Subversion + SSH – Close but no banana

About a year ago, I switched my primary source code control system from the venerable old CVS to the (relatively) new kid on the block, Subversion. On the whole, I’ve been ecstatically happy with the system. It patched many of the ridiculous problems with CVS, and added on things that opensource community has been asking for for ages (like ‘rename’), but never made it into CVS.
Now I have all my projects stored in SVN, and my main client is using it as well for their code (they’ve chosen to go with SVN and are planning to End Of Life their VSS server – to the dismay of no one).
One of the best tools that made this switchover workable (aside from SVN’s similarity CVS in many respects, particularly on the command line) is the Subclipse plugin for Eclipse. Subclipse provides a great easy to use interface into SVN servers, giving all the functionaly one would have on the command line via a very simple, tightly integrated GUI.
One thing that had been bugging me, however, was the access methodology I was using to get to my (remote) SVN server. It involved setting up a tunnel in SecureCRT (though Putty can do it as well), and then telling subclipse to use my ‘svn://localhost/stonekeep’ repository.
SVN+SSH configuration under EclipseWhile doing some surfing, I found that Subclipse supports the svn+ssh syntax for specifying the repository. “Great!” says I, “I won’t need to set up the tunnel each time!”
A few more fiddles, a pleasant discovery of a configuration screen in Subclipse, and I had an SVN over SSH connection to my repository, even using my ssh key pair.
Danger, Will Robinson!
But wait! All is not well. When I tried to browse the repository from Subclipse, I quickly hit this error:

Could not open file system at /var/lib/svn/stonekeep
(13)Permission Denied: Berkley DB Error while opening environment for file
system /var/lib/svn/stonekeep/db:

This vexed me, because I had been having no problems accessing the repository locally on the server, and over my ssh tunnel. Both used the locally running ‘svnserve’ on the repository host, so why wasn’t the svn+ssh connection using it?
The answer comes in the SVN documentation, and via a little research:

What’s happening here is that the Subversion client is invoking a local ssh process, connecting to, authenticating as the user harry, then spawning a private svnserve process on the remote machine, running as the user harry. The svnserve command is being invoked in tunnel mode (-t) and all network protocol is being “tunneledâ€? over the encrypted connection by ssh, the tunnel-agent. svnserve is aware that it’s running as the user harry, and if the client performs a commit, the authenticated username will be attributed as the author of the new revision.
When running over a tunnel, authorization is primarily controlled by operating system permissions to the repository’s database files; it’s very much the same as if Harry were accessing the repository directly via a file:/// URL.

The Problem With This
I’m really unhappy with this model. The problem is that now the user must have read/write access to the entire repository tree. When using a local socket connection (or one over ssh via a normal tunnel), the Subclipse client connects directly to the svnserve process running on the repository box, and interactions with the server happen under that processes ownership.
The svn+ssh protocol does not use the svnserver on the target machine. It tunnels the command to a user-invoked svnserve process, and that process must have read-write access to the repository.
“Well gosh, that doesn’t seem too bad. What’s the issue?”
The issue is that to make this methodology work, I have to give the user read/write access to the repository tree. Meaning, they could happily type ‘rm -rf /var/lib/svn’ and destroy the entire repository. Even worse, the configuration files (including the password / access file, which has passwords in plaintext) must be made available to the general users.
Why svn+ssh doesn’t simply make a local socket connection to the svnserve process already running, I don’t know. But I can find no way to make that happen.
The fix?
As far as I can tell, there really is no direct fix for this. There are various workarounds, which the SVN documentation discusses, including setting up an ‘svn user’ for the svn+ssh logins, and the possibility of using unix groups for permissions, but I feel that if you have a listening socket server on your repository host, you should use it, not introduce a second methodology and have to jump through hoops to implement it.
For now, I have to abandon the svn+ssh possibility, and go back to my hand-configured socket tunnels. There’s no real loss here – they work remarkably well, are very secure, and quite stable. The slight annoyance of having to open up a SecureCRT session before doing work in Eclipse is just that – a slight annoyance. I’ve dealt up until now, and I’ll just continue to deal.

Jabber: I return to the fold.

Quite a while back, I was a fairly avid user of Jabber, the XML based open source messaging system. This was mostly during the Yahoo / MSN / AIM / ICQ ‘instant messaging’ wars, where each company was trying to push their own system for the hearts and keyboards of the world.
It turned out apparently that marketshare in messaging really wasn’t the panacea they had all hoped it was, and the “YOU VILL USE OUR MESSAGE SYZTEM, AND YOU VILL LIHK IT!” approach many of the vendors were pushing has taken a back seat to other business models, like, say, making a good product.
I had no real need for a strong IM platform for a few years, as most of my communication was either done in e-mail or over IRC, but recently I’ve been spending a fair amount of time in IM with a my client down in New Jersey. As they are primarily a Microsoft shop, they naturally opted for Windows Live Messenger. With a somewhat heavy heart, I installed the Messenger client, and started using it fairly regularly.
In short, it sucks. First, Microsoft seems to be in this model of “Oh, we realize that the Windows interface is butt ugly, so we’ll redo the interface again, in sort of a hacked up interface-inside-an-interface model.” I first saw this with the Windows Media Player, which has an infuriatingly obtuse interface, while it tries to be ‘super-hip’. WLM is just as bad, but it tries to be an effective business tool (shared whiteboards, VOIP, etc) while also trying to be something kids want to play with (online games, cute icons and sounds, etc). The resulting mishmash makes me feel like I’m trying to do business over a speak n spell.
It was time to go back and see if I could use the MSN network, which my customer was wedded to, with a client that didn’t suck. A few years ago, this was problematic, as the various IM providers were occasionally blocking certain servers from connecting. (AIM is in fact still doing this for the big public Jabber servers, and Yahoo has a long history of actively blocking non-Yahoo clients.) Recently, the IM providers have backed off their rabid territorialism, and third party clients are easier to work with.
I once again considered multi-protocol clients such as Trillian and GAIM, but to me they solve the problem the wrong way. They make one piece of software that can talk all the different server protocols. Jabber does it differently. It’s up to the SERVER to connect to all the providers. You just need to run one client that talks Jabber, and the server does the rest.
My Jabber server has been running without maintenance for over a year, and I was using it occasionally for Yahoo and AIM connections, but now I needed to make the MSN gateway active as well. Fortunately, it was just a matter of apt-getting the msn gateway tools, and enabling it in the server configuration.
Now I’m back – I have a single Jabber client (at the moment I’m using Exodus, which IMHO is the best Jabber client on Windows), and it is happily showing me contacts from MSN, Yahoo, AIM, and Jabber. My old contact lists happily repopulated (they’re stored on the server, not on the client), and off I go.
It’s been pleasant to note that other services are coming onto the Jabber network, including Google Talk (A jabber system), and LJ Chat for the Livejournal folks – also Jabber.
And, as I type this note, I’m getting messages from the MSN-based folks I mentioned earlier, and Exodus is happily showing them as simple Jabber messages. Joy!
Are you on a Jabber network? Say hi! My Jabber ID (JID) is ‘’.

All hail USB rechargers!

Gosh, the fellow who figured out that USB devices had enough oomph on the bus to recharge the plethora of mobile geek devices we carry around should get some sort of award. With these gadgets, I’ve lowered the number of small chargers and other hardware I need to haul around with me when travelling. Here’s a couple basics…
My bluetooth headphones have a small Mini-B style plug where the microphone normally plugs in. Pop out the mic, and plug in your Type-A to Mini-B cable in, and voila! It recharges! Conveniently, this cable is the same one I use to download images from my Olympus C770 camera, so there’s the first ‘combination of functions’ solution.
By far the most useful item is charge and sync cable for my Treo. First, it allows hot-syncing between the Treo and clipper. I’m forever losing sync cables and getting lost in the maze of wiring on my desk. This cable not only syncs, but it -retracts- into a the size of a keyfob. No tangling! It lives happily in my backpack pocket. That alone would be handy, but it also charges the Treo from the USB port. Yep, no more carrying another charger around, I just need this one cable. Hooray! As I type, the Treo is sitting on the desk next to me happily vampiring off some of clippers’ spare wattage.
What am I missing? Not a lot. I’d like a decent USB based charger for the battery in my camera, but that is probably not too likely, alas. As it is, I’ve been able to limit my power supply portage to just the laptop brick, which is fine by me. Besides, on cold nights, that brick makes a dandy foot warmer.

Redhat geekery and, of course, swag!

Photo_120706_001Got to attend a Redhat presentation today on virtualization. They were pushing a lot of very interesting stuff, and while the marketing drivel was in fact kept to a minimum, they did pitch RHEL5 pretty hard, as well as their relationship with Intel.
Of course, the important stuff is the SWAG! Today’s haul was a 256meg stainless pen drive – all in all, one of the better bits I’ve seen at presentations. It’s stocked with all the presentation data, so that’s nice, and it’s sort of pretty.
I have to admit, part of the goal of this was successful with me. The stuff going on with Xen and RHEL is pretty impressive, including cluster management and ‘paravirtualization’ (basically environments that realize they’re virtualized, and can be managed easily via standard API’s). Moving forward on platform design for my clients and for my own hosting stuff, I’ll take RHEL into serious consideration (and not just because they said at the meeting here that RHEL5 will be Yum based, not up2date).
The drawback is that the Xen stuff doesn’t really support Windows as virtual guests. For that I’ll need to focus on VMware. (The other option is naturally Microsoft Virtual Whatever, which, in my experience, has been frighteningly unstable and buggy. I can’t boot my Kubuntu CD into it (installation locks up), and I’ve had serious keyboard issues even trying to configure the installer. I’ll hold off on a full rant against this until I’ve tried vmware, but at the moment, I’m unimpressed with Virtual PC.

Can lightning strike twice?

About 10 years ago, I started writing an application that would have a profound impact on my life. Keystone started out a simple problem tracker, grew into a mature product that was getting 3000+ downloads everytime I did an update (about once every 3 months), and was ultimately sold to a DotCom that basically killed it in its tracks. That sale let me have a few toys and was a high point of the dotcom bubble for me.
3 years ago I re-aquired the rights to the application from the failed dotcom, and set about upgrading the vastly outdated software. My user base had for the most part wandered away to other applications, but there was still interest and heck, it was my application, I wanted to do things with it.
But other projects were taking precedence, and Keystone languished.
On a recent trip down to DC, I had the opportunity to spend 7 uninterrupted hours on the train, each direction, with nothing but a laptop and a music library to keep me company. After trying to get my current projects working, I settled back into “well, maybe I’ll work on Keystone some more.”
In those 2 train rides, I did more upgrading, tinkering, and fixing in Keystone than I’ve done in the last 3 years. I revived the contact manager and fixed all the dependency problems. I continued the changes needed to bring a PHP application, written in 1995, up to 2006 standards. Keystone is over 12,000 lines of code – not a trivial application, but not so huge that it is an unassailable target.
The question is – why do this? Sure, part of it is ‘this is my baby, I want to see it succeed’, but in the back of my head, the question burbles… “Can lightning strike twice?” – can I make this a successful opensource application again?
I’m certainly not deluding myself into thinking “THIS WILL BE THE NEXT KILLER APP!” – that’s a foolish and unrealistic mindset. But can I bring it back to where people are using it, they like it, they contribute suggestions and fixes, and the application continues to grow?
I’d like to think I can. But the code still needs a lot of work, and there are some design decisions that will most likely require huge chunks of code being ripped out at the roots (database connection methodology has advanced SIGNIFICANTLY since 1995).
It’s a nice dream, I sort of miss my users. Maybe they’ll come back.


What is it about New Jersey? Here I am, back again, this time for more than just visiting a client. It’s been almost a week since I’ve been home, and it begins to wear. But enough of the that, let’s see what’s been going on.


First of all, there was Ubercon. This is the 8th event I’ve done for them, starting with our snowbound adventures in the beginning of 2003. Many of the original folks who were at that event still come to the con, both as staff and as attendees. It’s settled into a close community of gamers, focusing on what they love most – Gaming. Sure there’s the smattering of costuming, artists, and movies, but the vast majority of the people there are there to play games. Board games, card games, miniatures, LAN games… 24 hrs a day for 3 days, gaming gaming gaming. Ubercon was the first place I ever played Settlers of Catan and Icehouse, was my first exposure to Unreal Tournament, and was the place I first saw Guitar Hero.

All in all the event went fine. With help from blk, we worked all the hours necessary, got at least one nice dinner out, and generally had an enjoyable time. Once again the Myth box was on prominent display, and many games of DigDug, Contra and SmashTV were played. I think there’s a future in making the machine easier to work with – console buttons for coin drops, player starts, and an easier selection mechanism. I would have liked to have left the machine alone and had people come up to play it more often, but alas, it was too prone to twitchy behavior and random joystick resets.

More work

Of course, Ubercon came to an end, and I had to go on to the next reason I’m here. My work for this client is coming along fine, with development proceeding apace. Nothing really riveting to tell here, but when away from the convention and spending a lot of time on my own, I get a chance to think about being here, and to write down some of the things I see…

I present to you my NJ ponderings…


What’s that you say? Pizza? Boston has plenty of pizza! What’s your problem? Hah, I say. Boston has a mere shadow of proper cheesey goodness. NJ is home to the thin-crust style pizza. None of the heavy crust, grease laden horrors that populate the Beantown. Here, any pizzaria has decent thincrust pizza. I frequent my favorite spot every day for lunch, trying to get my fill. In my youth, when I lived in Trenton, a certain pizzaria saw me every day or every other day for dinner. I was quite the regular, and gained a reputation for ‘4 slices!’ – after which I’d happily park myself in a booth and read half a book in the space of 2 hours. Such was my social life.

Oddly, when I brought up my pizza fascination with one of the fellows at my clients’ office, he pointed out that Boston does indeed have a source of thincrust pizza. Papa Gino’s. In the interest of full disclosure, I do in fact eat there on occasion, but sadly, it can’t compete with small-shop pizza in the garden state.


Only recently did I find out this chain is more widespread than I had realized. Around 1993 I found a Fuddruckers near Edison when I was working for Unipress Software as a sysadmin. We’d make regular forays out for half pound ground beef burgers. Not sure exactly what made them so tasty, but they were sure good eatins. This trip I scheduled my drive from Ubercon down to Princeton to give me time to stop by that particularly restaurant on Route 1, and it was as tasty as I remember it. Delish.

Dunkin Donuts or lack thereof

The great DunkinDonuts epidemic hasn’t quite reached New Jersey yet. This has thrown off much of my morning routine, as given any opportunity, I’ll happily get a DD coffee and a bagel for breakfast (or lunch, or dinner, or a snack or…). In Boston, DDs are like mileposts. You can actually navigate by them (“Yeah, go down 3 DD’s, turn right, up 4 DD’s, and we’re on the left.”) Here? Not so much. I’ve found only one within a 10 mile radius of my hotel, and alas, it’s on the opposite side of the office. Sad.

The dichotomy of the state

New Jersey is a study in contrasts in many ways. Noting that I did in fact grow up here, my view of the state has always been somewhat bucolic. I grew up on a horse farm in a very rural area. Cows, horses, etc were the normal views, and getting around on trailbikes and snowmobiles was the norm. We could wander for miles in streams and woods exploring in any direction, just avoiding houses every once in a while. The first leg of this trip was spent in Secaucus, near Giants Stadium. There are fewer places displaying a harsher contrast against the locale of my youth than Secaucus. Perhaps Elizabeth (those who are familiar with the area will know Elizabeth by it’s high refinery – to – human ratio). After 4 days there, coming down to the Princeton area was a rather dramatic change. Here in Princeton, fall is in full swing. It is cool, breezy, the leaves are bright yellows and oranges, and there’s just a hint of winter coming. Such a contrast to the industrial squalor of Secaucus.


My arrangements in the Princeton area are usually set up for the Chauncey Conference Center, part of the Educational Testing Service, or ETS. I’m sure not a few readers frowned at the mention of ETS, as this company is the originator of the SATs, the bane of many a high school college-student-hopeful. At the moment, I’m sitting in the Chauncey Conference Center lounge, in front of a lovely fire in a natural stone fireplace, in a large comfortable leather chair. Over the fireplace is a portrait of man in his early 60s, holding a pipe, with a loose, comfortable smile. This man is Henry Chauncey, the founder of ETS way back in the day.

Why is this of note? When my family moved from Long Island to New Jersey when I was about 6, we rented a house in Ringoes, NJ, about 8 miles from here, for a little over a year. During that time, I got to be friends with our neighbor and his family. He had a daughter named Sarah who was just my age, and another daughter. His wife I remember only fleetingly – I know she died around that time from cancer, but I don’t know if it was during the time I was around. The fathers picture now is in front of me above the fireplace.

I spent a lot of time in the Chauncey household – Sarah and I had a lot of fun playing and just enjoying having a friend right next door. Mr. Chauncey (as I knew him) was always kind and had a lovely rolling voice. My memories of him were of a quiet, gentle man with a strong voice and the omnipresent smell of pipesmoke. His office was the epitomal intellectual / businessman’s home office. Heavy panelling, books books books in floor to ceiling shelves, a huge desk with a fantastic leather chair behind it, and of course, his pipes.

One particular memory I have of being at his house was spending time in the fields around the house, riding on this wonderful machine he had. A late 1940’s Ford 8N tractor. My first experience with these wonderful machines was sitting in his lap as he taught me to drive, and told me that keeping my foot on the clutch pedal was a bad idea “Nope, don’t do that, that’s called riding the clutch.”

It’s odd now sitting in front of his painting, enjoying some of what he helped build. I kept in touch with his daughter Sarah off and on over the years, and as I understand it, Mr. Chauncey lived late into his 90s, still active and travelling around the world with his daughter. I understand he finally passed away sometime around 1995.

Ubercon Time!

It’s that time of year again. Next week I’ll be heading down to Ubercon for our bi-yearly gaming geekfest.
I’ve been doing this event from the beginning, and have had a ball every time. Lots of great gaming (card, board, and LAN), and great folks to hang out with. If you like tabletop gaming, LAN gaming, console gaming, or just geek-gaming-hangingout, this is the place to be.
I credit Ubercon for getting me into DDR, Unreal Tournament, and Settlers. It was the first (and in reality only) place I’ve played Guitar Hero.
Hope to see folks there!

An old programmer…

… can learn new tricks?
As part of my current contract, my employers are embracing new procedures and techniques for application development. While the normal buzzwords of “EXTREME PROGRAMMING” and “Agile Development” are being bandied about, they’re not being whole-hog embraced, with the managers marching zombie-like into an undeliverable product schedule. We’re trying new techniques such as scrum product development, and utlitizing sprints to structure short-term deliverables and milestones.
Since I got the core of my production programming experience with this same company almost 18 years ago, when there were only 3 employees, me being number 3, I find it fascinating to see the same programmers trying new tacks to take on the complexity of developing modern code.
In the Good Old days, our entire code base was perhaps 80,000 lines. One developer easily understood every aspect of the application, and could comfortably keep up with customer and internal needs. The current codebase is over a million lines and growing, and no one programmer understands it all. This is not a disaster story, it is one companies’ normal evolution as they grow and expand. In this case, they have lucked out to have a person in charge who is not only a brilliant programmer, but also an open-minded manager and a good communicator. He recognized the pitfalls of 20 years of development on his product line, and is making careful, planned, and deliberate changes to the company’s development methodology.
Of course, the panic element for this is… the changes being applied involve shifting their platform onto a framework I designed for them over the last 18 months. No pressure, really. It’s only the future of this company and it’s 20-some odd employees, not to mention the respect and 20 years good will of the owner. The same owner who gave a young programmer his first production development position.

Barcamp Boston! June 3-4, Maynard

Looks like I’ll be doing registration work for Barcamp Boston at’s offices in Maynard. BarCamp is an un-conference – a sort of on the fly get together for geeks to talk about geeky stuff and hang out. Sounds like fun, and sounds like an opportunity to talk about CONGO to an appreciative audience.
This is a pretty low-key event, but if you have something you like to present, or just want to come by and help with reg and yammer about various linux-y things, cmon down!

Fox News Questionable Business Practices?

One of the functions of my blogging software is to keep an eye on who is posting comments to the blog, and where they come from. Over the last few months, I’ve been seeing several posts of this variety showing up, always pointing to Fox News, and having -nothing- to do with the topic being replied to.

A new comment has been posted on your blog Planet Geek!, on entry #2674 (10 Years Ago...).
View this comment: 
IP Address:
Name: defwjkd
Email Address:
<A HREF=",2933,193083,00.html">Zarqawi:
'What Is Coming Is Even Worse'</A>
this is so scary - cannot believe this...

This is obviously spam, something bloggers are well used to (we use various measures to block spammers). Blogspam’s purpose is to raise the google ranking of the target site by providing more links to it. It’s somewhat the bane of bloggers in general, though most blog software has decent countermeasures, but traditionally, these types of spam were promoting sex enhancement drugs (real or fake), or the like. However in this case, it’s a known, established, and high profile business. Fox news.

I can’t think of any legitimate reason a comment like this would be posted to my blog. I’m assuming Fox has hired some marketing company to up their news ranking, and the marketing company is resorting to blogspam to accomplish their goal. Heads up, Fox, this is not the way to do business, and will get your site banned from commentary pretty quickly.

Microsoft in a nutshell.

While working with a client in the first stages of abandoning a tightly coupled Microsoft environment for a Java based one, the following phrase was uttered:

“MIcrosoft is like a girlfriend that makes it impossible to break up with. You think you’re free, but you’re not because she still has all your cd’s.”

I do like working with these folks.