David Xia

Category Archives: Technology

Turn Mac OS X Lion Into a LAMP Web Server (Without MAMP)

2012-05-14T09:58:37+00:00 | By

Lots of developers use MAMP for local PHP development. There’s nothing wrong with MAMP. It works. But I wanted to find out how to use the pre-installed Apache and PHP in Lion.

Prerequisites

Ensure these directories exist: 

$ sudo mkdir /usr/local/include
$ sudo mkdir /usr/local/bin
$ sudo mkdir /usr/local/lib
$ sudo mkdir -p /usr/local/man/man1

Setup Apache2

$ sudo chmod u+w /etc/apache2/httpd.conf
$ sudo vim httpd.conf

Uncomment #LoadModule php5_module libexec/apache2/libphp5.so.

To enable virtual hosts, uncomment #Include /private/etc/apache2/extra/httpd-vhosts.conf.

Enable .htaccess files by finding Directory… more

Leave a comment

How to Install Vim 7.3 on Ubuntu 10.04 with Ruby and Python Support

2012-04-27T11:03:00+00:00 | By

I wanted to use Vim’s Command-T plugin (via this awesome Vim config) for fast file navigation. But this plugin needs Vim to be compiled with Ruby support since it’s is written in Ruby. You can check with 

vim --version

Unfortunately, I saw “-ruby” which means it lacks Ruby support. I was previously using Vim 7.2 on Ubuntu 10.04 Lucid. First I uninstalled my old Vim and installed dependencies required to compile a new one: 

sudo apt-get remove vim-common vim-runtime vim-gtk vim-gui-common
sudo apt-get
more
Leave a comment

How I Increased My WordPress Site’s Speed

2012-03-04T11:45:50+00:00 | By

I spent yesterday optimizing the performance of this site. I love fast page loads and have little patience for sluggish performance. Here’s what I did.

1. Leverage browser caching

Tell your web server to set expiration headers for static resources so browsers know to store them in local disk. This will keep requests off the network altogether. I use Apache: 

 ExpiresActive On
 ExpiresDefault "access plus 300 seconds"
 ExpiresByType text/css "access plus 1 month"
 ExpiresByType text/javascript "access plus 1 month"
 ExpiresByType application/javascript "access plus 1 month"
 ExpiresByType application/x-javascript "access
more
Leave a comment

How to Setup HTTPS and Secure WordPress Admin With a Self-Signed Certificate

2012-02-29T23:23:13+00:00 | By

I got bored so I learned how to setup HTTPS on the admin parts of my WordPress blog. At first I was generating self-signed certificates because I read that buying a third-party verified certificate could cost upwards of $100 per year.

Then I saw this Ars article on getting a legit one for free.

After enabling mod_ssl on Apache and following the Ars guide above, I was ready to secure the admin parts of WordPress. The general idea is to

more

Leave a comment

How to Deploy Python Web App with Apache’s mod_wsgi

2012-02-28T15:10:21+00:00 | By

For quite a while I couldn’t figure out how to deploy Python web apps. But with patience and tinkering, I slowly figured it out.

Here were my steps:

1. Setup Domain

I created an A record for python.davidxia.com in my DNS records pointing to the IP of the server on which I developed.

2. Setup Apache VirtualHost

I put this in /etc/apache2/sites-available/davidxia (using Ubuntu 10.04): 

 
 ServerName python.davidxia.com 
 
 WSGIDaemonProcess myapp user=www-data group=www-data processes=1 threads=5
 WSGIScriptAlias / /path/to/myapp/myapp.wsgi
 WSGIScriptReloading On 
 
 WSGIProcessGroup myapp
 WSGIApplicationGroup
more
Leave a comment

15 Ways to Increase Your WordPress’ Security

2012-02-19T18:51:10+00:00 | By

1. Don’t Display Error Messages on Failed Login

WordPress’ admin screen displays “ERROR: Invalid username.” if you enter an invalid username. But if you enter a valid username and an incorrect password, it’ll say “ERROR: Incorrect password.” This basic security flaw tells intruders which usernames to target. I don’t understand why the WordPress team designed it this way.

You can disable the error message by putting this in your theme’s functions.php: 

add_filter('login_errors',create_function('$a', "return null;"));

2. Publish Posts as a Non-Admin User

Create a WordPress user that has admin privileges and publish all… more

Leave a comment

Hear TV Show Characters Say a Quote – Playing With Twilio

2012-02-15T16:59:11+00:00 | By

I was inspired by Rob Spectre’s Laugh-o-tron and made a telephony extension to my Twitter Bots.

Try it out. Call 646-480-6046 to talk to various TV show characters. Right now the vast majority of the quotes are spoken by a text-to-speech program because I have to find, crop, and upload audio files for each one. But McNulty from The Wire (choice #1) has a few real audio clips. Let me know how I can improve it… more

Leave a comment

8 Ways to Defend Against Brute Force SSH Attacks

2012-02-23T17:16:58+00:00 | By

I looked at my server’s auth logs today and was unsettled to find thousands of lines like these: 

Feb 12 06:49:52 localhost sshd[25416]: Invalid user photo from xxx.xxx.xxx.xxx
Feb 12 06:49:52 localhost sshd[25416]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 06:49:52 localhost sshd[25416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=some.random.domain
Feb 12 06:49:54 localhost sshd[25416]: Failed password for invalid user photo from xxx.xxx.xxx.xxx port 49608 ssh2

I was looking at someone running a brute force attack on my server trying to gain SSH access. Looking further back in the logs, I found crackers… more

Leave a comment

How to Send Email with Postfix on Ubuntu via Gmail SMTP

2012-02-16T17:40:04+00:00 | By

I just setup email sending on my server by following this clear tutorial.

The tutorial walked me through setting up Postfix on an Ubuntu server and sending email via Gmail’s SMTP. I had to create a certificate, sign it, have my server communicate via some secure transport layer with Gmail using another certificate signed by some country in South Africa. I don’t understand all of it, but it works.

If you have WordPress installed like me, you can test Postfix is working by asking for a… more

Leave a comment

The Origin of the World Wide Web

2012-02-04T19:35:20+00:00 | By

I’m reading Tim Berners-Lee’s book Weaving the Web about how he conceived of and designed the world wide web.

For a long time I never really got the distinction between the “Internet” and the “world wide web.” To me they were the same thing, and they might be for many other folks too. But in hindsight this is just a testament to how successful Berners-Lee’s creation is.

Most people’s perceptible interaction with the Internet is through a browser where they visit a website. The Internet is simply a… more

Leave a comment
davidxia.com and all contents copyright 2009-2012 by David Xia, unless otherwise noted. Contents under Creative Commons License.