Back to PHP

Posted on 11 August 2018 in Asides • Tagged with drupal, php

A few months back I started a new job with a much greater focus on development work over IT systems management. Unfortunately this has led to a pretty big drop off in amount of time spent on personal side projects, but happily my new employer is fully supportive of open source and I am able to release much of what I work on to the wider community.

I have recently pushed three projects out:

  1. Views Contextual Range Validator: A very simple Drupal 8 module adding a Views contextual filter for range validation, descriptively named.
  2. PBS Passport: An OAuth2-based authorization system for Drupal 7 and PBS.org accounts.
  3. Lightbox Campaigns: A Drupal 7 and 8 module for running custom, targeted "campaigns" using full screen "lightbox" displays.

It has been interesting returning to the world of PHP after focusing so heavily on free time personal projects in Python. I am saddened to find myself away from the (much) less verbose syntax of Python, but happy to be back in the language that I grew up hacking on.

This has also given me the opportunity to work more with custom module development in Drupal 8 and I'm excited to do more of that …


Continue reading

Buying Lotion on Amazon.com

Posted on 11 June 2017 in Asides • Tagged with amazon.com, finance, online shopping

Amazon.com's Aveeno purchase options.

I was recently shopping online for a specific type of lotion (my skin seems to hate all other types). I am somewhat predisposed to avoid Amazon.com because its size and increasing dominance of online shopping concerns me as it moves closer and closer to "shopping" (in the sense that "searching" means Google to most people). However, my biggest reason for avoiding Amazon.com is simpler: it has become incredibly confusing to shop there. Searching for just about anything will yield thousands of results and it takes (me) a lot of effort to determine which one is appropriate. This can be a great thing in a lot of cases, but more often than not it feels more like navigating a minefield of deceitful listings than comparing competing products.

This lengthy post evaluates one example - Aveeno "Daily Moisturizing" lotion. As with most personal care products, when searching online I pull up a couple of websites to compare prices. In this case I pulled up Amazon.com last, searched for "Aveeno" and was impressed to see just what I was looking to compare (the 18 oz., non-SPF version) as the first result. I clicked through and, curious to figure out the price …


Continue reading

Yes This Is A Really Long Request URL

Posted on 20 April 2017 in Asides • Tagged with apache, logs, security, vulnerabilities

Yesterday, while reviewing some logs I came across a curious entry in an Apache error log:

[Wed Apr 19 08:51:48.119666 2017] [core:error] [pid 29210] (36)File name
too long: [client 137.226.113.7:40907] AH00036: access to
/YesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForR
esearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongReques
tURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALo
okAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurpos
eWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisI
sAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPu
rposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWe
AreDoingItOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUs
erAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreSca
nningForResearchPurposePleaseHaveALookAtTheUserAgentTHXYesThisIsAReallyL
ongRequestURLbutWeAreDoingItOnPurposeWeAreScanningForResearchPurposePlea
seHaveALookAtTheUserAgentTHXYesThisIsAReallyLongRequestURLbutWeAreDoingI
tOnPurposeWeAreScanningForResearchPurposePleaseHaveALookAtTheUserAgentTH
XYesThisIsAReallyLongRequestURLbutWeAreDoingItOnPurposeWeAreScann failed
(filesystem path '[...]')

Formatted to plain English: Yes, this is a really long request URL but we are doing it on purpose. We are scanning for research purpose. Please have a look at the user agent. Thanks!

What does the user agent for this request have to say?

Here is the access log entry:

137.226.113.7 - - [19/Apr/2017:08:51:48 -0400] "GET [...] HTTP/1.1" 403
1471 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Scanning for research (researchscan.comsys.rwth-aachen.de)"

The website referenced in the user agent, researchscan.comsys.rwth-aachen.de, explains that this request is part of a research project at RWTH Aachen University in Germany and 137.226.113.7 is indeed a part of the university's network.

Interestingly, this is …


Continue reading