Drift Into View 3: Localhost

Sunday, 31 October 2004

Let's recap the story so far. I had decided to create a new dynamic web site to replace the old static one. The plan was to use popular open-source tools, MySQL and PHP. All of this, however, has to be built somewhere safe away from the hubbub of the internet. On my desktop. Which meant I had to inject new and wonderful concoctions into my PC. In the last exciting episode, I related some of the issues with MySQL. This time, I'm going to "discuss" the obstacles involved in setting up a web server on my PC. After all, I couldn't test PHP without a web server.

I can remember sitting there in my Tokyo apartment, comfortably discussing with myself whether to go with Microsoft's IIS, which was already on my PC as part of Windows XP, or with the open-source alternative Apache. Microsoft products are generally GUI-based and I didn't want to spend too much time setting up a web server, plus IIS was already installed. So I chose the IIS route.

Idiot.

The Internet Is Full Of Perverts

The idea of personal computing is a bald-faced lie: viruses, confusing questions, technology for the sake of technology, complicated abstractions upon hidden dependencies and so on. When I first installed Windows XP on my PC, I faced a completely different choice to my web server decision. We all have demons in our past, but this particular fork in the road has haunted me ever since.

Unix and Linux systems are built around multiple users, security fashioned from segregation. Windows systems for the home, typically, have been built around a single user, perhaps a family. In this nuclear family, no-one wants to logon. Honey, I need a damn password for my own damn machine, what kind of crazy ass-backwards logic is that? And you know, I couldn't fault Microsoft for this particular design point, even though the sneering hordes of *nix users sneered in a sneering way. But then look what happened next.

Microsoft got the Internet and then transformed every single freaking component of Windows into an open internet hole of some kind. Now I already talked about promiscuity when I discussed MySQL and this kind of thing just makes your computer dirty. Your Windows operating system wakes up the following morning, hair unkempt, feeling a bit nauseous, and croaks, "Oh boy, I don't remember who I was with last night, but dang it sure were fun!" The original dream of the Internet was a place of openness where everybody co-operated and we were all shiny happy people holding hands. The reality it became was a crowded commuter train full of people trying to grope your ports.

grope:
seeker > !attach Princess

We all need firewalls but this is missing the more subtle point that any secure system that has a public presence should have proper user authentication. And administrator deity accounts with ominpotent powers should not coincide with the regular user accounts.

When I installed XP, I chose to have a separate user from the system administrator account for two reasons. Sensible reason number one was for security. Admirable reason number two was for the experience so that if I wrote a program I would be confident that a user could run it under a non-administrator account.

Idiot.

A User Too Far

I get constant alerts from my firewall, ZoneAlarm, that a new program wants to contact the internet or be an open and accessible server. These are programs which I do not doubt the sincerity of, yet on the other hand they have no valid wholesome moral reason why they have to contact the internet. If I block them, there will be a delay as the program realizes it's not getting a free pass; sometimes it's worse, and the program sulks in the corner. No internet, no dice dude.

It's no surprise that when Microsoft decided it was high time to force the firewall issue on it's customer base with Windows XP Service Pack 2, all hell broke loose. Some people say just turn off the firewall too. It's not even a great firewall - it only blocks inbound traffic. If you've got the equivalent of STDs on your PC already, with worms or trojans lurking beneath the surface, you'll still need to see a good anti-virus doctor to get the infection treated.

Now I have complained about IIS before. No-one seems to write developer software for me, the guy who wants to keep his PC safe. Does every home developer out there run everything as the administrator with every port open? IIS didn't like Zone Alarm and would not function, which might not sound surprising to you, considering IIS is supposed to be a web server. But we all need a development environment don't we? Somewhere offline, where you can create your stylish masterpiece of HTML in private.

So I let it out as I didn't seem to have any option. However, without any extra configuration on my part it seemed to be invisible on the web by default. On one hand, this is really great, but of course my natural pessimism took over. Maybe my lucky break with IIS was temporary and it would switch to public nudity on the Internet when I wasn't looking. And what if, one day, I want my own server to be visible on the web? Oh good God, man. Nevertheless, the muted euphoria of discovering that IIS was undiscoverable on the web was soon to be crushed.

I've had a lot of problems trying to run software outside of the administrator. For example, if I use "Run As..." to install a program as the administrator then the shortcuts only get added to the administrator's desktop and Start menu. Games? Don't even think about it, those puppies need hardware access. I've got a separate installation of Windows XP for games and it only has one user. If you want to know exactly how many infernal hoops you have hop through to run an XP system with an ordinary user account, you should take a look at Aaron Margosis' infrequently updated web log.

So it should come to you as no surprise that I could only see the web pages on my IIS server as the administrator and not as Mr. Joe Regular User guy. And you know, try as I damn well might, I got damn well nowhere, and with real life making some extra demands on my time, the Electron Drift project stalled.

The Double-Take Moment

Months passed and it was only in the last few weeks before I left Japan that I returned to my IIS troubles. I was determined to get Electron Drift done. So I fired up IIS and started pooling together information on how IIS worked. I would have read any IIS tome if it would have bought me closer to my goal of a fully-working dynamic web site.

Of course I was a bit rusty on the progress I had made, so I had to check out the situation first. Sure enough there was a problem when trying to view the page http://localhost and the browser kept on coming back with an internal server error page. Then I noticed that the administrator was having a problem too. Now hold on, I thought, this wasn't what happened before. Then I tried to call a page other than the home page, something like http://localhost/electrondrift/test.html. The page miraculously appeared in the browser.

It bloody worked.

In the final analysis, I learnt approximately jack squat about IIS. I never wanted to learn about it either, so congratulations to me, I got my wish. Black magic and random button pressing got it to work (never let me loose in a nuclear reactor). If anyone out there wants to e-mail me and explain how an IIS implementation can be switched between web visibility and just being local, then I'm all ears, because I couldn't track down that information even with hours of Google searching! But never mind, it doesn't really matter so much because if I do create a web server that doesn't involve any ASP.NET, I'm probably going to create an Apache implementation.

When I think back over the whole IIS debacle, there is one word that keeps repeating over and over again in my mind. It reminds me of how smart I was in making life as hard as possible for myself.

Idiot.

End