Plop in the Ocean

Amusing, True Near Death Experience.

2011-08-25T22:49:59Z

Those who know me will know that there have been two important events occurring in my life this week. 1) Tiling my kitchen, and 2) Trying to buy a HP TouchPad.

As part of tiling the kitchen, significant other wanted to replace all the standard white wall sockets with Stainless Steel ones to match the rest of the kitchen colour scheme. I was safely over half way through this task, having disconnected the socket mains supply, when a van pulled up bearing HP TouchPad goodness. Thus the next 30 minutes of my life was accounted for.

Upon returning to the kitchen tasks I came to the Cooker 40A switch. I disconnected the ring main from the switch and proceeded to move the wires so that I kept the supply and load pairs apart when BUZZZZZZ and 240 Volts of high energy goodness shot through my hand and up my arm.

Yes folks, TouchPad caused me to forget to flip the cooker ring circuit in the fuse box.

Cue me jumping back, dropping tools and collapsing to the floor in a bout of Arrrrgh.

Wife said "Stop it, you'll scare the kids.".

Kids run in asking what happened and wife explains that Daddy electrocuted himself.

Six year old Lauren asked "Could you see his bones?".

What 16TB raw space looks like at home

2011-04-11T16:40:07Z

I've been looking for some home backup solutions over the past couple of months. This has led me down both the do-it-yourself route and buying a ready-made solution.

One of my requirements was that I wanted the solution to be more than just storage - otherwise I would have purchased a straight NAS box from the likes of Qnap, Netgear or if feeling rich Drobo. Most of these dedicated NAS boxes can be "rooted" to allow ssh access , however their CPUs are generally underpowered for general purpose use.

Other requirements were that I wanted a reasonably small form factor and to be able to use at least 4 SATA hard drives, preferably with hot swap ability. Hardware raid was not a requirement because I intended on using a Linux distribution with mdadm software raid.

In the end, I ended up building two boxes.
The first, a home build, based on the CFI A7879 chassis with a Gigabyte GA-D525TUD Dual Core Atom Mini-ITX Board.

The second was a off-the-shelf HP ProLiant Microserver which, to be brutally honest, was because HP were offering £100 cashback deal on it. This made the server much cheaper than you could possibly build yourself from components.

I added 4GB ram to each box (total 5GB in the HP box because it comes with 1GB).

The CFI boot drive is a 8GB (30MB/sec) CompactFlash card mounted as an IDE drive. The HP boot drive is a 16GB Sandisk Cruzer USB stick.

Finally added 4 x 2TB Samsung F4EG HD204UI drives to each box.

The CFI box has 8TB in RAID5 providing 5.4TB usable. The HP has 8TB in RAID6 providing 3.6TB usable space.

If there is more interest, I'll write up the build process is more detail with pictures.

For now - here are some shots of my utility shelf.

Experts Exchange, Google, AllFAQ.org and misappropriation of copyright.

2011-01-19T21:50:45Z

Opinion Piece

I was googling (as a verb) and came across a rather peculiar message at the bottom of Google's search results:

In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 1 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at ChillingEffects.org.

Interesting - never saw that before!

Following the link to Chilling Effects shows a copy of the complaint which has some interesting text in it.

Experts-Exchange makes a detailed itemisation of their registered Copyrights, none of which I find objectionable, however, the complaint then goes on to list several issues against the Defendant, the first and most egregious of which is:

a direct "copy and paste job" lifting the content of Plaintiff's question and answer forums and inserting them onto AllFAQ's website. AllFAQ's question and "Solutions" are verbatim to Experts-Exchange's questions and "Accepted Solutions;"

From this Experts Exchange is accusing allfaq.org of Copyright infringement against Experts Exchange owned Copyright.

At first glance, this might seem fully justified - but look at what they are claiming copyright on. Experts Exchange are assuming copyright ownership of content that you, and I, and all their users create by asking and answering questions on their web site.

I looked at Experts Exchange's Terms of Use and could not find any agreement that users were assigning their rights and copyrights to Experts Exchange. The relevant paragraph is:

"5. Content License

EXPERTS EXCHANGE enables Members to post problems or questions, proposed solutions or answers, information, comments and other content ("Your Content") to its Site. When you post Your Content to the Site, you understand and agree that Your Content can be viewed and used by other Members who visit the Site with or without attribution.

You represent and warrant that you own or otherwise control all of the rights to Your Content and that use of Your Content by EXPERTS EXCHANGE and its affiliates will not infringe upon or violate the rights of any third party. Before you use EXPERTS EXCHANGE Services to post any information or content that is protected by intellectual property laws, you shall have acquired the legal right to do so from the owner or authorized licensee of such information or content.

By registering with EXPERTS EXCHANGE and posting Your Content on the Site, you hereby: (i) grant EXPERTS EXCHANGE a non-exclusive, perpetual, irrevocable, unrestricted, transferable, fully sub-licensable, worldwide, royalty-free license to use, distribute, display, reproduce, perform, modify, adapt, publish, translate and create derivative works from Your Content in any form, media or technology, whether now-known or hereafter developed; (ii) grant EXPERTS EXCHANGE and its affiliates and sub-licensees the right to use the Member Name that you submit with Your Content for purposes of attribution; (iii) authorize EXPERTS EXCHANGE to assert and prosecute claims against any third-party making any unauthorized use of Your Content, including any use that violates this User Agreement ("Third-Party Claims"); and (iv) appoint EXPERTS EXCHANGE as your attorney-in-fact for the purpose of asserting and prosecuting Third-Party Claims. If you do not wish to have Your Content attributed to you, then you must notify EXPERTS EXCHANGE at customer_service@experts-exchange.com.

Experts Exchange acknowledges that the copyright belongs to the author as "Your Content" and that by posting you are granting them extensive licenses to use that content. You are not assigning your copyright to Experts Exchange.

Now I am glad that their ToU does not attempt to wrest copyright ownership from its rightful owner, that is right and proper.

allfaq.org is demonstrably guilty of screen-scraping the Experts Exchange web site and I do not condone those actions at all. However, looking at what they copied - it was the Title, Question and Accepted Solution text - the copyright of 100% of that is with the original authors, and not Experts Exchange.

Thus, in my opinion, this complaint against allfaq.org is without merit and should be dismissed.

It would also appear that Experts Exchange has also abused the provisions of the DMCA in forcing Google to remove the content. Google should restore the links.

And finally, Experts Exchange should implement some technical measures to prevent automated scraping. Find better ways to improve your search ranking, and if your competition beats you don't ask your own members how to do better SEO; be told by them that you have no Copyright Claims on the content; and then proceed to file DMCA take down notices when you know you have no (copy)right.

Stage 2: http:BL with Apache2 mod_perl

2010-12-02T11:19:45Z

After my earlier post Referrer and Comment spammers are a PITA I came up with two mod_perl plugins to Apache and an "apache level" firewall.

The reason for the apache-level firewall is two-fold. There is no direct way for the Apache user to manipulate an iptables chain (as it doesn't run as root), and second; I was not happy with suid root access or other forms of message passing to a daemon which would manipulate the firewall for me.

Architecture is thus, in httpd.conf place the following two lines:

PerlPreConnectionHandler PGREGG::httpBLBlock
PerlLogHandler PGREGG::httpBLLog

The first tells apache to run the handler in my httpBLBlock.pm module when a connection is received (before the request has been sent by the client). In this handler, I am simply looking for a filename matching that IP in a directory that is writable by the apache user. The contents of the file are a SCORE:httpBL_answer:[LIST]. Based on this, the module checks the mtime of the filename is in the last SCORE days, then the firewall is in effect. If so, we simply tell apache to drop the connection. If the file has expired, we delete the file.

The second line is more interesting, and what creates the firewall filenames. In order to not impede the general speed of request handling, processing is performed in the Logging section of the Apache process. Our module is called by apache after the response has been sent, but before the access_log entry has been written. In our module we perform the http:BL API call and compute the above SCORE based upon the Threat* level and Age* of the API response. (* both Threat and Age are octets in the DNS lookup). We merely discount the Threat down to zero based on the Age (0-255) where an entry 255 days old reduces the SCORE to zero.
If the SCORE is larger than our trigger level (3) then we create the firewall filename, log the entry in our own httpbl.log and return Apache2::Const::FORBIDDEN. This causes Apache to not log the entry in the normal access_log. Otherwise, if all is ok, we return Apache2::Const::OK and Apache logs the hit as normal.

I have a bit of code tidy up, restructure the config/firewall directory and pull some common code out to a shared module before I can release to the world.

An interesting side effect to publishing the last story out through Planet PHP and other news sources along with the Project Honey Pot image is that when browsers viewed those sources, they all asked for the image off my server. In several cases, these were known spammer, Comment spammer, and other abusers. My server then created the firewall entry blocking them before they were able to follow the links back to my server.

I have been reading up more on Apache Bucket Brigades in an attempt to allow the firewall filter to be placed immediately after the request has been received and allow a custom response to the browser. This may help an otherwise unsuspecting user if their machine had been trojaned. I don't mind admitting I'm thoroughly confused right now :)

Referrer and Comment spammers are a PITA.

2010-11-28T23:18:54Z

This shouldn't be news to anyone - but Referrer and Comment spammers are a real pain in the a*se. Polluting my web logs and making any meaningful log analysis problematic.

So, I now have an itch to scratch and I'm going to do something about it. I would encourage you, the reader, to do something about it too.

Firstly, get yourself over to Project Honey Pot and read up on the project. If you can, set up a Honey Pot or two yourself. Also be sure to read about the http:BL - this works along similar lines to the DNS blacklists used for Email spammers.

Next, I'm going to write a general Apache mod_perl module which will provide integration (lookup) to the http:BL and allow the user to "action"* the abusers. Minimally, it will prevent the normal apache log files from being polluted by diverting the log entries to a httpbl logfile.

* "action" - To provide flexibility, I'm thinking of running an external script with the IP of the abuser. The script can then perform any action you wish. The one I'm going for is an iptables firewall block.

Comments and suggestions welcome.

Project Honey Pot has implementations for several languages, including PHP and Perl (the languages that mean most to me). There may be an implementation for your Web application so you might not be interested in what I'm doing at all :)

Vodafone UK + HTC Desire + Android 2.2 FroYo = Fail.

2010-08-04T17:59:03Z

Well, it looks like Vodafone UK royally messed up the timing of the HTC Desire OTA Update yesterday. While most owners were eagerly expecting the announced Android 2.2 (FroYo) update that HTC have been pushing out, Vodafone decided to push out a 2.1-update1 which only provides Vodafone branding, apps, a few bugs, and even a couple of "adult" related bookmarks to everyone - and leaving them on Android 2.1 (Eclair).

Needless to say - Users are ~~not happy~~ at all. *Vodafone appears to have moved the thread ~~here~~. [2010/08/06] Moved again to here (is Vodafone trying to hide the complaints?).

In work, we (coworkers and I) now have a total of 8 HTC Desires (out of 16 people) - even two iPhone users have converted! A few have been espousing the wonders of FroYo on their phone (some had rooted, and did it themselves, others had bought unbranded phones and got the stock HTC FroYo upgrade). I was jealous(ish) and wanted it myself.

Given Vodafone's actions yesterday, it was likely that the FroYo update from Vodafone was minimum several weeks away, if not 3 months (as was intimated on the Vodafone forum - end of October) - it was also noted that the Vodafone FroYo update would include the Vodafone 360 branding and software.

Thus, last night it was time to embark on the adventure of flashing my HTC Desire to a stock image direct from HTC. I reasoned that my goal should be to flash HTC's Android 2.1 (Eclair) image to the phone, and once there, the normal software update process should take me to 2.2.

And so it began...

I knew that I needed to create a gold card because the Vodafone image doesn't let you install non-Vodafone images. This I discovered as I tried to simply apply a stock 2.2 download and using boot recovery update.zip - all attempts met with a complaint of a "Fingerprint error".

I ended up at this page:
[TUT]Complete upgrading guide(root, unroot, flashing ROM & updates)

and followed Post #3 which details a) How to make a Gold Card* . Ignore the rest of #3
and then Post #4 - the "unrooting" guide.

You then need to find a download of the correct stock HTC Bravo WWE image ROM - I chose the second WWE ROM from this link (140MB download):
[ROM] Official HTC Desire RUU ROMS and OTA Update URLs
RUU_Bravo_HTC_WWE_1.21.405.2_Radio_32.36.00.28U_4.06.00.02_2_release_126984_signed.exe

Proceed through the rest of Post #4 "How to Flash ROM" with the Goldcard inside your Desire, and plugged into your PC.

The phone will take 5-10 minutes to complete upgrading (or downgrading) to HTC Stock 2.1 image. When it reboots you will have to go through all the original setup sequences you did when you first unboxed your phone.

You can then perform a Software Update Check and you should find you have a Android 2.2 FroYo update (90Mb) waiting for you. Proceed and let it do its thing.

Once done, welcome to FroYo.

All future updates will come direct from HTC - not from Vodafone, and you won't ever have the Vodafone 360 branding rubbish foisted upon you.

* My GoldCard creation had a bit of a hiccup, in that it turns out that the 4GB Samsung card which came with my Desire does not work as a Goldcard despite formatting and following the instructions to the letter. Trying an old 1GB Sandisk I had resulted in a good goldcard.

Aside from the goldcard hiccup - this all went surprisingly smoothly and painlessly.

Good luck.

Disclaimer: If you try any of the above - it is all your responsibility. I take no responsibility should you brick or damage your phone.

The O2 Joggler - A first hack.

2010-04-14T22:06:47Z

If you were not aware - O2 last week reduced the price of the O2 Joggler from ~~£149.99~~ to ~~£99.99~~ to £49.99. Nothing remarkable in price reductions, however what is remarkable is what you actually get for your money.

The O2 Joggler is a silent 7" touchscreen device with Intel Atom Z520 running at 1.3Ghz, 512Mb ram, 1GB internal flash storage with additional storage available via an external USB port. What makes the device really exciting is that it also has a 1GB ethernet (Realtec 8168) and Wifi.

Looking at that - I know you're all thinking "linux box" - but conveniently, the default operating system on it is based on Ubuntu 8.04 and busybox, The frontend is a custom flash driven UI developed by OpenPeak (makers of the Jogger which is rebadged by O2).

There are plenty of clever individuals over at http://hackthejoggler.freeforums.org/and in the #mer channel on freenode who are working to allow the Joggler to run other Operating Systems such as Android, Ubuntu Netbook Edition, MID, even Windows and OSX.

However, the standard OS supplied is also pretty powerful and allows significant customisation. You can enable telnet just by turning it on with a custom USB stick plugged in. To do some of the things I'll be describing here you will need to have started with that.

Once you can telnet in, the world opens up and you can do lots of things that you would expect* to be able to do in a linux system. (* except run a web browser.... at this time - we don't have web access with the stock OS due to the custom flash GUI interface.)

Lets install some useful utilities, how about perl, terminfo, irc clients, bit torrent, rsync, ssh/scp ? Yes, I know what you're thinking - overnight silent downloads - no need to leave PC on... nice...

I've built several of these utilities with installation instructions and uploaded them over here:
http://pgregg.com/projects/joggler/

Feel free to download, examine, install etc. Read the README on the download page - it explains how to do it. Most of the packs include an install.sh script that will provide an installation safety net - it won't overwrite existing files or libraries.

Usual disclaimers apply - you try these applications at your own risk. I accept no responsibility if you manage to brick, fry or otherwise trash your joggler.

Comments, suggestions for other applications are always welcome.

Update: Thanks to NP - seems I was a little too brutal with the library stripping to keep the download sizes small and I missed some required libraries (that I mistakenly thought were in the standard Joggler distro). I have rebuilt the following packages as they were missing some libs: rtorrent, rsync, sudo,ssh
The screen package has been rebuilt too to add one final tweak (to the installer script) so it can be used by non-root users - the only difference you need to do is run the command: chmod 666 /dev/ptmp /dev/tty

Is BT still collecting usage data?

2010-03-31T07:30:00Z

After the recent scandal over BT using Phorm (see here and here) is it still possible that BT is still covertly collecting data profiling its user's internet usage?

I have, as part of my home BT Total Broadband package, a HUAWEI Mobile Connect 3G Modem. This is a USB dongle that provides internet service. I rarely use it, but because of the storms last night my internet connection has been very unstable, therefore I plugged it in today.

When I started the "BT Connection Manager" software, it informed me that there was an update to the service and would I like to download it? Yes, ok, and a couple of minutes later it began to install itself. Then popped up the obligatory EULA which contained the paragraphs:

"Installation of this Software will automatically apply a unique identifier to the Software, this identifying feature will only be used in accordance with the BT privacy policy which can be found at www.bt.com.

This software automatically collects session and client parameter Information for all connections made via this Software. This information is automatically transmitted to BT at the start of each session where Internet access is available. This session information will only be used in accordance with the BT privacy policy which can be found at www.bt.com."

BTConnectionManagerEULA.txt

I also note that the software package uses the Open Source packages libCurl, openssl and sqlite. Combined they enable the package to record "session and client parameter Information for all connections" in the database (sqlite) and to encrypt (openssl) and transmit the data via a web request (libcurl) back to BT.

At this point I am unable to confirm if such a transmission is taking place as I declined the EULA, but would welcome feedback or comments from others that are able to investigate this more fully.

Update: Even though I clicked "Cancel" to reject the EULA - it did update the application and actually started it up before I exited the installer. Guess I have this privacy invading feature now.

Amazon 1 - 0 Waterstones, aka this morning's rant.

2009-09-29T10:02:59Z

SWMBO asked me to order a book for her this morning, so being the tightwad that I am, I go hunting for the ISBN and the cheapest place to buy it.
Amazon has it for £17.24 and Waterstone's for £18.49 (but if I order through quidco, then I receive another 8% cashback, making Waterstone's cheaper).

Waterstone's need me to create an account, fair enough and state "Also, please be aware that passwords are case sensitive, and must be a minimum of seven characters long and at least one character must be numeric." Again, all fairly standard.

So each time I try to enter a password which meets this criteria I'm hit with a javascript popup that claims: "Your new password must be at least 7 characters long and contain at least one digit."

"But it is!", I yell in frustration.

Using the Firefox "Web Developer" plugin I unhide the password boxes and see that my password doesn't have digits... wtf! I enter the digits again and find there is another hidden rule:

<input name="newPassword" type="password"
id="fPassword" size="40" maxlength="16" value="" />

Yes, an upper limit of 16 characters on the password.

Right ok, make a password of 16 chars or under and move on...

Add name, postcode to the next form and it finds my address ok - click continue to (I presume) proceed to the CC entry form and voila!

Well not quite.

"There has been a problem processing this request
Please use the refresh button on your browser to try again.

Thank you."

A few refreshes later, it is apparent that Waterstone's has no intention of working, sod it, for 20p more I can have less hassle at Amazon.

Getty Images / BBC Math Fail.

2009-06-03T19:50:50Z

From the BBC Magazine today is an article 7 questions on GCSE maths.

Can you spot the fail?

Yes, epic.

Register your broadband not-spot now

2009-05-28T08:00:00Z

thinkbroadband, formerly ADSLGuide.org.uk, have setup a community site where UK sufferers of the lack of universal broadband can register their inability to obtain broadband (a not-spot) or where you are unable to obtain up to 2Mbps service (slow-spot).

The Northern Ireland map is here - if you currently suffer from a lack of, or poor broadband coverage (including satellite) please register your details on the site - by adding your postcode it will appear on the map and we can begin to get a true picture of the poor state of broadband in Northern Ireland.

Thanks.

Borland, Farewell my sweet.

2009-05-06T14:31:36Z

Today, May 6 2009, marks the day that Borland, that once great master of all software development has finally recognised there was no other recourse but to up and sell itself off in order to survive.

Back when I was a teenager, in the early 80s and personal computing was coming to the fore - I, and many others, aspired to work for that great company Borland. It was the pinnacle of language development and development tools and we wanted to work there. However, based in Ireland it was never to be.

Also, once upon a time I happened to be working for a very promising young company with a fantastic product line called Segue Software, based in Boston, MA. Segue also had its troubles but a new CEO saw its fortunes turn and it was climbing to success. This success was noticed by the aforementioned Borland as it tried to re-invent itself as an Application Lifecycle Management (ALM) company. The same day it was announced that Borland was acquiring Segue, it also announced it was selling its developer tools division (that's Delphi, JBuilder, and later Delphi for PHP, 3rd Rail line of products).

This was such a bitter-sweet time for many. I was overjoyed that I was going to work for Borland (childhood dream) - it didn't matter I wasn't going to work with the developer tools, working for "Borland" would just be cool. Sadness also because our little 200-man company was being consumed by a 1200-man behemoth (relatively) and no-matter which way you looked at it, people were going to lose their jobs. Pretty much the entire US East Coast staff (Segue Head Office) lost their jobs and the office was closed. Product development labs and Technical Support survived, simply by virtue that it was the product and product skills that were purchased, not the G&A functions - they could go.

I 'lived the dream' for the next 2.5 years in the IT department. Despite being remote, I loved working with the rest of the Borland teams as I was intimately involved in the merging/migration of Segue's systems into Borland's. I also had the pleasure of working with several departments to architect and deploy several new platforms (such as product downloads and licensing via Intraware, and the companies Salesforce.com, SFDC, deployment). I'll treasure the time I spent at Borland.

Of course there were several WTF moments. Most significantly, for me, was the company "hanging its hat" on BMS (Business Management Solutions) which ultimately proved to be a hatstand made of jello. Very few, outside of management and that product team, believed in it. Another significant WTF for Borland was, If you plan to be the Application LIFECYCLE Management company - why divest yourself (for a paltry $27m) of two of the world's major AppDev toolsets (Delphi and JBuilder). You've just removed the feeder market and upsell opportunity into your ALM business. Finally, and internal WTF to get off my chest, on what planet does the IT department belong as a subdivision of the HR department?

Borland will live on in the hearts of many of us who knew what she used to be. I think I left Borland a better place than I found it (as long as you don't look at the stock price ;), and I made some good friends. At the end of the day, there isn't much more you can ask from your tenure.
It is sad that today if you ask a typical Software Engineer if they know who Borland is, they'll respond "Who?" which typifies the company's slide into obscurity.

I wish the best of luck to my former colleagues, who I'm sure, will be wondering what is to happen next. I also hope that the new owners, Micro Focus International (who?), have good fortune with their ALM drive. Perhaps the Borland name might live on as a brand for a suite of ALM products - who knows what they'll do.

In the immortal words of Dr. Seuss "Don't cry because it's over. Smile because it happened."

PHP algorithms: Determining if an IP is within a specific range.

2009-04-27T22:48:15Z

I spend a lot of time lurking in the #PHP channel (efnet and freenode, please - no flamewars) and this topic is a commonly asked one that usually gets a simplified answer in the form of using strpos(), or at best an ip2long() in a greater than and less than answer.

Unfortunately although people usually understand that an IP address is simply an unsigned 32 bit integer, and is easily determined, usually with $_SERVER['REMOTE_ADDR'], where the real challenge is - is in specifying the range within which they wish to check that IP address. IP ranges are usually specified in three common ways (in increasing complexity):

Wildcard: 192.168.10.*

Start-End range: 10.1.0.0-10.1.255.255

CIDR*: 172.16.1.0/24

* Classless Inter-Domain Routing

The Wildcard method, or "classy", allows you to work at Class A (10.*.*.*), Class B (172.16.*.*) or Class C (192.168.10.*) levels of granularity which is how we used to do things in the old days (before the Web decided to make the Internet popular). But, increasingly, this just isn't granular enough for practical purposes.

Thus was born CIDR (yes, I'm skipping talking about Start-End ranges for now). CIDR brought about the concept that we really didn't need to break networks on 8, 16, 24 bit boundaries and we could be more granular by allowing the use of any number (from 2-30) to specify a range of networks. Details on why you can't use "31" is beyond the scope of this article.

CIDR renamed the former Class A, B and C networks as /8, /16 and /24 respectively and reflects the left-most significant bits of the 32-bit IP address. Thus was born the ability to specify very specific IP ranges in the form a.b.c.d/xx. However, part of the problem with this is that although it concisely describes the network start and end, most normal mortal humans couldn't decipher it. CIDR addressing can also be specified in the form of a longer netmask, e.g. a.b.c.d/255.255.255.224

Thus, the simplified form of Start IP - End IP was put in place for mere mortals and is typically used by those without a networking background. It also features heavily in consumer broadband routers and notably in Microsoft Windows DHCP server.

So having explained how a range, and by inference, that a netmask is, how can we use this knowledge to help us in determining if an IP is within a range?

What this article will attempt to do is guide you though the construction of algorithms to make the checking of IPs simpler.

Logically, Method 1 (the Wildcard), can be easily converted to Method 2 (Start-End range) by using setting Start and End to the Wildcard string and replacing the "*" character with 0 for the Start and 255 for the End, thus for example, "192.168.10.*" becomes "192.168.10.0-192.168.10.255" which should (I hope) be obvious to everyone.

We can then proceed to evaluate both Method1 and Method2 in the same way. In this we're simply going to use the PHP built in function ip2long() on all 3 values and perform a mathematical check for Start <= IP <= End.

list($lower, $upper) = explode('-', $range, 2); $lower_dec = ip2long($lower); $upper_dec = ip2long($upper); $ip_dec = ip2long($ip); return ( ($ip_dec>=$lower_dec) && ($ip_dec<=$upper_dec) );

We have, however, a complicating factor here - PHP does not do unsigned integers (32 bit) - which would be necessary for this math to work properly. We can negate this by switing to floating point data types. PHP stores floating types as 64 bit and so will have no problem with IPv4 address space (note - this obviously isn't granular enough for 128bit IPv6 addressing). Therefore the simplest way to solve the Start <= IP <= End problem with IPs and floating point numers is the following piece of code:

$lower_dec = (float)sprintf("%u",ip2long($lower)); $upper_dec = (float)sprintf("%u",ip2long($upper)); $ip_dec = (float)sprintf("%u",ip2long($ip)); return ( ($ip_dec>=$lower_dec) && ($ip_dec<=$upper_dec) );

Next we have the challenge of handing the CIDR netmasks. What we could do is to take a CIDR format IPaddress/netmask and calculate the Start and End IPs of that block and proceed as before - but that would be no fun - and would mean I haven't really taught anything through this article.

The method we're going to use here is how all the world's Internet routers determine if a destination IP is in a specific CIDR address space. And we're going to get down and dirty with bitmasks and logical bitwise operators.

So using a real world example, my webserver IP 80.76.201.37 and the netblock within which it resides is 80.76.201.32/27, how does this all work?

Well the /27 indicates that the first 27 bits of the IP address are the same network and IP address in that network (range) will have those same identical first 27 bits. Bits 28-32 are variable and allow 5 bits of variation. If you know your binary, then this means 32 possible IPs. (However with routing, you can't use the bottom and top IP from any range as these are special and mean the network and broadcast addresses respectively. [This is also why a /31 isn't much use (except for PPP links) as you can't use the 2 addresses that space gives you]).

So thinking logically, bitwise, if I take my IP address and the CIDR spec, then all I have to do is check that the first 27 bits all match and I'm good. Correct. So how would we do this in PHP? Sound's simple, lets just use PHP's bitwise logical AND operator: &
Again, correct.

In order to do this we need to convert 27 into what 27 really means - a 32 bit number of 27 ones and 5 zeros in binary (which is what 255.255.255.224 really looks like).

In pseudo-code you could then do if (IP & BITMASK) == (RANGE & BITMASK) then all is good and you know that the IP is within the range.

Visualising this using our real IP address (using the very handy unix tool ipcalc):

Address:   80.76.201.37    01010000.01001100.11001001.00100101
Netmask:   255.255.255.224 11111111.11111111.11111111.11100000
Wildcard:  0.0.0.31        00000000.00000000.00000000.00011111

Network:   80.76.201.32/27 01010000.01001100.11001001.00100000
HostMin:   80.76.201.33    01010000.01001100.11001001.00100001
HostMax:   80.76.201.62    01010000.01001100.11001001.00111110
Broadcast: 80.76.201.63    01010000.01001100.11001001.00111111
Hosts/Net: 30

You can see this in the Wildcard line of 0.0.0.31, and the Network ORed with Wildcard results in the Broadcast address: 80.76.201.63.

Knowing this, then the IP address ANDed with the Network address will result in the same value as the Range ANDed with the Network address and so can be used as a comparison for an IP residing within that broadcast range.

How can we work out this Network address in PHP, again we have two strategies, one is to so a simple substr() and take the left most significant bits of the range and then simply pad out to the right with 0s. Or we can do some math with "NOT of 2 to the power of (32-range) - 1". Thus for our value /27 this gives us the decimal value 31, NOTed results in (65536-31) (representational in the bit form - PHP will see it as a negative integer, but we don't need to worry about that).

I'm sure by now, your screaming for some code (and if you stuck around this long, you really deserve it).

Code to manipulate a range/netmask into a broadcast address, using math, assuming:

$ip = "80.76.201.37";
$range = "80.76.201.32";
$netmask = 27;

We can convert the IPs to long integers using ip2long (denoted by variable_dec - dec being short for decimal):

$range_dec = ip2long($range);
$ip_dec = ip2long($ip);

This gives us the basis of our math, we now just need to work out the broadcast address.

Strategy 1 using str_pad to create a string by padding with 1s and 0s.

$netmask_dec = bindec( str_pad('', $netmask, '1')
. str_pad('', 32-$netmask, '0') );

We can achieve the same result though mathematics by NOTtin the wildcard value. This is our Strategy 2:

$wildcard_dec = pow(2, (32-$netmask)) - 1;
$netmask_dec = ~ $wildcard_dec;

Once we know the netmask address (in decimal) as we have here, we can know that, if by ANDing this with the original IP to check results against the Range ANDed with the Netmask, then the IP is within the range defined by the range/mask.

This can be checked easily with:

return (($ip_dec & $netmask_dec) == ($range_dec & $netmask_dec));

I have pulled all of this logic together in a easily included file to provide a single function called ip_in_range($ip, $range) in which $ip is the IP address you want to validate and $range is a any of the above formats, Wildcard, Start-End addressing or CIDR. The function will return a simple TRUE or FALSE if the IP is in that range.

The source code to the all-in function is available here:

http://pgregg.com/projects/php/ip_in_range/ip_in_range.phps

With an example run (and source code):

http://pgregg.com/projects/php/ip_in_range/test.php

I hope this article has been educational, please feel free to leave comments or feedback.

Update: There have been questions about PHP's signed integers and my use of bit operations in the code. It is important to recognise that when dealing with signed or unsigned 32 bit integers purely as bit patterns for masking with a netmask or broadcast address pattern - the fact that a number (128.0.0.0 or above) really is negative, doesn't have any impact on the validity of the result. The only impact to not having signed 32 bit integers is in the Start-End range check (example 2 above: 10.1.0.0-10.1.255.255) where a range spanning the switch from positive to negative would be catastrophic to the check. We can safely work around that problem by using floating point numbers as we are only doing <= and >= comparisons and not attempting any bitwise operators (which don't work on floats).

Caught red-handed.

2009-04-26T10:49:35Z

Only two hours after he was supposed to be asleep...

Only light source was the Nintendo DS.

tail -# file, in PHP

2009-04-23T20:05:48Z

I read Kevin's Read Line from File article today and thought I would add some sample code I wrote a while back to address a similar task in PHP - How to perform the equivalent of "tail -# filename" in PHP.

A typical task in some applications such as a shoutbox or a simple log file viewer is how to extract the last 'n' lines from a (very) large file - efficiently. There are several approaches one can take to solving the problem (as always in programming there are many ways to skin the proverbial cat) - taking the easy way out and shelling out to run the tail command; or reading the file line by line keeping the last 'n' lines in memory with a queue.

However, here I will demonstrate a fairly tuned method of seeking to the end of the file and stepping back to read sufficient lines to the end of the file. If insufficient lines are returned, it incrementally looks back further in the file until it either can look no further, or sufficient lines are returned.

Assumptions need to be made in order to tune the algorithm for the competing challenges of :

Reading enough lines in
as few reads as possible

My approach to this is to provide an approximation to the average size of a line: $linelength
Multiply by 'n': $linecount
and we have the byte $offset from the end of the file that we will seek to to begin reading.

A check we need to do right here is that we haven't offset to before the beginning of the file, and so we have to override $offset to match the file size.

Also as I'm being over-cautious, I'm going to tell it to offset $linecount + 1 - The main reason for this is by seeking to a specific byte location in the file, we would have to be very lucky to land on the first character of a new line - therefore we must perform a fgets() and throw away that result.

Typically, I want it to be able to read 'n' lines forward from the offset given, however if that proves insufficient, I'm going to grow the offset by 10% and try again. I also want to make it so that the algorithm is better able to tune itself if we grossly underestimate what $linelength should be. In order to do this, we're going to track the string length of each line we do get back and adjust the offset accordingly.

In our example, lets try reading the last 10 lines from Apache's access_log

So let's look at the code so far, nothing interesting, we're just prepping for the interesting stuff:

$linecount = 10; // Number of lines we want to read $linelength = 160; // Apache's logs are typically ~200+ chars // I've set this to < 200 to show the dynamic nature of the algorithm // offset correction. $file = '/usr/local/apache2/logs/access_log.demo'; $fsize = filesize($file);

// check if file is smaller than possible max lines
$offset = ($linecount+1) * $linelength;
if ($offset > $fsize) $offset = $fsize;

Next up we're going to open the file and using our method of seeking to the end of the file, less our offset, here is the meat of our routine:

$fp = fopen($file, 'r'); if ($fp === false) exit; $lines = array(); // array to store the lines we read. $readloop = true; while($readloop) { // we will finish reading when we have read $linecount lines, or the file // just doesn't have $linecount lines // seek to $offset bytes from the end of the file fseek($fp, 0 - $offset, SEEK_END); // discard the first line as it won't be a complete line // unless we're right at the start of the file if ($offset != $fsize) fgets($fp); // tally of the number of bytes in each line we read $linesize = 0; // read from here till the end of the file and remember each line while($line = fgets($fp)) { array_push($lines, $line); $linesize += strlen($line); // total up the char count // if we've been able to get more lines than we need // lose the first entry in the queue // Logically we should decrement $linesize too, but if we // hit the magic number of lines, we are never going to use it if (count($lines) > $linecount) array_shift($lines); } // We have now read all the lines from $offset until the end of the file if (count($lines) == $linecount) { // perfect - have enough lines, can exit the loop $readloop = false; } elseif ($offset >= $fsize) { // file is too small - nothing more we can do, we must exit the loop $readloop = false; } elseif (count($lines) < $linecount) { // try again with a bigger offset $offset = intval($offset * 1.1); // increase offset 10% // but also work out what the offset could be if based on the lines we saw $offset2 = intval($linesize/count($lines) * ($linecount+1)); // and if it is larger, then use that one instead (self-tuning) if ($offset2 > $offset) $offset = $offset2; // Also remember we can't seek back past the start of the file if ($offset > $fsize) $offset = $fsize; echo 'Trying with a bigger offset: ', $offset, "\n"; // and reset $lines = array(); } } // Let's have a look at the lines we read. print_r($lines);

At first glance it might seem line overkill for the task, however stepping through the code you can see the expected while loop with fgets() to read each line. The only thing we are doing at this stage is shifting the first line of the $lines array if we happen to read too many lines, and also tallying up how many characters we managed to read for each line.

If we exit the while/fgets loop with the correct number of lines, then all is well, we can exit the main retry loop and we have the result in $lines.

Where the code gets interesting is what we do if we don't achieve the required number of lines. The simple fix is to step back by a further 10% by increasing the offset and trying again, but remember we also counted up the number of bytes we read for each line we did get, so we can very simply obtain an average real-file line size by dividing this with the number of lines in our $lines array. This enables us to override the previous offset value to something larger, if indeed we were wildly off in our estimates.

By adjusting our offset value and letting the loop repeat, the routine will try again and repeat until it succeeds or fails gracefully by the file not having sufficient lines, in which case it'll return what it could get.

For the complete, working, source code please visit:

http://pgregg.com/projects/php/code/tail-10.phps

Sample execution:

http://pgregg.com/projects/php/code/tail-10.php