Eclipse Run Helper – Better Run/Debug support from the keyboard

Eclipse Run Helper is an Eclipse plug-in which adds keyboard-driven support for your Run/Debug history.

Following a discussion with a friend over keyboard support in Eclipse’s Run/Debug UI, I decided to put my recently acquired Eclipse plug-in development skills to use. His gripe was the lack of keyboard-driven access to the history of things you’d run (especially as the drop-down buttons on the toolbar made it obvious that Eclipse was tracking this somewhere). A week or two of coding after work and Eclipse Run Helper was ready to fill the gap.

Installing it is simple: just grab the plug-in, throw it in the “dropins” folder of your Eclipse instance (tested on 3.7 upwards), and you’re done. To use it just hit Ctrl+Shift+F11 for Run, or Shift+F11 for Debug, then one of:

  • A number from 1 to 5 to select an item from your history
  • The letter “t” to re-run your last (JUnit) test run

As far as development, it wasn’t too bad. The biggest roadblock I ran into was the inability to display anything other than the Command name in the UI you get for “two stage” keyboard shortcuts (not sure if there’s an official name for those, but think Alt+Shift+d and similar). This meant that if I went the easy route and just defined a bunch of commands (one per shortcut) in plugin.xml, I was stuck with an unintuitive UI which didn’t show the name of the project being run, only something nasty like “Run 3rd last project”.

I ended up implementing my own UI to look as similar to those keyboard shortcuts as possible, but which gave me the flexibility to change what was displayed. A pleasant side effect was that it was easy to display the correct icon for each type of run configuration next to the name. In an ideal world, I’ll be able to remove this some day, but I won’t compromise the UI to do so.

If you’d like to contribute, or are just interested in having a dig around the source, it’s available on Github (under the Apache 2.0 licence). I’d appreciate any ideas/feedback that you have too, and have noted a few of my own ideas at the end of the README file. At some point I want to get this functionality into the Eclipse Platform itself, though figuring out that process will be a totally new experience for me.

Email address validation: an addendum

When I was writing my last article, I wasn’t expecting too much of a response. Perhaps a comment or two from the 30-50 visits I get for most of my posts would be nice. The post actually circulated a bit more than usual, and I got quite a bit of interesting feedback. Hopefully these afterthoughts will get to at least some of those who read the original article (whether it’s the usual 50, or the 50,000).

One crucial thing that came up was the reasoning behind rejecting an email address that the user enters into the form. It boils down to wanting or needing to be able to contact the user at a later time. A very common case is account recovery. If a user loses their password, and you don’t have any way of contacting them, they’re probably stuffed. If you can tell them as quickly as possible that what they’ve entered doesn’t look right, then you’re going to save a lot of bother.

A few people commented that they often get less technically savvy users entering all kinds of incorrect things, ranging from just the local part (or conversely just the domain) of their email address to their desired user name on the service they’re trying  to register with. Given that this sort of thing goes on, validating that an email address is composed of an “@” symbol with some characters on either side is sensible (of course, you should still send a validation email if you want to make sure you’re being given correct data).

As for using such validation to prevent fake account creation, it’s trivially bypassed. If I’m working for nasty-corporation.com and want to sign up a bunch of accounts on your site to post loads of spam, I’m probably going to be able to generate email addresses, or better still create valid addresses on my domain to register an account. As annoying as they can be, some form of Captcha is better for this (preferably one with an audio alternative to the picture, for accessibility reasons), and doesn’t rely on spammers being totally incompetent.

Just one more thing, I know the comment system built into WordPress does a poor job of all this. More than a few of you were good enough to point it out. I’m switching away from the default one soon anyway.

Email address validation: please stop

It’s something that’s been bugging me for a long time. All around the web, people are making flawed attempts at validating email addresses, causing a headache for their users, and probably for themselves.

I really started to notice this when I began to use the disposable addresses system that Gmail provides. Any mail sent to <youraddress>+<some_other_string>@gmail.com arrives in the Gmail inbox for <youraddress>@gmail.com. This is quite handy, and I personally use it for automatically tagging email I receive. For instance, for any email related to unicorns, I’d simply enter “<myaddress>+unicorns@gmail.com” on the sign-up form, and my mail filters would automatically tag all mail sent to that address for me (as an aside, these don’t really work as “proper” disposable email addresses as it’s easy to just strip everything after the “+” character in the local part of the address, and get the proper address). Sounds great, right? Well it is, until half of the internet fails at email address validation and rejects it.

The problem is that the email address specification allows for far more than most programmers expect it to. For instance, things like ” ! $ & * – = ^ ` | ~ # % ‘ + / ? _ { } ” are all valid, along with a whole bunch of others (even “@” if you quote or escape it). Some of these are a tad silly. Using another “@” sign by escaping, for instance, is just confusing, and is probably only used by sociopaths. Reject some of those others however, and you’ll start to annoy your users.

I was recently at a talk given by Andrew Godwin at FOSDEM. In that he mentioned a problem Django ran into, where their regular expression used for email validation would hang on long input (scratch that, I think this is the bug he mentioned, that other one is hideously old). After some head scratching, they came up with an improved regular expression, which didn’t have the issue. I’m not sure that either solution actually validates according to the specification though, and if the validation falls on the side of being too strict, it’s probably out there irritating people right now. As a fun aside Perl’s Mail::RFC822::Address module gives you a glimpse at a regular expression that actually follows the specification from RFC822.

Even the best validation is only going to get you a syntactically correct email address, with no guarantee that it actually exists. If you want to know that you’re being given a valid address, send it an email and have the user click a validation link in it, and stop annoying your users!

EDIT: I wrote a little follow up article on some of the points raised by commenters.

Setting up Apache 2.2 on Windows

I’ve had a reasonable amount of experience setting up and using the Apache Web Server on Linux machines (almost always Debian boxes), but a couple of weeks back I wanted to set it up locally as a dev environment. As I run Windows, this involved a few changes in procedure. I felt it was worth outlining the procedure for anyone else who might find themselves in the same boat.

First off, you need to grab the latest stable binary from http://httpd.apache.org/download.cgi (at the time of writing, it’s version 2.2 that you want, specifically 2.2.16). I chose to get the one which includes OpenSSL (which you’ll need if you want to test serving secure content). Once you’ve got that, run through the install wizard. In terms of which options to choose during it, I went with installing the server as a service so it started up with Windows. Also, I chose to customise the install and selected to install all features (as opposed to taking just the typical ones). This is almost certainly unnecessary, but I did it just to make sure I wasn’t missing anything I needed.

Something to note throughout this guide is that after any change to the config files you must reload the server. The installer will have added an icon to your notification area which will allow you to do this.

The config files are located in <your_install_directory)conf. In some areas, the config files dependant on your installation directory, which can differ (for instance, if using a 32 bit operating system, you won’t have things installed in “Program Files (x86)”).

Notation used throughout the guide

The use of “->” denotes before and after of each line changed (before on the left, after on the right).Anything which is for the user to decide is given between angular brackets. In code blocks, “#” is used for any comments (just as it is within the config files).

Basic Setup

To get Apache just serving content from its htdocs folder (which is located in the installation folder) requires the least configuration. To achieve this, just make the following changes to the defaults in the config file.

In httpd.conf:

Listen 80 -> Listen <Number Of Port To Run Web Server On>
#ServerName localhost:80 -> ServerName localhost:<Number Of Port To Run Web Server On>

At this point, you should be able to navigate to http://localhost:<Number Of Port To Run Web Server On> and see a page confirming that you’ve set it up correctly (or your own index.html if you’ve replaced the one that’s in the htdocs folder by default).

Add setup for user directories

Adding the necessary config for user directories means that each user account you have on your machine will have a directory that they can place files in to be served by Apache.

In httpd.conf:

#LoadModule userdir_module modules/mod_userdir.so -> LoadModule userdir_module modules/mod_userdir.so
#Include conf/extra/httpd-userdir.conf -> Include conf/extra/httpd-userdir.conf

You should now be able to navigate to http://localhost:<Number Of Port To Run Web Server On>/~<user>/ and view any content that the user places in their website directory (by default “My DocumentsMy Website”). You can change which directories are used as user directories by editing confextrahttpd-userdir.conf in the Apache installation folder.

Add setup for virtual hosts (also known as vhosts)

Virtual hosts are more useful in a development (and in most production contexts) context than user directories. They allow you to specify a folder which Apache should serve from when receiving a request on a given domain/subdomain. They also allow you to specify some settings specific to that virtual host, such as a custom log file to use (rather than just putting everything in the default log file).

In httpd.conf:

#LoadModule vhost_alias_module modules/mod_vhost_alias.so -> LoadModule vhost_alias_module modules/mod_vhost_alias.so
#Include conf/extra/httpd-vhosts.conf -> Include conf/extra/httpd-vhosts.conf

In httpd-vhosts.conf:

NameVirtualHost *:80 -> NameVirtualHost *:<Number Of Port To Run Web Server On>
# Delete the two existing VirtualHost entries, and add your own following this template.
<VirtualHost *:<Number Of Port To Run Web Server On>>
 ServerAdmin <yourname>@localhost
 DocumentRoot "<drive_letter>:/path/to/your/website"
 ServerName <subdomain>.localhost
 ServerAlias <subdomain>.localhost
 <Directory "<drive_letter>:/path/to/your/website">
  Options Indexes FollowSymLinks Includes ExecCGI
  AllowOverride All
  Order allow,deny
  Allow from all
 </Directory>
 ErrorLog "logs/<subdomain>.localhost-error.log"
 CustomLog "logs/<subdomain>.localhost-access.log" common
</VirtualHost>

One thing to note with a vhost, is that you’ll need to add an entry to your hosts file for the each subdomain you use, so that the domain still resolves to localhost (at least, I found that without this, it the domains didn’t resolve). To do this, simply open C:WindowsSystem32driversetchosts and add a line that looks like:

127.0.0.1 <subdomain>.localhost

With that done, you should have it all working, and should be able to visit any of your virtual host sites at http://<subdomain>.localhost:<Number Of Port To Run Web Server On>/. If it’s not, please leave a comment as I could well have missed something crucial out (though I think I’ve covered everything, as this guide was produced by diffing my working config files against the original ones).

Things to watch out for

  • In Apache’s config files, forward slashes are used in paths, as opposed to the backslashes you’d usually use on Windows.
  • You’re probably best running this on something other than port 80. One thing that many people get caught out by is trying to do this on a machine which also has Skype running on it (not too unlikely on a home dev machine), which it turns out binds to port 80. To work around this, either disable this option within Skype (I recommend doing this), or run the web server on a different port. The option to disable is in Tools -> Options -> Advanced -> Connection -> Untick the checkbox “Use port 80 and 443 as alternatives for incoming connections”.
  • Make sure you reload/restart the server after any config file change. This is a required step, and without it your changes will be ignored.

Mirror’s Edge (PC) Review

I picked up Mirror’s Edge in the recent Steam sales (along with far too many other games, which saw off a little more money than I’d hoped). I didn’t get it with any of my own expectations, only the knowledge that people had told me it was a must buy. Unfortunately the game left me wondering what had deluded these people into thinking something like that.

If you care about the story not being spoiled you may want to avert your eyes. The game starts with you being plonked down on a roof somewhere in some city where the graphical bloom goes up to 11 and stays there at all times. You’re taught your repertoire of jumping and fighting techniques in one go, god forbid you should forget them, and then launched into the game. The story is set in your regulation future dystopia, where the police are evil, the government are evil and concrete blocks are extremely springy. You’re not really given too much motivation to hate the government; you just take the game’s word for it and set about acting like a royal prick with a poorly explained briefcase fetish.

Sadly, the game play doesn’t even come close to making up for the plot. There is one route, and only one route, and any deviation from it will result in crunchy death as you faceplant into the pavement. Most of the time this route is helpfully painted red, but the game occasionally decides you’re more competent than that and lets you decide what to do. Don’t be fooled though, there’s one path, and any attempt at creativity will be duly rewarded with death.

Linearity aside, the game still manages to produce an unnecessarily frustrating experience. Every time you grab an object or ledge, you’re treated to a face full of concrete and have to stop and move the camera around, breaking the flow of the game. This, teamed up with the loss of momentum every time you jump over anything higher than a cinder block, caused a steady feeling of rage which didn’t really subside at any point in the game.

The lack of choice in paths reared its ugly head more than once during the game, but one incident stuck out more than the others. In a section in chapter 7 the character is running on top of some ventilation shafts and some pipes are highlighted red on the other side of the room. I spent a good half hour wall running along the wall that headed directly to them, only to be left disappointed at the game’s edge detection and plummeting to an inevitable death. It turned out that I was meant to run along a wall parallel to what I was aiming at and make possibly the most hilarious jump ever to reach the bars.

The edge detection was a constant annoyance. At times it seemed like the protagonist simply wasn’t trying, but as soon as a bit of concrete turned red it may as well have been a fucking spring board. The net result is that you only go where the game wants you to go, no matter what incredible leap that may involve. Occasionally it will even help you when you don’t jump far enough, and you’ll end up performing a mid air vault for a pipe or ledge.

Overall, I’m confounded as to why people recommended this game so highly. While it’s a nice concept, it’s totally marred by a lack of polish (no, not bloom, there’s enough of that) in the execution. Bring on the release of Assassin’s Creed II on a real platform.

Stopping the inevitable comment spam

While it remains to be seen if this works, I’ve just come across (well, more of a deliberate search) what seems to be a reasonable way to reduce comment spam. It adds a quick maths (not “math” as the plug-in author erroneously suggests) question to the Comments section which must be correctly answered in order for the comment to be posted. Akismet seemed reasonably good at catching spam, but I’m hoping this should properly keep the comments section clean.

http://www.herod.net/dypm/ to download it (comes with full setup instructions). Also yes, I am tempted to “sed s/math/maths/” the source. :P

EDIT 22/07/2009: Turns out it does something else to annoy me. The box moves itself about if you turn Javascript on/off, looks like someone decided it was okay to fix the layout with the *worst method  ever* (yes, this problem does override the Enlgish language pedantry from before).

WordPress with suPHP

Last week I noticed that I’d made a rather (un)hilarious security error and exposed my wp-config.php in my WordPress setup to the world. This is bad, as it contains database credentials and some secret keys from the setup (all of which I’ve had to change since sorting this out). I decided it might be nice to write a small guide on a better setup which while not complete might mean that you’re able to avoid the mistakes I’ve made and possibly to point out a flaw I haven’t seen in this new setup. I did look at a couple of other solutions but this one seemed pretty nice to me.

While playing around trying to make this work I did find out about the giant goodie bag of awesome that is the unix find utility. In this case I was using it to change permissions on certain groups of files/directories, and some useful examples are given below. I sense it might come into play a fair bit now and might have some uses I’ve not thought of.

Before I set off with this one I’m going to issue a few warnings:

  • Your distribution (if you are hosting this on a Linux machine) may have a package for WordPress which makes for a much easier install, and (going with the example of Debian) receives quick, convenient updates through the package manager.
  • You should be familiar with the Linux system including File Permissions, the Apache Web Server, and various other tools.
  • If you get the permissions wrong as I did you can end up letting the world see your config files which include your database credentials and the keys you generate during the setup.

Those issues aside the set up process is relatively simple. As I’m using Debian (stable, which is Lenny at the time of writing) I may make references to Debian specific things such as the package manager apt. Let’s get cracking then.

First, you’re going to want to install all the relevant modules (run this as root):

apt-get install apache2 php5 mysql-server libapache2-mod-suphp

With those installed you’re able to get going with your basic WordPress installation. I’m not going to duplicate WordPress’s installation guide as that would be completely pointless, so here it is:

http://codex.wordpress.org/Installing_WordPress#Detailed_Instructions

Once you’ve got WordPress unpacked (I personally chose to set it up in my home directory ~/wordpress/ and add a vhost config in Apache’s sites-available with the appropriate directory as the DocumentRoot, there are plenty of guides for this if you do a quick search) you should set about fixing its permissions. For this I chose to use the Linux find program. I don’t guarantee that this is the complete set of commands and you should probably check through the installation thoroughly in case I missed one out (I managed to do one of these quite incorrectly initially so I spent a while sorting out the mess I’d caused).

find ~/wordpress/ -type d -exec chmod 755 {} ;
find ~/wordpress/ -type f -exec chmod 644 {} ;
find ~/wordpress/ -type f -name "*.php" -exec chmod 600 {} ;

Having followed the WordPress installation guide you should have a working database (I sort of recommend phpmyadmin for this, especially if you want to do this in a GUI) and configuration. Now for the important part. You need to configure suPHP, and to be honest this is almost completely trivial.  First enable the module:

a2enmod suphp

Then edit the suphp config file at /etc/suphp/suphp.conf so that it contains either the line:

check_vhost_docroot=true

or the line:

docroot=/path/to/your/docroot/

The first will allow suPHP to run anywhere you define a DocumentRoot in your Apache vhost, the latter will allow you to point suPHP to a specified DocumentRoot.

Finally, you need to edit your apache2.conf (found in /etc/apache2/) to turn off the standard apache mod_php. I personally use the following config as I have no use for mod_php within /home (however if you do you may want to swap php_admin_flag for php_flag so that you can enable the module for other php sites you’re hosting):

<Directory /home>
 php_admin_flag engine off
</Directory>

<Directory /home>
AddHandler application/x-httpd-php .php .php3 .php4 .php5 .phtml
suPHP_AddHandler application/x-httpd-php
suPHP_Engine on
</Directory>

That should do the job! If I’ve missed any hilariously crucial stage out then please slap me in a comment so I can add it in.

EDIT (27/05/2009): I probably should have actually explained what suPHP does. All it means is that any PHP files are executed as their owner. In my case the main benefit of this is that the config file doesn’t need to be readable to anyone but myself. Possibly a greater advantage, and one which becomes immediately apparent in a shared hosting environment, is that the PHP files are only executed with the permissions of the user. This means that as long as you’ve got sensible limitations in place on the user anyway, they shouldn’t be able to cause any more damage than they could from their shell (and there you can probably see the advantage of the php_admin_flag which they cannot override).