Ryan Byrd's Tech Ramblings

Maybe you have a ton of SSL certs you’ve purchased from different vendors and you’d like warning when they’ll expire.

http://prefetch.net/articles/checkcertificate.html has a free bash script that will check the certs for you and notify you when you need to renew.

first, run this to get the list of SSL sites on your apache2 server:

grep 443 /etc/apache2/sites-enabled/*.conf |grep ServerName|awk '{print $3 }'|uniq|perl -p -e 's/:/ /g'|sort|perl -p -e 's/\r//g'>currentssls.txt

then run the script to check each of those sites (as listed in the currentssls.txt file)

# ./ssl-cert-check -f currentssls.txt|sort -nk6|sed '/^$/d'|sed 1d
Host                                            Status       Expires      Days
www.example1.com:443                        Valid        Apr 16 2010  38
www.example2.com:443                          Valid        May 10 2010  62
www.example3.com:443                        Valid        May 14 2010  66

and now let’s add it to cron, instructing the script to send out an email 30 days before expiration:

# crontab -l
10 10 * * *  grep 443 /etc/apache2/sites-enabled/*.conf |grep ServerName|awk '{print $3 }'|uniq|perl -p -e 's/:/ /g'|sort|perl -p -e 's/\r//g'>currentssls.txt
30 10 * * * ~/ssl-cert-check -a -f ~/currentssls.txt -q -x 30 -e you@example.com

maybe you want to make all HTTP requests we rewritten to HTTPS. Here’s how:

   RewriteEngine On
   RewriteCond %{HTTPS} !on
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Maybe you want your Mac, Windows and Linux users to be able to access/write to a shared environment. Maybe you want to use WebDAV instead of a samba/NFS share.* How do you do that? Maybe you’d also like to authenticate against your Active Directory server. Here’s an Apache configuration that works:

<VirtualHost *:80>
        ServerName example.com
        DocumentRoot /srv/webadmin.example.com/media
        DAVLockDB /var/lock/apache2/DAVLock
        <Directory /srv/webadmin.example.com/media >
         RewriteEngine off
        </Directory>
        <Location "/">
                DAV On
                AuthType Basic
                AuthName "Basic Research Media Server"
                AuthBasicProvider ldap
                AuthzLDAPAuthoritative off
                AuthLDAPUrl "ldap://SERVER:389/ou=YOUR_OU,dc=EXAMPLE,dc=COM?sAMAccountName?sub?(objectClass=*)" NONE
                AuthLDAPBindDN "CN=LDAPQuery,DC=EXAMPLE,DC=COM"
                AuthLDAPBindPassword YOURPASSWORD
                Require ldap-user YOURUSER1 YOURUSER2
        </Location>
</VirtualHost>

note: Windows 7 has buggy WebDAV implementation, but you can use third party webDAVE software (AnyClient, for example) to bypass this.

* unlike NFS and SMB, you can easily access a WebDAV share over the Internet. And it’s faster in some cases.

Let’s say you have an eCommerce site and you process a lot of credit cards through a merchant account. Let’s say you ship stuff right away, as long as the transaction is approved. If someone steals credit card numbers uses them to buy stuff on your site, the charges will likely be reversed (chargeback) and you will be left without payment or goods! Consumers often don’t identify fraudulent charges on their statements right away, so you would already have shipped the goods out. How can you detect fraud BEFORE shipping?

The methods outlined below are especially relevant for offers of affiliate programs which pay people for delivering signups (of credit cards, etc.) Seeding legitimate traffic with stolen cards is a common trick.

When you buy stolen credit cards they come with the card #, the CCV2, the home address and first and last name. What they don’t come with is the user’s email address. Checking the email address for humanness is the first trick in our fraud detection scheme. Let me back up. What we’re doing is assigning a fraud rating level to an affiliate based on a weighted sum of a number of indicators.
First, back to the email address: we’re interested in the humanness of it (two easy tests: vowel to consonant ratio and presence of first and last name in the email). Since we’re dealing with a stream of orders from a particular affiliate, we can also get an average Levenstein distance among all the email addresses. Another easy one with the order stream is to record standard deviation of the transaction times. If the standard deviation is zero, or nearly so (accounting for network variations), it’s very likely a script is automating the orders.

PCI compliance issues means that many merchants just pass the credit card # along to the merchant account without recording it. Storing a SHA1 hash is a good idea, as you can begin to keep ratings on particular cards. You’ll also want to keep a Bayesian-type rating on the ip address as well. Fraudsters might well reuse IP blocks for their nefarious deeds. Maxmind provides a fraud lookup server for IP addresses.

What else? With a geo-ip database, you can get the latitude and longitude of the ip address. you can then calculate the distance between that point and the address on the card. If they are too far apart, say 100 miles, that would be a good indicator.

With some email providers, you can use the SMTP protocol to check to see if a username is valid on the system by half authenticating. This doesn’t work on many of the bigger email providers, however.

Here is some further reading for you:

• http://www.wiscocomputing.com/articles/ccfraud.htm
• http://www.dinkla.net/fraud/
• http://www.kdnuggets.com/solutions/fraud-detection.html

Steve Jobs launched the iPad yesterday. It’s basically a bloated iPhone, without a phone or a camera. Without belaboring the point, the name, iPad, has to be one of the WORST in history. Really, Apple? Really? Will the next bigger iPad be the MaxiPad?

Once again, the only apps you can run on the iPad (like the iTouch and iPhone) are those from the Apple Store. This is a SERIOUS limitation. FSF’s Holmes Wilson said it best yesterday, “This is a huge step backward in the history of computing. If the first personal computers required permission from the manufacturer for each new program or new feature, the history of computing would be as dismally totalitarian as the milieu in Apple’s famous Super Bowl ad.”

I don’t have to mention that they decided to not include Flash support again. Arghhh…
Go directly to Jail – do not pass Go, do not collect $200

A new study analyzing breached passwords (from a Dec ‘09 attack) concludes nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on).

the most commonly used passwords:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

The rockyou password is probably unique to the site where these passwords came from, rockyou.com. The others might be over simplistic because the site made you register and so people put in stupid passwords just to get past the registration. It’s unlikely, to me, that the same people would choose abc123 for their bank password.

here’s the pdf report

In mathematics, the factorial of a positive integer n,[1] denoted by n!, is the product of all positive integers less than or equal to n. For example,

5! = 1 x 2 x 3 x 4 x 5 = 120

here is some pseudo code for iterative and recursive factorial code:

function factorial( input )
{
    j=1;
    for (i=1; i<=input; i++)
    { j=j*i; }
    return j;
}

function factorial( input )
{
    if ( input <= 1 )
        return 1;
    else
        return  input * factorial( input -1 );
}

What does the following bash command do:

kill -9 `ps ax|head -\`echo "$RANDOM % \\\`ps ax|cut -f 1  -d " "|wc -l\\\`"|bc\`|tail -1|cut -f 1 -d " "`

And yes, it is a great party game for you and your nerd friends! Thx, MJP!

• Estimate how much money you think Google makes daily from Gmail ads
• Nike and Apple are working together to make a shoe with a chip in it that helps you run in time with your music. Tell me your own creative execution for an ad for that product.
• Say an advertiser makes $0.10 every time someone clicks on their ad. Only 20% of people who visit the site click on their ad. How many people need to visit the site for the advertiser to make $20?
• Estimate the number of students who are college seniors, attend four-year schools, and graduate with a job in the United States every year.
• How many golf balls can fit in a school bus?
• How much should you charge to wash all the windows in Seattle?
• In a country in which people only want boys every family continues to have children until they have a boy. If they have a girl, they have another child. If they have a boy, they stop. What is the proportion of boys to girls in the country?
• How many piano tuners are there in the entire world?
• Design an evacuation plan for San Francisco
• How many times a day does a clock’s hands overlap?
• A man pushed his car to a hotel and lost his fortune. What happened?
• You need to check that your friend, Bob, has your correct phone number but you cannot ask him directly. You must write the question on a card which and give it to Eve who will take the card to Bob and return the answer to you. What must you write on the card, besides the question, to ensure Bob can encode the message so that Eve cannot read your phone number?
• You’re the captain of a pirate ship and your crew gets to vote on how the gold is divided up. If fewer than half of the pirates agree with you, you die. How do you recommend apportioning the gold in such a way that you get a good share of the booty, but still survive?

src: http://www.businessinsider.com/answers-to-15-google-interview-questions-that-will-make-you-feel-stupid-2009-11#how-many-golf-balls-can-fit-in-a-school-bus-1

Maybe you made a cool app that allows people to text message you advice that gets shown on a BIG projection on a wall at your wedding reception. Maybe your friends can be dirty. Maybe your grandma is also coming to the wedding and you don’t want to offend her. Maybe then it’s time to filter out some of your friends’ inappropriate text messages:

( the database is loaded with words like this: http://www.bannedwordlist.com/lists/swearWords.txt )

function checkforbadwords($subject)
{
        $result=mysql_query("select badword from badwords");
        while($row=mysql_fetch_array($result))
        {
                $return[] = $row['badword'];
        }
        $pattern="/".implode('|',$return)."/";
        $subject = str_replace('!','I',$subject);
        $subject = str_replace('0','O',$subject);
        $subject = str_replace('3','E',$subject);
        $subject = str_replace('@','A',$subject);
        $subject = str_replace('+','T',$subject);
        $subject = str_replace('1','I',$subject);
        $subject = str_replace('5','S',$subject);
        $subject = str_replace('ooo','o',$subject);
        $subject = str_replace('uuu','u',$subject);
        $subject = str_replace('iii','i',$subject);
        $subject = str_replace('oooo','oo',$subject);
        $subject = str_replace('uuuu','u',$subject);
        $subject = str_replace('iiii','i',$subject);
 
        $subject = str_replace(array('-',' ','.','*','_','!','(',')','^','#','~','`','%','&','='),'',$subject);
        $subject= strtolower($subject);
        preg_match($pattern, $subject, $matches, PREG_OFFSET_CAPTURE, 3);
        if (count($matches)>0)
        {
                return 1;
        }
        return 0;
}