training. Price, location and dates will also be important.

But there are other aspect you'll take into consideration too - from how sure you can be (or not!) that the course will actually run if you've booked it, through the size of the group to be taught and the facilities at the training centre, to whether you'll be able to get back to the training company and ask questions after the course is over.

At Well House Consultants, we provide all the basics ... to a high quality ... and much more too. What do we provide? What differentiates our courses? Here are some of the features that our pages highlight ... and I'll fill you in with more detail below. For details of dates and individual courses, go here or click on the individual subject links.



Features of all our courses

• A purpose fitted training centre

• Book, and our course will run - guarantee

• Small groups (max 8 delegates)

• Courses presented by the author

• Overnight accommodation for delegates

• After course email support included

Our courses are different ...

• A warm welcome the night before

• Complimentary railway station pick up

• No minimum numbers; courses always run

• Run at our own training centre

• Stay with us - we are also a hotel

• Courses presented by the author

• Maximum of just 8 delegates per course

• Post-course support included

• The right subject

We teach programming in Perl, PHP, Python, Lua, Java, Ruby, Tcl, C and C++. We also teach Linux, MySQL and Apache httpd and Tomcat web server deployment. We may add other niche subjects from time to time (please ask), but we have our work cut out with all this lot and we do not offer courses in Microsoft Word, Excel, Vista, C#, .NET, food hygiene or management.

• The right starting point

Some of our delegates have programmed before, and others are new to programming. So we offer both "conversion" courses for those who are already familiar with computer programming, and slightly longer "learn to program" courses for those who need to start from first principles. We also offer a limited number of advanced courses on our public schedule, such as the PHP techniques Workshop and Perl for Larger Projects - however, advanced delegate's needs tend to be very varied, and more often that not we'll complete a trainee's program by adding on one or two private days.

• The right pace

We try to strike a balance. You'll want time to absorb and practise what you're being taught, but at the same time you won't want us to stretch the subject into more days that are necessary, costing you and your employer more days and expense. We're well positioned to strike the balance ... (1) - as we have different courses for newcomers to programming and those converting, we can more carefully group or trainees ... (2) - our group sizes are small, so the tutor has more time to spend with each individual, and the group does not get held back by a slow 'rump' ... (3) - you stay with us at our hotel, so you can get extra practise in the evening and early morning too if you wish.

• Tutor to know the subject

We make use ourselves of the subjects we teach. We write our own notes. It's the author who presents the course, every time. We travel the world ourselves to learn from the people who write the languages themselves - across Europe, to Asia, to North America. And we take care, when questions arise from delegates to which we don't have an immediate answer to research the question, to GET an answer - for the delegate who asked, and for other delegates who follow on too.

• Tutor's presentation skills

Only a few "techies" make good tutors. And the most technical of people doesn't necessarily make for the clearest of presentations. You'll find that we have an enthusiasm to teach the subject (and that is infectious!) and years of professional experience that mean that we will filter out and present the material that you need, in a way that you can easily assimilate.

• Keeping up the interest

Even the most fascinating of subjects can become a yawn if you don't have some variation in the presentation - and that's generally accepted as no more than an hour of the same type of activity without a break. You'll find that our courses mix and match a number of styles. You'll have whiteboard presentation, interactive demonstrations, question and answer sessions, case studies and practicals, and team work too ... as well as the more conventional projected presentations and lectures. And we ask you to bring your data and your needs along to the table so that we can include there and make the course even more relevant and interesting.

• Tutor's advice for YOU

You're encouraged to bring along your data, to discuss your applications and options - not only with the tutor but with the rest of the class too. Decisions such as whether to store images in a database or plain files, whether to use Perl or Python, and what naming convention to use for variables too need to be made, and will effect you for years to come. I won't say "we've seen it all before", but we have seen a lot of it and give you pointers that will help you to be well informed for decisions you need to make.

• Can I practise?

Yes. We have a laptop available for every delegate to use for the duration of the course (multiple laptops on courses that involve clustering / load balancing / network programming). That laptop is online so that you can browse whatever resources you need, and available to you throughout your time on site (as we're also a hotel and you may be staying, that means 24 hours a day!). The tutor is almost always available for an hour before the course starts each morning to assist with extra questions that arise, and often stays late. And a member of the technical team is usually on site until 10 p.m., with 'customer service' being his top priority. And then there's the library of some 700 technical books available to you.

• Price

We keep it simple - 350 pounds for the first day of a course, and 250 pounds for each subsequent day. A 100 pound discount off your second and subsequent delegates on the same course, but no inflated 'list price' to allow us to offer huge discounts to almost everyone. You'll find our bottom line will be slightly below the industry norm, but the product that you get will be streets ahead.

• Location

Our public courses run in Melksham, Wiltshire, England. And, yes, we know that means that 80% of delegates have to stay over. But our subjects are niche and that need to stay over would apply anywhere else (we have investigated!). So we make sure that we are in an accessible location - you can get to us by your own, or public, transport - and once you're with us we have everything under one roof; a quiet training centre and hotel with nothing to disturb your concentration and learning. If you have a group of delegates, we can come to you - see here.

• How do I get to the course?

We have plenty of parking (for 2 and 4 wheels!). We have a bus stop right outside. We have local railway stations, from which we can arrange a complimentary lift, and we can arrange for airport travel for you too. Arrive the evening before the course, settle in, get to know your surroundings, get a good night's sleep and you'll be ready to make the very best of your course. [[Melksham is about 100 miles to the west of London - allow about 100 minutes by train, 2 hours if driving. The Fosse Way takes you directly north to the Midlands, and from there you can take the motorway network to the North East or North West.]]

• Can I stay commute?

You are very welcome to travel to the course every day, though we'll advise you to stay with us if your journey would be over an hour each way. If you don't stay, you'll miss out on all the extra opportunities after we've completed formal training for the day, and you may find that your learning is blunted by the tiredness caused by unaccustomed driving - but you'll be best to judge this individually for yourself.

• Can I stay locally?

Yes - even if you're not commuting, we don't require you to stay with us - but do have a look at our Well House Manor before you decide. We've had delegates who have stayed with friends, with relatives, and with archaeological contacts, and we have even had a delegate on honeymoon. That's not something that I would recommend for everyone, as staying away from the centre and planning other activities can lead to a conflict of interests.

• Dates

Each of our courses is scheduled to run every 3 to 4 months (a few such as PHP Programming and Learning to program in Python a little more often.) Usually, our courses for those with prior programming experience run during the week (Monday through Friday), with the extra days added onto the beginning - the weekend - for those who want a "Leaning to Program in ..." course. That's because most of the newcomers to programming who come to us are keen to learn, and keen not to have to take too many days away from the office, and they appreciate the compromise. See here for a full diary for this year.

• Will the course run?

Yes. Once you have booked on your course, we guarantee that we'll run it - even if you are the only delegate. We are (frankly) ashamed of our industry's bad habit of accepting bookings then cancelling them is a certain threshold isn't reached. And we have been on the 'other side' too, having courses that we have been booked to attend cancelled at the last minutes, after flights and hotels were booked.

• Will the course be up to date?

I am going to be very careful how I answer this one. The course will reflect the current practise and versions of software in common use, will mention older versions which are still in common use, and will look forward to new and future releases which may not yet be common and/or stable and/or released. In other words, the course will be up to date with current practical usage, which means that we do NOT throw out an established software release as soon as a new version comes out. But if there are significant changes, we will have a copy of the new release.

• Course size

We limit our public courses to eight delegates. I have taught a higher number on a single public course in the past, and found that I have been unable to give each delegate the individual customer service that he / she may need - assistance and advise during practical sessions, answers to questions that arise during lectures, etc. Our training facilities can seat up to 20, and indeed we have equipment for up to 16 people on a private course, where all the delegates will have a similar background and questions and the larger class size is practical.

• The Training Room

Our training room is purpose-fitted to give you the very best course. Each delegate gets a generous workspace area, with a clear view of the whiteboards that cover three walls. A modern projection system which allows interactive demonstrations is complimented by a lighting system set up to ensure that every delegate gets the very best of experiences. Seating is modern and comfortable, and of course wired and wireless internet access is available at all desks.

• The Delegate's Workspace

Each delegate has at least a metre of desk space, a full set of training notes provided to accompany the course, use of a laptop (choice of Linux, Windows, OS X) for the duration on the course. We provide pens, paper, etc ... and delegates are welcome to bring teas, coffees, water and soft drinks into the training room.

• Training Centre Facilities

We're a hotel ... and you'll find almost everything you would expect at a 4 star hotel, and a lot more beside. All rooms are large and en-suite. Beds are King size in all rooms (we let doubles as singles routinely). All rooms have laptop safes, mini fridges, large flat screen TVs with over 50 channels available. We're not licensed, but you will find a bottle opener in your room, and you'll find knives, forks and a microwave available too. Access is available to the training room all day and all night for delegates. You may also take the laptop you're using up to your room, which has its own desk and internet (wired and wireless) access, and there's a library of 700 technical volumes, and a network printer, available too. For relaxation, we've got a selection of other books and DVDs available for you use, and even some old fashioned games if you want to play with your fellow delegates. You are welcome help yourself to freshly ground coffee and tea at any time, and to wander in our 3/4 acres of garden ...

• Asking questions later

And finally ... what if you have a question? You are welcome to ask during the course and if I can't answer right away (or if it would pull us off topic) I'll make a note and come back to it. And if you have a question after the course, you're very welcome to email it to me and I'll get back to you with at least some technical comment within 2 days (actually, my target is 1 day but I promise just two). Please don't be shy about asking such questions - they're our lifeblood and they help us know what we should be adding to our courses ... or to this web site ... to help other delegates.

If you want to ask me a question now you are welcome to do so. I look forward to hearing from you, and - perhaps - to welcoming you on a course.

Posted by gje at 10:57 AM | Comments (0)

February 19, 2009

Learning to program in PHP, Python, Java or Lua ...

Related topics: via article database

... or in Ruby, Tcl, C, C++ or Perl

Are you new to computer programming? Is it so long since you programmed that you feel very rusty and would like to start again from basics? If you've said "yes" to either of these questions our new "Learning to program in ...." series of courses may be exactly what you need!

The majority - but NOT all - of our programming course delegates already have some prior knowledge in another language, and the courses they attend can start quite fast as they cover common ground, before getting into unique specifics. However a sizeable and increasing minority have not programmed before, and so we're adding an optional extra day onto the start of most of our courses so that we can provide these customers with an appropriate product too.

I have already taught a number of "Learning to program" courses ... and in each case I start from first principles, showing delegates how programs are written from scratch, and how to work our what to do (the analysis) as well as how to do it (the programming). It's not done just off a set of notes - real programs are written for the newcomers in front of their very eyes, and they get a chance to do it and to get a couple of their own short examples under their belt before the main course.

Here are the "learning to program" courses ... listed alongside the shorter coursed for experienced programmers

Many of the delegates who have been asking me for "learning to" courses are retraining to take on a new role, or to take over someone else's tasks in the current economic climate, and they don't have very many weekdays to spare for the course. So I have scheduled many of the extra days on the weekend, immediately before the 'main' subject course starts on the Monday.

And these learners may not have a limitless budget either, so for bookings confirmed before the end of April [2009] on courses taken before the end of July, we'll give you the extra 'learning to" day at no tuition charge - you'll just be paying the extra £60.00 + VAT for your hotel room with us for an extra night. And as it's likely to be one-on-one tuition prior to a main course with a handful of delegates, that's a bargain you can't afford to miss!

Click on the individual course names in the table above for details ... call in (01225 708225) to book at these special rates. I look forward to teaching you to program ... I've been programming for many years and it is still f u n !

Posted by gje at 05:54 PM | Comments (0)

February 18, 2009

Small Web Server in Perl

Related topics: via article database Useful links: Python training

I would not encourage you to write your own web server in Perl, but I might suggest that you used the http protocol as a convenient intersystem communication protocol ... and that might result in you implementing part of http for the purpose ;-)

With that proviso in mind, I have just added source code for a miniature server to our web site ... run it on a system and that system will act as a web server, within limits ... and it will give you a springboard from which you can make use of the http protocol and the data uploaded through it.

Running example (visited from a browser on another system):

earth-wind-and-fire:~/Desktop grahamellis$ ./miniserver.pl 4434

/Users/grahamellis/public_html/tictim.html

_status = 200

jjj = iii jkjhhgj

_method = GET

/Users/grahamellis/public_html/favicon.ico

_status = 404

_method = GET

^C

earth-wind-and-fire:~/Desktop grahamellis$

If you're wanting to write code like this, have a look at our Using Perl on The Web course. And if you want to learn how to set up a more regular web server, consider our Apache httpd deployment course instead.

Posted by gje at 01:10 PM | Comments (0)

February 17, 2009

Finding variations on a surname

Related topics: via article database Useful link: Perl training

Here's a little demonstration of how you can use PHP to look for a 'similar word' - in this case, from a file of surnames. Have I done all the hard work? No - I crawled for some surnames to add to my demonstration file, and I used PHP's built in functions to do the hard work!

Run Demonstration or see program code. Try it with London, Ellis, Johnstone, Smith and Briscoe. Learn how to do it on a PHP Techniques Workshop

Posted by gje at 11:51 PM | Comments (0)

February 16, 2009

Does robots.txt actually work?

Related topics: via article database

If you put an entry into your robots.txt file to ask the various robots to disallow (cease crawling) certain files and directories, do they actually take note of your request ... considering that it's a purely voluntary standard ...

Three or four days back, I excluded some old map pages which were being heavily crawled and I've just visited my log files for the last fortnight:

-bash-3.2$ egrep -c 'net/+map' ac_200902*

ac_20090201:8779

ac_20090202:7884

ac_20090203:15697

ac_20090204:9284

ac_20090205:4944

ac_20090206:9640

ac_20090207:10299

ac_20090208:7015

ac_20090209:5534

ac_20090210:4188

ac_20090211:6808

ac_20090212:853

ac_20090213:1669

ac_20090214:74

ac_20090215:76

Yes! - it has worked. Accesses to these pages - which were predominantly crawlers - has dropped from some 8,000 to 10,000 per day down to less than a hundred - and I suspect that most of those are genuine hits!

You'll find more about robots.txt here

Posted by gje at 09:26 PM | Comments (0)

Please Trouble me

Related topics: via article database

"I don't like to trouble you" ... so say the British, and the British delegates who come on our courses. It's something of a nationalistic trait (goodness - I hope it isn't that I'm an Ogre, though I understand they have hearts too). But I want people to trouble me! . Why?

Because I want to know what questions people are asking. Because that tells me what I should Blog about, and what I should add to our courses. And Because they questions help me learn and I am always learning!

I've just added a new page to our web site, and images like the one that's on the left of this article will appear soon on our course descriptions and other pages, soliciting questions about the courses ... and technical questions too. We're a customer service company - and we enjoy, and thrive, on providing what you're looking for - answers, courses, and hotel rooms. If you're a regular reader of this blog - or if this is your first time - why not say "Hi"? - just click on the image, and I look forward to hearing from you.

Posted by gje at 01:03 PM | Comments (0)

February 15, 2009

Confidence, Customer Service and Tourism in Melksham

Related topics: via article database

I was very disappointed to miss the "business opportunities / where do we go from here" meeting in Melksham last week - organised by the Town Council and with support from many including the Chamber of Commerce. But Lisa (who is on The Chamber Committee) did go along, listened, let me know what happened ... and also copied my on her contribution, reproduced here with her permission as it says something of the opportunities and spirit of Melksham!

"""In a former life, I lived in Florida for 20 years. We paid no state sales tax, and our tax on purchases was only 4%. Then what supported the infrastructure and emergency services? It was tourism. It was the orange industry. Tourism. It was the beef industry. Oh, and it was tourism.

As a resident who had to put up with constant sunshine, the smell of coconut oil, families laughing and frolicking in the sand, I had to be reminded of everyone else's holiday while I was looking out my window at work ... I also had to endure traffic jams and not being able to get in to restaurants because of the queues.

But this only lasted from November to April. The rest of the time we had it to ourselves, and even though we complained about the invasion of snowbirds each winter, you can bet we polished our smiles every year in anticipation of the next tourist season. Because it brought jobs, low taxes, and a better lifestyle...12 months a year.

People soon discover after hearing me speak about 5 words that I am originally not from this country, a common segue into conversation is to talk about their own American experience, and many times it's to tell me how friendly they thought Americans are.

I'm not going to deny a friendliness, but I want to take you back to Florida and tell you that people in the service industry (which is what tourism is) know the value of customer service. It costs nothing, but it reaps huge rewards.

When I moved to Melksham almost 10 years ago, I was struck with how friendly a town it was. But as I shared this feeling I had with others, I discovered I wasn't alone in these thoughts. Melksham was not only a friendly place, it was notable as being a friendly place.

My husband and I like to take pictures, and sometimes when we're at home at the weekend, we might pop out and take a few pictures of places we'd not been before, but can't stray too far because of time.

We keep remarking about how many places there are that we've never been, all local to Melksham. Look at a map. We might not be THE tourist spot, but we're central to so many tourist places that Melksham should be a tourist home base.

But Melksham isn't solely in a good place for people to come at weekends either.

When we moved to Melksham, we also brought our computer training business. It's so specialist that we didn't choose Melksham for the customers, but rather for the location. It's also central to a number of our customers, coming from all different parts of the UK, some even farther.

If we opened in London, we would have disappeared, in competition with all the other training companies. And often we hear our customers say they chose us because we weren't in London, or were closer to them. And some London companies send their employees to us, to stay in the area for up to a week, so they can get away from office distractions.

Because they do stay overnight, we moved our training into a larger building and started offering accommodation. First to our students, and then to other local businesses because of demand for it, and then we discovered a tourism trade at the weekends too.

I look at the companies on Bowerhill. My husband and I are not alone in thinking that Melksham is a good place for a business. Knorr Bremse, Easyspace and Great Bear Distribution are only a handful of the more recent additions that have confidence Melksham is the right location for them too.

And having supplied hotel rooms to many of our students and to the businesses in Melksham and nearby, and to those touring the area, and those coming for weddings and visiting family at weekends, we know that Melksham also brings in people. And these people need a place to eat evening meals. They get their hair done. They buy flowers. Need dry cleaning. They stop for a pint.

We had a student last week go to the Refa for an evening meal and he got to talking with either Rob or Gias. He asked where a good place locally was to buy some sporting equipment. The next day the student remarked to my husband "Gosh, Melksham has everything you need!"

Sometimes we get complacent and take for granted what's in our community. And sometimes it takes some fresh eyes to get you to reopen your own eyes. Yes, Melksham does have everything we need. We're in a great location. And we're the friendliest community I've ever run across.

And the funny thing is that we have people quietly coming to Melksham, who have never been here before. They live among us for a few days to a week. Imagine if they went back home and talked about coming back with their partners and family to tour the area, and to stay in Melksham because it's so well located and because the people are so friendly.

And because Melksham has great customer service.

From what I have seen, Melksham has it naturally. If we as a community can get together and learn how to fine tune that, we'll not only get the business, but we'll keep it. Especially in the harder times. And it doesn't cost a thing."""

Posted by gje at 03:53 PM | Comments (0)

Wiltshire Rail Service Update

Related topics: via article database

Those of you who have seen my involvement in looking for an improved rail service across Wiltshire may feel I've been very low-key about it of late. Maybe - but there *have* been some things going on in the background. And you can expect to see more coming up in the future. Here's a starter - a page that I produced yesterday morning, updating people and looking for a three-hourly service as from next December. That should be just a starter ... we're looking at such rapid growth planned in this part of Wiltshire that an improvement will be needed within a couple of years, and we're looking at a new government paper that promised to write improvements made in the 2011 - 2014 timeframe into the next generation of franchises - here's to a truely approropriate TransWilts service for the next decade!

TransWilts Railway - Backbone of Wiltshire?

It could be, once again, in Twenty Ten!

In 2000, Wessex Trains, Wiltshire County Council and the Director of Passenger Rail Franchising reached an agreement that provided a TransWilts train service of five trains each way, each day. As a result, use grew rapidly.

In 2005, The First Group, the Strategic Rail Authority and Wiltshire County Council failed to agree on how to continue a reasonable service, and it was slashed back to just two round trips, starting at quarter past six in the morning, and quarter to seven at night.

For 2010, there is an opportunity for the Department for Transport, the new Wiltshire Unitary Authority, and First Great Western (or South West Trains) to put their heads together and provide an appropriate service to connect the five major urban centres in Wiltshire ... Swindon, Chippenham, Melksham, Trowbridge and Salisbury - and Westbury, Dilton Marsh and Warminster too. These are Trains that will halve some of the public transport journey times between these towns, will cut some car journeys, will relieve some parking and congestion, and will encourage visitors to the area.

A new county ... a new authority ... a new train operator. They have it in their power to provide a reliable, robust, rapid, really useful public transport link.

Since the service was cut in 2006, derelict factories have been replace by houses at Melksham Station. What a pity there's scarcely a train service! The "Save the Train" campaign, other groups and the authorities concerned, agree that an appropriate service is a train at least once every two hours. Rapid growth of the the towns along the route (50% population increase planned by 2026) may require still more frequent and longer trains. However, an interim service improvement of six carefully timed trains per day running from December 2009 will restore the rapid growth that was lost in 2006, then continue to grow at 10% to 35% per annum (current econmonic climate considered, too!)

Current Timetable at Melksham

Weekdays: north at 07:17 & 19:47, south at 06:40 & 19:11

Saturday: north at 09:18 & 15:19, south at 15:45 & 21:34

Sunday: north at 17:21 & 19:52, south at 18:57 (only)

TransWilts - the current proposals

The following service was evaluated for the current timetable (to run from December 2008):

• Swindon - Salisbury @ 06:18 - 09:02 - 12:02 - 15:02 - 17:55 - 18:45

• Salisbury - Swindon @ 06:12 - 07:40 - 10:31 - 13:31 - 16:24 - 18:41

• Serving Chippenham, Melksham, Trowbridge, Westbury, Dilton Marsh and Warminster

• A train WAS available • Train crews were available • There was a path available

Why didn't it happen? County Council will tell you they couldn't find 1p per Wiltshire household per week to help the service for the first years. Yet they spend millions on subsidising buses, many of which carry just one or two passengers. First will tell you it's more profitable to run the earmarked train shadowing a competitor on another line. The Department for Transport will tell you that they will match County funding.





Trowbridge to Swindon - 35 minutes by train or 95 minutes by bus. Which do YOU prefer?





The Save the Train Campaign asks First Great Western, the Department for Transport, and the new Wiltshire Unitary Authority to agree to provide an appropriate service from December 2009. For the good of the people of Wiltshire. For the prosperity and success of the county. And for their own good too.



The well thought out and resourced service proposed for this year would be a practical, excellent start!





Please watch out for - and support - our campaign this year. We are asking for something that is attainable and affordable. The infrastructure is already there. The subsidy requested for a few years is less that the cost of one average house in Wiltshire!



Chippenham to Salisbury - an hour by direct TransWilts train or two hours with a change by bus.



Prepared by:

Save The Train

Website: http://www.savethetrain.org.uk

Contact: Graham Ellis (graham@wellho.net)

Phone: 01225 708225

February, 2009

Posted by gje at 09:45 AM | Comments (0)

February 14, 2009

httpd, Tomcat and PHP course enhancements

Related topics: via article database

If you're in an area of the UK that's covered by 3G phone service, we can now have our training computers on line during private courses on your site without having to add our machines inside your firewall. You just provide 'the room and the students' and we do the rest.

We have always provided an "easy to set up" private training course service where you have nothing to provide but the trainees and a conference room, running our network independently, but this extra facility now allows us to use online resources during the courses. It will be a real *plus* for advanced, tailored courses on subjects such as Web Server Deployment (both Tomcat and Apache httpd) ... and also for use during practical sessions on PHP courses, allowing delegates to reference the online facilities of www.php.net directly just as they doubtless will after their course.

I'm really excited by this new development - it makes for even more effective training, with answers to *your* unusual questions raised during the course just a couple of clicks away, with the expertise of the tutor used in real time to filter out solutions from vast online resources.

A practical test of the new facility this week in Milton Keynes went off better that we would have dared to predict. Extra cost to you - NOTHING - it's that extra service that we're providing as part of the package to make our courses even more effective and attractive - we believe in Customer service!

We cannot guarantee coverage at your office, but you can check what the phone company says here. We CAN assure you of connectivity throughout the course if you come to our training centre ... a private course here in Melksham with us gets your team off site and concentrating on learning, complete with hotel accommodation and team building evenings. A great way to look after your staff!



Want to know more?

About courses at your offices

About private courses at our training centre / hotel

About public courses at our training centre / hotel

About our PHP courses

About our linux and httpd courses

About our Tomcat courses

Posted by gje at 05:24 AM | Comments (0)

Error: Cant read xxxxx: no such variable (in Tcl Tk)

Related topics: via article database Useful link: PHP training

If you set a Tcl (Tcl/Tk) variable within a proc, or within the callback command of a widget, that variable does not exist at run time until you have run the proc or callback procedure, or until you have initialised the variable in some other way.

Let's see a Tk example. I have created a window with two buttons. The one labelled "Press me first" creates a variable called pressed than contains the value hello. And the one labelled "Press me second" updates the label called .report with the value that's stored in the variable.



If you run the program , pressing the first button first, and the second button second, it works as illustrated at the top of this entry to the left and right.

But if you press the button labelled press me second without pressing the button labelled press me first, you get this:

Here is the complete code that I used to generate these examples:

button .demo1 -text "Press me first" -command {

global pressed

set pressed hello

}

button .demo2 -text "Press me second" -command {

global pressed

.report configure -text $pressed

}

button .quit -text exit -command exit

label .report -text "---"

pack .demo1 .demo2 .report .quit

What should you do if you are getting a message such as "Error: Can't read 'pressed': no such variable"?

• check your logic

• if necessary, initialise the variable outside your callbacks

• check that you have used global if necessary (in order to share a variable from within a proc with the same variable of the same name in the main code)

• send me an email to say you found this article useful!

We run regular public Tcl and expect courses and Tcl/Tk and wish courses. For a full schedule of all of our public courses, see here

This short article was written in response to an emailed question. I answered:

It looks like you are trying to use the contents of a variable before you set it - remember that variables in Tcl are only created when you actually run the code that sets them, so a definition within a proc will only cause the variable to be created when the proc is actually run.

Your question is a very good one, and you have provided inspiration for a full example on my blog - see:



http://www.wellho.net/mouth/2040_Error-Cant-read-xxxxx-no-such-variable-in-Tcl-Tk-.html

Graham

Posted by gje at 04:06 AM | Comments (0)

February 13, 2009

The Invoker

Related topics: via article database Useful link: Tcl training

Who, what or where is the Invoker? There are web sites that have a lot of pages on them, none of which is served up all that often, and there are other web sites which only host a few web applications,each of which is run in a container service such as Catalina within Tomcat. In the first case, the web site developer / maintainer wants to simply add extra pages to the appropriate directory and have them appear at their own URLs, but in the latter case (s)he will usually want to specifically point individual URLs at individual applications. And on Tomcat, this is done though the web.xml file.

But just occasionally under Tomcat, there's a requirement to be able to copy a Class that contains a servlet on the web server, and have it available straight away - no mucking about with web.xml. For example, I'm training systems administrators who will be looking after a system used by Java classes (University ones, not ours!) this week, and their students need to be able to upload a class that contains a servlet, and with minimal fuss and editing, test it on the server. This is where the Invoker comes in.

To enable the invoker ... in the administrator's main web application configuration file (also called web.xml, but in the conf directory), remove the comments that disable the Invoker in the sample file supplied with the Tomcat distribution. That extra code comes in two sections - one to define what the invoker IS and and other to define how it MAPS - and you need them both. Then kick [restart] your Tomcat.

To use the invoker for a new Servlet ... place the class file in the WEB-INF/classes subdirectory of your web application, and visit it via a URL of the form:

http://www.sitename.org.uk/webappname/servlet/Whichone

where webappname is the name of your web application (directory name in the webapps folder) and Whichone is the class name - i.e. the file is called Whichone.class. The word "servlet" is 'hard coded' in the web.xml file - you can change it server-wide if you wish!



We go through all of this (and much, much more!) on our Deploying Apache httpd / Tomcat course. Illustration - a waiter at Gun Wharf in Portsmouth

Posted by gje at 08:47 AM | Comments (0)

February 12, 2009

Sticky Sessions with mod_jk (httpd to Tomcat)

Related topics: via article database

If you're load balancing with mod_jk, you can put a load balancer worker in your jk properties file, and then have requests forwarded to all the workers that are members of that load balancer. That's a great way to share the load.

But if you're running applications that rely on a series of linked pages (sessions) the you really don't want your client's requests to be forwarded at random - you want to pass them back to the same worker they were talking to last time. In real life, this is like saying that if you go into a shop, you can pay at any till, but if you make a series of telephone calls to sort out a complicated utility bill you really want to get through to the same clerk to serve you each time.

You can set up this "sent back to the same person" scenario if your application is written using Java's session classes; in the workers configuration file add a line to specify the domain for each host, and a line to set sticky sessions on in the balance worker:

worker.list=catkin



worker.oak.port=8189

worker.oak.host=192.168.200.215

worker.oak.lbfactor=5

worker.oak.domain=easterton



worker.elm.port=8189

worker.elm.host=192.168.200.219

worker.elm.lbfactor=10

worker.elm.domain=holt



worker.catkin.type=lb

worker.catkin.balanced_workers=oak,elm

worker.catkin.sticky_session=1

In your Tomcat configuration file on EVERY server, set the jvmRoute of the engine to be the same as the domain name stated in the worker entry - for example:

<Engine name="Catalina" defaultHost="localhost" jvmRoute="oak">

Remember that is you stop and start your various servers during testing, that will NOT have reset / cleared the cookies held at the browsers you are testing from and you may see some odd effects - what you are doing is like changing a program, but saving the variables. It's a good idea to stop everything, clear out all relevant cookies and caches, and restart as a final test before releasing the system to users.

If you are using mod_jk and have turned sticky sessions on, but your sessions are failing to stick, you have probably failed to set the domain, or you have failed to set the jvmRoute, or you are using a non-standard cookie name to implement the stickyness!

With Apache 2.2, mod_proxy_balancer has replaced many uses of mod_jk; similar setup principles apply - there are more mod_proxy resources here and here.

We cover the connection of Apache httpd to Apache Tomcat on our public Deploying Apache httpd and Tomcat course, and we also cover them as appropriate on private courses; the examples above come from this afternoon's examples on a private course.

Footnote - although the build documentation for mod_jk talks about Apache 1.3 and Apache 2.0, the (2.0) scheme works perfectly well for you to build for 2.2. However, once you have built a mod_jk library, that built file will ONLY work reliably with the version / subversion you built it for. It's no good getting someone else's 2.0.43 and expecting it to work on 2.0.44!

Posted by gje at 05:16 PM | Comments (0)

The Interview and The Lift

Related topics: via article database

The Interview was for a pressure position - European Software Support Specialist for an American product - working for the American manufacturer and based at their single European office in Basingstoke, from where they co-ordinate their distribution and dealership network through Europe. It went well enough; my technical background wasn't completely unknown to the team already working there, and they had a product range in which I could have faith, and thus enthusiasm. But could I stand the pressure?

Leaving the interview on the top floor, the MD shook my hand and I stepped into the lift. The doors closed. And the lift moved about 3 inches down, and juddered to a halt. Buttons pressed, and nothing; something had failed. That big button with the red bell that's in most lifts - the one that should be labelled - "OY - I AM STUCK IN HERE" pressed, and bells rang around.

Picture, if you can, the doors prised open by a few inches, and my interviewer offering to feed me sandwiches through the crack. A very strange way to conclude an interview (and I was assured wholly unintentional), but I think it must have answered that pressure question as I was offered - and accepted - the job, rising quite quickly to becoming the European Technical Support Manager with an "if it's Monday it must be Brussels" type job. And a lot of other good stories.

I'll have to tell, some time, of pulling circuit boards out of a system to reseat the chips at 3 a.m. on an exhibition stand in Munich. Of a rapid drive across Paris to catch a plane after a tense meeting, with the taxi driver on his mobile phone telling his wife he couldn't argue with her as he had been instructed to listen to his English passengers are report back to our distributor (he really should have spoke French to one of us to see if we knew). Of a training course given in a 3D graphics programming library in the remote Swedish town of Arborga, where my married male colleague had to resist the advances of a local pretty boy who took a fancy to him at the monthly disco at the only hotel in town where we were staying.

Posted by gje at 01:20 AM | Comments (0)

February 11, 2009

Java Tag Libraries / how they work / Tomcat Deployment

Related topics: via article database

A Java (JSP) tag library is a set of additional XML tags that you can include in your Java Server Page in order to create objects and set and get the attributes of those objects. Let's see an example.

I can write the following into my HTML:

<jsp:useBean id="bigmac" class="shape.Cube"/>

<jsp:setProperty name="bigmac" property="wid" value="150"/>

<jsp:setProperty name="bigmac" property="hig" value="140"/>

<jsp:setProperty name="bigmac" property="dep" value="100"/>

The Big Mac box has a volume of

<b><jsp:getProperty name="bigmac" property="vol"/> and

And that will result in an output like:

The Big Mac box has a volume of 2100 cc and

How does it work?

The extra tags in the library generate Java Byte Code (code for the Java Virtual Machine) even though there is no actual Java source code present ... but there is enough information to describe what the code needs to do - you can consider it to be another language if you like! Here's what the alternative source code would look like:

<% shape.Cube bigmac = new shape.Cube();

bigmac.setWid("150");

bigmac.setHig("140");

bigmac.setDep("100");

out.print(bigmac.getVol); %gt;

The whole of the JSP is read by the Tomcat (or other) JSP engine, and all the stuff that's NOT in the Java tags is put into a great big out.print() and the whole thing is compiled up into a Servlet, which Tomcat then runs.

Where does the calculation logic come from

The constructor for the shape.Cube object, and the accessor methods, conform to a standard called a Java Bean. This specifies that there must be a zero parameter constructor, and that there must be methods to save attributes / properties with names starting with set, and to read back properties with names starting with get. The business logic is within that class, or classes which it in turn calls.

The extra class file is stored within your web application, in teh directory WEB-INF/classes ... and in there in a subdirectory named to match the package name.

The extra class / business logic is loaded when the JSP is loaded.

Here's the start of the source code of the Java Bean to give you an idea of what it looks like:

package shape;



public class Cube {

float x;

float y;

float z;



public Cube () {

x = 0.0f;

y = 0.0f;

z = 0.0f;

}



public void setWid(String val) {

x = Float.parseFloat(val);

}

Full source code of the JSP - [here]

Full source code of the Java Bean - [here]

Some Notes

Although the JSP page is rechecked by Tomcat every few seconds, the classes that it calls up are not - they're cached and assumed to be unchanging. So that means you'll need to stop and restart the application if you change the classes, but not if you change the JSP itself.

Note that the attribute names start with a lower case letter, but the method names are camel case with a capital for the attribute name. For example a property called dep will call up methods setDep and getDep.

You can learn about deploying applications that include pages that use tag libraries like this (N.B. - also other tage libraries such as Struts and Spring) on our Deploying Apache / Tomcat course. And we can teach you how to write pages like this on private Java courses - please email for a few more details, telling me a little of your background.

Posted by gje at 06:46 PM | Comments (0)

1234567890 ... coming up on Friday 13th

Related topics: via article database Useful link: Java training

The Unix time 1234567890 (seconds from 1.1.70) comes up this Friday

[trainee@easterton feb09]$ perl px

Fri Feb 13 23:31:30 2009

[trainee@easterton feb09]$ cat px

$when = gmtime(1234567890);

print $when,"

";

[trainee@easterton feb09]$

Anyone staying up to celebrate?

Posted by gje at 02:00 PM | Comments (0)

February 10, 2009

Through Snow and Flood to Linux and Tomcat

Related topics: via article database

I arrived in Milton Keynes on Sunday night ... to find at 9 p.m. a hotel where they had closed the restaurant early for lack of customers, and after an appalling drive the advertised meal was not to be had. The final 3 staff took pity on me - one of few customers around, and the only one not in his room - and did me up a bowl of pea and ham soup, and I stood around chatting with them, and with a pint of Guinness as they finished the tidy up. In hindsight, I had only just made it over from Bicester and Buckingham, watching where other cars were spinning and taking care where I could; a 20 mile an hour creep extended a ride that would normally take around 25 minutes to between 2 and 3 times that, and I had been glad to see the lights of Milton Keynes. The conditions were so dire I hadn't even thought of taking pictures to show you!

My course is going well - I'm doing a combined deploying LAMP and Tomcat private course about 4 miles from where I am staying, but even that journey is interesting. See at the top of this item ... this morning's picture of the car (I have Lisa's this week - pretty, but impractical in the snow), and the floods which Lisa is probably happy that I declined to take it through - that picture taken just a hundred yards from where I am training.

Posted by gje at 09:15 PM | Comments (0)

Huawei D100 Wireless Router - Mobile Internet

Related topics: via article database Useful link: Linux training

I am writing up my experiences as I found it very hard to get this information when I asked ;-) - but "management summary" - this will be a very positive product review.

What is the Huawei D100 Wireless Router?

It connect the 3 mobile phone broadband wireless network (which according to the 3 blurb covers almost all of the population) into your own local area Wifi network. Basically, two sets of wireless in one box - one to connect to "3" and the other to connect your own local devices. It also has an RJ45 ethernet connector so you can plug in a wired ethernet device.

How does the Huawei D100 Router work?

The Router has a USB slot in it into which you plug your 3 Dongle, and that provides a wide area network connection in very much the same way that the router we use to provide our regular broadband connection at home - except that the output is to mobile broadband rather that to cable (main home connection) or ISDN (our backup connection via another device).

The router provides a regular local area wifi connection (protected with a WEP key) and includes a DHCP server through which it can issue IP addresses. Initial configuration is to provide 101 IP addresses (192.168.1.100 to 192.168.1.200). It has its own IP address (default 192.168.1.1) and a browser interface there through which it can be configured. It forwards DNS requests too so that you can point your DNS at 192.168.1.1 and it will 'play' for you.

If you have a wired device you want to connect, you can plug this into the RJ45 port and use it via there. I have connected a hub, and been able to connect multiple devices. Devices which are manually configured with IP addresses on the same network (but not part of the DHCP range) ARE able to reach the wide area connection.

Some myths exploded

Some documentation talks about the router having a built in battery, but that is incorrect - it required power, and comes with a conventional external plug and adaptor. I suspect someone was overoptimistic in the product spec.

The device can be used (I'm doing it as I write this article) to connect a box running Linux; it is not limited to Vista, XP, 2000 and the most recent 2 versions of OSX. But beware - the rule is different for a dongle on its own (no D100 router) and it is just possible that something has to be initialised in the dongle that does require one of the specified operating systems at that point (I did my initial setup direct to a suitable laptop).

Words of caution

I understand that only certain specific models of dongle, which are some (but not all) of the ones that work on the 3 network, will operate correctly with the D100.

I have yet to establish whether or not the ethernet cable needs to be crossed - I can't at this stage provide easy advice as the hub I have connected is autosensing/

I have purchased a 5 Gb per month package which should do well for my needs, but I am very much aware that there is an excess charge beyond that which I believe to be quite steep, and I cannot at this stage give an easy comment on my usage.

Good Stuff

Well ... here you go:

With a hub, here is the setup I had running yesterday evening in my hotel. There's a Mac OS X machine and a Linux system both connected at the same time; I'm running wired - primarily for testing - and both machines are online. I have switched the router's IP address to the same one we normally use back at base, and it's serving IP addresses in its class C address range. I also have my Linux eee PC baby connecting in wireless ...

a) The Router will let me get connect in my complete wired training network should I wish to do so and this gives me the option of providing delegates with a complete internet access at our machines in their own offices without the need for me to connect my kit behind their firewall. Clearly, this facility has to be offered only on UK courses, and we must add "subject to availability of mobile broadband in the training room" - should be OK for the vast majority of sites; problems only at a few geographic locations, and where the building is in effect a Faraday cage - we get those occasionally!

b) The Router can provide a mobile backup internet service at both our HQ and Well House Manor, meaning that on any occasions that the cable connection is down (quite rare), we have an alternative service ... and we'll be able to retire the ISDN router / 'modem' that we currently have for the purpose

c) The router also provides an interconnection between the various wireless and wired devices connected to it ... so it's working (as I probably could have guessed) as a home hub too, rather than as a hotel or public access facility where the users are kept separate.



Other Solutions / links / details

3's own technical page and a review from someone who read the "it has a battery" publicity. An alternative product - the Dovado UMR which is not tied to 3 and is available from Infoferenda.



Posted by gje at 05:11 AM | Comments (0)

February 09, 2009

Mobile Internet - an alternative to hotel WiFi

Related topics: via article database

I'm no longer playing "Hunt the Wifi" network, nor "Guess how long you want to connect" or "Which signal will last" when I'm away within the UK ... having spent 200 pounds on access through various systems from various UK hotels last year alone, I took the plunge and got myself a 3G Dongle giving me internet access from more or less any UK hotel I'm likely to be in (fingers crossed on that!) for fifteen quid a month for up to 5 Bytes of traffic which should cover me for most month of around 5 to 10 days away.

First test - it works at home. Second test - it works at Well House Manor. Third test - it works at the Milton Keynes hotel.

First pleasant surprise - it's quite quick compared to what I had expected. Second pleasant surprise - I can now get online from wherever I'm training - Faraday Cages and company rules excepted. Third pleasant surprise - the router box that I bought with it, sight unseen, does some rather interesting things and gives some new possibilities. On line information about the Huawei D100 Wireless Router sucks, and talking via interactive chat on the 3 web site with their evening assistant revealed that either the limited online data was wrong, or that she didn't know and was making odd technical guesses - I'm glad I came to the conclusion that the latter was the case, gambled and bought one ... and indeed I'll share what I have learned to help other out ... link on to main story (or scroll up if you're on the blog as it will be the next article!)

Posted by gje at 11:08 PM | Comments (0)

February 08, 2009

Choosing from an image with an image map

Related topics: via article database

We'll be replacing the images of the Hudson River that have been on some of the pages of our web site for a while with a new series of Well House Consultants / Well House Manor pictures in the near future. Here's a postage stamp preview of my draft collection and it illustrates our wide range of activities!





Click on any image and you'll see a full size copy in a new window, and the image title too.

I've used 'image map' technology, where there's a link from the image to a script on the server which selects the following action based on the pixel position. You can see the source code here and you can learn all about it on our PHP techniques workshop.

Posted by gje at 09:24 AM | Comments (0)

February 07, 2009

The final step to being British

Related topics: via article database

It's over ten years since Lisa moved to the UK, and she's been British for over half of that time ... but there have been just a few experiences which have taken a while to happen. Last night, I took her to her first panto and she had the experience of the leading boy, the pantomime dame, "He's behind you", the audience interaction, the children up on the stage, the topical and local cracks, the naughty jokes aimed over the heads of the kiddies, and the village hall that starts off cold and draughty and lacking in atmosphere, yet becomes abuzz during the show with real atmosphere.

I also had the opportunity to introduce her to some characters from my childhood - and other later characters - who hadn't quite made in to the USA when she lived there. Now let's see how they all ended up ...

Andy Pandy and Goldilocks discover that - oops - they have an unexpected romantic attachment that's going to break the pairings that we have all been lead to expect.



Looby Lou has always had a thing for Bob the Builder, and the two of them end up together



Chip the woodcutter's son, who was all cut out to be paired off with Goldilocks, has been swept off his feet by Peaches (one of the St Trinian's girls) who has taken him under her wing as he searches for Goldilocks. It was after they bunked for the night in the same tent, with the magic corks, when everyone dreamed of their true love.



Baby Bear Fozzy Bear - who turned out to be one of the unexpected anchors of the show who really made the evening - has found his Cuddles who appeared (out of the chorus line!) during his dream that night in the woods!



There must have been a cast of forty!

SuperTed, Spotty Man, Skeleton, Bulk and Texas Pete ... and let's not forget PC Plod, Bill and Ben the Flowerpot Men, Little Weed, the narrator, Scoop ... and a guest appearance from the Mayor of Melksham playing himself!

Final shows - a matinee this afternoon, and an evening performance at 7:30. See here. And you can find Melksham Comedy Club's home page here for other productions through the year ... or for details of next year's panto in due course.

Posted by gje at 06:55 AM | Comments (0)

Also for the eyes of the cat

Related topics: via article database

Here's just about the shortest lag you'll see from me between taking a picture and having it up on line - five minutes. Sitting up in bed (as I sometimes do), pre dawn, the cat has joined us and is interested in what I'll be saying. She's still here and reading, so I need to be careful what I write ...



Posted by gje at 05:59 AM | Comments (0)

February 06, 2009

Things people say on the phone

Related topics: via article database

I phoned up the local county council to report this depression in the road Well House Manor, and the young lady I spoke to told me she would send someone round in the next couple of weeks to "look into it". I am just imagining this group of engineers standing around, all looking down the hole..

Last night, I spoke with another lady on the phone about something completely different, and she put me on hold using the words "bare with me" ... Hmmm ... sound fun, but I don't know the lady in question well enough to do something like that.

Have you ever been on the phone with someone, and had them come up with the phrase "well - to be honest with you? Does it mean that everything they said previously has been lies?



Posted by gje at 04:37 PM | Comments (0)

February 05, 2009

Who sticks by you in the snow?

Related topics: via article database

There are those businesses who will go out of their way to continue to provide a the best service they can in the inclement weather, and there are those who will abandon even their regular customers in the snow - "fair weather friends". It's been interesting to learn who falls into which group this morning!

One of our team lives in Chippenham, and has a car which sometimes plays up. But - no big deal - there's a train from Chippenham to Melksham at 06:30 which will 'do very nicely', thank you. Except that, this morning with 3 inches of snow, they decided to abandon their services via Melksham completely. And no suggestion of alternatives on their web site. So I drove in and took over the early shift.



Newspapers hadn't arrived at the local garage when I popped in on my way in to the hotel this morning (see - the roads are open for me!) ... but they went that extra mile and phoned me when they had arrived - "I thought it would still be in time for your guests" they said and we truly appreciate their thoughtfulness.



I called our regular Baguette supplier to order a delivery of lunches for today - being the last day of the course, we want to keep the lunch break down. But, alas, they have abandoned their customer base when they're most needed and aren't doing deliveries today, even though the roads were perfectly passable by lunch time



It would be easy enough for me to jump in the car and collect, but I popped round to the Spa Road garage instead, even though I had hoped to serve something slightly more upmarket that Spar wraps.

Posted by gje at 07:18 PM | Comments (0)

Melksham Climate Friendly Group

Related topics: via article database

It's somewhat ironic that I left last night's meeting of Melksham Climate Friendly Group in a bit of a blizzard. Many familiar faces, a great deal of knowledge, and a group each of whom is taking a real interest in some aspect of the subject in their own way, with a strong and effective chair pulling together in joint efforts and coordinating with neighbouring areas and other organisations. A packed 2 hour agenda - a lot discussed from Energy monitors that the TIC will be loaning out to households, through the gardening association, renewable energy, the economies and carbon footprint of recycling, bees, what to do with leftover food, 20 future technologies, and a "vision for 2020" competition that's to be run to raise awareness. Not to forget the idea of turning the wasteland beside the "West End" into a sensory garden, their stall on 14th February and their coffee morning on 28th.

There are strong views in Melksham (as elsewhere!) on the plastic bag issue, and it was interesting to hear comments and view on this and on other matters. The safety of the new low power electric lights that we're being forced to use. Two concerns - the mercury level therein, which is said to be very low, and some medical issues that some people are said to have with them. I was well impressed by the group's background research (and following up of contacts) to check out the medical story.

I think they see me as "Mr Transport" ;-) . A good chance given to me (Thank you, madam chairman) to update them on the subject and some useful thoughts in terms of publicity, some of which I'm sure you'll see much more of - especially if you live on the TransWilts corridor - over coming weeks and months. The 'train campaign' has been a little out of the public eye for the last few months, but things have been happening behind the scenes and we're pressing for an appropriate service from this coming December. Only last week there was a meeting between the County Council and First Great Western (I am now told by FGW, so I can share!), and only yesterday I was in correspondence with some of their senior managers with a view to smoothing the way.

The group makes an impression with the local press - a relatively active web site (though scope for more traffic - haven't we all?), and certainly some folks to be working *with* towards mutual goals; I brought up the potential growth of this area in the next 15 years under the regional spatial strategy and indeed there is a need to look forward for all across the community - not only in terms of transport but also in association with business, in association with the schools (oops - THAT subject was left of my list of what was on their agenda!), and with many other local groups. Here's to a flourishing Melksham, taking a sensible level of measures to doing our bit to being planet friendly.

The Melksham Climate Friendly Group meets at the Spencer Sports and Social Club on the Beanacre Road out of Melksham at 8 p.m. on the first Wednesday of each month. And I am sure, dear reader, that you would be given as friendly a welcome as I was if you go along.

Posted by gje at 07:50 AM | Comments (0)

February 04, 2009

Injection Attack if register_globals in on - PHP

Related topics: via article database

You may have heard me talk about "injection attacks" and that having register_globals set to on in PHP makes you liable to be caught by them. Well - that's a little bit dramatic as you can write perfectly safe PHP scripts with the setting on if you're careful. Here's an example of a script which is not secured ...

<?php

$fields = array("name","town","nkids");

$connection = mysql_connect("127.0.0.1","trainee","abc123");

mysql_select_db("graham",$connection);

$rs = mysql_query("select * from people");

$table .= "<table>";

while ($row = mysql_fetch_assoc($rs)) {

$table .= "<tr>";

foreach ($fields as $column) {

$table .= "<td>".$row[$column]."</td>";

}

$table .= "</tr>";

}

$table .= "</table>";

/* ------------------------------------------- */ ?>

<html>

<head><title>Class of '08</title></head>

<body>

<h1>Here they are</h1>

<?= $table ?>

<br>

All together doing MySQL!

</body>

</html>

Now the output SHOULD look like this:

But I can make it look like this ... VERY easily!

Did you spot the extra line of text?. What has happened?

I have used the $table variable to build up my table, using the "dot equals" operator. Fine - except that I have used it the very first time that the variable is references which means that in inherits any form values that are input via a box called table on the form that calls up the script. So all I have to do is to write such a form and I can add whatever I like at that point .. which could just be text ... or it might be Javascript I want echoed out, font changes, code to call up an image ....

The solution is to change the first "dot equals" into just "equals". That's the good programming solution. But turning register_globals off also solves the problem, as the variable would not then be populated from the form. The best solution? do both!.

Posted by gje at 06:04 PM | Comments (0)

February 03, 2009

Carry on Training - in spite of the weather

Related topics: via article database Useful link: PHP training

Public Transport Chaos yesterday - the newspaper headlines tell us of the London bus system shut down, and our own status report page on First Great Western's train services show that they too had major issues (but congratulations to them for managing to run even a reduced service).

But our training courses are carrying right on without any interruption - that's the advantage of having residential facilities! In fact - at times like this thank goodness for our rooms. We can just sit back and enjoy the beauty of the snow; here are some pictures from this morning.



Our hotel and training center - Well House Manor, at 48, Spa Road, Melksham, Wiltshire.



Our HQ is a part of one of the Melksham Spa buildings - we're at 404, The Spa, Melksham, Wiltshire.



Link - public courses at o