Posts filed under 'Main'
If you don’t live in Michigan you might not be noticing how much the economy sucks lately, but here it’s getting worse every day.
Here’s an example:
I bought my house almost 2 years ago and I got it at a bargain price since I’m part of a High Return Real Estate investment property group. In fact, the previous owner (who only lived there one year) managed to pay off their mortgage and pocket only $50 after selling. I think I got it for about 80% of the asking price.
Last spring, my neighbor died. His grandkids moved in but couldn’t afford to pay the bills so they put the house up for sale. They originally listed it at its appraised value – 130% of what I paid for my house. Knowing that I had upgraded plumbing and electrical, put in a deck, and hired a Ware water drainage company to create custom drainage solution plans for the property, I was excited about the prospects of what my house might be worth.
Not so fast..
Here we are 6 months later, and the house next door hasn’t sold. Not only hasn’t it sold, but in the month I’ve been working from home I’ve only seen 1 person come to look at it. Clearly nobody’s buying.
When I noticed they put up a “make offer” sign today, I went over and grabbed a flyer. The new asking price is about $35k less than originally listed – which brings the new list price to about 80% of what I paid for my house.
After living here for one year, the house next door is selling for less than I owe on my current mortgage.
It’s no fluke either. The neighbor on the other side of me is also selling his house for the same price, and a few doors down has resorted to trying to rent the house out after nobody put in a bid over the last 6 months.
It looks like I’m going to be stuck in this house for a long time – at least until the economy takes an upswing.
November 20th, 2007
Anybody who’s been to my house knows that my spare bedroom is basically a small storage unit. It’s got a twin bed that I haven’t used in years, a very expensive wood desk that I haven’t used since I put a cubicle in my home office, about 1500 CDs and a couple hundred DVDs.
I’ve been slowly taking steps to eliminate this clutter – starting with the CDs and DVDs. As I’m still ripping all my CDs onto a hard drive, I started with the DVDs (which didn’t make sense to digitize.)
That’s when I discovered DiscSox. DiscSox are a DVD / CD / Video game storage system that works like a card catalog.
It allowed me to go from this:
To a much more space saving system like this:
It’s about the size of 5 or 6 DVD cases and sits nicely on top of my Bose subwoofer (as shown.)
Each “sock” holds the wraparound jacket, the inside liner notes, and up to 2 DVDs in a nice space saving design.
Here’s a picture of the sock up close, as well as the inside.
I’ve ordered 3 sets. That set pictured above is about 70 DVDs, I’ve got another 70 to go. Each tray is supposed to hold 50 (and comes with 50 sleeves) but I managed to fit 70 of them in there. I think I’m gonna do my Xbox and Wii games with this system too.
The only question that remains is what am I going to do with this extra room once I get rid of all the CDs, DVDs, and the spare bed.
November 19th, 2007
I know what you’re thinking: “What the hell is gOS?” gOS is a free operating system that’s now being sold on some low end Walmart PCs. At $200 the PCs are actually a decent deal for those who plan on installing a pirated copy of Windows XP. Just for fun though, I thought I’d check out gOS what it does.
The official gOS website does very little to show screenshots or explain what it does. It also does a poor job of explaining that gOS (despite the name) isn’t a Google product. Maybe they’re hoping to capitalize on the similiarity the way Michael Robertson did with Lindows. (either way, it looks like gOS is destined for a similar fate.)
Remember how Lindows Linspire used the tagline of “the world’s easiest desktop linux?” When it comes to ease of use gOS might just win here due to it’s total lack of well, everything.
Basically, gOS offers openoffice, firefox, xine, thunderbird, gimp, pidgin, and skype. It also includes “applications” like youtube, google docs, gmail, meebo, blogger, and facebook – causing some to call it a web based operating system.
Unfortunately, when it comes to the install procedure, gOS fails miserably – especially on parallels for the Mac. If you try to do it normally, the video doesn’t work and it dies.
So, here’s how to install gOS on parallels. Most of this information comes from a forum post on the parallels forum, but that post doesn’t seem to be around anymore so I’m providing it here too.
1.) Download the .iso file from thinkgos.com
2.) Create a new virtual machine in parallels. You can use the ubuntu settings since gOS is really just a stripped down ubuntu. I’m going to assume you’re already familiar with setting up a virtual machine on parallels.
3.) After booting the CD, hit F6 to go into the install options. At the bottom you’ll see a long string that ends with “splash –” You’ll want to delete that and then hit enter to install. This removes the gOS splash screen during install and lets you see what’s happening.
4.) The video problems I talked about earlier will now cause the screen to go back and forth between an ugly mess and the terminal. While it’s in the terminal, hit ctrl-c to kill that script and take you back to the shell prompt. If you wait long enough, you’ll get a warning that says the display has crashed 6 times and it will ask you to hit ok. Hit OK, and then you’ll have about 2 minutes to do the next steps. (otherwise, you have to do them between the flashing)
5.) Now you need to edit your xorg.conf file as root. Something like: sudo pico /etc/X11/xorg.conf will work fine if you know how to use pico. If you know how to use vi, the “open your xorg.conf” instruction should be enough for you.
6.) At the very end of the file, you’re going to need to enable the Xinerama option. Type this:
Section “ServerFlags”
Option “Xinerama” “True”
EndSection
Now save and exit the file. (ctrl x, y, enter if you used pico)
7.) Back at the command line, type “startx” to start up the display server. It may warn you about resolution, but it will work this time.
8.) Install the operating system by following the on screen directions.
9.) When it reboots, press ESC to get to the boot menu, and select “recovery mode” to get a shell prompt.
10.) Lastly, we need to remove gdm from the startup. Do that by typing update-rc.d -f gdm remove
Now you’re all set. type “startx” again and you should boot into gOS.
Congratulations, you’ve just installed a big pile of suck on your Mac!
here’s some screenshots:
November 14th, 2007
If you’ve ever designed a website for a client, one of the first things they always ask for is a “contact us” form. Unfortunately, the contact form is one of the places most web developers fail on. I’m not talking about how to optimize your forms, or various sendmail programs either. I’m talking about putting an open email sender out there on the web for anybody to use.
Let’s look at a major example:
Volusion is a major player in the online shopping cart industry. According to their client gallery they host some big name sites like Crutchfield Canada and the Barack Obama Store. It’s also this client gallery that’s going to be your best tool in finding vulnerable sites.
Admirably, Volusion tries to take care of everything a webmaster could need – including a contact form. In fact, the standard installation seems to come with its own contact form. It can be found on any volusion site by going to http://www.SITENAME.com/articles.asp?ID=83 (yes, I know ID= is terrible SEO, but hey we’re not talking about SEO here)
If you want to see what I’m talking about, here’s an example on Crutchfield Canada.
If we view the source here, there’s 2 major items that stick out.
First, we see the form action:
<form name="eMail" method="post" action="emailform.asp">
And more importantly, we see the following lines of code:
<input type="submit" name="submit" value="submit">
<input type="hidden" name="email_From" value="[email protected]">
<input type="hidden" name="email_To" value="[email protected]">
<input type="hidden" name="email_Subject" value="Contact Form Submission">
<input type="hidden" name="email_ThankYou" value="Thank you for submitting your request.">
<input type="hidden" name="email_Redirect" value="">
What they’re doing here is using hidden inputs to determine the from email, to email, subject, and even the page the user sees after the email is sent. This essentially allows anybody to send any email they like.
Try it for yourself. Enter
javascript: void(document.forms[2].email_To.value="[email protected]");
‘in your address bar and hit enter, then fill out a form field and submit. You just sent email to yourself from the form.
Of course, doing this all with javascript is very inefficient. It’d be much better if I could automate a form to do this. Well, you can!
Remember that form action? It turns out, if you write your own form with the above inputs, and post it to that form – it sends the email as if it came from you.
I’m not sure if somebody’s found this vulnerability yet, but there are literally thousands of sites on the web that share it right now.
If you’re a volusion customer and don’t have access to the source code (most versions don’t come with that) the best way to fix this is to simply remove your emailform.asp file (of course, this will break your email form) Heh, I guess you could always set your form action to that of another Volusion site and send email through them too 🙂
The key lesson here is to never trust the user. Anything done on the client side (like html forms or javascript) is always vulnerable. At the very minimum here, the to email address should have been a server side variable (or hard coded into the emailform.asp.) This doesn’t protect against HTML header injection, but it’s a start. (since this form just emails the contents of the form fields, it’s also vulnerable to header injection.) You should always do some sort of server side validation against your input.
If you’re using PHP, you can learn about email form validation here. Unfortunately, I was unable to find a secure email form example in ASP using Google.
November 12th, 2007
I recently ordered something online. Seeing as how I don’t need it until next month, I selected the basic shipping methods (yes, it’s a Christmas present, so no rush right?)
Anyway, I was going through email backlog and got the alert that it had shipped (about 2 days ago). Out of curiousity I clicked the helpful gmail “track this package” link and was taken to Fedex tracking.
I was first shocked that my package came from Tennesee to Detroit, then went to Indianapolis for a day before coming back to Detroit. Why that was required I’m not sure, but at least it got to travel for a while.
It said that it arrived back in Detroit again at 6:00 am and at 7:30am it was “out for delivery.” Cool that was fast (especially since it got here, left, and came back)
Only problem is, I didn’t get the package. I fired up gmail again and headed over to Fedex. At 12:48 pm it had a status of “at local facility” again. The details said “package not due for delivery” and the estimated date changed to the 12th.
So let me get this straight. It was on the truck headed to my house at noon when the driver got here and said “oh he doesn’t need it yet” and drove it back to the Fedex office to be delivered on Monday.
Why on earth would that happen? I guess when your shipping estimate is 5 days, they really mean 5 days!
November 9th, 2007
Just a quick note: we launched the public beta of demoxi. Go check it out at www.demoxi.com
November 9th, 2007
I’d like to start out this post by reminding readers that the views expressed herein are my own, and not that of my employer – demoxi.
We’ve all heard about the voting “scandals” in the past. Places like Florida and Ohio still scare some of us. We’ve heard the calls for e-voting, and we’ve seen the current problems with it. Some of you may not be familiar with the recent phone jamming scams and what not – but all of these are problems with our current electoral system and all of this stuff is better written somewhere else on the web. I encourage you to go find and read it (after finishing this post of course!)
What we don’t often talk about though, is local elections. To be quite honest, I never cared much about the workings of local elections until recently. That reason, is that my Aunt was running for office.
I’m going to get it out of the way right now and simply say that she lost, and lost fairly. I say that now because I don’t want people to think I’m implying a scandal or something in what follows.
What I saw in the election though, was tons of room for scandal and corruption if anybody wanted to do so.
The first thing I noticed on election day was the sudden disappearance of election signs. I don’t mean that people removed them from their lawn though, many were simply uprooted and laid flat on the lawns where they once were. Most of these weren’t my aunt’s signs, but the fact that somebody was going around doing it is very unsettling.
The 2nd thing I noticed is that the person in charge of issuing absentee ballots had his name on the ballot! In his defense it was in his current job description to manage absentee ballots, but I still think somebody else should have done this. Imagine how easy it is to sway an older person into voting for you if she has no idea who either candidate is but you’re the one who handed her the ballot.
The last thing that totally shocked me is that multiple people whose names were on the ballot were also involved in counting the votes! Can you imagine a presidential election in which Bush put himself in charge of counting votes? There would be public outrage – but from what I hear it appears to be the norm in city elections.
Again, I’m not saying there was any fraud going on in the vote counting – but there was certainly room for it if somebody wanted to play dirty. I’m sure in some cities across Michigan who used these same procedures that there actually was corruption.
This is a major problem for America. I stated yesterday that your city officials vote really matters since city officials end up turning into state officials and then on to Washington. The same is true for voting procedures.
If we want to clean up and regulate the voting system, we need to start at the bottom and work our way up – nip the corruption in the bud.
November 7th, 2007
If you live in Michigan, make sure you get out and vote today! (and I’m not just saying that because my Aunt is running for clerk)
Today’s not the big presidential race you’ve been hearing so much about – which is why it’s important you vote today.
If you think your vote doesn’t count, today’s the day it does. Today’s the day you get to vote on local city policies that affect your daily life (and taxes!)
Today’s also the day that many new people get their start in politics – if you let them. So instead of complaining about not liking any of the candidates next election, do something about it by electing local officials you like today.
November 6th, 2007
It’s not often I get to say “I told you so,” but back on October 1, I wrote a post titled why the Google phone isn’t coming. In it I said that there probably won’t be an actual Google handset, but rather that the company was just using the reported prototypes to show off it’s mobile phone software.
It turns out I was right. Google finally came out and announced what they’re up to. It looks like the “google phone” is what I thought it would be – mobile applications for companies to put on their phones.
It’s still an interesting project though, and one that I’ll continue to follow with much interest – but I have no plans of abandoning my iPhone.
November 5th, 2007
Of the 12 or so SEO related RSS feeds I read regularly, 9 of them have an article about the Google Pagerank pentalty in their last 10 entries. To all of them: STOP BITCHING ABOUT PAGERANK.
Yes, Google lowered the pagerank of a variety of websites this month (mostly websites that buy and sell links) but I don’t care, and neither should you.
Pagerank doesn’t matter. It’s just a little green bar that doesn’t really mean anything. Look at the sites that got penalized. They’re not complaining about loss of traffic or no longer showing up for results, they’re just complaining about the size of their little green bar.
STOP IT, STOP IT NOW! I CAN’T TAKE IT ANYMORE!!!
The funniest part is that all of these people who jumped on the “Google should drop pagerank” bandwagon a few months ago are the same ones who can’t stop blogging about it. If you really want Google to get rid of the green bar, stop obsessing over it.
October 31st, 2007
Next Posts
Previous Posts
