Archive for the ‘Uncategorized’ Category

Newer Entries »

Detecting the back (or refresh) button click

Saturday, July 11th, 2009

While developing a web app, I came across an interesting problem: I had a page which had a button to perform an action. If the button is clicked, the action request is sent to the server side script and redirected back to the same page but with a message displayed on the top of the page (ie Your post has been submitted).

If you then navigate to another page but click back, you would see the same page with the same message popping up. I want to detect that we’re clicking back so we will hide the message. There are plenty of solutions in google, but a lot of them involved setting a cookie (what if cookies are disabled), or a server side script detecting referer (what if page is still cached?), or using time by detecting if the server page load time and the current time differs by a large amount (what if client time is wrong?). Without an ideal solution, I set about finding a new solution. Surely it can’t be hard to detect that we’ve already been in that same page. If only there was a way to save a flag just for that page and for the duration of the page session. I tried modifying the DOM, but that gets reverted when you click back. The onload event also get called again, so you can’t use that to differentiate.

I then remembered that at least on recent browsers, there exists a functionality in forms that retained form field information if you clicked back – very handy if you’re submitting a post and the connection died, you can just click back and your long winded post would be intact.

Solution – Use a hidden form field to detect that we’ve been on this page before

Building on this idea, it’s possible to temporarily store a flag on a hidden form field that says, yep I’ve been on this page before. Here is a code snippet:

<html>
<body>
Try
<a href="http://www.google.com/">jumping to another page</a>
</body>

<script>

document.write("<form style='display: none'><input name='__detectback' id='__detectback' value=''></form>");

function checkPageBackOrRefresh(load_id) {
if (document.getElementById('__detectback').value == load_id) {
return true;
} else {
document.getElementById('__detectback').value = load_id;
return false;
}
}

window.onload = function() {
if (checkPageBackOrRefresh('tt'))
alert('You clicked back or refreshed the page');
}

</script>

</html>

Unfortunately, this solution does not work in some browsers where “fast back” (ie, fbcache in firefox) is enabled, as the fast back stores the scripting state so a onload does not trigger again.

The script should work fine with IE7 and IE8. With Firefox, it only works on certain pages. These pages seems to be pages that link to heavy javascripts (ie jquery?).

With fbcache enabled browsers, a possible solution would be to hide the message at the event onbeforeunload so it will not appear even when clicking back.

Tags: ,
Posted in Uncategorized | No Comments »

Pondering per user accounting in Linux

Saturday, July 11th, 2009

I’ve been researching for the better part of the day on what the best method to account for bandwidth (and cpu/memory) used by a particular user is. This is useful if you run a hosting business and give out shell access. At first I was looking for a way to meter SSH. There seems to be an old patch for it, but as I continued reading, a old mailing from a mailing list pointed out that there are heaps of ways to generate traffic when you have a shell account (ie wget). In fact you don’t even need shell access – any scripting language that could download will consume bandwidth that may not be accounted for.

So this began my quest to find the best solution to per user accounting in linux. The basic concept is that since the bandwidth consumption is triggered by a process, and owned by a specific user, we should be able to trace traffic to a user and record as such. The advantage is even greater if you run peruser mpm apache or suexec’d php.

I began looking at netfilter/iptables, which had a match -m owner uid. This works only on the OUTPUT chain and will tell you who sent the packet, but unfortunately doesn’t tell you who a packet was destined for.

iptables has a connection tracking feature, that tracks active connections, allowing for stateful packet inspection. If you have the kernel feature enabled, it will also count the traffic numbers, which you can then view in /proc/net/ip_conntrack (or /proc/net/nf_conntrack for newer installations). Using that, and cross referencing it with the netstat -anp and process table will give you an idea of which user owns the connection. This is assuming of course that the process doesn’t setuid to change users.

But then, how are we going to collect all the data? Polling would be extremely slow and tedious and you might miss short lived connections. It seems that using libnetfilter_conntrack, you can subscribe to an event that notifies when connection states have changed (CONFIG_IP_NF_CONNTRACK_EVENTS). Using that, you can record when connections are opened and when they are closed as they happen.

What about processes? Processing accounting can be easily taken care of by the unix acct tools, which monitors processes as they are created and destroyed, provided you have the correct kernel options enabled. But what if you don’t have this option, ie on a VPS – Is there an alternative? The answer is yes, but ugly. You might remember that process information can be access via /proc. What if I set inotify, the file system change mechanism to tell me when /proc has changed? Somebody already thought of this and found it didn’t work quite as expected. The reason for this was mentioned in the linked thread, but the responders did give a good alternative – using ptrace ().

The ptrace command is a powerful unix system call that can manipulate processes it has attached to. It is what the debugger gdb uses to debug running applications. Using the ptrace function, you can set an option to notify the controlling process via SIGTRAP that the ptrace’d process has terminated, or forked/execed. Using this, you can potentially hook into every process and closely monitor their lifecycle. The downside is that you cannot have two ptrace active on the same process, which means application like gdb will fail if your monitoring system is active. Since ptrace is primarily used for debugging, it may also degrade performance of application it has been attached to. So the bottom line is that it looks like it is too extravagant and thus the wrong way to go for implementing a process accounting/monitoring system.

Looks like my quest to find a viable way of accounting per user accounting has so far eluded me. Perhaps the old ways of individual accounting in every application service – apache/ftp/imap/smtp is here to stay.

Tags:
Posted in Uncategorized | 2 Comments »

Why is my {mysql, htpassswd, getpass} prompts not showing?

Sunday, June 21st, 2009

I had problem on a VM running linux of password prompts not showing. What would happen is that the mysql command would just say wrong password without prompting even if I added the -p switch. Furthermore, the less command and man pages were broken as well! As a programmer I set out to narrow down the scope of the problem via looking a source code. I traced down the offending function as getpass(). Having searched every where on the web, I finally came across a reference telling the tty might be broken and to run:

mknod /dev/tty c 5 0

That immediately fixed it! device nodes are a bit of mystery to me, tty’s more so. One day I’ll understand it thoroughly.

Posted in Uncategorized | No Comments »

Stinger Root Certificate for Windows Mobile

Sunday, June 7th, 2009

What’s a ‘Stinger Root Certificate’? I’m not really sure, but it’s the certificate that Microsoft uses to sign a number of software components that they release for Windows CE and mobile devices, for example, the Application Verifier for Windows CE and Windows Mobile 5.0 or MSMQ. The certificate is installed part of the Windows Mobile 5 emulator image, but on phones, like the HTC diamond, they aren’t installed. Hence running the Application Verifier, because it needs to load the Stinger signed kernel module, Shim Engine (shimeng.dll), it would not work on the HTC as it doesn’t have the certificate “Stinger Root Certificate” installed.

You can actually see the certificates installed by connecting your mobile device and in Visual Studio (2008), going to Tools > Device Security Manager. There was the old Security Configuration Manager which I tried but crashed on me on start up, so don’t use that. In it you can see all the certificates installed and you can also change your device security level.

Anyway, I wanted to install the root certificate but I could not find it distributed anywhere on the internet. In the end, using the Device Security Manager I managed to extract it out of the emulator ROM, by copy and pasting the certificate base64 value. After that was just a matter of building a cab install package and defining the certificate installation in setup XML.

The result is available here

Tags:
Posted in Uncategorized | 1 Comment »

Why is my cron not sending emails?

Friday, June 5th, 2009

I’ve been getting a strange problem where my cron daemon (dcron in this case) was not sending emails of scheduled tasks output. Searching google yielded no useful or relevant result. Turns out in my case, I was missing the symlink /usr/lib/sendmail to my exim installation, as complained in my cron.log

Problem solved.

Posted in Uncategorized | No Comments »

Don’t ever put CNAME on the root domain (esp. if you want MX to work)

Tuesday, March 31st, 2009

I was changing name servers for one of my domains. When testing the mail setup, I kept getting mail sent to the web server rather than the mail server. It turns out that if the mail server can’t find mx records, it falls back to A (or CNAME) records. So why was the mail server falling back to using the A/CNAME record when I had a perfectly good MX record assigned to the domain? After many hours of debugging and comparing working domain with non-working ones, the only difference I found was that I has a CNAME for the domain eg.

domain.com. 3600 IN CNAME www.domain.com

Turns out that if you have a CNAME for the domain, it redirects the lookup not just for A but for every record. So from dig, it looks fine if you query the authorative name servers directly – you see the mx and cname record – but it falls flat when queried on the recursive nameserver. Indeed after looking at RFC 1034, it states that “If a CNAME RR is present at a node, no other data should be present”. So setting the CNAME on the domain also consequently redirected requests for NS and SOA records, which made the domain quite invalid, although the subdomain records still resolved. Bottom line, don’t ever put CNAME on the root domain.

I was trying to be smart and save on retyping the IP by using CNAME… but turns out I was too smart.

Tags: , , ,
Posted in Uncategorized | No Comments »

How to use the WAN port on WRT54G or WRT610n as a LAN port

Thursday, January 1st, 2009

I have a WRT54G at home but I don’t use its routing capabilities, only wireless and LAN. There are only 5 ports on the device and one is dedicated as the WAN port. I want to turn the WAN port into a LAN port so I can make use of all 5 ports. How do you do it? As long as you have shell access (obtained by telnet on custom firmwares like dd-wrt or openwrt), just type in these commands:

For WRT-54G

nvram set vlan0ports="0 1 2 3 4 5*"
nvram set vlan1ports="5"
nvram commit

For WRT-610N:

nvram set vlan1ports="0 1 2 3 4 8*"
nvram set vlan2ports="8"
nvram commit

Then reboot the router. What we’re doing is assigning the (former) WAN port (0) to the LAN vlan, instead of the WAN vlan.

Tags: ,
Posted in Uncategorized | No Comments »

The longest and shortest days of the year

Tuesday, October 23rd, 2007

You would think everyday of the year has twenty-four hours right? That’s what I thought while writing a typical function to calculate the time difference between two dates. As I found out, especially in this time of year, this is a horribly flawed assumption. In a lot of timezones, one day of the year has 23 hours while another day has 25 hours. Some of you might have gathered by now that I’m talking about Daylight Saving Time. The marvellous invention, epitome of temporal manipulation that makes it so that this Sunday, there would be only be one hour between 1AM and 3AM. In summary, 3-1 = 1. Those of you on northern hemisphere will find that you will experience 2AM twice.

Once upon a time, I used to a backup cron job that runs on 2AM. 2AM seems to be a nice time as everyone is asleep so that the server could use the spare processing power for the menial task. In one day of the year it ran twice. In one day of the year it never ran. Now all my backups run at 4AM.

As a programmer, I hate DST.

Posted in Uncategorized | No Comments »

Newer Entries »