Stuff - 2

The concept of doing network scanning via JavaScript is hardly new and is quite easy for anyone with even cursory knowledge of JavaScript. However, the assumption was that as long as you browse the web with JavaScript disabled you are safe from hostile sites from scanning your network. Alas, this was not to be, in a very interesting post Jeremiah Grossman shows how can this be done with plain HTML using no JavaScript what so ever.

His methodology relies on Firefox's quirk, whereby the page loading would wait for the <link> tag to be processed before rendering the rest of the page. This means you could use the link tag to reference local IPs and use a subsequent image to see how long did it take for the IP to respond. If the response was very quick, then you know the host has something listening on a given port and if it does not, well then the port is being blocked or filtered.

The problem with his approach is that to scan an entire network would be rather slow and require multiple iframes to perform the scan. Not to mention very noticeable, I decided to see if something can be done about this limitation. Continue reading "Network Scanning with HTTP without JavaScript"

Now that the Jet-lag has worn off (all-night flights suck, even when they are first class) I figure it would be the perfect time to blog about my recent visit to Microsoft's Web Dev Summit.

A few weeks ago I got an invite from Brian (who thanks to Wez he got through my spam filters) to come to Microsoft and see what kind of cool stuff they are doing and to give some feedback from the "enemy camp" so to speak on the stuff they are doing. I thought it'd be a great opportunity to see what's going on the other side of the fence and readily agreed.

So, last week, I caught a plane to Redmond where I joined a number of other PHP luminaries (Wez, Marcus, Frank, Laura, etc...) and a lone Ruby developer (Yes, they do exist!). Over the next two days we had a very tightly packed schedule of presentations from Microsoft folks on things ranging from IIS7 to LINQ. Despite the very tight schedule we've got a number of opportunities to have informal talks with Microsoft developers which in my experience were quite interesting. They have certainly seemed open to new ideas, which was a very welcome surprise and were more then willing to listen to constructive criticism (which in some cases we were more then willing to provide ). Continue reading "Microsoft Web Dev Summit Overview"

A new Apache 1.3.37 is out and I had to upgrade all my servers to it, in the process I've had to compile mod_deflate, a high performance compression module that works MUCH faster then mod_gzip. This is primarily thanks to the fact it does not use temporary files, but instead does everything in memory. Since the official mod_deflate package has been abandoned by its author, even though the code still works with a few minor tweaks. So, I've decided to post a patched version of this module for all interested Apache 1.3.37 users.

You can download it here: http://ilia.ws/uploads/patches/mod_deflate-1.0.21i.tar.bz2
MD5: 4bd8b6773d9cb843494faceae3c9c945

The package also includes a short README files that explains how to install this module on your server. For people too lazy to read the README, the instructions follow at the bottom of this blog entry . Continue reading "mod_deflate for Apache 1.3.37"

Here is a new "plan" by the Canadian Copyright Licensing Agency to stop piracy at the root, the kids! They invented a superhero of their own to fight the evils of piracy... Zooom.... BAM... and all that good stuff.
Their website can be found here http://www.captaincopyright.ca/Default.aspx

Yesterday, I went to Montreal for a quick business trip, and as I was walking out of the terminal building in the airport I recieved a very interesting SMS from Rogers (my cell phone provider), which went like this:

"Welcome to the USA! Access ur voicemail as you do at home. Dial +15147347699 to reach customer care. Enjoy!"

Is there something I missed in the news?

It would seem that the Safari browser is not particularly keen on innerHTML property of document.body and on large document will always cause the browser to crash. This is something that I've came across while debugging FUDforum search term highlighting code that was using JavaScript code that would perform the highlighting and then replace the entire body via


While an annoying bug it cannot be blamed entirely on Safari developers, first of all innerHTML is not part of the specification offered by W3C, so technically speaking Safari does not even have to support it. That said it is supported by IE,Firefox and Opera, the latter two had no problem with the search highlight code either. IE, well IE being IE and worked 50% of the time. Furthermore changing the entire document body in one go is not the best of ideas and as Rasmus put it "Replacing the body is just wrong, you deserve what you get if you crash".

All this said it should be noted that in most other situations innerHTML works just fine in Safari and even the document.body.innerHTML can work, but only on simple documents, so be careful if you need to use it.

About a week and a half ago I go my hands on a shiny new Macbook pro and after a week of tinkering and getting used to this beastie I must say that Windows looks like an ever bigger kludge then it did before. I mean WOW, an interface that actually works, certainly a step beyond Windows and even KDE, which I've used in the past. Perhaps the biggest plus is that things just work, without having to spend extra effort on figuring out obscure error messages that tell you nothing or changing a gazillion settings just to do simple task. The application installation is also very neat, where each app. is a folder and installing a program with few exceptions is nothing more then drag & drop. Uninstall is equally simple, just delete the folder. Another very neat feature is the spotlight search that allows you to very quickly through virtually any kind of document and has little if no delay in getting results, very neat. Lots of other neat things as well that would take too long to describe, so just need to try it for yourself.

As always there are a few downsides, for example a lack of good exit browser such as ExifPro on Windows and Photohop is still ran via Rosetta emulation so it is admittedly sluggish even on a 2.16Ghz computer with a gig of ram. Same is true for Microsoft Office, so I try to use OpenOffice as much as possible for which there are Intel binaries available. It’d be also nice to have valgrind giving me access to a complete development environment, but hopefully that is something that will be rectified soon.

Overall however, I am very pleased with the change, certainly eliminated a number annoyances such as a daily virus scan, weekly security patch reboots and a pile of other Windows nonsense. So, I guess that makes me another happy Apple customer.

Yesterday, I went to the see “Thank You for Smoking” a satirical look at the whole lobbying process in the US (and I suspect not all that different in other countries) through the eyes of Nick Naylor, a Big Tobacco lobbyist trying to defend disfranchised corporations . Despite the lack of the overwhelming special effects and gazillion dollar budget, the movie is still extremely enjoyable and amazingly funny. I’d definitely recommend going to see it, even if it requires a bit of travel since not all theaters show Indie movies :/

It appears that when it comes to search for filenames, Yahoo's search engine uses some heavy handed techniques to filter out results for queries that may expose sensetive information. Interestingly enough it would appear that Yahoo is unique in this approach as other search engines namely Google and Lycos do not appear to believe in such form of filtering.

To illustrate this filering consider the search for "config.inc" inside the URL, this can be done on both Google and Yahoo via the inurl:"config.inc" query. While you may expect approximately the same number of results, this is not the case, Google finds approximately 884 pages, while Yahoo finds none!

While the config.inc file can potentially contain sensetive data, many PHP applications use it to store their settings, what's wrong with "ey.txt" file? Again Google finds us some results, 32 to be precise, while Yahoo is consistent with 0.

Why would they block "ey.txt"? Well, ey.txt happens to a suffix of rather interesting file "cdkey.txt" , which appears in Johnny's Files containing juicy info list. I suspect to prevent people from bypassing the cdkey.txt search filter, all "suffixes" of cdkey.txt results are being blocked. This theory is supported by the fact that the search for URLs with "key.txt" in them return 0 on Yahoo, familiar sight, while on Google we see 993 results.

Had to go to a business meeting in downtown Toronto this afternoon. So, like most people I drove to the subway with the intent of making the rest of the way via public transit. Upon arrival to the TTC (Toronto Transit Commission) subway station I attempted to park my car at the designated parking lot. Alas, this was not to be thanks to Windows "empowered" parking meter guarding the lot entrance. As you can see from this rather poor quality, phone picture it was dealing with an unexpected error. Something to do with USB (???) device not being found, go go windows.


This of course ment that no matter what the gate wouldn't open and myself and a dosen of other commuters had to find an alternate parking spot in mid-afternoon in downtown North York. Not a particularly easy task, let me tell you.

While at the Frankfurt conference I had a chance to go on two mini photo trips to the PalmGarden (Botanical Garden) and the Frankfurt Zoo. The former turned in to a bit of an adventure involving doing an almost complete circle while looking for the way in, but eventually we did make it there. Even though the lighting conditions were poor, some shots still came out very well, as you can see here:



For the rest, visit the gallery.

The Zoo pictures also came out well, but required a lot of post processing to get rid of the "glass effect". The animals seem particularly keen on getting OUT as can be seen by the numerous scratches on the inside class of the big predator enclosures.

The highlight is of course a tiger trying to swallow Sebastian and his camera



More pictures can be found here.

Thanks to GAIM I have the ability to use multiple IM clients, which now a days is pretty much a necessesity, given that no two people use the same IM system. A few days ago I got a message from the AIM component about the forceable addition of two new buddies to my list, "MoviePhone" and "ShoppingBuddy" that got added to a "AIM Bots" sub-group.

It looks like AOL Time Warner thought of a new way to monitize their network. So far these "buddies" don't actually do a thing, and ignore any of the IMs I send them. I suspect in the future (Xmas time) they'll inform me of all sorts of "interesting" things... Fortunately while I had no ability to decline their addition GAIM appears to allow me to put them on ignore or removed them from my buddy list all together.

Gotta wonder what's next...

It would seem that the Canadian province of Ontario, of which I happen to be a resident of, is rapidly and willingly being assimilated into our Southern neighbor. The latest bout idiocy comes from our Attorney General who according to the CBC article that can be found here intends to force extension of DST to match that of United States. According to Americans this change, signed into law by GWB will lead to energy savings, right… Of all the things to change, I suppose no one considered doing something about all those SUV drivers, whose cars eat fuel by the truckload, but anyway…
The synchronization of the change in Ontario is being argumented by the fact that having the same time zone will make easier to maintain trade links. So, in 2007 Ontario will blindly follow US’s lead and extend daylight time. Supposedly, Quebec, 2nd most populous province after Ontario is well on its way in adopting a similar stance.

While coming back with friends from a photo trip this weekend, I've spotted this wonder navigating the parking lot of a shopping mall. I'd try to describe it, but in this case a picture is truly worth a thousand words. Definitely not something that you see every day.

While on my daily news crawl, I came across a site (http://gdataonline.com/seekhash.php) offering a free and very quick service designed to decode md5 hashes. The principal used here is a dictionary attack; the operators of the site build a reasonably large, 12 million & counting, database of hashes and their corresponding values. All you need to do is specify a hash and if they got it in their database in less a then a second you get to see its corresponding value. While compromising weak hashes via dictionary attacks was never that hard, it did require wasting some time and processing power in application such as John the Ripper (http://www.openwall.com/john/) trying to find the equivalent value. Now, you can do it quite effectively (I’ve tried) via this online tool in fractions of a second.
Given that many PHP applications (my own included) store passwords as hashes rather the clear-text, it now raises the needed to encourage users to be a bit more creative with their password strings. Use of high-ASCII characters, liberal use punctuation characters and a like are easy but affective tools at defeating dictionary attacks, which are based on a relatively limited data range. After all md5 is 2¹²⁸, no one is going to offer the entire range of hashes, not to the general public anyhow

P.S. The hashing site is written in PHP