Google recently held a short talk in London (they are recruiting for their ‘new’ Dublin office) that covered a couple of interesting topics such as redundancy using commodity technology (LOTS of cheap machines with the same data), how to create rolling brown outs (rooms packed full of 80 1U servers in every rack seems to do it) and how to horizontally scale everything to meet their needs. The one slide that really caught my attention was mostly flippant but makes an important point about the kind of traffic they are dealing with: Read on →

There has recently been a thread about PHP easter eggs on the webappsec security list. In essence if you call ANY PHP page with certain parameters custom pages will be returned. Here’s an example of the PHP Credits Page. It may seem a little petty to complain about such a small thing in a code-base provided for free but there is a more serious aspect to this, the pages returned vary depending on the version of PHP you run so it’s possible to use this to determine which version the server is running; even if you’ve changed the ServerTokens directive to something more restrictive than the default. Read on →

I wasn’t going to mention this but I’m on dial-up this week and so dog slow down-loading has become an issue for me and this tool might be useful for people in a similar position. The short version is that the packages/Sources file is quite big, down-loading it each day can actually be quite a big hit in terms of bandwidth, apt-dupdate plans to get around this using bzipped diffs rather than re-sending the whole thing. Read on →

This may seem obvious but the number of people that break this simple rule never fails to amaze me. Let’s look at an example, you are meeting with a potential hire and you are discussing salary, as an aside if they are good pay them above the going rate; thats a different post! You make an offer of 30 thousand a year, the other person doesn’t look too impressed. What you should never do (and ignore any uncomfortable silences) is then make another, higher, offer. Read on →

I started out in IT as a developer working on financial systems using VBA, after a very short period of trying to do flexible string manipulation I stumbled on to Perl, Regular Expressions and the Win32::OLE module; I was hooked. About a year later I had the chance to work at a mostly Perl shop (at the tail end of the dotcom boom) and I was exposed to Unix systems, thats when things got interesting for me. Read on →

I’ve heard the name SXIP (pronounced ‘skip’) mentioned on a couple of different privacy forums (and in the Web2.0 coverage) and decided to have a closer look at what it provides. The short version, I promise!, is that SXIP wants to be a single sign-on provider and help with filling out forms based upon your chosen persona. For the longer version of the who, what and how I’d suggest first listening to the IT Conversations SXIP show and then spending five minutes with the SXIP Demo. Read on →

Heres the shell of an idea I’ve been mulling over recently, we all know that compilers on server are bad don’t we? The common wisdom (and this is often disputed by people who use source based systems) is that people shouldn’t be compiling up new versions of software on the production servers. By omitting the compiler suite and required header files you force compilation to occur elsewhere. The second reason, and I’m not so sure about how current this is, is that you deny an attacker an easy way of hiding their tracks. Read on →

I’ve added a short Perl script called linksinfo to the miniprojects page. When invoked with an absolute URL it will parse through the HTML and pull out links. The text in each href tag will then be displayed. If you use a ‘-l’ then it will also display the target of the link. Why?: This is the first of a couple of scripts I’m writing to help maintain certain meta-data about a website I’m responsible for. Read on →

I dislike most modern music (I’m 24 and I’m turning into my grandfather!) but a couple of songs from The Streets last album were good so I decided to give their second a chance; very wise choice. The songs themselves cover a pretty diverse area, from the upbeat backing of “Fit but you know it” to the down trodden lyrics of “Dry Your Eyes” the CD contains a number of little gems. Read on →

For one of the projects I’m working on I needed to see which type of ads Google would choose to bestow on certain pages. A co-worker pointed me at Try Before You Sell at the (unofficial) Google Weblog. While this is quite handy (and easy to use in a bookmarklet) I did find it a little cumbersome. So filled with the drive of an early morning and bacon sandwiches I decided to put together a right click extension for IE. Read on →