|
You are currently browsing the archives for the Technology category.
mobile workhorsePosted In: Technology — January 16, 2008 @ 10:03 am — PeterI recently had my MacBook Pro upgraded to 4GB of RAM. Did I mention that I love my job?!?
The Mac DaddyPosted In: Technology, Work life — November 5, 2007 @ 9:53 pm — PeterI’m amazed at how long it has taken me to grab a snapshot of my wonderful new(ish) macbook pro setup. No, we didn’t win the lottery, this isn’t my “personal” computer, although I do use it as one. Ping has been drawing 3 names a month from a hat and bestowing the winner with a supped up macbook pro and 30 inch cinema monitor. I’m adapting quite well, OSX feels just like home since I’m overall more comfortable working in a unix-like environment. Without further ado…
Turn on the bright lightsPosted In: Technology, Everyday life — January 15, 2006 @ 8:53 pm — PeterThis weekend zoomed by with me spending quite a bit of time catching up on work coding and project documentation. Not my ideal weekend fare, but it had to get done. The application development department I work in has recently adopted an Agile approach to projects, using the Scrum implementation to be specific. I’m enjoying the culture shift so far, despite resulting in having to take some work home with me. I’m certain as I participate in more projects organized this way that I’ll become better at estimating time required for coding efforts. I fit some coding for our website in too. Hoping to spruce up our image gallery, I put together a stylish tree view of our album structure. The only problem with it, I’m not sure where to put it. I’ll have to revisit our template and try to squeeze it into the album page. Ideas anyone? It was a fun little piece of code to write and reminded me why I did so poorly on recursion assignments in undergrad. While I’m on a geek bend, I should share a page I put together that uses MRTG to chart the usage of our DSL connection. Why is this important and why should you care, I have no idea… Regardless, it is pretty cool and made possible by the hacked firmware our WRT54G router now runs. To clear up the pretty pictures, green is us downloading from the Internet and blue is us uploading to the Internet. This MRTG-based page will someday be rolled up into a collection of pages that describe our home computing environment. We’ve been quickly accumulating movie shorts of Amelia doing random cute and adorable things. Not sure what to do with these clips, I’ve downloaded Ulead VideoStudio and have been merging the videos together with effects hoping to end up with something to burn to DVD and send to family. I was hoping to download Pinnacle Studio too, but they don’t offer a trial version. Anyone have opinions on either of these video editing suites, or perhaps a different one that I haven’t considered yet?
Canned SpamPosted In: Technology — December 23, 2005 @ 9:17 pm — PeterWe’ve been bit by a spammer using our contact page maliciously to send roughly 1000 email messages trying to sell software. I suspected something was up when I received email messages containing MIME headers in the message body, but I brushed it off assuming I was protected because the “TO:” value is hard coded in the PHP script. Shortly after, nicely formatted messages started rolling in that were hawking cheap software and were seemingly originating from our server. After inspecting the headers of one of the messages, I realized the contact page was being exploited and quickly locked it down using chmod. After a bit of research, I see how the form was being exploited. The PHP mail function simply inserts text willy-nilly that is passed to it into the respective area of an email message. The spammer was packing the message body with MIME content that allowed for the specification of “BCC:” values. Oops, I really should have validated this input before passing it along to PHP mail(). Here is a great article the explaining the risks involved with using PHP mail() and other form mail processing technologies: http://securephp.damonkohler.com/index.php/Email_Injection I was tempted to wrap the form fields of the contact page with some regex to rid us of the annoying spammer, but that didn’t seem like a good solution. The article above mentioned a module for Apache web server called mod_security that acts as an application firewall preventing malformed data from reaching scripts and applications. After a bit more reading, I determined this module was right up my alley. I quickly installed it and devised the following rule to protect the contact page from MIME header injection: Dec 23 18:47:16 eudora kernel: Free swap = 0kB These log entries are from a postmortem analysis after our server became so overloaded that it would not respond to any sort of network connections. Perhaps I’ll resize the swap file, but I’d prefer to get a server with more RAM and CPU resources… Anyone want to donate some hardware to our lovely website? I’m hoping this server is still available for sale… For the time being, I’ve trimmed the mod_security ruleset down to what I see being the most important lines of defense. Already our site seems to be more responsive and hopefully will remain safe against spammers and script kiddies.
What’s playing?Posted In: Technology — November 13, 2005 @ 10:37 am — PeterWhile watching the AVs game last night I decided to hack our website some more and add another fun feature. Lately, we have been listening to music via our server in the front room that is hooked up to our stereo. I found a client/server based system called mpd that allows for console and web-based control. I’ve been smitten with the setup over the past few months since it taps into our 50GB mp3 collection which is stored on the same server. I thought it would be fun if the current song playing would be displayed somewhere on our website. It was difficult slicing out a new piece of real estate to dedicate to this, so I figured I’d reuse the area we have dedicated to quotes. So, whenever the mpd server is actively playing a track, the name of the artist/album/track will be displayed instead of a quote. Here is what it looks like incase we’re not listening to any music at the moment, doot. « Previous Entries |
|
|||||||||||||||||||||||||||||||||||||||||||||||||
