Dolphin 7 Error Scenarios and Failure Handling

CodeSatori posted 7th of March 2010 in Community Voice. 16 comments.

I'd like to suggest that as one of the future development priorities, the Dolphin 7 team do something about error and failure scenario handling.

This blog is not about solving a particular issue -- I don't need help for this, and I especially don't need to be directed to forums for this as a heads up for those of you about to tell me so. =) This is a general point and development suggestion about the need for proper error handling and common quirk/fubar scenario elimination.

To illustrate a very unhelpful scenario, I have just thrown in a fresh D7.0.0 bundle on my local test server just to dump out some variables to have a reference point for helping out a user who's working on an auto-login modification (discussed in the other blog by Mike). I clicked along happily and thought I'll finally be able to do a graceful install, but alas at the end the screenshot below is what I faced. (See full size.)

Dolphin 7 Almost Epic Fail

And that is not helpful or well-handled. Now I realize this is probably because you are still using those <? short form tags somewhere, but you should be prepared for scenarios like this as short form tags are very commonly switched off, and check at the start of the installer whether no short-form tags might result in catastrophic failure. (Incidentally why do the developers not keep their test servers at the most common hosting configurations to maximize compatibility?) And may I also point out that I have actually seen this same error before, many moons ago, and pointed it out for fixing when another Dolphin user bumped against the very same wall.

You see in the above that the first thing blurted out is "register globals is On", while I can guarantee it is absolutely off (and someone turning it on on my machine will face serious consequences), and mb_string is on as well. My test box is a very common Apache/PHP setup with D7 dependencies already on. (Except for the short tag form which is not on by default, and also not listed as a requirement.) It's not that hard to have your installer script check the necessary php.ini settings that would avoid catastrophic failures. (I still have that simple stand-alone requirement checker script ripped from the D7 installer if someone wants to take it on and start developing.)

In this scenario, I am receiving misleading error messages, no means of going back to see what might have gone wrong, a link to a Troubleshooter that is useless for this purpose, and I am forced to just start from a scratch (after correcting the installer code myself to proper form). Now I bet a lot of people bump into this view, because as noted it's a very common server configuration this is being installed on.

Please try and fix these simple little things that cause these FUBAR level situations, try to get in some sort of error handling (and even capture+logging) together, whichsoever way you may do it, and turn it into something that's actually informative and helpful for your users. You could even link these error situations directly to the relevant online tutorial for rescue and recovery, instead of serving out a generic link to a hundred FAQs.

Now I'm heading out for a smoke, then I'm wiping out the database, then mailing off an educated guess instead of tested info to that modder whom I was trying to help out here (that's why I was installing), and then continuing with my regular work. I don't have time to run into walls right now unfortunately, and I suppose that's why I have not done as much as I might have on the D7 extension frontier. Let's give it another go tomorrow and see how the birds chirp. I don't think I've ever gotten a Dolphin install to work out of the box at the first shot, with all these versions I've tested over the last year... Right now it's tasting a tad bit salty here.

If the Dolphin 7 developer team are interested in suggestions for simple architectural improvements and error handling solutions that shouldn't take too long to implement (and yes, not generic but specifically for the problems in your software), please feel free to contact me anytime.

------------------------------------

How humorous... Speak of the devil! (Screenshot) Now I am trying to post this, and I have also picked 10 tags for the post, but I'm being told to "Please enter at least 100 characters" and "Please enter at least one tag word, min 3 alphanumeric characters." I guess them error message stars just ain't in the correct alignment today on me Boonex sky!
------------------------------------

Trying in Chrome... I get this sort of view; the blog rules popup box doesn't pop open, but just jams mid-screen as a blank bar and blocks the view. Finally discovered what caused the "100 characters" error message. I use m-dash often in my text -- it's the long dash you see in proper printed text instead of a cheap online double dash, you get it with ALT+0151 -- and that resets your counter, making it think it's under 100 characters. And the tag error is caused by a period in the tag (I had php.ini as one).

 
Comments
·Oldest
·Top
Please login to post a comment.
CodeSatori
And on that note, while TinyMCE lets me have an image float to left or right of the text, the float and all other CSS are filtered out when it's finally posted. You may want to skim through TinyMCE documentation (http://tinymce.moxiecode.com/documentation.php) and snip out editor features that will be eliminated by your post parser. It saves time and nerves to not do something to make things look nice only to find out the work was filtered out.

Pardon the volley of grumble; you're doing great see more work at times, and at times you really need to shape up a bit to keep your product and services up to industry standards. All of this is meant to encourage you to get there sooner, and highlight issues you need to (in my view) focus on to make the going a bit less rocky for all. Dolphin 7 and Unity just happened to waste about an hour of my time in something that should have been over in 5 minutes.
AlexT
Thank you for pointing this out, it is already fixed some time ago:
http://www.boonex.com/trac/dolphin/ticket/1845
CodeSatori
So I see notice you decided to force the short_open_tag to provide a quick fix? Let me quote from my php.ini for the official PHP developers' stand on this, stated right next to this switch:
----------------------------
This directive determines whether or not PHP will recognize code between <? and ?> tags as PHP source which should be processed as such. It's been recommended for several years that you not use the short tag "short cut" and instead to use the full <?php and ?> see more tag combination. With the wide spread use of XML and use of these tags by other languages, the server can become easily confused and end up parsing the wrong code in the wrong context. But because this short cut has been a feature for such a long time, it's currently still supported for backwards compatibility, but we recommend you don't use them.
Default Value: On
Development Value: Off
Production Value: Off
----------------------------
In light of the above recommendation by PHP developers, you may want to reconsider your approach and think about instead revising your code to not include those short tags. =)
CodeSatori
While we're on the general topic of problems that can arise with error messages, have you ever tried what happens if a database connection fails? Here's what just happened to me after I wiped the DB for a reinstall (as the modules didn't show up in the Admin panel after installation, I suspect I was still in the middle of a short_tag cough issue there) and refreshed the page for plain curiosity to see what'd happen.

http://codesatori.com/hosted/dolphin_7_no_db_connection.png

Not quite sure see more what happened, but I assume there was a gigaton of information in the buffer that was output, and there was so much of it coming in that my browser froze and had to be manually killed from Task Manager... And I had to kill Apache as well to get the processing to finally stop (this shot my CPU usage to the roof and kept it there). It looks like every variable in the system was in the process of being dumped on-screen, and possibly code from some included files was coming in too. You can look at the scrollbar to get an idea of how much data was flooding in.

Cont'd...
CodeSatori
...

Notice the areas I have have highlighted and blurred in the screenshot; all MySQL connection details, and every other sort of sensitive data got dumped on the screen. If this had been on a production server, and the database glitch caused by whichever reason while the admin wasn't around, every visitor would have 1) had their browsers freeze, and 2) it would have exposed every sort of sensitive data in the system. (Including FTP passwords if some were saved, see bottom right.)

If the var_dump see more (or print_r or whatever did this) was put in there for debugging purposes, you may want to consider for example changing that to write them to a (random-named) file instead, and displaying a message to admin to go grab it from there over FTP and troubleshoot. Otherwise you have a very serious vulnerability scenario going on there in glitch events. (And I seem to be getting lots of them today with Dolphin!)

If this hasn't been reported yet, you may want to try and replicate it, and get it fixed to make sure that sensitive data doesn't get exposed wholesale if there's a server glitch with the database connection.

In general, it'd be good to get situations like this covered, and again this ties in with the general need for proper error handling, which was the reason for my opening blog to begin with. Don't mind my notes here --- not trying to create extra work for you as I know you're busy as it is, just trying to spare you from even more extra work in the long haul.
Nathan Paton
Either way, it's a case of lazy programming. I was taught to not use lazy coding practices such as this, and anyone I teach has witnessed my furry if they do the same.
CodeSatori
In Finland we have a charming song for the children, and it goes as follows (not quite as charming in English, but I tried to keep the rhythm and rhyme the same):

Little Matthew's car has got a tire that went flat,
A tire that went flat, a tire that went flat,
Little Matthew's car has got a tire that went flat,
And we took a bit of chewing gum to patch!
CodeSatori
Unity is by the way also throwing up SQL errors tonight, something to do with your comments query.

| Cannot complete query (getAll):
| Got error 127 from storage engine
| Call stack: getAll[/home/boonex/public_html/unity/modules/Blog/classes/BxBlgSql.php5, 915] ....

For the record, error 127 generally has to do with a table corruption exception MySQL throws in, and can be caused by anything from an unexpectedly killed script to a hardware failure. You may want to optimize your comments see more table to make sure you don't have booboos there. It's only thrown on random loads, so you wouldn't know it's happening unless you hit the random bump.

If Unity were running on a fresh copy of Dolphin 7.0.0, it might just have repeated the scenario I noted in the previous post, blurting out all of your SQL passwords and the rest of the goodies for all the world to see and have fun with. And you know where that might lead to (wholesale 0Wn3D), since not everyone is as white-hat as I happen to be. Good thing for our data and privacy that your site still hasn't been migrated to Dolphin.
DosDawg
brother code ( this should be posted in the forum)....

well i had to say it, you expected it, and i see that no ball busters have come by to haunt you on this. (of course you know i am kidding) issues like this should be front and center. and they should be addressed. however, as has been the experience from many of us, when you bring up issues of this nature, you will quickly find that you can no longer find your blog post. it gets ruffled to the bottom of the pile, and there is no way to revive see more it to come back up to the top for air, so it eventually drowns.

you have brought up some very exclusive points, and points i may add have already been addressed with boonex, not only on this script, but many of the other applications that they have released.

hopefully we can get the guys who are responsible for turning out the production to realize that if its quick and easy, its most likely wrong.

now to discuss exactly what these errors are that you say are not helpful, they are helpful to many of us who have used dolphin for a period of time, but moreover, if one took the time to read the developers server requirements, these errors would never have been populated on this instance:

Register Globals --- should be off
Safe Mode --- should be off
Allow_url_fopen ---- should be on
PHP Version ---- 5.2.0 minimum
mbstring extension --- should be installed
allow_url_include ---- should be off
install directory ---- removed or renamed


so where the errors are not in the greatest format of presentation, they are still clear in most instances.

\/
DosDawg
CodeSatori
On finding blog posts, one thing I'm having a hard time finding is a link to further pages of blogs on the front page of Blogs in Unity. Am I blind, or has pagination gone missing?

I am of course familiar with all these PHP directives, and as noted my configuration is already correct. The point of it in my screenshot is that none of the scribble that you see on the screen is in any way relevant; it's just an undifferentiated blurt-out of raw code that hasn't been properly parsed because of the see more omitted installer check for the requirement for short form PHP tags; which I have now learned has been corrected with a chewing-gum patch that goes against PHP language developers' explicit recommendations.

If you have a look at the second main screenshot I linked to in my comment, you'll see an even more perplexing scenario, and these sorts of general fail scenarios should be somehow gracefully handled. I have also linked to two confusing errors I received when attempting to actually post this blog here in Unity. The second Dolphin 7 fail scenario actually represents a potentially very serious vulnerability scenario with exposed system information, and I'm surprised no-one has paid much attention to it.

I would be curious to know which Boonex developers are responsible for handling which areas of the software; for example, who's the main man for security issues, who's the main man for architecture design, and who's behind interfaces and general design. Are there any clear areas of responsibility, or do they just take it as it comes in turns? (I realize I have been trying to ask something along these lines in the past, too... I think in a blog that got buried under!)
cbassthefish
I suspect that the older blog posts simply fall off the edge of the world.
CodeSatori
They all do exist, while the pagination is missing. I wonder if that's intentional, since for example the Sites area does have pagination in place. If someone wants to browse older blogs in the meantime, here are the URLs.

http://www.boonex.com/unity/blog/home/?start=10
http://www.boonex.com/unity/blog/home/?start=20
http://www.boonex.com/unity/blog/home/?start=30
http://www.boonex.com/unity/blog/home/?start=40
http://www.boonex.com/unity/blog/home/?start=50
http://www.boonex.com/unity/blog/home/?start=60
http://www.boonex.com/unity/blog/home/?start=70
http://www.boonex.com/unity/blog/home/?start=80
http://www.boonex.com/unity/blog/home/?start=90
http://www.boonex.com/unity/blog/home/?start=100

Would see more be good to have the pagination flipped on for blogs though, as the average lifespan of a blog is longer than it takes for it to get bumped off the grid by the latest 10 new blogs.

You can get the latest 20 from the bar at the bottom of the screen, with the following URL: http://www.boonex.com/unity/blog/latest

Overall it looks like a lot of functionality has gone amiss with the latest Unity upgrades. For one, the tag listings atop the page are now the predominant feature, while it makes make more sense (at least to me) to have them as an accessory somewhere on the side and not at the main point of focus.
CodeSatori
So I guess nobody gives a flying foobar over the fact that we're talking about a critical level vulnerability potential here. I am a good guy and will not start talking about ways of triggering scenarios like the one illustrated, but it doesn't take a rocket scientist to start probing around a bit to see which Dolphin might go down and blurt out those juicy passwords. Suggest you include at least this fail scenario for 7.0.1 update fixing, whatever else you may or may not do with your error handlers. see more As a general precaution, others may want to NOT save their FTP passwords in their Dolphin setup, because that's the grand avenue in, and SQL passwords are still a little bit harder to exploit even if you get hold of them.

For a reminder, here's what I'm talking about: http://codesatori.com/hosted/dolphin_7_no_db_connection.png
DosDawg
COdeSatori,
i was busting your shoes bud. i know you know what all the directives are, just thought i would post them in case somebody else read them that was facing the same issue and was just completely lost.

its all good bro, just having fun. you are one of the few who wont fall out of your tree (not that you live in a tree). geez im shutting up.

Regards,
DosDawg
DosDawg
CodeSatori,
your questions deserve an answer. doubt you will ever get one. but your answers are concise and as a community member, there should be some accountability to the community from the developers.

Repost your inquiry front and center again, and maybe you will get an answer. ( again doubtful ) well maybe if you paid for the information you could get that.

Regards,
DosDawg
CodeSatori
Haha, I actually do live in a tree! --- http://www.halfsatori.com/2009/04/he-built-shrine-at-radha-kunda.html (Scroll down to comments for a translation of a lovely Finnish song of Furry Grump who lives in a tree.)

Or at least used to live in the strangest places, including a cave on a mountain peak and a nearby abandoned Buddhist shrine near Kathmandu, keeping company with an old holy man who had lived in the hollow of a tree for half a decade. I wouldn't mind living in a tree at all, if only see more I had solar power and wireless net to keep the code moving and communications active.

I am of course not going to pay myself to help someone out, unless it's a very exceptional situation. I can cover my own ass where need be with all this stuff, but I'm not going to do for free something that others should be doing (and are paid to do so). These pointers are quite sufficient, if someone cares enough.
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
PET:0.049642086029053