Archive for May, 2011

New Thinkpad

I just received my new Thinkpad W520 laptop and the least I can say is, wow, its amazing…

  • Intel Core i7-2820QM Processor (2.30GHz, 8MB L3)
  • Dual boot Ubuntu 11.04 64/Windows 7 Professional 64
  • 15.6″ FHD (1920 x 1080) LED Backlit Anti-Glare Display
  • NVIDIA Quadro 2000M Graphics with 2GB DDR3 Memory
  • 16 GB PC3-10600 DDR3 SDRAM 1333MHz SODIMM Memory
  • UltraNav with TrackPoint & touchpad plus Fingerprint reader
  • 720p Camera
  • 750 GB Primary Hard Disk Drive, 7200rpm
  • 1 TB Secondary Hard Disk Drive, 5400rpm
  • DVD recordable multiburner
  • Express Card Slot & 4 in 1 Card Reader
  • 9 cell Li-Ion Battery – 55++
  • Bluetooth 3.0
  • Intel Centrino Ultimate-N 6300 (3×3 AGN)
  • 2 USB 3.0 ports
  • 1 USB/eSATA
  • 1 Powered USB
  • Dual digital microphone
  • ThinkPad Mini Dock Plus Series 3

I’ve had a blast with this thing so far, and can’t wait to dig into it more. It boots up quicker than you can believe and runs several virtual machines simultaneously with no issues at all. I plan on putting in an Intel 310 Soda Creek PCI-E SSD as soon as they get in stock on Newegg to even juice the performance a bit further. There are only two things I dislike about it thus far: 1. the size of the power adapter, its literally 3x the size of the 90W adapter that came with my T500, but that’s understandable I guess for a 170W adapter 2. The speakers are unusually quiet at full volume, even headphones are quieter than I would have thought them to be.

Patching Seaside for deployment

I’m currently in the process of deploying a Seaside application on my server at the University, and I noticed something that I needed to fix before I went any further. By default, the server adapters that ship with Seaside will listen on all interfaces for connections. Since I plan on proxying my Pharo image behind an Apache server, with Apache doing all of the authentication, I did not want my Seaside server to be accessible to outside clients on the port its listening on. This would allow them to bypass my authentication mechanisms I have in place.

I dug through the Seaside code a bit and found what I needed to patch. Note here, I only am patching the WAListenerAdaptor since that is the adaptor which supports Comet (which my application makes heavy use of).

Here is the original code:

WAListenerAdaptor>>listenLoop
	| socket |
	socket := Socket newTCP.
	socket 
		listenOn: port
		backlogSize: 50.
	socket isValid ifFalse: [ self error: 'Cannot listen on port ' , port greaseString ].
	
	[ 
	[ socket isValid ifFalse: [ ^ self listenLoop ].
	self waitForConnection: socket ] repeat ] ifCurtailed: 
		[ (Delay forMilliseconds: 10) wait.
		socket destroy ]

And the patched code:

WAListenerAdaptor>>listenLoop
	| socket |
	socket := Socket newTCP.
	socket 
		listenOn: port
		backlogSize: 50
		interface: NetNameResolver loopBackAddress.
	socket isValid ifFalse: [ self error: 'Cannot listen on port ' , port greaseString ].
	
	[ 
	[ socket isValid ifFalse: [ ^ self listenLoop ].
	self waitForConnection: socket ] repeat ] ifCurtailed: 
		[ (Delay forMilliseconds: 10) wait.
		socket destroy ]

Notice how I changed the socket initialization message to include the interface keyword, and supplied it with the loop back address. Now my application is only accessible via 127.0.0.1 or localhost, and not via its external IP.

The alternative would have been to leave the code unpatched and instead write some iptables firewall rules to block on the port the Seaside adaptor is listening on, but this seemed like a simpler solution and allows me to leave the rest of my system untouched. Also, this solution is the only possible way to do it if you do not have root access to the machine to add iptables rules.