For example, when you went to the movie theatre, before you might have just typed a status update such as: “At the movies seeing the new Batman”. Unfortunately for Facebook there are 1000s of different ways to say you’re at the movies, across 1000s of different languages used on their platform. The problem of trying to analyse what a user is doing from text is a difficult one to solve. But Facebook now made it easier.

More worryingly, however, is that facebook now lets you tag how you are feeling. The only way to do this previously was using sentiment analysis where the text you type is analysed for keywords to detect the sentiment in what you are saying, or in other words how you are feeling. This is an extremely difficult problem to solve, far more than looking for keywords that try and figure out what you are doing. Now whenever you attach your “feeling” to a facebook post, facebook knows in that moment much more about you.

Facebook now has one of the biggest advertising platforms around, bringing in revenue of $1.25 billion in Q1, 2013. You’ve long been able to target demographics in Facebook as they know so much about you. If you had a new hair spray piloting in the United States, you could target 18-21 year old Females, living in the US. Facebook even allows you to specifically target users based on their interests, so in this example the advertiser might target girls interested in beauty, or hair styling.

The new changes to Facebook will most likely allow Facebook to allow advertisers to target advertising not only based on who you are, what you are interested in but how you are feeling at the time. Last week, Microsoft announced to gamers that their console would cost $100 more at launch than Sony’s. Gaming is a hot topic on social networks, so Sony could specifically target advertising at key moments where users on social media are “feeling angry” and have an interest in Microsoft’s console. Another example could be targeting people who are “feeling tired” with energy drinks.

The current market leader in online advertising, Google, has their own social network they could use to leverage this data and target advertisements more effectively, but there aren’t as many people using it and they don’t have as much aggregated meta-data on their users. Furthermore their advertising efforts are centered around browsing history and search history, rather than who the user is.

Facebook has positioned itself to become the market leader in online advertising. Through its variety of methods they can target users far more accurately at a specific moment in time than any other advertiser currently can, and with the amount of users they have information on, and the amount of information they posses about them, revenues will continue to rise as advertisers realise the potential opportunities of the platform.

Firefox does not support embedding webfont files from a different domain

The good news is the fix is simple. Simply send the following header:

Access-Control-Allow-Origin *

The good news is the fix is simple. Add this header to your page:

 header('p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"');

If you want to read more about this check this page:

http://en.wikipedia.org/wiki/P3P

Bonus: if using silex add this middleware:

$app->after(function (Request $request, Response $response) {
    $response->headers->set('p3p', 'CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"');
});

sudo dpkg-reconfigure locale

This will load a GUI where you should select the new locales to install, then follow the onscreen instructions.

$crawler = new Crawler($html);
 
foreach ($crawler as $domElement) {
    print $domElement->nodeName;
}

However, this will assume the document is ISO-8859-1. If you want to crawl a UTF-8 page correctly do it like so:

$crawler = new Crawler;
$crawler->addHTMLContent(file_get_contents('http://www.columbia.edu/~fdc/utf8/'), 'UTF-8');
 
foreach ($crawler as $domElement) {
    print $domElement->nodeName;
}

The second parameter to addHTMLContent is ‘UTF-8′ by default, but I’ve added it to illustrate that you could use other character sets too.

I couldn’t boot into safe mode (by holding shift on boot). I could enter the internet recovery mode, but a drive repair and permissions fix did nothing. I tried using the internet recovery mode to reinstall OSX (without losing data) and that didn’t work.

Next I reinstalled OSX from a bootable USB recovery drive. This installed 10.8.2 again which worked perfectly. I immediately upgraded to 10.8.3 and the no entry sign was back. This told me there was some issue with my hardware and 10.8.3. A quick google around found that Intel X25-M drives don’t work on 10.8.3 unless you upgrade to the most recent firmware. The good news is this is super easy.

Download the Intel SSD toolbox on a windows machine. Shut down the machine and insert the drive from your mac. Boot up again and run the toolbox and update the firmware. It takes less than 20 seconds and then put the drive back in your mac and it should boot into 10.8.3 without issue.

Don’t do what I did and wipe your data, as there is no need!

Hopefully this article will be of help to a few people out there! Let me know in the comments if it was.

I’ll cut straight to the chase. There’s some great information already available. At the time of this writing though, both sets of instructions didn’t work for me. I’ll come to why later.

The first thing you want to do is install nginx and php5-fpm. Before you do this add dotdeb to your sources list. Don’t forget to update your packages.

Now we can install nginx and php5-fpm:

sudo apt-get install nginx php5-fpm

In nginx, there’s no such thing as virtual hosts. We call them server blocks, but they work similarly. Let’s create one. Create a file at
/etc/nginx/sites-available/` called `yourdomain.com` with these contents:

server {
                listen 80;
                server_name yourdomain.com;

                access_log /var/log/nginx/yourdomain.com.access_log;
                error_log /var/log/nginx/yourdomain.com.error_log;

                root /var/www/yourdomain.com/public_html;
                index index.php index.htm index.html;

                include /etc/nginx/global/wordpress.conf;
                include /etc/nginx/global/restrictions.conf;
       }

This creates a server block, which listens on port 80, with webroot at /var/www/yourdomain.com/public_html. It then includes two configuration files which we’ll come to now.

Now create a file at /etc/nginx/global/wordpress.conf with contents:

# WordPress single blog rules.
# Designed to be included in any server {} block.

# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
        try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off; log_not_found off; expires max;
}

# Uncomment one of the lines below for the appropriate caching plugin (if used).
#include global/wordpress-wp-super-cache.conf;
#include global/wordpress-w3-total-cache.conf;

# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ \.php$ {
        # Zero-day exploit defense.
        # http://forum.nginx.org/read.php?2,88845,page=3
        # Won't work properly (404 error) if the file is not stored on this server, which is entirely possible with php-fpm/php-fcgi.
        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on another machine.  And then cross your fingers that you won't get hacked.
        try_files $uri =404;

        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

        include fastcgi_params;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#       fastcgi_intercept_errors on;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
}

This file is very important and one value particularly is of interest to us. The fastcgi_pass variable is critical if you want PHP to work. When PHP-FPM is running, it listens on a socket. Dependent on your distribution and package this value might be different. Every tutorial I tried suggested pointing this value to 127.0.0.1:9000 but this was not the case with my system. If you open /etc/php5/fpm/pool.d/www.conf there is a configuration value called “listen”. This is what you should set the fastcgi_pass variable to.

Finally, create a file at /etc/nginx/global/restrictions.conf to handle some security:

# Global restrictions configuration file.
# Designed to be included in any server {} block.

location = /favicon.ico {
        log_not_found off;
        access_log off;
}

location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
}

# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~ /\. {
        deny all;
}

# Deny access to any files with a .php extension in the uploads directory
# Works in sub-directory installs and also in multisite network
# Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
}

Now all of our configuration is in place, we need to shut down apache, and start nginx and php5-fpm:

sudo /etc/init.d/apache2 stop
sudo /etc/init.d/php5-fpm restart
sudo /etc/init.d/nginx start

Your site should now be running nginx. Confirm this by visiting it and of course checking to see if the process is running:

ps aux | grep nginx

Enjoy!

The way in which drive-by attacks work is simple. A hacker breaks into a website and edits the source code of the page to deliver malware to the user. Usually this is works by the hacker creating their own web page and then loading that through an iframe on the site they broke into. This results in a subtle, but very effect method of attacking user’s machines as the iframe is normally hidden so the user doesn’t even see it.

The reason this is called a drive-by attack is because you are extremely unlikely to have noticed it happened. The most effective hackers will use a 0-day attack which often means that the malware is not present in anti-virus databases, so the only method of detection from an anti-virus is to rely on heuristic methods which detect unusual activity on your system. Experience has shown that this is extremely difficult to do and often these drive-by attacks go unseen.

The exploits used in most of these attacks target browser plug-ins as they are installed on almost every browser of every system. Popular plugins such as Flash and Java are installed on most new machines by default, and if they aren’t updated by the user then they become a common attack vector for hackers.

So that leads me to my question: what can we do about it?

More recent builds of Google Chrome come with a fantastic feature which enables you to disable plugins by default, and only allow them to play if you explicitly click them. Let’s look into how to turn that on. In the top right corner of your browser click the menu icon and go to settings (If you’re on Windows you can click Ctrl+, or Mac Command+,).

Next, at the bottom of the page click “Show advanced settings”.

Under the “Privacy” section click the “Content Settings” button and scroll down to the “Plugins” section. We want to change this setting to “Click to Play”:

Finally, click the “Manage exceptions…” button so that we can whitelist some sites that are most likely safe to run plugins on. I have added youtube like so:

Remember, when you add a site to this whitelist all plugins will run on it, so only add to this list if a site relies on a plugin to operate or it becomes really inconvenient having to click every time.

And that’s it! Enjoy browsing the web more safely and please give feedback in the comments or follow me on twitter.

What I’m going to illustrate is how easy it is to set up your git remotes so you push to two places. If github goes down, it doesn’t matter, assuming everyone on your team follows this guide the code will also be on bitbucket, or wherever else you choose. But this tutorial will mirror to github & bitbucket. Let’s begin.

1. Firstly, I’m going to assume you have a remote set up already for github named “origin”. Rename it to “github:
   

   git remote rename origin github

2. Create a new repository on bitbucket and name it the same as the one on github.
3. Add it as a remote using the instructions provided. But make sure you call it “bitbucket” and not “origin”. Something like so:

   git remote add bitbucket ssh://git@bitbucket.org/username/somerepo.git git push -u bitbucket --all

4. Next type:

   git config -e

   This will open up a text editor and allow you to edit your git configuration.

5. We need to add the urls for every remote so far (github and bitbucket) into a new remote called “origin”. It should look something like this:

   [remote "origin"] url = git@github.com:username/somerepo.git url = ssh://git@bitbucket.org/username/somerepo.git

6. Next time you run git push origin it will push to both

And that’s it. It’s as simple as that.

Recent of versions of git allow you to add multiple places per remote like this using git commands, but I prefer to see exactly what is going on in the configuration.

Update #1: reddit user MatmaRex makes a very valid point to be careful renaming remotes if you have any remote branches. I’ve updated the instructions to reflect this.