Relentless Simplicity :: The Bonanzle Tech Blog

Bonanzle is aiming to be the Seattle Craigslist seller paradise by offering two sweet new features:

1. Item importing. Items can be imported directly from Seattle Craigslist (or any other Craigslist, for that matter) by following the link to our Seattle Craigslist offer.
2. 0 red tape account setup. You can test drive what it’s like to sell on Bonanzle without even setting up an account. I don’t think it could get much more simple if we tried.

Visit the link to see what Bonanzle is all about. The more people on the site, the more fun and addictive it shall become.

What is Bonanzle?

Bonanzle is an online marketplace for buying and selling goods faster while having more fun. We also aim to create the marketplace that is the most simple, yet powerful choice around.

Is Bonanzle a real word?

It is now. And it’s a verb. Bonanzle combines the wealth and excitement inherent in Bonanza (a large pocket of valuable mineral, or a source of prosperity), and the action implicit in -le (as in babble, burble, bustle). To Bonanzle is to spend quality time at an online space buying and selling goods, and meeting people.

What’s the launch plan?

In the month of May, we get as many items as possible on the site. Hopefully more than a thousand, hopefully from eBay and Craigslist refugees that are sick of complexity/fees, and who want a more immersive experience, respectively. On June 14th, the site opens to buyers. On June 21st, the great Bonanzle Bonanza happens (where as many booths as possible have a Bonanza on the same day). Sometime thereafter, we officially launch, depending on when the site achieves consistent stability and zippiness.

I care about the environment.  Does Bonanzle? 

Well that’s a loaded question if ever I heard one!  We run a carbon-offset surplus. At Bonanzle, our goal is to offset twice the carbon we create, so that we will actively reduce CO2 levels. And when you consider that environmental watchdog ClimateCounts.org gave both eBay and Amazon.com its lowest score for online businesses, it is pretty important that we go beyond offsetting just our own use. We know of no other online marketplace committed to offsetting double the carbon it uses. We believe this makes us the environmental leader amongst online sellers. And we feel pretty good about that.   But not so good that we’re going to relegate ourselves to advertising as a foofy environmental site.

Bill Progress, Technology bonanzle, craigslist, items, seattle, sellers

UPDATE 5/24/08: There was a recent APB security bulletin for all those running Debian-based OSes (including Debian) with OpenSSL 0.9.8c (released 2006) onward. You can read about it here. Long story short: if you’re running a flavor of Debian, you should run “sudo apt-get update” and “sudo apt-get upgrade openssl” before you start these instructions, to ensure that you’re using the patched version of SSL. We now resume our regularly scheduled programming…

If you have a database in one place and some Rails stuff in another place (be it your Rails app, or an asynchronous module that interacts with the DB), and if you’re running on a hosted server (i.e., you can’t just setup a hardware firewall for your entire server network), chances are you have thought or should be thinking about setting up your database to accept SSL connections. This ensures that malicious third parties can’t read the network packets being transmitted between your remote server and your database. Here are some of the sites and notes that I used to get us setup doing this:

For detailed but not too-detailed instructions on generating the SSL keys with MySQL, the MySQL documentation on SSL is great. This documentation describes not only how to generate your SSL keys, but also how to tell your DB who to accept connections from, and whether SSL is required when interacting with those remote IPs.

Important Note 1: to get the shell script on the MySql page working, you’ll need to change the directory in the script so that your openssl.cnf file is at /etc/ssl/openssl.cnf (if you’re running Gutsy).

Important Note 2: The “common name” field in your client and server keys must be different, or your key generation will fail. You’ll know you got it wrong if you run the shell script and it doesn’t ask you if you want to sign the certificate.

A couple other points not specifically called out in the MySQL documentation:

1) to tell MySQL to load with your server certificates, “sudo vi /etc/mysql/my.cnf”. There are a couple lines near the bottom of the file (under the mysqld section) that you can uncomment and change to point at location where your certificates reside.

2) To stop and restart your MySQL server on Ubuntu (necessary so the my.cnf file is reloaded), run “/etc/init.d/mysql stop” or “/etc/init.d/mysql start”. Yes, it won’t work unless you include the path (at least, it wouldn’t for me, and the other Google results I found).

After you think your SSL certificates are legit, you can double check your work by following the instructions here. The link has the commands for verifying that your server and client certificates are setup correctly.

Next, when you have the server certificates setup, you’ve granted access to your remote box (as specified in the MySQL instructions) and you’ve copied the client certificates to your remote box, I recommend testing your mysql connection from the command line on the remote box to verify that everything is kosher. Something like this should do the trick:

mysql -u [username] -p[password] -h [mysql box address] –ssl-capath=[path to client certificates] –ssl-ca=[path to ca-cert]/ca-cert.pem –ssl-cert=[path to client cert]/client-cert.pem –ssl-key=[path to client-key.pem]/client-key.pem

This assumes that you’ve retained the default filenames (ca-cert.pem, client-cert.pem, client-key.pem) mentioned in the MySQL documentation.

If all is well, you should get connected to your MySQL server.

Next up is to setup your database.yml so that it can do this stuff for you. I was somewhat surprised to find that database.yml actually already has (almost completely undocumented) options for SSL security. Do a find all in the Rails source for “:sslkey” and you’ll find all of the options that you can pass to database.yml. Make the database.yml options point to the correct address/filesnames, and you have yourself a more secure connection between remote boxes and your DB.

If you don’t feel like doing the find all, here are the relevant SSL options to put in your database.yml:

sslkey: /path/to/client-key.pem
sslcert: /path/to/client-cert.pem
sslca: /path/to/ca-cert.pem
sslcapath: /path/to/certificates

Bill Rails

After spending too many frustrating hours and days fighting BackgrounDRb to connect to multiple servers, I decided to try option #2, the Starling/Workling combo, as of yesterday evening. So far, I’ve been really pleased with most of the setup. I had it working preliminarily in about an hour (compare to about 2 full days for one of our developers to get BackgroundRb setup) locally. However, if there is one thing that’d made Starling difficult so far, though, it’s the lack of useful results I get when I Google anything I can think to Google about Starling documentation. Thus, I am going to try to keep updating this blog as I get Starling tweaked and working, with all of the information I can gather to try to make future Starlingers have a bit easier proposition.

Installation

On your Starling server(s), run “sudo gem install starling” to install it.

On your clients, you talk with Starling via memcached, so you’ll need the memcached client installed. “sudo gem install memcache-client” should do the trick.

Basic Usage Example

I found this morsel in the readme.txt for the Starling gem:

# Start the Starling server as a daemonized process:
# Note by Bill -- I believe that starling will only run as root currently
sudo starling -h 192.168.1.1 -d

# Put messages onto a queue:
require 'memcache'
starling = MemCache.new('192.168.1.1:22122')
starling.set('my_queue', 12345)

# Get messages from the queue:
require 'memcache'
starling = MemCache.new('192.168.1.1:22122')
loop { puts starling.get('my_queue') }

The first line starts a starling that listens on 192.168.1.1, i.e., on your local network. The next lines actually connect to that Starling and test it. They can be run from within irb to verify that your Starling setup is working as expected.

Other options

In general, you can see memcached methods to figure out what Starling is capable of (well documented here). The key difference between Starling and Memcached, from my testing, is that Starling’s get() returns the hash value and deletes it from the cache. Memcached’s get() just returns the value, which is still in the cache until you call delete().

Otherwise, Starling is pretty similar to Memcached. For example (from Starling tests):

starling = MemCache.new('192.168.1.1:22122')
starling.set('test_set_with_expiry', 5 + 2, now)
starling.set('test_set_with_expiry', 5)
sleep(now + 1 - Time.now.to_f)
starling.get('test_set_with_expiry') # returns 5


Like memcached, if you want to get stats on your Starling, such as number of items in the queue, bytes used, starling version, log size, cache hits/misses, total connections, stuff that’s currently cached, and more, you can run stats() on your starling connection object, like so:

starling = MemCache.new('192.168.1.1:22122')
starling.stats # returns hash of statistics on the starling connection


Bugs and Caveats

When you’re setting your Starling up on a remote server, you’ll want to remember to change the address you bind to when you change Starling, e.g., “sudo starling -h my_ip_address -d”. If you’re not root, you’ll probably need the sudo, since Starling binds to network ports.

A couple more apparent bugs I’ve experienced with Starling (running gem version 0.9.3 on Gutsy):

• Even if I specify a log file on the command line, no log file is generated
• Though when you get() a message it is removed from the queue, it still exists in the /var/spool/starling directory, from what I can tell, indefinitely - Blaine explains this in my Starling update

If anyone who has been a longer-time Starling user has seen and gotten past these issues, I’d sure like to hear them.

Update

I was able to talk with Blaine at Railsconf about some of my specific questions about Starling, and about the future of Starling in general. Read about it here.

Bill Rails

http://www.bonanzle.com

There is no way you could post items for sale faster anywhere on the Internet.

Please support this blog and put some stuff up for sale. The time to take pictures + visit the site + post the items is nearly guaranteed to be less than an hour in total.

Bill Uncategorized