Category Archives: Tech Fail

Upgrading to WordPress 3.9 in Heroku

As you may already know, our blog is using the WordPress Heroku PHP Buildpack.

Now, since April of 2014 Heroku has updated it’s buildpack to support officially PHP and their final version here. They have done a really fine job, compared to the old legacy buildpack which involved a custom build batch file, and a plain empty php file to procreate the Heroku Dyno to run the Apache process with php process. More details from this awesome guy, here : https://github.com/mhoofman/wordpress-heroku and the dyno changes here : https://github.com/xyu/wordpress-heroku .

Our current installation though uses also WordPress.

Since then WordPress has released some considerable updates, and we need to update to the newest version. So, doing the necessary process, downloading WP3.9.2 , extracting it to the current setup, committing, pushing to heroku master.

At first heroku fails. Since by default it uses the new buildpack and requires composer.json to exist, so as to run Composer and configure afterwards the PHP-Heroku-Buildpack. Now, that was my point of failure since I did not notice that you can keep the legacy buildpack (but hey, new is always better right?) and I agreed to take on the new one.

After following the guide here Getting Started With PHP ,  created a composer.json (currently empty since we did not require anything new) and modified Procfile since we needed to explicitly tell Heroku that we had a custom Apache configuration.

A custom Apache Configuration?

Aye. While on the old buildpack you could initialize the stack with php, some WordPress plugins (such as Jetpack, or Zip support) did multiple requests on the server (I assume Ajax ?) and Heroku did not support concurrent requests in the old buildpack. Zip required to include mod_deflate.so. So I found out this guy: https://github.com/xyu/ who wrote a custom script doing nothing more complex than including to the Apache conf his configuration which in turn enabled the concurrent requests. This file was being loaded at startup, when heroku dyno was running.

Searching the Heroku documentation

..and I found out that if you want to include a http.conf  file you have to do it somehow like this :
web: vendor/bin/heroku-php-apache2 -C apache_app.conf
by modifying the Procfile and inserting the custom config file.

Obviously that did not work.

There were warnings that stated that we could not declare ServerLimit inside the VirtualHost section. Which later on made more sense when I saw how New Heroku buildpack integrates apache…

Aside from that, in the Heroku Logs :

There were enough warnings (and a fatal) like these :
2014-04-30T17:59:48.184463+00:00 app[web.1]: [30-Apr-2014 17:59:47] WARNING: [pool www] child 48 said into stderr: "NOTICE: PHP message: PHP Warning: pg_query(): Query failed: ERROR: missing FROM-clause entry for table "session""
2014-04-30T17:59:48.184466+00:00 app[web.1]: [30-Apr-2014 17:59:47] WARNING: [pool www] child 48 said into stderr: "LINE 1: SELECT @@SESSION.sql_mode"
2014-04-30T17:59:48.184468+00:00 app[web.1]: [30-Apr-2014 17:59:47] WARNING: [pool www] child 48 said into stderr: " ^ in /app/wp-content/pg4wp/driver_pgsql.php on line 140"

I’m not a Postgres expert, I’m more familiar with MySQL so, I decided that I should install my blog locally.

Downloaded the Postgres dump, restored in local instance, along with the new buildpack, ran an apache instance, and voila another error:
LINE 1: SELECT @@SESSION.sql_mode
^ in /var/sites/example.com/www/wp-content/pg4wp/driver_pgsql.php on line 133
PHP message: PHP Fatal error: Call to undefined function wpsql_errno() in /var/sites/example.com/www/wp-content/pg4wp/core.php(32) : eval()'d code on line 1531"

That one was mitigated from these guys here : https://vitoriodelage.wordpress.com/2014/06/06/add-missing-wpsql_errno-in-pg4wp-plugin/

When I was sure that everything works as intended, I finally pushed again.

Nothing. 0. Actually 500:

500

Checked the logs and I was getting a VERY  descriptive message :
2014-22-11T03:17:49+00:00 heroku[router]: Error H12 (Request timeout) -> GET / dyno=web.1 queue= wait= service=30000ms status=503 bytes=0

This error was not helping at all. No matter what I tried after that, I kept receiving timeout, as if the php apache process was eating up all the resources of the dyno. Clearly something is very wrong…

Finally, I decided to use the standard legacy buildpack

And reverted everything, after upgrading to the new WordPress, migrating the database locally and updating the cloud afterwards.
I used the legacy buildpack by running in my local heroku env:
heroku config:set "BUILDPACK_URL=https://github.com/heroku/heroku-buildpack-php.git#legacy"

 

I have just recently found out that the guy who wrote the plugin connecting to Postgres (this guy: https://wordpress.org/plugins/postgresql-for-wordpress/ ) has recently stoped developing it. And later, (although I still have second thoughts on How hhvm is compatible with php 5.3 and more specifically 5.3 in WordPress) Xiao who migrated his blog to HH-VM/NginX/MySQL heroku build pack : https://github.com/xyu/heroku-wp .

As soon as I have updated I will gather results to see how it went.

EDIT: It looks like there is an update for PG4WP I have been missing. Trying it and letting you know…
EDIT2: Nothing. The process keeps hanging by returning :
←[0m at=error code=H12 desc="Request timeout" method=GET path="/" host=www.must-feed.com request_id=fcaa61c9-1bbf-48d2-9b3c-797ca14ffa58 fwd="192.168.84.223" dyno=web.1 connect=1ms service=30000ms status=503 bytes=1240

5 Unbelievable Security Fixes

While working with security…

…you often find yourself between a rock and a hard place.

Solutions must be provided in with low cost both in time and money !

Since one of my responsibilities during my morning job is security, we had, as a team to outthink all the potential attackers. Now this is a quite hard job to do. While we had a lot of brainstorming going, we decided to take a break. And one of our colleagues came out with the following blog post. Have a look: 

I hope its a demonstration if proper camera usage…

Better than NSA

Looks like I’ll have to think twice before trespassing…

Watch out, it looks very fierce

 

Practical and Efficient

Always lock your mo-pad!

 

Always, always think big!

After some years the chain will actually grow into the tree, rendering it impossible to move

 

But above all, know how to:

Protect and Spell!

 

I personally think that it gives a totally new meaning

to the term “security fixes”. I just hoped I had the opportunity to implement those security fixes during a PCI/DSS audit… By the way, in terms of development and bug-introducing procedure (we all had this, bugs are unfortunately unavoidable), not while ago there was this bug.

The heartbleed bug, has efficiently put all internet to knees…

Heartbleed bug was at the same (ok, a little more) level of stupidity.

<

pre>

/* Enter response type, length and copy payload */
*bp++ = TLS1_HB_RESPONSE;
s2n(payload, bp);
memcpy(bp, pl, payload);

There was absolutely NO static analysis problem. NO compilation error. Nothing at all. Just a stupid thing that two variables where controller by the user. And if you change those two variables you’re gonna get a GOOD dump of the nearby memory….

That was the case…

Source : Diply

Billion laughs – The Trolling way

The “Must Know” file for “DDoS” attacks with XML Parsers.

<?xml version="1.0"?>
<!DOCTYPE lolz [
 <!ENTITY lol "lol">
 <!ELEMENT lolz (#PCDATA)>
 <!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
 <!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
 <!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
 <!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
 <!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
 <!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
 <!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
 <!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
 <!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>

Billion laughs – Wikipedia, the free encyclopedia.