Below is a Microsoft SQL Server script that I use to create nightly backups. The backups (.BAK files) can be copied to hard drive, tape, or remote storage to satisfy your disaster recovery requirements. The script requires two (2) modifications – first change the ‘master_backup_dir’ variable to the path on your server that you would like the backups stored and second update the ‘retain_day’ variable to the number of days you wish to retain the backups on physical disk prior to removal.

Configure the SQL Agent to run a nightly job with a single step that executes the T-SQL code.

/*********************************************************/
/* Job requires use of xp_create_subdir and xp_delete_file to
create backup directories and delete old files */
/*********************************************************/
 
-- All Databases excluding (non-read only and sample) databases are backed up.
-- Expired backups are deleted
 
-- Backups of master, model and msdb are written to a 'System' folder
-- Backups of user databases are written to folders named after the databases
 
-- Get names of eligible databases (excluding tempdb and sample databases)
 
declare databases_to_backup cursor
FOR
SELECT name FROM master..sysdatabases
WHERE name NOT IN ('NorthWind','Pubs', 'AdventureWorks', 'tempdb')
AND (STATUS & 1024) <> 1024
ORDER BY name
FOR READ only
go
 
SET nocount ON
 
declare @db_name varchar(50),
@master_backup_dir varchar(255),
@specific_backup_dir varchar(255),
@backup_date char(8),
@backup_time char(4),
@filename varchar(255),
@retain_days tinyint,
@delete_date datetime
 
-- Specify high level backup directory and number of days' backups to keep on disk
SET @master_backup_dir = 'D:\data\backup\sql2005\'
set @retain_days = 14
 
-- Open the cursor and retrieve the first database name
open databases_to_backup
fetch databases_to_backup into @db_name
 
while (@@fetch_status = 0)
begin
-- Build a datetime string to uniquely identify the backup
set @backup_date = convert(char(8),getdate(),112)
set @backup_time = right('00' + convert(varchar(2),datepart(hh,getdate())),2) + right('00' + convert(varchar(2),datepart(mi,getdate())),2)
 
-- Build the specific backup directory path
if @db_name in ('master','model','msdb')
set @specific_backup_dir = @master_backup_dir + 'System\'
else
set @specific_backup_dir = @master_backup_dir + @db_name + '\'
 
-- Verify the backup directory exists
exec master.dbo.xp_create_subdir @specific_backup_dir
 
-- Build a unique filename and backup the database
set @filename = @specific_backup_dir + @db_name + '_db_' + @backup_date + @backup_time + '.bak'
BACKUP DATABASE @db_name TO DISK = @filename
 
-- Delete files older than specified retain days
set @delete_date = dateadd(d, (@retain_days * -1) , getdate())
exec xp_delete_file 0, @specific_backup_dir, N'bak', @delete_date
 
-- Get the next database name
fetch databases_to_backup into @db_name
end
 
set nocount off
 
close databases_to_backup
deallocate databases_to_backup

**Note, before you read this scroll down and click the ‘preview’ button to pause the application while you read this article. The preview button is located to the right of the pan & volume.

In late 2008 Coca-Cola asked Juxt to create a ringtone generator for their Sprite brand. The concept was fairly fairly straight forward, create an engaging rich media campaign for Sprite that would supplement and drive additional traffic to their under the cap program. The under the cap program gives participants a digital prize on their mobile phone every time they text a cap code found under the cap of a 20 oz Sprite.

The rich media unit allowed visitors to mix custom samples to create a ringtone which then could be sent to their mobile phone. The mechanism for delivery of the ringtone was sending a text message with a unique code to 77483 [Sprite's short code]. The unique code was determined by the selection and pattern of samples chosen in the mixer.

So far so good, four samples (drums, bass, lead, and synth) and four measures the only piece missing is a creative mind to mix yourself a ringtone. This is where things get both complicated and interesting. Due to the hosting environment infrastructure and mobile messaging platform we were unable to create ringtones on demand in real-time. Instead we were require to create all possible combination of ringtones in advance. Using a 4×4 grid of samples and measures we are left with 65,536 possible combination’s but one option is complete silence so our magic number is 65,535 distinct ringtone possibilities.

We tried a wide variety of different software applications to sequence audio tracks to generate our 65,535 ringones. However, after much research we determined that each piece of software resulted in poor results. For the most part, desktop applications weren’t able to process the sheer bulk size of the files we were trying to sequence. It became evident that this wasn’t going to be an easy task. Eventually I found a audio conversion application for linux called the Swiss Army knife of sound processing (SOX). After trial and error and a make shift syntax manual I was able to join four samples (drums, bass, synth, lead) so they all played at the same time. Success. Well, not quite success but progress.

Having a solution to merge audio tracks was comforting, but there was still a few more hurdles. Mainly, how do I go from creating one combination to over sixty-five thousand, and how would I generate a code that could easily be interpreted by the Flash mixing interface so the right SMS code could be generated? Since SOX is a linux tool it made sense to create a script to write an application to sequence the ringtones. PHP was an obvious candidate, its available, easy to write, and very robust. I am going to spare the details of the contents of the script, but I can tell you that it used bit arrays, translation, loops, and math. As I mentioned previously matching the code to a specific ringtone is extremely important. If you are in the industry you are aware that banners and rich media units have file size requirements. In our case the flash mixer needed to be less than 100k. The design and functionality already left us at nearly 100k which meant we didn’t have room for logic in the application and we could not load a mapping into the flash application via XML because the file size would be ~5MB which would kill the experience.

Regardless, we found a pattern relying on hex that allowed us to use a simple naming scheme that the mixer could understand with very little logic. Then we modified the naming convention slightly to make sure we didn’t generate any codes that matched data in the 18,000 row document explaining how to spell vulgar or inappropriate terms using your keypad. After generating 65,535 ringtones in a number of formats we put them on a terabyte drive sent them to an unnamed country in Europe and the rest is history, run through the MTV or VHS properties to find the ringtone mixer and get yourself a new ringtone.

It seems there are so many American’s that aren’t happy about the failed $700 Billion buyout plan that the www.house.gov website is taking two minutes to load [in some cases not loading at all].  I’m not all that happy with politicians these days, but I don’t really feel that sending them an email through the house.gov website is really going to result in better policy.

I was just so amused by the creativity of a system administrator that I had absolutely no choice other than to write about it. Let me set the scene. I was attempting to bring up my banks website, but the site did not load. In an effort to deduce the problem I visited wellsfargo.com (another large financial institution). The homepage of Wells Fargo loaded perfectly, and thus I wasn’t having any obvious problem with my internet connection.

So what did I find so amusing and funny? Well, it turns out that the Server tag returned in the HTTP Header for Wells Fargo is “KONICHIWA/1.0″ At this point, I probably should have enjoyed the laugh instead of investigating further. But I didn’t. First, I went to Netcraft and did a search for wellsfargo.com. Netcraft shows Wells Fargo as using “KONICHIWA/1.0″ at least as far back as 2006. It was now time to set my gut feeling aside that this name was just a cute obfuscation of the real Application Server and confirm that there wasn’t any new product on the market named Konichiwa. So, I did the research and it turns out my instincts were right.

So why am I writing about this, why are you reading this, and what Application Server is Wells Fargo actually using? I will now hopefully answer at least two of those three questions!

There is a long history of security professionals and system administrators attempting to obfuscate what equipment they use [disclaimer: I am a hypocrite and follow these practices]. The rationale for this is simple: If somebody wants to do something malicious to exploit your vulnerabilities it will harder to do so if they think you are using product A instead of product B. This is merely an illusion, but it gives some peace of mind. Solving the mystery wasn’t incredibly difficult thanks to Net-Square Solutions, a security research firm based in India. They have developed a product httprint which uses web server fingerprinting to attempt to identify web servers based on their characteristics instead of the standard HTTP header which as we have seen can easily be obfuscated and renamed to “Konichiwa” which loosely means good day in Japanese.

Enough “Geeking Out”. The output from httprint is below, and Wells Fargo is actually running Netscape Enterprise Server 6.0 which makes much more sense.

httprint v0.301 (beta) - web server fingerprinting tool
(c) 2003-2005 net-square solutions pvt. ltd. - see readme.txt
http://net-square.com/httprint/
httprint@net-square.com
 
Finger Printing on http://www.wellsfargo.com:80/
Host Redirected to https//www.wellsfargo.com:443/
Finger Printing Completed on https://www.wellsfargo.com:443/
--------------------------------------------------
Host: www.wellsfargo.com
Derived Signature:
KONICHIWA/1.0
9E431BC86ED3C295811C9DC5811C9DC5811C9DC594DF1BD04276E4BBC184CB92
7FC8D095AF7A648F2A200B4C811C9DC5811C9DC5811C9DC5811C9DC52655F350
FCCC535B811C9DC5FCCC535B811C9DC568D17AAE2576B7696ED3C2959E431BC8
6ED3C295E2CE6922811C9DC5811C9DC5811C9DC56ED3C2956ED3C295E2CE6923
E2CE6923FCCC535F811C9DC568D17AAEE2CE6920
 
Banner Reported: KONICHIWA/1.0
Banner Deduced: Netscape-Enterprise/6.0

For folks that are involved in IT Budgeting I’ve got to lend a little advice about purchasing SSL certificates. These days most websites require SSL functionality. When purchasing a certificate be sure to not purchase it for only a  single year. The pricing of SSL isn’t expensive in 2008, and the time required to install these certificates can be rather grandiose. Thus, make sure you at least purchase a two year certificate. One year flies by faster than you can imagine and the cost of installation is much greater than the cost of the certificate. Invest in your business, buy long term and thank me later.

Just got back from a StartupCamp5 and the beginning of Sun’s JavaOne Conference. Was able to spend a few hours back in San Francisco, see some friends and family.

I’ve recently been working on performance tuning a set of application servers for optimal performance of a high volume website. YSlow is a Firefox Add-on that works in conjunction with the Firebug add-on that is intended to help you analyze and understand performance based on Yahoo.com’s rules of “High Performance Websites.”

If you work with the YSlow tool in a development environment you likely aren’t going to be using a Content Delivery Network (CDN) such as Akamai or Limelight Networks. Thus, you get a lower optimization score when testing. This can obviously be misleading, and there is a work around documented in Yahoo’s YSlow FAQ. The problem is that the documentation explains the work around must be configured via: “Go to about:config in Firefox. You’ll see the current list of preferences.” The issue/confusion is that many people don’t realize that “about:config” isn’t an option of your browser preferences, or preferences of your plug-ins. You must type “about:config” into the address bar of your browser to pull up these configuration parameters.

The YSlow plug-in itself is very useful. However, the documentation seems a bit lacking so hopefully I am able to save others who attempt to configure it some valuable time.