Blogging with Ecto 3, and a quick tip.

I was a prolific user of Ecto when I first stumbled upon it back during the version 2.4 days. Ecto is now up to version 3 and it is as awesome a blogging tool as ever. It looks like http://ecto.kung-foo.tv no longer works, but that's ok, because the Ecto software and forums are now hosted at IllumineX.

If you are an Ecto 2 licensee, your license for Ecto 2 will get you access to Ecto 3 free of charge.

One snag I came across when I started using Ecto 3 was an error coming back from both the Amazon Helper and the Flickr Helper.

For the Amazon Helper, the error was;

"The request must contain the parameter Signature."

For the Flickr Helper, the error was;

"Failed to get data from Flickr!"

So a quick search rendered the following forum post at IllumineX, which led to the following page explaining how to install the new plugins.

So basically both Amazon and Flickr have updated their API, and therefore the plugins need to be updated.

Here are the quick links to both.

• Amazon Helper



• Flickr Helper

Follow the instructions here and you'll be rolling again within a minute.

Ok let's test the plugins;

Amazon

"Groundswell: Winning in a World Transformed by Social Technologies" (Charlene Li, Josh Bernoff)

Flickr

That's really nice!!

Cool Tools: Rescue CD 3.11

Thanks to F-Secure for putting out this cool tool;

Now it is time to release the new Rescue CD for which we put out the beta some time ago. We decided to update the version number to 3.11 since we added a couple of useful utilities to the CD image. Otherwise this is the same version as is available on our Internet Security 2010 installation CD.

Take a look a the release announcement and download here.

Use Synergy to share a keyboard between an Ubuntu desktop and an Apple laptop

Oy vey. How do I explain this one without sounding like a total alien?

Ok, so I'm using a program called Synergy to share a keyboard between an Ubuntu desktop system and an Apple Powerbook. The program is made up of a "server" and a number of "clients". Since the Ubuntu desktop isn't going anywhere, I am using it as the server and the Powerbook is the client.

It works great. Much easier than having a zillion keyboards on my desk, or in this case reaching over to my laptop to answer an IM or e-mail. BUT, please note the SECURITY CONCERNS at the bottom of this article.

So here we go;

Step 1) Download Synergy2 for the Mac and install.

Download Synergy2 for the Mac and decompress synergy. The binaries come out as synergyc and synergys. synergyc is the binary we want to use on the Powerbook. I have mine in /opt/local/bin/.

Example; decompress the binary package via Apple's Terminal

scarr@awesome:~$ cd tmp && tar zxvf ~/Downloads/zxvf synergy-1.3.1-1.OSX.tar.gz
...etc... output of file...
scarr@awesome:~/tmp$ cd synergy-1.3.1/
scarr@awesome:~/tmp/synergy-1.3.1$ ls -al
total 2888
drwxr-xr-x 3 scarr scarr 4096 2006-04-02 16:17 .
drwxr-xr-x 4 scarr scarr 4096 2009-10-13 21:57 ..
-rw-r--r-- 1 scarr scarr 293309 2006-04-02 16:17 ChangeLog
drwxr-xr-x 2 scarr scarr 4096 2006-04-02 16:17 doc
-rw-r--r-- 1 scarr scarr 861 2006-04-02 16:17 README
-rwxr-xr-x 1 scarr scarr 1029440 2006-04-02 16:17 synergyc
-rw-r--r-- 1 scarr scarr 793 2006-04-02 16:17 synergy.conf
-rwxr-xr-x 1 scarr scarr 1593984 2006-04-02 16:17 synergys

Step 2) install the Synergy server on to our Ubuntu box.

From the command line, do the following;


scarr@awesome:~$ sudo aptitude search synergy
[sudo] password for scarr:
i quicksynergy - GUI for easy configuration of Synergy
i A synergy - Share mouse, keyboard and clipboard over the network

scarr@awesome:~$ sudo aptitude install synergy

You can use the other app in that list, QuickSynergy, to quickly set up the server config. If you do, the config that QuickSynergy generates will be in ~/.quicksynergy/synergy.conf. The downside of QuickSynergy; it doesn't seem to allow much customization, which you may need.

Step 3) Configure the Synergy server.

Configuring Synergy can be a bit confusing but once you've got the layout visualized it makes a lot more sense.

Here's my example config on the server side for reference, which is on the Ubuntu desktop;


section: screens
awesome:
codebook:
meta = alt
alt = meta
end
section: links
awesome:
left = codebook
codebook:
right = awesome
end


awesome is the Ubuntu desktop. codebook is the Powerbook.

So in "section: screens" we define what systems will share awesome's keyboard and mouse. If you'll notice, under codebook's example I've defined a swap of the alt and meta keys.

I've got an Apple keyboard hooked up to awesome, but when I enter codebook's screen, awesome sends an alt in the place of the command key and vice versa for alt. To fix that, I just swapped 'em. Depending on the keyboard you're using, you can mix and match. It's very handy to be able to do that. A list of the keys is in the synergys man page, but here they are below for reference.

· Modifier keys:
shift = {shift|ctrl|alt|meta|super|none}
ctrl = {shift|ctrl|alt|meta|super|none}
alt = {shift|ctrl|alt|meta|super|none}
meta = {shift|ctrl|alt|meta|super|none}
super = {shift|ctrl|alt|meta|super|none}

In "section: links" we define how these systems are configured.

So awesome is to the right of codebook.

[caption id="attachment_4544" align="alignnone" width="300" caption="Pardon The Mess! Awesome is to the right of Codebook"][/caption]

Step 4) Run the client and the server

- On awesome, the server, from the command line I run

synergys -c /home/scarr/.synergy/synergy.conf


This is pretty straight forward. I am running the daemon with the configuration we just wrote. It should slip into the background and you can close the terminal.

- On codebook, the client, from the command line I run

/opt/local/bin/synergyc -n codebook 10.10.10.10


In this instance, I am defining the name to send to the server as codebook. The IP address of awesome is 10.10.10.10, which is where codebook will connect.

If everything has gone according to plan you'll be able to slip between the two systems, taking the clipboard with you, which is astonishingly handy!

Step X) some automation

To get the server to start up when I log on to the Ubuntu box, I have asked Ubuntu to run it under System -> Preferences -> Startup Applications

To run the client on the Powerbook, I used Automator to make a shortcut to the terminal command.. This part is still somewhat messy, but it's easy and works.

SECURITY CONCERNS

Synergy is unencrypted and mostly passwordless (if you don't count obfuscating your computer name, which is already sketchy security since it is, once again, unencrypted). Do not use synergy on a network you do not trust implicitly. Because it is unencrypted, all communications between the synergy server and synergy client will be readable in plain text in TCP/IP packets.

There are ways around this, like tunneling synergy through SSH, but that's just one shelf above what I'm willing to explain. If you want to start down this road, you can look at http://www.securityfocus.com/infocus/1816 which is a good starting point.

AsiaBSDCon 2009:The OpenBSD Release Process: A Success Story

Possible SSH 0-day vulnerability? And a couple of semi-helpful iptables tips.

Update 07/08/2009: This is starting to sound less and less like a 0-day and more like a single administrative error or lapse. Either way it's a warning; don't be lax with your SSH access. SSH is for the most part secure, but there's always the chance that it can be exploited.

Update 07/07/2009: SANS is also as vexed with the lack of info on this issue as everyone else I've contacted.  They're a great place to watch for more data as it becomes available.  If anything new happens I'll also update here, but I'll probably get it from SANS myself.



I'm sorta loathe to report this, since I don't have anything to substantiate it other than rumors flying on web hosting bulliten boards and Twitter, but there is word of a 0-day SSH vulnerability floating around.

Translated Rumor

Translated Rumor Source

I have no more information on this than that, other than hearing that several hosts are locking down SSH also.

So I've been running around tonight locking down my visible servers.

This is actually good practice for the most part.  SSH is a powerful service, so any vulnerability to it tends to get magnified in importance very quickly, and also as information on the vulnerability spreads attacks multiply quickly.

The fix is simple; block SSH access to untrusted IPs.  At this juncture even if it upsets your clients, you might want to until more information trickles out about the status of this vulnerability.

If you want an easy way to create and test some new iptables rules, you can do what I do (no warranties, etc).

1. do an 'iptables-save > ~root/tmp_iptables'


2. edit ~root/tmp_iptables and add the following lines before the line that says COMMIT.  Substituting the IPs and hostnames I have added for your own of course.
   -A INPUT -s 10.0.0.1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s my.devlab.ca -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j DROP



3. do a 'cat ~root/tmp_iptables | iptables-restore' and cross your fingers

If things have gone horribly wrong, and I have led you down a terrible path, cutting off your SSH access, you can either console in and re-do that same process, but taking out the SSH rules, or you can have your service provider console in, or reboot the box.   The nifty thing about this method is that it's not a permanent change to your server.  It will only last until your next reboot, unless you have some process that automatically saves any iptables rules you put into place.

Hey @treehugger help me out of the mobile iPhone landing page ghetto!

Now, I'm not singling out the awesome treehugger.com here, a lot of blogs are starting to do this; 

When I am reading my favorite blogs via Google Reader, or any app for that matter, and I want to follow a story back to that blog from the RSS feed, I will sometimes get re-directed to a "mobile" version of the page.  

This is not bad, in theory, but when the execution is wonky it's very frustrating.  The latest is one of my favorite blogs, Treehugger!  

Example:

 

[caption id="attachment_4388" align="alignnone" width="320" caption="Treehugger in Google Reader on an iPod Touch"][/caption]

And I click through...

 

[caption id="attachment_4389" align="alignnone" width="320" caption="The landing site on Treehugger in Safari on the iPod Touch"][/caption]

So I hit the mobile page, which would be cool but I don't hit the story.  In fact I don't even see the story I wanted to expand on in this list.  Auugh!  Denied!  

There are a couple of other reasons why this is frustrating.

1. I'm coming in from an iPod Touch, so the layout won't be mangled even if I hit the regular full-browser site.  Landing on the full site would still be plesant.  (I also have a BlackBerry 8700r, but there isn't a site on earth that it can render properly).


2. There's no option to just default to the regular site without being bounced to the mobile site.  I believe Gawker has this option; it seems to set a cookie in your mobile browser saying "don't redirect this guy to the mobile site, he no like".  

Of all the trivial things I can worry about, I'm worrying about this :)  Mainly because I see it creeping in to every blog I read.  Every site seems to want to bump you into a mobile version, but by and large the mobile version doesn't have the same polish that the regular site has.

From an end user perspective I'd rather suffer with a potentially mangled full site than a broken mobile site.  I could probably find the story I was looking for at the Treehugger mobile landing page, but by the time I get to that page and realize I'm not looking at the story, then start calculating my options to get to that story I've forgotten what I want to read (yes, I'm a goldfish).

Please, Treehugger, fix it before I am fooled into buying a Hummer H2!  I need my daily econews fix or bad things happen.

TweetDeck for Ubuntu Linux

[caption id="attachment_4243" align="alignleft" width="300" caption="TweetDeck for Ubuntu Linux Screenshot"][/caption]

TweetDeck is a pretty fancy (perhaps the most fancy!) Twitter client for your desktop that I have come across.  It has nearly all the features I'd want out of a Twitter client.  It also runs under Adobe Air, which means it is portable cross-platform (to a point, I guess).  I use it when I'm not on the iPod Touch on Mac OS X, and it's great.

Adobe Air is now available for Linux, and I have installed it on my Ubuntu Linux 8.04 workstation, and it works for the most part, although it seems to be a bit of a hog, and it seems to, um, "disappear".   The notifications show up at the upper right, so I can regrab the window from those when it does go missing.

[caption id="attachment_4242" align="alignright" width="150" caption="soooweeee!"][/caption]

Here's a thing; when I went to download TweetDeck the downloader told me I required Flash Player 10.0.15.3.  I don't know if I have that or not (don't really care to troubleshoot it under Linux at the moment) but I had a copy on my iMac.  I snagged that .air file and it managed to install via the Adobe AIR Application Installer in my Gnome dropdown menu.

• TweetDeck


• Adobe Air for Linux

Hello world, I just transferred my Wordpress install!

That was really, really easy.  It even pulled down any associated images from my installs.  Kudos to Wordpress!  This is by far my favorite blogging software.

Quick'n'Dirty: Create your own local podcast in iTunes

I wrote a Quick'n'Dirty script tonight so that I could import a bunch of assorted mp3 audio files on to my iPod in the form of a Podcast.

Why?

Imagine you have a bunch of lectures by a guy at Google recorded at a university. They are available as randomly assorted mp3 audio files. Rather than suffer through trying to listen to them one by one on your iPod, you use this script to create an XML file that fakes a podcast. By creating my own fake podcast in iTunes, I can take a series of mp3 audio files, set them in a specific order, listen to each one, and have the iPod automatically discard the file when I am done.

So here's what you do under Mac OS X 10.5, with this fugly script.. dir2pod.pl

Warning: This script comes with no warranties or licenses. :)

1. Go to Apple -> System Preferences -> Sharing


2. Enable Web Sharing


3. In your Sites directory, create Podcasts


4. Make sure Podcasts has read-only permissions for everyone (use APPL-I if you need to change the permissions)


5. Move dir2pod.pl into Podcasts, make sure it is executable (APPL-I again)


6. Copy your directory of mp3 audio files into Podcasts as a subdirectory (so for example, you'd have Podcasts/Myshow if your mp3 files were in a directory named Myshow)


7. Run the following command from The Shell
   

   $ cd ~/Sites/Podcasts && ./dir2pod.pl Myshow/ > Myshow.xml



8. In iTunes, go to Advanced -> Subscribe to Podcast... And enter;
   

   http://localhost/~YOURUSERNAME/Podcasts/Myshow.xml



9. If everything went well, iTunes will detect the podcast and will try and download the last file. Click on "Get All" to download all the files in that directory.

If you want to try this script out, but it's not working for you, pass me a comment and I'll see if I can tell you where it's going wrong.

Map CAPS-LOCK to Control in Ubuntu and Mac OS X.

I dislike CAPS-LOCK. It is a key that has not made much sense to me since the Commodore 64. It's one of those odd legacy keys from lord knows when in antiquity. One of the most annoying things about CAPS-LOCK is that it has great placement on the keyboard.

One of the most useful keys for a *NIX geek is Control. It's the all purpose key on the command line.

So if you're into Linux or FreeBSD or anything in between, mapping CAPS-LOCK to Control can really speed you up and save your wrists a lot of strain. Your pinky can now reach Control without having to do that funny pivot down and left or right.

If you just dislike the CAPS-LOCK key, as in it gets in your way while you're trying to type, this is also a good option to 86 it as well.


One option you have is to buy a keyboard where CAPS-LOCK is already replaced by a hardware-mapped Control key, like the Happy Hacking series of keyboards (my personal favorite keyboard, just barely inches out the Model-M for best keyboard ever).

So here are two ways to map CAPS-LOCK to Control. One in Ubuntu Linux (7.10 and up) and one in Mac OS X.

Ubuntu Linux with Gnome

1. Click on System -> Preferences -> Keyboard
   
2. Click on the Layouts tab
   
3. Click on Layout Options...
   
   
   
4. Expand Ctrl key position
   
5. Select the Make CapsLock an additional Ctrl. radio button.
   
   
   
6. Close, boom done!
   

Apple Mac OS X 10.5

1. Click on Apple -> System Preferences
   
2. Go to Keyboard & Mouse
   
3. Click on Modifier Keys
   
   
   
4. Select the Caps-Lock Key pulldown
   
   
   
5. Set it to Control
   
   
   
6. Boom! Done.
   

And then if you're a total obsessive like I am, you can do this sort of thing...



A neat feature of FreeBSD 5; it gives you the option to map CAPS-LOCK globally to Control during the install process.

Unrelated Side Note:

THIS was so cool it actually made me a little angry.

C64 USB keyboard

Twitter probably needs an API key generation system to thrive

There's a big bad phish going around on Twitter today. Likely either related to the Twply thing or seriously emboldened by it.

One of the first things I considered when I looked at the Twitter API was that it was wonderfully open, and ripe for abuses. Coupled with a Phishing attack there are a lot of powerful methods to disseminate viruses, malware, and to collect passwords. LOTS of them.

From the Twitter blog:

It looks as though this particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email said, "hey! check out this funny blog about you..." and then provided a link. That link redirected to a site masquerading as the Twitter front page.

Anyway one thing that might help stem the tide of Phishing attacks, and API-service type attacks (Twply style trust attacks, where they say they're going to do something, and all they really do is take your data), an API key system, or a drastic evolution of the current API method.

It's not like I'm saying anything radical, actually, this is likely in the works at the volcano/skull island that houses Twitter's developers, but it's more the shape of things to come. You'll likely see a slightly more complex and less "impulse buy" friendly API system emerge. Hopefully safer than the seat of the pants insecure method used now.

And as Pete Cashmore says, it might be a sign that Twitter is "for real".

About that password thing...

I re-twitted this alarming post from @JennKim last night regarding a Twitter scam site

@JennKim Think twice before leaving your Twitter password http://tinyurl.com/7wq2gt

From the article linked above...

Twply, the Twitter site that promised to email your replies to your inbox while protecting your password, appears to have tweeted a promotional message for the service on your account even if you opted out of this option. To add insult to injury, the site was sold today on Sitepoint for $1200, just one day after launch. The site, which required you to enter your Twitter password, has now sold that confidential data to the winning bidder - site user worldbuyer.

Sucks! Also I'm sorry if you are reading this and were burned by this service. BUT, yeah, never trust anyone with your passwords.

This is the new face of the electronic security compromise. People don't put the importance of security on their online passwords as they do with, say, the PIN number for their bank cards.

If you spend a lot of time online, you really, really should. Why?

People use the same passwords for multiple sites.

It is unfortunate but it's a reality that won't change as long as we are human. The password system does sort of suck, but it's what we have now until the populace gets comfy with digital keys. You don't have to have a different password for every occasion, but I try to have three or four rotating strong passwords I use at different sites. The bad news on this front is some places (often financial firms) won't let you use strong passwords with characters like @ # $ % or & in them. Dumb but true. So what ends up happening is that people will pick the weakest but most compatible password they can remember and they'll use it everywhere.

We also use the same login for multiple sites.. more on that below.

Fix: Generate 3 good passwords and try to use a password manager with your PDA or phone. You don't have to use the password manager every time, but it can help jog your memory when you forget.

Website security is always much worse than you think.
Take it from an insider; if a website wants your username and password so that it can access another website on your behalf, it is going to store that username and password in a database in PLAIN TEXT, no encryption and with the most basic of protections.

It is only marginally better, often, if you are submitting your username and password to a forum. The passwords might be encrypted, but that encryption can be reversed as well. It's worth it to a hacking group to decrypt a series of passwords, and they always have the horsepower to do it (think Storm Botnet).

Fix:Don't trust any of these places. Even Facebook! I couldn't believe Facebook wants me to input my GMail username and password so that it can scrape my address book for friends. The audacity... Sure it works, but now your GMail account and password are on record in a Facebook database somewhere, for EVAR. When the Badguys get into that database, they have your account and password info.

Badguys will compromise your accounts, even if you think they aren't important.
So now a website is hacked, let's say via SQL injection or a straight buffer overflow. No matter how, the Badguys now have access to your username and password. What can they do with it?

1. Cross-reference your username with a domain-name database to see what you have registered. yourname.com is now a target of domain jacking.
   
2. Try your username and password combo at places like GMail and Hotmail. If you signed up to twitter as exampledude, and your hotmail account is exampledude@hotmail.com.
   
3. They read your e-mail to find out what banks and online financial institutions you use. Paypal, etc. They are now closer to having access to your money.
   
4. They scrape your e-mail accounts for users and send them viruses, personalized, from you. They send you viruses from your friend's addresses. Personalized Phishing may be on the horizon as well.
   
5. If they have access to your e-mail accounts, they can take your domain. If that domain has e-mail accounts associated with it, they now own those too and the cycle repeats.
   

I could keep going like this. tl;dr it's a domino effect. The badguys get one compromise, and they can keep going with that unless you've used good username and password hygiene.

There's a lot of excitement around social networking and mashups right now. There's a great sense of community and optimism towards anything to do with it. It's refreshing, but I think in that atmosphere people drop their guard a bit in the hopes that everyone intends only good.

But, this is still the Internet.

SimCity for the iPhone

I'm a SimCity freak, and I have been since the Commodore 64 version hit in 1989, but I had no idea that EA had finally released a version for the iPhone. (thanks calebcherry).

First impressions? Good! I was actually a little skeptical until my first city started building, and bam, my old SimCity addiction kicked in.

The interface is not as clunky as one would expect considering the small screen size. The menus take advantage of the iPhone interface, and have iPhoneisms, so it jives nicely with the rest of the iPhone platform.

The music still has that same SimCity, "I'm watching re-runs of Beyond 2000" feel, which I quite enjoy. I haven't heard any tracks I recognize from previous SimCity games yet but I wouldn't doubt that they're in there.

Advisors aren't blocky sims, which I'll kind of miss. They're oddly "anime" looking as others have noted. I understand that choice though, why render 3D dudes to yell at you when a cartoon will do?

From a complexity standpoint it sits smack in the middle of the original SimCity and SimCity 3000. In fact it shares a lot of traits with SimCity 3000, and early screens of the iPhone version were dead ringers for the SC3000 interface. The game is not anywhere near as complex as SimCity 4 (of course), but it still has a satisfying number of knobs to tweak.

In summary, should you pick it up?

It's under $10.

It's got enough SimCity feel to satisfy.

I'd buy it even if I was just going to play it once waiting for a flight.

It won't replace SimCity 4, but you can play it while on the can, so, there's that...

This will certainly be one of the apps that eats up my battery life. Coming soon to this blog: a post about "poor battery life" on the iPod Touch! In no way related to my 8-hour road-planning stints.

Points of interest

SimCity at Wikipedia

SimCity for iPhone

Technorati Tags: apple, gaming, iphone, iPod

Halo 3: Rocket Deflected with a Grenade!

From Ownatron:






That... was pretty awesome.

Technorati Tags: gaming, Halo, video

livehttpheaders

This is a wicked cool debugging tool for Mozilla. If you're a sysadmin and you want to see what's going on under the hood while you make requests, you'll want to install this extention.

mozdev.org - livehttpheaders: index:

http://livehttpheaders.mozdev.org/

Technorati Tags: developer, firefox, mozilla, sysadmin

A speedy and unfair comparison of OS X web browsers

Process			CPU%	Thread	Real Mem	Virt Mem	Messages

OmniWeb			0.00	14	26.17 MB	216.63 MB	5,947
Safari			0.70	6	16.85 MB	172.31 MB	4,128
Opera			0.80	7	31.90 MB	272.32 MB	6,078
firefox-bin		0.20	8	54.95 MB	220.68 MB	11,156

This is what the footprint of my various web browsers looks like when each is opened with one window rendering Google.

I'm using Safari and Opera as a team almost exclusively now. Opera for speed searches and reference, and Safari for pages with persistence and that have funky rendering. It's working out great, as I can drag links from one to the other effortlessly.

What I Do and Why Opera has such a large RAM footpront

I've turned off most scripting, cookies and other fluff like Flash in Opera, and it caches pages only to a 20MB chunk of RAM (no disk cache).

Since my Powerbook's 4200RPM disk is always chugging, this does seem to make a difference in responsiveness so I am glad to sacrifice the additional Real Memory for this speed boost.

Opera feels really responsive and has a lot of handy features (auto-reload, speed dial), so keeping a dozen windows open with forums and stuff doesn't chunk down my Powerbook like Firefox does, even with the RAM hit. Doing the same thing in Firefox not only eats up the RAM but the disk as well with Virtual Memory and Lord knows what else.

I have Opera's speed dial set up for discussion sites that I frequent. Most render pretty much flawlessly even with many standard browser features disabled.

Safari is my "Default browser" and it is configured to accept all cookies. I use this for all secure pages and Google Mail for example.

Interaction between Opera and Safari is as easy as dragging one link from Opera to Safari if I need to render something properly or if I have something to add to a forum conversation.


I am such a resource hog that Firefox was taking up too much of a RAM footprint (also mostly my fault because of extensions and just general fluff). Firefox is still a browser I open up to render the really finicky pages and I still actually prefer it over all, but it's too much of a hog on the PPC Mac platform.

Technorati Tags: Apple, Firefox, interface, Opera, osx, PowerBook, Safari

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

ISC posted a story about a possible new hole in PHP. Quick summary below, check out their site (and subscribe to their RSS because it's handy!) for links etc. SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc:

More PHP Phun
Published: 2007-06-06,
Last Updated: 2007-06-06 03:20:41 UTC
by Chris Carboni (Version: 1)
Jack wrote in to tell us that US-CERT posted the following advisory:

US-CERT is aware of a publicly reported vulnerability in PHP. PHP version 5.2.3 may be vulnerable to an integer overflow within the chunk_split() function.

More information can be found in the following PHP Security Blog.

US-CERT will provide additional information as it becomes available.

Technorati Tags: hacking, php, security

Screenshot 03/16/2007 - Tracks + Geektool

Screenshot 03/16/2007 - Tracks + Geektool:

bwana posted a photo:

I'm loving Tracks. It's a great GTD tool that runs on ruby on rails. I set it up on my webhost and haven't looked back. Since it supports plain-text feeds, it made it painfully easy to implement geektool task lists on my desktop. Simply wonderful.

Nice... I'm not a huge fan of Ruby on Rails yet but I think it's mainly because I don't fully understand it. I'll get there, but as it stands I'm still stuck with PHP and Perl on the brain. This makes me want to fool around with it though.

Technorati Tags: gtd, programming, Rails, Ruby

WebObjects 4.0

WebObjects 4.0:

mysistersabarista posted a photo:

WebObjects is what I use day to day so this was a gem to find, what's amazing though is that it's unopened but this version I think was when it still cost around $50,000. I'm not sure what the belgium guys with the stand wanted for it, they know its free now right?

Woah. What really got my attention in this pic was the ISDN manager!

Technorati Tags: Apple

Defcon for the Mac? Don't keep me hangin' baby!

Ah sweet dudes! Ambrosia is going to be publishing the Mac port of Defcon; the amazingly simple, eerie, and addictive strategy game of thermonuclear warfare.



I've had several chances to play the demo on a PC, and it's pretty amazing. If you have a vector graphics fetish, this will fulfill your every need.

In an odd way I see this game as a sideways prequel to Fallout.

This will also go great with my Expert Mouse;

Technorati Tags: apple, defcon, gaming, macintosh