Posts

Showing posts from February, 2011

Simple PHP DoS/brute-force throttling

I previously posted a PHP function for throttling the number of login attempts a user is allowed to make in any specific amount of time. So for example, if a user trying to login gets the password wrong 5 times in a row, s/he is not allowed to make another attempt for another 5 minutes. This is a pretty common feature with many forums/blogs and other online systems.

The function can be easily generalized to protect any page against concurrent requests, not just logins. This can come in handy if you have a particular report, for example, that uses a lot of memory or processing power to run. A malicious user could keep hitting this page to bring your server down. Passing the user request through a simple check to throttle the requests/minute/page can protect against a Denial of Service attack or brute-force login crack.

Just download the following static class, include it in your scripts, and call the throttleResource() method as described in the inline comments:

<?php class Security…

Home backup strategy

I've been trying to think of a good backup strategy for personal home use. The criteria is:

Must be able to support large volumes of data (500GB+).Must provide at least 1 level of hardware redundancy.Must be fairly easy to use and maintain, even for non IT professionals.Must be fairly fast to use.Must be as cheap as possible.Must be fire/flood/theft proof.Must provide data security in case it falls in wrong hands.A few solutions I thought of are:
1. Buy a NAS with say two 2TB drives connected in a RAID 1 configuration. This will support large volumes of data, caters for unexpected HDD failure, and is fairly easy to use. The main problem with this is both HDDs are in the same box, so if there's a power surge, or someone drops the box, or the dog chews on the power cable etc, chances are both disks will die at the same time, so it only offers partial hardware redundancy (unexpected mechanical failure of HDD that's not caused by any external factors). There's also no protec…

Windows Live Essentials 2011 pushed as Important Update

I've recently started getting Windows Update nags on some of my machines to install some new important updates. One of these is Windows Live Essentials 2011. This is a package containing all the Microsoft cloud/social/bloat tools, things like MSN (Live Messenger or whatever it's called now), Movie Maker, Outlook Express (Live Mail?), Gallery and some other stuff.

I have no interest in these things and don't want to install them, but I keep getting nagged as it's flagged as Important. I think this happens when you have a previous version of anything to do with the Live tools installed on your system, otherwise it would be flagged as a Recommended update, which doesn't come with nags.

Anyway, if you're like me and you don't want this update, just click to review updates, untick it, right-click it and click Hide. This way it won't show up anymore, and no more annoying reminders every few hours :-)

Deleting .svn metadata in Windows 7

Q) What's the simplest way to delete all .svn metadata from a folder tree in Windows 7?
A) Go to Windows Explorer, navigate to the root of your folder tree, type ".svn kind:=folder" in the search box and delete all results. Choose to skip any missing files when prompted (when a parent .svn folder is deleted, so are the children, but the search tool still tries to delete the children individually).

Beware of Amazon EC2 Micro Instances

Amazon EC2 is a Virtual Service Provider. After signing up for an EC2 account, you can create various instances with different memory and processing resources. The smallest of these is a Micro-Instance, which offers 613MB or RAM and 2 ECUs (for short periodic bursts).

Additionally, if you're a new Amazon AWS customer, a micro-instance is free to run for a whole year, which basically means free VPS! Otherwise, a micro-instance costs roughly $15 a month for 24/7 uptime. This seems like a sweet deal, especially when you consider their Small Instance, which is 1.7GB of RAM but only 1 ECU.

However, the catch with the micro is 2 ECUs for short periodic bursts. What this translates to in real life is that a micro-instance will run fairly fast for 2 or 3 seconds, then slow down to an absolute crawl for 15 to 20 seconds or more. I tried running a personal photo web-site which did some re-sampling manipulations. The first one or two re-samples would be fast, followed by pain. I also compile…

Batch Encoding Streaming Videos with HandBrake

HandBrake is a free open-source tool for encoding video files to x264/mp4, perfect for FLV or HTML5 streaming playback over the internet. The GUI interface let's you use a predefined encoding profile, or tweak each setting individually. This is fairly easy-to-use and after a bit of trial-and-error you should find a configuration that works best for your needs.

If you have a lot of videos to convert though, you need to add them to the GUI interface one-by-one, tweak some settings for each (like the size, which doesn't get carried over when adding a new video), and add them to the queue. Then click encode on the queue window. This is fairly tedious and time-consuming, especially when you have say 50 videos or more, scattered in different directories.

Thankfully though, HandBrake has good command line support, so it's possible to do all this with a single command. The trick is to first use the GUI to experiment and find the best configuration settings for your needs (compromi…