re-design my website

Changed two of my PHP scripts which fetch RSS from del.icio.us and render my 43things goals for the sidebar.

The scripts were taken from “Integrating del.icio.us with PHP and Magpie” article at MovableBlog. This code works but not GoodEnoughTM – from time to time the feeds were unavailable which resulted in an error message that screwed up my layout. I took the idea from Magpie RSS FAQ to suppress errors and make it display a less obtrusive message. I have also tweaked the code here and there. The result can be seen below:

<?php
// change to reflect path of rss_fetch.inc
require_once "lib/rss_fetch.inc";
// Suppresses MagpieRSS errors
error_reporting(E_ERROR);$yummy = fetch_rss("http://del.icio.us/rss/user_name");$maxitems = 5;
if ($yummyitems = array_slice($yummy->items, 0, $maxitems)) {    print '';
    foreach ($yummyitems as $yummyitem) {
        print '';
        print '<a href="';
        print $yummyitem['link'];
        print '">';        if ($yummyitem['title'] != '')
            echo htmlspecialchars($yummyitem['title']);
        else
            print '[No title]';        print '</a>';
        if (isset($yummyitem['description'])) {
            print ': ';
            echo htmlspecialchars($yummyitem['description']);
        }
        print '';
        print "\n";
    }
    print '';
} else {
    // since errors are suppressed,
    // here is a gentle way to tell you what's happened
    print '' . magpie_error() . '';
}
?>

Notes: You can replace URL of del.icio.us with just about any other feed (RSS v0.91-v2.0, Atom). You can also change the amount of displayed links by replacing $maxitems = 5 with desired number of items.

Some time ago there was this ‘googlebot’ PHP script circulating on the net that sends you an email every time Google’s crawler is checking your page. However, after some time the hype wave went down – if you own a blog which get updated regularly, Googlebot will check your pages for changes some times twice a day. Do you really want to be told every time it happens, for every page of your website?

So here is my version of googlebot script that generates a plain text log to notify you in a less obtrusive way. I’ve also included a check for robots of other search engines except Google (namely Yahoo!, MSN and Russian SE Yandex).

<?php
// Path to log file
$sitepath = "/path/to/your/blog/on/server/"; // Note the trailing slash!
$logfile = $sitepath."googlebot.log";
$logtext = "";if(stristr($HTTP_USER_AGENT,"Googlebot")) {
        $logtext = "Google";
} elseif (stristr($HTTP_USER_AGENT,"Slurp")) {
        $logtext = "Yahoo!";
} elseif (stristr($HTTP_USER_AGENT,"msnbot")) {
        $logtext = "MSN";
} elseif (stristr($HTTP_USER_AGENT,"Yandex")) {
        $logtext = "Yandex";
}
if (!is_writable($logfile)) {
    echo $logfile." is not writable";
    exit;
} elseif ($logtext != "") {
        $logtext = '"'.date('Y-m-d H:i:s').'";"'.$logtext.'";"http://'.$REQUEST_URI."\";\n";
    if (!$log = fopen($logfile,"a")) {
        echo "Cannot open ".$logfile;
        exit;
    }
    if (!fwrite($log,$logtext)) {
        echo "Cannot write \"".$logtext."\" to ".$logfile;
        exit;
    } else echo $logtext;
    fclose($log);
}
?>

You can either paste this code snippet directly to your template or save it to a separate file and use include function like this:

However, your log will grow quite large in a short period of time and so here is a complimentary script that will generate an RSS feed showing only the latest entries:

<?php
$siteurl="http://www.your.url/blog/";
$sitepath="/path/to/your/blog/on/server/";
$logfile=$sitepath."googlebot.log";
$num=10;header('Content-type: text/xml');
echo "\n";
?>   Search engine watch   en-us<?php
$handle = file($logfile);
$start = count($handle)-$num;
if ($start < 1) $start = 1;
for ($i = $start; $i < count($handle); $i++) {
   $data = explode(";", str_replace('"','',$handle[$i]));
   echo "\n";
   echo "" . date("r",strtotime($data[0])) . "\n";
   echo "" . $data[1] . "\n";
   echo "" . htmlspecialchars($data[2], ENT_QUOTES) . "\n";
   echo "\n";
}
fclose($handle);
?>

Save it in a separate file on your server and then simply open its URL in your browser or aggregator. You can also integrate this feed with your site by using the technique described in my previous article, ‘Integrating news feeds using Magpie RSS’.

Having to type (and remember) numerous SSH passwords for my sites everyday always drove me mad. So-called “public key authentication” is one way to end this struggle and work more effectively. I’ve read several HOWTOs covering this feature but had no time (or shall I say – was far too lazy) to try it myself. One day, finally, SSH got the better of me so I decided to dig into it. Here is what I’ve found.

Introduction

Let’s start with the basics – believe me, it might save you a fair share of time hacking and solving problems. However, if you feel confident in different aspects of SSH, you may just skip to next section.

First and foremost, you have to know there are two versions of Secure Shell protocol: SSHv1 and SSHv2. Those are in fact different protocols which are not compatible with each other but some SSH servers and client may support both (while other will only support one version). Today there is no valid reason to use SSHv1 because it has some serious security issues so I’ll assume we’re talking SSHv2 from now on.

user@local:~# ssh -V
OpenSSH_3.8.1p1 Debian-8.sarge.3, OpenSSL 0.9.7d 17 Mar 2004user@remote:~$ ssh -V
ssh: SSH Secure Shell 3.0.1 (non-commercial version) on i386-unknown-freebsd4.4

In this example, local host has OpenSSH installed, whereas remote is using non-commercial version of SSH.

You can get more information about the history of SSH and differences between two versions at OpenSSH.org and in Secure Shell FAQ.

Generating public/private key pairs

Public key authentication is based on asymmetric cryptography principles – this way a user is authenticated by a pair of keys: public, which is not secret, and private, known only to user. You generate your keys using ssh-keygen command. It is available both in SSH and OpenSSH although syntax might be slightly different.

But first we shall create directory structure on all local and remote hosts, paying close attention to permissions (for OpenSSH):

user@local:~$ mdkir -p ~/.ssh
user@local:~$ chmod 700 ~/.ssh
user@local:~$ cd ~/.ssh
user@local:~/.ssh$ chmod 600 *

For SSH, you do the same but directory name shall be ~/.ssh2 instead of ~/.ssh.

Note: With recent versions of SSH and OpenSSH you can simply run ssh-keygen on every machine – it will create the directory and set all permissions.

user@local:~$ ssh-keygen -t dsa -b 1024
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
bc:59:e9:7e:40:76:50:8f:28:04:1f:40:34:75:6c:e5 user@local

user@local:~$ ssh-keygen -t dsa -b 1024
Generating 1024-bit dsa key pair
   6 Oo.oOo.oOoo.
Key generated.
1024-bit dsa, user@local, Sun Feb 27 2005 20:46:37 +0300
Passphrase :
Again      :
Private key saved to /home/user/.ssh2/id_dsa_1024_a
Public key saved to /home/user/.ssh2/id_dsa_1024_a.pub

Setting up public key authentication

Either way, both keys are now stored on your hard disk. Private key shall be kept, ahem, private and public key is going to be uploaded to all your remote servers to provide authentication.

Local OpenSSH, remote OpenSSH

user@local:~/.ssh$ scp id_dsa.pub user@remote:~/.ssh/local.pub
user@local:~/.ssh$ ssh user@remote
user@remote's password: 
user@remote:~$ cd .ssh/
user@remote:~/.ssh$ cat local.pub >> authorized_keys2
user@remote:~/.ssh$ rm local.pub

Et voila! You can log out and re-login with a new passphrase instead of your old password:

Local SSH, remote SSH

user@local:~/.ssh2$ scp id_dsa_1024_a.pub user@remote:~/.ssh2/local.pub
user@local:~/.ssh2$ ssh user@remote
Password: 
user@remote:~$ cd .ssh2/
user@remote:~/.ssh2$ echo "key local.pub" >> authorization

Log out and re-login – you shall now be prompted to enter your passphrase:

Local OpenSSH, remote SSH

user@local:~$ ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/local_ssh.pub
user@local:~$ scp ~/.ssh/local_ssh.pub user@remote:~/.ssh2/local_ssh.pub
user@local:~$ ssh user@remote
Password: 
user@remote:~$ echo "key local_ssh.pub" >> ~/.ssh2/authorization

This should be it – log out, log in and you are all set! Easy, eh?

Local SSH, remote OpenSSH

user@local:~$ scp ~/.ssh2/id_dsa_1024_a.pub user@remote:~/.ssh/local_ssh.pub
user@local:~$ ssh user@remote
user's password: 
user@remote:~$ ssh-keygen -i -f ~/.ssh/local_ssh.pub > ~/.ssh/local.pub
user@remote:~$ cat ~/.ssh/local.pub >> ~/.ssh/authorized_keys2
user@remote:~$ rm ~/.ssh/local*.pub

Not that scaring, right? Again, you can log out, re-login and, if everything went right, will be prompted to type in your new passphrase.

What could possibly go wrong?

So you’ve done everything as described above and still can’t login with your shiny new passphrase? Well, it happened to me as well. I’ve spent about 2 hours trying to get it right, tried everything but still couldn’t get it work. Fortunately, the host which denied me to authenticate with pubkey had rather unrestrictive shell setup so I could view SSH server config files in /etc/ssh2/sshd2_config file. There were these lines:

Apparently admins had quietly disabled public key authentication and all I tried was in vain! It made me kinda mad so I decided to write this article. At least I hope it will help you not to make the same mistakes, hehe.

Today I embedded two Javascripts into my template and by pure coincidence both are Google-related.

Highlight incoming search queries

First is searchhi by The Daily Kryogenix. It’s easy to install (just don’t forget to modify your CSS) and works reliably.

N.B. Note however that apart from Google searches this script also recognizes Yahoo, AllTheWeb and any other search engine using appropriate query formats.

Block Google Auto Link

Second script has a different goal – it blocks Google Toolbar’s AutoLink feature using its smart rewriting code. The script itself came from this ThreadWatch post.

You can read why Google is Evil and why is it so important to ban AutoLink (a.k.a. Microsoft SmartTags) at BBC, Left Brain/Right Brain and numerous other sources.

P.S. And here is some Javascript more to detect if a user has Google Toolbar installed.