Friday, December 31, 2010

Generic Input Sanitizer PHP 5.2 Greater

SkyHi @ Friday, December 31, 2010
With the ever increasing attacks on websites for place malware links and site defacement a programmer must be ready. Also many times these attacks are on older systems that need to be supported. I have developed a PHP 5.x approach to this. The code is a block of code that can be added at the top of your script. If you have a special need to sanitize the input then add the form field name or query string field name into the array and let the script do the rest.
Here is the code:


<?php
# Add the Post or Get fields coming in to specify filter.
# Default: filter string
$filters = array(
  'my_text'       =>  'string',
  'my_email'      =>  'email',
  'my_url'        =>  'url',
  'my_chars'      =>  'special',
  'my_int'        =>  'int',
  'my_float'      =>  'float',
  'my_encoded'    =>  'encoded'
);
 
foreach($_POST as $key=>$value){
 
  if(array_key_exists($key, $filters)){
  switch ($filters[$key]){
  case 'string':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  break;
   
  case 'email':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_EMAIL);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_EMAIL);
  break;
   
  case 'url':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_URL);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_URL);
  break;
   
  case 'special':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_SPECIAL_CHARS);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_SPECIAL_CHARS);
  break;
   
  case 'int':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_INT);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_INT);
  break;
   
  case 'float':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_FLOAT);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_FLOAT);
  break;
   
  case 'encoded':
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_ENCODED);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_ENCODED);
  break;
   
  default :
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  }
  } else {
  $_POST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  }
 
}
 
foreach($_GET as $key=>$value){
 
  if(array_key_exists($key, $filters)){
  switch ($filters[$key]){
  case 'string':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  break;
   
  case 'email':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_EMAIL);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_EMAIL);
  break;
   
  case 'url':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_URL);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_URL);
  break;
   
  case 'special':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_SPECIAL_CHARS);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_SPECIAL_CHARS);
  break;
   
  case 'int':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_INT);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_INT);
  break;
   
  case 'float':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_FLOAT);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_FLOAT);
  break;
   
  case 'encoded':
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_ENCODED);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_ENCODED);
  break;
   
  default :
  $_GET[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_POST, $key, FILTER_SANITIZE_STRING);
  }
  } else {
  $_GET[$key] = filter_input(INPUT_GET, $key, FILTER_SANITIZE_STRING);
  $_REQUEST[$key] = filter_input(INPUT_GET, $key, FILTER_SANITIZE_STRING);
  }
}

?>


REFERENCES
http://scovol.net/2010/02/12/generic-input-sanitizer/

Difference between 'Uplink' and Port Speed

SkyHi @ Friday, December 31, 2010
Port Speed refers the speed of data transferring in the hardware, and
UpLink is related to the speed of data transferring fro client side to
server, whose speed can be controlled by the administrator.


REFERENCES
http://serverfault.com/questions/217702/difference-between-uplink-and-port-speed

What is better LVM on RAID or RAID on LVM?

SkyHi @ Friday, December 31, 2010

QUESTION:

I currently have LVM on software RAID, but I'd like to ask you what you think it is better solution, maybe some pros and cons?



Edit: It is about software raid on lvm or lvm on software raid. I know than hardware raid is better if we are thinking about performance.

ANSWER:

1.You're current setup is like this:



<code>| / | /var | /usr | /home  |
--------------------------
| LVM Volume |
--------------------------
| RAID Volume |
--------------------------
| Disk 1 | Disk 2 | Disk 3 |
</code>


It's a much simpler setup with more flexibility. You can use all of the disks in the RAID volume and slice and dice them whatever way you like with LVM. The other way isn't even worth thinking about - it's ridiculously complicated and you lose the benefits of LVM at the filesystem level.



If you tried to RAID LVM volumes, you're left with a normal device without any of the LVM volume benefits (e.g. growing filesystems etc.)


2.have hardware raid and you can have lvm on top - best combination.

3.Your current setup is fine. This is the recommended way to do it.



Raid deals with keeping the bits secure/redundant/fast/whatever and LVM helps you present them in a esasy to use way.


REFERENCES
http://serverfault.com/questions/217666/what-is-better-lvm-on-raid-or-raid-on-lvm






How Do I Stop Hotlinking and Bandwidth Theft?

SkyHi @ Friday, December 31, 2010

You can stop others from hotlinking your site's files by placing a file called .htaccess in your Apache site root (main) directory. The period before the name means the file is hidden, so you may want to edit your file as htaccess.txt, upload it to your server, then rename the txt file to .htaccess in your directory. Contact your web host on how to access your directories and configure your .htaccess file.





Example: Your site url is www.mysite.com. To stop hotlinking of your images from other sites and display a replacement image called hotlink.gif from our server, place this code in your .htaccess file:



RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]

RewriteCond %{HTTP_REFERER} !^$

RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://img148.imageshack.us/img148/237/hotlinkp.gif [L]



The first line of the above code begins the rewrite. The second line matches any requests from your own mysite.com url. The [NC] code means "No Case", meaning match the url regardless of being in upper or lower case letters. The third line means allow empty referrals. The last line matches any files ending with the extension jpeg, jpg, gif, bmp, or png. This is then replaced by the hotlinkp.gif image from the imageshack.us server. You could easily use your own hotlink image by placing an image file in your site's directory and pointing to that file.





To stop hotlinking from specific outside domains only, such as myspace.com, blogspot.com and livejournal.com, but allow any other web site to hotlink images:



RewriteEngine On

RewriteCond %{HTTP_REFERER} ^http://(.+\.)?myspace\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://(.+\.)?blogspot\.com/ [NC,OR]

RewriteCond %{HTTP_REFERER} ^http://(.+\.)?livejournal\.com/ [NC]

RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://img148.imageshack.us/img148/237/hotlinkp.gif [L]



You can add as many different domains as needed. Each RewriteCond line should end with the [NC,OR] code. NC means to ignore upper and lower case. OR means "Or Next", as in, match this domain or the next line that follows. The last domain listed omits the OR code since you want to stop matching domains after the last RewriteCond line.





You can display a 403 Forbidden error code instead of an image. Replace the last line of the previous examples with this line:



RewriteRule .*\.(jpe?g|gif|bmp|png)$ - [F]





Warning: Do not use .htaccess to redirect image hotlinks to another HTML page or server that isn't your own (such as this html page). Hotlinked images can only be replaced by other images, not with an HTML page.



As with any htaccess rewrites, you may block some legitimate traffic (such as users behind proxies or firewalls) using these techniques.

REFERENCES
http://altlab.com/hotlinking.html
http://altlab.com/htaccess_tutorial.html

robots.txt wget

SkyHi @ Friday, December 31, 2010
User-agent: *
Disallow: /gallery/
Disallow: /images/

User-agent: baiduspider
Disallow: /

User-agent: msnbot
Disallow: /

User-agent: Teoma
Disallow: /

User-agent: TurnitinBot
Disallow: /

User-agent: WISEnutbot
Disallow: /

User-agent: ZyBorg/1.0 Dead Link Checker (wn.dlc@looksmart.net; http://www.WISEnutbot.com)
Disallow: /

User-agent: (wn.dlc@looksmart.net; http://www.WISEnutbot.com)
Disallow: /

User-agent: NaverBot
Disallow: /

User-agent: BotRightHere
Disallow: /

User-agent: WebZip
Disallow: /

User-agent: larbin
Disallow: /

User-agent: b2w/0.1
Disallow: /

User-agent: Copernic
Disallow: /

User-agent: psbot
Disallow: /

User-agent: Python-urllib
Disallow: /

User-agent: NetMechanic
Disallow: /

User-agent: URL_Spider_Pro
Disallow: /

User-agent: CherryPicker
Disallow: /

User-agent: EmailCollector
Disallow: /

User-agent: EmailSiphon
Disallow: /

User-agent: WebBandit
Disallow: /

User-agent: EmailWolf
Disallow: /

User-agent: ExtractorPro
Disallow: /

User-agent: CopyRightCheck
Disallow: /

User-agent: Crescent
Disallow: /

User-agent: SiteSnagger
Disallow: /

User-agent: ProWebWalker
Disallow: /

User-agent: CheeseBot
Disallow: /

User-agent: LNSpiderguy
Disallow: /

User-agent: Alexibot
Disallow: /

User-agent: Teleport
Disallow: /

User-agent: TeleportPro
Disallow: /

User-agent: MIIxpc
Disallow: /

User-agent: Telesoft
Disallow: /

User-agent: Website Quester
Disallow: /

User-agent: WebZip
Disallow: /

User-agent: moget/2.1
Disallow: /

User-agent: WebZip/4.0
Disallow: /

User-agent: WebStripper
Disallow: /

User-agent: WebSauger
Disallow: /

User-agent: WebCopier
Disallow: /

User-agent: NetAnts
Disallow: /

User-agent: Mister PiX
Disallow: /

User-agent: WebAuto
Disallow: /

User-agent: TheNomad
Disallow: /

User-agent: WWW-Collector-E
Disallow: /

User-agent: RMA
Disallow: /

User-agent: libWeb/clsHTTP
Disallow: /

User-agent: asterias
Disallow: /

User-agent: httplib
Disallow: /

User-agent: turingos
Disallow: /

User-agent: spanner
Disallow: /

User-agent: InfoNaviRobot
Disallow: /

User-agent: Harvest/1.5
Disallow: /

User-agent: Bullseye/1.0
Disallow: /

User-agent: Mozilla/4.0 (compatible; BullsEye; Windows 95)
Disallow: /

User-agent: Crescent Internet ToolPak HTTP OLE Control v.1.0
Disallow: /

User-agent: CherryPickerSE/1.0
Disallow: /

User-agent: CherryPickerElite/1.0
Disallow: /

User-agent: WebBandit/3.50
Disallow: /

User-agent: NICErsPRO
Disallow: /

User-agent: Microsoft URL Control - 5.01.4511
Disallow: /

User-agent: DittoSpyder
Disallow: /

User-agent: Foobot
Disallow: /

User-agent: SpankBot
Disallow: /

User-agent: BotALot
Disallow: /

User-agent: lwp-trivial/1.34
Disallow: /

User-agent: lwp-trivial
Disallow: /

User-agent: BunnySlippers
Disallow: /

User-agent: Microsoft URL Control - 6.00.8169
Disallow: /

User-agent: URLy Warning
Disallow: /

User-agent: Wget/1.6
Disallow: /

User-agent: Wget/1.5.3
Disallow: /

User-agent: Wget
Disallow: /

User-agent: LinkWalker
Disallow: /

User-agent: cosmos
Disallow: /

User-agent: moget
Disallow: /

User-agent: hloader
Disallow: /

User-agent: humanlinks
Disallow: /

User-agent: LinkextractorPro
Disallow: /

User-agent: Offline Explorer
Disallow: /

User-agent: Mata Hari
Disallow: /

User-agent: LexiBot
Disallow: /

User-agent: Web Image Collector
Disallow: /

User-agent: The Intraformant
Disallow: /

User-agent: True_Robot/1.0
Disallow: /

User-agent: True_Robot
Disallow: /

User-agent: BlowFish/1.0
Disallow: /

User-agent: JennyBot
Disallow: /

User-agent: MIIxpc/4.2
Disallow: /

User-agent: BuiltBotTough
Disallow: /

User-agent: ProPowerBot/2.14
Disallow: /

User-agent: BackDoorBot/1.0
Disallow: /

User-agent: toCrawl/UrlDispatcher
Disallow: /

User-agent: WebEnhancer
Disallow: /

User-agent: suzuran
Disallow: /

User-agent: TightTwatBot
Disallow: /

User-agent: VCI WebViewer VCI WebViewer Win32
Disallow: /

User-agent: VCI
Disallow: /

User-agent: Szukacz/1.4
Disallow: /

User-agent: QueryN Metasearch
Disallow: /

User-agent: Openfind data gatherer
Disallow: /

User-agent: Openfind
Disallow: /

User-agent: Xenu's Link Sleuth 1.1c
Disallow: /

User-agent: Xenu's
Disallow: /

User-agent: Zeus
Disallow: /

User-agent: RepoMonkey Bait & Tackle/v1.01
Disallow: /

User-agent: RepoMonkey
Disallow: /

User-agent: Microsoft URL Control
Disallow: /

User-agent: Openbot
Disallow: /

User-agent: URL Control
Disallow: /

User-agent: Zeus Link Scout
Disallow: /

User-agent: Zeus 32297 Webster Pro V2.9 Win32
Disallow: /

User-agent: Webster Pro
Disallow: /

User-agent: EroCrawler
Disallow: /

User-agent: LinkScan/8.1a Unix
Disallow: /

User-agent: Keyword Density/0.9
Disallow: /

User-agent: Kenjin Spider
Disallow: /

User-agent: Iron33/1.0.2
Disallow: /

User-agent: Bookmark search tool
Disallow: /

User-agent: GetRight/4.2
Disallow: /

User-agent: FairAd Client
Disallow: /

User-agent: Gaisbot
Disallow: /

User-agent: Aqua_Products
Disallow: /

User-agent: Radiation Retriever 1.1
Disallow: /

User-agent: Flaming AttackBot
Disallow: /

User-agent: Oracle Ultra Search
Disallow: /

User-agent: MSIECrawler
Disallow: /

User-agent: PerMan
Disallow: /

User-agent: searchpreview
Disallow: /

User-agent: TurnitinBot
Disallow: /

User-agent: ExtractorPro
Disallow: /

User-agent: WebZIP/4.21
Disallow: /

User-agent: WebZIP/5.0
Disallow: /

User-agent: HTTrack 3.0
Disallow: /

User-agent: TurnitinBot/1.5
Disallow: /

User-agent: WebCopier v3.2a
Disallow: /

User-agent: WebCapture 2.0
Disallow: /

User-agent: WebCopier v.2.2
Disallow: /

REFERENCES
http://zmievski.org

Mapping keys in Vim - Tutorial (Part 1)

SkyHi @ Friday, December 31, 2010
To display the mode specific maps, prefix the ':map' command with the letter representing the mode.

:nmap - Display normal mode maps :imap - Display insert mode maps
:vmap - Display visual and select mode maps
:smap - Display select mode maps
:xmap - Display visual mode maps
:cmap - Display command-line mode maps
:omap - Display operator pending mode maps


REFERENCES
http://vim.wikia.com/wiki/Mapping_keys_in_Vim_-_Tutorial_%28Part_1%29

Thursday, December 30, 2010

Cassandra vs MongoDB vs CouchDB vs Redis vs Riak vs HBase comparison

SkyHi @ Thursday, December 30, 2010

While SQL databases are insanely useful tools, their tyranny of ~15 years is coming to an end.
And it was just time: I can't even count the things that were forced into relational databases,
but never really fitted them.

But the differences between "NoSQL" databases are much bigger than it ever was between one
SQL database and another. This means that it is a bigger responsibility on
software architects
to choose the appropriate one for a project right at the beginning.

In this light, here is a comparison of
Cassandra,
Mongodb,
CouchDB,
Redis,
Riak and
HBase:


CouchDB


  • Written in: Erlang
  • Main point: DB consistency, ease of use
  • License: Apache
  • Protocol: HTTP/REST
  • Bi-directional (!) replication,
  • continuous or ad-hoc,
  • with conflict detection,
  • thus, master-master replication. (!)
  • MVCC - write operations do not block reads
  • Previous versions of documents are available
  • Crash-only (reliable) design
  • Needs compacting from time to time
  • Views: embedded map/reduce
  • Formatting views: lists & shows
  • Server-side document validation possible
  • Authentication possible
  • Real-time updates via _changes (!)
  • Attachment handling
  • thus, CouchApps (standalone js apps)
  • jQuery library included

Best used:
For accumulating, occasionally changing data, on which pre-defined queries are to be run. Places where versioning is important.

For example:
CRM, CMS systems. Master-master replication is an especially interesting feature, allowing easy multi-site deployments.




Redis


  • Written in: C/C++
  • Main point: Blazing fast
  • License: BSD
  • Protocol: Telnet-like
  • Disk-backed in-memory database,
  • but since 2.0, it can swap to disk.
  • Master-slave replication
  • Simple keys and values,
  • but complex operations like ZREVRANGEBYSCORE
  • INCR & co (good for rate limiting or statistics)
  • Has sets (also union/diff/inter)
  • Has lists (also a queue; blocking pop)
  • Has hashes (objects of multiple fields)
  • Of all these databases, only Redis does transactions (!)
  • Values can be set to expire (as in a cache)
  • Sorted sets (high score table, good for range queries)
  • Pub/Sub and WATCH on data changes (!)

Best used:
For rapidly changing data with a foreseeable database size (should fit mostly in memory).

For example:
Stock prices. Analytics. Real-time data collection. Real-time communication.






MongoDB


  • Written in: C++
  • Main point: Retains some friendly properties of SQL. (Query, index)
  • License: AGPL (Drivers: Apache)
  • Protocol: Custom, binary (BSON)
  • Master/slave replication
  • Queries are javascript expressions
  • Run arbitrary javascript functions server-side
  • Better update-in-place than CouchDB
  • Sharding built-in
  • Uses memory mapped files for data storage
  • Performance over features
  • After crash, it needs to repair tables

Best used:
If you need dynamic queries. If you prefer to define indexes, not map/reduce functions. If you need good performance on a big DB. If you wanted CouchDB, but your data changes too much, filling up disks.

For example:
For all things that you would do with MySQL or PostgreSQL, but having predefined columns really holds you back.




Cassandra


  • Written in: Java
  • Main point: Best of BigTable and Dynamo
  • License: Apache
  • Protocol: Custom, binary (Thrift)
  • Tunable trade-offs for distribution and replication (N, R, W)
  • Querying by column, range of keys
  • BigTable-like features: columns, column families
  • Writes are much faster than reads (!)
  • Map/reduce possible with Apache Hadoop
  • I admit being a bit biased against it, because of the bloat and complexity it has partly because of Java (configuration, seeing exceptions, etc)

Best used:
If you're in love with BigTable. :) When you write more than you read (logging). If every component of the system must be in Java. ("No one gets fired for choosing Apache's stuff.")

For example:
Banking, financial industry






Riak


  • Written in: Erlang & C, some Javascript
  • Main point: Fault tolerance
  • License: Apache
  • Protocol: HTTP/REST
  • Tunable trade-offs for distribution and replication (N, R, W)
  • Pre- and post-commit hooks,
  • for validation and security.
  • Built-in full-text search
  • Map/reduce in javascript or Erlang
  • Comes in "open source" and "enterprise" editions

Best used:
If you want something Cassandra-like (Dynamo-like), but no way you're gonna deal with the bloat and complexity. If you need very good single-site scalability, availability and fault-tolerance, but you're ready to pay for multi-site replication.

For example:
Point-of-sales data collection. Factory control systems. Places where even seconds of downtime hurt.




HBase


(With the help of ghshephard)

  • Written in: Java
  • Main point: Billions of rows X millions of columns
  • License: Apache
  • Protocol: HTTP/REST (also Thrift)
  • Modeled after BigTable
  • Map/reduce with Hadoop
  • Query predicate push down via server side scan and get filters
  • Optimizations for real time queries
  • A high performance Thrift gateway
  • HTTP supports XML, Protobuf, and binary
  • Cascading, hive, and pig source and sink modules
  • Jruby-based (JIRB) shell
  • No single point of failure
  • Rolling restart for configuration changes and minor upgrades
  • Random access performance is like MySQL

Best used:
Use it when you need random, realtime read/write access to your Big Data.

For example:
Facebook Messaging Database (more general example coming soon)





Of course, all systems have much more features than what's listed here. I only wanted to list the key points that I base my decisions on. Also, development of all are very fast, so things are bound to change. I'll do my best to keep this list updated.

-- Kristof


REFERENCES

http://kkovacs.eu/cassandra-vs-mongodb-vs-couchdb-vs-redis

keep the Sent Items in sync across machines via imap and SquirrelMail

SkyHi @ Thursday, December 30, 2010
1. verify Squirrelamil -> Options-> Folder Preferences -> Sent Foler: Sent

2. Enable IMAP on Outlook 2007 for both machines

3. The first time you send an e-mail message with your IMAP account, you are prompted to choose the folder where you want sent items saved. Pick custom Folder -> mail->Sent

OR
   1. On the Tools menu, click Account Settings.
   2. Select an e-mail account that is not an Exchange account, and then click Change.
   3. Click More Settings.
   4. In the Internet E-mail Settings dialog box, click the Folders tab.
   5. Click Choose an existing folder or create a new folder to save your sent items for this account in, expand the folder list, and then click a Folder -> mail->Sent

4. Click Send/Receive button on the other machine. Now, both machine and SquirrelMail should contain the e-mail.





References
http://office.microsoft.com/en-us/outlook-help/change-where-sent-e-mail-messages-are-saved-HA010164216.aspx
http://www.entourage.mvps.org/database/sync.html
http://www.sevenforums.com/browsers-mail/45179-how-save-sent-items-imap-server-live-mail.html
http://www.question-defense.com/2009/03/05/in-outlook-2007-save-copy-of-sent-pop-account-messages-to-gmail-imap-sent-folder
http://www.msoutlook.info/question/486
http://www.ehow.com/how_4831673_save-sent-emails-imap-folder.html

Thursday, December 23, 2010

Control PHP Error Reporting With .htaccess

SkyHi @ Thursday, December 23, 2010
Create .htaccess file or use existing .htaccess file in your hosting site. Add below line at the top of file content.

# to stop php startup errors
php_flag display_startup_errors off
# to stop all php errors and warning
php_flag display_errors off

# php directive for setting error level
php_value error_reporting integer

# report everything except run-time notices.
php_value error_reporting 8191
# report both fatal and non-fatal compile-time warnings by the Zend Engine
php_value error_reporting 128
# report run-time notices, compile-time parse errors, run-time errors and warnings
php_value error_reporting 8
# report fatal run-time errors and unrecoverable errors
php_value error_reporting 1


===========================PHP Turn On Error Reporting =========================
To turn on Error Reporting in PHP, this is what I use. You can set this anywhere in your PHP code, but it has to be above the error or else it will not work. This is the easiest way and will work in most hosting environments:

ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);

ini_set('display_errors',1);
error_reporting(E_ALL);

error_reporting(0);

REFERENCES
http://www.bala-krishna.com/control-php-error-reporting-with-htaccess/
http://www.bradino.com/php/error-reporting/

Wednesday, December 22, 2010

Vim indentation for C/C++ explained

SkyHi @ Wednesday, December 22, 2010
In today’s early morning post, I’m going give a short crash course about Vim settings for indentation. Every programmer knows how source code indentation important is. There is no discussion about it. Vim, my favourite text editor, provides programmer with rich indetation features set. You can customize almost all aspects of code formating. So, let’s see what kind of indentation features Vim provides and how they affect indentation.

General Indentation Settings

:set autoindent
If set, Vim automatically indents a new line to the same indentation used by previous line. In other words ViM automatically tabs a new line. smartindent and cindent are autoindent variations and changes the way indentation and formatting more precisely.
:set smartindent
Context-sensitive autoindent, great when coding, makes intendation aware of C-like syntax.
:set shiftwidth
Using this option you can define number of spaces placed on every indentation step i.e. :set shiftwidth=3 will instruct Vim to indent with 3 spaces for every TAB command.

TAB Settings

:set expandtab
Use this option if you want every TAB to be expanded to spaces.
:set smarttab
If this option is set, then TAB command shifts line to right and BACKSPACE shifts line to left, both inserting number of blanks as defined in shiftwidth. If smarttab is not set, then TAB inserts blanks according to tabstop.
:set softtabstop
This one tells Vim to interpret TAB as an indent command instead of insert-a-TAB command.
:set tabstop
Simply, it instructs Vim how many space characters Vim counts for every TAB command. According to Vim manual it’s recommended to leave default tabstop=8, what means every TAB is displayed with 8 space characters, and adjust only softtabstop and shiftwidth.

C-style Indent

:set cindent
This sets autoindent to even more smart and strict mode for C and C++ source code.
:set cinoptions
Simply, it sets cindent configuration options.

Help

To learn how to use Vim commands and how to set indentation settings refer to online VimDoc or run open help :h where option is one of Vim command. I also recommend to take a look at the Vim website with documentation and huge database of tips.

Online Resources

Vi and Vim in Linux Productivity Magazine, Volume 1 Issue 5
Introduction to Programming in C/C++ with Vim by Kmj
VIM (Vi IMproved)
The Vi/Ex Editor by Walter Alan Zintz
Vi for programmers, part 1 and part 2

REFERENCES
http://mateusz.loskot.net/2005/11/06/vim-indentation-for-c-cpp-explained/

Ultimate List of Open Source Software

SkyHi @ Wednesday, December 22, 2010
Ultimate list of open source software:
 

 REFERENCES
 http://itmanagement.earthweb.com/osrc/article.php/3918051/Utlimate-List-of-Open-Source-Software.htm

10 Bash Tips for Working Faster With the Shell (Part 1 of 2)

SkyHi @ Wednesday, December 22, 2010
This command is used to bring back and automatically execute the last command in history. It is the same as pressing C^P followed by Enter). Here’s an example:


Using !text
Replacing ‘text’ with any command will call the last command in the history which starts with ‘text’. Example:
As you can see after issuing the first ls command we printed the working directory, then we called back the last ls command with !ls.

Using !n
This will bring up the nth command in history. This will vary depending on your history. Here’s an example:

Using !?text?
This will execute the most recent command that contains the word ‘text’. Example:
The most recent command containing the text ‘xjf’ was executed. This trick should be applied carefully though, especially for sensitive commands like rm.

Using !! in combination with another command
!! can also be used in combination with some other command, because the shell expands it first and then it executes the current command. For example, this can be very useful in combination with sudo, since sometimes we forget to use administrative privileges for commands that need it. For example:

Changing the color of the Bash prompt
There are many ways of customizing your Bash prompt, and I will list here only a few pre-defined sets.
To make the user’s prompt green, put this inside your ~/.bashrc file, where ~ is your home directory:

Now run source ~/.bashrc or . ~/.bashrc to read the settings again. Here’s how your prompt should look like:


Here’s another example, which will make your prompt look really fancy:

And this is how it will look like:

A pretty good tutorial on this can be found here (Bash Prompts How-To) and several prompt schemes on the Arch Wiki, here. The Bash Reference manual section on this include some useful information too.

Catch the exit status of a command with $?
If a command is successful, its exit status will be 0, otherwise it will be different from 0. This can be useful in scripts.

Using reversed search: Ctrl-R
Ctrl-R will prompt you to enter a pattern for a command, and will search the history in reversed order for any the first command that contains the pattern and execute it. Example
In the above example we issued the ls -lh command, the pressed Ctrl-R and typed in the letter L. The command was brought up and then executed with Enter.

Using cd – to go to the previous working directory
This command will have the same effect as cd $OLDPWD, where $OLDPWD is a variable that holds the previous working directory.

Using grep -e -pattern to show the lines that start with a – sign
This will be useful if piped to commands like man, for example:
This will query the manual page for gcc and will only print lines that contain the text -ansi.


REFERENCES
http://www.tuxarena.com/?p=257

Tuesday, December 21, 2010

Increase the import “file size” in phpMyadmin

SkyHi @ Tuesday, December 21, 2010
The first and only things to check (or ask your host provider to check) are the values of upload_max_filesize (Default 2M)

memory_limit (Default 16M)

and post_max_size (Default 8M)

in the php.ini

increase all as per your need

Then you have to restart the web server


================================================================

Uploading large(big) files in PHP using .htaccess

I’ve seen that many of my friends are struggling with the uploads of the bigger or larger files in PHP. After looking at their struggle, i’m here to solve the problem of uploading larger or bigger files in PHP.
Most of the web servers are configured such a way that a user can only upload the maximum file size of 2MB. So there might be the problem for the people who wants to upload the .pdf file of size around 15MB. But, you can increse the maximum upload file size limit by using .htaccess file.

Here is a small tips for you which you can use to upload such a large file using file field of the form and move_uploaded_file() function in PHP.
1) Create a .htaccess file in the root folder of web server.
2) Put the following code in side the .htaccess file and save it.
php_value upload_max_filesize 20M
php_value post_max_size 20M
php_value max_execution_time 200
php_value max_input_time 200
Now you can upload the file-size up-to 20MB in a simple way using file field in your html form and move_uploaded_file() function available in PHP. In the above .htaccess file, uploading capability is increased by the four parameter first one is maximum file size for uploading, second one is maximum size of the post data , third one is maximum time in seconds a script is allowed to run before it is terminated by the parser and last one is maximum time in seconds a script is allowed to parse input data such as like file uploads, POST and GET data.
You can change the above parameter to upload the bigger file size than 20MB.

 


REFERENCES
http://junal.wordpress.com/2007/10/03/increase-the-import-file-size-in-phpmyadmin/
http://roshanbh.com.np/2008/01/uploading-larger-files-in-php.html

Openvpn Amazon EC2 Firesheep Wireless

SkyHi @ Tuesday, December 21, 2010
If your laptop ever connects to a network behind enemy lines (e.g. hhonors, attwifi, panera), this post is for you. The step-by-step directions below allow you to stand up a portable, cloud-based private VPN that you can use from anywhere – for around $0.50 a month. Once you get everything setup, you can feel good connecting to a hotspot and laugh at the guy running FireSheep.

Speaking of Firesheep, I’ve actually had some people close to me (including my wife) ask how they can prevent these types of attacks from happening. There are some nice “off-the-shelf” solutions like HTTPS Everywhere and BlackSheep but as a security professional I wanted to give a recommendation that would provide broader coverage than these solutions.

Enter Amazon’s recently introduced Free Tier for EC2. I’ll save my thoughts and comments on “The Cloud” and security for a later date (and after a couple of beers), but for the purposes of this solution, it works great to help you increase your security while using open wireless networks. Quite simply, the solution I came up with was to create an EC2 instance with Ubuntu 10.04 LTS server and setup OpenVPN and SideStep. This allows me to route all of my traffic over an SSL or SSH VPN to my EC2 instance and then out to the Internet.

To graphically represent what this solution offers, below is a picture of your laptop while surfing on an Open Wi-Fi network such as those at Starbucks.
 
The second image is the guy running Firesheep at Starbucks.
The last image depicts your laptop running OpenVPN or SideStep at Starbucks.
 
 
Enough with the ‘Behind Enemy Lines’ comparisons…I swear. I installed other services on my EC2 instance, like Privoxy and iodine (see my post on tunneling traffic via iodine), but for the purpose of this post, I will limit the scope to creating an EC2 instance, installing and configuring OpenVPN, and installing and configuring SideStep.

A couple of notes before we get started. While the instructions that follow utilize Amazon’s Free Tier, this setup will cost you roughly $.50 per month. There are ways to shrink your EC2 ami to fit within the Free Tier’s EBS limit of 10GB, but I will pay around $.50 a month to have this service available to me (the Ubuntu AMI we will use utilizes 15GB of EBS).


So let’s get started…

1. If you haven’t already, head over to Amazon EC2 and create an Amazon EC2 account.

2. Once you have created an account, visit the AWS Management Console and click on the ‘Key Pairs’ link on the left side of the screen. Here you will create a Key Pair that will allow you to login to your EC2 instances. Click on the ‘Create Key Pair’ button and name the Key Pair something unique. I chose ‘JustinsAllEC2Key’. Save the file in your ~/Download folders and move it to your ~/.ssh/ folder by issuing the following commands:

Your Mac
jmorehouse@Old-Trafford:~$ cd Downloads
jmorehouse@Old-Trafford:Downloads$ mv JustinsAllEC2Key.pem ~/.ssh/
jmorehouse@Old-Trafford:Downloads$ chmod 400 ~/.ssh/JustinsAllEC2Key.pem

3. Now that you have a key pair, it is time to create and launch an instance. Click on the ‘AMIs’ link on the left side. Then select All Images from the ‘Viewing’ drop-down (it takes a minute to load all of the available instances), and search for ‘ami-4a0df923‘. This is an EBS instance of Ubuntu 10.04 LTS Server 64-bit from Alestic. EBS allows for persistent storage, so that your setting will remain even when you power-cycle your instance.

4. Select the AMI and then click the ‘Launch’ button at the top. You will be prompted with a number of options, and I recommend using the following:
  • Number of Instances: 1
  • Availability Zone: No Preference
  • Instance Type: Micro
  • Launch Instances
  • Click ‘Continue’

  • Kernel ID: Default
  • RAM Disk ID: Default
  • No Monitoring
  • No User Data
  • Click ‘Continue’

  • Key = ‘Name’
  • Value = ‘Free Tier EC2 Ubuntu 10.04 Instance’
  • Click ‘Continue’

  • Choose from your existing Key Pairs – ‘JustinsAllEC2Key’ -> This is the key you previously created in Step 2 and moved to your ~/.ssh/ folder.
  • Create a new Security Group – ‘InternetAccessible’ -> This akin to a firewall ruleset group. I created a new once called ‘InternetAccessible’, but you can just as simply use and edit the ‘Default’ group.
  • Describe your security group – ‘Services allowed from the Internet’
  • Select ‘SSH’ from the drop-down ‘Applications’ menu -> I left ‘All Internet’ as we want to access this instance from wherever we are on the Internet.
  • Click ‘Add Rule’
  • Select ‘HTTPS’ from the drop-down ‘Applications’ menu -> This will give us access to our OpenVPN server. I also left this open to ‘All Internet’ for the same reason we configured SSH this way.
  • Click ‘Add Rule’
  • Click ‘Continue’

5. You are then be presented with a confirmation page where you should confirm your setting and make any necessary changes. If everything looks good, go ahead and launch your instance.

6. Your instance is now launching. Click on the ‘View your instances on the Instances page’ link to access information about your instance.

7. Now we will assign a static IP address to your instance as Amazon makes this feature available for free (what IPv4 shortage?). Click on the ‘Elastic IPs’ link on the left side. Then click on the ‘Allocate New Address’ button in the center of the page. Click the ‘Yes, Allocate’ button, and then click the checkbox infront of the newly added IP address. We want to associate this IP with your newly created instance. You can do this by now clicking on the ‘Associate’ button at the top. Select the ‘Instance ID’ for the instance you just created (there should be only one Instance ID in the drop-down) and click ‘Associate’. Copy the IP address somewhere handy as we will need it in a couple of minutes.

8. Once you have done this, it’s time to login to your EC2 instance! You can perform this from Terminal using the following:

Your Mac
jmorehouse@Old-Trafford:Downloads$ cd ~
jmorehouse@Old-Trafford:~$ ssh -i ~/.ssh/.pem ubuntu@IPAddress

9. Type ‘yes’ to accept the RSA key fingerprint and you should see something akin to the following:
Linux ec2 2.6.32-309-ec2 #18-Ubuntu SMP Mon Oct 18 21:00:50 UTC 2010 x86_64 GNU/Linux
Ubuntu 10.04.1 LTS
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
System information as of Fri Dec 3 00:40:20 UTC 2010
System load: 0.0 Processes: 60
Usage of /: 6.2% of 14.76GB Users logged in: 1
Memory usage: 6% IP address for eth0: 10.XX.XX.XX
Swap usage: 0% IP address for tun0: 10.X.XX.X
Graph this data and manage this system at https://landscape.canonical.com/
———————————————————————
At the moment, only the core of the system is installed. To tune the
system to your needs, you can choose to install one or more
predefined collections of software by running the following
command:
sudo tasksel –section server
———————————————————————
14 packages can be updated.
4 updates are security updates.
Last login: Thu Dec 2 23:22:38 2010 from pool-XX-XX-XX-X.domain.net
10. At this point you want to perform some hardening and maintenance on the box.

Update passwords
EC2 Instance
ubuntu@ec2:~$ sudo su -
ubuntu@ec2:~$ passwd ubuntu (Enter in a new password for the ‘ubuntu’ account. This is the default account on your EC2 instance. I recommend storing these passwords in KeePassX)
ubuntu@ec2:~$ passwd (Enter in a new password for the ‘root’ account. This account should be need no explination.)

Update packages
EC2 Instance
ubuntu@ec2:~$ exit
ubuntu@ec2:~$ sudo apt-get update (This updates the list of known packages.)
ubuntu@ec2:~$ sudo apt-get upgrade -y (This upgrades the installed packages to their latest version.)

If you are prompted for grub-pc config update, just hit enter. Also select ‘Yes’ at the next Grub message window.

Time Zone
EC2 Instance
ubuntu@ec2:~$ sudo dpkg-reconfigure tzdata

Follow the instructions to setup the proper timezone information for your EC2 instance.

ubuntu@ec2:~$ sudo reboot now (This will reboot the sytem. Wait about 2 minutes before you try and reconnect to the EC2 instance via Terminal using the above ssh command.)

11. At this point I setup a host record for my EC2 instance so that I could use DNS to access it. I also configured the hostname on the system to match the DNS record. This is an optional step, and if you aren’t sure what I am talking about or aren’t sure how to do it, don’t worry about it.

12. Now that we have our EC2 instance configured and ready to go, it is time to install and configure OpenVPN. To install OpenVPN on your EC2 instance, simply type the following from within your SSH session:

EC2 Instance
ubuntu@ec2:~$ sudo apt-get -y install openvpn libssl-dev openssl

13. Now we need to create the certificates to use with OpenVPN. First let’s copy the easy-rsa tool to the OpenVPN folder.

EC2 Instance
ubuntu@ec2:~$ cd /etc/openvpn/
ubuntu@ec2:/etc/openvpn$ sudo mkdir easy-rsa
ubuntu@ec2:/etc/openvpn$ sudo cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
ubuntu@ec2:/etc/openvpn$ sudo chown -R $USER /etc/openvpn/easy-rsa/
ubuntu@ec2:/etc/openvpn$ cd /etc/openvpn/easy-rsa/

14. We now need to edit the ‘vars’ file to provide some information for our SSL certificates. You will need to know how to use the ‘vi’ text editor. If you don’t know how to use it, I recommend this tutorial.

EC2 Instance
ubuntu@ec2:/etc/openvpn/easy-rsa$ sudo vi vars

Change export ‘KEY_SIZE=1024′ to ‘export KEY_SIZE=2048′
Change export KEY_COUNTRY=”US” to your country.
Change export KEY_PROVINCE=”CA” to your state. I.e. ‘KEY_PROVINCE=”FL”‘
Change export KEY_CITY=”SanFrancisco” to your city. I.e. ‘KEY_CITY=”Tampa”‘
Change export KEY_ORG=”Fort-Funston” to your organization or something else. I did my family (‘KEY_ORG:”Morehouse-Family”‘)
Change export KEY_EMAIL=”me@myhost.mydomain” to your email address.

Save the file by hitting the ‘ESC’ key and then typing ‘:wq’ and press enter.

ubuntu@ec2:/etc/openvpn/easy-rsa$ source vars
ubuntu@ec2:/etc/openvpn/easy-rsa$ ./clean-all
ubuntu@ec2:/etc/openvpn/easy-rsa$ source vars
ubuntu@ec2:/etc/openvpn/easy-rsa$ ./build-ca

You should be prompted for the following. You can hit ‘enter’ to keep the default value you already setup by editing the ‘vars’ file.

Country Name (2 letter code) [US]:
State or Province Name (full name) [FL]:
Locality Name (eg, city) [Tampa]:
Organization Name (eg, company) [Morehouse-Family]:
Organizational Unit Name (eg, section) []:Personal
Common Name (eg, your name or your server’s hostname) [justin.domain.org]: -> Enter your hostname here if you created a DNS record. Otherwise enter your EC2′s Elastic IP address from Step 7.
Name []:Justin Morehouse
Email Address [justin@mydomain.com]:

Now execute the following commands:

ubuntu@ec2:/etc/openvpn/easy-rsa$ ./build-dh (This takes some time. Like 2 minutes.)
ubuntu@ec2:/etc/openvpn/easy-rsa$ source vars
ubuntu@ec2:/etc/openvpn/easy-rsa$ ./pkitool --server server
ubuntu@ec2:/etc/openvpn/easy-rsa$ cd keys
ubuntu@ec2:/etc/openvpn/easy-rsa/keys$ openvpn --genkey --secret ta.key
ubuntu@ec2:/etc/openvpn/easy-rsa/keys$ sudo cp server.crt server.key ca.crt dh2048.pem ta.key /etc/openvpn/

15. Now we have created the CA and Server certificates. Now we need to create keys for our users. For the purpose of this blog, we will create one key for one user. You can repeat this step for each additional user you wish to allow to access your OpenVPN server.

EC2 Instance
ubuntu@ec2:/etc/openvpn/easy-rsa/keys$ cd..
ubuntu@ec2:/etc/openvpn/easy-rsa$ source vars
ubuntu@ec2:/etc/openvpn/easy-rsa$ ./pkitool (I typed ‘./pkitool justin’)
ubuntu@ec2:/etc/openvpn/easy-rsa$ cd ..

16. Now we need to create an archive to download all of the necessary files from the server to the system you want to configure to use OpenVPN (Your laptop). I recommend using Cyberduck to access the .tar file we create. Remember to use your EC2 key to login with Cyberduck. It is the key we created in Step 2 and stored in your ~/.ssh/ folder (JustinsAllEC2Key.pem). Remember, the keys.tar file will be located in the /etc/openvpn/ directory. Download the keys.tar file to your Downloads directory.

EC2 Instance
ubuntu@ec2:/etc/openvpn$ sudo tar czf keys.tgz ca.crt ta.key easy-rsa/keys/yourname.crt easy-rsa/keys/yourname.key

17. Now it’s time to configure your OpenVPN server. You can most likely use the pre-configured template I posted online. It uses the IP address scheme of 10.8.80.0/24 for VPN clients, so unless you are using that network somewhere else, you don’t need to change a thing in the configuration. If you do need to edit the network, you can download the server.conf file here or issue the commands below and use vi to edit it as you would like. Use the commands below to download the server.conf file to the /etc/openvpn folder on your EC2 instance.

EC2 Instance
ubuntu@ec2:/etc/openvpn$ sudo wget http://www.stratumsecurity.com/sites/default/files/server.conf

18. Now we have to setup ip forwarding on your EC2 instance. We’ll use sudo to perform these commands.

EC2 Instance
ubuntu@ec2:~$ sudo su -
root@ec2:~$ modprobe iptable_nat
root@ec2:~$ echo 1 > /proc/sys/net/ipv4/ip_forward
root@ec2:~$ iptables -t nat -A POSTROUTING -s 10.8.80.0/24 -o eth0 -j MASQUERADE
root@ec2:~$ iptables-save > /etc/iptables.conf
root@ec2:~$ echo '#!/bin/sh' > /etc/network/if-up.d/iptables
root@ec2:~$ echo "iptables-restore < /etc/iptables.conf" >> /etc/network/if-up.d/iptables
root@ec2:~$ chmod +x /etc/network/if-up.d/iptables
root@ec2:~$ echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
root@ec2:~$ reboot now

19. Back on your Mac, download and install Tunnelblick. It is is a free, open source Graphic User Interface (GUI) for OpenVPN on Mac OS X. You can download the latest stable version from here.

20. Once you have installed Tunnel blick, go do your ‘Downloads’ folder and extract your keys.tar files. Copy the ca.crt, ta.key, .crt, and files from the extracted .tar file to the Tunnelblick directory located at ‘~/Library/Application\ Support/Tunnelblick/Configurations/‘. (.crt and will be in the ‘easy-rsa/keys’ folder. Make sure all of the extracted files are in the ‘~/Library/Application\ Support/Tunnelblick/Configurations/‘ folder!)

21. You will now need to edit the client template that I have posted here. Download the file to ‘~/Library/Application\ Support/Tunnelblick/Configurations/‘ and edit the following three items:
  • Line 42: Change ‘’ to your EC2 instance’s IP address, from Step 7, or the DNS name you gave it.
  • Lines 89 & 90: Change cert .crt & key .key to the names of the .crt and .key files you extracted from the keys.tar file. This the client certificate you created for yourself in Step 15.
22. Once this is done, open up a web browser and go to IP Chicken. Obesrve your current source IP address. Then open Tunnelblick and from the menu bar at the top, select Connect ‘ec2′. Reload your browser and notice that you now have a source IP address of your EC2 instance! Congratulations on getting OpenVPN on an EC2 instance setup. Now let’s setup SideStep.

23. While Tunnelblick allows you to create an on-demand SSL tunnel to proxy all of your network traffic through your EC2 instance (for both wired and wireless) networks, SideStep takes the guess work out of when to use a proxy to secure your network when you are on an open wireless network (it currently only works on wireless networks, but Chetan is going add the capability to use it on an wired network as well). First download and install SideStep.

24. SideStep uses passwords or keys to create an on-demand SSH tunnel that proxies your traffic. As our EC2 instance doesn’t allow for password logins via SSH, we need to create a new keypair to use with SideStep. Using Terminal on your Mac, issue the following commands:

Your Mac
jmorehouse@Old-Trafford:~$ cd ~
jmorehouse@Old-Trafford:~$ ssh-keygen -t rsa -f ~/.ssh/id_ec2

Enter in a passphrase twice, and store it some place safe (KeePassX) because you will need it later.

jmorehouse@Old-Trafford:~$ scp -i .ssh/JustinsAllEC2Key.pem .ssh/id_ec2.pub ubuntu@IP:~/.ssh/ (Key created in Step 2 and IP address from Step 7.)

25. Still within Terminal, log back into your EC2 instance and append the public key to your authorized_keys file.

Your Mac
jmorehouse@Old-Trafford:~$ cd ~
jmorehouse@Old-Trafford:~$ ssh -i ~/.ssh/.pem ubuntu@IPAddress (Key created in Step 2 and IP address from Step 7.)

EC2 Instance
ubuntu@ec2:~$ cd .ssh/
ubuntu@ec2:~/.ssh/$ cat >> authorized_keys id_ec2.pub
ubuntu@ec2:~/.ssh/$ chmod 640 authorized_keys
ubuntu@ec2:~/.ssh/$ exit

26. Now we need OSX to prompt us for the passphrase for the id_ec2 key, so from Terminal, enter the following:

Your Mac
jmorehouse@Old-Trafford:~$ cd ~
jmorehouse@Old-Trafford:~$ ssh -i .ssh/id_ec2 ubuntu@IP

You should be prompted for a password. Check the save the password to your Key Chain and hit ok. You should now have an SSH session to your EC2 box using your new key. You can go ahead and exit from your SSH session and close out all of your Terminal sessions and quit the Terminal application.

27. Now fire up SideStep and click the ‘Next’ button. Under ‘I already have one’ enter ‘ubuntu’ as the Username, your IP address from Step 7 as the hostname, and press ‘Test Connection to Server.’ You should receive a ‘Connection to server succeeded!’ message. Now click the ‘Next’ button. Read the notes and check the box that reads ‘Run SideStep on login.’ Click ‘Finish.’

28. SideStep is now on the menu bar next to Tunnelblick. I added Tunnelblick to my login items so that it is launched when I boot. Understand the differences between these two tools (Tunnelblick and SideStep) and when to use each.

Congratulations! If you made it this far, pat yourself on the back. This was a long tutorial, but it should work if you followed each step. If you have any problems, hit me up on Twitter (@Mascasa).

Enjoy surfing open wireless networks or hostile wired network securely!
 

Monday, December 20, 2010

Windows wget

SkyHi @ Monday, December 20, 2010

wget is a great command line utility that is natively available in Linux and can be downloaded for Windows (see also GNU WGet for Windows (Windows 7, Vista, XP, etc.)). wget can be used for many download situations including large files, recursive downloads, non-interactive downloads, multiple file downloads, etc.



Note: options ARE case sensitive.



1. Download a single file with wget using no options.

wget http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz
While downloading, wget will display a progress bar with the following information:

  • % of download completion
  • Download progress in bytes
  • Current download speed
  • Estimated time remaining
Download in progress



















Completed download





















2. Download a file saving with a different name using wget -O

wget http://www.vim.org/scripts/download_script.php?src_id=7701
Even though the downloaded file is in zip format, it will be saved with the name download_script.php?src_id=7701 without the -O switch.



To modify this behavior specify the output file name using the -O option.

wget -O taglist.zip http://www.vim.org/scripts/download_script.php?src_id=7701
3. Specify download speed / download rate Using wget –limit-rate



While executing the wget, by default it will try to use all possible bandwidth. You can limit the download speed using the –limit-rate switch.

wget --limit-rate=200k http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz
4. Restart a download which stopped in the middle using wget -c.

wget -c http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz
5. Download in the background with wget -b

wget -b http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz










The download will begin and give back the shell prompt to you. You can always check the status of the download using tail -f  (Linux only) .

tail -f wget-log
6. Mask user agent and display wget like browser using wget –user-agent



Some websites can disallow you to download its page by identifying that the user agent is not a browser. So you can mask the user agent by using –user-agent options and show wget like a browser.

wget --user-agent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3" http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz
7. Test URL using wget –spider.  This will test that the file exists, but not perform the download.

wget --spider http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz
















8. Increase total number of retry attempts using wget –tries.

wget --tries=75 http://ftp.gnu.org/gnu/wget/wget-latest.tar.gz
9. Download multiple files / URLs using wget -i



First, store all the download files or URLs in a text file:

URL1

URL2

URL3

URL4



Next, give the download-file-list.txt as argument to wget using -i option.

wget -i download-file-list.txt
10. Download a full website using wget –mirror

wget --mirror -p --convert-links -P ./LOCAL-DIR WEBSITE-URL
  • –mirror: enable mirroring
  • -p: download all files that are necessary to properly display a given HTML page
  • –convert-link: after the download, convert the links in document for local viewing
  • -P ./LOCAL-DIR: save all the files and directories to the specified directory
11. Skip certain file types while downloading using wget –reject.  In order to download all content except .gif images use the following.

wget --reject=gif WEBSITE-TO-BE-DOWNLOADED
12. Log messages to a log file instead of stderr using wget -o.  To redirect output to a log file instead of the terminal.

wget -o download.log DOWNLOAD-URL
13. Quit downloading when certain size is exceeded using wget -Q.

wget -Q5m -i FILE-WHICH-HAS-URLS
14. Download only certain file types using wget -r -A



You can use this for the following situations

  • Download all images from a website
  • Download all videos from a website
  • Download all PDF files from a website
wget -r -A.pdf http://url-to-webpage-with-pdfs/
15. You can use wget to perform FTP downloads.

wget ftp-url
FTP download using wget with username and password authentication.

wget --ftp-user=USERNAME --ftp-password=PASSWORD DOWNLOAD-URL
Note: username and password can be used for HTTP and HTTPS downloads as well using --http-user=USER, --http-password=PASS respectively.

REFERENCES
http://www.powercram.com/2010/01/how-to-use-wget-includes-several.html

Tuesday, December 14, 2010

How To Create Icons for Mac OS X

SkyHi @ Tuesday, December 14, 2010

Ever wondered how to make your own Mac icons? Have you ever created an icon and had trouble making the icons fully transparent? If you answer either of these questions with a yes, then this tutorial is for you.



To complete this tutorial, you will need Adobe Photoshop (or any other image editor that will export transparent TIFF files), Xcode and CandyBar installed on your Mac. Xcode is Apple’s free software development kit. You should be able to install Xcode from your computer’s install disk or download it off Apple’s Website. It’s also important to note that the newest version of Mac OS X, Leopard has moved to a maximum 512 pixel icon sizes. CandyBar allows you to organize your icons.


Designing The Icon


Designing the icon is up to you and your imagination. Here is a list though of things to keep in mind when designing your icon.


  • Apple Human Interface Guidelines Apple has there own set guidelines and rules to which they expect icons to be created by.
  • Plan Your Icon For Scale Like designing a logo, you need to be able to scale your icon from 16 x 16 pixels all the way now to 512 x 512 pixels with Leopard. For the 16 pixel icon you may want to take out elements. For example, for my RSS icon, I’m eliminating everything but the orange rss button.
  • Leave Margins for Your Icon You don’t want one icon to outwieght the others because of it’s size.

Exporting The Icon


RSS Icon Icon Template


I’ve create an easy to use Photoshop Template just for mapping out each icon size. This way you don’t have to bother creating multiple size documents and what not. Simply drag and drop the icon layer(s) onto the template and the duplicate and resize according to each size on the template. At this time you may want to sharpen icons at smaller sizes to give them more definition. Remember: you can use Fade controls (located under the Edit menu) after using the sharpen filter.


Now that you’ve completely resized your icons and are ready to make them into an icon, hide the back drop layer. Then go to File >> Save As. You want to format the document as a TIFF file with the options, “Layers” unchecked and “As A Copy” checked. A TIFF Options dialogue box should appear after hitting the save button. It’s important to have Compression set to “None” and “Save Transparency” checked. This way, the icon comes out exactly as you intended.


Tiff Options

Important TIFF Settings to getting the best looking icon


Now all you have to do is duplicate the TIFF file four / five times (one for each size), and crop the file to elimante all other icons. Knowing where to crop the documents should be simple because the guides still remain from the Photoshop document.



Using Icon Composer & CandyBar


Icon Composer is located in the Applications >> Utilities in the Xcode folder. Once you’ve opened the application, creating the icon is easy as dragging the TIFF files over their appropiate sizes. Agree to Extract Mask when asked. Save a fresh ICNS file. The icon shouldn’t yet appear as the actual icon on the document. This is where CandyBar comes in handy. Just drag the .icns file into CandyBar and then drag out the icon image show in the application.


Icon Composer

Icon Composer is as simple as dragging and dropping the TIFF files on to its appropriate spot.


Exporting a TIFF, and not a transparent PNG file from the Export to Web menu proved vital especially when exporting transparent images. This particular icon, when made into an icon using an exported PNG file will cause the smoke coming off the RSS to pixelate. This pixalation is fixed though when exported a TIFF file with tranparency.


RSS Final


REFERENCES

http://tutorialdog.com/how-to-create-icons-for-mac-os-x/


Monday, December 13, 2010

SuPHP - .htaccess to parse HTML as PHP

SkyHi @ Monday, December 13, 2010
In order to parse html files as php, add the following line to your .htaccess file:
AddHandler x-httpd-php .html

This is different than:
AddType application/x-httpd-php .html .htm
(Which will not work with SuPHP)

This can also be done with CPanel using the Apache Handlers link. Add the following entry:
extension: .html
handler: x-httpd-php

Thanks to Ed at LP Support for help with this!

REFERENCES
http://www.lunarforums.com/php_and_mysql_support/suphp_htaccess_to_parse_html_as_php-t15889.0.html

Installing and Configuring suPHP on CentOS 5.3

SkyHi @ Monday, December 13, 2010
I’m deviating from my SCAP posts a bit. I was looking at better ways to secure sites when I stumbled on this.

What is suPHP?

suPHP will execute php scripts as the user you specify. This enhances security by not running scripts as the web server user (nobody) or as root (really bad idea). So even if there is a vulnerable php script installed, it can at most execute with the permissions of the non-privileged user you choose for it to use.

How does it work?

PHP scripts are interpreted by suPHP and suPHP then calls the php interpreter as the specified user and interprets the scripts as that user.

Why am I writing this How-To?

I have found several guides that *almost* get it done, but then there are a few details that you have to go hunt for. Hopefully this guide is easy to use and can get you set up on the first try.

Installation and Configuration

First Steps

There is an suPHP package in the RPMForge repository. You will need this installed. Follow the guide on the CentOS Wiki: http://wiki.centos.org/AdditionalResources/Repositories/RPMForge
If you follow each step for CentOS 5, it will work. I guarantee it.
The RPMForge package you will need is called “mod_suphp” and as of this writing, here are the package details:
Name       : mod_suphp
Arch       : i386
Version    : 0.7.0
Release    : 1.el5.rf
Size       : 597 k
Repo       : rpmforge
Summary    : Apache module that enables running PHP scripts under different users

Install The Package

yum install mod_suphp
This will install a few configuration files:
/etc/suphp.conf – This is the configuration file for suPHP itself
/etc/httpd/conf.d/suphp.conf – This is the configuration file for the suPHP Apache module

Edit the suPHP Config file – /etc/suphp.conf

There are a few lines that need changd to make this work.

webserver_user=apache

Depending on what user you run your web server as, you may need to change this line.

x-httpd-php=php:/usr/bin/php

This line must be modified to put double quotes around the value. suPHP will not work without it. You must also change it to use the PHP commandline interpreter, php-cgi. It should look like this:
x-httpd-php="php:/usr/bin/php-cgi"

x-suphp-cgi=execute:!self

The same applies with this line. Put double quotes around the value, so it looks like this:
x-suphp-cgi="execute:!self"

Edit the suPHP Apache Module Configuration File – /etc/httpd/conf.d/suphp.conf

This file loads the suPHP Apache module as well as sets global configuration for the module. On my server, different sites (VirtualHosts) on my server have files owned by different users. To allow each user/VirtualHost to run PHP as their user, we do not enable nor configure suPHP globally. To skip global configuration, I comment out every line in /etc/httpd/conf.d/suphp.conf except the LoadModule line.
Configuration of the suPHP module will be handled on a per-VirtualHost basis in the httpd.conf.

Edit the httpd config file to set up individual VirtualHosts – /etc/httpd/conf/httpd.conf

suPHP usage is defined per VirtualHost. An unchanged VirtualHost directive will still execute PHP, but as the web server user. You can change this so PHP will not execute at all unless it uses suPHP, but I don’t do that in my config.
Below is my unchanged VirtualHost directive for http://www.packetsense.net:
ServerName packetsense.net
ServerAlias www.packetsense.net
DocumentRoot /home/packetsense/www/
ScriptAlias /cgi-bin/ /home/packetsense/cgi-bin/
ScriptAlias /cgi-sys/ /home/packetsense/cgisys/
SetEnv PHPRC /home/packetsense/etc/
ErrorDocument 404 /404.html
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fchris@packetsense.net"
ServerAdmin chris@packetsense.net
php_admin_flag allow_url_fopen off
You may not have all those directives defined in your config, but that doesn’t really matter.
To set a VirtualHost to work with suPHP, you only need to add 4 lines.
suPHP_Engine on
suPHP_UserGroup username groupname
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
In my case, my files are owned by User: packetsense, and Group: packetsense.
My modified VirtualHost directive now looks like this:
ServerName packetsense.net
ServerAlias www.packetsense.net
DocumentRoot /home/packetsense/www/
suPHP_Engine on
suPHP_UserGroup packetsense packetsense
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
ScriptAlias /cgi-bin/ /home/packetsense/cgi-bin/
ScriptAlias /cgi-sys/ /home/packetsense/cgisys/
SetEnv PHPRC /home/packetsense/etc/
ErrorDocument 404 /404.html
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fchris@packetsense.net"
ServerAdmin chris@packetsense.net
php_admin_flag allow_url_fopen off

Finally: All that’s left is to restart the web server service.

Now: Test It

To see which user your PHP is running as, create a file in your web directory called whoami.php. Include this code:
echo "Output of the 'whoami' command:

\n";
echo exec('/usr/bin/whoami');
?>
You should see something like this: Output of the ‘whoami’ command: packetsense

Common Problems

500 Internal Server Error

Check your /var/log/httpd/error_log. You might see something like this:
[Sun Oct 11 11:27:47 2009] [error] [client 72.185.236.25] SoftException in Application.cpp:249:
File "/home/packetsense/www/whoami.php" is writeable by group
[Sun Oct 11 11:27:47 2009] [error] [client 72.185.236.25] Premature end of script headers: whoami.php
In this case, just chmod 644 the file you’re working with. Alternatively, you can adjust the tolerance for file permissions by editing the /etc/suphp.conf file. Look at this section:
; Security options
allow_file_group_writeable=false
allow_file_others_writeable=false
allow_directory_group_writeable=false
allow_directory_others_writeable=false
Change them to true. Another cause of the internal server error might be if you did not change the interpreter line in /etc/suphp.conf from: x-httpd-php=”php:/usr/bin/php” to x-httpd-php=”php:/usr/bin/php-cgi”

Your PHP source code displays in the browser in Plain Text

Check your /etc/suphp.conf for proper quote marks and the php-cgi interpreter specified.

Problems with Sessions

If your scripts use PHP sessions, you may run into failures when PHP attempts to write to the /var/lib/php/session directory. By default, it is chmod 770, and owner is root, group is apache. I recommend adding your users to a phpsession group and then to chgrp the /var/lib/php/session directory to the phpsession group. I ran into this problem when trying to run PHPMyAdmin REFERENCES http://www.chrisam.net/blog/2009/10/11/installing-and-configuring-suphp-on-centos-5-3/ Secure Web Server with SuPHP  The suPHP Apache module together with suPHP itself provides an easy way to run PHP scripts with different users on the same server. It provides security, because the PHP scripts are not run with the rights of the webserver's user. In addition to that you probably won't have to use PHP's "safe mode", which applies many restrictions on the scripts. For example, if you have a Joomla installation it is not necessary to enable the unsecure ftp layer or give 777 permissions in directories to install components/modules. This suPHP RPM package is using paranoid mode so you can use suphp per-virtualhost and assign per-user permissions. Note: suPHP should only be used if you are using no CGI scripts or if all CGI scripts are run using suExec. wget ftp://ftp.pbone.net/mirror/ftp.freshrpms.net/pub/freshrpms/pub/dag/redhat/el5/en/x86_64/dag/RPMS/mod_suphp-0.7.0-1.el5.rf.x86_64.rpm For i386 the location is: ftp://ftp.pbone.net/mirror/ftp.freshrpms.net/pub/freshrpms/pub/dag/redhat/el5/en/i386/dag/RPMS/mod_suphp-0.7.0-1.el5.rf.i386.rpm rpm -Uvh mod_suphp-0.7.0-1.el5.rf.x86_64.rpm Do the following changes in the 2 suPHP configuration files: In /etc/suphp.conf Change loglevel=info  to loglevel=warn   #Otherwise it will flood the suphp log file Change umask=0077  to umask=0022 Change x-httpd-php=php:/usr/bin/php to x-httpd-php=php:/usr/bin/php-cgi Change allow_file_group_writeable=false to allow_file_group_writeable=true Optional: Change allow_directory_group_writeable=false to allow_directory_group_writeable=true In /etc/httpd/conf.d/suphp.conf Comment out the following 2 lines: AddHandler x-httpd-php .php AddHandler x-httpd-php .php .php4 .php3 .phtml so they will look like: #AddHandler x-httpd-php .php #AddHandler x-httpd-php .php .php4 .php3 .phtml Uncomment: suPHP_AddHandler x-httpd-php    # (Remove the hash mark from the beginning of the line) In your httpd.conf you need to add 2 lines to the virtualhost you want to enable suphp: suPHP_Engine on suPHP_UserGroup username group #This has to be a local user in the system who will be managing his docroot. If you have a Joomla installation you have to chown (change ownersip) of the docroot to user:user and use the correct permissions: chown -R user:user /path/to/joomladir cd /path/to/joomladir find . -type f -exec chmod 644 {} \; find . -type d -exec chmod 755 {} \;  Be sure to restart apache. REFERENCES http://beginlinux.com/server_training/web-server/1253-secure-web-server-with-suphp http://markus.revti.com/2010/03/installing-suphp-on-centos-5/ http://forum.parallels.com/showthread.php?t=84867 http://longvnit.com/blog/?p=95