Posted by & filed under PHP.

So two of my New Years resolutions are to challenge myself and write more on this blog. So I found the Fizz Buzz challenge over at Code Dojo and thought I would kill two birds with one stone here.

I thought I would share how I completed the Fizz Buzz challenge, I could go further and loop through some more numbers however the challenge of states divisible by 3,5 and 15 not any other numbers.

function fizzer($number = ) {
    if($number %15 == 0) {
        echo ‘fizzbuzz’;
    } elseif($number %3 == 0) {
        echo ‘fizz’;
    } elseif($number %5 == 0) {
        echo ‘buzz’;
    } else {
        echo $number;
    }
}

echo fizzer(15);

I would love to see some more solutions in other languages so please tweet or if you find this on hacker news comment back with some examples.

Thanks

Posted by & filed under AWS.

If you have more than 1 Amazon EC2 instance it might be worth looking at distributing your application traffic over the instances using an Elastic Load Balancer (ELB) this will also make your architecture have a better level of fault tolerance and finally having your instances in different availability zones will also increase the fault tolerance. My setup at the moment is 2 Amazon EC2 instances running NGINX and PHP-FPM I originally had them running NGINX and PHP-FPM separate however I wanted to try it all on one server. I wanted to see if we had any improvements having them both on the one server as-well as using a load balancer compared to using the round robin approach.

How does ELB work

ELB once setup will look for your given file, I have chosen ELB to check the availability of index.html every X seconds, you configure these values which I will explain later. The basic concept is that if get a number of unhealthy checks on a given instance ELB will route traffic to the other instances until the unhealthy instance returns a healthy check. using multiple availability zones increases the fault tolerance because if all your instances are within the same availability zone ELB will be routing traffic to nothing as all the instances will be returning an unhealthy check.

Settings up the Amazon EC2 instances

  1. First create 2 identical instances
  2. Create a security group with HTTP and SSH rule enabled, You can use HTTPS if you want to however for simplicity I am going to choose not to at the moment
  3. Assign your key so that you can ssh into the 2 instances
  4. Name your instances, I named them ”TestLoadBalancer#1″ and ”TestLoadBalancer#2″
  5. SSH into your two servers and setup either NGINX + PHP-FPM or Apache
  6. View the default index.html file for your web server and add the server name to the body file
  7. Start the web server
  8. Go to the IP of your instances and check that you can retrieve the index.html and you can see the sever name within the file and make sure the server name changes when changing the IP address.
Setting up the Amazon Elastic Load Balancer
  1. Navigate back to the EC2 dashboard
  2. Click “load balancer” on the right of the screen
  3. Click the button “create a load balancer”
  4. Choose your name, I named it ”TestLoadBalancer” for consistency with the other 2 instances
  5. Now under the header “Listener Configuration” you need to choose the Protocols you setup in step 2 in ”Settings up the Amazon EC2 instances”
  6. Under “Configuration Options” choose which protocol you want the health check to run the health checks on and the file to test for, I set it to index.html which is the same as the file I edited in step 6 in “Settings up the Amazon EC2 instances”
  7. In the header “Advanced Options” I kept all the options default, we will go through the “Advanced Options” and tweak them later in part 2 of this series
  8. In the next screen you need to choose your instances, the reason I named my 2 instances ”TestLoadBalancer#1″ and ”TestLoadBalancer#2″ was because I could easily find them within a sea of instances
  9. Now on the final screen click create

Setting up DNSMadeEasy with ELB

  1.  Create a CNAME Records for your chosen domain
  2. Within the AWS ELB screen single click the load balancer you created
  3. From the AWS ELB screen copy the string next to “(A Record)”
  4. Paste the string into the “Alias” input box and append a “.” (dot) to the end of the string
  5. Create a name for example “loadbalancer”
  6. You should now have a CNAME record “loadbalancer.example.com” with the alias which was copied from within the AWS ELB screen
Quick testing
Now if you visit your new domain for example “”loadbalancer.example.com”" you should see the default web server index.html page with your server name somewhere on the screen, if you stop your web server on one of the instances and wait 1-2 minutes you should see the server name change in the default web server index.html, we will lower the 1-2 minute wait in series 2 which covers tweaking and proper testing of this service.
Summary
So we have created 2 AWS instances and a AWS Elastic Load Balancer (ELB) and configured it within DNSMadeEasy, A good start if I do say so myself. In part 2 we will cover how to tweak and properly test all of the above.

 

Posted by & filed under PHP.

Hi, so I have been back from Hong Kong now for 4 days and I decided to start a fresh and make some changes one of them was to contribute more to the php community. I have been building a little profile picture generator, I forked a git repo which had a nice little MysqliDb class (PHP-MySQLi-Database-Class) and on my local machine I was running php 5.2 for some crazy reason I am yet to figure out wh, however when I went to deploy some code I kept getting errors within the MysqliDb class which was pretty anooying. They were:

Parameter 1 to mysqli_stmt::bind_result() expected to be a reference, value given

This was down to the code:

array_push($params, &$bindParams[$prop]);

So to fix it I had to remove the &, I then got other issues to I have to update the call_user_func_array because this was deprecated in php 5.4 I think so I have to change the following:

call_user_func_array(array($stmt, ‘bind_param’), $params);

I changed it to:

call_user_func_array(array($stmt, "bind_param"),$this->refValues($params));

and added the following method

function refValues($arr)
{
    //Reference is required for PHP 5.3+
    if (strnatcmp(phpversion(),’5.3′) >= 0) {
        $refs = array();
        foreach($arr as $key => $value)
            $refs[$key] = &$arr[$key];
            return $refs;
    }
    return $arr;
}

I then sent a pull request to two other forkers and one of them has already merged it into his repo which I am so happy about. The main point of this short story is that I loved every minute of forking doing the working and doing a pull request.

Posted by & filed under AWS, Unix.

I was trying to move my code and nginx configs on my AWS instance onto a EBS drive so I could reboot the instance easier however I kept getting a very annoying error

“Could not stat /dev/sdj — No such file or directory”

I never get this with the AWS instances at work and I found out why, because they are all on debian (doh), I was thinking hmm I wonder if the the linux kernel I am using on my personnel instance are renaming the devices. So I ran the command

“cat /proc/partitions”

Hey presto we have a different name, I could see two devices one which was my root device and my new EBS drive.

“202 1 8388608 xvda1

202 144 2097152 xvdj”

I then ran my useual command but with an updated device name

“sudo mkfs -t ext3 /dev/xvdj”

Then you should be able to mount it

“sudo mount /dev/xvdj /mnt/****”

 

Posted by & filed under Security.

So FireHost have released an interesting statistical analysis of attacks their servers blocked in Q2 of 2012, net security said “One of the most significant changes in attack traffic seen between Q1 and Q2 2012 was a 69% increase in SQL Injection attacks. Rising from 277,770 blocked attacks in the first quarter, to 469,983 between April and June, this type of attack is frequently cited as an attack vector of choice for data thieves.”. Now this is pretty cool that people are learning these skills and could start to use them to help defend such attacks. But I have some ideas why we have seen a 69% increase in SQL Injection attacks it is because of the tools coming out which do automatic scans of a URI to check if there is a SQL Injection vulnerability then you can even send a SQL Injection attack. Don’t get me wrong these tools are really cool and I have played around with them but it gives script kiddies a tool to use in a malicious way without even having to learn about SQL, SQL Injection attacks or even how they work they copy and paste a URI from a google dork and their can start trying to get some data.

 

Surely we will end up with an army of script kiddies with knowledge of how to use a tool but not why or how they work.

Posted by & filed under Other languages.

So I have been playing around with Go today and I have really enjoyed it, The go tour was pretty cool too. I thought I would show you how simple it is to write hello world and explain as best as I can what happens.
 

package main
import "fmt"
func main() {
    fmt.Println("Hello World")
}

 

So every go programme runs in the main package, you then import fmt (‘Package fmt implements formatted I/O with functions analogous to C’s printf and scanf.’). So now you have fmt you can refer the names it exports for example Println (‘a name is exported if it begins with a capital letter, Foo is an exported name, as is FOO. The name foo is not exported.’). If you run the above it will result in printing out Hello World pretty basic but still a good start.

Tags:

Posted by & filed under PHP, Security.

Hi,

So I got a copy of the stolen yahoo usernames and password and thought I would write a quick little script to show the data in a cleaner view aswell as the occurrence of each password, I have attached my script but you can get the .txt of data from here , this is the link to my script yahoo-breach. I have limited the script to go through the first 500 entries however just change the number in the while loop to the number of entries you wish to go through.

Here are some quick stats based on the first 10000 entries:

password firefly - occurance 5

password silver - occurance 5

password flower - occurance 5

password ginger - occurance 6

password oliver - occurance 6

password pepper - occurance 6

password charlie - occurance 6

password trustno1 - occurance 7

password freedom - occurance 7

password success - occurance 7

password associated - occurance 7

password purple - occurance 8

password monkey - occurance 8

password greenday - occurance 8

password freelance - occurance 8

password sunshine - occurance 8

password whatever - occurance 8

password princess - occurance 9

password jordan - occurance 9

password content - occurance 11

password 123456 - occurance 18

password writer - occurance 20

password password - occurance 33

 

Posted by & filed under Security, Unix.

So when trying to get an SSL certificate setup this week I kept getting the following error:

“The following error(s) occurred while parsing CSR

Your CSR contains a key size that is no longer considered secure. Security best practices require a minimum key size of 2048 bits. Please submit a new CSR with a minimum 2048 bit key size.”

I was running the same command which I was running for the last year which is “openssl req -new -days 365 -nodes -keyout *.domain.net.key -out *.domain.net.csr” and I couldn’t figure out why it had changed and why I hadn’t changed my command, I am now running “openssl req -new -nodes -newkey rsa:2048 -keyout *.domain.net.key -out *.domain.net.csr” which seems to work fine, you could also try using a 4096 but key.

I hope this helps someone.

Posted by & filed under Other languages.

I have really wanted to learn C for ages now however I came across Go and thought I would give it a try first. I started today with getting the compiler installed. I have used the compiler within Xcode 4 and then downloaded the package from google source code. The process was really simple, the docs really helped though. I wrote my first “Hello World” noob script and enjoyed it. It is nice to use another language which isn’t PHP. Tomorrow I am going to start to write a little web app, I will write a little post to let you know how I got on.

Tags: