First things first, let’s check to see if you have weak ciphers and SSL 2 enabled for connections. I’m showing you how to do this now as you will need to use it later to test your configuration changes.

Checking if your server supports weak ciphers
To check if your server support weak cipher connections attempt to connect to it with the following command. You can run this command from the server in which you’re locking down.

openssl s_client -connect HOST_NAME:443 -cipher LOW:EXP

If weak ciphers are enabled you will receive a connection message with your connection waiting for input.

CONNECTED(00000003)

If weak ciphers are disabled, you will receive an error message similar to the following.

CONNECTED(00000003)2290:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:583:

Checking if your server supports SSL2 connections
Run the following command to check if SSL2 connections are accepted:

openssl s_client -ssl2 -connect HOST_NAME:443

If enabled, you will receive similar output to the following and your connection will be accepting input.

CONNECTED(00000003)

If not enabled your output will contain an error message similar to the following.

CONNECTED(00000003)
2420:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

Disabling both weak ciphers and SSL2 connections
To disable both of these options for Apache’s SSL connections open the SSL configuration file as root.

sudo vi /etc/apache2/mods-enabled/ssl.conf

You will need to either uncomment or add the following two lines

SSLCipherSuite HIGH:MEDIUM:!ADH
SSLProtocol all -SSLv2

Once done, save. You now need to restart the Apache service.

sudo /etc/init.d/apache2 restart

Now go back and run the weak cipher and SSL2 connection tests. If you get connection failed errors the job is done.

That’s it, all done.

Being rather obsessive and interested I decided to dig into the world of PCI and what I managed to dig up in a small amount of time is worth sharing, despite several thousand websites detailing the same thing. Think of this post as an overview of PCI compliance for those that just want an understand.

What is PCI and why does it exist?
PCI is short for Payment Card Industry and was launched on the 7th of September, 2006, and is managed by PCI SSC (Payment Card Industry Security Standards Council). PCI SSC was formed by the majority of major credit card brands such as Visa, MasterCard and American Express.

PCI SSC put a series of standards in place to ensure that all companies that process, store and/or transmit credit card information maintain a secure environment for the processing and storage of this data. These standards are known as Payment Card Industry Data Security Standard, or PCI DSS for those that don’t want to trip over their words.

It’s important to understand that these standards have been put in place to provide secure trading for everyone.

Do you need to be PCI compliant?
Knowing whether you need to be PCI compliant is simple: If you take payments directly from a client/customer using a credit or debit card then you need to be PCI compliant. While I am concentrating on the online environment this also applies to over the telephone and in person.

When do you need to become compliant?
The short and sweet answer is now, however, contact your merchant bank directly and inform them of your processing of credit card data and they will inform you of their process and deadlines.

Each merchant bank quite possibly has their own deadlines but based on what I have read and experienced they are fully aware it will not happen over night and understand becoming compliant could take weeks, sometimes even months.

How do you become PCI compliant?
The first step is to find out what level of merchant you are. You can find this out from your merchant bank or service provider. Different standards apply to different levels.

Once you know what level of merchant you are your validation level will need to be assessed. You will then need to resolve the majority of problems identified to you. Don’t let this daunt you, it’s not too difficult to become compliant. I will say this though, it’s far better to become compliant as soon as you become aware of PCI, the larger you get the more troublesome it may become.

What happens if you’re not complaint?
Yes, oh yes you can. Put simply, merchant banks can be fined an extortionate amount of money (Anywhere between $5,000.00 – $100,000.00 per month) for violations. The banks, as you have probably figured out yourself would likely pass the entire fee down to the merchant themselves. Yes, that could be you.

More information
You can find more information about PCI at the official PCI SSC website.

Conclusion
PCI SSC have enforced a set of standards that ensures security for peoples credit and debit card data. While it does take time to become PCI compliant your merchant bank will do the best they can to help you and there are plenty of companies out their that specialise in helping your business become compliant and stick to the standards.

Following this post I will provide some helpful posts on some of the requirements that I have seen fail on compliancy tests that are not too obvious as to what you need to do.

This year will mark something extremely significant for myself and my family. With looking for a new house for my wife and I as well as CarPro taking off (and v2.0 coming end of Q1) things are looking brighter at the end of the time tunnel. A fresh new start marks the era of success, or the beginnings, which ever comes first.

Happy new years to you all and I hope it brings you everything you would like.

Early last week I decided to try my first idea which was putting the app name in the minds of the reviewers by simply asking how long it would take to review “App name”. While the review team were exceptionally helpful, putting the app into their minds was not enough to get the app expedited into review.

Sadly, the app I submitted was actually rejected at the end of last week, thankfully the reason was a simple fix and a minor mistake which I wouldn’t have known about unless noticed by the reviewers themselves. Having said that, I see the rejection as a blessing in disguise as it has allowed me to re-submit the app with a stronger appearance and additional, fundamental features.

I have written press-releases that I have had to put on hold for a large number of blogs, magazines and newspapers. Because of this I thought I’d be direct with Apple and request for my app to be expedited.

Here is my email:

Hi guys and girls,

Thanks for the details you provided me when rejecting [App name], it was extremely useful and I have now fixed the issue.

I was wondering if I could be cheeky and request that [App name] be reviewed again ASAP. Ideally I was looking at releasing the app by the end of the month (Today at the lastest) but that’s now out of the question, however the sooner the better as I have quite a few press releases that are now on hold for the release.

I understand I may be pushing my luck here and I’m certain you get requests like this all the time, however, I’m happy to give you a good review on http://www.srcnix.com as it seems you guys don’t get enough praise on the Internet for your hard grafting.

Thank for your time and hard work guys and girls!

Regards,

Steve Clarke

The way I see it is the reviewers at Apple are doing their job and likely get emails day in, day out, requesting for apps to be expedited. Because of this I put it plain and simple in my email that it’s simply a request and that they would be doing me a huge favour. In return I would give them good credit on my blog, which I’m certain they must have heard numerous times before.

To my surprise I actually got a response from one of the reviewers:

Dear Steve,

Thank you for contacting the iPhone Developer Program regarding the review of [App name]. We have made a one-time exception and will proceed with an expedited review of [App name].

We understand that in rare cases, situations arise which require an exceptional response. We want to remind you that expedited reviews are provided on a limited basis, otherwise the process itself becomes ineffective and we may not be able to accommodate additional requests in the future.

Best Regards,

[Reviewer]
iOS Developer Program

As you will have noticed, the reviewer is expediting my app for me due to the circumstances. This is an extremely thoughtful and appreciated gesture that will not be forgotten and as my response to them stated, I’m not here to aggravate them or push my luck because at the end of the day they have thousands of developers to cater for.

I’ve said before and I’m going to say it again: what you don’t ask for you will not get. Just keep in mind that having a suitable reason behind needing your application expedited is required and on rare occasions they will do the best they can. Being cheeky to those that hold the power of reviewing your app is far from the smartest thing to do and you should treat them with the respect you want in return.

So here’s to the app review team, thank you very much and keep up the good work!

It’s time to find the culprit directories taking up all your space
Using du is simple, change to a directory and run du to return a list of all directories, their child directories and their weight (size).

du .

By default du scans directories recursively so if you have a large amount of directories this could be running for a while. If this is the case then round about now you will want to hit CTRL+C to cancel the command,

First thing you may have noticed is the size of directories are in kilobytes. To output the size of the directories in a human readable format use the -h argument.

du -h

You can also limit the depth du outputs. You can do this using the –max-depth argument with a value of the max depth you’d like to review. Disk usage will still output the total disk usage for all child directories but only output the max depth you have specified.

du -h –max-depth=1

I tend to specify 1 as my max-depth value, however to dig deeper you can of course use a higher value. How you continue from here is down to you.

The date command
First things first, the command you will need is date. Date not only outputs the current date and time of the box but also allows you to set them too.

date
Mon 20 Nov 2010 11:10:38 GMT

Setting the date
To set a new date and time on the command line you can use the -s parameter.

date -s “YYYY-MM-DD H:I:S”
YYYY: Year represent with four digits
MM: Month represented with two digits (01 – 12)
DD: Day represented with two digits (01 – 31)
H: Hour of the day represented with two digis (00 – 23)
I: Minutes represented with two digits (00 – 59)
S: Seconds represented with two digits (00 – 59)

If the current date is 20th of November 2010 at 11:20 the following would set the date as required:

date -s “2010-11-20 11:20:00″

Setting the date with string literals
You can also set the date using string literals instead of digits for the month. For example:

date -s “20 Nov 2010 11:20:00″

Keeping your date/time synced with ntpdate
If your date/time is regularly becoming unsynced it’s a good idea to setup a cron to automatically sync with specific servers. In the following example I explain how to setup automatic date/time syncing with ntpdate on Ubuntu. Other distros may require entering the full path to ntpdate which can vary from distro to distro.

First, install ntpdate if it’s not already installed:

sudo apt-get install ntpdate

Once installed, test it works by syncing with the ntp pool server(s):

sudo ntpdate pool.ntp.org
20 Nov 11:29:45 ntpdate[25933]: adjust time server 129.70.132.33 offset 0.000142 sec

You can then setup a cron to update your date/time every 12 hours. To do this add the following line to your root cron

0 0,12 * * * ntpdate pool.ntp.org

You can do this by running crontab edit as root

sudo crontab -e

Importance of keeping your date/time synced correctly
In the server world it’s extremely important that you keep a servers time in sync with the current time. Issues arise when your date/time is out of sync, for example having an auction site and the date/time out of sync can result in incorrect displaying of remaining times on said auction.

Or, as another example, if there is a a website on the server pulling feeds from, for example, Twitter and timestamps do not match there is a good chance the API server will drop your requests for data.

Programmers write code and they write this code day in, day out. They know how the app should work and test based on how the app should be used. I used to do this myself and the majority of programmers I know do the same thing. I’m afraid this is wrong and programmers need to learn to step out of the box.

Programmers have something they need to learn and that’s usability testing. While I’m certain others may disagree, us programmers have a thing or two to learn from the average joe on the street, whether directly or indirectly.

The more a programmer writes the more the programmer becomes too familiar with the application (Whether system or web based). This familiarity can shadow your judgment and testing. While your testing may be valid, the system needs to be tested by someone who doesn’t know how it is supposed to work, but rather how they would expect it to work.

How a user expects an application to work is extremely important and is something the average programmer lacks knowledge off. Of course, by having others test your app you can adopt how they test in future releases and builds.

So, next time you are testing something, give your partner or friend a brief overview and ask them to have a play. Their thoughts may well do wonders for the usability of your app and they’re likely to notice things you have not. A fresh pair of eyes is a lending hand.

Keep in mind these are just theories, and may not work. However, what you don’t ask for, you wont get.

While the last thing you want to do is irritate employees at Apple I cannot see any harm in sending a question asking for estimations on when your app will be reviewed. Putting an app in the mind of a reviewer may well entice them to review it sooner than later to see what the fuss is about. Also, sometimes people do good deeds, today may be the day someone does a good deed for you.

If you happen to request that your app be expedited by the person that reads the email make sure you consider the following when writing it:

There is being cheeky and there is being damn right out of order. The last thing you want to do is annoy the person reading your email. If you can give them crap they sure as hell can give it back. Don’t give them a reason to review your app quickly just to reject it out of spite.

Sometimes acting naive is more beneficial than one may think. However, you can only get away with this a few times before the reader smells something fishy.

Sometimes just putting the app in the mind of the receiver will help push the app further down the line, however, you may want to try actually asking the receiver to do this for you. If you do this make sure you give some reasons as to why you’d like the app pushed through, for example, if the app is related to Christmas you would obviously want it reviewed and (hopefully) accepted before Christmas otherwise the app is of little use. This would act as a smart and valid excuse as to why you want the app reviewed sooner.

Having said all that I have, you can contact the app reviewers here: appreview@apple.com

One last time, in case you didn’t quite grasp it: what you don’t ask for, you wont get, so ask as you have nothing to lose.

Server xm-mta[19908]: oAJA1IcU019908: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-v4

Being that all other sites using swift mailer were sending fine the obvious reasoning behind this problem was configuration. Low and behold, the factories.yml configuration for the swift mailer delivery strategy was set as none.

dev:
  mailer:
    param:
      delivery_strategy: none

Swift mailer will not actually send out the email if the delivery strategy is set to ‘none’. To resolve this issue simply change ‘none’ to ‘realtime’.

dev:
  mailer:
    param:
      delivery_strategy: realtime

Don’t forget to ./symfony cc if you’re working in production.

This file is very simple and consists of a list of all previously entered commands, however, before writing to the history file bash stores your history of commands in a buffer and upon logging out of your shell writes that buffer to ~/.bash_history. This is worth noting if you plan on modifying the history, in order to modify the latest commands entered into the bash history you will need to log out and then back in again to see updates to the file.

Viewing your history
There is no need to directly read the contents of ~/.bash_history, you can simply run the history command which output your entire history. If you, for example, only need the last 10 commands stored in your history you can tail the output.

history | tail

Filter for a specific command
You can filter for a specific command you previously entered using grep, like so:

history | grep -i ‘command’

Run the last command
You can run the last specific command you entered by prepending the beginning of the command with an exclamation mark. For example, if earlier that day you ran a command to look at your history, grepping for any commands relating to MySQL, such as:

history | grep -i ‘mysql -u root’

You can rerun that history command by simply running:

!hist

Or, if you know the buffer point of a command you entered you can specify that number after the exclamation mark. For example, here’s the last three commands in my history:

501 clear
502 less ~/.bash_history
503 history | grep -i ‘mysql’

If I wanted to re-run item 503 I could simply use:

!503

Of course you could simply use reverse-i-search but knowing the ins and out of history can save you time.

Be smart, be safe
If you know other users will be logging on as the same user make sure you clear the history log of all commands you do not wish them to see. For example, connecting to MySQL and specifying a password in the command will be stored in your history, make sure you clear this command in the history or enter the command without a password and only enter when prompted.

You can edit ~/bash_history with your favourite editor.