Archive for April, 2009

Advanced PHP Debugger (APD)

Tool Tips | Posted by attriel April 21st, 2009

The first Code Profiler we looked at was the Advanced PHP Debugger (APD).  (http://pecl.php.net/apd) Which I insist on calling ADP for some reason.  This one had a lot of features that looked interesting, and had a single function call for turning it on or off.  Something we could add to the pages we were interested in checking, or to our config to profile the complete set.

Unfortunately, the project looks to have been abandoned, with the last release (1.0.1) being from 2004.  We tried setting it up anyway, the zend hooks still existed AFAICT and it’s not unreasonable to believe that profiling data would be reasonably unchanging.  The rest of the “Debugger” might be out of date, but perhaps profiling would work.

As it turned out, apparently not ALL of the zend hooks still existed in the same form, and so every page load simply crashed PHP and the apache process managing the connection.

Tags: ,
Comments Closed

Perl … just wow :o

Externally Sourced, Programming | Posted by attriel April 17th, 2009

Hoping this shows right …

    ''=~(        '(?{'        .('`'        |'%')        .('['        ^'-')
    .('`'        |'!')        .('`'        |',')        .'"'.        '\$'
    .'=='        .('['        ^'+')        .('`'        |'/')        .('['
    ^'+')        .'||'        .(';'        &'=')        .(';'        &'=')
    .';-'        .'-'.        '\$'        .'=;'        .('['        ^'(')
    .('['        ^'.')        .('`'        |'"')        .('!'        ^'+')
   .'_\{'      .'(\$'      .';=('.      '\$=|'      ."|".(      '`'^'.'
  ).(('`')|    '/').').'    .'\"'.+(    '{'^'[').    ('`'|'"')    .('`'|'/'
 ).('['^'/')  .('['^'/').  ('`'|',').(  '`'|('%')).  '\".\"'.(  '['^('(')).
 '\"'.('['^  '#').'!!--'  .'\$=.\"'  .('{'^'[').  ('`'|'/').(  '`'|"&").(
 '{'^"[").(  '`'|""").(  '`'|"%").(  '`'|"%").(  '['^(')')).  '\").\"'.
 ('{'^'[').(  '`'|"/").(  '`'|".").(  '{'^"[").(  '['^"/").(  '`'|"(").(
 '`'|"%").(  '{'^"[").(  '['^",").(  '`'|"!").(  '`'|",").(  '`'|(',')).
 '\"\}'.+(  '['^"+").(  '['^")").(  '`'|")").(  '`'|".").(  '['^('/')).
 '+_,\",'.(  '{'^('[')).  ('\$;!').(  '!'^"+").(  '{'^"/").(  '`'|"!").(
 '`'|"+").(  '`'|"%").(  '{'^"[").(  '`'|"/").(  '`'|".").(  '`'|"%").(
 '{'^"[").(  '`'|"$").(  '`'|"/").(  '['^",").(  '`'|('.')).  ','.(('{')^
 '[').("["^  '+').("`"|  '!').("["^  '(').("["^  '(').("{"^  '[').("`"|
 ')').("["^  '/').("{"^  '[').("`"|  '!').("["^  ')').("`"|  '/').("["^
 '.').("`"|  '.').("`"|  '$').",".(  '!'^('+')).  '\",_,\"'  .'!'.("!"^
 '+').("!"^  '+').'\"'.  ('['^',').(  '`'|"(").(  '`'|")").(  '`'|",").(
 '`'|('%')).  '++\$="})'  );$:=('.')^  '~';$~='@'|  '(';$^=')'^  '[';$/='`';

That there is some nice formatting :o 

Source: http://www.99-bottles-of-beer.net/language-perl-737.html
Bottling (and obfuscating) done by: Acme::EyeDrops

Comments Closed

Code Profiling

Programming | Posted by attriel April 14th, 2009

Working on a large project, we were adding a large new feature.  Extending an old feature with a lot more power.  Except it was taking forever.  So we decided to look into what the app was doing, compare the two (old feature vs new feature), see how bad of a difference it really was.

Timing it, it turned out to only be 12 vs 15 seconds in the worst case scenarios we could think of to try.  OTOH, for a webapp, they’re both horrendous answers.  That’s when we decided to look deeper.

Code profiling is that deeper step.  It provides usage statistics on how long each function takes, each callout, etc.  In the past we’d all done ad-hoc profiling by putting in some debug statements in places we thought were taking the longest.

print “STARTING FUNCTION XXX ” + now();

print “EXITING FUNCTION XXX” + now();

The problem with this, obviously, is that it requires foresight or backpatching.

Foresight because you can put this in every function with a call to a pair of defined functions that you null-out in production.
function enter_function(name) {
     if DEBUG {
          print “ENTERING ” + name + ” ” + now();
     }
}
That way you get the output, but it goes away in production (when debug is presumably set to false).  Of course, now you always have it for all functions (assuming it’s part of your function template so it always gets added)
The second option is backpatching.  Going through your functions and adding either the prints or the function call.  Which gives you the same problem, but now you’re no longer sure that you’re hitting all of the functions.
The third option is modifying the compiler/interpreter so that it puts in that code for you.  Which is, honestly, what we did with it.  Because it’s easier than drinking from the firehose or attaching the hose to a kitchen faucet.

1 Comment »

DES Fail

Crypts, Demonstration | Posted by attriel April 10th, 2009

One of the early things I started doing with this blog, actually with the predecessor to this blog, was going through encryption examples longhand.  And I was going to start with a simple hash like MD5, except it turns out to be the opposite of simple.  So I decided to do DES, which seems to baseline a number of other common tools.

I got through 10 iterations of 16 and realized I’d been doing a step wrong since iteration 3.  Tossed that all away after months of trouble.  Then I started again, I got through 6 iterations and realized I was getting two arrays reversed on occasion.

Then I started on it AGAIN, with a plan to have my pages laid out to copy data A to B, 1 to 2, and keep everything in line.  Only by now, I’m no longer enthused by doing DES a third time.  It’s a serious PITA!  Add to that the issue that once I finish DES, this was one of the “easy” ones.  Which means the rest get harder. Un*x password files are saved via crypt, which is based on multiple passes of DES.

So after a year of doing 16 iterations of DES, I’d be moving on to doing 48 iterations of DES.  And then things would really get hard.  So I’m thinking this isn’t working.  I’ve now moved to what had originally been stage 2 plan, which was to develop scripts that would produce the longhand for looking at.  Hopefully I’ll get DES done in the next week or so.  I’ll post the script and the output if I get that working.

Tags:
Comments Closed

Missing post

From The Lines | Posted by attriel April 10th, 2009

So, apparently my post from yesterday went AWOL.  We’ll fix that in a sec.

Anyway, I was just looking for some documentation on an error.  “Inappropriate Matching”.  First off, that just makes me think it’s a game of Memory(tm) but with XXX pics instead of cows and sheep … *shudder*

Second, during my travels, I discovered this gem of advice:

Yes, carefully read the README file and also the other README file

In the words of Lightning McQueen — Thank you.  That is SPECTACULAR advice.  Thank you..

Comments Closed

New Category

Site Maintenance, Tool Tips | Posted by attriel April 7th, 2009

So, I think one thing I need to do is set up some new guidelines.  so one thing I’m going to do is create some new categories and set up some regular “features.”

To wit:  I’ve added “Tool Tips”, which is a category I’m going to use for posting about various programming or security tools I find and use.  Sort of a cross between overviewing and my personal review of it.   Not going to get all fancy dance with “4 shebangs up!” or fancy pics or anything, but will be posting my thoughts and opinions on the pieces.

And I’m going to currently lay that out as every first and third Tuesday.  I think that’s a reasonable frequency right now, two tools a month I think I can hit that.  And I’m hoping to set up some pipelined posts during the hiatus (like this one, for instance). And hopefully that will give me a little leeway in case I don’t hit up any new tools immediately.

Actually, now I almost want to make a graphic and do 4-shebangs out of 7 or something …

Comments Closed