the echothis blog

In a previous post, I included steps to fix the PCRE problem in Cake 1.3.  After upgrading to CakePHP 2.0, I found that those steps on CentOS 5.4 aren’t sufficient to run Cake console scripts.  To fix it, here are the steps:

# yum remove pcre-devel
# Download the latest source (v8.21) from http://sourceforge.net/projects/pcre/files/pcre/ 
# ./configure --enable-utf8 --enable-unicode-properties --prefix=/usr/bin --exec-prefix=/usr/lib --libdir=/usr/lib 
# make clean && make install
 
# Run it again with the other libdir
# ./configure --enable-utf8 --enable-unicode-properties --prefix=/usr/bin --exec-prefix=/usr/lib --libdir=/usr/lib64
# make clean && make install

Then rebuild PHP.

After this you should be able to run Console scripts without errors.

Facebook Connect is great when it works, but like with any SAAS solution, if they go down, your site does too.

The latest bug is especially annoying, as it had previously arisen in December and was fixed by Facebook the following day.  The current incarnation is (as of now) still not fixed, 3 days later.  It manifests itself in people being unable to log out of websites that use Connect.

The root problem, as I see it, is that the “domain” for the fbsr_ cookie that Facebook sets on your domain, suddenly changed from “www.yourdomain.com” to “.www.yourdomain.com”, which the Facebook SDK is unable to remove.  I suspect the problem is in the Javascript SDK, which they host, but it may be in the PHP SDK for all I know.  But regardless, this is a bug on the Facebook platform that causes it.

To work around it, download the excellent cookies project from Google Code and reference it in your logout page. Then do this

    var fbsr_cookies = jaaulde.utils.cookies.filter(/fbsr_/);
    for (c in fbsr_cookies) {
        jaaulde.utils.cookies.del(c, { path: '/', domain: '.' + location.host });
    }

There are much shorter ways of coding this yourself using regexes, but this works.  I do hope they fix this soon, and prevent it from coming back in the future.

Alas, sometimes you get what you pay for, and Facebook is free.

… at least for the paid Yahoo Mail Plus users like me.  After spending several days trying in vain to download all my 35000 emails via POP3 to Outlook 2010, I was about to switch to Gmail permanently (since from Day 1 it has offered free IMAP, which is much more reliable and faster) when I stumbled across this link.  In particular, see the reply from 11/18/2010.  These settings worked like a charm for me:

Incoming:

imap.mail.yahoo.com

SSL: True

Port: 993

Outgoing:

smtp.mail.yahoo.com

SSL: False]

Port: 587

Outgoing server requires authentication:Checked

Use same settings as incoming server

I don’t know if it works for regular (free) Yahoo Mail accounts, or if it’s officially supported even, but I guess I will keep my paid account a little longer!

After setting up a new VPS to run this blog, among a few other sites, it only took a few minutes to get Wordpress running again.  That part was easy, but later on when I tried to auto-upgrade to the latest version, I was suddenly prompted for FTP credentials.  This is pretty odd, because:

1. I don’t want to run an FTP server for security reasons
2. The whole point of auto-updating is to download the new version from WordPress.com, not to upload anything.  So why would I need to have an FTP server on my end anyway?

It turns out that this situation results from a strange design decision by the WordPress folks.  As described here, you’ll get this prompt if:

1. The owner of the WordPress webroot is anything other than the webserver user (in my case, “apache”).  It is not enough to chmod 775, which would be expected, but you have to change the owner to apache.
2. If you haven’t done #1, you get the FTP login prompt without any explanation or instruction.

Now I understand the WordPress is often used in shared hosting environments so that was apparently the reasoning behind this, but IMO it’s a lot more dangerous to be running an FTP server than it is to simply make sure apache can write to the webroot.  Plus, requiring the owner to be apache is just weird.

The other day I got a rather important-looking email from Comcast saying they thought my PC had been infected with a bot. Now, being in the business, I am religious about keeping up to date on both Windows Update and my antivirus program (Norton Security is supplied by Comcast). So to be infected with a bot would be surprising and I wanted to get the details of why Comcast thought I had one. I had the following surreal experience with Comcast Customer Support.


analyst Carlo has entered room

CarloCQNT: Hello Rolf, Thank you for contacting Comcast Live Chat Support. My name is Carlo. Please give me one moment to review your information.

Rolf: My Issue: I am an IT professional. I have now received 2 emails from Comcast stating that my computer (or presumably one of the PC’s on my LAN) is infected with a “bot” – I want technical details of why you think that’s the case.

CarloCQNT: Hi.

CarloCQNT: I know that can certainly be frustrating. Let me try to pin point what the problem is and work on getting this fixed for you.

Rolf: I have checked each of the 4 PC’s on the network and all 4 are, of course, up to date with the latest Windows updates and Norton Security updates. So I want to know what is triggering these alerts.

CarloCQNT: Thank you for that information Rolf.

CarloCQNT: “For security purposes, may I please have the following: 1] Full name listed on the account 2] Service address 3] Account number”

Rolf: Rolf Kaiser, [my address], and I don’t have a clue what my account number is, but I got to this chat via logging in with my Comcast login so you should be able to find it.

CarloCQNT: Thank you for that information.

CarloCQNT: Would you mind waiting for 2 minutes so that I can do the research in my system and provide you with the appropriate information?

Rolf: ok

CarloCQNT: Thank you for patiently waiting.

CarloCQNT: Was the error been recurring?

Rolf: Did you even read the description? I have received 2 emails from you so far and need to know why.

CarloCQNT: Thank you for that information Rolf.

Rolf: Well?

CarloCQNT: I’m currently working on why there are emails sent to you about your security.

CarloCQNT: Please check the validity of your antivirus software.

CarloCQNT: I may give you the link for Norton Support Site, http://www.symantec.com/en/au/norton/support/index.jsp

Rolf: I already said that the Norton software, installed on each machine, is up to date! It was the second thing I said!

Rolf: Are you a human being?

CarloCQNT: I am Rolf, I’m verifying it.

CarloCQNT: Please manage your account about recieving spam mails, in Customer Central.

Rolf: This is NOT a spam issue. These mails, as I clearly said, come from Comcast, specifically, “Comcast Security Assurance”, csa-noreply@comcast.net. Surely you’re not considering these security alerts to be “spam”, are you?

CarloCQNT: Alright, thank you for that information.

CarloCQNT: Thank you for patiently waiting Rolf.

Rolf: I don’t have any more time for this. I will have to get on the phone and call customer support in the morning. For the record, this chat has been 100% useless.

CarloCQNT: The email may be an alert for your security software service availability, a protocol to keep your system secured.

Rolf: That is meaningless. Just tell me why I am getting this email. Am I running listeners on unusual ports? I am hosting high-traffic websites? (The answer to both is “no”). What is it that makes you think I am infected with a “bot”?

CarloCQNT: Have you checked for malwares in your system?

Rolf: I run scheduled full-system scans, as well as “on demand” scanning on all 4 PCs. So the chance of any of them having any undetected malware is minimal. Why won’t you answer my question – why do you think I have a bot? If you give me the technical details of the traffic you’re seeing, that would indicate this, then I can track it down!

CarloCQNT: Thank you for that information.

CarloCQNT: We cannot have access to your computer, only our internet connection.

Rolf: Of course I realize that – that’s why I said “give me the technical details of the traffic you’re seeing”. Are you sure you’re a human? Based on this conversation, I am pretty sure the only “bot” here is you.

CarloCQNT: I recommend you contact your computer technician for the problem.

Rolf: Good grief. Well, at least I know the apocalypse from the Terminator movies isn’t going to hit anytime soon. Skynet has a long way to go before we have to worry about it.

Rolf: By the way that was a joke. But you won’t get it since you’re a bot.

The whole thing took over an hour, due to the long delays between messages from “Carlo”, which leads me to the second conclusion that current bots are also too slow to take over the world.

Update 8/7: After leaving pretty pointed feedback during the post-chat survey, I got a call the next day from a real person at Comcast Support.  The person I spoke to was very professional and gave me the straight answers I was looking for – specifically she told me what bots they thought they were seeing traffic from (it was Conficker, which is a pretty old one so that was surprising), and what times they saw the traffic occurring.  I told her that if they just put that information in the alert email (or at a link off it), then their customers could have debugged it themselves.  She gave a rather lame answer to the effect that Comcast, as a policy, didn’t publicize that sort of information.  It’s not clear to me why any of that would be sensitive information though.

One other comment she made was that she didn’t think highly of Norton Security, which was provided by Comcast, for finding malware like bots.  She recommended Spyware Search and Destroy as it seemed more thorough, which I will check out.