|
|
|
|
|
|
Powered byD's Bloggie
| Weblog Archive browse by category ... |
|
|
|
|
December - It's the time you will feel time travels in the speed of light - 10:24 pm
Also just realize a lot of poeple are born in December too
Personal , Security , Site Issue -  DaRen
Lately I'm inactive on this site and a couple of things happened, eg site under attacked (believed it's a worm) around September, then server primary HDD crashed and they're unable to rebuild to the latest data because they didn't set up the RAID properly...I'm speechless when they "announce" this. What else could I say when you expect it's the basic routine but they're not even doing it right... then another attacked which injected codes in my scripts, thanks to that, it delivers *free porn* to visitors whenever they request a page on my site. This is so not creative...
If it's not a friend of mine bring this up to me, I would just leave this ongoing for a while since I'm going t  A couple of IP's and hostname are banned for the time being.
Oh well, Christmas is around the corner. I am planning to get myself a new PC for Christmas ^^ Would go for 2 x 22" LCD monitor setup since I've always wanted to play with multi monitors setup. Was thinking of Apple's Mac but then it's too pricy and the specs are so horrible. I can just get a PC that has equivalent performance as Mac, get a white-piano-feel case or paint it white, and it will still cost me less... .... ....
*it's getting late and I'm starting to type rubbish...*
Last edited: Sat 2006-09-30 @ 23:20 , by DaRen 1 time(s)
Site updates completed. Introducing D's Bloggie v3.1 ! - 8:55 pm
Also arming my site with rifles and bobby traps...
Personal , Security , Site Issue , Site Updates - DaRen
Test... Test... Testing 1 2 3...
Ladies and gentlemen, I 'officially' announce that the updates on my site has completed! This update took me almost 3 months to finish. That's pretty long time, since all the updates are on local and I don't focus on this everyday, so sometimes I tend to forget where I stop the last time. Anyway, this update is accompanied by the release of D's Bloggie v3.1 . Weblog is the main content on my site. So for most of the time, whenever there is a major site update, my D's Bloggie will be updated too, and vice versa.
This site update, like most of the major updates, which heavily involved in backend changes. For database part, I've created 5 new tables, added 21 new columns to existing tables and dropped 5 existing columns. This is not fun, I've to change lines of lines of codes. I've also revised most of the sql queries and remove any duplicate queries. On a full standard page it usually needs around 30 queries, after the tuning, it now requires only around 20 queries =) For search engine optimization (SEO) part, I added 'description' and 'keyword' to the HTML <META> tag. Depending on the page's content, different or custom descriptions and keywords will be used. I'm not sure why Google indexed my main page but not the rest of other pages. I even added new rewrite rules to rewrite all the URLs that points to weblog and shout entries. For example, ' /weblog/100/' will now be rewrote to ' /weblog/100.html'. So I hope this will help abit for Google... although Yahoo has already crawled almost all the pages on my site. That's weird eh ? 
Weblog entries are now able to carry multiple tags/categories instead of just a single tag/category. Tag and category is an exchangable term on my site. I've expended from originally 9 categories to 41 categories in this update. The new categories can be arranged into hierarchy format, which means every category can be a parent category and allowed to have sub categories beneath it. The public is also able to perform a search on the weblog entries, by matching the entry's title, description and content. The default search mode will be 'exact search', and it's the only search mode available right now. Read my other entry Stucked with "homemade" search engine for own weblog for more info.
This site update also indicates the starting of the battle between my site and spammers. Now, this site is armed with site-wide banning (IP range, hostname). On top of that, suspicious private message/shouts/comments will not be added. You're free to view my blacklisted list. For security, CAPTCHA (aka verification code) is used on several new pages as well as extra tracking to strengthen site's security.
For tools section, I added a few new tools. Most of them are for administrative purpose. Only URL Extract is opened for public. For weather report, I added new weather reports that cover most of the cities/capitals in Australia.
The most noticeable layout changes will be the new logo design and the side navigation menu. The side navigation menu is moved to the right hand side. This is also a part of the SEO, data comes first  On this update, side navigation menu is break down into modules, every page can choose to load the required or preset module instead of displaying all. For example, the shoutbox will only be loaded on the main page's side navigation menu. It will never appear in other pages because it's not needed.
For D's Bloggie part...
What's new in D's Bloggie v3.1
- ! Multibyte-safe parser and related classes since the site's default encoding is changed to UTF-8 (from ISO-8859-1) -- 2006.06.10
- ! Changes on the BBCode parser's rendering/parsing part. Right now using 2 phase parse instead of single phase. 2 phase parsing is a more "clean" way to deal with certain tags like [code], [nobb] etc
- + New [table] tag. This tag is inspired by the Wiki Table using pipe syntax. See http://meta.wikimedia.org/wiki/Help:Table -- 2006.06.12
- + Check the wellformedness of the content -- 2006.06.12
- + Allow dumping the raw structure for specific entry -- 2006.06.12
- + [code] Tag: Rewrote major part for this tag. Syntax changed. New attributes 'lang' 'linenum' 'nojs' 'title'. Now individual code snippet/fragment has their own options to highlight, show line number and etc. All this is done by setting the attributes in the [code] tag instead of controlling via settings of individual blog entry.
- + [url] Tag: Added a new attribute 'external' 'local' 'clean'. Originally needed 4 regex matching (include [lurl] tag), now simplified down to 1 regex matching only
- + [img] Tag: Rewrote almost the whole part for this tag. Syntax changed. Now support flexible attributes such as image position(left,right,center), image size, additional caption, image thumbnail. Inspired from Wikipedia.
- - New [left], [right] tag for text alignment
- - New [bquote] tag for blockquoting
- - New [pre] tag for preformatted text
- - New [ nobb ] tag for disabling bbcode parsing on certain context
- - Dropped [lurl] tag. Use the 'local' attribute in [url] instead
- - Dropped a markup tag that uses regex "===(.+)?==="
- - Added new smiley icons, also dropped/renamed a few ones
- - In this new update, anchor links from an image can be achieved with [img=pic.jpg|link=somewhere.html]. In previous version, this can only be archieved with [link=somwhere.html][img][/img][/link]
- - % WEBLOG % now points to a new folder path to avoid confusion between the virtual rewrote url and actual path
- - Dropped the 'Highlight Coding' option in the create blog page as a result affected by the changes of [code] tag
For more info, checkout here.
Again, please report any bugs or weird CSS rendering. You can also contact me and let me know.
*Update 2006-09-30* Forget to mentioned duplicate sql thing.
Router sold us out to neighbours ! - 8:15 pm
what a router....
Internet , Personal , Security - DaRen
Internet connection speed got slowed lately, that sounds normal to some people if their quota from ISP is reached. But that's not the case to me. It' unsual. So the house owner login to the router and guess what ? An unknown computer has connected (wireless) to the router and gain access to internet, also stealing our bandwidth... moron neighbours ! Well, it's not that we have unsecured wireless opened for public usage. It's just that somehow the router screwed up and lost the WEP configuration while I last reboot it, which is quite a while ago. Our wireless network has gone public without our notice.
Now the house owner has got WEP authentication up again and sealing up the "backdoor" for any unauthorized access. Well, if that moron is smart enough, he can crack our WEP key and use our network as a reward for him (we didn't use MAC address filtering and the router's logging system is lame...hehe..)
Anyway, opening your wireless network as unsecured network which allows other people (or neighbours) to access the internet isn't really a bad thing too. You'll theoretically be able to share all of the music on P2P networks without worrying about an RIAA lawsuit.
Quote:
In fact, this even had some people suggesting that, if you want to win a lawsuit from the RIAA, you're best off opening up your WiFi network to neighbors. It seems like this strategy might actually be working. Earlier this month the inability to prove who actually did the file sharing caused the RIAA to drop a case in Oklahoma and now it looks like the same defense has worked in a California case as well. In both cases, though, as soon as the RIAA realized the person was using this defense, they dropped the case, rather than lose it and set a precedent showing they really don't have the unequivocal evidence they claim they do.
soure: Techdirt
In fact, there are people purposely turned off the security to avoid trouble. What can I say ? Crazy world with crazy people having crazy ideas in their crazy mind... everything is possible !
Tutorial: PHP simple access control - 10:37 pm
Guides , PHP , Security - DaRen
Found a great PHP tutorial written by Harry Fuecks on SitePoint that shows you how to build a site with access control. The tutorial focus mainly on user authentication, user permission and user registration that builds on solid foundation. The tutorial is not in depth but it is simple and easy to understand and it comes with codes that's practical. Suitable for beginners that needs a little bit more than simple security.
Link: The PHP Anthology Volume 2, Chapter 1 - Access Control
*Note* The tutorial uses example of database function class from The PHP Anthology Volume I, Chapter 3 - PHP and MySQL
PHP class constructor - 12:33 am
Bug , Coding , PHP , Security , Site Issue - DaRen
I was doing some code clean up for my site and I found something interesting about the constructor in PHP class.
[ Hide ] <?php class Site { var $_DB; var $_User; function Site() { $this->_DB = new DB(); $this->_User = new User_Authentication(); } function process() { // some database access is needed in this function $this->_DB->query(); } } class DB { // ... some class implementation goes here ... } class User_Authentication { var $_local_DB; function User_Authentication() { // We reference to DB object in $SITE if exists, // otherwise we'll instantiate a new copy of DB locally if (isset($GLOBALS['mysite']->_DB )) $this->_local_DB =& $GLOBALS['mysite']->_DB; else $this->_local_DB = new DB(); // A test if the global var $mysite exists or not at this point echo isset($GLOBALS['mysite']) ? 'Var $mysite is there' : 'The global var $mysite does not exist !'; } function process() { // some database access is needed in this function $this->_local_db->query(); } } // Let's run the test ... $mysite = new Site(); // this will be a global variable ?>
Finish digesting the code ? Let's focus on Line 10 & 11:
10. $this->_DB = new DB();
11. $this->_User = new User_Authentication();
... and line 34 - 37
34. if (isset($GLOBALS['mysite']->_DB))
35. $this->_local_DB =& $GLOBALS['mysite']->_DB;
36. else
37. $this->_local_DB = new DB();
So you would thought that the global var $mysite->_DB is created before the new User_Authentication class is called. As a result, when it comes to line 34, the statement will valid and thus statement on line 35 will be carried out.
But the truth is opposite. You run the script and the output will be The global var $mysite does not exist !.
Why? The key to the problem is on line 11
$this->_User = new User_Authentication();
Although $this->_DB is created after line 10, but that does not mean $mysite->_DB, or even $mysite is listed in PHP defined variable list at that time.
That's because everything happens inside the scope of Site class's constructor. Object are considered 'defined' or 'instantiated' once the script execution exits the class constructor.
That's a hidden surprise if you're not careful enough =O
Linux filesystem and permissions - 7:50 pm
Owner ? Group ? Who owns who ?
Computing , Security , Site Issue , Web Hosting - DaRen
I'm still having trouble with my new hosting environment. They're using different configuration in some areas and taking me time to do Q&A between me and the support team.
For example, in my new hosting environment, PHP is run under the ownership of "Nobody". That means the folders/files created using PHP script has the group 'Nobody' and owner 'Nobody' in Linux filesystem. That doesn't hurt but it's a pain in the ass when it comes to file manipulation through FTP client. That's because when you login through FTP, you belongs to your username group. Thus making you having no rights to manipulate to those files that are create by PHP script. Sounds stupid eh ? (See here)
But that's not the end of the story. If you upload/create the files through FTP, you can't delete them through PHP script because of the owner/group permission issue! That's really stupid but then the answer/solution I got from the support team is
Quote:You have to first connect to the FTP server from the PHP code in the script . Then with the php script you can create the file/folder. So when you are connected to ftp server and then the file/folder is created then the file/folder has the ownership of the ftp user that you have used in the script. So you will be able to delete this file created from the FTP client.
*Fainted... ... ... ... ... ...*
I suggest them to use suexec or suPHP but I doubt they will ever care about that. Any Linux guru can help me ?
Reserved folder name in Win and Unix - 12:54 pm
Computing , Security , Weird Stuff - DaRen
Below is a list of reserved names that cannot be used for folder or file name, either in windows or unix-like file system:
CON, PRN, AUX, CLOCK$, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9.
For example, if you try to create a new folder named, "CON" (case-insensitive), windows will "undo" the renaming to the original one. So creating a new folder with the name "CON" just renames it to "New Folder". Try it yourself if you don't believe.
Explanation
This actually is a unix-like feature. DOS device drivers are accessible like normal files, i.e. the everything-is-a-file philosophy. CON is the equivalent of /dev/tty, NUL of /dev/null, COM# of /dev/ttyS#, LPT# of /dev/lp# and CLOCK$ corresponds to /dev/rtc (PRN is an alias to LPT1, AUX is COM1). Every character device can be opened this way, block devices (which are assumed to be FAT formatted...) are named A: to Z:, as you will know. Many pseudo character devices (drivers which had to be loaded as drivers but were no character devices, like EMM386, HIMEM.SYS, ..) had forbidden characters like '*' in their device names to be hidden from the user.
The only problem is: DOS 1, which introduced CON, NUL, PRN and AUX had no directories, i.e. no /dev/, so for compatibility with old DOS1-executables (which don't know that they live in a directory) the character devices have to exist in every directory. Don't know why this feature was not limited to FCB (CP/M like) file access, unix like file numbers were introduced together with directories in DOS 2
Trick
You can however rename/create folders with those reserved names by using the mkdir and ren command in DOS-prompt.
Last edited: Mon 2005-10-24 @ 16:35 , by DaRen 1 time(s)
CAPTCHA - 4:24 pm
Computing , Security , Site Issue , Standards - DaRen
This is what I'll implement it later to shoutbox/comment section. Shoutbox section should generate a smaller image to save space ? Haven't decide...let me think about it...
CAPTCHA ( Completely automated public turing test to tell computers and humans apart ), click here for more info.
Y2K bug ? What about Y2038 ? - 11:38 pm
Computing , Event , Security , Standards - DaRen
5 years ago, I witnessed the historical moment where time passed by, marking the start of a new millennium. There are a lot of news about the Y2K bug before that, about how it will causes impact to our every day life. But well thanks to those people who done the preparation, fixing and patching on the electronic devices that we rely on, I stepped into the year 2000 without having a single trouble, just that I need to remember not to write year 1999 instead of 2000 when filling up forms.
So, now what? I'm working on some sort of birthday reminder thing in PHP and I got frustrated when it comes to storing a person's birth date. First of all I don't like to use MySQL datetime date type, I prefer using unix epoch which can be easily generated using php time() and mktime(), saving me the steps to converting the format. However unix epoch is only valid from January 1 1970 00:00:00 GMT onwards, making those people who born before 1970 invalid. So I do some google-ing to find out why the developers of Unix or even PHP refuse to start unix epoch from, say, year 1600 ? (Windows Win32 FILETIME epoch is at January 1 1601 00:00:00 UTC, Im guessing windows is using unsigned 32-bit, because windows don't work with negative timestamps... lazy to do the calculations...) Before I got my answers, I dsicovered some interesting news.
After the Y2K problem, are you aware of the next coming bug similar to Y2K's one ?
The Y2038 problem
In computing, the year 2038 problem may cause some computer software to fail in or about the year 2038. The problem affects programs that use the POSIX time representation, which represents time as the number of seconds since January 1, 1970. This representation is standard in Unix-like operating systems and also affects software written for most other operating systems because of the broad deployment of C. On most 32-bit systems, the time_t data type used to store this second count is a signed 32-bit integer. The latest time that can be represented in this format, following the POSIX standard, is 03:14:08 UTC on January 19, 2038. Times beyond this moment will "wrap around" and be represented internally as a negative number, and cause programs to fail, since they will see these times not as being in 2038 but rather in 1970 or 1901, depending on the implementation. Erroneous calculations and decisions may therefore result.
Using a 64-bit architecture will solve this problem, delaying the date problem to about 300 billion years later. To be more precise, it will happen on Sunday, 4 December, year 292,277,026,596. After 292 billion years later, maybe a 128-bit will be used which hmm...really isn't our business anymore. Who cares what will happen after 292 billion years eh ? I don't even really care if my weblog will crash or not in year 2038... hehe... who cares anyway ?
source:
http://en.wikipedia.org/wiki/Unix_epoch
http://en.wikipedia.org/wiki/Year_2038_problem
Last edited: Sat 2005-10-08 @ 18:27 , by DaRen 1 time(s)
Dude, leave your comments - 6:03 pm
Internet , Security , Site Issue , Site Updates - DaRen
The commenting system is up and running. It's built with some simple abuse protection mechanism. Others update includes updates to the blogging system and page's template. I've also changed the website's font size to smaller ones to save spaces. One new thing I've learned when I'm designing the commenting system - email address encryption/obfuscation.
Protecting your email adress ? Why ?
Posting your email address on a website is a sure-fire way to get an Inbox full of unsolicited email advertisements. In short, these sites are a spammer's paradise. "Professional" spammers uses spambot to get the job done.
Spambots are small spider programs let loose on the Internet by spammers to harvest email addresses on the web pages like newsgroup postings, discussion boards, guestbooks, special-interest group (SIG) postings, and chat-room conversations etc. They do not obey the robots.txt rule and request webpages like a beggar who has not eaten for months, there by exhausting megabytes of bandwidth of your web server within minutes. Their intention is to just get all email addresses, if found, on the webpages. Spambots can disguise themselves in many ways. Since they are programmed by the humans (SPAMMERs), they come in different flavors. It is very hard to keep track all of them. But we can prevent them harvesting emails by installing some scripts on the server.
There are a number of methods web site developers are currently employing in attempt to disguise email address links from email harvesting spam bots. These include techniques such as replacing characters in the address with numeric entities, writing the addresses with JavaScript, and writing addresses in plain English. Because many of these are coded directly into a web page using HTML and related technologies, they each depend on the inability of user-agents to properly 'decode' the links.
There seems to be a lot of blind-faith in using these methods, and assumptions that email harvesting bots will not be designed to distinguish anything but a simple mailto:user@example.com style link. Perhaps there is not currently a need to design smarter bots since the majority of web sites do not employ any methods for hiding email addresses. Many modern programming languages include the tools to develop a simple user-agent that could be used to collect email addresses in a matter of hours. A simple bot just needs to make an HTTP request for a web page, scrape it for email addresses, and then continue to make requests for any URLs linked to the original page.
The manner in which an email bot discovers an email address or email link can be wide-ranging, from a simple match on an email address (user@example.com) or mailto link (mailto:user@example.com) to more advanced rendering of HTML entities and JavaScript to find hidden addresses. I believe that if an email harvesting user-agent were to be built on top of a modern web browsing rendering engine, if this hasn't happened already, it would be capable of discovering just about any email address no matter how it is hidden.
source: http://mikebrittain.com/research/spambots/
Considering the fact of this, every single email address in the comments section(and all pages) will be spam protected to a certain extent. Simple spambots won't be able to decode it but it's weak against smarter/advance bots. Besides that, there is no way to stop a HUMAN spammer. He/she is able to read the email address just like me and you. There is no 100% secure way to publish your personal email address on the Internet. You're at risk at the moment you decide to give out your email adress.
|
|
|
|
|
