Category Archives: SDLC

Software Development LifeCycle

BrickLink API PushNotificationMethod Get Notifications callback semantics

The documentation for the BrickLink API PushNotificationMethod suggests that the data sent to the URL you registered on the BrickLink API Consumer Registration Page is sent to this URL (via a POST verb, by the way) and as such you don’t need to call Get Notifications. Given the body of the POST is empty, this is not right – what you instead need to do is use any POST to your registered URL as a prompt to call Get-Notifications. It’s probably best to periodically call it too, given “it does not guarantee delivery of all events” and doesn’t either based on my experience.

A notification to be created when:

  • Order
    • You received a new order.
    • Buyer updates an order status.
    • Items of an order are updated (added or deleted).
  • Message
    • You received a new message.
  • Feedback
    • You received a new feedback or reply

Also note: NULL fields are not included in the returned JSON. Some fields names don’t match the documentation (eg: drive_thru_sent instead of the documented sent_drive_thru).

uBank: Sorry, Internet Banking is temporarily unavailable.

uBank is an Australian “Internet bank”, in such that they don’t have any branches. That’s fine, they can do everything except deal with cash. They’re owned by the NAB.

They have an app, which gets an absolute bollocking in the App Store. So people use the website instead. I need to do things with that account about once a month.

Close enough to half the time I try to login, I get the error message “Sorry, Internet Banking is temporarily unavailable.” with a page title of “Login Maintenance”. There’s no other kind of banking with these guys. The last time this happened was just before 4pm, which I believe is the close of transactions for that day. Why the hell would you do site changes in the middle of the day, and why just before the close of business? The NAB is a real bank, and I presume it doesn’t pull this kind of crap. They don’t even give a window (“Out until 14:30” or “Down for five minutes”). No post on their FaceBook website saying “there’s a planned downtime this afternoon” or “Sorry for the emergency outage, but rats were chewing on the coolant lines and that just isn’t okay. We humanely hit them with sticks until they stopped.”.

This is a very bad railroad.

Installing a secure Apache webserver to run Perl

So, you want to run Perl on the web, because it’s the 90s all over again. You want HTTPS, because… no, there’s no because.  You want HTTPS.  Who wouldn’t?  Here’s what you do on a Debian Linux such as Ubuntu:
sudo apt-get install apache2 libapache2-mod-perl2
mod-perl is an Apache module that allows Perl programs to be executed from Apache.

Our goal is to get /var/www/html/index.pl running at http://www.example.com/index.pl:

#!/usr/bin/perl
print "Hello World"

Disable the default Apache virtual host:

sudo a2dissite 000-default.conf

Create an example.com.conf file in /etc/apache2/sites-available with your text editor, replacing instances of example.com with your own domain name in both the configuration file and in the file name /etc/apache2/sites-available/example.com.conf

<VirtualHost *:80>
     ServerName example.com
     ServerAlias www.example.com
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory /var/www/>
              Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
              AllowOverride None
              AddHandler cgi-script .pl
              Require all granted
     </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerName example.com
     ServerAlias www.example.com
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory /var/www/>
              Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
              AllowOverride None
              AddHandler cgi-script .pl
              Require all granted
     </Directory>
</VirtualHost>
</IfModule>

If you have multiple sites, you’ll want to do things with DocumentRoot to isolate them from each other. But that’s for another post.

You might add in DirectoryIndex /index.pl to make http://www.example.com/ execute your program.

The Directory section above allows you to isolate executable code from served code, which is good practice. For this example we’re dumping the executable in with everything else, which is questionable.

Repeat this process for any other domains you host.

sudo a2ensite example.com.conf
sudo ln -r -s /etc/apache2/sites-available/example.com.conf /etc/apache2/sites-enabled/example.com.conf
sudo service apache2 restart

Punch holes in your firewall for ports 80 and 443.  Navigate to http://www.example.com/index.pl to check all is okay. You ought to see Hello World displayed for your website.

Having security used to be a pain.  SSL certificates signed by a recognised CA cost money, and then you’d have to keep them up to date, and there wasn’t process automation, so you’d do all that stuff by hand.  LetsEncrypt address all these problems, handing out free certificates and scripted everything.

Now it’s time for the S part of HTTPS:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo certbot --apache

certbot renew
If that works, we’ll automatically renew our 90-day certificates every month:
echo '@monthly root /usr/bin/certbot renew >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc/crontab

Done.  You’ll never have to worry about certificates again. Now alter your Apache sites-available file (look in /etc/apache2/sites-available/) to include the (optional) redirect HTTP to HTTPS and the mandatory location of the SSL certificates:

<VirtualHost *:80>
....
# Only allow HTTPS
RewriteEngine on
RewriteCond %{SERVER_NAME} = example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
...
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Now make the secure version live, and in the process the insecure one… shy? When a request is made for a http page, like http://example.com/index.html, the response will be “Here’s https://example.com/index.html where what you asked for has moved to… forever!”:
sudo service apache2 restart
Now requesting http://www.example.com/index.pl ought to deliver you to https://www.example.com/index.pl

Pointless choices

This seems to be common on store finder applications on the web: After entering the postcode, you’re asked to enter the suburb as well.

coles

It makes zero difference what you choose, because the suburbs aren’t huge. The Store Locator shows you stores within at least 5 kilometres, but the suburbs are much smaller than that.

In fact it’s worse in the case of the Coles Catalogue, because it ends up giving you a catalogue which is clearly marked “Vic Metro” – which applies to the entirety of scores of postcodes.

Is there anywhere in the country that has suburbs big enough that it would matter? I haven’t found any.

Making people make this choice is pointless. It’s just another barrier to them getting to your information.

Banshee: please, pick a version

Banshee is a cross-platform audio player built using Mono.

If you go to the official website and install Banshee for Windows, you’re offered version 2.4.0 with warnings about it being alpha and all (as of April 16, 2013 the latest version is 2.6.1). Once you’ve downloaded it, when you then run it up, you get the following dialog:
install-then-upgrade

Infuriating.  Why wasn’t I offered that one by the website? Naturally, one selects “Hell yes, give me the current (actually, still behind the main branch, but more current than what I’ve got) release!”, which is then followed by
download-failed

and no freaking explanation of what went wrong. How am I meant to fix this? Given that the project is built for a VM, why am I offered one version, then offered the chance to update to a different version, and both of these versions are behind the current release?

Gagh!

Thunderbird does error message wrong

Thunderbird discovered that yahoo have changed their mail server’s POP3 behaviour, meaning you can’t leave mail on their server and download it locally. So it pops up the following message box:
POP3 has failed
This message box is app-modal. You can’t just fix the problem, you’ve got to take notes (a screenshot suffices) and then fix the problem. A bunch of faffing around, when it could have just said “Do you want your Server Settings automatically changed so that your mail can be fetched? Yes/No”. Or you could have this pile of technical information in a non-modal dialog box, and bring up the settings dialog for the user to solve the problem. Or just have this pile of technical information in a non-modal dialog box, so a screenshot isn’t necessary.

Or you could just make people angry, that works too.

Netbook won’t run video-editing software: film at eleven

So apparently some of the computers bought with Digital Education Revolution money are underpowered for the software suite loaded on by state education departments.

The Lenovo netbooks handed out to NSW students in 2009 and 2010 sport a 1.66MHz Intel Atom N450 processor, 2GB of RAM, 160GB hard drive and 10-inch screen

A rig with these spacs this is my primary Windows machine, and for a while was the most powerful machine in my house.  It’s fine for not playing HD video or anything that challenging, although operating without the (maximum) 2 gig of RAM is a weedy beast (the raw boot memory consumption is 640 meg, leaving plenty of space to run Notepad or perhaps Windows Performance Monitor).  With 2 gig it runs browsers, spreadsheets and word processors without complaint, but:

A NSW education department spokesperson, in response to complaints from students that their free netbooks don’t have the performance to run Photoshop, said

“Slow performance has not been highlighted as a major issue with the laptops … As with all computers, after time they can slow down. The department regularly upgrades the versions of software and performs a tidy up to ensure smooth running of the devices. This helps avoid slow boot and operating times.”

A. Why are these kids whining about free computers?
B. What the hell do school kids need Photoshop for?
C. Why would the passing of time cause a computer to slow down?
D. How does upgrading software versions improve boot times or even operating times?

Maybe the “tidy up” is the important bit.

Windows Media Center Edition 2005 doesn’t need wmlauch.exe

For those of you installing Windows Media Center Edition 2005 off MSDN disk 2429.4 (November 2005) and freaked out by it asking for a Windows XP Service Pack 2 (Windows XP SP2) disk, don’t worry: Just select the “skip this file and continue anyway” option because the install doesn’t need wmlauch.ex_ or wmlauch.exe – and I’m lead to believe that Windows XP SP3 will add it, or if not, Automatic Updates will. Just relax, and go with the flow.

I think that’s enough keywords, searching ought to find this now. Oh, hang on: Windows MCE 2005.

BTW, your XP Professional disk with integrated SP2 doesn’t hold the requested file, so don’t bother looking.