upstream sent too big header while reading response header from upstream, client:

While working on a project that involved connecting with LinkedIn’s oauth login this afternoon with a PHP fast-cgi, nginx, rails, passenger setup, I encountered an error that took a bit of trial and error to fix.

upstream sent too big header while reading response header from upstream, client:

I tried following a few people’s advice from various forums and blogs of setting proxy buffer size as shown below and a few other params that didn’t lead me anywhere.

proxy_busy_buffers_size 256k;
proxy_buffers 8 256k;

I started to try everything and finally realized maybe the data that I’m getting back and am trying to store in a session was too large. I had originally had thought the error was from the amount of data LinkedIn was sending back. So instead of doing the below:

session["devise.linked_in_data"] = env["omniauth.auth"]

I simply just only set the data that I really need in the session.

Facebook iOS SDK

In one of my current projects, I’m working on an iPhone app that requires basic Facebook Connect integration. I ran into a little trouble with getting fbDidLogin, the delegate function to be called. My setup was a little different than the Facebook sample project so it was debugging time. I tried checking the basic things like making sure delegate was set to the right class and other minor things with no luck. My next step was to turn to Google which usually never fails and after about 10 minutes of trying a few techniques other fellow developers recommended, I came across Brett Spurrier on Google Groups which recommended a simple change to the Facebook.m code:

From:
[self authorizeWithFBAppAuth:YES safariAuth:YES];

To:
[self authorizeWithFBAppAuth:NO safariAuth:NO];

And what do you know, that was the solution! Thank you Brett for your post on Google Groups!

Email Solicitors

I get email spam all the time and I do admit that even though all of the spams end up being deleted, I did take a few moments to quickly read the emails mostly for educational purposes. I received one last night regarding one of my websites that I run. I thought the tone of the email was professional but the email, like most spam, was very generic. The email didn’t tell me how their company could help out my website specifically and had a lot of unnecessary text. I definitely would have responded if the email was geared more towards my website.

Dear James,

I personally reviewed your website at XXXXXX and am writing because I see an opportunity to work with your business to help significantly improve the effectiveness of your marketing programs with email marketing and social media campaigns.

These days, most marketing budgets have been slashed and marketers have been forced to “make due” with limited resources. The question that keeps most business owners, CMO’s and marketers up at night is: how do we make the most of our limited budget and still increase our ROI?

I am the Founder & CEO of List Engage, Inc., an e-marketing company that provides end-to-end e-marketing and social media solutions. I began ListEngage—after spending over 15 years in the industry as an Engineer and Senior Consultant with Bell Labs, PictureTel — to provide businesses with an alternative to cookie-cutter marketing services that only view their clients as an invoice.

At List Engage we specialize in full-service, hands-on campaign implementation for all of our clients. Whether we’re sending your monthly newsletter, or mapping out an engaging Twitter strategy: we understand what’s working today and provide customized service every step of the way. Not only do we offer expertise and best-of-breed guidance but “hands-on” implementation of all the ideas we recommend.

We work with B2B and B2C companies of all sizes and industries. Some of our clients include: Alpha Software, Green Giant, C.C. Filson, BrandsMart USA,Parametric Technologies,  Chadwick’s, Fidelity Investor, Jessica London, J.Jill, and Response Insurance… to name a few.

We help these clients solve marketing challenges that go beyond traditional “carpet-bombing” approaches—including triggered automations, great email design, and creating (designing and executing) highly effective social media campaigns. We won’t make promises we can’t backup with measurable results.

Has your team sat down lately and considered the following?

1) How does our business nurture and engage prospects that visit our site?
2) Are we “hiding under a rock” avoiding the incredible potential of Web 2.0 and social media because we don’t know where to start or fear the risks associated?
3) Are our marketing efforts integrated with our CRM software?
4) Do we have a follow-up strategy (re-marketing) to engage our audience?
5) Have we automated our emails for: leads, customer service requests, customer’s birthdays or anniversaries, abandoned cart reminders, or special engagement offers.

I will be happy to show you a quick demo and share some case studies of how we have helped our clients put these e-marketing programs in place and also discuss the results we have been able to achieve for them.

Please email me directly with any questions. I look forward to hearing from you and wish you the best of luck in your e-marketing efforts..

Domain Spam Email

I own a few domains and recently received an email telling me that a similar domain to one that I own will be listed for sale. I checked the status of the domain and it shows that it’s currently in PENDING DELETE status, meaning it will become available to the public within a few days. This is actually a smart little tactic this spammer is employing. They are trying to gauge the value and interest level of a domain to determine whether or not it’s worth it to them to register right as it becomes available.

Priority Domain  Availability Notice for ****************.com:

In the next few  days,  ****************.com will be listed for sale.  Since you have a
similar domain name, I  thought you might be interested in acquiring
****************.com.

You can confirm  your interest in the domain ****************.com by filling out the
form here: ****************

After I receive  a confirmation that you are interested in the domain
****************.com, I  will be in touch with you promptly to make  arrangements.

I look forward  to hearing back from you.

Sincerely,
Arthur Simmons
InTrust Domains

The take away from this email is check things out for yourself before just accepting the fact. Owning the domain referenced in the email may be nice but had I clicked on the link, InTrust Domains probably may register the domain since I showed some sort of interest by following through on their email. I’ll check in a few days to see if the domain is available. It’s not worth too much so I’m not too concern but am quite curious on the outcome.

CHMOD 777 = BAD

One of my clients that I just started doing work was complaining about images not showing up on his site recently. I checked it out and what happened was the folder had a .htaccess file created there that restricted everyone but a few IPs. I thought that was kind of odd. I poked around more and saw that 3 PHP scripts were somehow uploaded into the folder that wrote the .htaccess file. The scripts were pretty creative and encrypted everything using hexadecimals along with a key. Fortunately, the key they used was the user agent, so I did a quick grep of the server logs and saw what user agent the script was being called was using and decoded the script.

It turns out that the scripts were basically DDOS scripts that could be triggered remotely based on parameters being sent in when calling the script.

Next step after getting rid of those and reading the code was trying to figure out how the scripts got in there in the first place. I didn’t have to look too far and saw that the folder was CHMOD 777. Obviously if a hacker wants to get in, they will find a way in, but CHMOD 777 is almost inviting them in with milk and cookies. I haven’t found out how the file was uploaded, but it’s possible they used a hole since the site was using an outdated open source software solution.

Moral of the story, don’t CHMOD 777 your folders when you don’t need to.

Chase Debt Card Stolen

I got a phone call today from Chase regarding suspicious activity on my business debt card. After a few minutes, I had learned that somehow my card was stolen along with my ATM pin along with 5 withdrawals of $500 from today and yesterday from various locations throughout California. I was worried that I would not see that money again but Chase immediately told me that I would get my money back after filing a claim.

The strange thing is that I never use my ATM card for any thing outside of depositing checks from 2 or 3 Chase ATMs in my area. I actually drove back to one of the ATMs and was looking around for a skimming device but didn’t notice anything out of the ordinary.

Back to the story, I was asked if I had access to an email to get access to a claim form. I gave them my email and was sent two emails within a few minutes with my login info.  I opened up the 2nd email which had my username with a subject of “Your Chase Customer Claims Secure Document Exchange Electronic Package is available online” and clicked on the link, which took me to https://sdx.chase.com/consumerdcx-chase_atm.

I set up my account and then logged in. I see a message waiting for me to be read, I click it and got the following message:

Sorry

A system error has occurred. Please try again, but if you continue to see this message then contact the system administrator.

I tried a number of basic troubleshooting strategies such as clearing cookies, closing browser, using Chrome, Firefox and IE on Windows, switching to my Mac laptop, tried Chrome and Firefox, then loaded up VM Fusion with a Windows XP instance. I kept getting the same screen. I even viewed the source of the page, and tried going directly to the URL the javascript function was suppose to take me to.

https://sdx.chase.com/consumerdcx-chase_atm/messages/MessageDetail?action=1&msgId=XXXXXXXX-true&listType=6&urlPrefix=http://sdx.chase.com/consumerdcx-chase_atm

No luck. I thought, maybe I’m just an idiot, why don’t I just call tech support. Of course, they told me to clear my cookies and reboot my computer. When has that seriously worked when there was an issue with a website?

I wonder that I can’t be the only one out there having the same issue. I eventually called Chase back and had them fax me the form.

First Blog Post

Finally starting my first blog. Hopefully I’ll manage to keep it updated with content.  I’ll be posting anything geek related, mostly from my programming adventures ranging from iPhone, Ruby on Rails, PHP, MySQL, etc…