Archive for the ‘Tips’ Category
Saturday, March 23rd, 2013
If you are building a web-app, which needs to use OAuth for user authentication across Facebook, Google, Twitter and other social media, testing the app locally, on your development machine, can be a real challenge.
On your local machine, the app URL might look like http://localhost/my_app/login.xxx while in the production environment the URL would be http://my_app.com/login.xxx
Now, when you try to test the OAuth integration, using Facebook (or any other resource server) it will not work locally. Because when you create the facebook app, you need to give the URL where the code will be located. This is different on local and production environment.
So how do you resolve this issue?
One way to resolve this issue is to set up a Virtual Host on your machine, such that your local environment have the same URL as the production code.
To achieve this, following the 4 simple steps:
1. Map your domain name to your local IP address
Add the following line to /etc/hosts file
Now when you request for http://my_app.com in your browser, it will direct the request to your local machine.
2. Activate virtual hosts in apache
Uncomment the following line (remove the #) in /private/etc/apache2/httpd.conf
3. Add the virtual host in apache
Add the following VHost entry to the /private/etc/apache2/extra/httpd-vhosts.conf file
4. Restart Apache
System preferences > “Sharing” > Uncheck the box “Web Sharing” – apache will stop & then check it again – apache will start.
Now, http://my_app.com/login.xxx will be served locally.
Saturday, January 5th, 2013
Wednesday, November 21st, 2012
Over the years, I bought many iPhones for family and friends from US. Only for the last 2 Years, Apple has been selling unlocked phones. Before that, for most phones, I had to figure out a way to jailbreak and carrier unlock the phone via Ultrasn0w.
For iPhone 3Gs, to carrier unlock your phone, I had to upgrade my phone’s baseband to 6.15.00 (iPad’s baseband) and then using Ultrasn0w I could use the phone with any service provider in India.
However for iPhone 4 with baseband 4.11.08, Ultrasn0w could not do the carrier unlock. Basically there was no way to upgrade/downgrade the baseband. I had given up hope and my daughter was happily using those iPhones as toys. Just then I came across BejingPhoneRepair’s IMEI Unlocking Steps. I was very skeptical that this would work. Paid $15 USD for 1 phone and it worked like a charm. I was able to unlock all my iPhone4′s.
Then I had this iPhone 3Gs, which I had jail broken and upgraded the baseband to 6.15.00. I wanted to upgrade that to iOS 6.0.1. So I thought I might as well use the same IMEI unlock. After I paid and followed the exact same steps I did for iPhone4, I realized there was an issue:
It refused to recognize the SIM card. Then I came across this article from Richard Ker of BeijingiPhoneRepair. This explains that iTunes does not let you activate your iPhone 3Gs with baseband 6.15.00 on iOS 6.
The solution they propose is to downgrade your baseband to 5.13.04 first. To downgrade your baseband you can get the original iPhone 3GS iOS 5.1.1 firmware and then using Redsn0w to flash the baseband. Since I already had iOS 6.0.1 installed on my phone, I kept getting the following error:
AppleBaseband: Could not find mux function error.
Tried downgrading my phone to iOS 5.1.1 using Redsn0w and iTunes, but no luck. Apple does not allow you to downgrade from iOS 6 to iOS 5. You need the SHSH blobs saved for iOS 5.1.1 to downgrade as Apple has stopped signing this firmware. Using Redsn0w I tried searching Cydia’s server to see if SHSH blobs were available. No luck. So I followed the following steps to fix the issue:
- Using Redsn0w (0.9.14b2 or above), I put my phone in DFU mode.
- During the restore process, iTunes verifies with Apple’s server if the device is allowed to install the specific version of firmware. To work around this issue, I appended the following line 22.214.171.124 gs.apple.com to my host file (/etc/hosts) to fool iTunes.
- Then using iTunes, restored iOS 4.1 (8B117) firmware on my phone. I usually download my firmwares from iClarified’s site.
- After Launching redsn0w. Under Extras > Select IPSW and select the original iOS 4.1 (8B117) firmware
- Did a controlled shutdown of my iPhone (“slide to power off”).
- Returned to the first screen and clicked ‘Jailbreak’.
- Checked the ‘Downgrade from iPad baseband’ checkbox and unchecked Cydia. Next.
- Redsn0w started the downgrade process and you finally I saw the ‘Flashing Baseband’ screen on my iPhone with the Pawnapple icon. DO NOT INTERRUPT your iPhone while baseband flashing is in progress. This steps takes a good 5-10 mins.
- When this was done, after rebooting my iPhone, the baseband was downgraded to 5.13.04.
- Then I connected my phone to iTunes once more and upgraded my firmware to iOS 6.0.1.
- Once the upgrade was done, I saw this screen on iTunes.
- Now my phone can connect to the local service provider.
Saturday, October 20th, 2012
For frequent emails, I continue to see some people still using large number of people’s email address in the To or CC field instead of creating a group. For example, the society I stay in, has around 200 houses. And the emails between the society members use this approach.
Their workflow goes something like this: Dig thru past emails looking for everyone’s email address, validate if the email address is still valid and then send an email to all of them hoping it will reach everyone and won’t end up in their spam folders. (If you email a large number of people, there is a very high probability that your email will end up in the spam folder.)
In general, the approach highlighted above is considered a bad practice. Below are few key issues with the way we are currently emailing:
- Anytime we’ve a new members, it hard for them to get on this list. Even if one person adds them to the list, we are not sure if everyone will include them in future emails.
- Also new members don’t have access to any of the previous emails. So we tend to see sometimes repeated emails coming again.
- Its hard to follow these email chains. It not clear who has responded to who and when. One has to go dig thru emails to find out the timeline.
- Many times emails bounce coz you’ve got the wrong email address. There is no easy way to maintain validated email addresses. Many times copying and pasting email address can also cause these problems.
- Its hard to categorize these email. I would be interested in only certain kind of emails. But emails don’t allow me to tag or categorize them easily.
- I have no control when these emails land in my inbox. For ex. I would like to see these email as a digest at the end of the day. Few of these mails are important, however most of them are FYI emails or complain email or just pure noise.
- People have no control over which email address gets used. For example, I get email on 2 email accounts and I can’t really do anything about it, other than request people to drop me from there list. Basically I’ve no control over this.
- Last but not the least, a privacy issue. I don’t want my email id floating around on email chains.
To avoid this problem, its best to create specific group or mailing list and request people to join the respective group. This way going forward, if you want to email everyone, just compose your email and send it to the group’s email address. No need to remember everyone’s email ids. New people can just join this list. Members can update their email address and personal email preferences, no problem.
Monday, July 30th, 2012
Recently I had the “pleasure” of upgrading from CMSMS 1.9.3 to 1.10.3.
- Downloaded the cmsmadesimple-1.10.3-full.tar.gz
- Unzipped it overwriting some of the existing files from the older version (1.9.3) [tar -xvf cmsmadesimple-1.10.3-full.tar.gz -C my_existing_site_installation_folder]
- Ran the upgrade script by opening http://my-site.com/install/upgrade.php
I was constantly getting stuck at step 3, it was complaining:
Fatal error: Call to undefined method cms_config :: save () in /install/lib/classes/CMSUpgradePage3.class.php on line 30
Digging around a little bit realized cms_config is no longer available.
Then tried downloading cmsmadesimple-126.96.36.199-full.tar.gz
Luckily this time I was able to go past step 3 without any problem.
So now I was on version 188.8.131.52, but I wanted to get to 1.10.3. So
- As per their advice, upgraded all my modules to the latest version
- Downloaded cmsmadesimple-1.10.3-full.tar.gz,
- Copied its contents
- Tried to run the upgrade script.
Everything went fine, it even updated my database scheme to version 35 successfully. But then when I hit continue on step 6, it was stuck there for ever. Eventually came back with Internal Error 500. Looking at the log file, all I could see is
“2012/07/28 06:28:35 [error] 23816#0: *3319000 upstream timed out (110: Connection timed out) while reading response header from upstream”
Turns out that in 1.10, the CMSMS dev team broke a whole bunch of backward compatibility. In Step 6 of the upgrade, it tries to upgrade and install installed modules. But during this process it just conks out.
Then I tried to uninstall all my modules and run the upgrade script. Abra-kadabra the upgrade went just fine.
- Then I had to go in and install those modules again.
- Also had to update most of the modules to the latest version which is compatible with 1.10.
- And restore the data used by the modules.
Only had I known all of this, it could have saved me a few hours of my precious life.
P.S: Just when I finished all of this, I saw the CMSMS dev team released the latest stable version 1.11
Monday, March 26th, 2012
There is something positive to be said about joining teams where you are the worst team member. It stretches you and forces you to grow in ways you would not grow, if left alone.
In my career, I’ve been parts of many teams, where the first few days, I could not comprehend what others were talking. I felt completely stupid and small. But the desire to learn and passion to excel soon presented a day when I felt equal with others. The journey would usually not stop there. Soon I would be leading the discussions.
Mostly when I felt that I was leading the discussions, I realized it was time to move on and join another team where I would feel like the worst band member again.
I certainly think there are other ways to progress in your career, but this attitude has certainly helped me.
Saturday, October 22nd, 2011
How to destroy a team by introducing various forms of churn?
- Have the Product Management change high-level vision and priority frequently.
- Stop the teams from collaborating with other teams, Architects and important stakeholders.
- Make sure testing and integration is done late in the cycle.
- As soon as a team member gains enough experience on the team move him/her out of the team to play other roles.
- In critical areas of the system, force the team to produce a poor implementation.
- Structure the teams architecturally to ensure there is heavy inter-dependencies between them.
- Very closely monitor team’s commitment and ensure they feel embarrassed for estimating wrongly.
- Ensure the first 15-30 mins of every meeting is spent on useless talk, before getting to the crux of the matter.
- Measure Churn and put clear process in place to minimize churn
Sunday, April 10th, 2011
Over the last 6 months, I’ve been blessed with various pharma hacks on almost all my site.
(http://agilefaqs.com, http://agileindia.org, http://sdtconf.com, http://freesetglobal.com, http://agilecoachcamp.org, to name a few.)
This is one of the most clever hacks I’ve seen. As a normal user, if you visit the site, you won’t see any difference. Except when search engine bots visit the page, the page shows up with a whole bunch of spammy links, either at the top of the page or in the footer. Sample below:
Clearly the hacker is after search engine ranking via backlinks. But in the process suddenly you’ve become a major pharma pimp.
There are many interesting things about this hack:
- 1. It affects all php sites. WordPress tops the list. Others like CMS Made Simple and TikiWiki are also attacked by this hack.
- 2. If you search for pharma keywords on your server (both files and database) you won’t find anything. The spammy content is first encoded with MIME base64 and then deflated using gzdeflate. And at run time the content is eval’ed in PHP.
This is how the hacked PHP code looks like:
If you inflate and decode this code it looks like:
- 3. Well documented and mostly self descriptive code.
- 4. Different PHP frameworks have been hacked using slightly different approach:
- In WordPress, the hackers created a new file called wp-login.php inside the wp-includes folder containing some spammy code. They then modified the wp-config.php file to include(‘wp-includes/wp-login.php’). Inside the wp-login.php code they further include actually spammy links from a folder inside wp-content/themes/mytheme/images/out/’.$dir’
- In TikiWiki, the hackers modified the /lib/structures/structlib.php to directly include the spammy code
- In CMS Made Simple, the hackers created a new file called modules/mod-last_visitor.php to directly include the spammy code.
Again the interesting part here is, when you do ls -al you see:
-rwxr-xr-x 1 username groupname 1551 2008-07-10 06:46 mod-last_tracker_items.php
-rwxr-xr-x 1 username groupname 44357 1969-12-31 16:00 mod-last_visitor.php
-rwxr-xr-x 1 username groupname 668 2008-03-30 13:06 mod-last_visitors.php
In case of WordPress the newly created file had the same time stamp as the rest of the files in that folder
How do you find out if your site is hacked?
- 1. After searching for your site in Google, check if the Cached version of your site contains anything unexpected.
- 2. Using User Agent Switcher, a Firefox extension, you can view your site as it appears to Search Engine bot. Again look for anything suspicious.
- 3. Set up Google Alerts on your site to get notification when something you don’t expect to show up on your site, shows up.
- 4. Set up a cron job on your server to run the following commands at the top-level web directory every night and email you the results:
- mysqldump your_db into a file and run
- find . | xargs grep “eval(gzinflate(base64_decode(“
If the grep command finds a match, take the encoded content and check what it means using the following site: http://www.tareeinternet.com/scripts/decrypt.php
If it looks suspicious, clean up the file and all its references.
Also there are many other blogs explaining similar, but different attacks:
Hope you don’t have to deal with this mess.
Sunday, January 30th, 2011
If you are looking for some popular computer books in India and don’t find them easily in Low Price Edition, then you should check the following site:
They have a huge number of books at a very good price. You can talk to one of their Distributors or Retailers depending on how many books you need.
If you don’t find the book you are looking for, then your next best option is: http://www.flipkart.com/
Tuesday, January 25th, 2011
I’m just learning the basics of how to make webpages easily searchable. Search Engine Optimization (SEO) is a vast topics, in this blog, I won’t even touch the surface.
Following are some simple things I learned today that are considered to be some basic, website hygiene stuff:
- Titles: The title of a web page appears as a clickable link in search results and bookmarks. A descriptive, compelling page title with relevant keywords can increase the number of people visiting your site. Search engines view the text of the title tag as a strong indication of what the page is about. Accurate keywords in the title tag can help the page rank better in search results. A title tag should have fewer than 70 characters, including spaces. Major search engines won’t display more than that.
- Description Meta-tags: The description meta-tag should tell searchers what a web page is about. It is often displayed below the title in search results, and helps people decide if they want to visit that website. Search engines will read 200 to 250 characters, but usually display only 150, including spaces. The first 150 characters of the meta description should contain the most important keywords for that web page.
- H1 Heading: The H1 heading is an important sentence or phrase on a web page that quickly and clearly tells people and search engines what they can expect to find there. The H1 heading for a page should be different from its title. Each can target different important keywords for better SEO.
- Outbound Links: Outbound links tell search engines which websites you find valuable and relevant. Including links to relevant sites is good for your website’s standing with search engines. Outbound links also help search engines classify your site in relationship to others.
- Inbound Links: More number of website linking to your site is always better. Most search engines look at the reputation of the sites linking to your site. They also consider the anchor text (keywords) used to link to your site.
- Self Links: Link back to your archives frequently when creating new content. Make sure your webpages are all well connected with proper anchor text (keywords) used to link back.
- Create a sitemap: A site map (or sitemap) is a list of pages of you web site accessible to crawlers or users. The fewer clicks necessary to get to a page on your website, the better.
- Pretty URLs: Easy to understand URLs, esp. the ones that contain the correct keywords are more search engine friendly compared to cryptic URLs with many request parameters. Favor mysite.com/ablum/track/page over mysite.com/process?albumname=album&trackname=track&page=name
- Image descriptions: AKA alt text – is the best way to describe images to search engines and to visitors using screen readers. Describing images on a web page with alt text can help the page rank higher in search results if you include important and relevant keywords.
- Keywords Meta-tag: Search engines don’t use the keyword meta-tag to determine what the page is about. Search engines detect keywords by looking at how often each word or phrase occurs on the page, and where it occurs. The words that appear most often and prominently are judged to be keywords. If the meta keywords and detected keywords match, that means the desired keywords appear frequently enough, and in the right places.
- First 250 words: The first 250 words of on a web page are the most important. They tell people and search engines what the page is about. The two to three most important keywords for any web page should appear about five times each in the first 250 words of web page copy. They should appear two to three times each for every additional 250 words on the page.
- Robots.txt file: A website’s robots.txt file is used to let search engines know which pages or sections of the site shouldn’t be indexed.
- Canonical URL: A canonical URL is the standard URL for a web page. Because there are many ways a URL can be written, it’s possible for the same web page content to live at several different addresses, or URLs. This becomes a problem when you’re trying to enhance the visibility of a web page in search results. One factor that makes a web page rank higher in search results is the number and quality of other websites that link to it. If a web page is useful enough that lots of people create links to it, you don’t want to dilute the value of those links by having them spread across two or more URLs. Use a 301 redirect on any other version of that web page to get people – and search engines – to the standard version. Some common mistake people do:
- Leave both www.mysite.com and mysite.com in place.
- Leave default documents directly accessible. (mysite.com/ and mysite.com/index.html) More details: Twin Home Pages: Classic SEO Mistake
- Web Presence: Having as much information and links about your website on the web as possible is key. Let it me other people’s website, news sharing and community sites, various social media sites or any other site which many people refer to. Alexa and Compete are two companies which give you a pretty good analysis of your web presence.
- Fresh Content: The best sites for users, and consequently for search engines, are full of often-updated, useful information about a given service, product, topic or discipline. Social media distribution via Blogs, Microblog (Twitter), Discussion forums, User Comments, etc. are great in this regard.
Big thanks to AboutUs.org for helping me understand these basic concepts.