Composer

It’s awesome, isn’t it? For those who don’t know it, “Composer is a tool for dependency management in PHP”. For example, if you are going to use Slim Framework with Twig Templating system, just create a file named ‘composer.json’ in your working folder with the following contents


{
  "require": {
    "slim/slim": "2.*",
    "twig/twig": "1.*"
  }
}

Then run the following command:

$ composer install

It shall download them in a folder named vendor. Include the following code in your PHP script:

require 'vendor/autoload.php';

All libraries just work like magic 😀

Apparently Composer has some sort of repository where people upload their codes. I didn’t want to signup on their website to put my library. I’m sort of a control freak. I wanted to host my code on Github and yet people include my library in the Composer magic. Yes! Composer supports downloading from Github.


{
  "repositories": [
    {
      "url": "https://github.com/Nayar/mera-framework-php",
      "type": "git"
    }
  ],
  "require": {
    "slim/slim": "2.*",
    "twig/twig": "1.*",
    "meraframeworkphp": "*"
  },
}

However i was getting this error when I was initializing composer repositories.

Loading composer repositories with package information
Reading composer.json of meraframeworkphp (master)
Installing dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

Problem 1
– The requested package meraframeworkphp could not be found in any version, there may be a typo in the package name.

Potential causes:
– A typo in the package name
– The package is not available in a stable-enough version according to your minimum-stability setting
see for more details.

Read for further common problems.

Composer uses Git tags to actually find the repository version. Ran the following in my library git then it worked awesome:

$ git tag -a v1.0.0 -m 'First release'
$ git push origin v1.0.0

First Name vs Given Name in Designing REST API

Been reading the book RESTful Web APIs by Leonard Richardson & Mike Amundsen. One section that is worth blogging about it the discussion on First Name vs Given name.

Traditionally, lots of forms we filled in our lives contained “First Name”, “Middle Name” and “Last Name”. As a database designer, I’d have 3 fields for it too. But what is “First Name” and “Last Name”?

Richardson and Amundsen in their book titled “RESTful Web APIs” state that:

“For instance, “first name” is not an accurate term. It’s an artifact of Western culture, in which we put the a person’s given name first. In some other cutltures, the family name comes first. The current oresident of China is named Xi Jinping. His “first name” is Jinping. That’s why givenname is a better semantic descriptor than firstname.”

I always write my name as Nayar Joolfoo (Nayar being given name and Joolfoo my surname).

If ever i were to write my surname first, i’d write it like this: JOOLFOO Nayar which makes it pretty clear what is my given name and surname.

Secure Gate or Secure Safe?

Me, Nadim and Ish were having a little talk about how to store passwords in databases.

Traditionally, passwords for a user are hashed using an algorithm such as MD5 and SHA-1 and then the hash gets stored in the database. Since hashing is a 1 way function, you cannot have a function MD5-reversed for example in which you pass in the hash and it will give you the original password. However, using rainbow tables we can try to find the original password.

Another issue with this is that if an attacker gains access to the database, if 2 persons use the same passwords, the hashes will be the same.

The use of a salt passwords can help to make current pre-computed rainbow tables. Me and Nadim were this discussing whether each user should have a different salt or not? And should the salt also be stored in database?

I think the most secure way would be to have 1 common salt for all, 1 salt for each user and then run the hashing algorithm to get the hash to be stored in the database. The common salt should be stored in a text file so as the attacker having the database cannot have the common salt unless he has access to the server file-system itself.

Enter Ish Sookun
Ish was of opinion that if your system is secure enough, there is not need to secure and encrypt the database.

If the database has been configured to accept only the IP of the web server, all files have been rightly chmodded, only the needful php libraries are installed, if all unused ports are blocked correctly, it doesn’t matter whether passwords are stored even in plain text.

He says what’s the point of having a secure safe which cannot be broken if your front gate is open, doors are open, you have no camera in your house. Eventually, the ones who steal your safe will use grinders to open it!

On another extreme, if you have the most secure gate, it doesn’t matter if you walk naked inside and leave your money scattered everywhere on the floor since no one can get past your gate.

Conclusion
I don’t think all companies can have the funds to hire a System Administrator with the caliber of Ish Sookun. If all do, there is only 1 Ish.

Security should be multi-layer IMO. Because we never know when your main gate might be breached.

There was a time the Great Wall of China could be used to defend. But since drones and satellites were invented, all walls are basically useless nowadays.

Kubuntu 15.04 Beta 1. WiFi no use

So, decided to test run Kubuntu 15.04 for having latest Plasma desktop. Install went smooth alongside my Kubuntu 14.10 and Windows 8.1.

1. Booting into the system, i simply can’t access any of the WiFi either with hidden SSID or broadcasted one. I’d get the following message.

Connectino Deactivated. The WiFi network could not be found

2. The start menu also froze which when force-fully killed, the whole desktop and taskbar was gone leaving only applications open. I could still switch between them by putting my cursor on the top left corner which displays all open apps.

snapshot4

3. I also notice that when running System Monitor (ksysguard) from KRUnner by pressing ALT+F2, the KRunner would not disapear unless i close System Monitor again.

snapshot5

And when I would close it, I’d get this error message then KRunner closes.

snapshot6

Final Notes:
I can say Kubuntu 15.04 is really really fast. Dolphin, System Monitor, Firefox open like in a breeze. It feels like on an SSD. But unfortunately I won’t be able to test more as I can’t get the WiFi to connect 🙁

MyT Fibre steals 1 out of my 50GB monthly allowance

Today is the 1st of March. My MyT Fiber connection was supposed to be upgrade to 10Mbps. But I notice I am still on 1Mbps. I check on their website. I see my volume allowance back to about 50GB.

snapshot33

I wanted to try Kubuntu 15.04 Beta 1. The download reached about half. Decided to call Orange customer support on 8902.

The lady told me to restart my Fibre livebox. My connection back to 10Mbps.

I already lost about 1GB of data on 1Mbps since the morning. She says I need to restart my Livebox at each beginning of month because they updated on their part and I need to do same at home. But they can deduce from my data allowance automatically. This is no problem for them.

UPDATE:

https://www.facebook.com/photo.php?fbid=10210078306587188&set=a.1457356646900.61743.1622890382&type=3

WTH Orange?