1. It won’t traverse 3 phase power. I’ve tried it, and I’ve ended up with a very weak/nonexistant signal which is probably more inductance than anything else.
2. Obviously it doesn’t handle bad cables well – it doesn’t much like extension cables either.
3. Different circuits work about as well as 3 phase power, the only signal you will get is probably inductance between the two circuits.

Some advantages:
1. It travels pretty far. I’ve had over 150mbit between adapters at opposite ends of the house.
2. No new cabling
3. Fully supports standard Ethernet so all network protocols will work just fine over it.
4. I love it

For anyone running a home or office network and not fortunate to have Ethernet points cabled in, I strongly recommend these devices, you’ll never know the difference.

Create a .htaccess file, and enter:

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)\.html $1.php [R=301,NC]

This creates a permanent working 301 redirect (Search Engine Friendly) to your new .PHP file.

$api->process($to_process, $data, $opt1, $opt2);

$to_process is an array, as follows;

$to_process = Array( Array(”FOO”, “BAR”, 1, 2), Array(”BAR”, “FOO”, 5, 3), Array(”HELLO”, “World”, 9, 10) );

And $data is a ~5k string containing HTML code.

My best option so far, has been $data_array = Array(); $data_array[] = $to_process; $data_array[] = $code; $data_array[] = $opt1; $data_array[] = $opt2;

We can then send urlrawencode(serialize($data_array)); from our PHP script to the web API via curl through POST data. On the remote API server, we don’t need to use urlrawdecode() as the web server handles this for you. It’s also worth ensuring that magic_quotes_gpc is off. Simply, $data_array = unserialize($_POST['variable']); should do just fine.

These days, attacks on severs are commonplace, and website users are wary, especially when it comes to entering sensitive information. That’s where an SSL certificate comes in handy. It increases consumer confidence, and confidence of visitors in general. It shows that you’re serious about what you’re doing.

An SSL certificate is really a must if you plan to accept any sort of sensitive data, including passwords, personal information, or payment credentials. While it’s not a must to have an SSL certificate if you only have a message board on your site, you would be well advised to purchase one if you collect any sort of personal information, including real names and addresses.

An SSL certificate is really mandatory if you run a commerce website. Credit card companies require this, and there are very few customers who are willing to enter payment or personal information without the blue or green bar, or the lock logo, depending upon the browser.

It’s quite easy to install an SSL certificate if you have a control panel of any sort, but the process is a little bit more involved if you do it in your SSH shell. You will first need to enable the mod_ssl module in Apache. It’s included in the default installation, but it is not enabled as a default. The module requires the OpenSSL library.

As you can see, it’s a very involved process to install an SSL certificate if you don’t have a control panel. It’s important that it be installed correctly, because there’s a certain chain to follow, and if link in the chain is broken, your certificate won’t validate, and even worse, your users could get an error message warning them about potential safety issues, which is not something that any webmaster wants.

If you are not comfortable with doing the process manually, have someone help you. Even if you must pay for their services, it’s money well spent, because the increased sales or usage your site will get as a result will be the return on investment.

Sadly, an SSL certificate is something that many well-meaning webmasters or merchants neglect to get, and apart from violating the terms of the credit card companies’ merchant agreements, it’s simply not good for business.

It would be well advised to use the https:// protocol for any section of your website that accepts a password, personal information, or payment information. Doing so will make the experience far more pleasant for both yourself and your users or customers.

Cross Site Scripting seems to have originally meant, placing some malicious code on your victim site, that would pull code (usually javascript, but sometimes vbscript) from another malicious domain. Each client that visited the victim site, would end up unknowingly having 3rd party malicious script code executed on his own browser. Now, it has become a term used to describe any type of malicious scripting attack.

The first example is a simple one. Many sites allow user comments. A user could quite easily enter:
This is my comment!<script type=”text/javascript”>
alert(”script!”);
</script>

Any user that hits this affected page, will now see a popup box with the text “script!”. The user could also just as easily have entered a script source of http://www.nastydomain.com/nastyscript.js which will be downloaded and executed.

The second option is to place some javascript code that steals the user’s cookies for that particular site, and then post them to a 3rd party site. His cookies may contain a login and password, or more likely a login hash. The attacker can then use these cookies to hijack the user’s session, and access possible sensitive areas of a site under that user’s account, as that hijacked user.

Fortunately the solution is simple. Either use htmlentities() to ‘escape’ HTML entities, i.e. converting <’s to &lt; etc. Or, use strip_tags, to remove all HTML tag input.

To select UNIQUE rows only:
SELECT DISTINCT field FROM table;

To select DUPLICATE rows only:
SELECT field FROM table GROUP BY field HAVING ( COUNT(field) = 2 )

To select DUPLICATE, TRIPLICATE or more rows only:
SELECT field FROM table GROUP BY field HAVING ( COUNT(field) > 1 )

As a website security consultant I advise you to ensure that your memcache server runs on 127.0.0.1 only and that you secure your server. Anyone with access to the server can telnet to the server’s local interface and get/set your memcache data.

I’ve used memcached for a number of PHP/MySQL projects, where I want greater cache control on database queries, than just relying on MySQL’s inbuilt caching abilities.

Now, whilst memcached should not be used to mask bad database design and optimization, or badly written SQL queries, it can help dramatically with queries that simply take a long time and have already been optimized as far as possible.

Assume that you had a simple database query wrapper:

function db_getrows($query)
{

$rows = Array();
$resource = mysql_query($query);
while ($rows[] = mysql_fetch_object($resource))
{

//do nothing

}
return $rows;

}

If you have no idea what queries are going to get passed to this, but simply want to cache all SELECT output, then modify as follows:

function db_getrows($query)
{

$rows = Array();
//Get the MD5 hash of the query, which we can use to identify it:
$hash = md5($query);
$memcache_obj = memcache_connect(”localhost”, 11211); //connect to memcached
$mem_get = memcache_get($memcache_obj, $hash); //If we had this query key stored in memcache, $mem_get will now contain the data, otherwise, it will be empty.

if (empty($mem_get))
{

$resource = mysql_query($query);
while ($rows[] = mysql_fetch_object($resource))
{

//do nothing

}
memcache_add($memcache_obj, $hash, serialize($rows), false, (60*60)); //add it to memcache for next time, have it expire in 1 hour (60*60 seconds)

} else {

$rows = unserialize($mem_get);

}
return $rows;

}

What will happen now, is that when a query is provided, we take the MD5 sum of that query. We then check to see if we have that query response in memcache already. If so, great, unserialize it and return it. If not, run the query, get the data, and add it to memcache with an expiry time of 1 hour.

Any queries to memcache will of course bypass the database alltogether therefore alleviating the load. Your only consideration is what to cache and the expiry time. If you cache the output of a SELECT query on say, the number of posts on your forum, it may not just keep that out of date for an hour, but could infact cause erroneous data to be inserted by your forum into your database. In that case, you can take a look through the code and find any instances where your forum post count may be updated, and add memcache_delete($memcache_obj, ‘key_to_delete’, 10); which will automatically delete ‘key_to_delete’ after 10 seconds.

<?php
function increment($i)
{
$i++;
return $i;
}

$a = 10;
$b = increment($a);
?>

At this point, $a remains as 10, however $b is now 11. $b = increment(10); works just the same, and you can assign 10 back to the original variable with: $a = 10; $a = increment($a); This is called passing variables by value. i.e. I am passing the VALUE of $a to the increment() function.

We also have the option of passing variables by reference. For programmers that have worked with C before, this is a ‘pointer’.

<?php
function increment(&$i)
{
$i++;
return $i;
}

$a = 10;
increment($a);
echo “a has now become: ” . $a;
?>

In the case above, I am passing $a by reference.  i.e. the increment() function is operating on the variable $a rather than the value of the variable. Certain things that shouldn’t work get fixed by PHP, i.e. increment(&$a). By the time the increment() function gets to it, it is actually passing the reference to the reference to the variable. Certain other things will fail entirely, i.e. increment(10); will give “Fatal error: Only variables can be passed by reference”

This trims 2 characters from $s, resulting in “This is my stri”;

if (empty($_SERVER['HTTP_REFERER'])) will produce a notice:
Undefined index: HTTP_REFERER

The correct way to check for the existence of an array key is: if (array_key_exists(”HTTP_REFERER”, $_SERVER))

To disable this in bind, add the following to the ‘options’ stanza within named.conf:

allow-recursion {”none”;};
recursion no;

After your export and import, you will likely end up with an error on your new installation:

‘Access denied for user ‘debian-sys-maint’@'localhost’

The way to fix this, is to log in to MySQL as root, and issue:

GRANT ALL PRIVILEGES ON *.* TO ‘debian-sys-maint’@'localhost’ IDENTIFIED BY ‘xxxxx’ WITH GRANT OPTION

Where ‘xxxxx’ is the password found in your debian.cnf file.

Then issue: FLUSH PRIVILEGES; and restart MySQL

When microtime() is called without any arguments it will return a string in the form of “microseconds seconds” i.e. “0.70801200 1271088014″ which is the number of seconds and microseconds since the Unix Epoch (0:00:00 January 1, 1970 GMT).

When microtime is called with a ‘1′, i.e. <? echo microtime(1); ?> it will return the number of microseconds alone which is going to be more useful for what we want to achieve, i.e. “1271088173.97″

So using this, we can now write a script that we want to time, for example:

<?php
echo “Script Starting\n”;
$start_time = microtime(1);
for ($i = 0; $i < 10000000; $i++)
{
//perform some calculation
$n = $i%247;
}
$end_time = microtime(1);
echo “Our script took: ” . ($end_time – $start_time) . ” to run\n”;
?>

The output of this script is:

adam@vm1-webserver01:/tmp$ php ./t.php
Script Starting
Our script took: 1.45122814178 to run

Now you can add a $start_time = microtime(1); to the top of any script that you have, and a $end_time = microtime(1); echo $end_time-$start_time; to the end of any script that you have to time it, or alternatively just time certain portions to see where you can optimize things.

curl -u username:password http://api.twitter.com/1/statuses/friends_timeline.xml

Which will get the statuses of all your friends. You can of course use PHP’s curl library just as easily as the command line, and my next post will focus on using php5-curl

When you try and resolve a domain name, you make a request to a name server on UDP port 53. The way that a lot of wireless hotspot, firewalls and proxies work, is that your DNS request is allowed out, you get the IP for the machine you’re looking for, and then your request to the IP is redirected to the wireless hotspot login page, or through a web proxy server.

The problem is, that all port 53 UDP traffic is allowed out to anywhere, without any kind of authentication. You can therefore install OpenVPN on a remote server which by default listens in on UDP port 1194. You can change this with one configuration option to 53, and then edit your client config to connect to the server on port 53 instead. Often, other TCP/UDP ports might be allowed out, and ICMP is also sometimes a possibility. It is possible to easily tunnel your data out over TCP, UDP or ICMP as a worst case.

This type of attack worked on 5 out of 6 different wireless hotspot systems to gain access without authentication.

The one that it didn’t work on, captured all outbound 53 UDP requests, and silently redirected them to it’s own local DNS server. This is simple enough to do, so I’m not sure why more manufacturers haven’t done the same. Using iptables:

${IPTABLES} -t nat -A PREROUTING -i eth0 -p udp -m udp –dport 53 -j REDIRECT –to-port 53

These are the same type of rules used to configure transparent proxying for Squid.