Bits of Wisdom

It’s not all about technology and hacking systems – plain old lying gets the bad guys the money. Again: be careful with your data.

Details can be found in the washingtonpost

This Whashinthon Post article explains how the bad guys can use hacked PCs

In short: the correct way is to nest a select with a ROWNUM < X around it.
Example:

select *
from (
select *
from emp order by sal desc
)
where ROWNUM <= 5;


In more detail: Ask Tom

In a nutshell: get the missing part of the /28 to 32 ( It’s 4, right?). 2 ⁴ is the number of IPs (yes, thats 16) , subtract 2 (1 for network 1 for gateway) for the number of usabe hosts (14)

Unser kleiner Sonnenschein ist flügge geworden und hat sich auf eigene Beine gestellt.

Viel Glück auf deinem Weg

You will not hear me say: bottom line, game plan, role model, scenario, or hopefully.

I will not kick back, mellow out, or be on a roll.

I will not go for it and I will not check it out; I don’t even know what it is.

And when I leave here I definitely will not boogie.

I promise not to refer to anyone as a class act, a beautiful person or a happy camper. I will also not be saying “what a guy.” And you will not hear me refer to anyone’s lifestyle. If you want to know what a moronic word “lifestyle” is, all you have to do is realize that in a technical sense, Atilla the Hun had an active outdoor lifestyle.

I will also not be saying any cute things like “moi.” And I will not use the French adverb “tre” to modify any English adjectives. Such as “tre awesome,” “tre gnarly,” “tre fabou,” “tre intense,” or “tre out-of-sight.”

I will not say concept when I mean idea. I will not say impacted when I mean affected. There will be no hands-on state-of-the-art networking. We will not maximize, prioritize, or finalize…and we definitely will not interface.

There will also…there will also be no new-age lingo spoken here tonight. No support-group jargon from the human potential movement.

For instance, I will not share anything with you. I will not relate to you and you will not identify with me. I will give you no input, and I will expect no feedback. This will not be a learning experience, nor will it be a growth period.

There’ll be no sharing, no caring, no birthing, no bonding, no parenting, no nurturing. We will not establish a relationship, we will not have any meaningful dialogue and we definitely will not spend any quality time.

We will not be supportive of one another, so that we can get in touch with our feelings in order to feel good about ourselves. And if you’re one of those people who needs a little space…please…go the fuck outside.

Using an external Programm do do rewriting – in fact it can do anything depending on the request.

First a non-mentioned fact: if you use an external rewriting program  apache will spawn it as a child process. Yes, a deamon child spawned by mod_rewrite. Be shure to know what you do, otherwise you’ll do more harm than good.

First a simple rewrite Statement

RewriteEngine On
# define the rewrite map – videoMap will be spawned and used by rewrite rules. php-win does not open a window
RewriteMap videoMap “prg:c:/path/php-win.exe -c E:/path/to/php.ini/ E:/path/external_rewriteMap.php”

# match for /video/v= and throw anything after v= into the daemon child
RewriteRule ^/video/v=(.*) /vardump.php?param=${videoMap:$1} [NC]

# RewriteLock file is needed for process communication
RewriteLock rewriteLockFile.txt

The PHP file for it

<?php

// HERE BE DRAGONS
// as php runs as daemon, NEVER exit(), and note that input comes from STDIN as we are piping

while($input = trim(fgets(STDIN, 1024))) {
if ($input) {
fputs(STDOUT, decode($input) ); // IMPORTANT: write out result to STDOUT
}
fputs(STDOUT, “\n” ); // end processing for this line with linebreak
flush(); // flush sends the result to STDOUT, this is very important to, no buffering
}

function decode($encoded) {
// some code to decode encrypted request parameters
}

?>

Pitfalls for the php: if your php deamon exits, your rewritemap will return nothing. Make shure apache has a php child. Testing is a pain as you can use $argv[] while writing your php, but you need STDIN in the apache version. Make shure you pass the correct php ini when spawning the php process (-c path/to/php.ini/ )

Problem: svn add auf ein directory ausgeführt, in dem auch Dateien liegen die nicht ins svn sollen

Lösung: Erstaunlich einfach, svn revert macht svn add rückgängig. Manchmal ists schon zu einfach um gleich drauf zu kommen

Our friends at maxmind.com offer a great Database to put a geographic location to an IP adress. And they even offer a testsite … that you might come in handy sometime

As part of pear MDB2 is quite easy to get

pear install MDB2
pear install MDB2_Driver_$db

Usage is quite straigtforward too:

<?php

$dburl = “mysql://user:password@localhost/databaseName”;
require_once(“MDB2.php”);
$dbconnection = MDB2::factory($dburl);

$sql = “select * from users”;
$resultset = $dbconnection->query($sql);
if(PEAR::isError($resultset)) {
die(‘Failed to issue query, error message : ‘ . $resultset->getMessage());
}

while($row = $resultset->fetchRow(MDB2_FETCHMODE_ASSOC)) {
foreach($row as $field => $value) {
echo “$field / $value “;
}
}

/*************************************
* prepared statements are not to difficult
*************************************/
$sql = “UPDATE table SET column = ? WHERE id = ?”;
$types = array(‘integer’, ‘text’);
$statement = $con->prepare($sql, $types, MDB2_PREPARE_MANIP);
$data = array(5, ‘blah’);
$affected_rows = $statment->execute($data);
if(PEAR::isError($affected_rows)) {
// die etc.
}

?>