My Last Two Hours Enduring Mac OS 9 (Apple-X.net)

I’ve been spending a lot of time in Mac OS 9 for the last few weeks, since I’m now porting a product backwards from Mac OS X to 9. My PowerBook G4 won’t boot 9, but my G4 minitower still does. I haven’t used Mac OS 9 since 10.1 was released a few years ago, so when I go back now it feels so alien. Developing software under 9 is not pleasant – I spend most of my time crashing & rebooting.

I haven’t written a cat post for a while, so I guess it’s time for one.

Midnight has gone through a remarkable transformation from wild stray to affectionate lap cat. When I saw him for the first time last May, he seemed completely wild. He would run away if anyone approached him. Most likely he was an abandoned pet rather than a wild cat.

I started feeding him and eventually he would come over to me, but he still wouldn’t let me pet him. After a while he started rubbing against my leg & following me around. He still wouldn’t let me pet him & he scratched me a few times. He finally came into my home once but he ran out after he ate.

In late July, he finally moved in. I took him to the vet and had him neutered and got him all of his shots. He became very attached to me and now seems to be the dominant cat around here, which Cody isn’t too happy about.

As soon as I sit down, Midnight jumps on my lap and starts purring very loudly. He’s never scratched me, although he occasionally gives me a little nip when he wants attention if I keep ignoring him. He even lets me cut his nails without any fuss.

Via Metafilter:

Howard Stern yanked off six Clear Channel radio stations The kingdom of the self proclaimed king of all media has been trimmed after Clear Channel dropped the Stern show on Tuesday after he allegedly aired sexually obscene and racist material.

The offensive exchange reportedly occured when a caller asked ex-Paris Hilton boyfriend (and sex-tape co-star) Rick Salomon if he had ever had oral sex on a black woman. The caller used the N-word to describe the black woman. Then the caller asked Salomon if it tasted like watermellon.

Is this grounds to fire the talk show host, or is it more politically motivated and the beginning of the end of free speech… of highly rated powerful talk show hosts who blast the FCC and aren’t Republican.

entire stern show here. (BitTorrent rq’d)

I personally don’t care for Howard Stern, but I’m outraged by Clear Channel’s actions. We have a media monopoly dictating taste and telling us what we should be listening to. It’s time to break up Clear Channel and bring back local ownership of radio stations.

Rosyna points out this issue with OSX’s prebinding at unsanity.org:
Prebinding could be a security risk. Not in of itself, but indirectly. You cannot use the checksum of an executable to determine if it has been modified by another or not on OS X. Incidental, yes. Not very important, indeed. But it is one wall that is not there.

Try it:

md5 /bin/mv
MD5 (/bin/mv) = efeb7727e40c597fa33953e551c9979d

Looks fine, no? Well, let us redo the prebinding:

sudo redo_prebinding /bin/mv
md5 /bin/mv
MD5 (/bin/mv) = fe7369c88c3a9220ad803ba3e56bbe06

The checksum has changed. While I am sure that there are better ways to get a checksum none are the answer. And AFAIK, dyld doesn’t store the executable’s actual checksum anywehere.

I’m now changing my Mac OS 9 code to use pre-Carbon APIs since some features I need to use aren’t available in Carbon.

I just discovered The String Cheese Incident in iTunes Music Store and bought a few of their songs.

Eminem is suing Apple, claiming they used one of his songs in a television advertisement without permission. The ad in question featured a kid singing “Lose Yourself” while listening to his iPod.

My D-Link DI-624 router has been freezing at random or spontaneously rebooting for a while. I finally got disgusted with it and bought a Netgear WGR614 yesterday. It has almost the same features but is about half the size. So far it seems to be working nicely.

I now have shareyourmusic.com and worldbeatplanet sharing a single Drupal installation with separate databases. The way it’s done is very simple & elegant: have a separate conf.php file (named shareyourmusic.com or worldbeatplanet.com) for each domain.

Not satisfied with repeatedly predicting the death of Apple, the clueless Rob Enderle is now predicting the death of Bluetooth [via Slashdot]

At the Intel Developer Forum on Wednesday Intel announced the company was giving up on the deadlocked Ultrawideband IEEE task group and going it alone with a derivative offering they are calling Wireless USB. This initiative, for them, does everything that Bluetooth does and, effectively means that for PCs Bluetooth is all but dead.

Intel’s history with Bluetooth, up until now, was solid. It was one of the major backers but the technology took years longer then expected to come to market. It’s really never been accepted as a PC standard. Even Microsoft was slow to adopt it due to concerns about the standard. The company’s Bluetooth keyboard and mouse were a disaster.

Bluetooth, which has been expanding in the cell phone market strongly, has been appearing on an increasing number of headsets, aftermarket automotive solutions, and recently became a dealer installed cradle option for some cars. Unfortunately, for the PC market, it may have simply taken too long to come to market. And now, based on this new product direction from Intel, it’s all but dead.

I received 6 Nigerian spams today, a new record. One of them was sent via the feedback form on this website.

Cool! Someone has ported the old Torgo screensaver of Fate to Mac OS X. If you’re not familiar with this, Torgo is a character from Manos: the Hands of Fate, believed to be the worst movie ever made. It was one of the most popular episodes of MST3K.

Comment spam seems to have been increasing lately.

Yesterday I got a comment spam for an online pharmacy from the bogus address hrie@yahoo.com. Today I got two more comment spams from the same address for a different pharmacy. I just added some very aggressive filters to mt-blacklist in an attempt to deal with them.

I’ve completed my conversion of WorldBeatPlanet from PHP-Nuke to Drupal. I was able to convert most of the content (I’ve saved the reviews but haven’t had a chance to convert them yet). Several people have said they like the new site, and I think it will be a lot more flexible than the old PHP-Nuke site.

The Drupal version of WorldBeatPlanet is shaping up very nicely. Rather than using the song & review modules, I’m using a taxonomy to select song lyrics or reviews. I defined a required vocabulary with the terms story, lyrics, and review. To find all items of a specific type, I use the following SQL query:

SELECT n.nid, n.title
FROM node n
LEFT JOIN term_node t ON ( n.nid = t.nid )
LEFT JOIN term_data d ON ( t.tid = d.tid )
WHERE ( d.name = "lyrics" )

Thanks to a suggestion from Kitt at drupal.org, I figured out how to move most of the content from worldbeatplanet’s Nuke database to Drupal. I plan to switch over worldbeatplanet completely in a few days and shut down the Nuke site.

I also plan to merge worldbeatplanet with shareyourmusic.com. Since I can now modify my hosting packages through my reseller account, I will move the worldbeatplanet domain to the same account that now hosts shareyourmusic. I will have separate databases for each, but I hope to be able to share some code & content.

I’ve already created a subdomain static.shareyourmusic.com where I’ve copied the static pages for individual artists. I still need to fix some references, though. I will have static.worldbeatplanet.com pointing to the same site, as well as subdomains for each artist.

I’m still finding some remnants of the hack at WorldBeatPlanet. Right now I’m pretty disgusted with PHP-Nuke. It has more security holes than Windows.

I’m considering switching WorldBeatPlanet to Drupal and I’ve even set up a test site here. The only drawback is there doesn’t seem to be any easy way to move over the old content.

BoingBoing pal (and former guestblogger) Todd Lappin points us to yet another food fight between copyright and Remix Culture.

DJ Danger Mouse remixed Jay-Z’s “Black Album” with the Beatles “White Album” to create… The “Grey Album,” of course.

The New Yorker had a little Talk of the Town piece on this, Apparently, Jay-Z created a vocals-only version of his album *explicitly* so DJs could remix it. And many have. This week, the Beatles issued a cease and desist to stop the Grey Album… which of course makes the Grey Album even more desirable as a collector’s item, so now the whole album is available for download.

Download it here.

I’m listening to it now & I like it. I don’t care much for rap music, but I usually enjoy remixes like this one and the Punjabi MC remix of Eminem’s “Lose Yourself”.

SlashDot reports that Windows 2000 & NT source code has been leaked [original report here]

I just installed PHP-Nuke 7.0 at WorldBeatPlanet.

This seems to be how the luser was able to hack the site.

When I checked my access logs, I found a few items like:

modules.php?name=Your_Account&op=gfx&random_num=604071


The security graphic engine takes the random number and makes an MD5 encryption of it concatenated with other elements such as the $sitekey, $datekey, and the member’s http_user_agent.

At this point the MD5 hash value is switched over to hexadecimal and stored in a variable whereby at a certain starting point (2 by default) a total of x places are read and stored (by default 6).

A potential security risk exists if the default $sitekey value is not changed because a malicious user can manually map out on a PHP-Nuke portal in a one to one relationship between random_num and the number shown in the image. So long as the following values do not change:

• $sitekey
• $datekey
• $random_num
• HTTP_USER_AGENT

The number shown back in the security image will always be the same. Such a mapping would be tedious to complete manually, but the possibility exists nonetheless.

Out of the four variables above, the user can manipulate only two:

• $random_num
• $HTTP_USER_AGENT

This effectively means that the entire process of mapping out the one to one relationship must occur in a single day due to the $datekey parameter. Each day adds a new value to the hexadecimal/MD5 concatenation process.

Lets take this a step further. If a PHP-Nuke webmaster does not change their default $sitekey parameter this could still open them up to attack. A malicious user may install a default PHP-Nuke portal on their own system and now they have access to manipulate all of the four variables above.

This means they can change the date on their system, altering the $datekey to each day of the year, and manually map out all the random_num values to their respective security image code values. At this point, they have a full database for every day of the year that can be used maliciously against default $sitekey value PHP-Nuke sites. With such data, a script can be written to check the random_num value, ie:

modules.php?name=Your_Account&op=gfx&random_num=604071

And such a script could call up the corresponding security code value thereby rendering the purpose behind it useless.

Conclusion? Change your $sitekey immediately from the default value, and change it often. On Nuke Cops for example, the random_num above, 60407, generates the number 588529 using my HTTP_USER_AGENT for today’s date. You will most likely see a different code.