Apache: Forcing SSL using mod_rewrite and .htaccess

If you want to force all connections to your Apache web server to use SSL (https), you can do so with a simple .htaccess file inside the directory you want to protect:
# Force SSL connections
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Make sure you get all the proper spacing in there, or else it won’t work! I spent quite a bit of time pulling my hair out trying to get this to work, only to find out I was missing a space somewhere.

Apache & mod_gzip: No rule to make target `libgzip.’

I was upgrading an Apache install from 1.3.33 to 1.3.34 last night, including the gzip module using: --activate-module=src/modules/gzip/mod_gzip.o, and during the make process I received the following error:
rm -f libgzip.a
ar cr libgzip.a mod_gzip.o mod_gzip_compress.o mod_gzip_debug.o
ranlib libgzip.a
make[4]: *** No rule to make target `libgzip.', needed by `lib'. Stop.
make[3]: *** [all] Error 1
make[2]: *** [subdirs] Error 1
make[2]: Leaving directory `/usr/local/src/apache_1.3.34/src'
make[1]: *** [build-std] Error 2
make[1]: Leaving directory `/usr/local/src/apache_1.3.34'
make: *** [build] Error 2

It turns out that there’s an entry in mod_gzip’s Makefile.tmpl file that confuses my system. The very first line of src/modules/gzip/Makefile.tmpl uses a variable named LIBEXT that’s not defined on my system, so it fails. It’s an easy fix, open up src/modules/gzip/Makefile.tmpl for editing and find:
LIB=libgzip.$(LIBEXT)
And replace with:
LIB=libgzip.a
Save & Exit, run make clean; make; make install in the Apache src dir and you should be good to go.

FreeBSD: SSH logins hang after install of openssh-portable

I needed to upgrade my OpenSSL installation on FreeBSD without having to recompile everything (make installworld), and found out that you can do so by installing the openssh-portable port. You must force it to replace the base OpenSSL install, so you pass in the proper options:
cd /usr/ports/security/openssh-portable
make -DOPENSSH_OVERWRITE_BASE install

This went great, however, I could no longer log in remotely. It would prompt me for username and password then just hang until it timed out.

This happens because newer versions of sshd have “UsePrivilegeSeparation” (privsep) set to YES by default, so sshd will always try to verify the remote host name and check that the resolved host name for the remote IP address maps back to the very same IP address.

Because sshd is chrooted to /usr/local/empty, it is unable to read /etc/resolv.conf and fails any DNS lookups. This is why we are hanging! To fix it, I found some people suggesting to copy /etc/resolv.conf to /var/empty/etc/resolv.conf. I decided to try a symbolic link instead, but got the following error.
mkdir /var/empty/etc
mkdir: /var/empty/etc: Operation not permitted

This is probably caused by some flags or the schg bit on the dir, and I didn’t want to deal with it. Instead I decided to take the easy (even though probably unsafe) way out: disable privsep. Open up your /etc/ssh/ssd_config file and add the following:
UsePrivilegeSeparation no
Restart your sshd with /etc/rc.d/sshd restart and you should be good to go! I know it’s probably not a good idea to run with privsep off, but with it on, NOBODY could log into the server via ssh, including myself, and that’s no good. Hopefully OpenSSH and the FreeBSD ports people will find a way to make things work with privsep enabled in the near future.

Card Craps at Barona Casino

CrapsThe past couple years, I’ve really grown to love the game of craps. For me, it always requires a trip to Vegas, because by law, in California all table games require cards to be legal. No dice allowed unless cards are also played. Despite the explosion of Indian Casinos in San Diego, I never quite enjoyed myself at them because of the lack of craps.

Recently, however, I saw an ad for Barona Casino advertizing craps. My prayers had been answered! I could finaly enjoy myself in a casino without a trip to Vegas. Wrong. As it turns out, Barona got inventive and created a game of craps using cards instead of dice. It’s the same craps table we’re all used to, with one glaringly obvious difference. I went right up to the table, got some chips, and layed down my pass line bet. Waited around for the dice to come flying down the table, but instead heard the stickman call out a number. “What the hell,” I said to myself, “I didn’t see any dice.” Confused, I watched as people placed more bets, followed by the stickman calling out another number. It took me a few “rolls” to realize what was really going on.

Card craps, as it’s called, involves two shoes of cards containing only Aces and 2 through 6, the equivalent of the values on dice. For each “roll” the boxman pulls one card out of each shoe, resulting in the point value for that “roll.”

After some initial hesitation and desire to take my chips and run, I thought I’d give it a try for a few “rolls.” Turns out I didn’t like it ONE BIT. There are a couple reasons:

One, there’s no dice! Part of the fun of craps is watching those things fly down the table and bounce around till they land on a number. There’s more suspense in that, I feel, and that’s why I love craps.

A second reason why I don’t like card craps, related to the first, is that a lot of the social element of the game is removed when the dice are removed. There’s no longer incentive to chit chat with your neighbor, or to cheer for the shooter when he hits the point. You also lose out on the chance for a pretty lady to blow on your dice before rolling. The whole draw of craps for me is the social aspect. It’s what sets it apart from any game in the casino.

Third, and probably most important, is matematical probability. I’m a fan of games where prior results have no effect on subsequent ones. A clean slate every turn. It’s like flipping a coin: whether it came up heads or tails on the first flip has no bearing on whether or not it will be heads or tails on the next flip. The same is true for dice. With a deck of cards, however, this is not true. For example, if a 6 and a 3 are pulled on the first “roll,” that’s one less 6 and 3 in the deck, so it is less likely that a 6 or 3 will come up on subsequent “rolls.” I know this is wierd, but I felt cheated by this, as my clean slate for every roll was no longer there. Craps Dice ProbabilityAdditionally, this is a completely new probability structure from the original craps structure that has taken me years to get used to. You always know the probability of dice: 7 is most likely, followed by 6 & 8, then 5 & 9, etc. The way that card probability works injects a sense of unease that makes me feel uncomfortable. On the other hand, blackjack players have been known to use card probability to their advantage by “card counting.” I wonder if the same could be done here? It seems like it would be much harder in this situation, because there are less card values to work with (only aces and 2-6). Any card counters out there like to comment?

Fourth, there were some general annoyances. One that drove me crazy was, WHY DOES THE STICKMAN HAVE A STICK? There are no dice to retreive or push around, so it’s completely pointless for the stickman to have a stick. He didn’t do anything but wave it around like a magic wand, and it was obnoxious. Finally, the dealers didn’t know what they were doing! They’d forget to pay out bets and wouldn’t move my bets where I asked them to. Maybe it was because this is a new game and they were still learning, or maybe I’m just spoiled by the professionalism of Vegas, but it was the final straw that broke the camel’s back, and I was out of there.

I guess it’s back to Vegas for me. No complaints there, mind you, but it would be nice if I could play a round of craps in my own back yard every now and then.

[UPDATE]
I did some research on the no-dice laws and found out that there was an initiative on last years ballot to “Expand Tribal Gaming” and that included the exclusive usage of dice in table games! Unfortunately the initiative was rejected by the voters, so don’t expect to see classic craps in Indian Casinos any time soon.

Xdebug & phpize for PHP on FreeBSD

I ran into a few problems trying to install Xdebug into PHP on both FreeBSD 5.2 and FreeBSD 5.4. My research led me to this PHP bug thread and the proper solution. Here’s a quick summary to get you going with Xdebug:

Xdebug is installed via phpize, and phpize has some requirements:

  • autoconf: 2.13
  • automake: 1.4+
  • libtool: 1.4.x+ (except 1.4.2)
  • bison: 1.28 (preferred), 1.35, or 1.75
  • flex: 2.5.4

I was able to get mine up and running with the following versions:

  • autoconf: 2.59_2
  • automake: 1.9.5
  • libtool: 1.5.10_1
  • bison: 1.75_2
  • flex: 2.5.4

However, the ports packages for autoconf, automake, and libtool that come with FreeBSD are installed into non-standard locations, so phpize is unable to find them. This is easily fixed with symlinks (NOTE: symlinks will vary depending on which versions you have installed):
ln -s /usr/local/bin/aclocal19 /usr/local/bin/aclocal
ln -s /usr/local/bin/automake19 /usr/local/bin/automake
ln -s /usr/local/bin/autoconf259 /usr/local/bin/autoconf
ln -s /usr/local/bin/autoheader259 /usr/local/bin/autoheader
ln -s /usr/local/bin/libtool15 /usr/local/bin/libtool
ln -s /usr/local/bin/libtoolize15 /usr/local/bin/libtoolize
ln -s /usr/local/share/aclocal19/ /usr/local/share/aclocal
ln -s /usr/local/share/aclocal19/libtool15.m4 /usr/local/share/aclocal19/libtool.m4

Now, assuming you have all the correct versions installed and paths present, phpize should be able to find everything and Xdebug should install as expected:
# phpize
# ./configure --enable-xdebug
# make
# cp modules/xdebug.so /usr/local/lib/php/extensions

  • Add the following to php.ini:
    zend_extension="/usr/local/lib/php/extensions/xdebug.so"
  • Restart your webserver
  • Check the output of phpinfo() to make sure Xdebug is properly loaded

Bob Moog (1934 – 2005)

Bob Moog
ASHEVILLE, N.C. – August 21, 2005 – Bob died this afternoon at his home in Asheville, N.C. He was 71. Bob was diagnosed with brain cancer (glioblastoma multiforme or GBM) in late April 2005. He had received both radiation treatment and chemotherapy to help combat the disease. He is survived by his wife, Ileana, his five children, Laura Moog Lanier, Matthew Moog, Michelle Moog-Koussa, Renee Moog, and Miranda Richmond; and the mother of his children, Shirleigh Moog.

Bob was warm and outgoing. He enjoyed meeting people from all over the world. He especially appreciated what Ileana referred to as “the magical connection” between music-makers and their instruments.

No public memorial is planned. Fans and friends can direct their sympathies or remembrances to www.caringbridge.com/visit/bobmoog.

Bob’s family has established The Bob Moog Foundation dedicated to the Advancement of Electronic Music in his memory. Many of his longtime collaborators including musicians, engineers and educators have agreed to sit on its executive board including David Borden, Wendy Carlos, Joel Chadabpe, John Eaton, David Mash, and Rick Wakeman. For more information about the foundation, contact Matthew Moog at mattmoog@yahoo.com.

We’ll miss you Bob.