Archive for the 'Code' Category

hacked!! twice in four years, it’s like I’m microsoft or something

Published
by
jonh
on Monday, April 3, 2006
in Code, News and Rants
. Comments

It’s true!! Just the other day the bluemonki website was hacked! It’s happened before and now again, I can totally relate with microsoft in this problem.

It was totally my fault, and I guess it was pretty clever, though it only took me 20 minutes to work out what they’d done (more in dpeth info on that later)

You can see that page they upped [here].

I’ve learnt my lesson and I’m sure as hell gonna dish one back out to that turkish goat fucker and his punk ass hacker site running on Windows….more on that later too!

Nighty night :)

Technorati Tags: , , ,

Aiport Extreme under linux

Published
by
jonh
on Sunday, March 26, 2006
in Code and Reviews
. Comments

Well I discovered the other day that an open source broadcom driver has been written which supports Airport Extreme (the Apple wireless card) so I gave it a go. And you know what?? It bloody works, as long as you don’t want any encyption (which I do).

So I’ve put down a [forum post] and we’ll see what comes out of the wash :)

Technorati Tags: , , , ,

Compiz + XGL = OpenGL muchos sexyness graphicalis!

Published
by
jonh
on Saturday, February 11, 2006
in Code and FYI
. Comments

If you though OSX was pretty for having functions such as expose and cool user switching - well you ain’t seen nothing yet.! From the website:

“Compiz is an OpenGL compositing manager that use GLX_EXT_texture_from_pixmap for binding redirected top-level windows to texture objects. It has a flexible plug-in system and it is designed to run well on most graphics hardware.”

In non-techy speak this means that it looks amazing AND is fast as funk!!

Check out the scrrenshots at the [website] or download the [video] and try not to make too much of a mess!!

You’ll need the XVid codec to play the movie. If you’re a non Linux type you can get this at [XVid Movies]

The best thing is that you can already do this on [Gentoo]!! (smug mode ON)

Technorati Tags: , , ,

Flock

Published
by
jonh
on Thursday, January 19, 2006
in Code and FYI
. Comments
[Flock] seems to be working once more!

technorati tags:

Flickr Photo

VOIP is fun

Published
by
jonh
on Monday, January 16, 2006
in Code, FYI, News, Rants and work
. Comments

Well it’s done - I’ve made it so that [bluemonki.net] now forwards to [beta.bluemonki.net] and due to some issues with [domainstat] appearing in my pages I’ve upgraded everything that has the slightest hint of XML based web services!

We’ve also got a new [VOIP phone] to play with at work and it only took us 3 minutes to discover it’s configuraion page and to hack in to [start fiddling]. By the end of the day it had the classic [CTU ringtone] :)

Also why do people always phone me while I’m eating my dinner??!?!

Technorati Tags: , , , , , , ,

Flock like Firefox

Published
by
jonh
on Thursday, December 22, 2005
in Code and News
. Comments

Ok I’ve just installed  [Performancing], the Firefox extension.  It lets you post to your blog from you web browser.  Pretty damn convenient.

The only problem I had was spotting the small icon in the bottom right that makes it pop-up!

Java profiling with Eclipse

Published
by
jonh
on Thursday, November 24, 2005
in Code and Reviews
. Comments

The latter part of last week profiling some Java code at work in order to ring every last usable CPU cycle out of it. I currently do all Java (and some C++) development in [Eclipse] which has an excellent debugger and a really nice interface. It’s also nice to have the same environment on OSX and Linux :)

The best tool for the job seems to be the [Eclipse Test and Performance Tools] which provide lots of profiling goodies.

My current setup is:

  • Eclipse 3.2
  • TPTP 4.0.1
  • Latest version of the Agent Controller

To use TPTP you need the Eclipse XSD and EMF plugins installed so install those first using the auto update function. The TPTP installation is pretty simple, download the zip of all the TPTP tools and unzip it into the plugins directory of Eclipse.

You also need to install the Agent Controller (don’t let the documentation fool you into thinking this is optional, cos it’s not). Unzip the Agent Controller to a directory and run the SetConfig.bat file in the bin directory. Just use all the default options. You can then run RAServer from the command line to start the agent controller.

Now you can start Eclipse, create a new run instance, set the options in the Profile tab of the run settings, and profile your ass off. Unfortunately the profiler eats memory as if it’s cheaper than chips so you’ll almost certainly have to increase the amount of memory the JVM is allowed to use to stop getting “Out Of Memory” errors.

To do this make sure you call eclipse like this:

eclipse.exe -vmargs -Xmx512M

chunky bacon

Published
by
jonh
on Thursday, September 15, 2005
in Code and Funny
. Comments

Man I love cartoon foxes which it why I love [Why's (Poignent) Guide to Ruby]

Skip to chapter 3 if all you want to see is foxes…

Oh and check out [Daring Fireball on the new iTunes theme]

laterz…

PHP and forms with a sprinkling of security

Published
by
jonh
on Thursday, September 15, 2005
in Code
. Comments

Recently one of my work collegues asked me to investigate some spam he was getting on his personal website account. These little challenges always intrigue me, so I said yes.

After much prodding in the email headers it became clear that the spammer was using a simple Contact from set up on the website.

Firstly I thought this problem down to the form using the POST method, and the PHP assuming the names of the form elements were assigned to global variables as it passed via the URL.

For example if the form looks thus:


<form name="silly_form" method="post" action="$php_self">
<input name="email"/>
</form>

Now when this form is submitted the PHP used to look like this:

<?php
if ($email)
{
mail("john@example.com", "Hi", $email);
}
?>

But that would work if you called the page like this:

http://example.com/page.php?email=fake@example.com

So the code was changed to this

<?php
if ($_POST['email'])
{
$email = $_POST['email'];
mail(”john@example.com”, “Hi”, $email);
}
?>

But still the spam kept a coming….

This is becuase you can create a form in Javascript which can then be submitted, and it’s not too much of a jump to automate the creation of the form.

Here’s what the Javascript could look like:

<SCRIPT LANGUAGE="JavaScript">
function fnSubmit() {
document.emailform.submit();
return;
}
</SCRIPT>
<body LANGUAGE="javascript" onload="return fnSubmit()">
<form method="post" action="index.php" name="emailform">
Email: <input name="email" type="text" value="address"/><br />
<input type="submit" />
</form>

So we need a new approach, some kind of Turing test to make sure the user is human. I’m sure you’ve all seen the images that you can generate using either [CAPTCHA] or [the] [same] [idea]but it’s only a simple contact form.

So we developed a little piece of code that asks a user to enter two characters, that we tell them to enter and these are checked by the contact code. These characters are simple taken from two strings, one 32 characters long, and one 13 characters long. The current day and month are used to select the characters so they can be easily checked on the other side.


<?php
function GetCharacters()
{
// create the array
$day_string = "thirtytwocharactersjustincase";
$month_string = "thirteencharacters";
//
// get todays date
//
$day = date('d');
$month = date('m');
//
// get the array characters
//
$one = $day_string[$day];
$two = $month_string[$month];
// result
$result = $one . $two;
return($result);
}
// check characters
function CheckCharacters($a_characterArray)
{
// create the array
$day_string = “thirtytwocharactersjustincase”;
$month_string = “thirteencharacters”;
//
// get todays date
//
$day = date(’d');
$month = date(’m');
//
// get the characters
//
$characterOne = $day_string[$day];
$characterTwo = $month_string[$month];
$characterArray = $characterOne . $characterTwo;
//
// check the characters
//
if (0 == strcasecmp($a_characterArray, $characterArray))
{
return(true);
}
return(false);
}
?>

And there we have it, just enough Turing test for a contact form - enjoy…