After waiting for a couple months, I finally was invited to join the Joost beta program . I was pretty impressed with how easily the signup process went, the program installed, and I was able to start watching TV.

Joost is a company that is attempting to use Peer-to-peer protocols to deliver streaming video. It’s a pretty cool idea and seems to be well implemented. It certainly has a few problem areas still though:

When running the App in a window, it is pretty buggy. Switching between it an other applications is painfully slow sometimes. Also dragging or resizing the window looks weird.
I’m currently unable to exit the program from inside of it. I have to use the tray icon to kill it

I wasn’t interested in hardly any of the content that was available. I watched a couple of music videos and parts of some National Geographic shows, but everything else didn’t interest me much. I suppose the content will grow over time.
While playing a show, I did a quick tcpdump on my connection, and it looked like I was downloading from about 8 sources at any one time.

I just went to upgrade PEAR on a CentOS 4.4 server and had problems.  The installed PEAR version (from pear info PEAR) was 1.3.2, but when I ran ‘pear upgrade PEAR’, I was told that I needed PEAR version 1.3.3.   The solution: ‘pear install PEAR-1.3.3’ to upgrade to that particular version.  Then I could ‘pear update PEAR’ which brought it up to version 1.5.3.     Then I could run a ‘pear upgrade-all’ to update all of the other packages.

I went through several compiles trying to get a Kernel to compile with support for iptables that supported the -state argument. I eventually came up with the right combination, which included both the ‘state’ match support and IPv4 connection tracking support

Here’s where they are in menuconfig:

Networking Support ->
Networking Options ->
Network Packet Filtering Framework (Netfilter) ->
IP: Netfilter Configuration ->
IPv4 connection tracking support (required for NAT) = M
Core Netfilter Configuration ->
“state” Match support = M

(also most everything else on this page is selected as well)

After exiting menuconfig, you can make sure that those two options are correct in your .config by looking for CONFIG_NETFILTER_XT_MATCH_STATE and CONFIG_NF_CONNTRACK_IPV4.

I’ve been spending quite a bit of time on a program recently, and have taken for granted these two functions that I wrote for it a while ago. The convert back and forth between an IP address and the integer representation of the IP address.

For example, the IP address ‘207.210.219.125’ can also be represented as ‘3486702461’. The magic behind the calculation involves converting each octet of the IP address into binary, and then reading the entire 32 bits as a single unsigned integer.

The PHP code uses some bitwise functions to do this pretty easily (Although it took some experimenting to get it right). I’ve named the functions the same as their MySQL equivelents. inet_ntoa = number to address and int_aton = address to number. That’s right MySQL supports them directly. It’s much better for MySQL to work with the integers rather than the string representations.

function inet_aton($ip_address)
{
    if(! preg_match("/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/",$ip_address)) {
        return;
    }
    list($octet1, $octet2, $octet3, $octet4) = split('\.',$ip_address);

    $ipaddress_number = (double)
        (($octet1 & 255) << 24 ) |
        (($octet2 & 255) << 16 ) |
        (($octet3 & 255) << 8 ) |
        ($octet4 & 255 ) ;
    ## PHP doesn't support unsigned ints, so we "fake" it into returning a double
    $return_number = doubleval(sprintf("%u", $ipaddress_number));
    return $return_number;
}


function inet_ntoa($ip_number)
{
    if(! is_numeric($ip_number)) {
        return $ip_number;
    }
    ## PHP doesn't support unsigned int's, so we'll use a double
    $ip_number = doubleval($ip_number);
    $octet1 = $ip_number >> 24 & 255;
    $octet2 = $ip_number >> 16 & 255;
    $octet3 = $ip_number >> 8 & 255;
    $octet4 = $ip_number & 255;
    $ip_address = $octet1 .'.'. $octet2 .'.'. $octet3 .'.'. $octet4 ;
    return $ip_address;
}

I just spent a couple hours trying to figure out how to convert and OpenSSL Key/Certificate to one that can be used by Tomcat. It turned out being way more complicated than I thought, and I had to piece together instructions from various web sites. Here’s how I did it:

Convert the Key to a PKCS12 Key. This will prompt you for a password which you will need when you change the Tomcat configuration.

openssl pkcs12 -export -in /etc/apache2/ssl.crt/somedomain.com.crt -out somedomain.com.pkcs12 -name “somedomain.com” -inkey /etc/apache2/ssl.key/somedomain.com.com.key

Verify that the pkcs12 file contains your key. You should be able to see your certificate’s common name, and various other parameters.

keytool -list -v -keystore somedomain.com.pkcs12 -storetype pkcs12

Now configure Tomcat by editing conf/server.xml and changing the SSL Connector to something like this:

<connector port="8443" maxThreads="150" acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreType= "PKCS12"
keystoreFile="somedomain.pkcs12"
keystorePass="yourKeystorePass">

Here is a perl equivalent of PHP’s AddSlashes() function. It’s a quick an dirty way to clean up text to insert into a database. There are better ways to do this. It should exactly mimic PHP’s function. It adds slashes before single quotes(‘), double-quotes(“), backslashes(\), and NULL bytes (\0).

sub AddSlashes {
    $text = shift;
    ## Make sure to do the backslash first!
    $text =~ s/\\/\\\\/g;
    $text =~ s/'/\\'/g;
    $text =~ s/"/\\"/g;
    $text =~ s/\\0/\\\\0/g;
    return $text;
}

It’s official.  CentOS 5 is finally released.   This version upgrade has a number of significant upgrades.  I’m most excited about the inclusion of Apache 2.2, MySQL 5, PHP 5, and Xen.   I’ll be installing it on a new server as soon as I get the chance

I’ve been considering starting a website just for the software that I write. Much of it will be open-source, like my Speedtest, and a few other things that I’ve written. I also want to create place to sell some software as well. I’ve been thinking about domain names, and it is difficult because any .com that is remotely desirable has already been taken and hosts a stupid search page. I’ve contacted a couple that I was interested in and the greedy people usually want thousands of dollars for them.

So, I’ve been looking at ‘alternative’ top level domains thinking that maybe I can come up with something clever like del.icio.us. I’ve been unable to find an online dictionary that allows me to search just based on the last letters of a word though. I’m hoping to search for .us, and have it show me all of the English words that end in “us”. Since I couldn’t seem to find any online, I just took a few minutes and made my own.

I found a free version of Webster’s Dictionary available at the Gutenberg project, and wrote a quick Perl script to find all of the words and then see if they match the criteria I specified. Figuring that it may be useful to others, I made a public Reverse-letter dictionary search available on my site. It searches about 110,000 English words that end in the letters you specify.

I also found a kindof fun Name Generator that generates random Web 2.0 names. Maybe it can come up with something interesting. I still haven’t come up with the right name yet, but I’ll keep trying

I was working programming a site today and was noticing that it seemed to be taking quite a while (5+ seconds) to generate the page.  I’ve been looking at some Apache and PHP optimization and decided that it was time to try a PHP accelerator.

I have previously installed the Zend Accelerator, but never really benchmarked it before.   I went to install it and found out that it has been incorporated into the commercial Zend Platform software.   Looking quickly at some alternatives, I settled on eAccelerator because it seems to be stable, in active development, and had decent documentation.

It didn’t take too much to install.  I just installed the php-devel package from yum, then ran ‘phpize’, ‘configure’, ‘make’, and ‘make install’.   Then copied the provided eaccelerator.ini into /etc/php.d/ and restarted Apache.

Based on some really simple and quick benchmarks using ‘ab’, it looks like about a 4x performance improvement overall.   Not bad for about a half hour of installing it and making it work.

A website just posted a story about how there is “no end in sight” to the hacking of World of Warcraft accounts. The story tells about hackers who install keylogging software on victims’ computers, then use it to relay the victims’ WoW username and password back to them. Then they simply log in as that user, transfer all of the victim’s valuable in-game assets to accounts that they control, and sell off everything for cash.

An idea I had on how to solve this, as well as lots of other online identity theft problems, is to allow users to opt-in to a login restriction based on IP Address. Blizzard could ask you if you want to restrict logins to your current IP (or, more likely, the first 22 bits or so of your IP address). Any attempt to login with an IP outside that range would require some kind of external verification, like an automated phone call where you verify the last four digits of your credit card number.

It would take a little work on their side, but surely Blizzard ought to be able to come up with something like this. I would think that the development time up front would save them lots money on customer service and canceled subscriptions down the line when accounts are compromised.

The solution does have a couple potential problems. Mainly, if a hacker is able to install keylogging software on a victims’ computer, they might also be able to install a proxy server of some sort to attempt to use the victims’ IP address anyway. There is some evidence that such Proxy programs already exist and are used for account leveling. If this type of proxy software becomes widely used, identifying hackers by IP becomes nearly impossible.

Its important to note that this idea does not apply just to WoW. Other companies like banks could use a similar security measure to protect against hackers logging in as real users. The fact that nobody has done this must mean that I’m missing something. Feel free to comment and let me know how this wouldn’t work.