Web Programming, Linux System Administation, and Entrepreneurship in Athens Georgia
Thanks to The Finance Buff for these formulas.
Here are some simple PHP functions to convert and APY to an APR and back
function apy_to_apr($rate, $periods = 365)
{
return ( $periods * pow( (1+$rate), (1/$periods) )) - $periods;
}
function apr_to_apy($rate, $periods = 365)
{
return ( pow( (1+ ($rate/$periods)), $periods) - 1);
}
I have a PHP function that I wrote a long time ago to generate a random string of characters:
function randomString($size = 25)
{
$charset = 'abcdefghijklmnopqrstuvwyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$string = '';
for ($i=0; $i < $size; $i++) {
$string .= $charset[(mt_rand(0,(strlen($charset) -1)))];
}
return $string;
}
I have been using this to generate a random ID, which is then inserted into a database column as a unique key. Theoretically, it has
6225 possible unique values (or 6.45 * 1044) if case sensitive or 3625 (2.36 * 1035) when used in a case-insensitive application. That is a lot of possible combinations, and I figured it would be rare that I’d get two that ever were the same.
I was wrong.
I must be running into some kind of issue where the pseudo-randomness is not as random as I thought. I’m inserting somewhere in the neighborhood of 25k rows a day into this table for the past couple weeks and have had over 20 errors generated where the database complained that the unique key already existed. I investigated a couple and found that it was, indeed correct. My database is not case sensitive and would have complained if the two had the same characters even if the cases weren’t the same. So I was pretty surprised when I looked at the errors and found that in each case the 25 character strings were exactly the same, even all of the letters in it were the same case.
So I’ve had to revert to another method that I like a little better anyway.
Google announced yesterday new services and pricing based on their Postini message filtering service. The service sounds great, and I’ve been looking at moving away from my current mail filtering service for a couple months now. Pricing starts out at only $3.00 per user per year. I did a little checking around, and verified that I can add domain aliases and user aliases and that it looks like they can be tied to a single $3.00 account.
That is exactly like what I need. I have a bunch of domains, and use several email addresses at each one that all forward to a single Inbox. For $3.00 a year, it sounds like a great savings over my alternate plan which was creating my own MailScanner box. Plus with Google, I won’t have to worry about redundancy, or keeping my own filtering up to date.
Perfect, so I went to sign up. I put in my domain name, agreed to the TOS, then put in my credit card information and hit submit:
Oops, looks like something went wrong there. That’s not the best way to instill confidence into your new customers.
Amazon’s long lived ECS 3.0 will be shutting down soon. This was an early version of their API that allowed 3rd party applications to access Amazon’s vast database of books and products. It was very widely used, and it will be interesting to see what kind of impact it has when they turn it off for good on March 31st. I’m sure there are plenty of small sites that will break in some way when they turn it off.
From what I’ve seen, they have been pretty good at notifying customers who are still using it. I’ve gotten several emails about it in the past couple weeks. Despite all of their efforts, though, I’m sure that there has got to be all kinds of small sites that were written at one point and haven’t been touched since.
The easiest way to tell if you have a site that uses it, is to grep through all of your code for ‘AssociateTag’ or ‘SubscriptionId’. Those are the authentication parameters used by the 3.0 version that it shutting down. The newer version of ECS uses a ‘AWSAccessKeyId’ parameter instead.
If you have a PHP or Perl-based website that needs to be upgraded to the new version, you can hire me to fix it.
I recently moved one of my blog’s to it’s own IP address, but strangely Google’s feed readers are still picking up that site on the original IP Address. It has been several days now, and Google is still requesting the site at the old IP Address. I did some digging and found that even though I changed the IP Address, the SOA Serial didn’t get incremented. As a result, Google’s DNS servers are using cached records and not requesting new ones because the serial hasn’t changed.
This seems like a pretty serious problem for GoDaddy. I double checked everything again tonight by creating some new records. The new records resolve to the IP’s that I specified, but the serial remains unchanged.
I tried various things that definitely should have caused the serial number to be incremented:
– Adding a new A record,
– Modifying an A record
– Deleting an A record
None of which updated the serial as it should have.
Finally, I noticed on the main page for my domain (the one that lists the name servers, registrant info, etc) that next to Name Servers: it said Last Update: 11/23/2007, which coincided with the date of the serial. I was finally able to update the Serial by acting like I was changing my name servers, then just submitting the page without making any changes.
It seems this is a fundamentally broken DNS system though. Frankly, I’m pretty surprised to have something like that from GoDaddy, where I’m sure you do DNS for hundreds of thousands of domains. While troubleshooting, I emailed GoDaddy’s support a couple times and were less than helpful. Their basic response was:
We are unable to update the SOA serial on demand. This information is updated periodically, and is the way our systems currently process. We apologize for any inconvenience this may cause.
There is a handy utility for converting mbox style mailboxes into maildir format at https://batleth.sapienti-sat.org/projects/mb2md/
To convert all of the mailboxes on your server:
Edit /etc/sudoers and comment out the env_keep section. These variables make it so that the sudo command keeps some environment variables and tries to put things in the wrong directory.
Download mb2db, unzip it, and copy the binary to /bin (where all users can access it)
# wget https://batleth.sapienti-sat.org/projects/mb2md/mb2md-3.20.pl.gz # gunzip mb2db-3.20.pl.gz # cp mb2db-3.20.pl.gz / bin
Then run this command to convert all of the mailboxes into maildir format.
cd /var/spool/mail for username in `ls`; do echo $username; sudo -u $username /bin/mb2md -m -d Maildir; done
That will create a directory called Maildir in each user’s home directory. Then just configure your MTA to deliver mail there, and your IMAP server to pick it up there
In postfix, add this to /etc/postfix/main.cf
home_mailbox = mail/
And in Dovecot, change this in /etc/dovecot.conf
mail_location=maildir:~/mail/
Now you can edit /etc/sudoers and uncomment the env_keep section.
I ran across a system today that was using the VHCS control panel. It looks like the system wasn’t correctly configured to allow SMTP authentication. It uses Postfix as the MTA and Courier-IMAP for the Imap/POP3 server. It was populating the Courier-authentication database with email addresses and passwords to use for logging into the incoming mail server, but postfix wasn’t configured to use the same database for authenticating and providing an outgoing mail server.
This is what I had to do to get it working
Edit your system’s smtpd.conf file (/var/lib/sasl2/smtpd.conf for RedHat and derivatives. /etc/postfix/sasl/smtpd.conf for Debian and Ubuntu derivatives). And put in this content:
I think this is a default install looks like:
pwcheck_method: saslauthd mech_list: PLAIN LOGIN
So change it to this:
pwcheck_method: authdaemond mech_list: PLAIN LOGIN authdaemond_path: /var/run/courier/authdaemon/socket
Of course, make sure that the authdaemond_path is correct for your system, and change as needed.
Then restart postfix and see if that works. You can use my SMTP Authentication String tool to get your encoded password and try it through telnet. Tail your mail log to see if it gets any errors.
On the system I was working on. Postfix was configured to chroot the smtpd processes (in /etc/postfix/master.cf). I got errors in the mail log that looked like this:
Jan 24 19:52:46 host postfix/smtpd[14528]: warning: SASL authentication failure: cannot connect to Courier authdaemond: No such file or directory Jan 24 19:52:46 host postfix/smtpd[14528]: warning: SASL authentication failure: Password verification failed Jan 24 19:52:46 host postfix/smtpd[14528]: warning: host.local[127.0.0.1]: SASL plain authentication failed: generic failure
So, in that case, I simply hard-linked the courier authdaemon socket file inside of the chroot (/var/spool/postfix)
cd /var/spool/postfix ln /var/run/courier/authdaemon/socket courier-authdaemon-socket
Then change the authdaemond_path to just ‘courier-authdaemon-socket’. Restart postfix and it should work
The PHP ADOdb libraries are a database abstraction layer that tries to hide the database specific commands from the programmer. It tries to allow the programmer to write code that will be portable between any backend database engine. Since not all databases provide an insert id, ADOdb provides a wrapper for it in the form of it’s Insert_ID() function.
It implements it in a really ugly way though. Whenever you use it’s pseudo insert_id functions, it creates a _seq table with a single column and a single row. For example, if you are inserting something into a table named ‘users’, it will create a table named ‘users_seq’ with a single ‘id’ column. It generates one row in that column with an insert id that it calculates and increments on it’s own.
First off, that is really ugly. I hate having a whole bunch of extra tables in my database, and it makes it even worse that they only have a single value in them. I wish they would have implemented that differently, and made a single ‘_sequences’ table with two columns (table and id).  At least that would keep the tables to a minimum and centralize where all of the insert id’s are at.
The other bad part about it, is if you access the database with anything other than the ADOdb application, it is difficult to use this required structure. In most cases, things break and I get duplicate key constraints and it is just generally a pain.
So I’ve decided not to use it ever again. Its not likely that I’ll ever change the database anyway, so I might as well take advantage of the handy insert_id functionality already provided by MySQL. Just do your queries as you would normally, including the ‘INSERTID’, and then you can retrieve the insert_id like in this example:
CREATE TABLE `users` ( `id` int(10) unsigned NOT NULL auto_increment, `name` varchar(80) NOT NULL, `email` varchar(80) NOT NULL, ) ;
// I assume you know how to create a ADOdb object
$db ->query("
INSERT INTO USERS (id, name, email) VALUES ('INSERTID', 'Joe User', '[email protected]')
");
$user_id = $db->_connectionID->insert_id;
After several hours of researching end experimenting, I think I finally came up with a way for a PHP script to display a page, close the connection to the browser, and then to continue processing. The idea is that I can add some potentially lengthy processing to the script by executing it after the browser has closed the connection, but to a visitor, the page appears to load quickly.
I experimented with PHP’s register_shutdown_function, but that doesn’t really do what I need (unless running < PHP 4.0.3). Evidently PHP doesn’t have any way to close STDOUT, like other languages do.
The trick is in sending a Connection: close and Content-Length header. Once a client has received the specified number of bytes, it will close the connection, even though the script may continue. Unfortunately, that means that you need to know the length of the page before displaying it. That can be handled with output buffering, but does make the solution less than ideal.
Here is an example that works for me using PHP 5.1.6.
<?php
$start_time = microtime(true);
function bclog($message)
{
global $start_time;
$fh = fopen('/tmp/logfile', 'a');
$elapsed = microtime(true) - $start_time;
fwrite($fh, "$elapsed - $message\n");
fclose($fh);
}
header('Content-type: text/plain');
header('Connection: close');
ob_start();
for ($i = 0; $i < 1024; $i++ ) {
echo "#";
}
bclog("I'm done outputting my normal content");
// Figure the size of our content
$size = ob_get_length();
// And send the content-length header
header("Content-Length: $size");
// Now flush all of our output buffers
ob_end_flush();
ob_flush();
flush();
sleep(5);
bclog("Now I'm done with all of my post-processing - FYI, content length was $size");
?>
If you hit that page in a browser, you will notice that the browser displays the content and is done right away. However, you can tail that logfile, and see something like this:
0.0002360343933 - I'm done outputting my normal content 5.0019490718842 - Now I'm done with all of my post-processing - FYI, content length was 1024
It is not an ideal solution, but I think that is about as good as it is going to get
I’ve toyed around with chrooting a shell account to a directory before, but never really done it before. Today a customer wanted it done, so I had a chance to figure it all out. I’ve considered the using chrooted ssh before, but that requires a patch to SSH. Today I came across jailkit which leaves SSH alone, but implements the chroot as the users shell. It seemed pretty straightforward, plus provides some utilities for creating the jail.
cd /usr/local/src wget https://olivier.sessink.nl/jailkit/jailkit-2.4.tar.gz tar -xvzf jailkit-2.4.tar.gz cd jailkit-2.4 ./configure && make && make install
The tools were then available. Their examples said to put the jail environment, but I figured I might want to create per-user jails, so I created it in /home/jail-someuser like this:
jk_init -v -j /home/jail-someuser basicshell editors extendedshell netutils ssh sftp scp
That creates the directory and copies all of the specified programs into place inside the jail. In addition, it also copies all of necessary libraries as well – which is much easier than finding them with ldd.
Now, just create the actual user account and some directories for inside the jail:
mkdir /home/jail-someuser/home/someuser
useradd -d /home/jail-someuser/./home/someuser -s /usr/sbin/jk_chrootsh
chown someuser:someuser home/jail-someuser/./home/someuser
mkdir /home/jail-someuser/tmp
chmod a+rwx /home/jail-someuser/tmp
I was then able to log in by SSHing to the box as someuser. Upon logging in, I noticed that the default debian bash login script had some problems because the ‘id’ command wasn’t available. Also, vi wasn’t available, so I copied both of those programs those into the jail (fortunately their required libraries seem to already be there)
Overall it was pretty painless to install and get working. I’m quite impressed.
© 2026 Brandon Checketts
Theme by Anders Noren — Up ↑