I was having a difficult time finding a reliable way to run a background PHP process in Windows, when that was called from an active PHP page. In the *nix world it is relatively simple: by using shell_exec() (or the bactick operator) you can redirect the output to another stream or file and the process will run in the background with no blocking. In Windows, however, this doesn’t seem to work well (or at all, depending on what you are calling via shell_exec()). I did find the answer, though, from piecing together info from the PHP documentation for shell_exec() and the COM class.

That, with a little trial and error and I was able to get a PHP page to fire off a command-line PHP process to run an import of several years data into a new reporting schema. Since this import relies on some serious data manipulation it has a tendency to time out for large data sets. So, I set up the command line script to run six months worth of data and before it exits it starts a new background process for the next six months of data. In this way I was able to complete a many-hour process without worrying about timeouts. I did notice that running in the background (actually in an “invisible” command shell) that the process ran slower than when running in the foreground. This was acceptable, however, since the page returns immediately while the processing begins and the application is still usable while the process is running.

Here is how I call it from the page:

if(isset($_SERVER['PWD'])) { // *nix
    $basepath = dirname(__FILE__).'/';
    $php = 'php';
} else {
    $basepath = dirname(__FILE__).'\\';
    // edit to match your installed target environment
    $php = "C:\\php516\\php.exe";
}
ignore_user_abort(true);
set_time_limit(0);
$arg1 = 'foo';
$arg2 = 'bar';
$runCommand = "$php -q {$basepath}my_background_running.php $arg1 $arg2";
if(isset($_SERVER['PWD'])) { // *nix
    // *nix: Use the backtick operator or shell_exec()
    $nullResult = `$runCommand > /dev/null &`;
} else { // Windows: use the php COM class
    // WScript.Shell gives you the command line
    $WshShell = new COM("WScript.Shell");
    $oExec = $WshShell->Run($runCommand, 7, false);
}

I do the same from the background script to call itself recursively right before it exits.

I didn’t find the Microsoft documentation for the Windows Script Host Shell until today during lunch. I found the location in the Practical PHP Programming Online Book where he says to use the Google search “wshell object” msdn which will result in the first link pointing at the MSDN documentation. (I have a feeling it moves around quite a bit, since every link I have run across up to now that points directly at the documentation results in a nice 404 error page at Microsoft.)

I have been running XP (WinXP Pro, SP2, retail version) under Parallels for a bit, and decided I wanted to give the Boot Camp with Parallels option a try. After finding some rather lengthy and questionable instructions on moving a Parallels image to a Boot Camp partition I decided to go the clean install route.

I deleted my Parallels XP image (and subsequently ended up wishing I hadn’t) and used the Boot Camp assistant to set up my hard drive and install XP. I got XP set up and running, but had to call Microsoft to get it ‘activated’ since it saw it as a new install. Once that was taken care of I installed Office, and got the same kind of headache there - where the key wouldn’t work, because it said it had been installed on too many machines. I decided to leave that be for the time until I felt like waiting on the MS phone queue again.

I rebooted into OS X and loaded my now ‘active’ and ‘valid’ Windows XP under Parallels. As soon as it booted it gave me the message that I had 3 days to activate it as the hardware had changed significantly and it was no longer valid. I ddn’t feel like fighting it so I closed down Parallels and rebooted into XP where, surprise, I got the 3 day warning again!

So not only does loading the same image in a VM result in XP thinking it isn’t a valid copy, but it changes something in the registry somewhere, so that booting back into natively results in the same thing. I thought the concept of hardware profiles would help with this sort of thing, but apparently not. This is something that MS needs to address sooner rather than later as multicore machines make virtualization more common and loading a native image in a VM becomes a more common way of doing that.

An interesting side note: I got fed up with the whole validation issue and removed the XP partition and re-installed XP under Parallels the same way I did originally. I expected the phone calls for the XP key and the Office key etc, etc - but, it just accepted the keys and validated no questions asked.

Technorati Tags: Boot Camp, Parallels, XP, OS X

Talk about fast! George Ou at zdnet posted an article about this particular gem.

Essentially, a user with the Speech Command feature enabled can browse to a web page which starts a sound file (like just about every mySpace page) containing clearly recorded commands, and the Speech Command feature will execute those commands without any other user interaction. While not every command is enabled through Speech Command, George explains why you should disable Speech Command until there is a fix:

The fact that a website can play a moderate level sound file to
interact in a way with the desktop by activating an idle speech
command system and be able to delete user documents with zero user
interaction is serious by any stretch of the imagination.

Update: Microsoft has confirmed this exploit.

Technorati Tags: security, windows, vista

I have been looking all over for a way to format an external drive so that I can use it under Linux, Windows and OS X. The reason for this is simple, I currently use Windows and Linux all the time, and I am planning on upgrading my rig to a MacBook Pro just as soon as I can. Since I expect to be running OS X, Windows and Linux I needed to find a format for my 300GB external drive that would work with all of them.

While FAT32 is an option, it has some serious limitations. Like a maximum file size of 1 byte less than 4 GB. That and the way that FAT32 partitions over 32 GB (while supported under Windows) tend to get a little, shall we say, flaky.

Before today what I had found was as follows:

Note: native = default or standard in a “vanilla” install | in kernel = modules available for kernel insertion, although not default.

Well, that was before I found these today: kernel modules for both OS X and Windows for full read and write support of Ext2 / Ext3 file systems. I have installed Ext2 IFS for Windows and pounded on it already. It works (so far) like a charm. I don’t yet have a Mac to test the Mac OS X Ext2 Filesystem but I will do so as soon as I can. Assuming they are building this as a loadable module for the Darwin kernel (does the OS X Darwin kernel allow insmodding?) then it should be a snap. What surprised me is that the Ext2 IFS for Windows is an actual NT Kernel module, not an app or service. It’s actually kind of cool to see my Linux partitions show up under XP as lettered drives!

Yesterday eWeek reported another 0-day exploit for Microsoft Word. While Microsoft has not publicly acknowledged the threat, CERT has issued a bulletin warning of it and a proof-of-concept has been released publicly.

From the CERT bulletin:

Data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a Word document itself. If an attacker constructs a Word document with a specially crafted value used to build this destination address, then that attacker may be able to overwrite arbitrary memory.

According to the eWeek article, currently only BitDefender recognizes the threat. Testing on a fully patched and up-to-date WinXP SP2 I can at least vouch that AVG doesn’t recognize it as a threat yet. Opening the POC in Microsoft Word results in successful execution of the exploit (which in the POC merely crashes Word.) Attempting to open the POC in OpenOffice results in OO reporting an error.

My recommendation: use OpenOffice.

This is a Critical exploit, capable of executing code as the user running Internet Explorer. Reports of this in the wild as well as a temporary patch can be found at the Internet Storm Center.
From the eEye Digital Security Alert:

The PoC is an integer overflow-based heap overflow, in the DSA_SetItem function in COMCTL32.DLL. An arithmetic overflow can occur during multiplication to calculate the desired size for a call to ReAlloc, that isn’t reproduced during a subsequent call to memmove, so the allocated size can be smaller than the copy size and result in a heap buffer overflow. …

This vulnerability can result in remote code execution in the context of the logged in user. In order to exploit this an attacker must create a malicious website or leverage a site that allows for custom user content.

While the vulnerability was posted on the Browser Fun Blog on July 18th, the exploit first appeared over the weekend. The Microsoft Security Advisory has details on how to patch manually and how to apply the manual change to group policy.

Affects:

• Windows 2000 Service Pack 4
• Windows XP Service Pack 1
• Windows XP Service Pack 2
• Windows Server 2003
• Windows Server 2003 Service Pack 1
• Windows XP Professional x64 Edition
• Windows Server 2003 for Itanium-based Systems
• Windows Server 2003 with SP1 for Itanium-based Systems
• Windows Server 2003 x64 Edition

Hackers Post Code for New IE Attack

Although the hackers are calling it a 0day exploit, it seems that it isn’t really. It is one of many that can be easily found using the AxMan ActiveX fuzzing engine. It seems that the guys over at xsec.org are trying to take more than reasonable credit for writing code to exploit a known vulnerability.

HD Moore, head of the Metasploit project was quoted in the article as saying:

“This is one of the many exploitable bugs that can be discovered using AxMan and one of the few that I didn’t include in Month of Browser bugs due to the ease of exploitation. I still have three or four left in IE that have similar impact.”

There is also a Secunia Advisory related to this exploit.

In the eEye security bulletin for today the news of not just one, but two worms in the wild based on the Server Service vulnerability. If you still haven’t patched do it now, unless you’ve been infected, in which case eEye recommends “to wipe the system clean and rebuild it from the last uninfected backup.”

As much as this should be ingrained in our computing habits, this still needs to be said: Apply patches when they come out!

The Microsoft Security Bulletin MS06-040 came out on the 8th, and a MetaSploit module to exploit the flaw came shortly after. Tech e-zine eWeek reported that Immunity and Core Security Technologies had both released what they deemed “reliable exploits” for the flaw and declared it wormable on all Windows versions.

Dave Aitel, CEO of Immunity said in an interview with eWeek “A worm is coming. This bug is just too easy to exploit.”

This is a vulnerability that would allow for remote takeover of an unpatched Windows machine. It will be interesting to see how widespread the damage is when (not if) a worm is released.

Patches are available from the bulletin (follow the links) or from Windows Update.

Anyone who has ever had need of bootable recovery tools knows what a pain it is to try to build a bootable CD containing all the needed tools. Why do it all the hard way? There is a very handy one already built and ready for download at Ultimate Boot CD. This is a Linux-based live CD with lots of Linux tools. There is a Windows-based version Ultimate Boot CD for Windows as well. While the Linux-based version comes with its own kernel, and allows for adding modules (available at SourceForge) the Windows version requires that you have your own WindowsXP CD with SP1 (and preferably 2) - although they also have a utility to help you slipstream the service packs if your disk doesn’t have them.