I’ve implimented captcha for comments. If this seems to work for eliminating bot-spam I’ll desist my comment moderation.
Cheers
DK
Archive for the ‘Security’ Category
Sometimes us unix folk like to have a patchfile to upgrade our software (especially scripts) so I made one for upgrading my wordpress installation from 2.0.1 to 2.0.2.
~/my_wp_webroot $ patch -p1 < WordPress_2.0.1_to_2.0.2.patch
This is especially true when you’re writing a library which is meant to be absorbed into a larger codebase, but also true of a codebase in which you know you will be using foreign libraries to accomplish tasks. And I’m as guilty as anybody when it comes to this!
When you are naming your functions and classes be mindfull of the possibility of collision. I think that we (as a group of programmers) are generally mindful of this when we lay out things like our database schema, but can overlook this when we’re writing our libraries.
For example a class/function name of something like “database” seems good ad first glance: It’s clear, to the point, and descriptive (okay… *somewhat* descriptive). However consider that anyone who’se writing anything even remotely related to a database (and these days what *isnt* tied to a database?) will think to themselves at one point “hmm if i name the class database, it’ll be short enough not to be annoying to type, long enough to describe what its used for, and no one’s going to think its used for processing text strings!”
So, now, its possible that every library has a right to use this class name for their code because of its qualifications. But then you will be limited to only using one persons external libs (assuming that your internal libs arent already using it)
What we *ought* to do is, for our project Foo, call the class “databaseFoo”, then we can simply use something like $database = new databaseFoo; and we loose basically nothing, and be assured of compatibility with other libs.
DK
So, in noticing general trends, I seem to have uncovered an (in retrospect) obvious link between cheap routers, port forwards, and network disconnects.
It seems that, on a cheap router, if you have X port forwards you are increasingly likely to have random disconnects and such (especially with wifi) as X increases…
so if your internet throughput is crappy. you’re experiencing ertratic ping times, and getting lots of crappy disconnects… try removing all your port forwards… seems to9 really work. My best guess is that theres just not enough cpu/ram to maintain the tcp stream states.
The most amusing things happen when you’re been coding a long time. I found, and used a “hole” in one of our database routines (which has since been fixed)
getOneValueFromTable($srcTable, $srcField, $whereField, $whereValue);
produces SQL like “SELECT $srcField FROM $srcTable WHERE $whereField = ‘$whereValue’”. Can you spot the potential problems in something like this? Consider this: getOneValkueFromTable($srcTable, $srcField, ‘1′, ‘1′; delete from $srcTable; ”);
Granted its not much of a problem if only proper developers are able to use this function, but if any untrusted party were able to affect any of those variables… big problems…
Everyone should know this. If you didnt know this kind of a problem existed… consider yourself warned. This has been a public service announcement. We now return you to the normal silence found on this blog
cheers
DK
I finally decided that I wanted PGP for my e-mail again… I had been using thunderbird for my e-mail back when I was on a PC+Linux bu, for reasons of my own, I decided that I would try and stick it out with OSX’s Mail.app…
Google’ing led me to a post by Hanno Kaiser on the “Law & Society” Weblog
I was able to follow those directions pretty much verbatem (sp?) up intill it said that Mail.app would give me an error… it never did… so I just went along merrily… Mail.app told me I didnt have a key, so i closed it down, and launched the GPG Keychain Access app, generated myself a 4096 bit key (which took a suprisingly long time (i would have thought that It’d frozen)
As a matter of fact I *DID* think that it was frozen, and I killed it. After i went back into the krychain access utility and saw one half of the 4096 bit keys made I realized that it just was going to take an ASS long time. As a self-proof-of-concept I made first a 1024 bit, and then a 2049 bit key… when both completed apporpriately I decided to go for the throat and make the “holy grail” of gpg keys (at least the one with the biggest damn number of bits).
So, if you were paying attention you realize that I already had 2 functional keys… why waste my time on making the “makes your MacMini so slow you can tap in morse code faster then it can now accept keyboard inputs” (yea i had lots of other apps going, dont bother flaming me) key? *BECAUSE I CAN* and *BECAUSE I WANT ONE*… I mean, hell, like you dont buy hardware upgrades to give yourself the gratification of having better numbers on paper…
Anyhow… over 2 hours later I’m back to the same conclusion… creating a 4096 bit DSA key with this setup is not possible… ahh well… 2048 bit here I come…
Just goes to show… there’s always room for improvement.
DK