.bootstrap - Safe with most medications

HipHop is a source code transformer which transforms PHP source code into highly optimized C++ and then compiles it using g++.

Required packages

sudo apt-get install cmake g++ libboost-dev flex bison re2c libmysqlclient-dev libxml2-dev libmcrypt-dev libicu-dev openssl binutils-dev libcap-dev libgd2-xpm-dev zlib1g-dev libtbb-dev libonig-dev libpcre3-dev git-core autoconf libtool libcurl4-openssl-dev libboost-system-dev libboost-program-options-dev libboost-filesystem-dev

Get the HipHop source-code

mkdir hiphop
cd hiphop
git clone git://github.com/facebook/hiphop-php
cd hiphop-php
export CMAKE_PREFIX_PATH=`/bin/pwd`/../
export HPHP_HOME=`/bin/pwd`
export HPHP_LIB=`/bin/pwd`/bin
git submodule init
git submodule update
cd ..

Building third-party libraries

libevent

wget http://www.monkey.org/~provos/libevent-1.4.13-stable.tar.gz
tar -xzvf libevent-1.4.13-stable.tar.gz
cd libevent-1.4.13-stable
cp ../hiphop-php/src/third_party/libevent.fb-changes.diff .
patch < libevent.fb-changes.diff
./configure --prefix=$CMAKE_PREFIX_PATH
make
make install
cd ..

ICU4

wget http://download.icu-project.org/files/icu4c/4.2.1/icu4c-4_2_1-src.tgz
tar -xvzf icu4c-4_2_1-src.tgz
cd icu/source
./configure --prefix=$CMAKE_PREFIX_PATH
make
make install
cd ../../

libCurl

wget http://curl.haxx.se/download/curl-7.20.0.tar.gz
tar -xvzf curl-7.20.0.tar.gz
cd curl-7.20.0
cp ../hiphop-php/src/third_party/libcurl.fb-changes.diff .
patch -p0 < libcurl.fb-changes.diff
./configure --prefix=$CMAKE_PREFIX_PATH
make
make install
cd ..

Build HipHop

cd hiphop-php
cmake .
make

Related posts:

1. Howto: Install Ruby and Rails on Debian or Ubuntu
2. Ubuntu Howto: Install Oracle
3. Ubuntu Howto: Install Sun Java
4. Ubuntu Howto: Install Xen
5. Howto Install Carwhisperer on Ubuntu 9.10
6. Howto: Install Windows Vista Fonts in Ubuntu
7. Ubuntu Howto: Install Ruby and Ruby on Rails
8. Howto install Java on Debian Sarge
9. Howto Install Oracle on Debian
10. Howto: Create your own Debian or Ubuntu package repository

From time to time I’m doing some experiments on my server that is hosting this blog. Recently I found out that my blogging software used here, Wordpress, missed some indexes in the MySQL database.

This article from MySQL Performance Blog explains how to log slow queries and how to identify queries, which do not use indexes.

MySQL has simple but quite handy feature – slow query log, which allows you to log all queries which took over define number of seconds to execute. There is also an option to enable logging queries which do not use indexes even if they take less time (–log-queries-not-using-indexes)

Slow query log is great to spot really slow queries which are often good candidates for optimization but it has few serious problems which limits extent to which it is helpful. First – it only allows you to set slow query time in seconds, having 1 second minimum value. For most of interactive applications this is way too large – if you’re developing Web application you probably want whole page to be generated less in 1 second, which issues many queries during generation. Second – if you enable option to log queries which do not use indexes it well can be flooded with fast and efficient queries, which just happen to do full table scans – for example if you would be having drop down list of states in your application and use SELECT * FROM STATES for that it would trigger and log the query.

Related posts:

1. Optimize MySQL Performance With MySQLTuner
2. MySQL Performance Monitoring and Optimization Tools
3. Troubleshooting PHP Sqlite Query Error: Unable to open database
4. Windows Developers Begin Slow Defection to Linux
5. Optimize MySQL for Low Memory Use
6. MDB Tools to export (migrate) from mdb (Microsoft Access format) to MySQL
7. Howto: How to Reset the MySQL Root Password
8. Dell: Linux Rolls On
9. MySQL Concatenate: Adding String At The End Of Field Data
10. Linux Terminal Speed Performance Comparison

Slashdot | Google Gives Away Web App Security Tool

Google has released for free one of its internal tools used for testing the security of Web-based applications. Ratproxy, released under an Apache 2.0 software license, looks for a variety of coding problems in Web applications. A 2006 survey by the Web Application Security Consortium found that 85.57 percent of 31,373 sites were vulnerable to cross-site scripting attacks, 26.38 percent were vulnerable to SQL injection and 15.70 percent had other faults that could lead to data loss.

Related posts:

1. Awareness: Web Application Security
2. PHP Source Code Security Audit Tool
3. Voices That Matter: GWT – Security
4. Test your environment’s security with BackTrack
5. Dalvik: How Google routed around Sun’s IP-based licensing restrictions on Java ME
6. Germany warns users against Internet Explorer
7. Google sitemaps
8. Experimenting with Google Web Toolkit (GWT)
9. Track file downloads and outgoing links with Google Analytics
10. Google Gmail on your own domain

This short guide explains how to use gmail as mail server using PHP and PHPMailer.

Download PHPMailer
Download PHPMailer from http://phpmailer.sourceforge.net – direct link.

Extract and upload
Extract the PHPMailer-packages to a folder named phpmailer2 or any other folder name. Afterwards upload the folder to a PHP-enabled webserver.

Implement into code
Implement the PHPMailer function into the existing E-Mail-code as shown in the included examples.

Gmail specific settings
The following settings are needed in order to use Gmail as mail-hub and SMTP server.

$mail->Mailer = "smtp";
$mail->Host = "ssl://smtp.gmail.com";
$mail->Port = 465;
$mail->SMTPAuth = true; // turn on SMTP authentication
$mail->Username = "username@gmail.com"; // SMTP username
$mail->Password = "password"; // SMTP password

My experience using Gmail as SMTP server
So far I haven’t got any problems. Their service is always online and available, which is quite opposite to what I have experienced with my low budget hosting provider so far.

Related posts:

1. S/MIME for Gmail
2. Google Gmail on your own domain
3. GMAIL from Linux CLI interface
4. Jailbreak iPhone 3GS Using redsn0w (Windows)
5. Crack Windows Password
6. OpenSSH: Disabled Reverse DNS Lookup
7. SMTP Telnet Session
8. Howto Crack Rar, 7z, and zip files in Linux
9. Howto: How to Reset the MySQL Root Password
10. How To Update A Garmin Nuvi (Firmware and Maps)

Developing a web applications is often articulated as easy and a good thing for new programmers to start with. Many books and tutorials have been written on the subject, and many frameworks and programming languages have been built to facilitate quick construction of web applications. Just one thing bothers me about this, many of the books and tutorials ignore many of the security issues that are related to building web applications. This fact might explain why we do have such a huge number of insecure and vulnerable web applications around on the net.

Anyway, it is not just bad – a number of initiatives have been formed to communicate the need for security and web-based applications. One of these initiatives is OWASP, which is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. This community works to create freely-available articles, methodologies, documentation, tools, and technologies.

OWASP’s most successful documents include the book-length OWASP Guide and the widely adopted OWASP Top 10 awareness document. The most widely used OWASP tools include their training environment WebGoat, their penetration testing proxy WebScarab, and their OWASP .NET tools. OWASP includes roughly 100 local chapters around the world and thousands of participants on the project mailing lists. OWASP has organized the AppSec series of conferences to further build the application security community.

Hopefully initiatives like OWASP will provide up-coming web developers with a awareness of the security issues related to development of web application and enable them to avoid the classic pitfalls in web application security. At least so far I have learned a lot from OWASP articles and guides.

Related posts:

1. Google Gives Away Web App Security Tool
2. PHP Source Code Security Audit Tool
3. 68 Linux Related Free E-books
4. Voices That Matter: GWT – Security
5. Test your environment’s security with BackTrack
6. Popular Photoshop Tutorials
7. Firefox Flash Interaction Bug: I Cannot Click In Flash Application e.g. Youtube
8. Top 15 Free SQL Injection Scanners
9. Howto Install Ruby and Ruby on Rails on Debian Etch 4.0
10. soapUI: Easy Webservice Invocation and Testing Application

PHP 5.1 introduced Type Hinting. Type Hinting means that functions are able to force parameters to be objects, by specifying the name of the class in the function prototype. It it also possible to specify that a certain parameters should be an array. Unfortunately the primitives types; string, int etc isn’t supported in PHP 5.1.

Type hinting code example.

// An example class
class MyClass
{
/**
* A test function
*
* First parameter must be an object of type OtherClass
*/
public function test(OtherClass $otherclass) {
echo $otherclass->var;
}

// Another example class
class OtherClass {
public $var = 'Hello World';
}


Consult the PHP Manual for more examples on PHP type hinting

Related posts:

1. array2object and object2array (PHP)
2. Automatic Generate JUnit Tests
3. GnuPG/GPG: Exporting your Public Key
4. Convert Northing and Easting UTM to Longitude and Latitude
5. Bash Shell: Object Oriented
6. SSL: Verifying that a Certificate matches a Private Key
7. Numeric Array Sort in Javascript
8. Howto: Convert an OpenSSL key to a public/private OpenSSH key-pair
9. Windows: Free and Open Source Image Editing
10. Convert Hex Color to RGB

If you’re into statistics this article presents various examples of CSS, PHP, Flash or AJAX charts.

read more | digg story

Related posts:

1. Firefox Flash Interaction Bug: I Cannot Click In Flash Application e.g. Youtube
2. Web 2.0 – Sortable lists with PHP and AJAX
3. A Better ‘Digg This’ Button
4. Ajax
5. WSJ: Sun to Use Flash Memory in Servers
6. WSJ: Sun to Use Flash Memory in Servers
7. The Best Places to do Everything
8. /dev/hello_world: A Simple Introduction to Device Drivers under Linux
9. Simplicity is making waves in PC market
10. Fedora 8 Werewolf (Screenshots)

With APC

cc@snox:~$ sudo ab -n 10 http://mediakey.dk/~cc/
This is ApacheBench, Version 2.0.40-dev < $Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking mediakey.dk (be patient).....done

Server Software:        Apache
Server Hostname:        mediakey.dk
Server Port:            80

Document Path:          /~cc/
Document Length:        43525 bytes

Concurrency Level:      1
Time taken for tests:   1.937474 seconds
Complete requests:      10
Failed requests:        0
Write errors:           0
Total transferred:      437420 bytes
HTML transferred:       435250 bytes
Requests per second:    5.16 [#/sec] (mean)
Time per request:       193.747 [ms] (mean)
Time per request:       193.747 [ms] (mean, across all concurrent requests)
Transfer rate:          220.39 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.0      0       0
Processing:   192  193   1.3    193     195
Waiting:        0   19  13.7     28      30
Total:        192  193   1.3    193     195

Percentage of the requests served within a certain time (ms)
  50%    193
  66%    193
  75%    195
  80%    195
  90%    195
  95%    195
  98%    195
  99%    195
 100%    195 (longest request)
cc@snox:~$

Without APC

cc@snox:~$ sudo ab -n 10 http://mediakey.dk/~cc/
This is ApacheBench, Version 2.0.40-dev < $Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/

Benchmarking mediakey.dk (be patient).....done

Server Software:        Apache
Server Hostname:        mediakey.dk
Server Port:            80

Document Path:          /~cc/
Document Length:        43525 bytes

Concurrency Level:      1
Time taken for tests:   2.842836 seconds
Complete requests:      10
Failed requests:        0
Write errors:           0
Total transferred:      437420 bytes
HTML transferred:       435250 bytes
Requests per second:    3.52 [#/sec] (mean)
Time per request:       284.284 [ms] (mean)
Time per request:       284.284 [ms] (mean, across all concurrent requests)
Transfer rate:          150.20 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    0   0.0      0       0
Processing:   283  283   1.4    283     286
Waiting:      102  102   0.7    102     104
Total:        283  283   1.4    283     286

Percentage of the requests served within a certain time (ms)
  50%    283
  66%    283
  75%    285
  80%    285
  90%    286
  95%    286
  98%    286
  99%    286
 100%    286 (longest request)

More on APC Cache, Memcached Cache, and MySQL Query Cache performance

Related posts:

1. Varnish : Simple and Fast HTTP Acceleration
2. Block referer spam easily
3. Howto Secure Apache
4. Optimize MySQL Performance With MySQLTuner
5. Tomcat Performance: Linux faster than Windows
6. AMD DDR2 Linux Performance
7. Browse Faster Using a Local DNS Cache
8. Linux Terminal Speed Performance Comparison
9. HTTP Request Smuggling
10. MySQL Optimization and Performance Tips