The PlayStation 3 browser is pretty much undocumented online, so it’s almost impossible to find any tips. For example, do you know how to enable the JavaScript debugger? To which most people respond, “It has a debugger?!?!?!?!”

Here are some tips to ease your pains:

Enabling the PS3 Browser Debugger

Create two bookmarks for yourself. Edit the URLs to match the following:

javascript:window.external.webbrowser.startDebugging();
javascript:window.external.webbrowser.stopDebugging();

(obviously using one bookmark for enabling debug mode and one for disabling)

jQuery Issues

Commonly used library jQuery simply does not work on the PS3. The PS3 JavaScript parser throws a wobbly on the line:

support.checkClone = fragment.cloneNode(......

… which can be found around line 1464, depending on your jQuery version.

Wrap this line with a try/catch statement to let the PS3 browser at least accept jQuery as a sane file. You will suffer endless problems with some jQuery functions, but getting it to load is the first massive step.

JSONP Ajax Requests on the PS3 Browser

jQuery offers some fantastic features for quickly making AJAX calls, but it is mega borked on the PS3. Rather than rely on jQuery, you can make your own request method for calling JSONP URLs that use a callback function name.

function ps3JSONP(method, args, cb){
  // generate random function name for callback
  var chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz";
  var func = 'JSONPFunc_';
  for (var i=0; i<16; i++){
    var rnum = Math.floor(Math.random()*chars.length);
    func += chars.substring(rnum,rnum+1);
  }
  // success function
  window[func] = function(data){
    success = true;
    cb(data);
    window[func+"_clear"]();
  };
  // error function
  window[func+"_err"] = function(){
    alert("Error loading "+f.src);
    window[func+"_clear"]();
  };
  window[func+"_clear"] = function(){
    try{
      delete window[func];
      delete window[func+"_err"];
      delete window[func+"_clear"];
    }catch(e){
      window[func] = undefined;
      window[func+"_err"] = undefined;
      window[func+"_clear"] = undefined;
    }
    document.getElementsByTagName("head")[0].removeChild(f);
  };
  // add arguments to JS
  var a = [];
  for(var i in args){
    a.push(i+"="+args[i]);
  }
  // create the element
  var f = document.createElement("script");
  f.type = 'text/javascript';
  // error catching for FireFox/Chrome/Safari etc. etc. etc.
  f.setAttribute("onerror", func+"_err()");
  // error catching for IE.
  var success = false;
  f.onreadystatechange = function(){
    if ((this.readyState == 'complete') || (this.readyState == 'loaded')){
      // set timeout to test if code actually executed
      setTimeout(function(){
        // check the success variable
        if (!success){
          success = true; // to stop multiple execution (IE sucks.)
          window[func+"_err"]();
        }
      }, 100);
    }
  }
  // call URL
  f.src = url+"/?callback="+func+"&"+a.join("&");
  // append and GO
  document.getElementsByTagName("head")[0].appendChild(f);
 }

Simply call the ps3JSONP function with your url, an object of arguments=>values and the callback function and it will actually work on the PS3!

For example, you can call:

ps3JSONP("http://some.api.com/method/get/time",{
  id: "my id",
  variable: 12345
}, function(data){
  alert(data);
});

Essentially, the flash uploader sends a POST request to the upload.php file in your main gallery installation folder.

It sends the following variables:

• user (base 64 of serialised user_id and password_hash)
• album (album id)
• process (1)
• Filename (filename of uploaded image)
• [standard multi-part image data]

success0|albums/userpics/10002/thumb_IMAG0061.jpg

To generate the user variable, you need to make a php array with a user_id and pass_hash variable inside from your authenticated user.

global $current_user;
get_currentuserinfo();
$coppermine_user_var = base64_encode(serialize(array(“user_id” => $current_user->ID, “pass_hash” => $current_user->user_pass)));

Best solution to implementing this is to look at the setup_swf_upload.js file inside of the Coppermine js folder.

To add it to your own website, add the following lines to your themes functions.php file:

wp_register_script('googleplus1', "http://apis.google.com/js/plusone.js");
wp_enqueue_script('googleplus1');

Then add the following to your single.php file to add it to the bottom of your articles. Make sure you put it somewhere sensible. You could even float it in a div if you fancy having it somewhere in particular.

<g:plusone></g:plusone>

See http://www.google.com/webmasters/+1/button/ for more details about how to customise the button.

Easy peasy! I’m sure ‘share bar’ plugins will be adding it to their list of sharing providers soon, so if you aren’t using a custom theme, best to wait for your plugin coders to update or drop them a line suggesting they implement +1.

However, after setting that you will eventually get it working but with an input delay. This is because VLC caches video in memory briefly before displaying it. You can pull this right down though, however the sound messes up the lower you set the cache. I recommend a setting of 50ms, you barely notice at all while using whatever device you have hooked into your capture card.

I’ve included a playlist file for VLC that will automatically play the video stream (assuming it’s 720p and you’ve set your BlackMagic settings correctly – if BlackMagic Media Express works you’re set).

Play PS3 in VLC

Let’s look at the basic way of doing this (btw, the WRONG way) and then work our way up to how most websites (should) be storing your password.

(comic from XKCD.com)

Version 1 – Plain-text

Joe has registered on my website and I have chosen to store his password in “plain-text”. This means I store his password with no other security measures than normal.

So in my database I store:

Username: Joe
Email: Joe@bloggs.com
Password: 12345

Yes, it’s a bad password. But you’d be surprised how many people use that one. (see top passwords on Gawker leak: http://blogs.wsj.com/digits/2010/12/13/the-top-50-gawker-media-passwords/)

Now when Joe tried to log into my website, I look at the password he gave me and compare it to my database. Let’s say Joe gives me his password “12345″ – Hurrah! It matches! I can let him login and access my lovely website.

Where are the problems with this? First, anybody running the website can easily look into their database and read all the passwords for all their users. Ideally you want even the admins on the website to not be able to know your password. Secondly, all the security is based on the database. If somebody managed to break into the website, they may be able to break into the database and download all your usernames, emails and passwords.

We need a better form of security.

Version 2 – Password Hashing

Now we are going to secure our passwords with something called “hashing”. We use a mathematical equation called a “hash function” to turn your password into a piece of nonsensical data. There are many different types of hash functions we could use, however they ideally need to have these properties:

• One-way only
  • This means if we take a password and run it through a hash function, we cannot reverse the process. This means you can’t take the password hash, run it through a modified version of the hash function and get the original password.
  • This requires some complex mathematics to ensure it’s absolutely impossible to find a way of reversing the hash function.
• No collisions
  • We don’t want two passwords resulting in the same password hash. For example, if “12345″ and “password” resulted in the same password hash, people will be able to login with either of these passwords.
  • This will make more sense after an example.

So, for this example we’re going to use a famous hash function called MD5 (which has actually been proven to have some rare hash collisions, there are better functions available now, but for this example we’ll use a popular one).

When Joe registers, instead of storing his password in plain-text, we store the result of the hash function.

Username: Joe
Email: Joe@bloggs.com
Password: 827ccb0eea8a706c4c34a16891f84e7b

You can see that the result of “12345″ is a long piece of text that is impossible to understand.

Now, when Joe tries to log in, we take his password. We run the hash function on the password he gave us and we compare the two hashes instead. If he gives us “12345″, we will run it through the hash function, check the resulting password hash and if it matches the hash we have in the database – Hurrah! We have logged Joe into the site again.

But is this really safe enough?

Note that this time, we never store the plain password. So an admin can’t look through the database and read everyone’s passwords. But, there is still a flaw in this system.

What if we built a massive database of every single possible combination of letters, numbers and symbols and ran the same MD5 hash function over every possibility and saved the result. It will take a very very long time to calculate, but people have done exactly this. They have created databases where you can type in a password hash, and it will search through their massive databases trying to find the password that originally created it.

This is the problem of everybody using the same hash functions. But there are very few available that are secure and strong enough.

However, there is a solution to this problem too.

Version 3 – Salted hashes

Salting is almost exactly the same as password hashing, but with one minor difference. We add a new piece of data to each user in our database. For this example, I’m going to generate a random piece of text for Joe using a random text generator.

For Joe, we generated a random piece of text “b5h64h0c78FbXWJHKl7DDKKE35d6SO”. We shall call this his “password salt”. We store this alongside his username and email address in the database.

Now, instead of storing the hash of only his password, we also add our salt to his password. Now instead of performing the hash function of “12345″ we perform the hash function of “12345b5h64h0c78FbXWJHKl7DDKKE35d6SO”. Notice it starts with Joe’s normal password, but we add our salt onto the end. This gives us a new password hash to store.

Username: Joe
Email: Joe@bloggs.com
Password: f88378f45a99a13be6f42cefbd80e976
Salt: b5h64h0c78FbXWJHKl7DDKKE35d6SO

So now, we have made Joe’s password very long. It would take way too long for somebody to go through every single possibility up to the point of a 35 letter password because of the salt we added on. This is why it’s vital that websites add the salt to each user, making it impossible to pre-calculate as many password possibilities as possible, since every user will have a completely different salt, it will take centuries of computation to get anywhere close to finding the right one.

Recently, Gawker, (a website network including Fleshbot, Deadspin, Lifehacker, Gizmodo, io9, Kotaku, Jalopnik and Jezebel) was hacked and their database was compromised. They did not use password salting. Millions of passwords were instantly looked up in large password hash database. It’s hard to know how many other websites out there don’t salt their password hashes.

We’ve glanced over a lot of password security, but I thought it would be helpful to essentially explain how your data is secure. After the recent media hype over hacked systems, people actually suddenly seem to care about their online information. Just wait until people get into your Facebook. If you don’t want people to know about it, don’t put it online.

How can we improve this further? Look up Two-Factor Authentication, banks (and recently GMail http://googleblog.blogspot.com/2011/02/advanced-sign-in-security-for-your.html) implements it and will keep your account significantly more secure: http://en.wikipedia.org/wiki/Two-factor_authentication

I’ve been playing with Amazon Web Service’s Elastic Beanstalk service to host a web app I’ve been working on in Java. Everything worked fine until I integrated my MySQL library and was unable to connect to the database with an error message like so:

“The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server.”

So, I hunted down the solution. But, I’m going to go over how you set up a connection to a MySQL database too (if you know your code and library is set up right, skip the first bit).

Setting up MySQL with Elastic Beanstalk

I’m assuming you’re using RDS for all of this. If you’re not, find another tutorial.

First, hunt down your MySQL connector library (I’m using mysql-connector-java-5.1.15-bin.jar) and copy it into the “WEB-INF/lib” directory of your Eclipse project (Eclipse should detect it and add it under “Web App Libraries” in your package panel.

Here is some really simple code for connecting to a database:

<%@ page import="java.sql.*" %>
private Connection con;
String pass = "password";
String url = "jdbc:mysql://DATABASE-URL:3306/";
Statement stmt;
try{
if (con == null){
Class.forName("com.mysql.jdbc.Driver").newInstance();
con = DriverManager.getConnection(url, "username", pass);
con.setCatalog("mydatabase");
}
stmt = con.createStatement();
ResultSet r = stmt.executeQuery("SELECT name FROM table ORDER BY RAND() LIMIT 5"); while(r.next()){ %>
<%= r.getString("name") %>
<%
}
//con.close();
}catch(Exception e){
%>
Error :: <%= e.getMessage() %>
<%
}

You may notice the con.close() is commented out. The private Connection con variable near the top keeps the connection alive between page views to make the application run faster. Useful if you know that your web app is going to be hit a lot.

Obviously, modify this example to suit your own environment.

Setting up your RDS (MySQL) permissions

Goto your AWS account area and open the “Security Credentials” area. Scroll right down to the bottom and copy the AWS Account ID to a text file somewhere for use in a second.

Next, goto your AWS panel and find the EC2 tab. Go into the “Security Groups” area and find the security group named “elastic-beanstalk-#####” or something similar. Copy this group’s name to a text file too.

Now open the RDS section of the AWS panel. Goto “DB Security Groups” and add an “EC2 Security Group” with the two pieces of information your just saved somewhere.

Now you can connect to your RDS database from your Elastic Beanstalk instances!

Have fun

Step back, going to be performing some web server magic before you. Port 80 is the default port for all websites, it’s what all websites use if you don’t define the port number. I found it particularly useful to use Apache and Lighttpd at the same time for my server optimisation. I originally had Lighttpd running on port 81, but loads of foolish web admins decide to block loads of port numbers making a large amount of my important visitors unable to access static content on my site (CSS and JS dead. Not pretty.)

If you know much about how servers work, you’ll know you can’t usually have two programs running on the same port number. Otherwise, how will both programs know what information is for them?

Getting a second IP address

You can get around this problem by having two IP addresses for one server. Most hosts will let you purchase an additional IP address for your dedication/virtual-dedicated servers.

You need to purchase an extra IP address and “attach” it to your server. I had to create a new random subdomain on my server in order for myhost (1and1) to let me hook the IP to my box.

Now you need to configure your server to accept the new connection using a virtual network card. Browse to your network directory and copy your current network configuration file to create another one.

cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0 ifcfg-eth0:0

Now you need to edit your new network card. You have to change DEVICE and IPADDR. So, edit the file you just created (ifcfg-eth0:0) with:

DEVICE=eth0:0
IPADDR=[your.new.ip.address]

Note: If your files don’t have an IPADDR entry, create one and also add your original IP address into the ifcfg-eth0 file.

Now reset your networking:

/etc/rc.d/init.d/network reload

Try and access your new IP address to confirm it’s connected to the server correctly (Apache by default takes over all port 80 connections, which is helpful for testing).

Setting Apache to your original IP address

Find your apache configuration log (usually at /etc/httpd/conf/httpd.conf – try find / -name”httpd.conf” if you need help finding it)

Find the “Listen” line of your configuration and modify it (note: lines beginning with # are comments, so ignore there).

Listen [your.original.ip.address]:80

Obviously inserting your original IP address instead of [your.original.ip.address]

Now restart Apache and test that your website still works (your new IP address will now not work)

service httpd restart

Installing and configuring Lighttpd

First install Lighttpd (if you haven’t already)

yum install lighttpd

Edit the Lighttpd config file at /etc/lighttpd/lighttpd.conf

Find the line “server.bind = ” and modify the entry to use your new IP address (it will most likely also be commented, so remove the #)

You may also want to add some virtual hosts (you will have to make sure these sub domains are set to go to your new IP address for these to work).

This is just an example of setting images.example.com to serve static files from the given directory on example.com.

$HTTP["host"] == "images.example.com" {    server.document-root = "/var/www/vhosts/example.com/httpdocs/images/" }

Finally, set Lighttpd to start up automatically when your server starts and start it.

chkconfig lighttpd on
service lighttpd start

However, when running a website for a large group of other people to mess around with, all their images link to an attachment page rather than the image itself (which causes havoc for shadowbox plugins etc.)

So, you can force the default link to be the file (or the attachment page… or even blank if you would like).

Goto the “secret WordPress options page” at http://www.example.com/wp-admin/options.php (obviously, replace example.com with your domain)

Find the option “image_default_link_type” and change as required:

• leave it blank – no URL at all
• file – Default to File URL eg. /wp-content/image.png
• post – Default to Attachment Page URL eg. /?attachment=111

Simply use this code in your there’s function.php file or add it to a new file in the plugins folder and activate.
add_filter( 'show_admin_bar', '__return_false' );remove_action( 'personal_options', '_admin_bar_preferences' );

It’s too long, stupid and annoying (much like how I get distracted and put small side-stories in brackets in blog posts).

So, I set up a small PHP script to scan for a selection of names I preferred. It is designed to run every few minutes and instantly DM me on Twitter with the good news (which coupled with using the latest live version of TweetDeck, meant if I was at my computer, was guaranteed to get the name).

Here is the code I used for checking if a name was free (how you then alert yourself is up to you).

<?
function check_twitter($name){
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,”http://twitter.com/”.$name);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,5);
$o = curl_exec($ch);
curl_close($ch);
if (strpos($o, “Twitter / ?”)){
echo $name.” is FREE!!!\r\n”;
// write some email/notification code here
}else{
echo $name.” taken… still\r\n”;
}
}
// call the function with the names you want
check_twitter(“cube”);
?>

Now the proud owner of @cube

Update:

I’ve expanded the original script to include the auto-tweet notifier that I used for my scanner.

Download this one file that contains everything you need to make the scanner tweet you when it finds an empty username. Note, it will keep tweeting you until it is taken or you stop the scanner.

Simply create a Twitter app, fill in the configuration and run the file. Then setup a cron job or something to repeatedly execute the PHP file. (don’t just sit there hitting refresh, it took me 13 months to get my username).

Note: You need two Twitter accounts. One to send the DM and one to receive it. The one receiving must be following the sender. Try a random jargon username to test it works.

TwitterScanner.zip