Simon Willison’s Weblog

Entries in Feb, 2004

Filters: Type: entry × Year: 2004 × Month: Feb ×


Bizex

I’m going to try not to turn this in to a blog about Windows security exploits but this one is genuinely interesting in that it actively tries to steal financial information and important passwords. Bizex spreads itself by spamming messages over ICQ advising the recipient to visit a specific URL. When they visit it, Internet Explorer exploits are used to download and execute the main payload which then infects their ICQ program and uses it to message their contacts. The worm also scans their hard drive for information relating to a number of well known financial services which it then uploads to a server via FTP, and it apparently snoops on their browser for any passwords travelling over HTTPS connections as well.

[... 216 words]

Crap marketing sites

i-am-asian.com is McDonald’s excruciating “I’m lovin’ it” site targeted at Asian Pacific Islander Americans. With gems like whether we’re sipping green tea or enjoying a Big Mac sandwich, we’re helping make the magic mix called America become even richer you can’t go wrong. Meanwhile, the infamous beef industry sponsored cool-2b-real has rebranded itself as “zip 4 tweens”—for “tween” kids—not quite teens but definitely not children! Where’s the raging platypus when you need him?

[... 82 words]

Novel security measures

An article on SecurityFocus led me to this site about Port Knocking. Port Knocking is an interesting security technique in which a box sits online with no ports open to connections and awaits a specific sequence of connection attempts. A user wishing to connect to the box must first attempt to initiate connections to ports in a specific, secret order. Once they do, the box starts up the required service (such as an SSH daemon) on a designated port and allows the user to connect properly.

[... 145 words]

Grey Tuesday

I’m supporting Grey Tuesday.

[... 5 words]

“I’m Brian and so’s my wife”

I’m subscribed to a whole bunch of mailing lists, mostly as a lurker as I have a hard enough time just keeping up with some of them. One of those lists is Bugtraq, which is pretty much required reading for anyone with sysadmin responsibilities for a server connected to the public internet. Bugtraq is the central hub of the “public disclosure” security community and is actually surprisingly low traffic with only twenty or so messages a day. It’s fascinating to watch the latest exploits for all manner of popular software packages tick by on an hourly basis.

[... 285 words]

Recommendations for a cheap US dial-up provider?

I’m in the market for a cheap US dial-up internet provider. I’m connected via broadband most of the time but I really need to get a backup modem account. In the UK, dialup accounts are available for free with the cost of the phone call as the only charge applied. I haven’t heard of any similar deals in the states, so I’m looking for recommendations. I won’t be using it very often so the cheaper the better.

[... 77 words]

If foxes can learn Ruby, why can’t you?

Why The Lucky Stiff’s (poignant) guide to Ruby is shaping up to be a masterpiece. Trust me, you’ve never read a programming language guide that’s even remotely comparable. Even if you have no interest in Ruby you should check it out, if only for the cartoon foxes. Here’s Why’s explanation of Ruby’s array syntax:

[... 219 words]

Catching up with Harry

I’m not sure how I missed this, but Harry Fueck’s new book The PHP Anthology was published by SitePoint back in December, as a hefty 2 volume epic. Harry is the guru behind PHP Patterns and really knows his stuff. While the book is at first glance a cookbook for solving web related problems, Harry also uses it as a platform for teaching sensible development practises:

[... 237 words]

Advanced Python network programming

Understanding Network I/O, Part 2 by George Belotsky (via The Farm) is the best tutorial on the subject of network programming I’ve seen yet. It provides a detailed explanation of simple threaded network clients, thread pools using the Queue module and asynchronous I/O using both Twisted and Python’s asyncore library—then discusses the strengths and weaknesses of each approach.

[... 93 words]

End user license agreements hit a new low

So apparently there’s an unpleasant worm going around AOL Instant Messenger at the moment. Only it’s not a worm—it’s a semi-legitimate piece of adware which asks you for permission to “modify the instant messenger software, deliver additional content such as advertisements and promotional messages” and announces that “In addition, the software will interoperate with your current instant messaging client so as to permit the automatic sending of advertising messages originating from your computer to your contact or ’buddy’ list regarding content offered by PSD Tools or its suppliers.”

[... 126 words]

Hacking the political system

Danny O’Brien has a fascinating post up about the nature of hacking and how to game entrenched political systems. It’s all worth reading, but the part about how Fax Your MP was created as a deliberate political hack in particular caught my attention. I’ve long been a fan of Fax Your MP and it’s really interesting to see some of the ideas behind the system explained:

[... 380 words]

Automatic line ending conversions in IE

I’ve just updated my SitePoint blog with a tale of Javascript debugging woe. To cut a long story short, Internet Explorer for both Mac and Windows automatically converts sane line endings in to the platform specific alternatives whenever you assign a Javascript string to the value attribute of a text area. It’s the kind of quirk that can take up a whole morning’s worth of debugging.

[... 71 words]

RSS vs Atom, condensed

Jeremy Zawodny:

[... 63 words]

Code generation vs data driven programming

Via Ned Batchelder, this interview with pragmatic Dave Thomas on code generation closely reflects my own nascent thoughts on the issue:

[... 369 words]

width = str(len(str(len(lines))))

The above monstrosity came up today while writing a function to add zero padded line numbers to a chunk of text:

[... 78 words]

The dangers of PageRank

A well documented side effect of the weblog format is that it brings Google PageRank in almost absurd quantities. I’m now the 5th result for simon on Google, and I’ve been the top result for simon willison almost since the day I launched. High rankings however are not always a good thing, especially when combined with a comment system. A growing number of bloggers have found themselves at the top position for terms of little or no relevance to the rest of their sites, which in turn can attract truly surreal comments from visitors from search engines who may never have encountered a blog before.

[... 469 words]

Hot Links

The thing I love about RSS, and by extension web services, is that they allow people to take publically available data and combine it in ways never thought of by the originator of the feed. The internet is awash with examples of this, from useful services such as Feedster to useless amusements like I despise you and your so-called taste, the most insulting extension of the Amazon API I’ve seen to date.

[... 249 words]

Command line Futurama quotes

Today’s command line amusement:

[... 14 words]

The return of the Spong Monkeys

Via Eric Meyer, at least I’m not the only one selling out. Joel Veitch’s infamous Spong Monkeys can now be seen in two TV ads for Quiznos sandwhiches: We love the subs and Take a buck off (Quicktime movies). It’s nice to see such awesome and uniquely British talent recognised at a global level.

[... 61 words]

I’ve sold out!

What can I say—the lure of the mighty dollar proved too much. I’ve just made my first post to my new client-side scripting blog over at SitePoint, as a paid columnist.

[... 244 words]