Kalimat al-Mutafalsif

This past week saw the release of Geert Wilders’ “Fitna”. I’d like to quickly say this post is not endorsing that film, the author of it, or any specific religion. I hope, instead, to point out what the film has actually accomplished, and look at the issues surrounding it. I’d also like to point out I fully support all basic human rights, including those of freedom of speech and religion. I won’t be giving a link to the video as I don’t support it. In addition, those viewing it might be disturbed by a few scenes (beheadings, hangings, close range gun shots) and I don’t want my site affiliated with any of that. Read below the cut to see my analysis.

At some point in the recent past my site was compromised by Wordpress.net.in spam. I don’t know exactly when the back door was put in place since I haven’t been very active on this site, though I do know that on March 20th 194.110.162.23 hit default-filters.php and uploaded the malicious code to inject spam into the footer of my pages. Unfortunately the attack is for a different version of Wordpress so rather than infect me with ads, it just screwed things up royally. Maybe that’s a good thing as I noticed it.

A great write up of how to clean this mess up can be found here.

To sum it up:

• Remove wp-includes/class-mail.php, its fake.
• Take out the lines hooking into the footer in wp-includes/default-filters.php
• Remove the line from the top of wp-includes/default-filters.php that accepts a file given a random GET variable.

The take away lesson here is: Even if you’re not actively publishing on your blog, you better make sure your software is up to date. I’ve been busy with other stuff and neglected mine, unfortunately.

EDIT: I’ve done some poking. 194.110.162.23 is out of “Extended Host” in New York City. I’ll refrain from scanning it, though I am darn tempted to see what back doors were opened on that box. As it is, I’ll just email the host and inform them of the troubles.

I heard about a peep diorama contest and figured I’d enter thinking that I haven’t had an outlet for my creativity besides code since graduating. I spent all weekend pondering what to do, and finally hit upon a scene from Apocalypse Now, since the name would work oh so well. My submission was entitled “A-Peep-Calypse Now - I love the smell of mallow in the morning!” and was made entirely of edible materials (save, of course, the shoe box and guns the peeps have). I ended up taking third out of 16, and was the highest placed submission that didn’t use work time/resources/a team to complete it.

Without further ado:

A close up of the front flap, including the Peep in fatigues (green food coloring I painted on).

Side View (note the napalm ‘bomb’ incoming just left of center):

Title:

Top view. This provides the best view of the action so I’ll elaborate here. On the right is Captain ‘Peepard’ storming up the beach with Lance and Chef. In the muddy (Peanut Butter) river, you see a surfer cruising by. On the left is Colonel Kurtz’s base, which has been hit (in the center) by one napalm bomb already. A second is incoming, and yes I was singing the Flight of the Valkyries as I made this. Of course, if you’ve seen Apocalypse Now, you know that they didn’t storm the base like this, instead they were captured, and the surfing was a completely different part of the movie. But hey, they also weren’t peeps!

I took the past week off work for a final Spring Break, since I graduated early. When the friends visiting me left a day early I decided to use Friday to catch up on my programming. My goal was to finally create a library for people wishing to create character sheets for Dungeon Runners (that popular MMO I’ve been playing about once a month). The result is DRCSL, the Dungeon Runners Character Sheet Library, which gives web site owners an easy way to create character sheets or just pull random character data quickly. I used the DRCSL this morning to create a quick MediaWiki extension that spits out a pre-formatted character sheet. Lets discuss:

DRCSL
DRCSL is a php library written using PHP 5 and PHP objects. At its core it is currently just one file, Character.php, that upon its creation fetches the character XML from NCSoft’s servers, and stores all the data. Once the data is stored, the Character can spit out its information with just a few commands. What’s required to use this library is a web server with PHP 5 on it, along with wget to fetch the XML. A default Linux PHP install works just fine, though if your host blocks exec() callouts you’re out of luck. I’m on my first release, so the paths are hard coded for Linux delimiters which will be fixed in the future (of course, the Windows host will still need wget installed).

An example:


<?php
//Include this file to have it include everything ya need.
include "drcsl.php";
//Create a new Character
$billy = new Character("Segfault");
//Store the character's name
$name = $billy->get_char_info("Name");
//Store the character's title
$title = $billy->get_char_info("Title");
//Display some info
echo "$name is a $title\\n";
?>


This would print something to the effect of:
“Segfault is a Coordinated Practiced Poison Ranger”

MediaWiki Extension
The MWE became real easy after I created the DRCSL. Rather than include a ton of the code from my Character Viewer into the Extension, now all I had to do was include drcsl.php and come up with a default view. It looks something like this, by the way. In all it took about an hour from the time I woke up this morning and decided to finally create one to having a test version out for TheTownstons to test.

To use the MWE one just creates a page and includes the drcsl function.

{{ #drcsl: Segfault }}


Further Reading
More details on both of these projects can be found at the DRCSL website. I was going to write more but there’s something bugging in my Code Highlighter plugin (hence why the code looks like non-highlighted junk) and I’m fighting the urge to go fix it.

I’ve finally figured out what it is that sets me on edge regarding Apple. For as long as I can remember there’s been this little nagging inside of me that, hey, there’s just something not right about this company. I’ll preface this with the fact that I’m not an Apple person, though I have used Macs and will probably own one within the next year (need something small and portable for coding). I’m also not completely up to date on everything Apple’s been doing, just the really big news items.

Anyway, I finally figured out that its all about control. We all want control of our lives, of our money, of ourselves, and that’s natural. But Apple wants complete control over their products, even after you buy them, and that’s wrong. What am I referring to? The “awesome” press conference today where Steve Jobs unveiled the iPhone SDK plan.

Quick recap of the plan: Developers pay $99 a year (or more for an enterprise license) to use the SDK. Once they have something, it must be distributed through the Apple App Store. To get into the App Store, each must be vetted by Apple to make sure it conforms to their policies.

Now you know my feelings on DRM. I hate it. If I buy something, I expect the rights to do with it as I please. Steve Jobs feels the same way, or so he says. I’ve long argued that he doesn’t really mean that, but now I kind of think he does. See he specifically says DRM on music is wrong. He also points out that they don’t own the music anyway, so they can’t control it. What Steve Jobs wants is for everything Apple owns to be DRM’d and everything else to be free! Don’t believe me?

- Apple computers (I’m talking 90’s era when America and the world were getting in good with computers) were sealed with Torx screws. So what? Well at the time, and still, an average human being has no clue what that is (they’ve never had to crack an XBox to mod it) nor do they have Torx screw drivers to open it.

- FairPlay, the DRM created by Apple, is supposed to be a good system. Yet Steve Jobs, in the article I quoted earlier, claims that to release it worldwide would be to have someone reverse engineer it, and break it. Clearly a few things are going on here. First off they’re banking on some form of security by obscurity which any good security professional would laugh at. Second they’re betting that people can’t break FairPlay if they don’t have the source, which is wrong also. And third they’re trying to protect their handy little algorithm from the rest of the world. Why was iTunes never released on Linux when it originated on the Mac (a Unix core)? My guess is because Apple is afraid someone would reverse engineer it and they had to protect their secrets.

- The iPhone. Gosh, where to start. Sell a locked phone, on only one network, that you get kickbacks from… Why not allow any service to use it? (I’ve heard from an Apple employee its because some services need specialized packages by the provider. That’s all fine, but its not that other networks were given the chance to implement those packages, its that the phone was locked, period).

- This SDK. Now, its not uncommon to pay to use someone’s SDK. I’ve got no problem with that, you spend money to make money as my brother just pointed out. My problem comes with the fact that they have to go through the app store. I’m sure this is done in the name of “security”, ’cause iTunes has never been infected before. Oh wait, it has. Why can’t an independant coder such as myself offer a download from his mobile phone equipped website? Why must I use their store? (Oh, and you can post free apps, at least they’re not forcing you to charge).

- The store. The reason you have to go through the store is so Apple can vette your product, and make sure you’re not bypassing their locks! What a wonderful little software depot they run here, so long as all the developers drink the Koolade. I can understand trying to make sure people don’t get past a few boundaries, they point out VoIP over the cellular network to get past minutes plans. I’d like to point out my cheap little Razr can do that to bypass the minutes plans (a quick google search turned up this link, but I remember thinking about setting up my desktop to handle calls last summer from a website I was reading at the time, so I know there’s more home-grown solutions).Oh yea, and the store takes a 30% cut.

How does any of the above not point to Apple controlling its products? Sure, companies do that, they control their products. But few companies give me such a shiver when I hear of each new ploy than Apple does. And the worst part is, all the coverage I’ve seen of this plan has been good, not a single piece has questioned Apples need to vette every developer’s contribution, or for them to take 30% for doing nothing.

For once, and I shudder to say this, I have to like Facebook’s model better. Put the API out there, let the public go crazy, and keep it free! You get just as much content, you get a much wider variety (unlike the few whack biscuits I saw who said this would “spur creativity” within the iPhone community), and you get community interaction. What’s more to love? With this plan you’ll get the people who planned on writing for the iPhone anyways, along with businesses who just want to replace their Blackberries. Of course, those are the people who wouldn’t try to do something shocking and free with their phone, so maybe that’s why Apple wants only them. Forget the hackers that might do something cool, lets go the safe and greedy route.

So here’s to you Steve Jobs! If you truly believed what you said in your article on music, you’d think twice about this plan. Every year Apple turns more and more into what they always thought they were fighting, the mindless overlords bent on controlling their populace.