Remember, there are only three numbers in computer science: 0, 1, and n. This is what scaling horizontally is – break out the infrastructure so that it’s trivial to add another instance of, say, a database server.

Read the full note from the Facebook engineering team: http://www.facebook.com/note.php?note_id=409881258919

So here’s a script which shows possibly hacked files. Assuming you have ssh access to your server, save it as check_for_hacked_js.sh and then chmod 755 it. To run it, type:

./check_for_hacked_js.sh

Once it’s done, check the contents of hacked.txt – and you’ll see all files which have possibly been hacked.

#!/bin/bash

grep -ri "document.write(unescape" * > hacked.txt

Mark Liyange’s php package has all of the nice stuff (like GD and mysql support) built into it, but it just doesn’t run with apache on Snow Leopard (white screen).

There’s no simple way to install php 5.2 without compiling it from source. Macports has a php52 package, but
sudo port install php52 yeilded a nasty error:

Undefined symbols:
“_res_9_dn_expand”, referenced from:
_zif_dns_get_mx in dns.o
“_res_9_search”, referenced from:
_zif_dns_get_mx in dns.o
_zif_dns_check_record in dns.o
“_res_9_dn_skipname”, referenced from:
_zif_dns_get_mx in dns.o
_zif_dns_get_mx in dns.o

Solution? Compile it manually and then run EXTRA_CFLAGS="-lresolv" make -j2

I did that, waited an hour, and it worked (hooray) except I had no mysql support. *sigh* I had to recompile with mysql, so…

Steps to compile php 5.2 on Snow Leopard with mysql support

Download php 5.2.11 source code or do it via macports by sudo port -v fetch php52

Uncompress it, open terminal and go to the uncompressed folder (macports stores the download in /opt/local/var/macports/distfiles/php5 (if you’ve already tried compiling with Macports, that’s where your download will be).

Configure the build by typing:

./configure '--prefix=/opt/local' '--mandir=/opt/local/share/man' '--infodir=/opt/local/share/info' '--with-config-file-path=/opt/local/etc/php5' '--with-config-file-scan-dir=/opt/local/var/db/php5' '--enable-calendar' '--with-iconv=/opt/local' '--enable-exif' '--enable-ftp' '--enable-wddx' '--with-zlib=/opt/local' '--with-bz2=/opt/local' '--with-mysql=/usr/local/mysql' '--with-mysql-sock=/tmp/mysql.sock' '--with-sqlite' '--without-pdo-sqlite' '--with-libxml-dir=/opt/local' '--with-gettext=/opt/local' '--with-libexpat-dir=/opt/local' '--with-xmlrpc' '--enable-soap' '--enable-bcmath' '--enable-mbstring' '--enable-dba' '--enable-zip' '--with-openssl=/opt/local' '--with-mhash=/opt/local' '--with-mcrypt=/opt/local' '--with-mime-magic' '--with-xsl=/opt/local' '--with-curl=/opt/local' '--with-pcre-regex=/opt/local' '--with-gd' '--with-jpeg-dir=/opt/local' '--with-png-dir=/opt/local' '--enable-gd-native-ttf' '--without-pear' '--with-freetype-dir=/opt/local' '--with-ldap=/usr' '--with-kerberos=/usr' '--with-iodbc=/usr' '--with-apxs2=/usr/sbin/apxs' '--with-mysqli=/usr/local/mysql/bin/mysql_config'

Notice the –with-mysql option, and the path to your mysql install (I used the binary from mysql.com so it’s in /usr/local/mysql – your folder will be different if you installed mysql with macports – same with –with-mysql-sock – mysql.com binary sticks it into /tmp/mysql.sock whereas macports puts it elsewhere – somewhere I can’t remember, but locate can help).

I also changed the –with-apxs2 option as it was pointing to my macports compile of apache2 which I’d decided not to use.

[You might wander, how did I get all of these options? After my first (successful) php 5.2 build (the one which didn't have mysql support), a phpinfo() shows the Configure Command used to configure from source. I copied that, and changed the relevant bits. And alas, found out too late I should've added mysqli support in, which is there now.]

Make the binaries with EXTRA_CFLAGS="-lresolv" make -j2
Copy to the right locations with a make install

If all goes well, your last step is to hook the php module into apache (php tries to do this itself, so just verify it worked). Open /private/etc/apache2/httpd.conf and search for “php”. That line should say:
LoadModule php5_module /usr/libexec/apache2/libphp5.so

Now just restart apache and you’re all done! No more drupal white screens, and now you can actually access your database. Whohoo.

1) Any person who sends unsolicited commercial communications to consumers, must provide the consumer
a) with the option to cancel his or her subscription to the mailing list of that person; and

b) with the identifying particulars of the source from which that person obtained the consumer’s personal information, on request of the consumer.
2) No agreement is concluded where a consumer has failed to respond to an unsolicited communication.
3) Any person who fails to comply with or contravenes subsection (1) is guilty of an offence and liable, on conviction, to the penalties prescribed in section 89(1).
4) Any person who sends unsolicited commercial communications to a person who has advised the sender that such communications are unwelcome, is guilty of an offence and liable, on conviction, to the penalties prescribed in section 89(1).

What this means is that anyone can collect your data, sell it to a third party who subscribes you to their newsletter, and sends you unsolicited email, and it’s all quite legal.

At least in the States it’s double-opt (meaning you have to visit a website, enter your email address, click “subscribe” – that’s the first opt-in. Then check your email and click on a link to confirm you want to be subscribed – that’s the second opt-in). This means that any time someone adds you to their newsletter without your explicit permission, they’re spamming you. This is the correct way of doing it.

Which leaves me in a pickle. South African law governs the emails I receive, and spammers are not in contravention of the law. I don’t know which law applies when South Africans start spamming Americans (the mail recipient, or the sender?), but wouldn’t it be wonderful if South Africa changed her laws about unsolicited emails? Both privacy.org and wikipedia define spam as “unsolicited commercial email.”

I wonder if I should keep on posting about South African spammers given they’re not actually breaking the law, but are still spamming. What do you think?

[Update: people can get burned by this, like Justin Hartman from Afrigator. Always ask the people you're emailing if they'd like to be added to your newsletter - don't automatically subscribe them, even if you're convinced everyone wants your newsletter. The few who don't might get you shut down.]

[Update: turns out I misunderstood Justin – he wasn’t shut down by Mailchimp (his newsletter service provider) because of complaints. He says, “According to Mailchimp our email lists were actually very healthy (i.e. not many complaints) but we just decided it wasn

Your actionscript 2 migration documentation sucks. It’s written for people who already know what to do and so therefore wouldn’t make mistakes in the first place. For the rest of us, it’s kinda hard (and incredibly unintuitive) to follow. Since I’ve had to upgrade an Actionscript 2 project to Actionscript 3, I’ve been drinking your “Actionscript 3 is so much easier to use – fast and powerful too!” koolaid. Page 19 of your Actionscript migration cookbook helpfully shows how to do button clicks in Actionscript 3, which are a little different from Actionscript 2. Here we go:


function onButtonClick(event:MouseEvent):void
{
trace("button was clicked");
}

my_button.addEventListener(MouseEvent.CLICK, onButtonClick);

Easy enough, yes? Listen for a click on the button my_button. When the button is clicked, execute the function onButtonClick which traces out “button was clicked”.

Except it doesn’t work. At all. Luckily your migration guide tells me, on page 9, that I can “Troubleshoot code more easily” with Actionscript 3. Fantastic – I can’t wait for a meaningful error message – let’s take a look.

Running that code in Flash gives the following error:

1046: Type was not found or was not a compile-time constant: MouseEvent

WTF?!?! What kind of error message is that?!

It’s because everything in Actionscript 3 is now done in classes, and we haven’t imported the correct class.

Simple. Load up the built-in Flash help (don’t even think of using the online Adobe help – it’s so slooooow) and search for “MouseEvent”. This renders a page which helpfully tells me that MouseEvent is part of the package flash.events

Therefore, all I need to do is put the following before my above code:
import flash.events.MouseEvent;

A wonderful place to put something like the above line of code would be, well I don’t know, how about page 19 of your Actionscript migration cookbook just above your button documentation?!?! Since that cookbook is written for newbies like me (and thank goodness I know what Object Oriented Programming is – can you imagine someone who doesn’t have a clue about that trying to figure out how to get button clicks working?!) why not include the correct classes to import before all of the sample code?

Otherwise it just makes your users feel stupid. I hate feeling stupid while using Flash – but I do all the time.

Regards
A frustrated Flash user

[Update: turns out double-opt in lists aren't required, and South Africans can subscribe people to their newsletters without their permission. In my book, this exactly what spam is, but South African law doesn't agree.]

[Update: I've deleted Diane's details from this post. After emailing her, she promptly responded saying that I'd been on her database for over a year and only sent 3 emails in that time (which is true) and that I could've unsubscribed earlier, which is also true. She denies being a spammer and wants me to only go after bigger companies. While she's incorrect that she's not a spammer (i.e. she sent me unsolicited commercial email) she does say that she spends a lot of money monthly making sure she complies with the marketing regulations. Diane, legally you're in the right (i.e. you can subscribe anyone you like to your newsletter) but if you do that, you're breaching internet etiquette - double opt-in lists are the way to go. I hope you've stopped subscribing random people to your list.]

The Diamond Life @ The Bank, Rosebank, Johannesburg, Sat 19 September

Sent out by anythinggoes.co.za on Sept4 2009, this spam is about some new club launch in Jozi. Didn’t subscribe, lads.

C2IT Computer Hardware

c2it@wec2it.com sales@c2it.co.za prize@c2it.co.za

These guys make me chuckle. Their disclaimer at the bottom of their newsletter says,

We support responsible and ethical email marketing practices. Please know that we respect your right to be purged from this marketing campaign. Removal from this email distribution list is automatically enforced by our email delivery system. Please click here to start the process for email deletion.

Wow, they “respect my right to be purged from this marketing campaign.” What about my right to not be added to it in the first place?!?! They also say,

The person addressed in the email is the sole authorised recipient.

Authorised by who? Not by me, that’s for sure.

We encourage and support best practices in responsible email marketing.

Great! Best practices are double-opt in lists, otherwise you run the risk of annoying some random person out there who posts your website and your email addresses on his blog. I look forward to seeing if this post shows up higher on Google listings on searches for C2IT Computer Hardware.

These guys are also very, very annoyed by C2IT’s spammy practices.

[Updated: some Eagle-eyed car group selling Fords and Mazdas]

[Updated: kaleidoscope advertising and marketing say they got my name from Google.]

Amlec Security CC

Amlec Security cc
15 Claybourne Street, Central, Pietermaritzburg
Tel: 033 3429966 Fax: 033 3429965

http://www.amlec.co.za

sales@amlec.co.za and patricia@amlec.co.za
They sell security stuff…and want me to buy some. No idea how I was subscribed to their list.

My problem: logging into a particular server via ssh. Each time I do that, I’ve got to open Keychain Access, search for “ssh”, find the correct Password item which I added in there previously, open it, click “Show password”, type in my password to unlock my keychain, copy the password, paste it into terminal, and I’m in. A perfect task to be automated!

The outline of the solution is to use public/private key cryptography to automatically authenticate myself to the server without having to use a password each time. The steps are:

• Generate a public and private key pair using using ssh-keygen -t rsa
  Just follow the prompts and choose the defaults (yes, the passphrase must be empty too). Your private key will be saved in /Users/your-name/.ssh/id_rsa and your public key will be saved in /Users/your-name/.ssh/id_rsa.pub
• Edit id_rsa.pub and copy the key into textedit. Make sure the key ends with the username you’ll be logging into the remote system with (something like user@example.com).
• Copy the contents in textedit, ssh into the server as per normal, and append it to the end of the authorized_keys file in the .ssh/ folder.
• To test, log in again using ssh. If all has gone well, you shouldn’t need to re-type your password

You’re done! I’ve added an extra step, by creating a new file called ssh-example.com and putting my full ssh connection string in it. Then I headed over to /usr/bin and did a sudo ln -s /path/to/script/ssh-example.com which means next time I want to connect, I just type ssh-example.com into terminal.

Thanks to these guys for the help.

Then I did the same for a client’s site, except once the whole upgrade was done, her site was full of characters like

I’ve developed a few e-commerce websites for South African clients, and each time I go through the same process with them. To get to the point where it’s possible to sell products online, you need:

• A business plan to show to a bank where you will
• apply for a merchant account.

This means you’re paying something around R200 a month so that you can accept credit card payments…AND per-transaction fees of around 5-8%. Not that you’ve accepted any payments yet, but you have the capability. Then you need a payment gateway, which you’ll typically pay around R100 a month for, and you’ll also pay a per-transaction fee, either a set fee or a percentage.

Once all this is done, it’s time to set up a website with a shopping cart, and start selling. The costs look like this:

• R200/month for the merchant account, plus 5-8% transaction fee.
• R100/month for a payment gateway, plus per-transaction fees.
• Monthly website hosting fees, say around R100/month.

Total monthly costs: R400 plus per-transaction fees.

So before we even get to the website design and development costs, we’re looking at R400/month. Obviously people moving small volumes of product can’t spend R400 a month to do this, which is why most SME’s don’t have e-commerce sites.

A great solution is to have PayPal active in South Africa, but they’re not going to do that any time soon, or probably ever. Since I’m a drupal developer, I posted a thread on groups.drupal.org (which has grown quite a lot) to ask what payment gateways people use, and pretty much heard the same story.

So, 2 questions:

• Is getting a merchant account the only way of accepting credit card payments online, if you’re a South African?
• If so, is there an easier and more cost-effective way of doing this>

I’m a Mac user who loves the world of Unix software. I can’t live without wget, lynx and the GD2 library (for resizing images in drupal).

However, these packages aren’t natively available on Mac. No problem! I have 2 options: Fink or Macports.

I’ve used Fink for over 4 years and by and large have been happy with it. Just last week I was chatting to caktux in the #drupal channel on irc.freenode.net (my Mac irc client is Colloquy – because I can’t find anything better) and he convinced me to start using subversion to manage my drupal module code. No problem, I fired up Fink…and found a horribly outdated version of svn. Not even the “latest unstable” version was close to what it should have been.

Twice in the last 2 weeks I’ve had people tell me that they prefer MacPorts: caktux and Adrian Rossouw. So I decided to uninstall Fink (by opening Fink Commander, selecting all packages, and making sure that both source and binary installs were removed, and then removing the /sw folder) and install MacPorts, which is painless.

wget and lynx were quickly available (sudo port install wget and sudo port install lynx) but GD2 was another story. I got the same error under MacPorts that I got while attempting to install GNUcash under Fink. Compliation exited with this error:

/usr/bin/gcc-4.0 -o hacklocaledir.so -fPIC -bundle hacklocaledir.c
hacklocaledir.c: In function '__open':
hacklocaledir.c:44: error: 'RTLD_NEXT' undeclared (first use in this function)
hacklocaledir.c:44: error: (Each undeclared identifier is reported only once
hacklocaledir.c:44: error: for each function it appears in.)
hacklocaledir.c: At top level:
hacklocaledir.c:113: warning: alias definitions not supported in Mach-O; ignored
make: *** [hacklocaledir.so] Error 1

‘RTLD_NEXT’ undeclared is the offending bit, which means nothing to me. Last time this happened, I search the C files to see if I could manually declare RTLD_NEXT but gave up. Who knows what its value is supposed to be?

Well, the solution is something completely different. Turns out that everything in /usr/local will influence the compiler, particularly the existence of /usr/local/include/dlfcn.h

I can’t remember why that particular file is there or even why renaming it to dlfcn.h.backup allows GNUcash and GD2 to compile, but it does. Googling the error didn’t return many useful results, except from the MacPorts ticket list, so hopefully this blog post will help someone similarly bewildered.

fink, macports, mac os x, compilation, error, RTLD_NEXT