Category: WebApps

Categories
WebApps

How the FBI Would Have Tracked Palin’s Hacker If He Were L33ter

It’s been a few weeks since Palin’s “hacker,” David Kernell, got caught because he left a reference to ctunnel.com in the screenshots of Palin’s email.

Enjoy Jail, Punk!

What if David Kernell was able to remove the references to ctunnel.com? What would the FBI have to do to catch him? And how would a would-be hacker avoid detection?

  1. The FBI would have to obtain records from Yahoo and 4chan, and these records would hopefully reveal the IP addresse(s) that accessed Palin’s account.
  2. The FBI would also have to search data retrieved from a descendant of Carnivore, a wiretapping software used for the Internet c. 2001. Such data could reveal the MAC address of the hacker. The MAC address would lead to the place of purchase for David’s network card.

Even if David Kernell photoshopped ctunnel.com from the screenshots of Palin’s email, the FBI could still have catched him in two ways:

  1. The IP address at Yahoo or through Carnivore-like software would have led the FBI to ctunnel and then to David’s IP address.
  2. The MAC address gotten through Carnivore-like software at David’s ISP (which is not really likely) would have led the FBI to the store at which David’s computer was purchased. Something like “ping davids_IP && arp -a” would have to be run on a LAN level.

So how else could David have avoided detection?

1) He could have chained proxy servers.
2) He could have used a combination of p2p networks like the ones used for downloading movies and music to get to the web pages.

But even then, the FBI would still be able to catch him.

The FBI could still log name server look ups, the very techology that allows your computer to see www.fbi.gov as 64.212.100.43. If a log of name server look ups matched the time stamps of when the hacked pages were accessed, then the FBI would have a strong reason to believe that the hacker was using the ISP that provided the name server lookup, and from there get to David.

Okay, okay. Let’s say that David disabled name server lookups. Could the FBI catch him if he went as far as that?

If somehow his MAC address got leaked that would lead right to whoever purchased his computer’s network card. If he paid cash for his network card on the black market, or Craig’s List, then the FBI would be on a wild goose chase.

I think if he took all the precautions above, the FBI would be at a total loss for tracking Palin’s Hacker if he were l33ter.

Thoughts?

Categories
WebApps

Using Tablefy to Make Comparisons: Python Versus PHP

I started using tablefy for just making tables a few months ago.

Here’s a tablefy chart:


go to the table!

Anyway, if you need tables asap, and don’t want to be bothered with the HTML, then tablefy is the way to go.

Categories
TechBiz Webalytics WebApps

How To Save Money with Memcache

Jeremiah Owyang twittered, “I’m asking every CEO I meet about their take on the economic downturn.” This is great advice, but I’ve got my own reasons for thinking so, and would like to invite Jeremiah to share his reasons here.

For me, I’ve been talking to different CEOs and telling them the importance of scalable technologies like memcache to save money NOW. I ask CEOs about the economy to hear their concerns and to see for my own business reasons if they’ve implemented memcache on their servers.

The math is really simple. Most social network sites can waste anywhere from 5000 to 10000 seconds per week on slow, un-cached database queries. Assuming the ability to handle around 30 requests per second, many large websites miss out on an additional 150000 to 300000 page views per week. Not to mention that you lose a user for every 30 seconds of wait.

If a busy site with stats above implemented memcache they would have:

  • not lost between 165 and 335 users per week.
  • 150000 to 300000 more page views per week
  • $500 – $1000 more per week on a 100 x 720 skyscraper with the right ctr and ecpm — that’s an additional coder

If you want to see the above savings, feel free to contact me at barce[a t no spam]codebelay.com .

Categories
How-To WebApps

Saving Time on Subversion Merging: svn merge Manually

I just ran a benchmark on merging files using Eclipse which then calls subversion and running subversion manually on a 28MB repository.

The results are interesting.

svn merge destination_url@HEAD source_url@HEAD destination_folder

took exactly 7 minutes

Using a subversion merge in eclipse on the same repo and revision took 10 minutes.

Take away: use svn merge on the command-line.

Ya, I’d love to go back to using git.

Categories
TechBiz WebApps

How Do You Avoid Presentation Disaster?

It’s been a rough few days at work. We got hacked. I had to cancel a lunch with some pals at the Reverie. @alicetiara and @walnotes were gonna be there and everything was set for a pretty convivial conversation and some fun debate.

But the code used for my presentation didn’t work because the machine it was working on wasn’t configured correctly. There might have been an issue with someone overwriting my code, too.

How do you avoid presentation disaster?

For my part, I’m creating a tool called Noobwatcher that:

  • checks the repo for changes every N seconds — because of a high noobage level, I’m gonna check every second
  • the moment that there is an update send the diff to me via IM, email, twitter. Take your pick.
  • check the server configuration files important to my code every N seconds
  • the moment a configuration file changes send the diff to me via IM, email, twitter — might as well use pownce, too.

Have you had to set something like this up? If so, what solution did you use?

Categories
How-To php WebApps

Symfony Has a Swift Plugin for Sending Gmail

It’s easy to send emails using your gmail account with the Swift Plugin.
Here’s some sample code below


$to          = 'somebody@example.com';

$htmlMessage = "OH HAI!";
$textMessage = "*OH HAI!*";

$connection = new Swift_Connection_SMTP(
  sfConfig::get('app_email_smtp_server'),
  sfConfig::get('app_email_smtp_port'), 
  Swift_Connection_SMTP::ENC_SSL
);

$connection->setUsername(sfConfig::get('app_email_username')); # gmail email
$connection->setPassword(sfConfig::get('app_email_password')); # gmail password

$mailer = new Swift($connection);
$message = new Swift_Message("Your subject goes here. OH HAI!");
 
$message->attach(new Swift_Message_Part($htmlMessage, 'text/html'));
$message->attach(new Swift_Message_Part($textMessage, 'text/plain'));
 
// Send,
// try and catch
try {
  if (!$mailer->send($message, $to, sfConfig::get('app_email_username'))) {
    throw new Exception('mailer error');
  }
} catch (Exception $e) {
    sfContext::getInstance()->getLogger()->info(
      "Caught swift send error exception:\n" .  
      $e->getMessage(). " ".
      $e->getFile() . ": Line ".
      $e->getLine() . "\n", $e->getTraceAsString(), "\n"
  );
}
          
$mailer->disconnect();
Categories
How-To php WebApps

sfGuardPlugin: The Extra Documentation

Hey Folks,

The Symfony project has a section called sfGuardPlugin Extra Documentation.

It’s worth a read, especially the part about using the sfGuardUserProfile calls.

The docs haven’t been updated since March, so if something isn’t working, please refer to my previous blog post on installing the sfGuardPlugin.

I’d like to state that personally, there isn’t really the right way to do this. Sometimes you already have a table that has a username and password. You can skip using the sfGuardAuth password tables by doing the following:

  sf_guard_plugin:
    algorithm_callable: md5
    success_signin_url: @homepage
    profile_class: sfGuardUserProfile
    profile_field_name: account_id
    check_password_callable: [Account, checkPassword]

The important line here is check_password_callable, where you are telling symfony to use the Account table and to use your own checkPassword method.

Categories
TechBiz WebApps

Stack Overflow Answers Your Hardest Tech Questions

From Jeff Atwood, the blogger who gives you Coding Horror, your hardest tech questions get answered at Stack Overflow. I wanted to see if somebody had coded a way to edit text fields in Vim, and bam, there was the answer.

picture of stack overflow
The idea behind Stack Overflow is that the collective wisdom of technologists will always be better than the experts.

So far it has surpassed my expectations on the quality, obscurity, and speed at which tech questions get answered.

Will entropy, otherwise known as spam, kill this site? Or is its reputation system good enough to prevent that?

Has anybody stumped Stack Overflow yet?

As always, your comments are very welcome.

Categories
How-To WebApps

Weening Myself Off of Eclipse PDT

I really just want to stick with Vim, and Vim is really making that sort of commitment easy because of technology I talked about in my last post, as well as learning how to use subversion just from the command-line.

Today I learned how to:

  • create folds in Vim with a split view so that I can get perspectives similar to Eclipse’s object explorer. (There’s a great folds tutorialon Linux.com.)
  • merge by just using subversion on the command-line

Tomorrow I’m gonna learn about:

  • Using ant at the command-line
  • Being more adept at file version comparisons, e.g. (svn diff)

Have you weened yourself off of an IDE? And if so, what do you now use for text editing?

Categories
How-To WebApps

Ctags and Code Completion in Vim 7.2

At work we switched the whole dev team over to using Eclipse. I still haven’t gotten used to all the point and click crap on it, but really admire the use of code completion and ctags.

When I saw that Vim had these, I’ve upgraded and now use ctags and code completion from Vim.

To get code completion, I type out the little bit I know and then type ctrl-o and ctrl-x:

pic of code completion in vim

To get ctags working, I installed it using sudo apt-get install ctags and then at the root of all my php files I typed:

ctags -R .

This generated a tags file.

Now when I open any file and have the cursor over a function or class, I just type ctrl-] and the file containing the class or function opens up.