A Day Late

Here’s an interesting article about security vulnerabilities that allow the X-Box to be “hacked”.

I’ve had an X-Box for a little over a year now but honestly I don’t use it much. Multiplayer Halo is about all it is used for( Ciara is quite good by the way). I know someone that added a modchip and larger hard drive to their X-Box and turned it into an entertainment machine. He has all sorts of games saved directly to the hard drive and transferred his DVD’s and other recordings to it. It’s an impressive setup. Something I’d like to duplicate if I had the time and/or ambition to do so.

Here’s a handy firefox tip that enables handling urls with line breaks in them. This is particularly useful for those of us still using Outlook, which seems to improperly wrap URL’s quite often.

Here’s another Mozilla/Firefox tip: if you copy a URL wrapped over multiple lines from somewhere and try to paste it into the address bar, you will end up only with the first line of it. To fix it, go to about:config and change editor.singleLine.pasteNewlines setting to 3 or add:

user_pref(”editor.singleLine.pasteNewlines”, 3);

to your user.js file. Now all the line breaks will be removed upon pasting.

I came across a good, free utility to securely (for my purposes) erase a hard drive. It’s called “Darik’s Boot and Nuke” and is available at http://dban.sourceforge.net/.

UPDATE: Perhaps a better solution is to use something I already have. A bootable linux CD with the “shred” utility. The knoppix live CD has this program. For instructions on how to do this, click HERE.

I’ve been working on a problem at work for almost 7 hours and I’m no closer to finding a solution. I’d give up if I wasn’t sure someone else has had the same problem. Here’s what’s going on. On our server we use coldfusion and use application security throughout our site. When someone logs in to our site we set various cookies and session variables. On pages that require security we check for the proper credentials and then load the page. If the proper credentials are not found the user is redirected to the login page. However, that approach only provides security for files coldfusion recognizes (CFM and CFC files). PDF, word document files are available for anyone to see.

This hasn’t really been a problem until recently. We allow all employees a certain amount of web space to post files and other documents in their own web folders. On numerous occasions we’ve told them NOT to upload files with information that should remain confidential. Apparently that’s not working because they keep doing it. The problem is, most of the files they upload are word documents, pdf’s, etc which cannot be put under our coldfusion application security.

I figured a good solution would be to implement directory security on those folders and require basic authentication. This would authorization to access any file. I want to create a single username on the server with access to that folder. When a user logs in to our site, throught the coldfusion mechanism, we also do a transparent login using this special username and password using Basic Authentication. Problem is I can find NO way to do this. I thought I could manipulate the authentication-info header but that doesn’t seem to be working. I’m having a hard time believing it’s not possible to have application security AND directory security. If only I could use mod_rewrite I wouldn’t have to worry about directory security, but sadly this is a Microsoft IIS server. If I haven’t figured this out in the next half hour I might have to beat my head against my desk.

I’m still having trouble with our MySQL server. It stops responding at least once a day. I’ve tried just about everything I can think of. I even dumped all the databases, dropped them and imported all the data again. No luck. I think I’ll probably have to install the debug edition and try and figure out what’s locking it up.

We’ve been having some trouble with our MySQL server running on the HPUX machine. It’s been crashing multiple times for the last few days. When it crashes it becomes completely unresponsive. No clients can connect and any clients that were connected don’t respond. I tried keeping a few windows open to monitor the processlist and extended-status but they didn’t help a whole lot when the server crashed (all values seemed normal when the crashes occurred). I was even unable to shutdown the server. I tried running the script to stop the server but the server wouldn’t respond to any kill commands. Basically the only thing I could do was kill the process with a “kill -9″ (NEVER A GOOD THING).

I’ve been watching the logs and I haven’t found anything out of the ordinary. Nothing significant in the error log. Nothing in the binary log and nothing in the query log file. I assumed it was one particular query that was killing the server but the last queries in the log files never matched. I checked the system log files and couldn’t find anything suspicious except for one thing. The server was restarted a few days ago for unknown reasons. I put in a ticket to engineering inquiring why the server had been restarted (assuming they’d made some changes). I got a response back indicating the server had crashed. I suspected the database might have some corruption problems due to the kill -9’s but it wasn’t until I learned the server had crashed that I thought corruptions could be the cause of the problem.

I decided to take the server down and run a myisamchk. It found quite a few errors. I ran it again with the –recover option. Just to be safe I then ran a CHECK TABLE [table name] EXTENDED on all the tables (MyISAM and Innodb) to verify they all had an “OK” status. They did. Hopefully this solved the problem. We’ll have to see how things go tomorrow.

I received an email the other day at work notifying me that our home page didn’t look very good on Internet Explorer for Macintosh. I pulled it up and sure enough it was just a jumble of garbage. This confused me because I use a Mac and I was sure I’d looked at it on IE, although I knew it was quite a while ago (I usually only use Mozilla or Safari).

Anyway…I noticed when I commented out a few javascript functions that dynamically manipulated a table the page looked fine (from what I’ve read, javascript support is awful on IE for Mac). That would seem to indicate the problem was with the javascript, however the exact same javascript was being used on other pages and worked just fine. I decided to rebuild our homepage starting from scratch, adding things in piece by piece. I discovered a few tables and other tags that weren’t properly closed. When I was finished the page was working on IE for Mac. However…I decided to reload the page a few times just to be sure and was disgusted by what happened. On average if I loaded the page 10 times, 9 times it looked just fine and 1 time it was a jumble of garbage. So, it seems to work 90% of the time. From a computing perspective I’m confused. IE is receiving the exact same code each time but it seems to randomly interpret it differently. Odd.

Unfortunately the only “supported” web servers offered by our IT department are servers running windows and IIS. As a result I have to deal with unreliable performance and when we do have a problem its basically impossible to debug. When I place a call to engineering about a problem the answer I always get is: “uhhh…ok, well we’ll reboot the server and see if that fixes it.” Brilliant solution.

Well, anyway the other day I noticed a strange problem. I wrote a script to email me any web site errors that occur. Previously the errors would only be submitted if the person who received the error clicked “submit error report.” I was curious to see how many people don’t bother so I decided to submit the reports automatically. The result, I think people clicked “submit” roughly 10 or 20% of the time.

Anyway, I was looking through the errors and I noticed quite a few created by search engines scanning the site (broken link errors and such). However, I noticed a few errors on an area of the site that supposedly no longer existed. I checked the server and sure enough, the files that were causing the errors no longer existed. Just out of curiosity I pointed a browser at the page and was confused when content was returned. Most of the graphics weren’t visible, since they’d been deleted, but all the text was there. I couldn’t figure out why a file I had deleted months ago was still being served so I checked the directory once again to verify that yes the file was deleted. It was; no where to be found. I checked some of the other files I’d deleted in that folder and they were also still being served up. I figured it was a caching problem but after clearing the IIS cache, clicking “expire content immediately”, neither of which worked I was stumped. So, I decided to create a file with the same name that would redirect to the home page. I refreshed my browser and sure enough it worked. Then I deleted the file just to see if it would still be served up. Strangely enough this time it actually deleted the file and I got a “file not found” error. Strange strange strange.