Recherche avancée

Sur d’autres sites (3762)

• Data Privacy Day 2020

  27 janvier 2020, par Matthieu Aubry — Privacy
  It’s January 28th which means it’s Data Privacy Day !

  Today is an important day for the Matomo team as we reflect on our mission and our goals for 2020. This year I wanted to send a video message to all Matomo users, community members and customers. 

  Check it out (full transcript below)

  

  A video message from Matomo founder, Matthieu Aubry

  Privacy-friendly alternatives

  • NoMoreGoogle :
    a comprehensive list giving you options for other privacy-friendly alternatives.
  • Switching.Software :
    Ethical alternatives to popular sites and apps.
  • Web browser :
    Firefox
    Brave
    Vivaldi
  • Search engine :
    DuckDuckGo
    Qwant
  • File sharing :
    Nextcloud
  • Email provider :
    ProtonMail
    Mailfence
    Tutanota

  Video transcript

  Hey everyone,

  Matthieu here, Founder of Matomo.

  Today is one of the most significant days of the year for the Matomo team – it’s Data Privacy Day. And so I wanted to quickly reflect on our mission and the significance of this day. 

  In today’s busy online world where data is king, this day is an important reminder of being vigilant in protecting our personal information online.

  Matomo began 12 years ago as an open-source alternative to Google Analytics – the goal was, and still is to give full control of data back to users. 

  In 2020, we are determined to see through this commitment. We will keep building a powerful and ethical web analytics platform that focuses on privacy protection, data ownership, and provides value to all Matomo users and customers.

  And what’s fantastic is to see the rise of other quality software companies offering privacy-friendly alternatives for web browsers, search engines, file sharing, email providers, all with a similar mission. And with these products now widely available, we encourage you to take back control of all your online activities and begin this new decade with a resolution to stay safe online.

  I’ll provide you with some links below the video to check out these privacy-friendly alternatives. If you have a website and want to gain valuable insights on the visitors while owning your data, join us ! 

  Matomo Analytics On-Premise is and always will be free to download and install on your own servers and on your own terms.

  Also feel free to join our active community or spread the word to your friends and network about the importance of data privacy.

  Thank you all and wishing you a great 2020 !

  For more information on how Matomo protects the privacy of your users, visit : https://matomo.org/privacy/

  Do you have privacy concerns ?

  What better day than today to speak up ! What privacy concerns have you experienced ?

  Contact Support

• An introduction to reverse engineering

  22 janvier 2011

  (This blog is still in hibernation, but I needed somewhere to post this)

  Reverse engineering is one of those wonderful topics, covering everything from simple "guess how this program works" problem solving, to poking at silicon with scanning electron microscopes. I’m always hugely fascinated by articles that walk through the steps involved in these types of activities, so I thought I’d contribute one back to the world.

  In this case, I’m going to be looking at the export bundle format created by the Tandberg Content Server, a device for recording video conferences. The bundle is intended for moving recordings between Tandberg devices, but it’s also the easiest way to get all of the related assets for a recorded conference. Unfortunately, there’s no parser available to take the bundle files (.tcb) and output the component pieces. Well, that just won’t do.

  For this type of reverse engineering, I basically want to learn enough about the TCB format to be able to parse out the individual files within it. The only tools I’ll need in this process are a hex editor, a notepad, and a way to convert between hex and decimal (the OS X calculator will do fine if you’re not the type to do it in your head).

  Step 1 : Basic Research
  After Googling around to see if this was a solved issue, I decided to dive into the format. I brought a sample bundle into my trusty hex editor (in this case Hex Fiend).

  

  A few things are immediately obvious. First, we see the first four bytes are the letters TCSB. Another quick visit to Google confirms this header type isn’t found elsewhere, and there’s essentially no discussion of it. Going a few bytes further, we see "contents.xml." And a few bytes after that, we see what looks like plaintext XML. This is a pretty good clue that the TCB file consists of a . Let’s scan a bit further and see if we can confirm that.
  
  In this segment, we see the end of the XML, and something that could be another filename - "dbtransfer" - followed by what looks like gibberish. That doesn’t help too much. Let’s keep looking.
  
  Great - a .jpg ! Looking a bit further, we see the letters "JFIF," which is recognizable as part of a JPEG header. If you weren’t already familiar with that, a quick google for "jpg hex header" would clear up any confusion. So, we’ve got the basics of the file format down, but we’ll need a little bit more information if we’re going to write a parser.

  Step 2 : Finding the pattern
  We can make an educated guess that a file like this has to provide a few hints to a decoder. We would either expect a table of contents, describing where in the bundle each individual file was located, some sort of stop bit marking the boundary between files, byte offsets describing the locations of files, or a listing of file lengths.

  There isn’t any sign of a table of contents. Let’s start looking for a stop bit, as that would make writing our parser really easy. Want I’m going to do is pull out all of the data between two prospective files, and I want two sets to compare.
  I’ve placed asterisks to flag the bytes corresponding to the filenames, since those are known.

  1E D1 70 4C 25 06 36 4D 42 E9 65 6A 9F 5D 88 38 0A 00 *64 62 74 72 61 6E 73 66 65 72* 42 06 ED 48 0B 50 0A C4 14 D6 63 42 F2 BF E3 9D 20 29 00 00 00 00 00 00 DE E5 FD

  01 0C 00 *63 6F 6E 74 65 6E 74 73 2E 78 6D 6C* 9E 0E FE D3 C9 3A 3A 85 F4 E4 22 FE D0 21 DC D7 53 03 00 00 00 00 00 00

  The first line corresponds to the "dbtransfer" entry, the second to the "contents.xml" entry. Let’s trim the first entry to match the second.

  38 0A 00 *64 62 74 72 61 6E 73 66 65 72* 42 06 ED 48 0B 50 0A C4 14 D6 63 42 F2 BF E3 9D 20 29 00 00 00 00 00 00

  01 0C 00 *63 6F 6E 74 65 6E 74 73 2E 78 6D 6C* 9E 0E FE D3 C9 3A 3A 85 F4 E4 22 FE D0 21 DC D7 53 03 00 00 00 00 00 00

  It looks like we’ve got three bytes before the filename, followed by 18 bytes, followed by six bytes of zero. Unfortunately, there’s no obvious pattern of bits which would correspond to a "break" between segments. However, looking at those first three bytes, we see a 0x0A, and a 0x0C, two small values in the same place. 10 and 12. Interesting - the 12 entry corresponds with "contents.xml" and the 10 entry corresponds with "dbtransfer". Could that byte describe the length of the filename ? Let’s look at our much longer JPG entry to be sure.

  70 4A 00 *77 77 77 5C 73 6C 69 64 65 73 5C 64 37 30 64 35 34 63 66 2D 32 39 35 62 2D 34 31 34 63 2D 61 38 64 66 2D 32 66 37 32 64 66 33 30 31 31 35 65 5C 74 68 75 6D 62 6E 61 69 6C 73 5C 74 68 75 6D 62 6E 61 69 6C 30 30 2E 6A 70 67*

  0x4A - 74, corresponding to a 74 character filename. Looks like we’re in business.

  At this point, it’s worth an aside to talk about endianness. I happen to know that the Tandberg Content Server runs Windows on Intel, so I went into this with the assumption that the format was little-endian. However, if you’re not sure, it’s always worth looking at words backwards and forwards, just in case.

  So we know how to find our filename. Now how do we find our file data ? Let’s go back to our JPEG. We know that JPEGs start with 0xFFD8FFE0, and a quick trip to Google also tells us that they end with 0xFFD9. We can use that to pull a sample jpeg out of our TCB, save it to disk, and confirm that we’re on the right track.
  

  This is one of those great steps in reverse engineering - concrete proof that you’re on the right track. Everything seems to go quicker from this point on.

  So, we know we’ve got a JPEG file in a continuous 2177 byte segment. We know that the format used byte lengths to describe filenames - maybe it also uses byte lengths to describe file lengths. Let’s look for 2177, or 0x8108, near our JPEG.

  

  Well, that’s a good sign. But, it could be coincidental, so at this point we’d want to check a few other files to be sure. In fact, looking further in some file, we find some larger .mp4 files which don’t quite match our guess. It turns out that file length is a 32bit value, not a 16bit value - with our two jpegs, the larger bytes just happened to be zeros.

  Step 3 : Writing a parser

  "Bbbbbut...", I hear you say ! "You have all these chunks of data you don’t understand !"

  True enough, but all I care about is getting the files out, with the proper names. I don’t care about creation dates, file permissions, or any of the other crud that this file format likely contains.

  

  Let’s look at the first two files in this bundle. A little bit of byte counting shows us the pattern that we can follow. We’ll treat the first file as a special case. After that, we seek 16 bytes from the end of file data to find the filename length (2 bytes), then we’re at the filename, then we seek 16 bytes to find the file length (4 bytes) and seek another 4 bytes to find the start of the file data. Rinse, repeat.

  I wrote a quick parser in PHP, since the eventual use for this information is part of a larger PHP-based application, but any language with basic raw file handling would work just as well.

  tcsParser.txt
  This was about the simplest possible type of reverse engineering - we had known data in an unknown format, without any compression or encryption. It only gets harder from here...

• How to create a scheduled task – Introducing the Piwik Platform

  28 août 2014, par Thomas Steur — Development

  This is the next post of our blog series where we introduce the capabilities of the Piwik platform (our previous post was How to create a custom theme in Piwik). This time you’ll learn how to execute scheduled tasks in the background, for instance sending a daily email. For this tutorial you will need to have basic knowledge of PHP.

  What can you do with scheduled tasks ?

  Scheduled tasks let you execute tasks regularly (hourly, weekly, …). For instance you can :

  • create and send custom reports or summaries
  • sync users and websites with other systems
  • clear any caches
  • import third-party data into Piwik
  • monitor your Piwik instance
  • execute any other task you can think of

  Getting started

  In this series of posts, we assume that you have already set up your development environment. If not, visit the Piwik Developer Zone where you’ll find the tutorial Setting up Piwik.

  To summarize the things you have to do to get setup :

  • Install Piwik (for instance via git).
  • Activate the developer mode : ./console development:enable --full.
  • Generate a plugin : ./console generate:plugin --name="MyTasksPlugin". There should now be a folder plugins/MyTasksPlugin.
  • And activate the created plugin under Settings => Plugins.

  Let’s start creating a scheduled task

  We start by using the Piwik Console to create a tasks template :

  ./console generate:scheduledtask

  The command will ask you to enter the name of the plugin the task should belong to. I will simply use the above generated plugin name “MyTasksPlugin”. There should now be a file plugins/MyTasksPlugin/Tasks.php which contains some examples to get you started easily :

  class Tasks extends \Piwik\Plugin\Tasks
  
  {
  
      public function schedule()
  
      {
  
          $this->hourly('myTask');  // method will be executed once every hour
  
          $this->daily('myTask');   // method will be executed once every day
  
          $this->weekly('myTask');  // method will be executed once every week
  
          $this->monthly('myTask'); // method will be executed once every month
  
  
  
          // pass a parameter to the task
  
          $this->weekly('myTaskWithParam', 'anystring');
  
  
  
          // specify a different priority
  
          $this->monthly('myTask', null, self::LOWEST_PRIORITY);
  
          $this->monthly('myTaskWithParam', 'anystring', self::HIGH_PRIORITY);
  
      }
  
  
  
      public function myTask()
  
      {
  
          // do something
  
      }
  
  
  
      public function myTaskWithParam($param)
  
      {
  
          // do something
  
      }
  
  }

  A simple example

  As you can see in the generated template you can execute tasks hourly, daily, weekly and monthly by registering a method which represents the actual task :

  public function schedule()
  
  {
  
      // register method remindMeToLogIn to be executed once every day
  
      $this->daily('remindMeToLogIn');  
  
  }
  
  
  
  public function remindMeToLogIn()
  
  {
  
      $mail = new \Piwik\Mail();
  
      $mail->addTo('me@example.com');
  
      $mail->setSubject('Check stats');
  
      $mail->setBodyText('Log into your Piwik instance and check your stats!');
  
      $mail->send();
  
  }

  This example sends you an email once a day to remind you to log into your Piwik daily. The Piwik platform makes sure to execute the method remindMeToLogIn exactly once every day.

  How to pass a parameter to a task

  Sometimes you want to pass a parameter to a task method. This is useful if you want to register for instance one task for each user or for each website. You can achieve this by specifying a second parameter when registering the method to execute.

  public function schedule()
  
  {
  
      foreach (\Piwik\Site::getSites() as $site) {
  
          // create one task for each site and pass the URL of each site to the task
  
          $this->hourly('pingSite', $site['main_url']); 
  
      }
  
  }
  
  
  
  public function pingSite($siteMainUrl)
  
  {
  
      file_get_contents($siteMainUrl);
  
  }

  How to test scheduled tasks

  After you have created your task you are surely wondering how to test it. First, you should write a unit or integration test which we will cover in one of our future blog posts. Just one hint : You can use the command ./console generate:test to create a test. To manually execute all scheduled tasks you can execute the API method CoreAdminHome.runScheduledTasks by opening the following URL in your browser :

  http://piwik.example.com/index.php?module=API&method=CoreAdminHome.runScheduledTasks&token_auth=YOUR_API_TOKEN

  Don’t forget to replace the domain and the token_auth URL parameter.

  There is one problem with executing the scheduled tasks : The platform makes sure they will be executed only once an hour, a day, etc. This means you can’t simply reload the URL and test the method again and again as you would have to wait for the next hour or day. The proper solution is to set the constant DEBUG_FORCE_SCHEDULED_TASKS to true within the file Core/TaskScheduler.php. Don’t forget to set it back to false again once you have finished testing it.

  Starting from Piwik 2.6.0 you can alternatively execute the following command :

  ./console core:run-scheduled-tasks --force --token-auth=YOUR_TOKEN_AUTH

  The option “–force” will make sure to execute even tasks that are not due to run at this time. So you won’t have to modify any files.

  Which tasks are registered and when is the next execution time of my task ?

  The TasksTimetable plugin from the Marketplace can answer this question for you. Simply install and activate the plugin with one click by going to Settings => Marketplace => Get new functionality. It’ll add a new admin menu item under Settings named Scheduled Tasks.

  Publishing your Plugin on the Marketplace

  In case you want to share your task(s) with other Piwik users you can do this by pushing your plugin to a public GitHub repository and creating a tag. Easy as that. Read more about how to distribute a plugin.

  Advanced features

  Isn’t it easy to create scheduled tasks ? We never even created a file ! Of course, based on our API design principle “The complexity of our API should never exceed the complexity of your use case.” you can accomplish more if you want. For instance, you can define priorities, you can directly register methods from different objects and classes, you can specify at which time of a day a task should run and more.

  Would you like to know more about tasks ? Go to our Tasks class reference in the Piwik Developer Zone.

  If you have any feedback regarding our APIs or our guides in the Developer Zone feel free to send it to us.