ant.i.am

It has arrived!

anthony — Thu, 12 Jan 2012 16:24:40 +0000

I was waiting for a sale on a 6850 or a 6950 and Newegg.com had it on sale for $135 plus a $15 mail in rebate. Score!

A letter I wrote to my Senator today about PIPA/SOPA

anthony — Mon, 09 Jan 2012 17:52:39 +0000

Dear Senator,

As someone who is deeply entrenched in technology (I work at a startup in Manhattan) I would know your thoughts on PIPA and the Houses proposed SOPA bill.

One thing I find appalling is the lack of oversight with this bill. Why did not one House representative or Senator meet with major technology companies to discuss how to tackle this issue instead of blindly charging ahead? Is this the best solution? How is it that not even the Communications, Technology and Internet subcommittee was not even consulted? I am sure anyone familiar with how DNS works would have screamed “Fus Ro Dah” (based on a game I play, anyone familiar with the internet would get the joke) at any individual who mentioned a change such as that proposed in SOPA or PIPA.

I know there is a lot going on in the world right now, terrorism, threats of war, Iran, etc… But the basic tenants of freedom of speech must be preserved and it will only be a matter of time before the individuals who lobbied for this power begin to abuse it. “Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men.” – Lord Acton

I am not a proponent of online piracy or advocate it in any way but this is not the proper solution to solving the issue. If the MPAA and the RIAA spent half as much time on developing strategies to adapt to the Internet as they have lobbying for change then we wouldn’t have these very dangerous bills up for consideration.

I look forward to your reply,
Warm Regards,
Anthony Wlodarski

——–
I implore you exercise your first amendment rights before they are gone. I don’t know if it is the crazy in me but it seems every day, more and more, the second amendment is needed to protect the rest of them from abuse and corruption. I just wish there was a better way.

Building a new computer is fun!

anthony — Tue, 03 Jan 2012 14:35:54 +0000

So this weekend I built a new computer. The problem with upgrading my trusty quad core Dell XPS 420 is that DDR2 at 800mhz is too damn expensive:

So after scouring Newegg and local stores for many different deals that I slept on and hate myself for sleeping on till this day I decided to build a new machine. The machine has to be able to handle the development tasks I throw at it as well as be able to play BF3 and Skyrim with the high and ultra settings I have been used too. For a case I choose the venerable Antec Three Hundred. For a motherboard I choose the Gigabyte Z68 UD3 chipset, very solid design. For the processor I snagged a Intel i5-2500k for on the cheap which is a trust worthy CPU and can be easily over clocked. I picked up a XFX AMD 6750 video card to hold me over till something better comes along and repurposed my existing 2TB of Sata hard drives. All this is pulled together with 16GB of DDR3-1600 Kingston ram. Here are some pictures of the build process that I took last night:

Don’t use the default Solr configuration files, ever!

anthony — Tue, 08 Nov 2011 15:57:11 +0000

Recently I made a mistake of raw copying the default Solr configuration files into a production environment thinking they were production ready. BIG MISTAKE! It would be due diligence to go through the default configuration and build your own configuration files from what you see. Some excellent resources are on the Solr wiki. Here are links to the Solr schema, Solr configuration and the Analyzers (Filters/Tokens).

Authentication with Node.js and Zend Framework.

anthony — Wed, 27 Jul 2011 15:45:53 +0000

Zend Framework which is PHP based and Node.js which is JavaScript based don’t have a common connection to pass data in a bi-directional nature. I was tasked with building a bridge of sorts that would utilize existing information from Zend Framework with the latest release of Socket.io’s authorization mechanisms. (If you don’t do this then arbitrary connections can happen and will be authorized.) Lets get right into the code and see how this issue was tackled:

/** Require the http module. */
var http = require('http');
 
/** Create a new http server to listen to and send requsts from. */
var server = http.createServer(function(req, res) {
    res.writeHead(200, {'Content-Type':'text/html'});
    res.end();
});
server.listen(12121);
 
/** Require the socket.io module */
var io = require('socket.io').listen(server);
 
/** File system library **/
var fs = require('fs');
 
/** Extract the session id from the headers cookies **/
function getPHPSessionId(cookies) {
    var phpSessionId = '';
    cookies.split(';').forEach(function(a) {
        var b = a.split('=');
        if(b[0].trim() == 'PHPSESSID') {
            phpSessionId = b[1].trim();
        }
    });
 
    return phpSessionId;
}
 
/**
 * This function will look in the PHP Session directory and look for the session
 * file.  If the file exists it will load that file as a string and then parse
 * that string for the PHP Session which will only be stored once the PHP authorization
 * method saves it.
 */
function authorizePHPSession(phpSessionId, cb) {
    try {
        fs.readFile('/path/to/sessions/sess_'+phpSessionId, 'utf8', function(err, data) {
            if(err) {
                throw err;
            }
 
            if(data.search(phpSessionId.toString()) > -1) {
                cb(null, true);
            } else {
                cb(null, false);
            }
        });
    } catch(e) {
        cb(null, false);
    }
}
 
io.configure(function() {
    io.set('transports', ['xhr-polling','htmlfile','jsonp-polling']);
    io.set('authorization', function (data, cb) {
        authorizePHPSession(getPHPSessionId(data.headers.cookie), cb);
    });
});

As you can see here we have the usual Node.js lifting. We create a http server, we create an instance of the io object from Socket.io and get to it. However then we begin to get into the interesting functions. “getPHPSessionId” is a utility function that will parse the cookie information attached to the handshake data. If we find the correct cookie prefix (PHPSESSID in this instance, but this is configurable so check your php.ini file!) we extract the second part of that string as the PHP session. If all else fails we return an empty string which will be compatible with our next function, “authorizePHPSession”.

“authorizePHPSession” takes two parameters, the PHP session id, and a callback function that is to be executed. The callback must be executed as per the documentation here. This function call to read the contents of the file must be asynchronous. Synchronous calls are dangerous in a non blocking i/o situation. I will quote Node.js documentation:

The synchronous versions will block the entire process until they complete–halting all connections.

Trust me I tried the synchronous calls, I watched the connection pool halt and just stack up and it was just one mess. Simply enough if the PHP session id exists in this file then it is authorized (how did the PHP session get into the file, well that is the next part…). Finally pulling it all together I call:

io.configure(function() {
    io.set('transports', ['xhr-polling','htmlfile','jsonp-polling']);
    io.set('authorization', function (data, cb) {
        authorizePHPSession(getPHPSessionId(data.headers.cookie), cb);
    });
});

Now we get into the Zend Framework portion of our example. I am going to assume that once you have authorized the user you write some sort of information into the session. This is our chance to insert the PHP session id to our session.

        $result = $authDbTable->authenticate();
 
        if($result->isValid())
        {
            // lets store the user in the session
            $user = $authDbTable->getResultRowObject(array('id', 'role'), null);
            $usersTable->update(array('lastLogin'=>date('Y-m-d H:i:s')), array('id = ?'=>$user->id));
 
	    if($form->remember_me->checked) {
		Zend_Session::rememberMe();
	    } else {
		Zend_Session::forgetMe();
	    }
 
            // insert our session information.
            $user->nodeAuthorization = Zend_Session::getId();
 
            $auth = Zend_Auth::getInstance();
            $auth->getStorage()->write($user);
        }

Lets discuss the semantics of this operation. PHP is invoked by the browser request. A cookie is written to your browser with your PHP session id. Which is the only unique identifier which will allow you to access serialized data stored in a file on our server. Socket.io is invoked once the page is loaded into your browser. At this point the information contained in your cookies is passed as handshake data to our event server. The event server does the authorization previously mentioned. If the session string exists (which will only happen once you are authenticated) you are granted access, else you are not.

PHP/Node.js/Socket.io is just simply amazing!

BIG BIG BIG EDIT
If the PHP garbage collector has not picked up the sessions yet as it has a random chance of running per page load you can check the stats of the file yourself. However the one CAVEAT is that if you change the length of time for which your sessions are valid you have to do it in two places. application.ini and or Zend_Config for PHP and in the Node.js application file variable. Take a look at this fixed version:

/**
 * This function will look in the PHP Session directory and look for the session
 * file.  If the file exists it will load that file as a string and then parse
 * that string for the PHP Session which will only be stored once the PHP authorization
 * method saves it.  It also takes into consideration sessions that may not have been
 * gc'ed by PHP yet.
 */
var sessionExpiration = 86400;
function authorizePHPSession(data, cb) {
    var phpSessionId = getPHPSessionId(data.headers.cookie);
    fs.stat('/var/lib/php5/sess_'+phpSessionId, function(err, stats) {
        if(err) {
            cb(null, false);
        } else if(Date.now() - (Date.parse(stats.mtime)) > sessionExpiration) {
            cb(null, false);
        } else {
            try {
                fs.readFile('/var/lib/php5/sess_'+phpSessionId, 'utf8', function(err, fileContents) {
                    if(err) {
                        throw err;
                    } else if(fileContents.search(phpSessionId.toString()) > -1) {
                        data.phpSessionId = phpSessionId.toString();
                        cb(null, true);
                    } else {
                        cb(null, false);
                    }
                });
            } catch(e) {
                cb(null, false);
            }            
        }
    });
}

This was brought to my attention by Trii chilling out in #phpc on irc.freenode.org. You can visit him here at g+

Nifty little overlay plugin I wrote in JavaScript as a jQuery plugin.

anthony — Wed, 06 Jul 2011 00:21:35 +0000

So I analyzed what was behind Flowplayer’s overlay plugin and decided that if I didn’t want to rehaul my entire sites structure to adhere to their wants and needs I would have to write my own. So I did, you can check it out at http://www.overlay.anthonyw.net. If you wish to download the plugin, it has been provided with the MIT license so feel free to modify as necessary. Soon it will make its way onto github.

When someone tells you to read the source in Zend Framework, there is a reason.

anthony — Wed, 08 Jun 2011 13:44:32 +0000

Zend Framework (a.k.a. ZF) is the swiss army knife of MVC based frameworks. (The discussion of ZF really being a framework versus a loosely coupled library is another discussion in its own.) Name one thing you want to do with a framework and chances are ZF already supports it out of the box and if not that is okay too, it is easily extend-able (for some reasons my blog doesn’t like intransitive verbs so pardon the hyphen). However learning how to wield ZF can seem like a daunting task. One thing I learned early on with ZF was that the curators and associates in the ZF ecosystem always fall back to the root of “read the code/api/documentation”. With good reason too! It is not the volunteers simply shrugging you off but it is for your own good. Lets take for example the use of the class Zend_Validate_File_ImageSize. If you haven’t ever used this class before a quick reading into the class name tells you it validates a file and if that file is an image, the image size. Fair enough but how do we use this class? Well I use Netbeans and the easiest way for me to open a file is to CTRL+click the class name, Netbeans does a wonderful job of bringing you right to the constructor for the class.

Now we are presented with:

    /**
     * Sets validator options
     *
     * Accepts the following option keys:
     * - minheight
     * - minwidth
     * - maxheight
     * - maxwidth
     *
     * @param  Zend_Config|array $options
     * @return void
     */
    public function __construct($options)
    {
        if ($options instanceof Zend_Config) {
            $options = $options->toArray();
        } elseif (1 < func_num_args()) {
            if (!is_array($options)) {
                $options = array('minwidth' => $options);
            }
            $argv = func_get_args();
            array_shift($argv);
            $options['minheight'] = array_shift($argv);
            if (!empty($argv)) {
                $options['maxwidth'] = array_shift($argv);
                if (!empty($argv)) {
                    $options['maxheight'] = array_shift($argv);
                }
            }
        } else if (!is_array($options)) {
            require_once 'Zend/Validate/Exception.php';
            throw new Zend_Validate_Exception ('Invalid options to validator provided');
        }
 
        if (isset($options['minheight']) || isset($options['minwidth'])) {
            $this->setImageMin($options);
        }
 
        if (isset($options['maxheight']) || isset($options['maxwidth'])) {
            $this->setImageMax($options);
        }
    }

Reading over this we can see that the constructor accepts a few different types of options. It will accept a single Zend_Config class instance, a string defining the minimum width of the image, or an array defining some or all of the options that can be set. Which options can be set? Well the ones that the code says we can use: minwidth, minheight, maxwidth, maxheight (In this order too!). I personally find using Zend_Config overkill so we could invoke the instance like so

//backwards compatibility supports this but I find this to be something that should be broke as the constructors are now unified and this could be messy
$validatorA = new Zend_Validate_File_Image_Size(0,0,110,110);
// suggested way of passing in parameters to the constructor
$validatorB = new Zend_Validate_File_Image_Size(array('minheight'=>0, 'minwidth'=>0, 'maxheight'=>110, 'maxwidth'=>110));

Well that’s it, this technique can be used for any class in Zend Framework. ZF is flexible enough to allow you to choose how you want to build your projects (within reason). Always RTFM before asking questions, sometimes reading and finding the answer is faster than asking and waiting for the answer.

If anyone is looking for information on how to build debian packages, this PDF will help.

anthony — Thu, 19 May 2011 15:37:04 +0000

Taken from: http://forums.debian.net/viewtopic.php?p=228570.
Build-Pkg-Smart-Way

The when and where of pulling data from the database.

anthony — Tue, 17 May 2011 13:46:56 +0000

If you work on an application (web/desktop, etc…) where in the program logic do you pull information about the current user? This is a question I have toiled with constantly for a few months now. Being a little bit wishy washy on the subject there are two trains of thoughts here, option A and option B. Option A is pulling the information from the database as soon as the application wakes up. Option B is pulling pieces of the current user as necessary. Option A has the following benefits. All information can be pulled at once and in one location in the code. This means that if you were to check the data in the registry/view it would already be set as a mechanism in your plug-in or bootstrapping process would have loaded it for you. However if you have made changes to the user after this loading period then you would incur another loading period as the data would be stale. If this was a website you could quite possibly get away with displaying stale data at first and then modifiers update the presentation layer via ajax. Option B involves you loading only what is necessary where you need it (other than in the view if you are in the MVC state of mind). For example in one part of your controller you need the users user name and email address, then a few lines down you need their data of birth and the time that their profile was modified. Each query would load only what is necessary at that time. This presents a problem though you have fragmented and small queries in addition to having more queries than Option A. However this presents you with fresh data in every instant as you are pulling it as close to presentation as possible. I am on the fence about both methods but did some brain storming on paper and created a few scribbles.

Both options are viable but it depends on the situation.

Pulling data diagram.

Securing Jetty and Solr with PHP authentication.

anthony — Thu, 28 Apr 2011 23:40:05 +0000

If you ever have set up Solr in a production environment you have probably wondered how to secure it. Jetty is the container that comes default with most Solr nightly builds and does just fine in a production environment with a few tweaks. The focus of this post is to first introduce you to a simple setup that will allow you to setup BASIC http authentication with Jetty and in the second part of this post will show you how to extend “Apache_Solr_HttpTransport_Abstract” which is an abstract class from the Solr-Php-Client project found here: http://code.google.com/p/solr-php-client/. Lets get on with setting up Jetty to be secure. First lets establish the installation path of Jetty as JETTY_HOME, for example I have a Solr installation installed at “/opt/solr/solr-production”. For all intents and purposes this is Jetty’s home. So when I refer to JETTY_HOME, I am referring to the home directory of Jetty. Within JETTY_HOME is a folder called “/etc”, inside of this folder you will find jetty.xml and webdefault.xml. Crank open these two files in your favorite editor (I used VI). Inside of webdefault.xml right before the closing “” tag place the following:

  >
    >
      >Solr authenticated application>
      >/>
    >
    >
      >administrator>
    >
  >
 
  >
    >BASIC>
    >My Solr>
  >

The previous configuration strings set up a few things, these are the url pattern (“/” means the entire application), the role (which is “administrator”), the authentication method (BASIC) and the realm under which we will be authenticating our users. Please visit http://docs.codehaus.org/display/JETTY/Realms for detailed information in regards to securing Jetty. Now we move onto jetty.xml inside the “JETTY_HOME/etc” directory. Inside of this file do a search for “UserRealms” chances are the configuration for authentication realms is just commented out, if not add the following:

     name="UserRealms">
       type="org.mortbay.jetty.security.UserRealm">
        >
           class="org.mortbay.jetty.security.HashUserRealm">
             name="name">My Solr>
             name="config"> name="jetty.home" default="."/>/etc/realm.properties>
             name="refreshInterval">0>
          >
        >
      >
    >

This basically tells Jetty where the file for user names and passwords. Which would be “JETTY_HOME/etc/realm.properties”. Chances are this file does not exist already, it is okay to create the file (sudo touch realm.properties in the JETTY_HOME/etc folder). This file has a format that must be adhered to, but before that lets generate a password for the “administrator” user. I like to execute the following:

$ echo -n "test" | openssl md5
098f6bcd4621d373cade4e832627b4f6

(BTW “test” is a poor password, please don’t copy this verbatim.)

So with that password we are ready to put an entry in the realm.properties file. As per the Jetty documents the format is “username: password[,rolename ...]“, where:

username is the user’s unique identity
password is the user’s (possibly obfuscated or MD5 encrypted) password
rolename is the user’s role

So for example:

administrator: MD5:098f6bcd4621d373cade4e832627b4f6,administrator

would work just fine. There you go, you have secured Jetty to an extent. A word of precaution. CHMOD that file to 600 as soon as it is created, you will sleep better at night. Also CHOWN it to root:root as well. Restart your Solr package and then visit your Solr instance in the browser, you will be prompted for a user name and password for the realm. Now we can move onto making sure our PHP requests are honored with the right authentication information.

The solr-php-client project is coded in the Zend Framework API style of coding. It makes sense and it integrated very easily into my company’s ZF application, I am sure the process would be similar for other Solr PHP clients but this one will focus purely on this project. If you use the Apache_Solr_Service class you will notice that by default it uses a FileGetContents http transport. This class is found in “/Apache/Solr/HttpTransport/FileGetContents.php” of the solr client download. So this class at first glance looks to be extend-able but since the author decided to make the stream contexts private you cannot access them in a child class. Instead I decided to extend the http transport abstract class found in “/Apache/Solr/HttpTransport/Abstract.php”. This allows me to pull the best parts of the FileGetContents.php file and merge them with http headers to authenticate with. Here is the class in its entirety:

class Get2KnowMe_Search_FileGetContents extends Apache_Solr_HttpTransport_Abstract {
    private $authorization;
    private $username;
    private $password;
    private $_getContext;
    private $_postContext;
    private $_headContext;
 
    public function __construct($authorization = false, $username = null, $password = null) {
        $this->authorization = $authorization;
        $this->username = $username;
        $this->password = $password;
        $this->_getContext = stream_context_create();
        $this->_postContext = stream_context_create();
        $this->_headContext = stream_context_create();
    }
 
    public function performGetRequest($url, $timeout = false)
    {
        if($this->authorization) {
            stream_context_set_option($this->_getContext, 'http', 'header', 'Authorization: Basic ' . base64_encode($this->username.':'.$this->password));
        }
 
        // set the timeout if specified
        if ($timeout !== FALSE && $timeout > 0.0)
        {
                // timeouts with file_get_contents seem to need
                // to be halved to work as expected
                $timeout = (float) $timeout / 2;
 
                stream_context_set_option($this->_getContext, 'http', 'timeout', $timeout);
        }
        else
        {
                // use the default timeout pulled from default_socket_timeout otherwise
                stream_context_set_option($this->_getContext, 'http', 'timeout', $this->getDefaultTimeout());
        }
 
        // $http_response_headers will be updated by the call to file_get_contents later
        // see http://us.php.net/manual/en/wrappers.http.php for documentation
        // Unfortunately, it will still create a notice in analyzers if we don't set it here
        $http_response_header = null;
        $responseBody = @file_get_contents($url, false, $this->_getContext);
 
        return $this->_getResponseFromParts($responseBody, $http_response_header);
    }
 
    public function performHeadRequest($url, $timeout = false)
    {
        if($this->authorization) {
            stream_context_set_option($this->_headContext, 'http', 'header', 'Authorization: Basic ' . base64_encode($this->username.':'.$this->password));
        }
 
        stream_context_set_option($this->_headContext, array(
                        'http' => array(
                                // set HTTP method
                                'method' => 'HEAD',
 
                                // default timeout
                                'timeout' => $this->getDefaultTimeout()
                        )
                )
        );
 
        // set the timeout if specified
        if ($timeout !== FALSE && $timeout > 0.0)
        {
                // timeouts with file_get_contents seem to need
                // to be halved to work as expected
                $timeout = (float) $timeout / 2;
 
                stream_context_set_option($this->_headContext, 'http', 'timeout', $timeout);
        }
 
        // $http_response_headers will be updated by the call to file_get_contents later
        // see http://us.php.net/manual/en/wrappers.http.php for documentation
        // Unfortunately, it will still create a notice in analyzers if we don't set it here
        $http_response_header = null;
        $responseBody = @file_get_contents($url, false, $this->_headContext);
 
        return $this->_getResponseFromParts($responseBody, $http_response_header);
    }
 
    public function performPostRequest($url, $rawPost, $contentType, $timeout = false)
    {
        if($this->authorization) {
            stream_context_set_option($this->_postContext, 'http', 'header', 'Authorization: Basic ' . base64_encode($this->username.':'.$this->password) . "\r\n");
        }
 
        stream_context_set_option($this->_postContext, array(
                        'http' => array(
                                // set HTTP method
                                'method' => 'POST',
 
                                // Add our posted content type
                                'header' => "Content-Type: $contentType",
 
                                // the posted content
                                'content' => $rawPost,
 
                                // default timeout
                                'timeout' => $this->getDefaultTimeout()
                        )
                )
        );
 
        // set the timeout if specified
        if ($timeout !== FALSE && $timeout > 0.0)
        {
                // timeouts with file_get_contents seem to need
                // to be halved to work as expected
                $timeout = (float) $timeout / 2;
 
                stream_context_set_option($this->_postContext, 'http', 'timeout', $timeout);
        }
 
        // $http_response_header will be updated by the call to file_get_contents later
        // see http://us.php.net/manual/en/wrappers.http.php for documentation
        // Unfortunately, it will still create a notice in analyzers if we don't set it here
        $http_response_header = null;
        $responseBody = @file_get_contents($url, false, $this->_postContext);
 
        // reset content of post context to reclaim memory
        stream_context_set_option($this->_postContext, 'http', 'content', '');
 
        return $this->_getResponseFromParts($responseBody, $http_response_header);
    }
 
    private function _getResponseFromParts($rawResponse, $httpHeaders)
    {
            //Assume 0, false as defaults
            $status = 0;
            $contentType = false;
 
            //iterate through headers for real status, type, and encoding
            if (is_array($httpHeaders) && count($httpHeaders) > 0)
            {
                    //look at the first headers for the HTTP status code
                    //and message (errors are usually returned this way)
                    //
                    //HTTP 100 Continue response can also be returned before
                    //the REAL status header, so we need look until we find
                    //the last header starting with HTTP
                    //
                    //the spec: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.1
                    //
                    //Thanks to Daniel Andersson for pointing out this oversight
                    while (isset($httpHeaders[0]) && substr($httpHeaders[0], 0, 4) == 'HTTP')
                    {
                            // we can do a intval on status line without the "HTTP/1.X " to get the code
                            $status = intval(substr($httpHeaders[0], 9));
 
                            // remove this from the headers so we can check for more
                            array_shift($httpHeaders);
                    }
 
                    //Look for the Content-Type response header and determine type
                    //and encoding from it (if possible - such as 'Content-Type: text/plain; charset=UTF-8')
                    foreach ($httpHeaders as $header)
                    {
                            // look for the header that starts appropriately
                            if (strncasecmp($header, 'Content-Type:', 13) == 0)
                            {
                                    $contentType = substr($header, 13);
                                    break;
                            }
                    }
            }
 
            return new Apache_Solr_HttpTransport_Response($status, $contentType, $rawResponse);
    }    
}

SOLR_USERNAME and SOLR_PASSWORD are part of configurations that are set before the calls are made from a configuration file. It was really easy to get the ball rolling and Jetty is an excellent choice as a Solr container. If you have any questions, comments, concerns or tips to make Solr even more secure don’t hesitate to post a comment.