Thoughts about coding and books

PHP locale not working in Ubuntu

I was working with Laravel 4 and trying to format Carbon object dates according to locale. However App::setLocale(‘et_EE’) did not have any effect. Going lower level and setting setlocale(LC_ALL, ‘et_EE’) did not change locale either. Carbon uses under formatLocalized method PHP strftime so issue relates to this also. Some have suggested to use utf8_encode(strftime(“%A, %d deRead more about PHP locale not working in Ubuntu[…]

How to download ca certificate chain

It might happen that some machine has missing CA chain certificates and you get error OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Unable to establish SSL connection. If accessing the specific URL in browser works without warning then you can export and download CA certificate chain In Firefox right-click > View Page Info > Security >Read more about How to download ca certificate chain[…]

Application code deployment from SVN with fast and simple rollback

Most important thing in every new release is the rollback procedure. Once you discover issues in new version then you need to be able to swithc back to previous version until you work on a fix. I have developed shell script to handle the automated deployment process and which allows quick and simple rollbacks if there are no database changes that dont allow easy rollback. Main idea is to

  • download code from SVN, GIT or similar
  • copy all code to new folder
  • replace all configuration with environment related conf
  • use symlink to switch between code versions

Here is example script that handles the automated deployment for you  Read more about Application code deployment from SVN with fast and simple rollback

Access virtualbox shared folders from Ubuntu and fix ruined ubuntu installation.

If you are running Ubuntu virtualbox guest then you cannot access the shared folder under /media/shared with regular user. However you can fix this by adding your user to vboxsf additional group.

Important! make sure you append the additional group so that other groups are not removed! Run te command below as exactly as seen and replace you username. If the permission is not applied immediately then reboot.

usermod -a -G vboxsf username

In case you forgot flag -a then it is bad but not hopeless 🙂 Read more about Access virtualbox shared folders from Ubuntu and fix ruined ubuntu installation.

Recover virtualbox guest from failing snapshot

When making snapshot of running virtualmachine guest the process got stuck and left below traces in logfile. I had to kill hte snapshot process and reboot machine to continue.

vboxmanage snapshot mymachine take initial
00:00:14.576 PCNet#0: The link is back up again after the restore.
00:03:47.980 Changing the VM state from 'RUNNING' to 'RUNNING_LS'.
00:03:48.014 
00:03:48.014 !!R0-Assertion Failed!!
00:03:48.014 Expression: <NULL>
00:03:48.014 Location  : /build/buildd/virtualbox-4.1.12-dfsg/src/VBox/VMM/VMMAll/PGMAllBth.h(1458) void pgmR0BthEPTProtSyncPageWorkerTrackDeref(PVMCPU, PPGMPOOLPAGE, RTHCPHYS, uint16_t, RTGCPHYS)
00:03:48.014 HCPhys=00000000d5a37000 wasn't found!

After  reboot i see:

# vboxmanage list vms
"<inaccessible>" {d1d42d8a-38ed-4d6d-95a1-356d2896ff26}

Read more about Recover virtualbox guest from failing snapshot

sh: 2: Syntax error: newline unexpected

Error happened when running perl script on Ubuntu machine after coping it from another. Issue must have been caused by different encodings and was resolved by removing newline in the middle of the command.         # Monthly Backup         system(“$MYSQLDUMP –user=$DB_USER –password=’$DB_PASS’ $db_name > $BACKUP_DIR/$db/${db}_monthly_$datestamp.sql”); Changed to         # Monthly Backup system(“$MYSQLDUMP –user=$DB_USER –password=’$DB_PASS’ $db_nameRead more about sh: 2: Syntax error: newline unexpected[…]

Observations of Roboo usability and effectiveness agains DDOS

Before taking Roboo into use for protection against DDOS it is needed to take a look into cons and pros of it.

Firstly nothing comes without drawbacks and sideeffects. Here are some that you need to consider.

  • Searchengine crawlers have trouble indexing site. You never want that.
  • Webservice clients have issues. Api calls might breaks and SVN server over https does not work well.
  • Developers http://www.ecl-labs.org website by itself is not using the Roboo.

Good whitelisting plan must be developed to combat valid non-browser interactions.

I did some quick bruteforce analysis of performance  with 3 virtualmachines on vmware. Target was simple vulnerable web application WackoPicko used to test web application vulnerability scanners 1 core 1GB RAM. Roboo machine was ubuntu server 1 core, 1GB RAM. Third was more powerful server where httperf was run. All of these machines were run inside one physical server on vmware ESXi.

Here are the testing results: Read more about Observations of Roboo usability and effectiveness agains DDOS

Install Roboo to Ubuntu for DDOS protection.

I was fortunate enough to take part in Black Hat 2011 EU where was first public presentation of Roboo the HTTP mitigator http://www.ecl-labs.org/2011/03/17/roboo-http-mitigator.html. What is less fortunate is that it can be a pain to install, mostly because of dependency on perl modules. I have tried it a few times and present my experience in here.

Get yourself roboo which comes as a nginx module written in perl. Also get nginx example configuration. Newest versions are available in github https://github.com/yuri-gushin/Roboo. Place these files to those locations

/etc/nginx/nginx.conf
/opt/local/share/nginx/Roboo.pm
To avoid problem below modify first line of nginx.conf and change user nobody to www-data for example:
Starting nginx: [emerg]: getgrnam("nobody") failed in /etc/nginx/nginx.conf:1
configuration file /etc/nginx/nginx.conf test failed

It is tempting to install nginx from reposotory but you will get error.

Starting nginx: [emerg]: unknown directive "perl_modules" in /etc/nginx/nginx.conf:10
configuration file /etc/nginx/nginx.conf test failed

Read more about Install Roboo to Ubuntu for DDOS protection.