Month: May 2013

Gevaar; GAS-vorming vergiftigt samenleving

May 29, 2013 by futtta

Morgen, donderdag, stemt de Kamer van Volksvertegenwoordigers over de uitbreiding van de GAS-boetes. Ik ben absoluut tegen en ik sta daar (gelukkig) niet alleen in.
Dat Groen tegen is, staat vast. Mijn andere “politieke liefde” daarentegen, stemde voor in commissie. Maar ik ben ervan overtuigd dat ten minste een paar sp.a volksvertegenwoordigers zich een beetje ongemakkelijk voelen bij die partijlijn. Daarom stuurde ik deze mail naar Oost-Vlaamse sp.a kamerleden Karin Temmerman, Bruno Tuybens en Dirk Van der Maelen;

Beste;
Als overtuigd links kiezer (steeds twijfelend tussen rood en groen), kijk ik uit naar de stemming over de uitbreiding van GAS-boetes, morgen in de Kamer van Volksvertegenwoordigers. Net zoals een 200-tal middenveld-organisaties (http://www.gasboete.be/) heb ik immers principiële bezwaren bij deze uitbreiding en kan ik enkel instemmend knikken bij bijvoorbeeld het opiniestuk in De Morgen van vandaag; http://www.demorgen.be/dm/nl/2462/Standpunt/article/detail/1641879/2013/05/29/Stop-de-verGASsing-nu-het-nog-kan.dhtml
Ik kijk dan ook met grote interesse uit naar het standpunt en het stemgedrag van sp.a in het algemeen en meer specifiek van U als Oost-Vlaamse volksvertegenwoordigers. Ik zou graag blijven twijfelen tussen Groen en sp.a, maar ik kan en wil mijn stem in 2014 niet geven aan personen of partijen die voor uitbreiding stemmen. Ik hoop dan ook dat uw stemgedrag die gezonde twijfel niet in gevaar zal brengen?
Met kameraadschappelijke groeten,
frank goossens
lokeren

Als je je ook zorgen maakt om de uitbreiding van het systeem van GAS-boetes, contacteer dan vandaag nog die politici waar U op zou durven stemmen, druk uw bezorgheid uit en vraag hen naar hun standpunt. Copy/Pasten van (delen van) bovenstaand tekstje is bij deze expliciet toegestaan.

Music from Our Tube; Stromae as modern Jacques Brel

May 29, 2013 by futtta

Stromae is a Belgian musician who had a huge hit with “Alors on danse” in 2010. I didn’t expect him to resurface with anything particularly interesting, but “Formidable”, his latest song (and its video) is really, really good:

Stromae - Formidable (ceci n'est pas une leçon)

Watch this video on YouTube.

Don’t ask me why, but this reminds me of Jacques Brel. Maybe this is what Jacky would sound like if he were alive and in his twenties now?

As found on the web (May 27th)

May 27, 2013 by futtta

frank shared Kind reminder; e-mail is not dead yet.

Kind reminder; e-mail is not dead yet

Kind reminder; mail is bi-directional

May 23, 2013 by futtta

As some people don’t reply to e-mail (within an acceptable timeframe), I started out sending this kind reminder;

Please pong when I ping.

If not, communication (via whatever means) is pretty useless, no?

As found on the web (May 20th)

May 20, 2013 by futtta

	frank shared Get started with App Engine for PHP – scalable, secure and reliable. Get started with App Engine for PHP – scalable, secure and reliable
	frank shared Music from Our Tube: Modeselektor Essential Mix. Music from Our Tube: Modeselektor Essential Mix
	frank shared Does Facebook want its chat back?. Does Facebook want its chat back?

Does Facebook want its chat back?

May 19, 2013 by futtta

I’m pretty pissed. A couple of months ago I configured Thunderbird to connect to Facebook’s XMPP-powered chat. I did get logged out sometimes, with mails from Facebook saying someone tried to access my account from an unknown location. Given the origin IP-address mentioned (in the private 10.x.x.x-range), this looked like a Facebook-internal problem (between their XMPP & Authentication servers).
Things have however taken a turn for the worse now; I’m not only getting logged out from Facebook on my 3 devices (work Win XP PC, home Ubuntu netbook & Android smartphone), I’m now even getting locked out of my account altogether, having to change my password on my smartphone (as that one has the OTP generator in the Facebook app). This happened 4 times in the last week and it is that frustrating that I disabled Facebook Chat in Thunderbird. And maybe that’s just what Facebook is aiming for; encouraging users to use Facebook Chat in a Facebook-owned/ -controlled context instead of in a neutral, ad-free 3rd party application? Wankers!

Music from Our Tube: Modeselektor Essential Mix

May 17, 2013 by futtta

BBC Radio 1 has a great series called the “Essential Mix“. There’s a lot of those on YouTube and Modeselektor‘s is one of the truely great ones amongst those. Enjoy!

Modeselektor - BBC Essential Mix 2011

Watch this video on YouTube.

As found on the web (May 13th)

May 13, 2013 by futtta

	frank liked 3 videos.
	frank shared Dries Buytaert: Reducing risk in the Drupal 8 release schedule. Dries Buytaert: Reducing risk in the Drupal 8 release schedule
	frank shared Dude, where’s my WordPress session?. Dude, where’s my WordPress session?
	frank liked 2 videos.
	frank shared Sharing Your Experiences: How To Contribute To WordPress. Sharing Your Experiences: How To Contribute To WordPress
	frank shared Music from Our Tube; Harper Blynn. Music from Our Tube; Harper Blynn

Music from Our Tube; Harper Blynn

May 10, 2013 by futtta

“Knife” is great songwriting by New York’s Harper Blynn, performed live on a balcony in not-so-sunny LA for BalconyTV.

HARPER BLYNN - KNIFE (BalconyTV)

Watch this video on YouTube.

Dude, where’s my WordPress session?

May 9, 2013 by futtta

WordPress is a favourite hackers target. Some say that is because it is inherently insecure, but in reality WordPress is mainly a target because of its popularity, because of people not keeping their installations up to date or using easy to guess usernames and passwords and because of vulnerabilities in plugins rather then WordPress itself.
There is, however, one security-related shortcoming in WordPress from a design point of view: sessions are not stored server-side. If someone logs in, a cookie is set in the browser containing username, a session expiration timestamp and a hash. With every new request to WordPress that cookie (and specifically the hash) is checked to validate the session, but there is no check to see if there indeed was such a session.
This can be considered mainly a theoretical shortcoming, not an immediately exploitable vulnerability, because;

session-cookies are set with the HTTPOnly-flag so XSS should not be an issue
in an ideal world all traffic, once logged in, would be over HTTPS, securing against network sniffing.

But there are other (albeit less obvious) ways to steal cookies or even create create new ones to gain unauthorized access, as demonstrated in this very detailed blogpost. As explained in that article, there is no way to block “fake” session-cookies from gaining access (your OTP plugin won’t protect you either) and there is no functionality to monitor and if needed delete sessions.
So … I wrote a small proof-of-concept plugin that gets triggered upon login, logout and upon session verification (i.e. each request) and which stores sessions server-side, automatically logging out unknown sessions. With that in place, lots of other optional features could easily be added;

display a list of all known current sessions
allow one or more sessions to be removed
compare IP address at session verification against the one at session creation and notify or logout if no match
compare User Agent (and optionally some HTTP accept-headers) at session verification against the one at session creation and notify or logout if no match
create an audit log
…

But … I don’t want to do this on my own. I have 3 plugins already, 2 of which are semi-popular and for which I try to do regular releases and provide great support (and I have a daytime-job and a wife and daughter with whom I love to spend quality time as well). Moreover I really don’t want the plugin to “just” be open source, but I want it to be developed in an open source, collaborative manner as well.
So if you’re a WordPress coder, a security consultant or just an innocent passer-by and you are willing to code, review code, translate or document, then do drop me a line. Fame (but not fortune) will be yours!