Adventures in IT

Installing phpMyAdmin is a snip in CentOS, but there is a little trick that most tutorials skip out. For some reason the default setup (using standard repositories) does not like you having a null password for your mySQL root account. I know that you are supposed to be able to set a blank password in the pma config file and set the option to allow blank passwords to true, but this did not work for me until I set a root password. I kept getting a popup box that looked exactly like a .htaccess Apache protect but was actually just a Javascript prompt.

So here goes:

Step One - enable your EPEL repo:

 $ cd /tmp  
 $ wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm  
 # rpm -ivh epel-release-6-5.noarch.rpm  

Step Two - Install phpMyAdmin

 # yum search phpmyadmin  
 # yum -y install phpmyadmin  

Step Three - optionally edit your Apache conf

If you get Apache forbidden errors (should not be the case) you can try editing your .conf file

 # vi /etc/httpd/conf.d/phpMyAdmin.conf  

So that it looks like this:

 <Directory /usr/share/phpMyAdmin/>  
   Order Allow,Deny  
   Allow from All  
 </Directory>  

Remember to restart Apache afterwards

Step Four - Set a mySQL root password

 $ mysqladmin -u root password "hackme"  

Step Five - Edit your config.inc.php file

 /* Authentication type */  
 $cfg['Servers'][$i]['auth_type'] = 'config';  
 $cfg['Servers'][$i]['user'] = 'root';  
 $cfg['Servers'][$i]['password'] = 'hackme';  
 $cfg['Servers'][$i]['AllowRoot'] = true;  

I do not like reinventing the wheel so really just want to build on existing tutorials and provide some background information and experience.

 Firstly make sure you understand the difference between ACO and ARO. To put it in very simple terms an ACO is something that is protected by ACL and an ARO is something that uses ACL to access the ACO.

 It might help to think of ARO as users (groups) and ACO as controller actions. You will be marking your user and group models as requester objects and setting ACO on controller actions across the board.

The Cake manual really is good in explaining the concept of ARO, ACO, ACL. Please make sure you read it and understand it before continuing.  Unless you understand what ARO, ACO, and ACL mean at this point the rest of this post will make no sense.

Please RTFM before continuing.

Okay, now read through the Cake page that introduces the ACL shell (here). Ignore the sections "Create and delete nodes" and "Grant and Deny Access". We will be using tools to do these tasks since manually assigning permissions for even a medium sized project (20 models) would be unmanageable - especially if you are using a feature driven Agile approach.

Read and preferably try out the tutorial found on the Cake book site (here). Following this tutorial will give you a role based authentication system. Since we are predominantly interested in Role Based Authentication please make sure that you follow the instructions regarding "Group-only ACL" (here).

Still with me? Okay - I typically use a feature driven Agile approach when developing. CakePHP really lends itself to this development methodology. BUT it does mess around a bit with ACL when you need to add new models and controller methods. So what's the fix?

Well, in my opinion, the AclExtras plugin (available here) that the tutorial I linked to earlier is an indispensable tool. By using it to sync the ACO table (read the tutorial) you can quickly create/recreate the ACO tree.  Now you should understand why I told you to ignore the section "Create and delete Nodes" from the Shell Manual.

Go back to the page about the ACL shell (here). At the bottom of the page there are instructions to output the tree. I personally like to output it into a text file and store it in my documents folder. Not only is it useful to have a list of the ACO's but it really helps in creating the initDB method in the Users controller (see the tutorial).

 Please don't make the mistake of making every model an ARO. Only the User/Group tables need to be ARO. The tutorial doesn't explicitly say this and I remember the first time I worked with ACL I made this mistake. Do not copy and paste the ActsAs requester into each model!

Development is never static (unless you are using a Waterfall approach in a legacy environment like Cobol or Fortran). So working with ACL in CakePHP will require some tweaking as you go along.

 Fixing the ARO table is relatively simple. There are a couple of ways to fix it:

1) Truncate the table, add the allow method from the tutorial to your before filter in Users controller and add new users who are linked to the appropriate groups. Remember: We are focused on role based authentication so you should have assigned group as parent to user.
2) Truncate the table and manually add the groups required (should only be a handful)

Once you have fixed your ARO table you should rerun the initDB method in your Users controller to recreate the join table (aros_acos). I'm not sure why this join table is named in such a way as to break Cake conventions but truncating it and rerunning your initDB method (see the tutorial) is the way to fix permissions.

What happens if you get a node error? No problem really - resync your ACO table with AclExtras plugin (see tutorial). When will this occur? If you add a new controller, or a new method to a controller. This is why I use the ACL shell (linked above) to export the ACO tree (created with AclExtra's plugin). It allows me to quickly check what nodes exist.

What do the tables do?

1. 'acos' => objects that can be requested by ARO
2. 'aros' => requester objects that require access to protected ACO
3. aros_acos => join table linking the permissions

Adding a transparent background that is cross browser compatible is relatively simple.  It does not rely on CSS3 and so this method works for the current versions of Chrome and Firefox as well as IE8 and above.

Add this to your template:

<div class="container">
   <div class="content">
       Here is the content. <br />
       Background should grow to fit.
   </div>
   <div class="background"></div>
</div>

Then add this to your CSS:

   .container {  
     position:relative;  
   }  
   .content {  
     position:relative;  
     color:White;  
     z-index:5;  
   }  
   .background {  
     position:absolute;  
     top:0px;  
     left:0px;  
     width:100%;  
     height:100%;  
     background-color:Black;  
     z-index:1;  
     /* These three lines are for transparency in all browsers. */  
     -ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=50)";  
     filter: alpha(opacity=50);  
     opacity:.5;  
   }  

This was an answer on StackOverflow

A quick way to prefix all files in the directory is to run this command from your shell in the directory where your files are:

for %a in (*) do ren "%~a" "prefix_%~a"

The part of the command "prefix_" can be replaced with whatever prefix you want to swap with.

Scary Microsoft employee makes your life hard

This post just builds on the post found here and gives you some shortcuts to solving the issue.

Before visting that link run phpinfo() to check the compiler that was used for your version of PHP.

Next thing to remember is that nts is short for "not thread safe" and ts is short for "thread safe". The 53 or 54 in the file names of the dll's you download from (Microsoft correspond to the version of PHP you're using (5.3 or 5.4).

Finally if you get the error about "This extension requires the Microsoft SQL Server 2012 Native Client ODBC Driver to communicate with SQL Server" you can download the native client from Microsoft. There is an .msi installer for just the client down the page if you don't want to download the whole package.

Giving up Facebook was difficult. I had to face up to the fact that I was thinking about it pretty much whenever I was taking a break.  I started to realize that Facebook took up a fair amount of headspace and time.  Since I don't smoke I don't go outside.  Left with the choice of drinking yet another cup of unhealthy coffee or finding a distraction on my PC I found Facebook curiously addictive.

What did I like about Facebook?   Well I analyzed this carefully and thought about the value proposition.   Ultimately I realized that Facebook offered two things - lots of shallow electronic interactions and meaningless flash animation games.  Since I earn enough to buy a decent PC (or console) and really hot games the games on Facebook offer little.  The only game that meant anything to me was Fairyland and that only because it promised to save the rainforest.  PC games are better without Facebook.  As for meaningless social interaction guess how many Facebook "friends" have tried to get in touch with me since I stopped using Facebook?  That's right... zero.

Facebook's product is your personal information.   It's the ability of Facebook to sell information about you to advertisers.  You are no longer a person, you are a product.  You are Facebook's product.  So in exchange for the "free" services that they offer you willingly divulge your interests, contact details, friends, where you live, where you travel, your political and religious beliefs, and everything inbetween.

And even if Facebook isn't going to capitalize on your willingness to slave yourself out they will sell your details to third parties.  Did you notice the agreement between Facebook and Paypal that allows a one-click purchase system?  How convenient... your money linked directly to your Facebook account.  If you're not scared then you're not a hacker or have any clue what possibility you're giving Facebook by linking your accounts.

So my decision to disable my Facebook account was complicated:   firstly it was interfering with my work productivity by invading my thoughts, secondly it was removing my need for real human interaction, thirdly it was threatening my personal privacy, and lastly it was full of lame people talking about their cats.

Statistically if you give a million monkeys a typewriter and enough time you might expect them to randomly produce the works of Shakespeare.  Facebook is the disproof of this theorem - I really found that my time spent reading Facebook nonsense detracted from the time I had available to read news websites and otherwise improve my understanding of world.  Go check out http://www.failbook.com if you think you can educate yourself on Facebook or otherwise receive valuable informative opinion that will improve your life.

So what was it like?  Well firstly I was a little insulted that none of my Facebook "friends" noticed that I cancelled my account.  I thought about this and realized that Facebook offers a great deal of superficial social interactions.  A Facebook "friend" is meaningless and if one of them disappears there are plenty of other shallow interactions to fill the gap.   Test it for yourself... don't login to Facebook for a few days and see who tries to email or phone you.  You'll discover that Facebook "friends" are a poor substitute for real social interaction.

Then I started craving the various games I had started playing on Facebook.  I suppose it was useful that none of my "neighbours" tried to email me.  The social value was ruined for me when I acknowledged that none of these people were really my friends.  The only game I missed was "Fairyland" which promised to donate money to save the rainforests.  I rationalized that by donating to my church I was actually donating a whole lot more to the planet.... and since playing Fairyland took X hours it was cheaper to donate those dollars directly to the church.

Then I missed Facebook's photo gallery.  So I tried out Tumblr which allows me to upload photos.  So does Flickr.  Picasa doesn't because I use Linux as my operating system.  No problems... Tumblr and Flickr are both more private than Facebook or Google and neither has credit card information.  Failing online storage,  an external USB drive is an affordable backup option.  Plus mine is encrypted with the (free) Truecrypt program which is better than giving Facebook my rights to it.

Rights?  Yes - anything you publish on Facebook belongs to Facebook.  If you put a photo, witty comment or statement, social interaction, or anything on Facebook they can whore it out or use it any which way they want to.  What?  Yes it's true - the fact that you're tagged in a photograph can be used to profile you and target you.   Even if you don't agree to it, if your friends naively agree to have their privacy invaded malicious people can find your details.  Having looked at what an uncertified Facebook developer can do I must tell you that your privacy is history if you play games or use applications on Facebook.

Ultimately although my initial decision to stop using Facebook was because it interfered with work and offered no REAL social interaction my ongoing decision not to use it is because I have to acknowledge that I am not a product.  You can't sell me.  Facebook's chief product is access to the personal details of its users.  It already has the credit card information of millions, the Facebook credit is touted to become it's own currency, it knows where you are, what you're interested in, who your friends are, what clothes you wear, your religious beliefs, your sexual orientation, your work history, and so much more.  And it's willing to sell that information to the highest bidder.  You are Facebook's product.  Do you want to be a product?

It is very simple and quick to create a self-signed certificate on your development machine. Of course you would never use this on a production server because self-signed certificates are vulnerable to man in the middle attacks. 

You will need to make sure that you have the ssl-cert and libapache2-mod-gnutls packages installed.

Step One: Use the ssl-cert package to create a self-signed certificate.  This will create the certificate files in /etc/ssl which is where the Ubuntu default Apache configuration expects to find them.

make-ssl-cert generate-default-snakeoil --force-overwrite

Step Two: Active the SSL module and the default SSL site using the convenience wrappers:

a2enmod ssl

a2ensite default-ssl

Step Three: Restart Apache

service apache2 restart