Monday, February 28, 2011

Gnu PG (gpg) to encrypt .tar.gz

I came to realize that its important to encrypt file that we backup.
We might never know who is touching on those file on the server,
especially when its publicly available on the internet.

One way to encrypt the file is with Gnu PG (gpg).
To create your private + public key:
gpg --gen-key

After completed the prompt, the keys will be created.
Public key is for you to distribute to others, so that they can encrypt the file specially for you only. Because your public key encrypted file can only be decipher by your "private" key.

On MAC / Linux, the keys is stored in [home]/.gnupg/*

To encrypt a file:
gpg -e [filename]

A file by name [filename].gpg will be created with the encrypted data.

to decrypt the file:
gpg -d -o [filename] [filename].gpg

GPG encryption also does compression. Therefore, there is no need to gzip a tar file to use gpg with it. GPG allow console input for encryption. There fore, you may run this:
tar -cp [directory/filename] | gpg -c -o [newfilename].tar.gz.gpg


If you are planning to open your encrypted file in another computer, you will need to have the private key on that machine. Todo that:
To export your secret keys, use:
gpg --export-secret-key -a > secret.key

and to import them in the other machine:
gpg --import secret.key


Other usage:

GPG can also be used for mail purpose. But you will need to allow your sender to have your public key, in order to send encrypted email to you.
You may export your key to your sender by running:
gpg --armor --export --output [newfilename].asc "[yourkeyuid]"

To get the list of keys available on your machine:
gpg --list-keys
The uid role will be needed for above export.




Tuesday, February 22, 2011

jQuery datepicker show only month and year

This code from: http://stackoverflow.com/questions/2208480/jquery-date-picker-to-show-month-year-only
seems to work:
---------------
[script]
$(function() {
$('.date-picker').datepicker( {
changeMonth: true,
changeYear: true,
showButtonPanel: true,
dateFormat: 'MM yy',
onClose: function(dateText, inst) {
var month = $("#ui-datepicker-div .ui-datepicker-month :selected").val();
var year = $("#ui-datepicker-div .ui-datepicker-year :selected").val();
$(this).datepicker('setDate', new Date(year, month, 1));
}
});
});
[/script]
-----------
But the main problem is showing back the month,year in the dialog box.To do that, you will have to modify the jquery.ui.datepicker.js

with the code (line #1548, #1549):
----------------
var date = this._daylightSavingAdjust(new Date(year, month - 1, (day >= 1 ? day: 1)));
if (date.getFullYear() != year || date.getMonth() + 1 != month || (day > 0 && date.getDate() != day))
----------------

Sunday, February 20, 2011

Web based application problem

One thing the internet should do better is the consistency check of the data retrieved.
I know, there are suppose to be Network level check, but what im focusing on is the streamed/downloaded data.
Is it complete? or is it half way done.

One good example is downloading a huge file on the internet.
If its a zip file, its easy. Because we can check the zip file crc from the achieve application.

But isnt this suppose to be a web browser job?

There have been more and more Ajax base application out there, but yet,
i find that its not consistant in terms of opening the processed ajax output.
There are times when the internet got instable , and the browser thought the process is complete.
There are also time when the browser thought the javascript is downloaded complete, but its not.
This lead to instable output or undesired response from the server.
Most of the time, this could be fixed by refreshing, or clearing the cache and refresh.
But i think its best that there should be some kind of browser parity or consistancy check for completion, or dont render the output and output some kind of error message to the user.

Sunday, February 6, 2011

PHP gmtime?

I've seen some forum talking about, how nice to have gmtime() function.
But according to some post, it seems that time() is already in gmtime.

But how do we convert a unixtimestamp stored via gmdate("Y-m-d H:i:s") to a offset where its not the server locale timezone?

Its kind of confusing.
But the trick i used was to add the offset to the timestamp, and check if daylight is in effect.
Example of code:
$gmtime = $oRow["ftime"];
$daylight = date("I", $gmtime);
$iOffsetHour = _user_timezone_offset_here;
if ($daylight){
if ($iOffsetHour > 0){ $iOffsetHour-=1; }
else { $iOffsetHour+=1; }
}
$iLocalTime = $gmtime + (60*60*$iOffsetHour);

And to get a quick gmtime():
$gmtime = strtotime(gmdate("Y-m-d H:i:s"));

If anyone find this wrong, please correct me.
thank you :)

Wednesday, February 2, 2011

What may speed up development?


Development speed is what most business is looking forward.
As business client expectation changes, business system have to change according to business requirement from time to time.

Most developer seems to forget about maintenance of existing projects. This is also the same case for most project managers and bosses.
And development doesn't just count new projects and add-on features, but developer should consider detecting "smelly" code and make the code easy to debug.

Unit testing is critical in creating a more stable code. Each time new features is added in, the code shall be tested through series of unit test to ensure existing functionality behave accordingly (as of before add-on or change).

Every developer should consider easy maintainability of their project.
It shall be easy to backup, easy to restore, easy to detect bugs, easy to read code, easy to detect problems or exception.
All these "easy" doesn't come easy to accomplish.
One may consider doing:
  • automated backup of database and site;
  • write brief and useful comments in code;
  • separate "god"-like functional code into parts;
  • write testunit for every functional part of the program;
  • automate background process to cleanup old or unwanted data like logs;
  • automate touch and undo unit-test processers;
  • automate warning message to notify developer of exception and errors;

Here are several things which can be use in most projects:
  • TestUnits for:
    + Date and time zone check and notification
    + Environment requirement check

  • Background processors:
    + # of requests check in a minute
    + Logs reports generation
    + Automated remote update
    + Database rows / size check and notification
    + Database integrity check and notification

  • Maintenance utilities:
    + Server-client communication library
    + Site database copy to local machine
    + Online site and users monitoring
    + Site reports: page count, exceptions, logs
    + Site files download, deployment and updating
    + Site version control and remote updates
    + Framework version update check



Site testing


Aha, you are done with a site!
Is it really done?
What you might want to consider to test? :
  • Cross browser look and feel?
  • Spell & grammar check?
  • Browser check script? (stop user from continuing and browser recommendation)?
  • Have you done a LinkChecker on the site?
  • Have you optimize the site for search engine? Have you put up robots.txt? Have you put up favicon?
  • Have you done a webpagetest.org test on your site?
  • Have you done a country base test on just-ping.com and http://www.websitepulse.com/help/testtools.china-test.html for china users?
  • Is the site ready for mobile users? IPhone? Ipad? Blackberry? Mini opera?
  • Unit Testing for each function in controller of mv"c"?
  • Data entry of invalid values in form fields?
  • Detect and blocking DOS attack?
  • What if facing heavy traffic? Temporary stop execution ? How to detect it?
  • Cross Site scripting by script entry in form?
  • IP Spoofing prevention / proxy connection prevention for transaction?
  • IP filtering to narrow down user access from specific countries?
  • Is the server date and timezone correct?
  • What if multiple user hit concurrently on 1 process? Will duplicate happen?
  • If flash is involved, how to detect for flash block? and put up notices?
  • If you have file protected, is the indexing of directory disabled? Is direct URL access being disabled?
  • Have the website being optimized? (example: setup css and js into separate files)
  • Do you have large files to target specific country audiences? Do you need fast loading? CDN (Content delivery network)?
  • Have you put up notes on project/site objective and target audience?
  • Do you provide font-size adjustment on site?
  • Does the site require multi-lingual in the future? is it ready for that?
  • Do you have logs to track invalid calls or exception on site?
  • Have you combined all functions by avoiding duplicate codes?
  • Have you documented / commented the code?