Hot off the press

APR
19

3:05 pm

phpMyAdmin attacks

While having a quick look through my IIS logs (just out of curiosity) I noticed a small but concerning pattern. It appears a bot has tried to access the setup.php script of phpMyAdmin:

iis snip

This attack tries to guess the directory name under which phpMyAdmin directory is deployed. It then tries to access the setup script, and if found, presumably attempts to send POST commands to that script.

phpMyAdmin is not installed or used on this particular box. And although the web is literally crawling (haha) with these kinds of bots, this attack was concerning – phpMyAdmin the most popular web-based admin tool thanks to cPanel installations, and is certainly a tool I frequently use.

This prompted me to obfuscate the URL to the phpMyAdmin’s setup.php script across all my important web projects.

Posted in Information Technology, Web Dev | Tagged , , , | Leave a comment

MAR
6

12:51 pm

Finding a computer hostname on the network

Ever been given a list of IP addresses and needed to document the computer hostnames?

ping -a xxx.xxx.xxx.xxx

Should do the trick.

Posted in Information Technology | Leave a comment

JAN
24

10:30 am

Multipurpose Rig 2014

Multipurpose Rig 2014

The multipurpose rig.

0. Fractal Design Arc Mini (~$150 in 2012). I’ve had this since the beginning. It is a micro-ATX case, which is slightly annoying, but it is a great-looking case.

1. Intel i7-3770 non-K (~$300 in 2013). Ivy Bridge, expensive, but reviews and benchmarks do say that it was the best choice, bang for buck. The 8 threads aren’t particularly necessary for gaming, but they are great for the rare video encoding task.

2. Asus P8Z77-M-Pro (~$150 in 2012). Asus’s flagship 1155-pin micro-ATX board. Major downside is lack of Wifi, but upsides include having 2x full PCIe x16!

3. Patriot Memory 2x 8GB (~$160 in 2012). Has cooling fins. Looks cool. Rookie error: for a year, had the ram clocked to 1333MHz even though it was rated 1600MHz.

4. Dual Sapphire HD 7850 2G OC ($200 each in $2013). Crossfired. The main issue is cooling, in a mATX system. Next time I think I’ll just go with 1 high powered card.

5. Corsair AX860i Digital PSU ($340 in 2014). Modular and 80+ Platinum!

6. Secondary storage, from top to bottom: 2TB WD Black ($150), 2TB WD Green ($99), 240GB Samsung 830 SSD (~$250).

7. Lots of fans – went crazy. Push-pull config: 2x front intake, 1x side intake, 2x top outtake, 1x back outtake (blue LED).

 

Note: My apologies for any incorrect prices – they are off the top of my head and should be used as an estimate/reference only.
Posted in Uncategorized | Leave a comment

JAN
24

9:53 am

Dogecoin – 1 month later

Along with my friend JC, we’ve been investigating and mining Dogecoin for just over 1 month.

The cryptocurrency that Jackson Palmer and Billy Shibetoshi Markus founded last December has so far risen to prominence not only on the Internet community (the “scam” of the first online Doge wallet app), but also in trending news worldwide (Dogecoin Foundation funds the Sochi 2014 Jamaican Bobsled team).

JC and I are running a number of rigs for mining Dogecoin, currently mining at around 3MH/s, hosting a suite of AMD cards including 5850′s, 7850′s and 7950′s. Currently we’re mining Doge on multipool, but previously have been on dogepool.pw and the (potential scam) doge.scryptpools.com

More to follow, once I go and snap some pics of the rigs.

Posted in Uncategorized | Leave a comment

DEC
19

3:12 am

Wow Such Coin

DogeCoin started cluttering up my Facebook newsfeed, so I began to investigate cryptocurrencies. Most will have heard about the valuation of Bitcoin in current markets, having been featured prominently in news and commentary. However, Bitcoin is currently prohibitively expensive to buy, unless one happens to be a serious (probably career) investor.

Enter DogeCoin

DogeCoin clearly has light-hearted roots – why else would the gents invent a currency featuring 2013′s meme mascot. At time of writing, it was launched LESS THAN 2 WEEKS AGO. But it’s a serious joke, following in the footsteps of other tangible creations like DogeScript, and I think it’s around to stay. In a nutshell, DogeCoin:

  • Is a cryptocurrency (all the current alt-coins are based off the BTC concepts of limited supply, blockchain, etc),
  • Has a strong following because of the Doge-loving community, and
  • Is used on Reddit as of Dec 2013 as a trading-marketplace currency

Very Mining

For the lols, I decided today would be the day to start mining. With an i7-3770 and dual Sapphire OC 7850′s sitting in my computer, I thought why not.

It seemed GPU mining was the way to go – GPU methods are 10x faster than CPU mining methods (learnt something new). I very quickly found I was frying one of my GPUs at above 100°C, due to the fact that the card was also running my 3 monitors…

On and off, I gathered about 1000 DOGE on my first mining day.

Nice timing for interest in DogeCoin, since a few hours ago from time of writing (18 Dec in the USA), a Chinese Bank banned BTC deposits. This sent all cryptos plummeting – DogeCoin however was the sole survivor (and yes, it’s because it’s valued at peanuts).

 

Conclusion: Why DogeCoins and not LiteCoin/BitCoin?

DogeCoins are for the lols, which makes them much more valuable to me.

 

-Alan

Posted in cryptocurrency | Leave a comment

NOV
17

9:06 pm

Network Servers Notes

Network Servers: Overnight revision

List of useful utilities/services/daemons (The subject Linux distro is Centos 6.2)

  • rpm
    Redhat Package Manager – installer
  • yum
    Yellowdog Updater Modified – installer
  • ntpd
    Network Time Protocol Daemon – Maintains time synchronisation with time servers
  • inetd/xinetd
    Internet Service Daemon, manages internet services e.g. Telnet
    Port Monitoring for other services
  • dhcpd
    DHCP
  • httpd
    Web server e.g. Apache, nginx, lighttpd
  • named
    Name Daemon – BIND name server
  • cups
    Common Unix Printing Service

Typical Roles for Windows Servers

  • Active Directory Domain Services
  • Active Directory Lightweight Directory Services
  • DHCP Server
  • DNS Server
  • Web Server (IIS)
  • File Services
  • Print Server
  • Streaming Media Services
  • Windows Server Virtualization (Hyper-V)

Disks, partitioning, filesystem, checking etc.

Layout is stored in the first part of the disk: Master Boot Record

Disk Locations:

  • /dev/sda* – mounted drives
  • /home – user directories
  • /tmp – temporary
  • /etc – config files
  • /var – settings and variables for programs – day to day
  • /usr – most programs and data files
  • /mnt – mounted drives
  • /media – removable media like USBs

LVM Logical Volume Manager
Can group physical volumes into a logical volume group

fsck File System check
Can also automatically attempt to repair the filesystem

“Journalled” filesystem
Before an update, writes to the journal, then afterwards erases the journal entry
The filesystem integrity check can therefore be limited to checking a state consistent with the journal.

Networking

Private Address ranges:
192.168.x.x/24 172.16.x.x/16, 10.x.x.x/8

Hosts files
/etc/hosts.allow /etc/hosts.deny /etc/.rhosts

iptables
1. Firewall
2. Network Address Translation
3. Packet Filtering

 

File Permissions

Permissions string
First char is file type (- = file, d = dir, l = symlink, etc)

Special bits – setuid (4000), setgid (2000), sticky (1000)

  • setuid file = will execute as if run by owner of file
  • setgid file = will run with group permission set to group of file
  • setgid dir = files created in dir owned by dir group, not creator’s group
  • sticky dir = only user who create file can delete it (e.g. /tmp)
Posted in 31338 Network Servers | Leave a comment

SEP
12

3:10 am

This is why PHP.net accounts for so much Internet traffic

PHP Fuu

Every PHP dev knows the rules:

  • Array – needle – haystack
  • String – haystack – needle

But Object – haystack – needle ? Where is the sense in that??

Tony: If that was ever changed, you’d break half the internet

Posted in Web Dev | Leave a comment

AUG
2

2:51 am

Flat Design is taking over the UI world

Sleepless night; Uni is at 9am tomorrow. (Fittingly, the lecture is for 31080 Digital Multimedia).

I might like to point out that Flat UI Design is taking over. I think although people may not know it by name, they will have noticed it as a “trend”.

What is this Flat UI Design? | What does it look like? | How long has it been around? Nobody can agree exactly, but in web design circles, the implementations are definitely recent (1-3 years old).

Google’s Chrome browser was one of the earliest obvious changes – in 2011, many will recall the Logo changed to a flat, 2D design.

W8/Metro/Modern UI is pretty flat. So is basically all of Microsoft’s online presence. And also my beloved Windows Phone 8. And hey look, iOS7 is basically also a big flat design.

jQuery recently re-did their website into a unified, all-products-accounted-for site. Although it’s only half-flat, I think the appearance and direction towards “Flat UI” is clearly there.

Bootstrap 3.0 is very, very clearly Flat UI Design (actually pointed out by my Flat-mate [ha ha]).

Lastly, in my own design work. My recent projects for Sydney SUV Tours and India jeep Tours have leaned towards elements of Flat UI Design. I say “leaned towards” because the site is very photography-heavy — this is one thing that seems unclear in commonly agreed Flat Design principles.

Upcoming, I’m doing basic design and implementation for two websites. One of them is a project which, I’ve been requested, is to be loosely based off the UTS Business Society website — which has very clear Flat Design elements. The other website is a blank canvas — and guess what, I’m leaning towards implementing a Flat Design.

AY.

 

Posted in Graphic Design, Web Dev | Leave a comment

JUN
20

1:02 am

PMP Live blog: Organisations, Contracts, Closure

Types of organisations

Functional 

Typical linear organisation, with CEO at the top, then middle management, then the workers. Simple hierarchy, clear lines of reporting.

Matrix

Workers are grouped by department/boss. Resources across the “matrix” are flexible, but the reporting structure is less clear.

I like to think that you can “drag and drop” resources from one matrix grid to another.

Project-based

Teams are formed to address resourcing for specific projects. Strong project focus, but little flexibility in resourcing.

Cellular/Networked

A flat governance structure, where individuals take on more responsibility. Quite flexibile.

 

Contracts

When work needs to be outsourced to a vendor, a process is required which targets many specific points. The process is typically:

  1. Plan the project (Project initiation)
  2. Plan the contract, by designing a Request For Information (RFI) or Request for Proposal (RFP)
  3. Disseminate RFI/RFP
  4. Select the vendor you like the most (could be cheapest, most skilled, etc)
  5. Administer the contract
  6. Close the contract, once the work has been done

Why? Contracts are necessary to ensure that work is provided as agreed. The contract may specify the quality of the work that is to be provided.

Payment. The contract can be paid as either lump-sum at the end, or on a pro-rata labour basis. The three types of contract are:

  • Fixed-price (lump)
  • Cost-reimbursable (labour)
  • Time and materials (long term)

 

Closure

Project closure actually refers to “solution implementation technique”.

Project implementation actually refers to the type of solution desired, e.g. custom, from-scratch, etc.

Parallel: The new solution is run in parallel with the existing system for a short time span, and then eventually the old system is switched off. This approach allows for stakeholders to familiarise, and is also to mitigate risk/provide contingency.

Phased: There are a number of dates/milestones at which components of the new solution will replace equivalent components of the old solution. This can also help mitigate the risk of the new, and it allows newer stuff to be delivered into production sooner rather than later.

Direct: The new solution replaces the old system entirely, at a single point in time. This is a cheap implementation method. However it is also risky, from an operational perspective – what if there is failure, what if people cannot understand.

 

Posted in 31272 PMP | Tagged , , , , , , , | Leave a comment

JUN
19

11:47 pm

PMP Live blog: Change

Change Management

There are 2 types of change (that we are concerned with) are:

  • Organisational change
  • Project change

Organisational change = New direction and strategy, new CEO, people being fired

Project change = Requirements/deliverables have changed, due to changed circumstances, or prior misunderstandings when planning.

Change costs money/time/quality.

Project change – usually involving expanding/contracting the scope – needs to be considered with relevance to The Triangle. Cost/Benefit analysis.

Project Change Request

A project change request, commonly just “change request” in the industry, is a document which outlines a proposed change, and contains an impact analysis. It also defines what, how, where, when the change will occur in the project. This document is usually signed off by project team members, then finally signed off by the Project Manager and the Project Sponsor.

 

 

Posted in 31272 PMP | Tagged , , | Leave a comment