Whenever you need to test the MySQL database connectivity from a website or server, it’s handy to have various test scripts nearby. Whether it is because you are setting up a new website or you have just installed a new server and are running your tests. Nowadays, many websites depend on a MySQL or MariaDB database because CMS systems like WordPress, Joomla and Drupal are so popular, and Umbraco too. You want your webserver to connect to MySQL fast and properly
23 May 2014
How to hide file extensions, such as .php or .asp, with URL Rewrite.
Sometimes it’s important to hide the file extension of scripts you use. Security by obscurity might be one of those reasons, if you don’t want others to know what script language you are using. Or you just want to hide the file extension for no apparent reason. In this example, we hide the
.php extension using the IIS URL Rewrite module, in a ready to use rule example.
While investigating SMTP authentication issues, over an Transport Layer Security (TLS) encrypted connection, it’s always handy if you are able to test the SMTP authentication and StartTLS connection from the command line. SMTP Authentication, often abbreviated SMTP AUTH, is an extension of the Simple Mail Transfer Protocol whereby an SMTP client may log in using an authentication mechanism chosen among those supported by the SMTP server.
Most problems come forth from the fact that either the username and password log in combination is wrong, or the server doesn’t support StartTLS or the authentication mechanism used. Here, we address and verify them all. Being able to verify (Start)TLS encrypted connections and SMTP AUTH options is ideal for when you’re having problems with website forms (scripts) that send emails from a website using authenticated SMTP over an TLS encrypted connection.
On StrongLoop we find an interesting article on scaling Node.js with proxies and clusters:
Node apps essentially run single-threaded, even though file and network events could leverage multiple threads. This architecture thereby binds the performance of each application instance/process to one logical CPU core that the thread it’s attached to. To a J2EE architect like me, this highlights immaturity in Node as an enterprise ready technology. Application servers like JBoss or Weblogic already solved this 10 years back using server core multi-threading and parallelism. Little did I realize that context switching between threads ate up my memory and I still had a blocking IO problem.
In a way, discovering the lack of threading prepares the Node developer to write scalable asynchronous code and use libraries like web-sockets from the get-go rather than worry about scalability later in the application life cycle. But this code optimization is still capped to the scaling limits of a single CPU core. So, how is production scaling achieved in the Node world today?
16 May 2014
Brandon Cannadya – the CTO of Modulus, a Node.js application hosting platform – wrote an absolute beginner’s guide to node.js.
There’s no shortage of Node.js tutorials out there, but most of them cover specific use cases or topics that only apply when you’ve already got Node up and running. I see comments every once and awhile that sound something like, “I’ve downloaded Node, now what?” This tutorial answers that question and explains how to get started from the very beginning.
What is Node.js?
A lot of the confusion for newcomers to Node is misunderstanding exactly what it is. The description on nodejs.org definitely doesn’t help.
Read on at An Absolute Beginner’s Guide To Node.js
13 May 2014
Saotn.org uses IIS Outbound Rewrite Rules to offload content from a different server and/or host name. This should improve website performance. Just recently I noticed these Outbound Rules confliced with compressed (gzip) content. I started noticing HTTP 500 errors with the error message:
Outbound rewrite rules cannot be applied when the content of the HTTP response is encoded (“gzip”).
09 May 2014
Gary Pendergast writes on Make WordPress Core:
In WordPress 3.9, we added an extra layer to WPDB, causing it to switch to using the mysqli PHP library, when using PHP 5.5 or higher.
For plugin developers, this means that you absolutely shouldn’t be using PHP’s mysql_*() functions any more – you can use the equivalent WPDB functions instead.
04 May 2014
This evening, after tweeting about preventing cross site scripting vulnerabilities, I received a reply from Olivier Beg. His reply to my tweet contained an image, as you can see below. He alerted me that Saotn.org was vulnerable to a DOM based XSS vulnerability, hidden in prettyPhoto used by my WordPress theme. Whoops!
04 May 2014
Maximiliano Curia posted a call for help from the KDE team to the debian-devel mailinglist:
For quite a while now the KDE team has been severely understaffed. We maintain
a lot of packages, with many different kinds of bugs, but we don’t have enough
people to do all the work that needs to be done. We have tools that help us
automate the update to new upstream releases, but that’s just the tip of the
iceberg of our work and so we are writing to invite more people to get
involved in the team and help us get KDE software in Debian into better shape.
Some of the tasks that we need help with are:
Read the entire post at lists.debian.org:
Subject: Call for help from KDE Team.
02 May 2014
This probably isn’t a big issue, but today I noticed a slow MySQL query coming from a WordPress database (wp_options table). This made my decide to investigate and optimize the WordPress wp_options autoload feature. The autoload feature loads and caches all autoloaded options, if available or all options. The default option is to autoload, and over time when the wp_options table grows and becomes big, this might drain performance (a bit).
Microsoft released a fix for the recently discovered remote code execution vulnerability in Internet Explorer. This remote code execution vulnerability affects all Internet Explorer versions from IE 6 through IE 11. The security update is also known as KB2964358 and Microsoft also published Security Bulletin MS14-021.
It surprised me the update was marked as Important in Windows Update, not critical.