Taking HHVM 3.0.0 for a spin

Not even a day has passed since Facebook released a new version of their PHP virtual machine called HHVM. If you don’t know HHVM and you’re coding PHP, you’ve probably been living under a rock for the last few years, but the point is, it’s blazing fast. As a matter of fact it’s so fast that at the moment the network latency on my blog is more of an issue than page rendering speed, and I haven’t even started to do any optimization.

What’s also cool about version 3.0.0 is the fact that the old HTTP engine is gone, instead HHVM is now reachable via FastCGI, which makes it an (almost) drop-in replacement for PHP-FPM. It also supports Hack Lang, which is a strongly typed variation of PHP. It should be noted, however, that it’s not 100% PHP compatible, so you might run into some compatibility issues. So, that being said, why don’t we take it for a spin?
Continue reading

Don’t make me think! on PHP code

If you’ve ever done any UI work, you almost surely encountered the book Don’t make me think by Steve Krug. The sole job of usability is to ensure a flow feeling for the customer. Anything that breaks that flow, makes the customer stop and think, is bad for conversion towards your target page.

When coding, you can have a similar flow feeling. You get into your zone, start coding and you just write the code that does exactly what you want – unless something interrupts you. The most common reason for this interruption in my experience is bad code. Code that you don’t know, code that’s not logical to use, code that contains bugs. If you’ve ever worked on larger systems, you know the annoyance of working with bad code. So the logical question is, how do you write slightly less crappy code?

Continue reading

LAMPSecurityToolkit v2.0 is in the making, get your feature requests in now!

If you’ve been following my online activity for some time, you might remember a quick and dirty project some 3 years ago: LAMPSecurityToolkit. My aim was to create a PHP-based interface to do a quick check on the most basic PHP security settings to help emerging system administrators to keep their servers secure. Although the feature set has been limited and the interface was rather crude, the tool was useful. Now it is time to create version 2.0.

LAMPSecurityToolkit v2.0

So get your feature requests in by the end of March and they might just make it into version 2.0.

Enhance your PHP-fu with code quality tools

Writing good code is an art. There is no magic bullet solution that will make you write good code over night. However, there are a few tools that you can use to remind you of the bad habits you may be doing.

If you are working in a team these tools can be the regulators that help you keep some sort of order in the massive amounts of code you’ll be writing.

Continue reading

Making SSH really useful on Windows

If you’ve ever tried to operate a Linux server from Windows, you know what I’m talking about. That beautiful piece of software that’s allows you to connect servers via SSH and is generally just a pain in your proverbial backside: PuTTY.

Before you go down to the comments and unleash your fury of emotions on me and my progenitors, please let me explain. PuTTY is great in how reliable it works. It really is. However, using SSH keys and the whole integration with the Windows world is just a bit clunky. Not to mention the lack of rsync and all those other scripting tools, which is almost a must when working with Linux.

Why use Windows at all you ask? Unlike most sysadmins, I have diverse tasks that sometimes require me to run Windows-only software that makes heavy use of good hardware, for example for video editing. Although I could go to Mac, I am a long time Windows and Linux user, so combining the two would be the way to go for me.

Fortunately the marriage is rather easy.

Continue reading

Backing up Linux servers with Duplicity and Amazon AWS

Cloud storage is dirt cheap nowadays, so why wouldn’t one use it for backup space as well? Or at least for a secondary, off-site backup? Turns out, it’s not that easy. Traditional backup software like Bacula doesn’t yet support Amazon Web Services at all. However, there is a (still beta) challenger called duplicity which does.
Continue reading

János Pásztor

October 10, 2013

Hot news people, I just got an e-mail from Kir Kolyshkin to let me know that they kept their promise and made OpenVZ for Debian Wheezy available. For more details head over to their blog.

Serious privacy problem with Google Hangouts

A freak accident just happened to me. A friend wrote me on Google Hangouts that I apparently sent him a message that wasn’t intended for him. While talking with him, a colleague just approached me that he apparently received parts of this conversation too.

While spreading the news, I came across a fresh topic on the Google product forums, where multiple users are complaining about the same issue and the number of complains is growing rapidly.

Since the problem isn’t dependent on what client you’re using (desktop or web), I recommend not using Google Hangouts at all until it is resolved.

Update: Google seems to be investigating the issue.

Update: Google just updated their status page: The issue has been resolved and all services are gradually returning to normal. We will update when full service is restored. No statement in regards to the privacy issue though.

Update: Google just sent an e-mail that they will be putting the chats sent to the wrong person back into the sender’s history for review. This excludes Off The Record messages of course.

Hello,

On September 25 you may have noticed a technical glitch with Google’s chat services, in which some messages intended for one person were sent to another. The issue lasted roughly three and a half hours, and affected a small percentage of users.

We took steps to fix the problem as soon as we discovered it, including removing any messages you sent during that period from everyone’s saved chats. This reduced the chance that people saw content that wasn’t meant for them.

Today we’re putting messages you sent during the glitch back into your saved chats.

No recipients, intended or unintended, will have access to these messages in their saved chats. They’re only visible to you.
Your saved chats will show the contents and unintended recipients of any misdelivered messages.
Some saved chats may not show your intended recipient.

If you’d like to review these saved chats, you can visit them here (https://mail.google.com/mail/u/0/#search/is%3Achat+newer%3A1380173400+older%3A1380184200). You can delete them entirely, or keep them and start a new conversation. Remember we don’t save off the record chats, so they won’t appear (https://support.google.com/talk/answer/29291?hl=en).

We’re very sorry for what happened, and we’re taking steps to make sure issues like this don’t happen in the future.

Sincerely,

The Google chat team

© 2013, Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043
You are receiving this service announcement to inform you about an important issue with your Google Account.

Filtering spam with Exim and Spamassassin (properly)

SpamAssassin is a frequently used companion for Exim. However, most people set it up in a synchronous manner – spam is checked directly when the SMTP session is opened. While this is certainly a valid technique, it has it’s drawbacks. It leaves the server vulnerable to DOS attacks because the spam filtering is a big resource hog. Having SpamAssassin headers in the mail from the remote servers is also an issue, because the $h_X-Spam-* variables will start misbehaving suddenly.

For the purpose of this article I am going to assume you are fairly familiar with writing your own Exim configuration and you are also able to set up your SpamAssassin configuration. If you lack either of these abilities, please read up on both topics first.
Continue reading