Security FTW

Email I received today:

Here is the link to the application: http://alinkonourintranet

If you get a prompt for a user id and password, you close the link and start over
keep opening and closing the link until you are not prompted for a password

Phishing Emails Aren’t Trying Anymore

Got this in my inbox today:

Dear Customer

As part of our security measures, weregularly monitor the
Bank system, will add $200.00 credit to your
account just for taking part in our quick 5 question survey Bank
Of Montreal.

Information you have requested for the following reason:
Our system detected unusual debit on your account

This is a last reminder asking you to log in to Bank
account as soon as possible.

Please download and unpack the form attached to this email and
open it in a web browser.
Once opened, you will be provided with steps to restore your
account access.
We appreciate your understanding as we work to
ensure account safety.

Please do not reply to this email. Emails sent to
this address conot be answered.

© Copyright BMO Financial Groups 2011. All rights reserved

Smugmash: Turn your SmugMug pics into a YouTube video

Recently I came across Pummelvision, which takes your photos from Flickr and other similar sites and creates a video out of them. Being a loyal SmugMug user for years, I was a bit disappointed that they hadn’t thought of SmugMug when making this app. So, I put my dev skills to test and came up with SmugMash:

http://smugmash.arsenalist.com/

You can choose to have all your SmugMug photos made into a video, or you can select a gallery. Until Pummelvision decides to add SmugMug, at least we got something. Here’s an example of a video made through this app. If you have support issues, you can find me on Twitter

View Unread or New Comments in Disqus – WordPress Hack

The job here is to highlight unread or new comments that a visitor to your site has not seen. This is especially helpful when you have a blog with lots of threaded comments where it becomes difficult for a reader to get a grip on just where they should look to read new comments. This method can work anywhere, not just in WordPress, but this example is geared towards the Disqus WordPress Plugin. Once you install the plugin, find the comments.php file located inside the plugin folder, usually something like wp-content/plugins/disqus-comment-system/comments.php.

Open it up and find the following line of code:

    
<?php if (!get_option('disqus_manual_sync')): ?>

Right before that line, paste the following:

    
		config.callbacks.afterRender.push(function() {
			jQuery(function($) {
				var largestReadId = document.cookie.match ( '(^|;) ?largest_read_id=([^;]*)(;|$)' );
				largestReadId = largestReadId ? parseInt(unescape(largestReadId[2])) : 0;
				var newLargestReadId = 0;
				$('.dsq-comment-header').each(function() {
					id = parseInt($(this).attr('id').split('-')[3]);
					if (id > largestReadId) $(this).parent().css('background', 'lavender');
					if (id > newLargestReadId) newLargestReadId = id;
				});
				var expiry = new Date();
				expiry.setTime(expiry.getTime() + 7 * 24 * 60 * 60 * 1000); // 7 days
				document.cookie = "largest_read_id=" + newLargestReadId +"; expires=" + expiry.toUTCString();
		});

Done!

All we’re doing is setting a cookie storing the largest read disqus comment id per post in the user’s browser. If a comment id smaller than it is encountered, it’s left alone. If a bigger one is encountered, then we use jQuery’s parent() and css() functions to add some styling to the comment. You can change that line as you desire. You can see this feature implemented on Raptors Republic

Follow me on Twitter – @zararsiddiqi

Free World Cup 2010 Office Pool Software

Thanks to Haroon Rafique and Cris Diaconu for their contributions.

This pool is much like the last one. You are free to download the software.

It’s basically one index.php script which does everything. The SQL script is also in there, all you’ll need to do is put it on a PHP enabled server somewhere and change the ez_sql.php file to point to the right database.

Here’s what mine looks like:

http://haroon.sis.utoronto.ca/football/

We’ve added some fancy stuff like Google Charts integration which tracks the leaderboard etc.

Enjoy and good luck!

How does Microsoft Exchange NOT send this to SPAM?

This was a message sent with “High Importance” and our Exchange server let it through. It’s like their spam filter checks for the word ‘viagra’ and that’s it. Anything else passes.

Subject:

©Ð«Î¶U´Ú¡C©Ð«Î¥u n¦³´Ý È¥i¶U¡C©ã¼Ðª÷¥N¹Ô¡CThu, 13 May 2010 18:50:14 +0100
¤uµ{¥N¹Ô´Ú¡C©Ð«Î¥þÃB¶U´Ú¡CªA°È¹q¸Ü¡G¢¯¢¸¢´¢·¢´¢µ¢¸¢¯¢²¢´¡E¤¤ªø´Á¶U´Ú¡C¥Á¶¡1¤À3°_¡CThu , 13 May 2010 15:43:14 -0200 [da_che@xuite.net]

Message:

¦U¤¤¤p¥ø·~¡B¤¤¤j¥ø·~©ñ´Ú¡C¦UºØ©Ð¦a¶U´Ú.»È¦æ¶U´Ú¡C©Ð«Î¥þÃB¶U´Ú¡C¦Xªk¯²¸î¤½¥q’«È²¼¶K²{‘¦~®§17%¡CªA°È¹q¸Ü¡G¢¯¢¸¢´¢·¢´¢µ¢¸¢¯¢²¢´¡E»È¦æ¦X¬ù¶U´Ú¡CThu, 13 May 2010 14:41:14 -0300

¯S©±ª÷¦n¶U
µu¤¤ªø´Á¿Ä¸ê/Áp¶U·~°È
Áp«O·~°È/±M®×¿Ä¸ê
µu¤¤ªø´Á¿Ä¸ê
µu´Á©Ê¿Ä¸ê
a.¹Ô¥I°ê¤º²¼´Ú·~°È
b.§Ö³t³qÃö¶U´Ú
c.¥ø·~¥I´Ú³qª¾³æ¶U´Ú
d.¥~¾P¶U´Ú
¤¤ªø´Á©Ê¿Ä¸ê
a.¸ê¥»©Ê¤ä¥X¶U´Ú
¡´«Ø¼t¶U´Ú
¡´Áʸm¾÷¾¹³]³Æ¶U´Ú
¡´ «¨®¶U´Ú
b.Àç«Ø¶U´Ú
¡´«Ø¿v·~¤g¦a¿Ä¸ê
¡´«Ø¿v·~«Ø¿v¿Ä¸ê
¡´Àç³y·~¤uµ{¦X¬ù¶U´Ú
Åwªï¨Ó¹q¢¯¢¸¢´¢·¢´¢µ¢¸¢¯¢²¢´

¥N¹Ô©ã¼Ðª÷¡C¦Xªk¯²¸î¤½¥q’«È²¼¶K²{‘¦~®§17%¡C©Ð«Î¥þÃB¶U´Ú¡C¡E²¼¾Ú¿Ä¸ê¡C¦b¬°¸êª÷½Õ«×·Ð´o¶Ü?Thu, 13 May 2010 16:48:14 -0100

DB2 is so lame

So I’m trying to change the size of a column in DB2. Nothing fancy, just expand a varchar from 100 to 200 and in DB2 Control Center I get the following message:

The current column attribute change may take some time to complete, as it requires re-creating the table, loading the data, and restoring the dependencies.

This table is approximately 0.00390625 Mb in size. The new table will be created before the existing table is removed.

Click ‘Related Objects…’ for more detail.

I find it crazy that MySQL can do this in a heartbeat and a commercial database like DB2 needs to jump through the hoops of dropping, backing up data, recreating data, deleting the backup and God knows what else.

Lame.

Using SQL queries to read Excel files in macros

I’m doing my Masters in Geographic Information Systems at U of T and found the need to do this in my research.

You can treat Excel sheets as tables and perform SELECTs and JOINS like you would against a regular database. The language is Visual Basic (VBA to be exact). You can put the following code inside a Macro Sub. NAICS_CODE (Row 1) is a heading of one of the columns in the Results worksheet.

I did need to add the Microsoft ActiveX Data Objects 6.0 Library by going to Tools -> References in the VBA Project (the program that opens up when you edit a macro).

    
    Dim cn As ADODB.Connection
    Set cn = New ADODB.Connection
    Dim rs As New ADODB.Recordset

    With cn
       .Provider = "Microsoft.Jet.OLEDB.4.0"
       .ConnectionString = "Data Source=C:\Users\zarar\Documents\researchdata.xls;" & _
            "Extended Properties=Excel 8.0;"
        .Open
    End With
    
    'Store all naicsCodes in an array
    Dim naicsCodes() As String
    'Get all distinct NAICS codes
    Set rs = cn.Execute("SELECT DISTINCT NAICS_CODE FROM [Results$]")
    Dim i
    i = 0
    Do Until rs.EOF
        ReDim Preserve naicsCodes(i + 1)
        naicsCodes(i) = rs.Fields("NAICS_CODE")
        i = i + 1
        rs.MoveNext
    Loop
    rs.Close
    cn.Close

The optional secret question – #SecurityFail

This is lovely.

What files changed in WordPress 2.8.4? The proper way to upgrade patches

I run raptorsrepublic.com which uses WordPress with some pretty heavy customizations here and there so every time WordPress releases an upgrade I’m very wary of doing it because I just don’t know how it’ll effect the platform. Partial file copying with FTP can really throw you a curveball and if one file gets corrupted it’ll take you hours to find out which one.

I think the best way of upgrading WordPress installations is by only copying files that changed over patch releases (e.g.: 2.8.2, 2.8.3 and 2.8.4). If there’s a database change things get a little more complicated but in most patch releases that’s not the case.

The way you find out what files were changed is by accessing the WordPress SVN repository and running the svn diff command. Here is the commands one need to run and the output that follows it. I’m running this on a Linux box with SVN installed. You could also do it in windows if you download the binaries.

svn diff --summarize http://core.svn.wordpress.org/tags/2.8.3/ http://core.svn.wordpress.org/tags/2.8.4/
M      http://core.svn.wordpress.org/tags/2.8.4/wp-login.php
M      http://core.svn.wordpress.org/tags/2.8.4/wp-includes/version.php
M      http://core.svn.wordpress.org/tags/2.8.4/readme.html

This means three files changed between the two versions as M stands for modified. That value could also be A for added and D for deleted. If you’d like to see what the actual changes were just get rid of the --summarize part. I copied these three files over to my WordPress installation and I’m done!