Funny stuff…

http://www.youtube.com/watch?v=b5Ff2X_3P_4

I passed my CompTIA A+ Certification yesterday, which I needed to get into my computer program at school. Now I am certified, nice. :)

I ran into an issue installing the guest additions for my VirtualBox instance of Fedora 10 recently. After installing the required compnents:

yum install gcc kernel-headers make

I would still get an error explaining to me that I did not have the Kernel Headers installed. What the issue came down to, for whatever reason, is that the kernel headers installed did not match the kernel version that the guest installation said it needed. Not only was the version off, but guest installation wanted i386 and installed was i686. Solution for me was:

yum remove kernel-headers
yum install kernel-headers glibc-headers

After that the install worked.

This is just sad…

The survey of 200 Boston youths age 12 to 19 found that 51% said Brown bore responsibility, 46% said Rihanna was responsible, and 52% said both were to blame for the incident. In addition, 52% said the media were treating Brown unfairly, and “a significant number of males and females” surveyed said Rihanna was destroying Brown’s career.

[...]

This is beyond disturbing. Somehow our children have learned that violence is an acceptable and appropriate response to a domestic disagreement. This is what children learn from media messages like this cover of broad-circulating supermarket tabloid Star, which purports to reveal “What made Chris snap”. As if Rihanna could have said something to which the brutal attack of which Brown is accused was an understandable reaction. As if she stepped over the line and the vicious blows that bloodied her nose and mouth and swelled her eyes and forehead were justified.

Not even sure what to say… When did abuse for any reason become acceptable, and what does this say about the future youth of this nation?

I have a secret project that I am working on at the moment. One of the features for this project, is the entry of user data, that will then be displayed to the general public. I wanted to allow the user to format this data so that lists (ordered and unordered) could be used. Bold, italic and underline text would also be nice.

To allow this entry, I looked for a WYSIWYG editor. I settled on FCKeditor, and configured it to show up on my two <textarea> boxes on the entry form. I specified a custom toolbar:


FCKConfig.ToolbarSets["custom_toolbar"] = [
['Bold','Underline','Italic','-','OrderedList','UnorderedList'],
['SpellCheck','Undo','Redo']
] ;


This would allow the entry I wanted, while disallowing viewing of the HTML source and other features I did not want. On my first test, I wanted to see if a simple security risk would be allowed, the use of a hidden <iframe> to load some external content. I went into my text area input box, and simply added:

<iframe src=”http://www.google.com></iframe>

I already have the POST input being filtered through input filters:

filter_input(INPUT_POST, 'input_value', FILTER_SANITIZE_STRING);

On this test, when I viewed the output everything seemed fine. The < tags were being filtered as &lt; for entry into the DB. The output HTML source code seemed to verify this, and the output actually showed the iframe code, rather than the iframe itself. All seemed ok…

Later I came back, and wanted to make sure everything was ok. I added some size attributes to the iframe entry, such as width. This time, I was shocked when I viewed the HTML output and was looking at a Google window. Obviously my assumption that the input and output was secured was wrong, and is a good lesson to not be lazy.

At first, my incorrect solution was to use strip_tags(); and then decode on output display, to simply get rid of all other HTML coding. Yet this fails for one large reason, tag attributes. I had allowed some tags such as <strong>, <em>, etc. Yet attributes such as ‘onload’ would still slip through. Rather than use strip_tags with disallowed attributes listed in an array (such examples are given on the PHP strip_tags page, in comments if you wish to see them), I chose to use HTML Purifier. I really like this library and does exactly what I need it to do.

Overall, this is why good testing and thinking about security from the start are required.

Ironically, as great as my interest in technology is… I have almost zero friends who share this interest. The few who do, have a low participation in the medium with any follow through.

I should specify that this is in regards to social features on the web. Even though I am highly private (even taking this blog into account) and do not have any social networking accounts such as Facebook, MySpace and so on, I wish I could use some other social networking features. Such as this new commenting on Google Reader. I love Reader, and use it everyday. And as I read about the new commenting, I think “WOW wouldn’t that be cool to use… oh wait. I have no friends who use reader.” Or perhaps I do, but none that would actually comment or share with me.

This always makes me wonder, do I just lack nerdy friends? Or is my circle just on the low end of technology usage? Perhaps my situation is the average… maybe I should ask my friends. Or not.

This is really a wonderful look at what Social Networking can do to your privacy. It is a pretty long presentation, over 2 hours, and highly annoying that its split into 5 minute segments. But still well worth the watch.

Privacy is Dead, Get over it.

So Tom Arah explains how in his view, Dreamweaver is dying.

The real problem for Dreamweaver and for its users is that the nature of the web is changing dramatically. Dynamically-generated web applications, from Amazon right down to the humble blog, all offer much more – in-built commenting, voting, RSS feeds, etc – than the best sites built on static HTML can ever hope to provide.

This isn’t a matter of bells and whistles, it’s absolutely fundamental. Ultimately a web site is all about content – posting it and making it findable – and Dreamweaver and the other static HTML editors have proven fundamentally flawed when it comes to these two core tasks (and features such as Dreamweaver’s libraries and templates are patches not solutions).

The bottom line is that the old model of the central webmaster hand-spinning every page of every website and, worse, manually adding the navigation necessary to help users find it, just isn’t scalable or viable. The only feasible course for the future is for content to be posted by the content contributor, whether that’s the site owner or site visitors, and for the best possible navigation to be constructed around that content on the fly.

On some levels, he has some very good points. My summary, is that he is saying the static web is dead. I could not agree more. I am not sure of anyone offhand that even builds static pages professionally anymore. If you arent using some form of dynamic content, you are lagging way behind.

My issue I guess with this post, is how he is viewing Dreamweaver as an application tied only to static content. Dreamweaver is not the cause of static websites, nor is this its only use. I use Dreamweaver, Netbeans, and Aptana as IDE’s. These all make it much easier to manage site projects (including Drupal installs, and other CMS/Dynamic systems), auto-upload saved changes, track version changes, and so on. I do not view these (Although it should be noted that Dreamweaver is the only IDE I listed with WYSIWYG editing. The others are strictly code.) as simply page editors. They are development environments.

And his issue with the static pages should not be specifically linked with these programs. The mention of Drupal and the likes, is stated as though these are ready out of the box solutions for the majority of sites. In my experience this is not the case. First off, Drupal out of all the CMS’s, has the steepest learning curve to customize.

But do you need customizing? For any serious site and developer, the prepackaged themes on the Drupal site is not going to cut it. So when it comes to modifying and building CSS, viewing and editing source code… what are you going to do this in? For me, my answer is the trusty IDE. Not sure what Tom intends to use.

And I should state again, a serious site will come down to some level of editing. These CMS solutions are nice, and really helpful. But they are not without customization (core, plugin, or styling).

Edit: I guess it would be possible to get a Drupal install through a company or auto-install, never have to touch the config file, and then pay someone to design a theme (or just purchase one through a site). And never touch code through this process. When I think design though, I think custom, and I am doing it. So never touching code is not reality.

Looks like CPDN has a new site up, which is good to see. The old one was getting aged. It seems the new site is a Drupal installation. Nice.

I was downloading a version of Ubuntu the other day through BitTorrent, and noticed that my entire network was becoming unresponsive almost the moment the download started (something that does not occur when over HTTP or FTP). The latency of everything else network related was through the roof. Web page loads, local traffic, FTP requests, etc.

A quick check at the router, and the router load was really high. Over 15, maxing at 17 for the short time I glanced at it. At first, I figured a quick restart would solve the issue. I have previously had some issues with this router box that seemed to be caused by some sort of a system hang or loop. I should mention that this is not a shabby box for Smoothwall. I have 512 RAM, and a 2.2 GHz CPU (perhaps overkill, but this is what I had laying around when my old smooth box blew up).

Once the machine was fully booted, the network went right back to lagging. Again, load was way to high. Paused the torrent, and the load went back to normal.

It seems that the number of concurrent requests that the torrent is asking for overwhelms the router, even with some decent specs for the machine. Limiting the priority of P2P through QOS seemed to help a lot.

Its no wonder that many organizations ban P2P applications. And this really has me thinking of what kind of traffic shaping or other methods large organizations like Universities use to mitigate the latency and lag caused by this type of traffic.