Posted by & filed under Security.

I was at work yesterday, and mentioned the word “Authentication” to a co-worker via IRC. His client had cut off the last word, and he asked me what the hell Authenticatio was. I jokingly said I was talking about as a domain. On a whim, I dropped $40 and bought the thing.

Later, while asking what the hell I should do with it, a friend suggested it could be about AuthentiCat, a cat who has advice on Authentication and Data Encryption. Thus, AuthentiCat.IO was born.

It’s going to be a web-comic site about silly computer security topics. I’ll try to post at least one thing a week. Wish me luck!

Posted by & filed under NoSQL.

$ brew install rethinkdb
==> Downloading
Already downloaded: /Library/Caches/Homebrew/rethinkdb-1.5.0.tgz
==> ./configure --prefix=/usr/local/Cellar/rethinkdb/1.5.0 --fetch protobuf --fetch protoc
==> make
make[1]: *** [build/release_clang_notcmalloc/rethinkdb_web_assets/js/reql_docs.json] Error 1
make[1]: *** Deleting file `build/release_clang_notcmalloc/rethinkdb_web_assets/js/reql_docs.json'
make[1]: *** Waiting for unfinished jobs....
make[1]: unlink: build/release_clang_notcmalloc/rethinkdb_web_assets/.: Invalid argument
make: *** [make] Error 2


The only thing Google brings up is a pastebin that someone else made who had the same problem, but with no way to contact them. So, I’m putting this message here for visibility. If anyone knows how to fix it, please say so in the comments ;).

UPDATE: The bug has been fixed in 1.5.1. Just do the following and you’ll be good to go:

$ brew update && brew install rethinkdb

Posted by & filed under Linux.

After moving to my new apartment, it was time to dust off the old Linksys router I had lying around. This thing has been hacked to run the latest DD-WRT that it could handle.

My network address changes occasionally, and I didn’t want to setup any dyndns accounts to keep track of the IP and have it resolve to a hostname. Honestly, just being able to get the last IP address is good enough for me.

So, I came up with this script that I run on one of my websites which listens for HTTP requests. When it gets one, it simply logs the IP to a file and spits it back out to the client.

Then, whenever I want to grab the IP address of the home network, I just hit another URL to grab the IP. The script is requested from my router every hour.


Open your DD-WRT settings, go to Administration | Management, and scroll down till you see the section on CRON. You can add the following rule to have your router grab the file every hour:

*/60 * * * * root wget
Screen Shot 2013-05-16 at 11.01.28 PM


$handle = fopen("./ip.txt", 'w');
fwrite($handle, $ip);
echo $ip;


echo file_get_contents("ip.txt");


touch ip.txt
chmod a+w ip.txt

Obtaining IP

Simply browse to to get the last known IP address.

Posted by & filed under PHP.

 * This class will safely parse complex objects or arrays with possible missing keys
 * Usage: obj::query($obj, 'dot.separated.syntax');
class obj {
     * Parse the provided object
     * @param $object mixed The complex object you're going to parse
     * @param $path string The dot separated path you would like to query the object with
    public static function query($object, $path) {
        $paths = explode('.', $path);
        return self::recurse($object, $paths);

     * The function that does the real work
     * @param $object mixed
     * @param $paths array
    protected static function recurse($object, $paths) {
        if (!$object) {
            return null;
        if (!is_array($object) && !is_object($object)) {
            return $object;

        $newPath = array_shift($paths);

        if (is_array($object) && isset($object[$newPath])) {
            return self::recurse($object[$newPath], $paths);
        } else if (is_object($object) && isset($object->$newPath)) {
            return self::recurse($object->$newPath, $paths);
        } else {
            return null;

$data = '{
  "x": {
    "y": true,
    "z": null,
    "w": false,
    "l": "banana",
    "a": {
      "b": {
        "c": "d",
        "d": "e"

$complexArray = json_decode($data, true);
$complexObject = json_decode($data);
$complexMixed = array(
        'x' => json_decode('{"name": "so complex"}')

echo "Should be banana: ";
var_dump(obj::query($complexArray, 'x.l'));

echo "Should be 'e': ";
var_dump(obj::query($complexArray, 'x.a.b.d'));

echo "Should be NULL: ";
var_dump(obj::query($complexArray, 'a.b.c.d.e.f.g'));

echo "Should be TRUE: ";
var_dump(obj::query($complexObject, 'x.y'));

echo "Should be 'so complex': ";
var_dump(obj::query($complexMixed, ''));

Posted by & filed under PHP, Web Server.

Not too long ago I took a trip out to California to see my sister and her husband. While there, I set him up with a WordPress site so that he could sell baseball cards and do box breaks. The site, if you’re interested, is

Due to RAM restrictions on various servers I’ve had to use, I learned to axe Apache a long time ago. I’ve replaced it with lighttpd, although I’ll probably be transitioning over to nginx sooner or later (it’s what we use at work, and seems to be even lighter in the memory consumption department). Therefor, all of the sites running PHP on my webserver sit behind lighttpd, which consists of several WordPress based sites.

For his website, which is to sell products with inventory which gets reduced, I chose to install Woocommerce. I’ve used other Woo WordPress products before, and it looks like one of the best WordPress eCommerce solutions. Unfortunately, Woocommerce doesn’t work all that well with lighttpd, or more specifically, with lighttpd using the server.error-handler-404 configuration for handling URL routing. If you google lighttpd WordPress configuration, this is the most commonly recommended method for grabbing dynamic URLs.

The problem is that when lighttpd has the server.error-handler-404 in place for grabbing URLs, the GET parameters on the original request are NOT passed along to the index.php file. One could go to the root of the website and add a GET parameter and it would work fine, e.g., but as soon as a page was requested which doesn’t exist, the GET parameter would be lost, e.g.

The solution for this problem isn’t complex by any means. If you inspect the $_SERVER variable on a request which was losing the GET parameters, you can see they’re still available in $_SERVER[‘REQUEST_URI’]. So all we have to do is grab the URI, after the first question mark, parse the variables, and replace the global GET parameter. The following code, when added to the top of the main index.php file, will solve this issue:

$question_pos = strpos($_SERVER['REQUEST_URI'], '?');
if ($question_pos !== false) {
        $question_pos++; // don't want the ?
        $query = substr($_SERVER['REQUEST_URI'], $question_pos);
        parse_str($query, $_GET);

Also, here’s the lighttpd.conf settings that are recommended for using WordPress with lighttpd:

$HTTP["host"] =~ "(^|\.)example\.com$" {
        server.document-root = "/var/www/"
        server.errorlog = "/var/log/lighttpd/"
        accesslog.filename = "/var/log/lighttpd/"
        server.error-handler-404 = "/index.php?error=404"

Tracking down the source of the problem for Woocommerce was pretty difficult. It wouldn’t allow items to be removed, couldn’t add items while viewing the item page, although it would allow an item to be added while viewing a listing of items. AKA it sometimes worked and sometimes didn’t.

The root of the problem here is two-fold. First, lighttpd doesn’t pass GET parameters along with the error handler directive. Second, Woocommerce should not be using GET parameters for persisting changes to the server. A GET request is intended to be used for just that, getting information from a server. A POST request is intended for sending changes to the server. While talking with Woo tech support, one of the things they kept asking me is if my host was caching requests. I said no, since it’s a VPS I’m in control of the caching, and that domain has none. If Woocommerce were to switch over to using POST requests for persisting user cart changes, it would save their customers from having these caching issues (POST requests are never cached), and would have the side effect of allowing lighttpd to work without this code change.

There is a big shortcoming with this solution. When the administrator of the website updates WordPress, the changes in index.php could be overwritten. A better method to inject this code would be to write a WordPress plugin, and ensure that it is executed before the Woocommerce code is run. An even better solution would be to have more complex lighttpd rules with regular expressions to capture requests and route them all accordingly, without the need for the server.error-handler-404 code, but I don’t know lighttpd configuration that well to come up with a solution.

Posted by & filed under NoSQL.

These are my notes for the talk I’m giving today on PHP and MongoDB.

Example PHP script for communicating with MongoDB:

#!/usr/bin/env php
// Instantiate the Mongo client
$m = new MongoClient();

// Connect to a database. If it doesn't exist, it will be created
$db = $m->example;

// Point to a collection within the db. If it doesn't exist, yup.
$people_collection = $db->people;

// our first person.
$tom = array(
	'name' => 'Thomas Hunter',
	'age' => 27,
	'enjoys' => array(

// add person to collection

// our second person. notice the different structure
$amanda = array(
	'name' => 'Amanda',
	'age' => 31,
	'hates' => array(
	'enjoys' => array(

// lets add her as well

// find() with no argument is basically a SELECT *
$people = $people_collection->find();

// Iterate over our peeps
foreach($people AS $person) {
	// I'm assuming everyone has a name and age
	echo "{$person['name']} is {$person['age']} years old.\n";

	// They might not enjoy anything
	if (isset($person['enjoys'])) {
		echo "Enjoys:\n";
		foreach($person['enjoys'] AS $enjoy) {
			echo "* $enjoy\n";

	// They might not hate anything
	if (isset($person['hates'])) {
		echo "Hates:\n";
		foreach($person['hates'] AS $hate) {
			echo "* $hate\n";



# MongoDB + PHP
Who needs an ORM when we can just throw our objets straight into the database?

## MongoDB vs MySQL
* MongoDB is a schemaless, "document" storage system.
* MongoDB is queried using a JSON superset / JS subset syntax
* MySQL is a schema'd, relational database management system
* MySQL is queried using a SQL dialect
* "Translation" between SQL and Mongo:

## Install Mongo
* OS X
 * `brew update && brew install mongodb`

## Install PHP Mongo Client
* *NIX
 * sudo pecl install mongo

## Using the CLI Interface
By default, there's no database credentials, only listens on localhost

	$ mongo							# Connect
	> show databases				# Get list of databases
	> use DB_NAME					# Pick a DB to work with
	> show collections				# Get a list of collections (tables)
	> db.COLLECTION.list()			# Get items in that collection (SELECT * FROM table)
	> db.COLLECTION.insert({"name": "steve", "age": 28}); # Insert
	> db.COLLECTION.remove(ObjectId("518e654c8f9196b5abf973e3")); # Delete

## Why use MySQL?
* Your data fits the relational database paradigm
* You need guaranteed data storage
* You know how to use MySQL

## Why use MongoDB?
* Your schema changes frequently
* You work with tons of JOINs for small pieces of data (topics, categories)
* You want super fast writes, might not care about a few missing records

Posted by & filed under Personal.

If you know me, you know that I’m not a big fan of recruiters. Particularly, recruiters who take the shotgun approach to finding candidates by sending the same copied-and-pasted email to hundreds of potential applicants. I know that these are copied-and-pasted, because my various email accounts will get the exact same email sent minutes apart.

recruiter-1 recruiter-2

I was getting some more recruiter spam today, so I asked the recruiter where he had gotten my information from (since I had deleted my LinkedIn account a week earlier). He send me a screenshot of this page on Dice:


Dice used to be a huge name in the hiring market. And I suppose it still is (look at all those tabs!) but it has since fallen in popularity thanks to LinkedIn. Anyway, turns out Dice scrapes popular social media networks, runs some heuristics on them, and figures out which profiles on various sites belong together (many of the links between sites could have been determined based on what I had entered into the sites, but not all). Most of the information above came from my LinkedIn profile, and was cached (e.g. scraped and stored in their database) since the LinkedIn profile no longer exists.

I’m fine with people being able to find my information on various sites, but not really a big fan of Dice tying all this stuff together (also, not sure whose MySpace profile my account is linked to on Dice…). I figured the next thing to do would be to ask Dice to delete this page about me. I sure didn’t ask Dice to aggregate this data on my behalf.


It’s almost creepy if you think about it, sites cyber-stalking you and aggregating it in once place. What if this site had information about forum posts and buying habits and dating site profiles of mine?

I haven’t heard back from Dice yet, but we’ll see.

Posted by & filed under Personal.

Like a lot of people, I’ve got my fair share of fears. A lot of them make sense; they directly relate to self sustaining and not wanting to die. Some of them are completely unwarranted and avoiding them has had a direct negative-impact on my life.

Not too long ago, I started conquering many of them head-on. At times it can be very difficult. My blood pressure can go through the roof. Other times, I find that I’m not afraid at all right before taking one on. It’s really based on perception and situational variables when these happen.

Fear of Public Speaking

Public Speaking is something I’ve absolutely dreaded for most of my life. There’s something about standing in front of an audience that causes me to forget my lines, face turn red, and start mumbling like an idiot. In High School, I used to lie to the teacher and tell her that I didn’t do my speech homework when it was my turn to talk, if I was freaked out enough.

To conquer this one, I gave a talk at Ann Arbor New Tech Meetup on NeoInvoice, a project I had built a few years ago. This talk was for 10 or 15 minutes, and was in front of a large auditorium with over 100 people watching. This was the biggest talk I had ever given. Around the same time, I had started a meetup of my own, the Ann Arbor PHP MySQL Meetup. Sessions were a bit smaller, and talks weren’t formal at all, but I did it for several months and must have talked dozens of time. I’ve also guest talked at an Ann Arbor Coffe House Coders Meetup, and most recently, gave a talk on the JavaScript Event Loop at Penguicon 2013.

While I do sometimes get a little nervous before a talk, I’m miles ahead of where I used to be. If you have a fear of public speaking, look for a local Meetup and offer to give a talk, or join your local SmoothTalkers Toastmasters guild.

Fear of Heights

Heights, or more specifically, falling to my death, is another big one. I remember going to some tall tower in Vegas where you could stand on a floor made of glass which was a hundred stories above the ground. I sort of froze in the center where the floor was solid. This fear mostly manifests itself for me in the form of flying in an airplane, where turbulence drives me nuts.


To fix this one, I fly and travel as much as possible. I just got back from the TechCrunch Disrupt convention in New York, before that I was visiting family in California, and this September I’m going to do the ultimate and hop on a many-hour flight to Ireland. A friend of mine is a pilot, and I started asking him questions about how planes work. Did you know that if the engines fail, the plane can still soar to the ground and land? I also climbed (took the stairs) a path up a small mountain in Sequoia National Park (pictured above) and had the chutzpah to lean over the railing!

Initiating Conversations

Here’s a weird one; I’m not that good at starting conversations, especially if it is with a group of people who know each other. This one isn’t so much a fear, as much as something I just avoid doing. I have no idea where it stems from, nor if others have it too.

This one was pretty fun to fix. While at the TechCrunch Disrupt conference, it was literally my job to talk to as many people as possible and sell the product as best as I could, both to people as potential users of the service and companies as potential consumers of the API. And I did a damn good job. Each day, I would cycle through all of the presenting booths, talk to people to learn about their company, then pitch mine, as well as manning the booth for several hours in-between  If their service stored media on behalf of users, I would explain how our product could save them money. If they weren’t a good fit, I’d just tell them how they can get free GBs for personal use.

The funny thing is, every single time I’d start a conversation, I led with “How’s it going?” It’s amazing what those three little words can accomplish, even when talking to women at the after-parties.


All these experiences have led me to this epiphany: Conquering my fears will make me a better person, allow me to understand myself better, and hell, it’s a lot of fun too (especially right after it happens and I realize nothing bad happened).

Do yourself a favor; if you have any fears, don’t let them control your life! If it is possible, jump directly into a scary situation. Also, do research on the things that scare you. Most of what we fear is really the unknown. Afraid of flying? Learn how to fly a plane. Afraid of spiders? Spend hours studying them and watching videos.