Page 1 of 1512345...10...Last »

Sat, 7 Oct 2017

Simple file monitor

— SjG @ 11:59 am

Say you host a few web sites for various folks, and you give them write access to a directory on your server. Well, then, my friend, you’re as big a fool as I am.

Maybe you want to mitigate this foolhardiness by keeping an eye on what these folks upload. For example, when I see a user uploading SuperBulletinBoardThatIsTotallyNotASpamTool.php or SuperWordPressPasswordSharingPlugin.php, I can call them and explain why I’m deleting it. I can be a slightly-less-bastard operator from heck.

So here’s a quick bash script that I use. It’ll also help to alert you if somehow one of the WordPress sites gets compromised, and rogue php files get installed. It ignores commonly changing files or things we’re not interested in like images. It shouldn’t be considered an intrusion detection system, or a robust security auditing tool — this wouldn’t really help in the case of an actual hacker with any l33t skillz at all. It’s just a quick information source.


rm -f /tmp/fcl.txt

rm -f /tmp/fcld.txt

/usr/bin/find /var/www/ -type f -ctime -1 | /bin/egrep -v "\\.git|\\.svn|(*.jpg$)|(*.gif$)|(*.pdf$)|wp-content\\/cache|files\\/cache\\/zend_cache" > /tmp/fcl.txt

xargs -0 -n 1 ls -l < <(tr \\n \\0 /tmp/fcld.txt

[ -s /tmp/fcld.txt ] && /usr/bin/mail -s "MYDOMAIN.COM FILES UPDATED" < /tmp/fcld.txt

Throw it into a crontab, and there you have it. You'll get an email with a list of files changed in the past day.

Thu, 22 Sep 2016

Checking Solr index with nagios: obsolete versions

— SjG @ 12:33 pm

I needed to check that the index process that populates the Solr index succeeded and didn’t die during the night, leaving an empty index.

To make things more complicated, the versions of Solr and nagios in use are probably not the latest.

The check_solr -o numdocs command doesn’t work with our Solr configuration. But the internet tells me that the Solr query http://localhost:8983/solr/select/?debug=q‌uery&q=*:* includes the size of the result set. Testing it, I found this to be true:

   <lst name="responseHeader">
      <int name="status">0</int>
      <int name="QTime">0
      <lst name="params">
         <str name="q">*:*</str>
         <str name="debug">q‌uery</str>
   <result name="response" numFound="9832" start="0">

I want to use nagios to check that that numFound is never zero (or too small). I thought I’d just be able to use a nagios regex:

check_http -H localhost -p 8983 -u "/solr/select/?debug=query&q=*:*" -lr 'numFound=\"\d{2+}"'

It didn’t work. To make a long story short, there’s regex and then there’s regex. The kind that works for nagios is:

check_http -H localhost -p 8983 -u "/solr/select/?debug=query&q=*:*" -lr 'numFound=\"[1-9][0-9][0-9]'

This guarantees at least a hundred docs are in the index.

Tue, 7 Jun 2016

JavaScript compares things weirdly

— SjG @ 2:52 pm

We’ve already established that PHP compares things weirdly.

It shouldn’t surprise us that JavaScript does too.

Consider the following:

> var k=['hello'];
> (k=='hello'?'Equals':'Nope');

Now, purists will point out that that’s an “equals” operator not an “identity” operator, but I mean seriously? We’re just going to pretend that

> ['hello']=='hello'

I think I’ll just go and rewrite all my client side code in C now.

Mon, 28 Mar 2016

PHP Compares Things Weirdly

— SjG @ 10:36 am

This is a known .. uh … situation, but it bit me today.

So, consider the following:
$ php --version
PHP 5.4.16 (cli) (built: Jun 23 2015 21:17:27)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
$ php -a
Interactive shell
php > $v1 = '479014103257633139480';
php > $v2 = '479014103257633139481';
php > echo ($v1==$v2?'Equal':'Not Equal');
Not Equal

Seems sane, yes? Reasonable. Kind of what you expect.

But then, consider this:

$ php --version
PHP 5.3.3 (cli) (built: Feb 9 2016 10:36:17)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
$ php -a
Interactive shell
php > $v1 = '479014103257633139480';
php > $v2 = '479014103257633139481';
php > echo ($v1==$v2?'Equal':'Not Equal');

Yeah. Let that sink in for a moment.

Some versions of PHP (before 5.4.mumble) will preëmptively convert strings to numbers before comparing them (if they contain only digits). But if the number is large enough, you may lose the precision to compare them correctly.

Wow. I mean, just … well… I dunno.

For what it’s worth, strcmp will do the right thing regardless of PHP version. But seriously. I mean. Why do I use this turdburger of a language?

Sat, 20 Feb 2016

Anniversary Game

— SjG @ 10:17 pm

So, for our tenth anniversary, I thought I’d make something slightly more … dynamic … than your standard Hallmark card. I thought a simple JavaScript game might be fun.

Since everyone knows that a happy marriage is made of unicorns and rainbows, I figured I’d work with that. My first though was a single-level platform game. I looked at a number of JavaScript game frameworks, and they were all either much too simplistic or much to complicated for what I wanted to do. I spent too much time in the process of starting a game with a new framework, getting frustrated, and then abandoning it. Oh no! I was running out of time!

I decided to bail on frameworks, and just write a quick, simple, pure JavaScript game. I would use animated GIFs as sprites, and do the rest in Canvas. Seems easy.

I raided the usual sources for my assets. I needed a unicorn, so I gave a horn to the Wikipedia running horse animated GIF (which itself is derived from Muybridge’s photos) and knocked out the background. It looked pretty good on a white background!
I then made some animating rainbow hearts, and I was ready.

After the initial stab at coding, unicorns would run back and forth, and rainbows appeared where the user clicked. If the unicorn was within the rainbow ring, I’d register the hit. I was well on my way.

Next, I added the score animations. I was impressed by how smoothly the animation all worked. On a reasonably recent machine, browsers keep up very nicely. Then I went and tested on iOS. Uh-oh. I’d not been very careful about browser size. I ended up recoding the CSS and dimension code to be more or less responsive. OK, seemed good. I added an explosion of hearts effect for when you hit the unicorn. Next, I found a nice source for sounds.

One of the problems I faced was that I was trying to develop the project while sitting on the sofa in the evenings. I’d come home from a long day of coding, and, well, start coding. But then Elizabeth would come home, and I’d have to keep switching windows to avoid creating suspicion. This is where the ability to disable the audio came in. Over the course of a week, I was able to polish it up enough for deployment. It’s far from perfect, but it was well received.



Play it yourself, or use the code to create your own game.

Some Lessons Learned:

  • Players will resize the window in the middle of a game. The code should probably trap for that, and do the right thing.
  • I expected players to launch a single rainbow at a time. In fact, there was a whole lot more clicking than that.
  • It might be faster to write a game from scratch, but seriously, take the time to learn a framework and use it. With any luck, it will handle all those weird edge cases, and probably have better support for odd platforms.
  • Sound in JavaScript is nasty, and not very portable. Again, use a framework (or commit to modern browsers, and use Web Audio API).
  • Responsive design is all good, but for a game, it might make sense to commit to a fixed size for playability.
  • Under iOS, things don’t work quite as you’d expect. This game should have been optimized, and used something like the touchAction style to improve playability. Better yet, I should have created a native version with PhoneGap.

Page 1 of 1512345...10...Last »