Tim Igoe's Web Design, Development and Hosting Blog
← Older posts Newer posts →

Facebook Places Goes Live in the UK

Posted on by Tim Igoe

With the recent roll out of the new “Places” service, it is now possible to tag your current location on your Facebook account and broadcast it all to your friends. Facebook aren’t the first to develop such a system, however they will be the biggest provider based on the quantity of users they have.

Privacy has always been a concern on sites like Facebook yet how many thousands of people have completely open profiles with little to no security at all?

While most may not see a problem with this service, and some will see it as useful… there are huge privacy concerns to be had with such a system. I already know many people who have tagged their home (accurately) on Facebook, some even called it by actual house number.

Well done, I know where you live now but more importantly, I know when you are NOT at home because you are locating yourself everwhere. If I know this, who else does?

The whole process of tagging your location has been made even easier with the uptake of smartphones and “app” versions of sites like Facebook being able to access GPS data. Not only does this give accurate location information, it means you can update it where ever you are, whatever time of day or night.

What do you think about Facebook Places, a good idea of a disaster waiting to happen?

Posted in Social Networking | Tagged , | Leave a comment

Monit Rules

Posted on by Tim Igoe

As a follow on from my post on Monit, I have compiled a selection of rules that can be used to monitor various services on your server.


check process sshd with pidfile /var/run/sshd.pid
start program  "/etc/init.d/sshd start"
stop program  "/etc/init.d/sshd stop"
if failed port 22 protocol ssh for 3 cycles then restart
if 5 restarts within 5 cycles then timeout


check process postfix with pidfile /var/spool/postfix/pid/master.pid
start program = "/etc/init.d/postfix start"
stop  program = "/etc/init.d/postfix stop"
if failed port 25 protocol smtp for 3 cycles then restart
if 5 restarts within 5 cycles then timeout


check process mysql with pidfile /var/run/mysqld/mysqld.pid
group database
start program = "/etc/init.d/mysqld start"
stop program = "/etc/init.d/mysqld stop"
if failed unixsocket /var/lib/mysql/mysql.sock protocol mysql for 3 cycles then restart
if 5 restarts within 5 cycles then timeout


check filesystem rootfs with path /
if space usage > 90% 5 times within 15 cycles
then alert


check system localhost
if loadavg (1min) > 10 then alert
if loadavg (5min) > 7 then alert
if memory usage > 95% then alert
if cpu usage (user) > 95% then alert
if cpu usage (system) > 70% then alert
if cpu usage (wait) > 80% then alert

Posted in Linux, Servers | Tagged , , , , | Leave a comment

PHP 5.2 Support Ends just as developers start to adopt it

Posted on by Tim Igoe

With the recent release of PHP 5.2.14 the PHP Team has decided to end active support for this branch of PHP. This means there will be no further active development or bug fixes to this branch of PHP. Instead focus will be on PHP 5.3 and then onto PHP 6.

With many large projects still actively supporting PHP4, the choice is puzzling. A lot of web hosts still haven’t upgraded from PHP 4 based servers due to various incompatibility issues, it can sometimes take weeks or months to test and check all code against the latest versions of PHP when they are released which does hold up rolling out upgrades to live servers, however problems like this shouldn’t hold up the development of PHP.

From the PHP team’s point of view, they can only support a version for a set period of time before it becomes too hard to keep back porting changes to the older releases. PHP 5.2 was released way back  in 2006, a lot has changed since then so it isn’t unexpected to retire it now.

If a large package that is commonly used has issues on a certain version of PHP, it will hold back providers from upgrading to that version even if the benefits are there, this is especially true for shared hosting providers who tend to stick with the version that causes them the least problems and support.

There needs to be some changes somewhere to make the constant evolving nature of PHP easier to adopt and web site framework developers really need to evolve with PHP to help speed up the adoption of newer versions on a larger scale than they are (I’m thinking shared hosting providers here).

Posted in PHP | Tagged | Leave a comment

Monit – Keeping Servers running even while asleep

Posted on by Tim Igoe

One of the downsides to working on the internet, is that it never stops – it is a 24 hour a day, 365 day a year system. There is not ‘break’ in it, no time to rest.

When you run your own websites this can be a problem, a lot of people however get website hosting from a company as part of a package where they manage and monitor the servers for you.

If, like me, you run your own server, a dedicated monitoring service often costs extra to the hosting package. Now, some of us like our sleep, but also like to know our services are reliable, short of having someone awake 24 hours a day to monitor the servers you have to take chance that they will be reliable when you are away from an internet connected computer.

This is where monit comes in, it is a very useful package to allow a server to monitor itself for possible problems and restart / reset services if they start to run out of control.

Once installed, configuring monit is really straight forwards. Simply edit /etc/monit.conf and set up a few options pertaining to your server setup like mail server, and then how often you want to check services.

Once monit is configured, it is a case of setting up a collection of rules to tell monit how and what to scan.


check process httpd with pidfile /var/run/httpd.pid
group httpd
start program = "/etc/init.d/httpd start" with timeout 60 seconds
stop program  = "/etc/init.d/httpd stop"
if cpu > 60% for 2 cycles then alert
if cpu > 80% for 5 cycles then restart
if failed host 127.0.0.1 port 80 protocol http for 5 cycles then restart
if 5 restarts within 5 cycles then timeout

In this example, I’m monitoring Apache via process ID, we tell monit how to start and stop apache then set a few rules on how to deal with it. In this case, if the Apache starts to eat more than 60% of my CPU for 2 runs through I send an alert email, if it stays above 80% for 5 runs then I restart it. If a connection test fails, restart too.

This allows me to make sure my server always responds and if it does get too heavily loaded then reset itself to reign the load in.

Using Monit allows me to spend time away from my servers without worrying that excess load or a software crash can take them down for too long. This doesn’t fix actual machine issues, but I just have to take the chance there.

Posted in Linux, Servers | Tagged , , | Leave a comment

Google Accidentally Steals Wifi Data?

Posted on by Tim Igoe

It was found out that when Google’s Street View car was doing the rounds in Germany (and maybe other countries too) it was sniffing out for “open” wifi networks. The plan was maybe to plot these on the map for users to find wifi networks easily when they were in an area. They claimed to be collecting SSID and MAC addresses of the devices (these could potentially be used to identify users locations).

The bad thing to this, is that a number of home users STILL have no security on their personal wifi networks so these would have been picked up too. This incident on its own is a very strong reminder to ALL that you should make sure your wireless networks are as secure as you can get them.

Back in 2006 a Google engineer was working on a wifi sniffing project, to capture publically broadcast wifi packets sent via insecure wireless networks, what they were going to do with this information is unknown. This project was apparently shelved, but when the team responsible for street view wanted to find out about wifi networks while the cars were on the move wanted similar functionality, instead of creating it again, they used the same code.

This code was ‘accidentally’ (according to Google) saving packets of data along with the requested information as the street view car did its rounds, and while the car was moving it wouldn’t have captured MUCH data for each wireless network there is no way for us to know what exactly it DID capture.

What concerns me here, is IF this software was even properly tested before it was sent out to do the rounds? If it had been tested, wouldn’t it have been obvious that it was capturing data packets that it shouldn’t have been, and thus the code checked into / ammended? Or is this a cover up from the internet behemoth now that someone has found out via an audit that the data was collected?

Plans are now in place to, with the relevant authorities in a list of not known countries, destroy the data – however it HAS been captured, and without consent or agreement. If Google has captured, and first off denied doing so, this data then what else are they capturing and denying?

Posted in Google | Tagged , | Leave a comment

Understanding Web Stats

Posted on by Tim Igoe

Web statistics are a very important part of web site development and marketing. Every day you collect statistics for, you are gathering valuable information to use in your marketing strategy. There is nothing better than looking at a document full of graphs showing increases in users or traffic; however, reading them and understanding how to use them effectively are two very different things.

When collecting stats, you could install multiple different statistics systems for the same set of data but more often than not no two systems will absolutely agree and this is where the biggest problem lies.

Continue reading →

Posted in Misc | Leave a comment

Framebusting Javascript

Posted on by Tim Igoe

While looking at my logs the other day, I noticed a lot of extra traffic from an external source for one of my sites, unsure of what it was I went to look. The owner of the other site had wrapped my site in an iframe, and covered it in adverts of his or her own making my site look awful. This I wasn’t happy with, but without any access to the site in question, I couldn’t change what the person was doing.

My site doesn’t use iframes at all, so I knew I could safely put a little bit of code into every page to make a quick test when the page loads to see if it is the ‘top’ level page, if it is nested at all then we can pop it out of the nesting.


<script type="text/javascript">
if (top != self)
top.location.href = self.location.href
</script>

This is a simple test, if the url of the top level page is not the same as the current elements url, update the top level page to be that of the frame and bust us out of the iframe.

A simple solution, to an annoying problem that shouldn’t exist – the blatant theft of content.

Posted in Javascript | Tagged | Leave a comment

Important Hosting Considerations

Posted on by Tim Igoe

“It is really important to spend time considering all the options when picking a web host for your shiny new website. When you launch your site, the last thing you want to happen is for it to go down due to unreliability or another problem.”

To read the full article go to http://blog.jellymedia.com/2009/10/21/important-hosting-considerations/

Posted in Servers | Tagged , , , , | Leave a comment

Automatic Backup Scripts

Posted on by Tim Igoe

This assumes that you have 2 Linux machines / servers – one to backup to the other.

To enable the script to automatically login to the destination server you will need to enabled ssh key based logins.

First off, create an SSH Key on the server.

ssh-keygen -t dsa

Hit enter for all questions.

Run the following command to send the key to the backups server (you will need to enter the password manually)
cat ~/.ssh/id_dsa.pub | ssh backups@backup_server.net "cat - >> .ssh/authorized_keys"

Save the script below into /root/backup.sh and set it executeable (chmod +x backup.sh)


#!/bin/bash
#
# Backup Script
#
# Tim Igoe 2007
#
# Usage - ./backup.sh
#

NOW=`date +”%d-%m-%Y”`

HOST=`echo $HOSTNAME`

DB=”$HOST.$NOW.sql”
FILES=”$HOST.$NOW.website.tar”
EMAIL=”$HOST.$NOW.email.tar”
WWWROOT=”/var/www/”
EMAILROOT=”/home/virmail/”

GZIP=`which gzip`
SCP=`which scp`
RM=`which rm`

mysqldump -u backup –password=secure_password –all-databases > $DB

tar -cpf $EMAIL $EMAILROOT
tar -cpf $FILES $WWWROOT

# Zip it all up
$GZIP $DB
$GZIP $FILES
$GZIP $EMAIL

# Transfer it to backup server
$SCP $DB.gz backups@backup_server.net:~/backups/$DB.gz
$SCP $FILES.gz backups@backup_server.net:~/backups/$FILES.gz
$SCP $EMAILS.gz backups@backup_server.net:~/backups/$EMAILS.gz

$RM $DB.gz
$RM $FILES.gz
$RM $EMAIL.gz

Then finally, set a cron to run nightly / weekly / monthly

crontab -e


# Weekly Server Backup
0 5 * * 6 cd /root/; ./backup.sh

Posted in Servers | Tagged , , | Leave a comment

The Framework

Posted on by Tim Igoe

I have been doing bits of work on the new framework, not sure how long till I get something that can be used by all.

Recently I have purchased a couple of new books to aid with the development of features on the framework, I can recommend both of them.

PHP5 Objects, Patterns and Practice is a very good book for explaining programming patterns that can be used within PHP and showing you how to use them. (Amazon)
AJAX in Action, a brilliant introduction into AJAX. Previously I have been experimenting with Javascript to add AJAX functionality, this book has helped me to expand on what I have picked up. I’m hoping to create a decent AJAX function set that can be used within the framework really easily. (Amazon)

The Framework is still lacking a proper name, if anyone has any suggestions, please put them on a postcard… actually, a reply to this post will do.

Posted in Misc | Leave a comment ← Older posts Newer posts →