This 1 line might be enough to get me to change from @panic’s Coda to vim full-time.
July 2010
46 posts
Glenn Beck's security is as shit as everything else he does.
apache:x:48:48:Apache:/var/www:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin ads:x:549:549::/home/ads:/bin/bash at40:x:523:523::/home/at40:/bin/bash backstagebash:x:563:563::/home/backstagebash:/bin/bash bigdbubba:x:568:568::/home/bigdbubba:/bin/bash bigshow:x:537:537::/home/bigshow:/bin/bash bobandtom:x:530:530::/home/bobandtom:/bin/bash coast:x:536:536::/home/coast:/bin/bash common:x:520:520::/home/common:/bin/bash day:x:501:501::/home/day:/bin/bash drlaura:x:574:574::/home/drlaura:/bin/bash faceyourstorm:x:570:570::/home/faceyourstorm:/bin/bash glennbeck:x:522:522::/home/glennbeck:/bin/bash glennbeckancient:x:576:576::/home/glennbeckancient:/bin/bash gwaugh:x:200:200::/home/gwaugh:/bin/bash itunes:x:569:569::/home/itunes:/bin/bash jason:x:573:573::/home/jason:/bin/bash jimrome:x:508:508::/home/jimrome:/bin/bash keephope:x:562:562::/home/keephope:/bin/bash liners:x:544:544::/home/liners:/bin/bash partner:x:555:555::/home/partner:/bin/bash premint:x:507:507::/home/premint:/bin/bash premrad:x:511:511::/home/premrad:/bin/bash rmainfo:x:516:516::/home/rmainfo:/bin/bash rushlimb:x:504:504::/home/rushlimb:/bin/bash steveharvey:x:561:561::/home/steveharvey:/bin/bash support:x:512:512::/home/support:/bin/bash sweeps:x:543:543::/home/sweeps:/bin/bash trustpremiere:x:556:556::/home/trustpremiere:/bin/bash
You can grab the complete file here or their /etc/hosts is an interesting read as well. Or why not have a look at his DB connection details. Red Jello indeed.
So nice of that developer to let us download any file we want from his server.
http://media.glennbeck.com/app/getfile.php?filename=
Oh, and of course the sys-admin who decided that running Apache as root was a good idea should really get some of the glory as well! :)
These lawls brought to you by /r/technology & Ebaum’s World
Best Admin/Dev addons for Django
django-admin-tools is a collection of extensions/tools for the default django administration interface, it includes:
- a full featured and customizable dashboard;
- a customizable menu bar;
- tools to make admin theming easier.
The Django Debug Toolbar is a configurable set of panels that display various debug information about the current request/response and when clicked, display more details about the panel’s content.
Currently, the following panels have been written and are working:
- Django version
- Request timer
- A list of settings in settings.py
- Common HTTP headers
- GET/POST/cookie/session variable display
- Templates and context used, and their template paths
- SQL queries including time to execute and links to EXPLAIN each query
- List of signals, their args and receivers
- Logging output via Python’s built-in logging module
Come work with me!
We are currently looking for a mid-level front-end developer to join our team on an initial short-term contract basis, with the possibility of coming on-board full-time. We are looking for someone who can take our designer’s oh so pretty psds and turn them into awesome front-ends. They will also be working very closely with the server-side developers and hooking their back-end code to the new front-end templates.
HTML, CSS skills are a must with a passion for web standards. Tables are for tabular data only, thanks! A knowledge of Javascript or at the very least the ability to integrate common jQuery add-ons is a plus. Candidates do not need to know HTML5 & CSS3 but they must have a willingness to learn and a keen interest in the web and new technologies. They will also be required to integrate their work with Django templates so a knowledge of Django’s templating system, or another similar system such as smarty is a bonus.
An official ad will be going up in the usual places soon, but if you think you tick all the boxes or know someone who does, this is your chance to get your CV at the top of the pile. Please send a CV (include only relevant experience/education please!) and links to 2 or 3 sites you are most proud of (does not need to be commercial, charity, personal, portfolio, etc pieces are welcome) to aaron@2fluid.co.uk
This position will be for an immediate start.
Listen
This noise started at 7am. If you value your sleep do NOT stay at the Travelodge King’s Cross Royal Scot. Complete and utter shit hole.
Well played London. Well played.
I arrived in London for my first real visit since I’ve been old enough to stop soiling myself today. On my own to attend client meetings, find hotel, visit friends etc.
If I was less cock-sure I would have been nervous about getting lost. I did grow up on a hamlet ffs. But I am MAN! My sense of direction is perfect!
And to be honest everything went great. Euston to Hammersmith. Hammersmith to king’s Cross. King’s Cross to Angel. I was zipping about like a native. Then it came time to go back to hotel.
I’d already been there only a few hours before. I’d dropped off my bag and went to visit a friend. Had a couple of drinks and headed back. A 15 min journey. A 15 min journey which took over an hour. An hour off walking in circles cursing you London. An hour with a pint filled bladder only prepared for a maximum of 20 mins between toilet breaks.
By the 80 minute mark I had broken out in sweats. Sure that you would not relent until I was a crying mess, rolling about in my own pee still not knowing if I should have taken that 2nd or was it the 3rd left!?!?
And just then the clouds parted and my hotel appeared out of no-where! I could seeing it’s welcoming doors full of promise (the promise of a flushing toilet!)
And then as I steadied myself, blinking back tears of joy I happened to glance into an apartment window beside me. An apartment I would never have passed if you had not taken me on such a merry dance London.
In the apartment was a nubile young lady, dressed only in victoria’s finest. Doing a headstand, while reading a book.
Damn you London. You build me up, tear me down and then throw something as weird as that at me.
You win. You win.
Magnifi.co!!
- @nsdesign: Seeing a load of .CO domain orders this morning!
- @aaronbassett: Any chance of cis.co?
- @johnmcc: tes.co?
- @michaelmcguk: alfres.co?
- @aaronbassett: fias.co!
Play
Geolocation is Witchcraft.
My Macbook doesn’t have GPS, yet geolocation still works. I know about Wi-Fi positioning via services such as Skyhook and when in built up areas that explains how creepily accurate it is. But even now, while whizzing through the English countryside, where the only Wi-Fi network in range is the train’s it is still rather accurate. How?
Fuck, if it is getting good enough to track me sans-GPS while on a fast moving train…geolocation based services are going to be huge. I did a short presentation last year at TMU on geolocation. Source files and slides are on Github
Dear Mr @charltonbrooker,
you sir owe me a pair of underpants. I seem to have soiled this pair while reading one of your articles.
Offensive Facebook groups such as Raoul Moat’s are 10 a penny. Yet sympathy is in short supply
On YouTube there’s a recording of a radio interview in which a TalkSport presenter runs so many rings around her, it’s a wonder he didn’t black out from the centrifugal force.
The Internet. It is serious business.
Well they might not have gotten the cyber police involved, but it looks like the real boys in blue are on the case.
11-Year-Old Viral Video Star Placed Under Police Protection After Death Threats
According to Leonhardt, some of those phone calls have been death threats, and the local sheriff’s department has launched a criminal investigation into the video. Jessi was placed under police protection and brought to a safe house soon after it went viral. She came home today, but she’s not online: A court order has barred her from using the Internet for at least three days.
Hello parents, please look upon this and learn the lesson. The internet is a super awesome place (and serious business) so please remember to supervise your kid’s use of it.
And for fuck-sake don’t let your 11 year old daughter have a computer in her room with a bloody webcam. To you she might be a little princess, to /b/ she is just a cam-whore waiting to happen.
CSS3 Pie →
css3pie.com
Adds support for
- Border radius
- Box shadow
- CSS gradients
- Border image
- Multiple background images
- rgba
to Internet Explorer versions 6-8. If this works half as well as I hope, I may have to go all Emilio Estevez in The Breakfast Club.
Scammers, they're not even trying anymore.
An ATM Card with Card Number:5428050011004432 have been approved in your favor by the UNITED NATION,The ATM Card Value is $315,810.00 USD.
2 + (6) + 4 + (8) + 0 + (0) + 1 + (1) + 0 + (0) + 5 + (0) + 8 + (4) + 5 = 44
44 mod 10 != 0
StartupShuttle. The figures.
A friend of mine, and awesome local entrepreneur Kate Ho has just had an article published on the Guardian site about creating a ‘StartupShuttle’ linking London & Edinburgh (I hope that train goes through Glasgow as well!). An interesting concept, but I couldn’t help doing the maths :)
An average coach class carriage for Virgin rail carries 62 passengers, so 3 carriages is a total of 186 seats. I don’t know what capacity Virgin runs at on that route but I have never seen it anywhere near empty. So lets say 80% capacity (I’ll round it down to 148 to make a nice even number).
A reasonable price from Edinburgh to London would be £110 (correct me on this, going from other sources as cheapest I can find on Virgin’s site atm is £258.50) but not everyone is going to be travelling the entire line, although they may reserve a seat. So lets say 50% pay full price, and 50% pay half.
- 74 seats at £110
- 74 seats at £55
- giving us a grand total of £12,210.00. Ouch.
That’s quite a lot for a sponsor company to fork out once a month. That’s a yearly bill of £146,520.00, quite a lot to buy some goodwill and gratitude from start-ups. A group known for being cash-strapped ;)
But according to the article start-ups would have to pay for their seat on the trains, at a cost of £25 each. Now if the scheme was a runaway success and they sold every-seat on the train (quite likely if Kate & Co are involved) that is 186 seats at £25 a time or £4,650.00. A shortfall of £7,560.00. Better than what it was before, but still not great.
In saying that I would still love to see it happen, and I suppose £146,520.00 is actually bugger all to Branson. The dude builds fucking spaceships!
Are you Christian? - Sins of the father
Are you filled with the light, have you accepted Christ into your life? - May contain traces of messiah
Did you go to church today? - and the baristas shall inherit the earth
I was reading Not always right and am a little shocked by just how many include complete strangers asking people about their religious beliefs. Is it really that common in America?
I guess I would have to respond with “Do you take it in the ass?”. If they think it’s ok to ask something so personal and maybe even a tiny bit offensive, why shouldn’t I?
Suggestions Required.
I’m looking for a venue in Glasgow which would be suitable for @barcampglasgow. Due to the nature of the event (and my own leanings towards alcoholism) it should preferably be a bar or music venue. I’m hoping for approximately 80 to 100 people and the event will likely last from 10am to 7pm on a Saturday (this is only a suggestion happy to change to match suitable venue’s opening hours).
Must haves
- Wifi
- An area suitable for presentations (does not need projector or similar)
- A separate area which can be reserved/cordoned off (away from other patrons)
- Adequate seating
- Location near to public transport links
- Relaxed atmosphere
Nice to haves
- Reliable Wifi
- Available power outlets
- Ability to do group catering
Super awesome to haves
- A/V Equipment for presentations
- Unicorns
Think you know a venue which matches all or even some of the above. Then either leave a comment here or get in touch with @barcampglasgow via Twitter or email hello@barcampglasgow.com
Please to be removing lady clothes sir! →
reddit.com
I read all the comments in Apu’s voice. I did feel a little bad, but it was still hilarious. 1 problem I seem to be stuck in “Apu-mode”. I’m even reading this text in his voice as I write it.
Thank you, come again.
Play
Project deployment for small teams using Git & Phing.
This coming Wednesday (14th July 2010) I’ll be giving a talk at Techmeetup in Edinburgh on using Git + Phing for deployment. Here is my blurb about it;
Manual deployment can be time consuming and error prone. Learn how you can manage your source code, automate deployments, create your own build process and feel like a development ninja using just Git and Phing.
Everything kicks off around 6:30pm, it’s a free event with everyone welcome. As well as my quick talk Tagorize and Geogoer will be presenting their startups. And if it is like the Glasgow TMU there will be free beer and pizza with plenty of time to consume both while talking to other techies.
If anyone is travelling through from Glasgow let me know, I’ll likely be getting the train around 5:45pm
Google App Inventer →
mashable.com
Good luck separating the signal from the noise in the Android store after this launches to general public. This might be the only thing to EVER make me thankful for Apple’s approval process.
Although it does remind me of something?
Wondering how hard the @kwwika API is to work with?
I had a couple of hours spare before my flight home, so I made this. It’s a perfect example of how easy it is to work with the @Kwwika API as I was able to throw this together so quickly.
The heavy lifting is done within the initialize function.
Where the updateCharts function updates the pie graphs for each statistic as well as the text display. The actual @Kwwika code can be reduced even further.
That’s it! 4 lines to subscribe to a Kwwika feed and receive realtime updates. Of course Kwwika does a whole lot behind the scenes when you write those 4 lines, but we don’t need to worry about that. To borrow a phrase from another well known tech company;
It just works.
Which is fantastic for me, as like all good developers, I’m lazy ;)
Play
Question for iOS developers.
If developing for Apple mobile devices do you need multiple devices for testing?
- iPad (iOS 3 & 4 when released)
- iPhone 4 (iOS 4)
- iPhone 3GS (iOS 3 & 4)
- iPhone 3G (iOS 3 & 4)
- iPhone (iOS 3)
- 3rd Gen iPod Touch (iOS 3 & 4)
- 2nd Gen iPod Touch (iOS 3 & 4)
- 1st Gen iPod Touch (iOS 3)
Because it could get really fucking expensive. Or is emulation good enough?
Pro-tip.
If your screen-name or bio includes any of the following words or phrases;
SEM, SEO, Marketing, Marketer, Online advertising, Advertiser, Reputation Management, Consumer Retention, Leveraging Relationships, Value Stream
or anything I perceive to be in anyway related to them, or that industry; you have a greater chance of sprouting wings and flying up your own ass than you have of me following you back.
And if you’d taken 5 minutes to scan some of the previous posts on this blog before adding me you would have already known that.
@dconstruct need to change their short description.
for people designing and building the latest generation of social web applications.
There is not a single talk in the schedule that is not design focused. So much for the building part.
I’m just jealous as designer’s seem to get all the cool 1 day conferences. Sure there are PHP conferences, or Django conferences or Java, mySQL, Oracle, etc, etc, etc. But very few which are not focused on a single technology. And none of them seem as cool as the design focused ones. Bastards.
I did have a look at webdevconf. But if they can’t even get their own fucking website working (try the read more link) why should I pay them to instruct me on how to do it? Plus this line in their about put me off
The goal was to get students engaged with the world of the web and what this beautiful industry offers as well as meeting professionals and making important contacts
Fuck that. I want an event for experts by experts. Not some introduction to HTML and a few handshakes afterwards.
@Kwikka replaying data. My input.
Not only have @Kwwika been pushing out the data from the World Cup live to subscribers but they have also recorded each match since the quater finals. They are looking at ways of replaying this data and asked for some input on Twitter
Updates in actual time…snip…or an update every X seconds?
My preferred way would be realtime, but with a couple of extra features.
- Ability to play feed at different rates. Maybe start off with playing it at 200% or 300%, like a VCR on fast-forward. But ideally it would be nice to have fairly fine grained control over the rate. Maybe even bring it down to 25% during a really busy point to examine it more closely.
- Ability to jump to a particular point in the stream. If I want to replay the 10 minutes after a ‘hand of god’ I can subscribe to the feed and tell it to start from that point.
- Reporting on current position. Imagine the deep linking opportunities if you could pin-point the exact place you are currently within the stream.
Birmingham Council site vulnerable to attack. Again.
I think it is about a year now since I found the first hole in the £2.8 MIllion Birmingham Council site. It was found, and reported on launch day. But yet nothing has been done, the same hole is still there ready to be exploited.
XSS is a big deal, it lets an attacker inject their own scripts into the site, running with whatever privileges the user has on that site. Able to capture any information they enter.
After the recent figures where published about how much the UK government was spending on websites my little hole came up again on Twitter so I did a little poking around. It didn’t take long to find another hole. Now this one is a little bit more worrying. Same kind of attack (XSS) but look at the page(s) it can execute on. These pages collect the following data;
- Full name including title
- Your home phone number
- Your mobile number
- Your email address
- Your full postal address including post code
- as well as whatever you want to contact the council about
At a very minimum these details could be harvested and sold to direct marketers, at worst they could be used for identity theft or harassment. But you’re not going to be thinking about that when you enter the details because it will appear as if you are only giving those details to the council. When in actual fact anyone who wants to could intercept those details just be sending you a Birmingham Council website url with the required code in the url.
Some people are saying they can’t see the shortened links, so here they are in their full glory.
Original XSS injection
Newly discovered XSS injection (UPDATE: Minor adjustment as was not executing in firefox, think it was an encoding issue)
Hey Birmingham Council if you’re reading this. I’ll build you a proper website, and I’ll only charge £2.7 Million. I’ll even throw in a couple years maintenance. ;)
What I would like to see from @Kwwika next.
As am sure everyone knows by now I’ve been building a #Worldcup app for the @kwwika competition. They really do we have a great API and am excited about the prospects, I really hope they let users create their own channels to subscribe to.
But what they really need is some way of generating dummy data for testing. Ideally you would subscribe to ‘/KWWIKA/SANDBOX/UID’ where UID is some identifier unique to your application. Then you log into the Kwikka site and get a form like
Data entered into the form is pushed to your subscribed app, allowing you to send any data you wish down the pipe and mimic any feed format. Perfect for when your app performs particular actions when particular data is received, but that data is infrequently occurring in normal stream.
URLParser is dead! Long live Url.Parse!
The seemingly defunct Poly9 released a rather awesome URLParser. Luckily I had a copy of the code in a project I did a while ago as it doesn’t appear to be available online anymore.
Thankfully Poly9 released the original code under the MIT license. So I have made a couple of minor adjustments and put it on Github. I have retained the original license terms as well.
WARNING! Rage probability of this page is 97%!
I need to write a browser plugin to save my sanity. Every now-and-then I’ll follow a link from Twitter and end up on some “Social media guru” or “Affiliate marketing expert” who wants to “value add my long tail”. I can feel my blood pressure rising already.
What I want is a warning page. Something that alerts me to the level of douche-baggery I am likely to encounter on the page. Something like Google’s malware warning.
I’m thinking a Greasemonkey script, which reads all textual content from the page and scores it based upon a ruleset (similar to Spam Assassin). When the score exceeds an acceptable level (7 points?), the warning page is displayed.
- Contains any of the buzz words from this list : +1 point per buzzword
- Contains more than 5 social bookmarking links : +1 point per link
- Uses any of the following phrases “SEO”, “SEM”, “Link Building” : + 2 points per phrase
- Uses any of the following phrases “Social Media marketing”, “affiliate marketing” : +5 points per phrase
I’m placing this near the top of my projects todo pile.
