# yum remove pcre-devel
# Download the latest source (v8.21) from http://sourceforge.net/projects/pcre/files/pcre/ 
# ./configure --enable-utf8 --enable-unicode-properties --prefix=/usr/bin --exec-prefix=/usr/lib --libdir=/usr/lib 
# make clean && make install
 
# Run it again with the other libdir
# ./configure --enable-utf8 --enable-unicode-properties --prefix=/usr/bin --exec-prefix=/usr/lib --libdir=/usr/lib64
# make clean && make install

Then rebuild PHP.

After this you should be able to run Console scripts without errors.

The latest bug is especially annoying, as it had previously arisen in December and was fixed by Facebook the following day.  The current incarnation is (as of now) still not fixed, 3 days later.  It manifests itself in people being unable to log out of websites that use Connect.

The root problem, as I see it, is that the “domain” for the fbsr_ cookie that Facebook sets on your domain, suddenly changed from “www.yourdomain.com” to “.www.yourdomain.com”, which the Facebook SDK is unable to remove.  I suspect the problem is in the Javascript SDK, which they host, but it may be in the PHP SDK for all I know.  But regardless, this is a bug on the Facebook platform that causes it.

To work around it, download the excellent cookies project from Google Code and reference it in your logout page. Then do this

    var fbsr_cookies = jaaulde.utils.cookies.filter(/fbsr_/);
    for (c in fbsr_cookies) {
        jaaulde.utils.cookies.del(c, { path: '/', domain: '.' + location.host });
    }

There are much shorter ways of coding this yourself using regexes, but this works.  I do hope they fix this soon, and prevent it from coming back in the future.

Alas, sometimes you get what you pay for, and Facebook is free.

Incoming:

imap.mail.yahoo.com

SSL: True

Port: 993

Outgoing:

smtp.mail.yahoo.com

SSL: False]

Port: 587

Outgoing server requires authentication:Checked

Use same settings as incoming server

I don’t know if it works for regular (free) Yahoo Mail accounts, or if it’s officially supported even, but I guess I will keep my paid account a little longer!

1. I don’t want to run an FTP server for security reasons
2. The whole point of auto-updating is to download the new version from WordPress.com, not to upload anything.  So why would I need to have an FTP server on my end anyway?

It turns out that this situation results from a strange design decision by the WordPress folks.  As described here, you’ll get this prompt if:

1. The owner of the WordPress webroot is anything other than the webserver user (in my case, “apache”).  It is not enough to chmod 775, which would be expected, but you have to change the owner to apache.
2. If you haven’t done #1, you get the FTP login prompt without any explanation or instruction.

Now I understand the WordPress is often used in shared hosting environments so that was apparently the reasoning behind this, but IMO it’s a lot more dangerous to be running an FTP server than it is to simply make sure apache can write to the webroot.  Plus, requiring the owner to be apache is just weird.


analyst Carlo has entered room

CarloCQNT: Hello Rolf, Thank you for contacting Comcast Live Chat Support. My name is Carlo. Please give me one moment to review your information.

Rolf: My Issue: I am an IT professional. I have now received 2 emails from Comcast stating that my computer (or presumably one of the PC’s on my LAN) is infected with a “bot” – I want technical details of why you think that’s the case.

CarloCQNT: Hi.

CarloCQNT: I know that can certainly be frustrating. Let me try to pin point what the problem is and work on getting this fixed for you.

Rolf: I have checked each of the 4 PC’s on the network and all 4 are, of course, up to date with the latest Windows updates and Norton Security updates. So I want to know what is triggering these alerts.

CarloCQNT: Thank you for that information Rolf.

CarloCQNT: “For security purposes, may I please have the following: 1] Full name listed on the account 2] Service address 3] Account number”

Rolf: Rolf Kaiser, [my address], and I don’t have a clue what my account number is, but I got to this chat via logging in with my Comcast login so you should be able to find it.

CarloCQNT: Thank you for that information.

CarloCQNT: Would you mind waiting for 2 minutes so that I can do the research in my system and provide you with the appropriate information?

Rolf: ok

CarloCQNT: Thank you for patiently waiting.

CarloCQNT: Was the error been recurring?

Rolf: Did you even read the description? I have received 2 emails from you so far and need to know why.

CarloCQNT: Thank you for that information Rolf.

Rolf: Well?

CarloCQNT: I’m currently working on why there are emails sent to you about your security.

CarloCQNT: Please check the validity of your antivirus software.

CarloCQNT: I may give you the link for Norton Support Site, http://www.symantec.com/en/au/norton/support/index.jsp

Rolf: I already said that the Norton software, installed on each machine, is up to date! It was the second thing I said!

Rolf: Are you a human being?

CarloCQNT: I am Rolf, I’m verifying it.

CarloCQNT: Please manage your account about recieving spam mails, in Customer Central.

Rolf: This is NOT a spam issue. These mails, as I clearly said, come from Comcast, specifically, “Comcast Security Assurance”, csa-noreply@comcast.net. Surely you’re not considering these security alerts to be “spam”, are you?

CarloCQNT: Alright, thank you for that information.

CarloCQNT: Thank you for patiently waiting Rolf.

Rolf: I don’t have any more time for this. I will have to get on the phone and call customer support in the morning. For the record, this chat has been 100% useless.

CarloCQNT: The email may be an alert for your security software service availability, a protocol to keep your system secured.

Rolf: That is meaningless. Just tell me why I am getting this email. Am I running listeners on unusual ports? I am hosting high-traffic websites? (The answer to both is “no”). What is it that makes you think I am infected with a “bot”?

CarloCQNT: Have you checked for malwares in your system?

Rolf: I run scheduled full-system scans, as well as “on demand” scanning on all 4 PCs. So the chance of any of them having any undetected malware is minimal. Why won’t you answer my question – why do you think I have a bot? If you give me the technical details of the traffic you’re seeing, that would indicate this, then I can track it down!

CarloCQNT: Thank you for that information.

CarloCQNT: We cannot have access to your computer, only our internet connection.

Rolf: Of course I realize that – that’s why I said “give me the technical details of the traffic you’re seeing”. Are you sure you’re a human? Based on this conversation, I am pretty sure the only “bot” here is you.

CarloCQNT: I recommend you contact your computer technician for the problem.

Rolf: Good grief. Well, at least I know the apocalypse from the Terminator movies isn’t going to hit anytime soon. Skynet has a long way to go before we have to worry about it.

Rolf: By the way that was a joke. But you won’t get it since you’re a bot.

The whole thing took over an hour, due to the long delays between messages from “Carlo”, which leads me to the second conclusion that current bots are also too slow to take over the world.

Update 8/7: After leaving pretty pointed feedback during the post-chat survey, I got a call the next day from a real person at Comcast Support.  The person I spoke to was very professional and gave me the straight answers I was looking for – specifically she told me what bots they thought they were seeing traffic from (it was Conficker, which is a pretty old one so that was surprising), and what times they saw the traffic occurring.  I told her that if they just put that information in the alert email (or at a link off it), then their customers could have debugged it themselves.  She gave a rather lame answer to the effect that Comcast, as a policy, didn’t publicize that sort of information.  It’s not clear to me why any of that would be sensitive information though.

One other comment she made was that she didn’t think highly of Norton Security, which was provided by Comcast, for finding malware like bots.  She recommended Spyware Search and Destroy as it seemed more thorough, which I will check out.

Pros:

1. The interface is pretty clean, but it’s a pain to make your own playlists (like it is with most jukeboxes).
2. They have an “instant mix” button which makes a playlist based on the song and seems to work well enough; can’t tell if it’s better than MongoMusic was (back in the day) or not.
3. It’s free (for now at least)
4. Supports unprotected WMA in addition to MP3 and M4A (neither Amazon Music, nor Apple iCloud support WMA)

Cons:

1. You have to upload your music (Apple got a license to do fingerprint matching which would be much faster). So far for me it looks like it will take more than a week, to do the 20K songs.
2. Website doesn’t really work on my iPad or iPhone. This is a touchscreen UI issue, not a technical one (since their web UI uses HTML5 not Flash), so this can get fixed when they want to.
3. I couldn’t get the Google Music app to work on my cheapo Android phone. Didn’t try to find out why, so this is probably user error.
4. It’s capped at 20K songs which is enough for most people (but not me).

So basically Google Music is going to be the best option (better than Apple or Amazon), with a little work on their end. I’d even pay an annual fee to use it, if they fix the points above.

So I manually hacked the RDF files for the v1.0.10 IDE and PHP formatter, to get up and running. You’ll need to unzip the attached file, then manually install each of the two XPI Add-on files by going to the Add-ons Manager and choosing “Install Add-on From File…” – click the button to the left of the search box to get the menu.

No ill effects I can tell, but use with caution. I assume this will be fixed in 1.0.11 in the coming weeks, but this should work in the meantime.

hacked_selenium_ide_and_php_xpis.zip

Fixing it was not difficult though, based on this blog post and these directions. Then rebuild PHP, bounce Apache, and you’re fixed.

Update 2/8/11: If you’re on 64-bit, change the RPM upgrade line to be

rpm -Uvh /usr/src/redhat/RPMS/x86_64/pcre-6.6-2.7.x86_64.rpm /usr/src/redhat/RPMS/x86_64/pcre-devel-6.6-2.7.x86_64.rpm

Update 1/30/2012: See updated instructions for CakePHP 2.0.

Eventually the solution was simple, just rename all instances of the FB class in the FirePHP code, to “FireBug”. I did this for the PHP5 version only, since I didn’t care about PHP4. Zipped and attached if you’d like to use it.

FirePHPCore-patched.zip

Disabled Install Now button

As per this post, it wasn’t obvious why the Install Now button was disabled. But clicking the “Upload” link next to the Upload Development Provisioning Profile line brought up a file dialog, where you navigate to your Mobile Provisioning file. By following the directions in the video, mine went to ~/Downloads/ when previously downloaded from Safari. Upload this file, quit and restart Titanium Developer, and you should see that it’s now detected the WWDR certificate and the Install Now button is enabled. After waiting a bit, the application will be pushed to iTunes.

iTunes needs to be able to sync to the phone

In my case, I use iTunes on my PC to sync ordinarily. So the Mac install of iTunes didn’t recognize my phone. So I had to do the following:

1. First I wanted to ensure it wouldn’t try to sync anything automatically.
2. Then I had to Authorize the Mac
3. Use iTunes to back up the phone, specifically the applications since I don’t want or need it to sync the music, movies, etc..
4. Then take a deep breath and click Sync – it will sync the apps now.
5. Check your new app (which will not have been synced by default), and sync again.

You’ll now see the new app on your Home screen. Of course all the other apps will be out of order but that’s a minor problem…

“Test & Package” tab can go AWOL

I have no idea what caused this but at some point this tab completely disappeared from Titanium Developer, from all projects. I tried launching it with the –debug flag, but nothing untoward appeared in the log. So eventually I deleted the contents of /Library/Application Support/Titanium/modules/ and relaunched Titanium Developer. This triggered a reload of the modules it needed from the Appcelerator website, and after doing so the “Test & Package” tab mysteriously returned. If you do this, you’ll have to reinstall any 3rd-party modules you have to /Library/Application Support/Titanium/modules so it’s a good idea to back those up first.