This is just a quick tip i stumbled upon this weekend. Let's say you are working on a git branch with a unfinished amount of changes. Now you want to switch branches i.e. to lookup some older/newer value, but you do not want to commit your unfinished piece of work. The solution? git stash.

continue reading „Using git stash to cache your pending changes“

Motivation

Working with HTML5 Audio Components, i realized Internet Explorer 9, Google Chrome and Mobile Safari, do not send Domain Cookies when requesting a playable File, which required the necessity to import the sessionid before initalize session management.

Solution

I created my own SessionStorage class and adjusted the corresponding routes to have an session_id parameter.

Whereas sessionid is the routing parameter.

I needed a Server-Based mobile switch for my symfony-project. The solutions I found all used a workaround with setting the sf_format parameter to a specific mobile version. But what if you are using sf_format already for different view-types?

My Solution will use the Extension, so you can have multiple view-templates like:

• actionSuccess.mobile.php
• actionSuccess.php
• actionSuccess.mobile.xml.php
• actionSuccess.xml.php

I hope this is useful for somebdody! You might want to specify more parameters or make this a filter.

Indexhibit...

... is some weird kind of minimalistic Hipster-CMS for designers, artists, grandmas or all kind of hip people. I wont put a link up here for pagerank reasons and because as the title sais: It's a piece of crap! People, who know me, know that i dont have any respect for that Hipster/Artish-Field. Anyhow, so when I first saw a website build with it I was like "lol i have to take a look at that things source code". So i downloaded the "latest" (see below) release and started laughing. This is the top 7 List i strongly advise you or any inteligent individual to not use this piece of software and furthermore why.

#1 (weird) Code Documentation

It seems to me that some kid or designer female has written that stuff because every line of code as banal as you can think it is, is commented (im serious!). Ok, i'm a documentation fan, but the comments are kind of childisch in some way. You can jumpstart at a conclusion about this software yourself. Here are my favorite ones:

#2 Deprecated

The software is totally deprecated. Im not speaking about the use of the (very) old mysql Library in php. No! The software is so old, that i cannot even install it on my windows machine with the newest xampp-Version. And even after 30 minutes of fiddling i get around 3-4 deprecated-notices on each page

#3 Code Bullshit

The software seems to follow some paradigmas (some pseudo object oriented structure) but fails in implementation (unlogical). Also there are some sort of Don'ts and some general error in reasoning.

A few Examples:

I really dont understand this reference: If someone could explain this variable to me, i'd be pleased. (And this comment is also funny because it proves my point that EVERYTHING is commented...) Oncall Array Initialisation ($adm = null; before), every C/C++ Programmer's Brain would probably explode now at the latest. And just a another fail: oh speaking of set_magic_quotes_runtime is also deprecated, but is just a design fail.

#4 Release Cylcle

The latest version was released back in 2008. The Forum is not really active, so you cannot really call it a community. There are no code guidelines, whatsoever. But amazingly there are still people using it.

#5 Web Standards

I just say: Applying a XHTML 1.0 Transitional Doctype to an HTML Template does not make it XHTML 1.0 Transitional!!!

#6 install.php is not deleted!

The install.php script remains on the server, there are no checks whether it has been renamed or delted. You can easily overwrite the site's configuration file with your own rouge mysql server. I tested around 50 Indexhibit pages and in 70% the install.php file was still on the webspace. The reason for this is the people who actually use this CMS are Hipsters and dont know anything about tech at all.

#7 Insecure Login Policy

This is the login procedure:

While exploiting the login procedure itself turned out to be very tricky because of very restrictive regexes, you can see that it is completely cookie based, and an attacker could steal the cookie and use it to authenticate himself as an administrator. There is no User-Agent, IP-Validation. There is only a Two-Day-Cookie-Lifetime, which is not stored into the db, so you could use an old cookie to authenticate yourself.

#8 SQL Injection Vulnerabilities

Yes its 2011. We're reading about Data Leaks every day, so you should think that there would be a SQL-Injection security awareness by now, even on the Hipster side of the Planet. But unfortunately already in the routing-process in /index.php there is a SQL-Injection Vulnerability:

I like the //clean up the uri-comment, it could be interpreted almost ironically. You could easily request:
/index.php?'=''AND(SELECT/*a*/*/*a*/FROM/*a*/ndxz_users/*a*/INTO/*a*/OUTFILE/*a*/'/www/yourpath/ndxz-studio/data.txt')/*a*/AND/*a*/''=' and dump the user database to a file or do other nasty things you could do with a sql-injection.

Conclusion

DO NOT USE IT!

PS: Dear Hipsters, why is small black (8-9px) text on a white page, with dotted hover state border-bottom so damn cool?

Cinema in Tonga shutdown by German Police

Today around 14:50 GMT the popular german moviez site "kino.to" went down. Press is reporting about the arrest of 13 individuals and is charging them for the foundation of a criminal association. While the website was target of numerous hacker attacks in the past, and i haven't found reliable sources to confirm that it was actually a official intervention (and btw no SPIEGEL ONLINE is really not a reliable source for me), it seems that it was an official act.

Requiem

However a short kino.to-requiem and future outlook on the warez scene. kino.to was a phenomena: It was longer present than any other warez site i have ever seen, usually this pages do not last long because - hey - the contain WAREZ! But due to a nice loophole in law kino.to was not responsible for the hosting of the actual contents. In fact there was a redundant variety of hosters, which shared a specific content.

Most of them i.e. megavideo have premium systems to pay the server bills. Furthermore kino.to provided a respectable stability: over the years it evolved into the casual warez plattform and yet did not go down. Super casual idiots could use kino.to without any problem, because it was easy to find. But kino.to was like a raised middle finger to all german or even international copyright laws. So it was clear that someday this would happen.

Will Warez become a hacker domain again?

As I wish it would go this way, we can not say this right now. There are a few options:

• kino.to is coming back, which is think is very likely, because of the TPB cases. They can do that as well. All casuals will continue to watch movies and whatnot in their little Flashplayer windows, hoping flash won't crash. All village idiots will be happy, and we'll have another case of this in a few years.
• There will be another pendant (hint: a few are still out there *nudge nudge wink wink*), which might can live up to the kino.to-legacy-traffic (i kinda doubt that). As they'll get more popular, its the same thing.
• Jurisdiction will actually change (not likely, or better not likely because law's people's watches are ticking somehow slower) + there is always a place on earth where this will be possible. If we can't even enforce weapon regulations or human rights all over the world, piracy won't be such a problem to circumvent.
• Remember the good old days of face2face sharing? if your friend had a film and made a copy for you... on optical drives? aww noo that would be degeneration..
• All the kino.to-retard-watchers will go back to watching videos in the cinema and buying stuff, which is kind of a mentality-thing, and won't happen... unfortunately..

Buffering...

I really hope warez will become a hacker-domain again... but i dont think it will. It will also nice to see whether the so called "hacktivists" will respond in some way, because SONY is kinda all hacked out atm I guess.

PS: Dear german police: iso-8859-15 is bad and so are layout tables! (But this might be an indirect confirmation, that it was made by officials)
PPS: Ah.. and there is still child pornography out there, I guess harmless porn-free warez sites just make better headlines.
PPPS: Angela Merkel received the "Presidential Medal of Freedom" today... unrelated irony?!