Rediscoverer

New look, same old content. *Sigh* Just testing out Facebook integration.

Hmmm… blog seems to be working just fine. Just upgraded to the latest version of “WordPress”:http://wordpress.org.

It’s been more than a year since I last blogged on my homepage. I no longer remember how to use “Textile”:http://www.textism.com/tools/textile :D. Have been trying to blog, been inspired to blog, but then my volatile thoughts just evaps away when starting to type. That, and my right hands sometimes hurts at the end of the day (hope it’s not CTS(Carpal Tunnel Syndrome) ). Well, good thing my wife got me a Track Ball mouse:

p=. !https://download01.logitech.com/support/2021.1.0.jpg!:https://www.logitech.com/index.cfm/mice_pointers/trackballs/devices/166&cl=us,en

It seems to lessen the strain on my hand.

Also, there’s been quite a problem on my host so posting and managing my blog became a bit a pain in the arse. Which made me think of moving to “Slicehost”:http://www.slicehost.com. But I guess that will have to wait until my finances stabilizes and my credit card application gets approved :P.

Let’s see if I can get back to blogging this year. By the way, please do check on a blog post I made at the “Promet’s CakePHP Blog”:http://cakephp.prometsupport.com : “CakePHP 1.2: Using Auth with ACL”:http://cakephp.prometsupport.com/2008/cakephp-12-using-auth-with-acl/.

If you have Ubuntu Feisty or Gutsy with the default Firefox installed (meaning you didn’t manually downloaded/installed your Firefox), you might have some problems making the HTML Validator plugin work even after you followed the fix for Linux. I’ve already encountered this problem when I was still using Ubuntu Feisty and then again this morning after upgrading to Gutsy.

The fix is actually for another Firefox plugin: Colorzilla. I was having some problems making the HTML Validator work back then and decided to install Colorzilla first. It also had some problems but after some Googling, I found a fix that worked. The latest Firefox binaries needed to be downloaded and its libxpcom shared objects (libxpcom*.so) overwrite the current ones found in /usr/lib/firefox.

Feeling that I couldn’t do much without the HTML Validator plugin, I gave it one more try. The thing worked!

After upgrading to Ubuntu Gutsy Gibbon, some of my Firefox plugins went crazy (HTML Validator, Colorzilla and NoScript). Then I remembered having the same problems and fixed it again.

Just wanted to post that- might be able to help someone.

Disabled and readOnly input elements both prevent its data from being changed (at least via the user).
But a disabled input element’s data is not sent with other data when the form is submitted. Could’ve saved me that extra 30-minute debugging time.

p. It’s almost a week since I installed Ubuntu Feisty Fawn on my home PC. My original plan was to install it in a separate hard drive. But since I bought a DVD burner, I might as well burn make some back-ups and free some space where I can install Ubuntu.

p. Ubuntu installation was easy, but the preparations I did before that were not. I thought I bought a defective DVD burner. I searched installation infos (Google is our friend) and followed troubleshooting guides for my DVD player but had to return to the computer shop to have them check the device. It worked fine on their machine. Good thing I bought a new IDE cable when I returned to the store. Replacing the IDE cable worked (I also read that one) and I was able to backup-burn my files.

p. Next part was preparing a disk partition. I was quite new at disk partitioning and was afraid to screw up my drive so I read more about disk partitioning. I have an 80Gb hard drive where I gave Windows a 15Gb partition and the remaining were for storage. Repartitioning the drive, I reduced the storage partition to 40Gb, kept the Windows partition and the freed up space (25Gb) was for Ubuntu. I knew that there was something wrong with my partitioning when I had trouble rebooting after installing Ubuntu. I checked the partitions (Using GParted) and saw the Windows partition inside an extend partition together with the Linux partitions. Tried to fix the master boot record using fixmbr (from the Windows Installation CD- Repair Console), but didn’t work. Since I didn’t care about my Windows installation and I already had my files backed up, I decided to repartition the drive, flushing away the old Windows installation.

p. I reinstalled Windows and then Ubuntu. I used the default “50%” for the Ubuntu partition since I didn’t want to mess around manually setting Linux partitions. After installation, Ubuntu created some partition for itself but left around 12G of the 25Gb space I reserved for it. Oh well… I’ll free it up after I buy a new hard drive.

p. My PC now dual boots to Windows or Ubuntu. I don’t use Windows that often anymore.

p. By the way, here’s a preview of what my desktop looks like:

p. I’m using “Beryl”:http://www.beryl-project.org + “Avant Window Navigator”:https://launchpad.net/awn for the dock. Recorded using “gtk-recordMyDesktop”:http://packages.debian.org/unstable/graphics/gtk-recordmydesktop. It’s looks a bit choppy at the end since things became slower when I rotated the desktop cube while recording. My PC runs smoothly on 512mb of RAM even with these effects turned on.

Ok. Playtime’s over. Some people need to fix something.

I’ve been playing with an XSS(Cross-site scripting) vulnerability in a social-networking site I’m using. The site had already had XSS holes in the past that got patched. But then the addition of new features always opened up new problems.

One boring weekend, I got really curious with what I can do with XSS. Usually, whenever I see a site that is prone to script injection, I pop-up an alert box (a warning to fix the hole) and redirect them to somewhere else (usually Google). This time, I tried something neat. I’ve already read articles about stealing cookies via XSS but didn’t get to see how the stolen cookies were put into use. So I thought of doing an actual experiment if those things really work.

Long story short: it worked. I was able log into other user accounts without knowing their password. I asked “some”:http://subersibo.net “people”:http://redyushen.net for help to test this and gave them a demo. Really, I’m tempted to peek at other people’s account. But I don’t want guilt to keep me awake all night after a hard day’s job.

I already informed the folks at that site about the XSS hole. Maybe I’ll post how I did it after the vulnerability gets fixed. It was quite simple like the articles I’ve read before.

p. I was just thinking how nice it would be if more open-source PHP applications offer some sort of API(Application Programming Interface) for their application. It would really be useful specially when the application is likely to be integrated with another.

p. For example, I have “phpBB2”:http://phpbb.com and “Coppermine Gallery”:http://coppermine-gallery.net. Yes, there’s already a Coppermine-phpBB bridge to tie the forum users to the gallery. But other than that, I have no other means of communication between the two. What if I want to display a link to a user’s gallery in each of his post, along with the usual buttons (profile, ims, etc)? What if I wanted to display randomly picked images from a user’s gallery and display it in his/her profile?

p. Ways of accessing an application’s functionalities from outside might range from a simple, block copy-paste solution and/or directly talking at another’s DB(database) tables… to hellish insert-here-to-there hacks and conflicting variable hunts that span several files. Some people would find themselves reading and studying in detail how both applications to come up with a way to make them work together. In-depth knowledge is good. But sometimes you don’t have for that and might be an overkill in some cases. I don’t want to see how that cow got in there, I just want my hamburger.

p. If both had an available “API(Application Programming Interface)”:http://en.wikipedia.org/wiki/API, I don’t have to go through all that trouble. I would already know what it could do and know how to make it do things without dealing with unrelated stuff. And if I ever have to make it do something out of the ordinary, I will know where to look at.

Plugins just crossed my mind (it should… I’m using “WordPress”:http://wordpress.org). Some apps come with their own plugin system, so you can extend the application and often times import some functionalities from outside the application… kinda like what an API does. But I don’t think they can replace APIs. In fact, they need APIs to exist. The application provides a some sort of a Plugin API for building plugins. Hmmm… using Plugin APIs to build a plugin that communicates to another application via the API the other app provides. Sweet. I don’t have to deal with how the inside works. I just need something to connect them from the outside.

By the way, if anyone reading this knows some open-source projects (in PHP) that have an API available, please do comment. Already found one, “SMF(Simple Machines Forum)”:http://www.simplemachines.org, a forum software. The API is just in its “pre-release”:http://www.simplemachines.org/download/?tools though, but sure looks promising.

I’m sleepy and could no longer think clearly. I hope I made some sense in this post.

p. Nothing new. Just upgraded to the latest version of “WordPress”:http://wordpress.org . Fished around some styles… still unskilled and not inspired to come up with my own.

p. Whooopss!! Just noticed something wrong with the layout when viewing a single article. The layout author forgot to clear the floats for the previous and next article links. Fixed.

p. I was looking at the MySQL manual for “Date and Time functions”:http://dev.mysql.com/doc/refman/4.1/en/date-and-time-functions.html and stumbled upon a function that I might need for an “experiment” I’m doing. I used the function EXTRACT in my query, having my test run on “phpMyAdmin”:http://phpmyadmin.net, but it was giving me a syntax error warning. I thought that I might have the wrong syntax for EXTRACT so I tried running a sample query, right straight from the manual.

[mysql]SELECT EXTRACT(YEAR FROM ‘1999-07-02’);[/mysql]

p. But it still gave me the same error warning. It should be working since its, after all, it was in the manual… otherwise it would be corrected or removed. I ran the same query, but this time the mysql command line. It worked. I executed the query in PHP, it also worked. Well, I think phpMyAdmin is having some problems with this. I’m using phpMyAdmin – 2.8.1, on MySQL 5.0.21 that comes with “XAMPP”:http://www.apachefriends.org/en/xampp.html . Maybe I’ll try to ask somebody to test it in other versions.

It’s almost 4 months after I last blogged here. I’ve been quite busy lately. Aside from work and the anime series I’ve been watching lately :D, I’ve been planning to make a CakePHP-powered blog to replace my current blogging software (WordPress). I want to documenting my progress, problems that I encountered and how I went around them, etc. I already experienced some problems and gotcha’s using CakePHP, but I keep on forgetting how I dealt with them. It would really help me if I can keep remember them and somebody might also find it useful… as a resource, perhaps. I’m also planning to influence some people to use CakePHP and I think some thoroughly explained examples can attract potential users.

Awwww… I also need find some cool site design if I can’t make one for myself. The effects of avoiding art classes are starting to kick in :P.