Well, no, not any query.  I would never want to kill a write — just a read-only query; in particular: search queries.

So, as it turns out, the hurdles for this are immense, and, because my solution uses PHP’s pcntl_fork() function, even my solution, while it works, it has to make assumptions and is not perfect.

That being said, it would seem easy enough for this to be built into PHP or for some similar mechanism to be built into MySQL: Execute this query but only if it takes less than n seconds.  If not, kill it.  This is not the case, however, so we’re left to our own cleverness.

There are hundreds of reasons why you would never want to do this, but I only need one reason to want to do it to try to implement it.

So here is my solution steps in techno-layman’s terms, followed by the necessary code:

• Call a function to execute a MySQL query (again, preferably read-only)
• Open a shared memory space so that we can pass the query results back to the parent from the child
• Store process state information in a database
• Fork, and execute the query in the child process
• Keep time in the parent process
• Kill the child process if it takes longer than n seconds
• Return the results

Just to forwarn, I have tested this as proof of concept, but I am uncertain about the particulars of PHP’s shared memory and am not confident how reliable the shared memory implementation will in a production environment.  I plan to try it out, but right now I’m just getting the info out there.

So the state database will be defined as follows:

CREATE TABLE IF NOT EXISTS `pcntlFork` (
`idx` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
`status` enum('0','1') NOT NULL DEFAULT '0',
`output` longblob NOT NULL,
PRIMARY KEY (`idx`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=58 ;

The PHP class is available to download here:  http://mysql-restrictor.googlecode.com/files/mysqlRestrictor.class.php (I had it inline, but WordPress did not want to format it properly)

And you would use it something like this

$m = new mysqlRestrictor();
$results = $m->dbQuery("SELECT * FROM `table`");
var_dump($results);

Since this took me an extremely long time to build and just verify that it even works, I welcome comments for improvement, and by all means use it for yourself. Let me know how it does in production!

Maybe I’m just keeping this for my own future reference, but maybe someone else out there could use it too. 

The function generates a string containing numbers and letters only (it’s easily customizable to contain other chars).  The form just creates inputs with random names from the string generator and random values from the string generator.


function randomString() {
        $chars = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        for ($i=0; $i<rand(10,20); $i++) { $string .= $chars[rand(0,strlen($chars))]; }
        return $string;
}

?><form action="" method="POST"><?php
        for ($i=1; $i<=rand(5,10); $i++) { ?><p /><input name="<?php echo randomString(); ?>" value="<?php echo randomString(); ?>" /><?php }
        ?><p /><input type="submit" /><?php
?></form><?php


It’s easy to find the documentation to do PayPal Express Checkout, but to find that one little field where you send an alternate user as the recipient of the payments, well that’s downright impossible.  It is not in the docs (at least not as of this writing 5-18-2011).

How simple is it? Very — the variable is “SUBJECT”

Yes, you specify an alternate “SUBJECT” of the transaction.

Normally your SetExpressCheckout request looks something like:

METHOD=<method_name>&VERSION=<version>&PWD=<API_Password>&USER=<API_UserName>&SIGNATURE=<API_Signature>&...

Now it will look like this:

METHOD=<method_name>&VERSION=<version>&PWD=<API_Password>&USER=<API_UserName>&SIGNATURE=<API_Signature>&SUBJECT=<Payee_PayPal_Account>...

Payee_PayPal_Account is the email address/username the user uses to log in.

Hope this helps!  Took us valuable time to find …

That being said, one of the major issues I’ve had is that the Xorg select/paste always copies tab characters as the corresponding number of spaces.  So, when I select text in one file, paste into another, I have to replace all the spaces with tabs.

Typically I paste into gedit first, do the replace there, then c/p into the file.  This preserves the tabs.

(If you’re still wondering why I use nano, I just like having my editor accessible as long as I have server access.  I never got used to vi, and nano is more than effective for me.)

I have always thought nano should be able to search and replace tabs and spaces, but I could never get it to work.  Even without the gedit technique, I would typically just replace all double spaces to nothing, then manually insert the tabs.  My workarounds, again, are generally sufficient.  I have not NEEDED search and replace of tabs within nano, but today I decided I wanted to really find out if I could.

And it required some digging …

But, I finally found it: verbatim input!

Nano has a feature to disable character interpretation, and for one character, accept input literally.

To turn it on (again it’s for just the first character typed), hit alt-SHIFT-V (alt-V without shift may trigger x-windows menus), then just hit the tab key (it may or may not show a note that you’re in verbatim input mode).

You only need to do this in the search / replace prompts.  Obviously, you can type tabs directly into the file.

So an example — let’s say you want to convert any instance of 8 spaces to a tab character.

Here is the command stack:

control-W (search)
control-R (replace)
hit space 8 times, then hit enter
alt-shift-V (verbatim input)
hit the tab key, hit enter

Proceed as normal.

Hopefully this post is easier to find than the seemingly impossible digging I just undertook …

I use this all the time as I don’t know of a better Linux alternative, but it’s simple enough.  Just put save it as “/sbin/find-file-with” with executable permissions, and use it like so:

find-file-with sometext

If a matching file is found, it will print the full path of the file as well as the lines matching using grep (so the “some text” is passed directly into grep if you need help on how to vary your search)

Obviously some advancements can be performed, but without this script, I always just type (each time):

for I in `find ./*` ; do echo $I; cat $I | grep sometext; done

This script just keeps me from filling the screen with directory errors and unmatching files.

As a side note, if you want to include quotes (as in grep “some text”), you need to escape them:

find-file-with \"some text\"

Hope others find it useful … but the main reason it is here is so I have an online backup. 

#!/bin/sh
echo "";
for I in `find ./*` ; do
        if [ ! -d "$I" ] ; then
                if [ -e "$I" ] ; then
                        CMD="cat $I | grep $* | wc -c";
                        C=`eval $CMD`
                        if [ $C -gt 0 ] ; then
                                echo "\033[1m[ "$I" ]\033[0m"
                                cat $I | grep $* -n --color=auto;
                                echo ""
                        fi;
                fi;
        fi;
done;

This post is more for my own future reference, because seriously, what keywords would anyone use to find this?  Anyway, the solution is just to edit this file:

/wp-includes/ms-settings.php

Find the if clause containing “wp-signup.php” — the phrase only exists in the file in one place, so just do a text search.

It is actually nested in two if clauses.

Simply change:

if (defined('NOBLOGREDIRECT')) {

to

if ($_SERVER['SERVER_NAME'] == "mydomain.com") {
$destination = 'http://www.mydomain.com'.$_SERVER['REQUEST_URI'];
} else if (defined('NOBLOGREDIRECT')) {

You can obviously do other variations if you need more advanced redirection, but this is where the magic happens.  Enjoy!

It took my quite a long time to figure out how to get it to change to that directory then stay logged in, even though it is rather simple.  It also took my a long time again recently because I reinstalled without backing that up.  So, this post is mainly so I don’t have to do that again, but maybe it will help others too.

The trick is to make SSH behave like a terminal (with the oft-overlooked -t flag), then to execute a login bash shell using normal SSH command execution.

So:

ssh -t ‘cd /path/to/go/to; bash -l’

So for me, my shortcut in the gnome taskbar is

gnome-terminal –tab -e “ssh -t ‘cd /path; bash -l’” –tab -e “ssh -t ‘cd /path; bash -l’” –tab -e “ssh -t ‘cd /path; bash -l’”

There — saved myself (and you) some time!

For users like me, however, there is an equally stupid result, and that is that VSFTP apparently disabled all FTP write commands in new versions.  Are you running VSFTP and using FTP to do your WordPress upgrades?

Well just edit your /etc/vsftpd.conf (exact location may vary by distro) and uncomment the line:

#write_enable=YES

(Just remove the #, save, and restart VSFTP.)

This worked for me, and I just figured it out on my own.  Stupid, yes, but for those of use who have become search-engine-instant-success-addicts, impossible to find.  Hopefully not so for you.

It, shamefully, just clicked with me the power of rainbow tables (for which I only learned the term in the last few days).  For some background, any legitimate website or authentication system does not store your password in plain text.  It uses a one-way encryption and stores that encryption.  Then to check if you used the right password, it encrypts the one you send it and compares it against the stored encryption.  This minimizes opportunities for a copy of your password to be easily accessible, decryptable, or readable, in any sense to someone who want to use it for malfeasance.

The trick with all one-way encryptions used for such “hashing” purposes is their resulting strings are fixed length.  For example, sha1, which is probably the most widely used method on the web, creates alphanumeric (0-9, a-z not case sensitive) hexadecimal strings of length 40 (at least using the php sha1() method with which I am familiar — I’m not a sha1 expert).  Because of this, there are possible collisions.  In other words, although your password might encrypt to one string, there are effectively infinite other strings that would encrypt to that same string.

Before getting too uptight about this, just do the basic numbers.  The sha1 encryption creates 40 character strings with 36 16 possible characters in each place, meaning there are 36^40 16^40 possible resulting encryptions.  That number?

178,689,910,246,017,054,531,432,477,289,437,798,228,285,773,001,601,743,140,683,776
1,461,501,637,330,902,918,203,684,832,716,283,019,655,932,542,976

Is there even a word for that?  Yes … 178.69 novemdecillion 1.46 quindecillion.  (that is a big number)

So a hacker would build the corresponding rainbow table by finding exactly 1 string that converts to each of those 178,689 1,461,501 … hashes.  Then, somehow, they get your encrypted password, and all they have to do is look it up in this table, and they have your password (or at least one that collides with yours’ hash).

It is very simple, but, fortunately, at this point, that rainbow table would not fit on all the hard drives in the world.  In fact, it would take about 50 billion earths to find an equivalent number of atoms the earth is only composed of about 133 quindecillion atoms. (That’s one hash per 89 atoms — a human hair is about 10000 atoms thick).

But let’s abandon the seeming impossibility of the existence of this table temporarily.  A common practice in secure storage of passwords these days is to “salt” the password before hashing and storing it.  That is, you take the password, prepend (or append) a random string, then encrypt the resulting string.  (More complex salts can exist, but the idea is that you modify the password in a predictable, repeatable way).  What this does is force a hacker to build a corresponding rainbow table for EVERY password he/she wants to hack, because the unsalted rainbow table won’t work (I’ll leave this to you to figure out why if you don’t know at this point.)

The problem is, if you’re still using sha1 to encrypt the salted password, it’s no different than if you didn’t salt the password.  If this complete sha1 rainbow table DID exist, the salt would serve absolutely no purpose, it would just shift the collision.  Some infinite subset of strings would still map to this encrypted string.

As a side note, the rainbow tables that exist are simply compilations of common types of passwords, and, in many instances, they work, because people just don’t use strong enough passwords.  This reduces the size of the tables to a usable form, so, in this case, the salting is imperative.  I am discussing today the case where a complete sha1 rainbow table exists.  I have said that it is pretty much impossible, but, from a purely theoretical standpoint, eventually, even the number 178.69 novemdecillion 1.46 quindecillion will become small as technology improves with time.

By the way, “strong,” for all intents and purposes of one-way hashing, just means long.  Knowing a password is short drastically decreases the number of hashes that need to be generated for the table.  Good advice? Use passwords 20 characters or longer — i.e. a sentence “This is my password, baby. Nothing personal, but don’t steal it.”

My question is, is it really effective to use the same encryption mechanism after you salt the password?  Salting is little more than an obfuscation in the presence of a complete rainbow table.  In the face of the assumed existence of this rainbow table, and ignoring that most passwords aren’t truly “random,” there is exactly no difference between “salt and hash” and simply “hash.” This just leads me to the conclusion that the inherent flaw in one way hashes is that they create strings of finite length, but that is exactly why they are useful.

Perhaps the only purpose of this post was to legitimately use the word novemdecillion quindecillion more than once.  I dunno, but I would certainly appreciate expert commentary on the topic.

Edit: After initially writing this, I realized that sha1 created hex strings, not alphanumeric.  This changed the numbers, but fortunately not the article.  I decided to leave the old numbers in strikethrough because, well, novemdecillion is a cool freaking word.

Anyway, it is not enabled by default, so if you want to take advantage of the functions on your Ubuntu LAMP server, you might spend hours searching the web for that magic aptitude command.  But, as far as I can tell, it doesn’t exist.

Luckily, I stumbled across this article on the Ubuntu forums, so I’m dedicating a post here with the hopes that other will find it more easily.

Please note that you’ll probably need build-essentials and a few other source compilation basics, but as long as you have that, the following code will get you what you want.

First, in your home directory:

mkdir php
cd php
apt-get source php5
cd php5-(WHATEVER_RELEASE)/ext/pcntl
phpize
./configure
make

Then:

cp modules/pcntl.so /usr/lib/php5/WHEVER_YOUR_SO_FILES_ARE/
echo "extension=pcntl.so" > /etc/php5/conf.d/pcntl.ini

FYI: “make install” does not appear to put the files in the correct place.

Btw, please direct any thanks/praise to skout23 on the Ubuntu forums.