Category: Tech

Technology

Posted on

Hacked university sites

Lately I’ve been getting quite a few blog spam comments that try to insert links to hacked university web sites. One of the hacked systems was even loading and displaying porn photos on their forum software, ouch. All the systems seem to have suffered from SQL injection vulnerabilities in forum and calendar software.

I’m now trying to pay attention to where the spam links are pointing when I review the spam bucket. When I see a .edu domain I make the effort to e-mail the university web master to let them know they have been hacked. So far the sites I’ve reported have all been repaired and I’ve gotten a couple of thank you replies in return.

I’d like to suggest that all the blog owners out there try to keep an eye out for hacked .edu domains showing up in their spam bucket. Then let the university know so that they can get it fixed before they get into trouble.

Posted on

Foo Fighters bad web site design and denialism

Today I read an excellent article about denialism and HIV denialism in particular posted at the Public Library of Science. Right up at the start the band the Foo Fighters is mentioned as promoting HIV denialism. Since I’d been a fan of them since their founding I just had to click over to their site to check it out.

My first reaction was, what idiot designed this web page, see for yourself in this screen shot.ffweb

Black text on a dark brown background! The Foo Fighters need to get themselves a person with at least a tiny bit of graphic arts, web design or publishing skills to fix this total crap. If they can’t find someone themselves, I know some pre-teens that can do better than this. On second thought maybe they intentionally made the page unreadable so that fans don’t see what they are supporting.

It disgusts me that these musicians would promote outrageous pseudo-science like this. Encouraging their fans to ignore public health is simply irresponsible. I will not be supporting this band in any way in the future unless they come to their senses and stick to what they have expertise in, music. Expertise is real and it matters, The Foo Fighters obviously have no expertise in web design or public health so please ignore them on these matters.

Posted on

Firefox problem solved

I’ve been having a problem on one of my work stations with Firefox. When I clicked a link to a text file rather than display the file in Firefox it would only let me download it or view it in an external application. I figured I had screwed up a setting somewhere but hadn’t been able to figure out what I hosed. Well I finally found out where to fix the problem that I had created somehow via the Firefox options interfaces. Since I’ll likely screw this up again at some point and/or someone else might be looking for the solution so, here it is:

Locate the mimeTypes.rdf file for your profile, mine was at: X:Documents and SettingsusernameApplication DataMozillaFirefoxProfiles570j6lt0.defaultmimeTypes.rdf

Open the file in a text editor and delete the following lines.

<RDF:Description RDF:about="urn:mimetype:application/x-download"
NC:fileExtensions="txt"
NC:description="Text Document"
NC:value="application/x-download"
NC:editable="true">
<NC:handlerProp RDF:resource="urn:mimetype:handler:application/x-download"/>
</RDF:Description>

Now Firefox displays text files again for me. ๐Ÿ™‚

Posted on

AOL hiring polite blog spammer?

I received the following attempt to comment spam this blog today:

Author : galinagirll (IP: 72.9.235.218 , server6.barronhosting.com)
E-mail : tesrghft8077@inbox.ru
URI : http://love.com
Comment:
hello , you have a very nice site, but Im hired to leave advertising comments on sites, sorry i hate to do it but i have to . If you dont like advertising comments please send me an email with your site address to tedirectory(at)yahoo(dot)com and I will not write on your site. Sorry for inconvenience.

The URI link, love.com, returns this WhoIs info:

Domain Name: love.com
Registrant:
AOL LLC
22000 AOL Way
Dulles, VA 20166
US

The domain redirects to AOL personals so, the polite comment spammer sure seems to be working for AOL. Is AOL really stooping this low, hiring spammers to get better Google rankings?

Posted on

FCC Issues $1 Million Forfeiture Order

I think I scooped Conformity Magazine on this one, it’s not that I was trying to scoop them, I just got lucky. ๐Ÿ˜‰

Last year I posted about the FCC issuing a notice of apparent liability against Behringer USA, Inc. On June 1st, the FCC released the forfeiture order for one million dollars, ouch. The FCC rejected Behringer’s claims including one that CE compliance = FCC compliance. Quote from the order:

12. We disagree. Although the CE and the FCC standards share some common elements, as the NAL noted, “[CE] testing neither is the equivalent of nor demonstrates compliance with the Commission’s technical standards.”

Lesson for all you designers, manufacturers and, importers of embedded devices, follow the FCC rules, they take their job very seriously. If FCC enforcement isn’t enough inducement think of it this way. How would you like it if an emergency professional had delays helping you or a loved one because some interfering product is being operated nearby. Think about it, RF interference isn’t usually a life or death situation but it could be.

Posted on

Laser safety and compliance

Via Conformity, the FDA has released updated guidelines for laser testing compliance as they transition to the newest regulations.

Of more general importance is this safety warning from the International Laser Display Association. This warning is in reference to a Laser Flashlight Hack that has been getting attention around the internet. Details of this DIY laser are at the Instructables web site but, IMHO, the safety warnings provided there are not nearly adequate.

If anyone is planning on making this potentially very dangerous laser pointer out of a DVD burner and cheap parts, I urge you to read and re-read all the warnings from the ILDA.

Posted on

My final Jornada 720 DST solution

Back in March I posted about my solutions to the new DST change dates for various devices I own. At the time I had not yet decided how to handle the situation on my Jornada 720 running the HPC2000 version of Windows CE 3.0.

The problem with older WinCE devices is that time zone information is contained in an unchangeable DLL located in ROM (citydb.dll). When you use the World Clock control panel applet to change the city it calls the DLL and you end up with the old DST change dates again. I have not found any solution that lets you still use the control panel to change cities and keep the DST settings intact.

The only solution I’ve found is to manually edit the registry keys for the new DST dates after every time you change the city setting. This isn’t a big problem for me as I don’t travel to other time zones more than every few years.

The manual registry changes are straight forward, last Sunday in October (0A, 05) becomes the first Sunday in November (0B, 01). The spring event changes from first Sunday in April (04, 01) to the 2nd Sunday in March (03, 02).

I used the registry editor built into the Microsoft embedded Visual Tools programming environment. The key you need to change is, HKEY_LOCAL_MACHINETimeTimeZoneInformation. This is a giant binary blob data structure that breaks down as follows (changed values are bold).

4 bytes, LONG Bias, (2c,01,00,00)
64 bytes, WCHAR StandardName[32]
(45,00,61,00,73,00,74,00,65,00,72,00,6e,00,20,00,
53,00,74,00,61,00,6e,00,64,00,61,00,72,00,64,00,
20,00,54,00,69,00,6d,00,65,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00)
2 bytes, WORD wYear, (00,00)
2 bytes, WORD wMonth, (0b,00)
2 bytes, WORD wDayOfWeek, (00,00)
2 bytes, WORD wDay, (01,00)
2 bytes, WORD wHour, (02,00)
2 bytes, WORD wMinute, (00,00)
2 bytes, WORD wSecond, (00,00)
2 bytes, WORD wMilliseconds, (00,00)
4 bytes, LONG StandardBias, (00,00,00,00)
64 bytes, WCHAR DaylightName[32]
(45,00,61,00,73,00,74,00,65,00,72,00,6e,00,20,00,
44,00,61,00,79,00,6c,00,69,00,67,00,68,00,74,00,
20,00,54,00,69,00,6d,00,65,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,)
2 bytes, WORD wYear, (00,00)
2 bytes, WORD wMonth, (03,00)
2 bytes, WORD wDayOfWeek, (00,00)
2 bytes, WORD wDay, (02,00)
2 bytes, WORD wHour, (02,00)
 2 bytes, WORD wMinute, (00,00)
 2 bytes, WORD wSecond, (00,00)
 2 bytes, WORD wMilliseconds, (00,00)
 4 bytes, LONG DaylightBias; (c4,ff,ff,ff)

In the registry editor the changed values look like this:dstedit-1

Technical details from MSDN Windows Embedded Developer Center for Microsoft Windows CE 3.0:
GetTimeZoneInformation (Windows CE 3.0)
SetTimeZoneInformation (Windows CE 3.0)
SYSTEMTIME (Windows CE 3.0)
TIME_ZONE_INFORMATION (Windows CE 3.0)

Posted on

FDA + CPSC news

From the latest Conformity Magazine newsletter:

Save a few bucks and get electrocuted or burn the house down, what a bargain. CPSC Warns Against Counterfeit Electrical Products

“The CPSC says that it has recalled more than one million counterfeit electrical products in recent years, including defective circuit breakers, cell phone batteries, and extension cords. Many of the recalled products were manufactured in China, where they are not tested [for] compliance with relevant safety standards.”

Read the full article for good tips to help spot the counterfeits.

Here’s the most dangerous manufacturing problems I’ve heard of in a long time, FDA Seizes Implantable Medical Devices, Initiates Recall

“In a dramatic action that underscored the severity of the risk to consumers, investigators from the U.S. Food and Drug Administration (FDA) and U.S. Marshals seized all implantable medical devices from a New Jersey-based manufacturer after identifying significant deficiencies in the companyย’s manufacturing process.”

The FDA press release on the problem with Shelhigh, Inc. medical devices states:

“Physicians should consider using alternative devices. Physicians should also monitor patients with a Shelhigh implant for infections and proper device functioning over the expected lifetime of the device. Patients who think they may have received a Shelhigh device during surgery should contact their physician for more information.”

Also see the official FDA Preliminary Public Health Notification.

Some good advice to anyone using life supporting electrical devices. FDA Cautions User of Implantable Devices About RFIDs

“The U.S. Food and Drug Administration (FDA) is cautioning consumers with pacemakers and other implantable medical devices about the potential for interference from radio frequency identification (RFID) tags.”

The FDA notice makes it clear that there have been no field reports of problems but lab testing has shown potential for problems. They want Doctors to include RFID systems in the list of potential problem sources that they warn their patients about. The current list of potential interference sources includes, portable radio transmitters, cell phones, anti-theft systems, and metal detectors.