Ensure PHP tmpfile() is removed automatically
For years, I’ve been using a PHP code snippet like this to write to a temporary file:
$tempFilePath = stream_get_meta_data(tmpfile())['uri']; file_put_contents($tempFilePath, 'Hello, world!');
I expected this file to be removed automatically when the script ends, according to the documentation for tmpfile():
The file is automatically removed when closed (for example, by calling fclose(), or when there are no remaining references to the file handle returned by tmpfile()), or when the script ends.
The 7.1 GB tmp directory on my server with 1.8M files begs to differ.
What’s happening?
PHP keeps track of the number of references to the handle returned by tmpfile() and immediately removes the file when none remain. In the code snippet above, the script doesn’t keep any reference to this handle. There is just one anonymous reference passed into stream_get_meta_data(), which evaporates when that function returns. By the time we’re writing the file path to $tempFilePath, the file no longer exists!
You can prove this by running this code snippet:
$tempFilePath = stream_get_meta_data(tmpfile())['uri']; file_exists($tempFilePath); // returns false
In the original snippet, file_put_contents() is actually creating a new file with the same name as the original one, but without the promise of automatic removal when the script ends.
Solutions
In most cases, you can avoid this problem by storing the handle instead of the path, then write to the file using fwrite():
$tempFile = tmpfile(); fwrite($tempFile, 'Hello, world!');
However, if your use case specifically requires a file path, you can just assign the handle to some variable:
$tempFilePath = stream_get_meta_data($tempFile = tmpfile())['uri']; file_exists($tempFilePath); // now returns true!
Get refunds from DoorDash for “tips” never paid to your dasher
DoorDash recently came under fire after a New York Times article exposed the ugly truth about DoorDash tips: in most cases, despite language to the contrary, your “tips” were going directly to DoorDash.
As explained in the article:
DoorDash offers a guaranteed minimum for each job. For my first order, the guarantee was $6.85 and the customer, a woman in Boerum Hill who answered the door in a colorful bathrobe, tipped $3 via the app. But I still received only $6.85.
Here’s how it works: If the woman in the bathrobe had tipped zero, DoorDash would have paid me the whole $6.85. Because she tipped $3, DoorDash kicked in only $3.85. She was saving DoorDash $3, not tipping me.
DoorDash has since removed the misleading “100% goes to your dasher” statement, and they have promised a new tipping model in the future. In my opinion, DoorDash engaged in a blatantly deceptive business practice and this change is far too late.
Here’s how I got my money back. I encourage everyone reading this to do the same, if only as a matter of principle.
I contacted DoorDash Customer Support:
I’m asking for a refund for tips associated with my DoorDash orders due to the deceptive “100% goes to your dasher” language, which fails to indicate this is subtracted from the guaranteed minimum paid by DoorDash to the driver.
$4.24 (Order #21083487 from Hobee’s on April 16, 2017)
$5.04 (Order #214975041 from Shana Thai on May 22, 2019)
$3.95 (Order #218530634 from Cooking Papa on May 27, 2019)
$3.00 (Order #254119321 from Happy Lemon on July 15, 2019)
Total: $16.23
I received a phone call from an unknown number, and then this email:
I just tried to give you a call but it looks like I missed you. Based on what you’ve described, we’d like to get in touch directly to talk through this further.
Please reply with the best day(s) and time(s) to reach you as well as confirm your preferred contact phone number and we’ll call you back.
I can imagine they are hesitant to discuss this matter via email due to the likely class-action lawsuit in their future. I replied:
I don’t believe this is necessary. Please issue the requested refund of $16.23.
DoorDash then tried to claim they could not reverse the tips because they had already paid the tips to the dashers, which is laughable if you’re following the story so far:
Thank you for contacting DoorDash in this regards.
However we won’t be able to process refunds for the tips since all the dashers already collected their payments.
My reply:
Whether the dashers already collected their payments is irrelevant, since they would have been paid the same amount by DoorDash whether I tipped or not.
I’m asking for a refund from DoorDash, not from the dashers. Again, I’m asking for a refund due to the deceptive “100% goes to your dasher” language, which fails to indicate this is subtracted from the guaranteed minimum paid by DoorDash to the driver.
Please proceed with the refund or I will escalate these transactions to my credit card issuer.
As a credit card customer fighting an uncooperative merchant, chargebacks are the ace up your sleeve. Most credit card issuers will side with you (their customer) for any well-documented claim, and merchants are charged a $20 to $25 fee whether your claim is successful or not. Obviously, DoorDash will not want to go this route:
Thank you for contacting DoorDash. I’m sorry to hear about the issue with your order, and I appreciate you bringing the matter to our attention.
We always do our best to ensure a successful delivery, and I know that did not happen in this case. I have fully documented the details of this case so that the feedback can be reviewed. We definitely want to understand how we can better avoid this type of issue in the future.
I have also issued a refund of all the tip you had requested in the amount of: $16.23
I certainly spent more than $16.23 worth of my time fighting this battle, but I believe if everyone exercised the same level of diligence, companies like DoorDash would be forced to consider more ethical business practices.
Music at the flip of a switch
My roommate wanted to have a light switch in the bathroom that plays the Fairy Fountain song on loop. After all, we had agreed to a Legend of Zelda theme for our new apartment. Here’s how I did it.
Parts
- Adafruit Audio FX Sound Board
- Speaker (4-8 ohm, up to 2.2W)
- Micro USB Cable
- USB Power Adapter
- E26 to Outlet Adapter
- GU24 to E26 Adapter (if necessary)
- Purple LED Light Bulb (optional)
In the bathroom, there were three switches for the main light, fan light, and fan. The fan light enclosure was the perfect place to encapsulate this setup.
The two key challenges of this project were 1) powering this device and 2) remotely triggering the song to play. I initially considered using some sort of Arduino setup with a 120V relay triggered by the switch, but then I would need to find a separate way to power the Arduino and didn’t want to worry about batteries.
It turned out I could solve both problems by having the song loop when the device is powered on with 120V. However, this would make the Arduino less appealing due to boot time and steered me toward the Adafruit Audio FX Sound Board. This particular board has a built-in micro USB port for both power and adding audio files, as well as a built-in amplifier. Because this board specializes in audio effects, it requires no additional programming and supports playback when powered on and looping with minimal delays.
I grabbed a copy of the song and edited it down to a loopable WAV file, then loaded it onto the board with the name T10HOLDL.wav. As explained in the product tutorial, the board will attempt to loop a file with that name when pin #10 is connected to ground. Since I always wanted this to happen when the board has power, I soldered a tiny wire from 10 to a nearby GND. I also soldered the speaker to the appropriate pins on the board.
To power the device in the GU24 light socket, I used a GU24 to E26 adapter, followed by an E26 to outlet adapter, followed by USB power adapter to connected to the device via a micro USB cable. Since I had two GU24 sockets, I used the other one to squeeze in a purple light bulb for additional effect.
I unveiled the final product on Christmas.
NextPlay featured in an episode of Office Hacks
The music program at LinkedIn is definitely one of my favorite perks, and our company band was lucky to be featured in an episode of Office Hacks.
The modern workplace has many perks, but this one might call for a standing ovation. Professional social network giant, LinkedIn, not only has a dedicated space for employees to connect musically, it even has its own house band. And they’re good!
Secret story behind this: we had to do an original song but we’ve never performed it together. Our drummer picked this up in minutes and I’m singing it for the first time!
LinkedIn Desktop Redesign
This is what I’ve been working on at LinkedIn! I’d like to specifically call out the new Messaging features:
With our new real-time messaging interface, you can message a connection wherever you are on LinkedIn. We’ll also start serving up insights across the site to help you break the ice in any conversation and connect you to your next opportunity. For example, if you see a new job posting you’re interested in, we’ll suggest someone within your network who works at the company.
The 12 Days of Christmas
Happy holidays from InTune! Here’s our Christmas song this year: The 12 Days of Christmas as arranged by Straight No Chaser, performed live at Techapella 2016 in San Francisco’s Curran Theatre.
More videos from Techapella coming soon.
An interview with the “Brains On!” science podcast
How does the internet get to us? In an interview with Minnesota Public Radio’s “Brains On!” science podcast, I discuss what it was like connecting to the internet with dial up and why it was done that way.
When we all first started wanting to get connected to the Internet, we had to find some way to get everybody’s computers connected using whatever technologies we already had. And what did we have? Well, it turns out – and this was especially true before cell phones – that just about every home already had a dedicated phone line for the shared house phone.
Listen to the full interview below (starting at 18:02):
And be sure to check out dialupsound.com!
Mitigating a brute-force login attack via telnet backdoor
I have a VPS through Linode that I use to host dozens of websites (including this one). Securing your server against brute-force login attempts is one of the first steps you should take when setting up a new server, and Linode details this fairly well.
However, one day I was surprised to notice that my CPU usage, though steady, was hovering at close to 90%. A peek at the historical usage showed this this had been increasing steadily for over a week now, but went under the radar.
A look at top
revealed accounts-daemon
(the service that handles user authentication) to be the culprit, and my /var/log/wvmb
file (which logs failed logins) was draining my available disk space to nearly nothing.
Okay, easy enough. Let’s cut off SSH access until I have time to figure out why the usual defenses weren’t working. However, the attack continued. How could this be?
Turns out the attack was happening with an old authentication method called telnet. Every article I read about telnet suggested using SSH instead for its superior security when authenticating yourself, but I couldn’t find any resources about securing telnet against malicious login attempts.
I was able to successfully mitigate the attack by turning off telnet authentication completely. In my case, I commented out this line in /etc/inetd.conf
:
telnet stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.telnetd
Conversation Starters on LinkedIn Messaging
Here’s one of the features of LinkedIn Messaging that I’ve been working on this year!
We know that reaching out to reconnect, ask for advice or network for potential job opportunities can be intimidating. How do you start a conversation with someone you haven’t spoken to in months?
To give you authentic ways to reconnect, we’ve added personalized conversation starters in LinkedIn Messaging to help break the ice.
Read more on the LinkedIn blog.
Instant Messaging at LinkedIn
Very proud of the work done by my team to bring instant messaging to LinkedIn!
We recently introduced Instant Messaging on LinkedIn, complete with typing indicators and read receipts. To make this happen, we needed a way to push data from the server to mobile and web clients over persistent connections instead of the traditional request-response paradigm that most modern applications are built on. In this post, we’ll describe the mechanisms we use to instantly send messages, typing indicators, and read receipts to clients as soon as they arrive.
Read the post on the LinkedIn Engineering blog.