Blogs have been under massive attack from spammers lately; I totally didn’t expect to have so many posts about this single topic in this blog.
But with Trencaspammer users as the last casualties, I think investing in a heavy spam defense – such as Spaminator or WP-AuthImage is actually now worth the trouble of installing them.

I’ve installed WP-AuthImage here and it seems to be working, and for a long time I hope.
But with the spammers continuing to attack our defenses, I think it’s time to fight back.
Continue reading WordPress’ spammers →

Debian security team meng-klaim bahwa package php4 di Woody tidak perlu di-patch – walaupun tim PHP telah mengrilis PHP versi 4.3.10.

Dan padahal tim phpBB sudah menyatakan bahwa dengan PHP versi sebelum 4.3.10, phpBB menjadi vulnerable lagi

Duh….. 🙁 kelihatannya bakalan terpaksa pakai paket LAMP non-Woody nih 🙁 tapi, kalau tambah banyak saja paket non-Woody di server saya, makin berkurang alasan untuk menggunakan Debian stable/Woody dong ?

Just a quick plug for this very nice website:
[ http://www.debian-administration.org/ ]

A hacker’s story on dedication, with happy ending :

It’s midnight. I’ve been working sixteen hours a day, seven days a week. I’m not being paid. In fact, my project was canceled six months ago, so I’m evading security, sneaking into Apple Computer’s main offices in the heart of Silicon Valley, doing clandestine volunteer work for an eight-billion-dollar corporation.

Apparently, this graphing calculator quite successfully introduced kids & people to math, who wouldn’t otherwise.
Awesome. These are the kind of people I become jealous to.

Some excellent quotes:

“the first 90 percent of the work is easy, the second 90 percent wears you down, and the last 90 percent – the attention to detail – makes a good product.”

“The secret to programming is not intelligence, though of course that helps. It is not hard work or experience, though they help, too. The secret to programming is having smart friends.”

“Sitting behind a one-way mirror, watching first-time users struggle with our software, reminded me that programmers are the least qualified people to design software for novices.”

“It shipped on more than twenty million machines. It never officially existed.”

Too bad he failed on getting it into Microsoft Windows though. 🙂

This where another fun started to begin – ripped straight from Kevin Mitnick’s book, someone pretended to be a troll, by pretending to know the security in Microsoft campus. A Microsoft employee took the bait 😀 but a kind soul let him know of his mistake (fun spoilers!!) 😀

Oh man… easily the best laugh I’ve had in weeks, that one.

Itu adalah judul artikel yang ditulis oleh Rob Rosenberger.

Apa yang ditulisnya saya kira sebagian besar benar – jika pengguna Firefox / Thunderbird / Fedora / dll sudah menjadi mayoritas, maka para pembuat virus akan mulai mentargetkan mereka.
Namun, saya yakin mereka akan mengalami kesulitan untuk dapat mengakses komputer kita dengan leluasa — tetapi, bukannya mustahil.

Setelah sempat menjalankan server dengan sistim operasi OpenBSD, saya sadar bahwa masih banyak soal security yang perlu dibenahi pada berbagai software open source lainnya.
Dan bahkan OpenBSD pun masih bisa dijebol – misalnya, jika kita menjalankan phpBB versi lama di server tersebut.

Jadi solusi untuk keamanan komputer adalah perlindungan yang menyeluruh, titik.
Sehingga kalimat berikut ini dari penulis artikel tersebut sebetulnya tidak benar :

You can’t blame your security problems on the operating system you use, or on the email software you use, or on the browser you use.

Tentu saja bisa pak 🙂 kalau tidak percaya, silahkan saja tanyakan kepada kawan-kawan yang sudah saya pasangi Firefox di komputernya.

Menarik sekali – CinePaint adalah software image editing yang sudah bisa menyaingi Photoshop, untuk soal editing gambar. Wow…. tidak sangka akhirnya ada yang bisa menyaingi software kelas berat ini 🙂

Lebih detilnya bisa [ dibaca di komentar ini ].

ck, ck….

Berhubung waktu yang terbatas, akhirnya diputuskan untuk menggunakan Trencaspammer disini.

Eh, jadinya malah makan waktu 🙁 entah kenapa, walaupun kelihatan simple, Trencaspammer ngaco jalannya.

Pertama kali karena tidak ada support untuk lib GD di PHP – “apt-get install php4-gd”, lho kok masih gak jalan ? Ternyata harusnya “apt-get install php4-gd2” 🙂 baru muncul deh captcha-nya.

Tapi kemudian ada keanehan berikutnya, jika kita masukkan kode yang benar di form comment, tetap saja dibilang salah (huh?)
Setelah men-debug beberapa lama dan kesimpulannya tetap sama, yaitu Trencaspammer “seharusnya” berjalan tanpa masalah, akhirnya menyerah.

Tapi jadinya malah makin penasaran dengan captcha, dan kemudian mencoba AuthImage

Kali ini langsung berjalan dengan mulus 🙂 ya sudah, sementara ini dulu deh, hehe

note: AuthImage butuh lib GD dan FreeType — untuk di Debian, kelihatannya kedua-duanya sudah di-install ketika kita mengetikkan apt-get install php4-gd2, cukup menyenangkan.

Blog ini di-setup dengan Permalink aktif, tapi link di menu “Archives” (di kalender dan nama-nama bulan, di sebelah kanan) pada tidak berjalan.

Ternyata, dari kode yang dibuat oleh WordPress untuk ditaruh di .htaccess ada yang kurang, yaitu :

RewriteRule ^archives/([0-9]{4})?-([0-9]{1,2})?-([0-9]{1,2})?/?$ /index.php?year=$1&monthnum=$2&day=$3 [QSA]

RewriteRule ^archives/([0-9]{4})?-([0-9]{1,2})?/?$ /index.php?year=$1&monthnum=$2 [QSA]

Sekarang link-link di “Archives” sudah berjalan sebagaimana mestinya.

First there were Brazilian criminals. Now a phpBB worm is on the wild, defacing any websites still running old version of phpBB.

Idban already showed a quick fix for this to be placed in .htaccess file.
Alternatively, if you have mod_security installed, you can put this instead :

SecFilter "^(.*)2esystem(.*)"

/etc/init.d/apache restart, and you’re set.

I wish I knew Xdebug when I was having problems with my PHP code a few weeks ago – with debugging client, it sure beats using echo 🙂

I’m pretty scared using Windows nowadays, and here’s why.

I’ve had the luck of cleaning computers from CoolWebSearch, and let me tell you these things are damn close to impossible to get rid of.
Good thing CWS is still rather “harmless” – now imagine a keylogger as stealthy and deeply stuck as CWS; using Windows then could cause your bank / paypal account / etc to become empty mysteriously…

I’ve been rather dependent to Regex Coach when I need to create a regular expression.
But sometimes, some things are just too time consuming to be created from scratch. At these times, RegExpLib.com just may save your bottom from getting kicked by your boss.

Rsync on Windows

Previously, you need to install cygwin and then rsync, if you need to run rsync client from Windows. Unfortunately, it’s not exactly easy to use.

Thankfully, now you can use Sync2NAS instead. What’s more, it’s also has been developed with backing up user’s data in mind. Finally, it is an easy task to be done.

Amazing – we have a CRM system similar to OpenCRX; but ours costed tens of thousands dollars, and it’s proprietary.

Of course, most of the time you’ll need to have it customized to your exact needs. In this case, you can get in touch with CRIXP. OpenCRX will be still free, while they provide you with the customization that you need.

Looks really sweet.
And talking about sweet, SugarCRM is another one that looks quite good as well.

It enraged me to see how spammers are spamming blogs – comment spam, trackback spam, referral spam, or just overload your server.

And they’re eroding our defenses quite swiftly – comment preview no longer protects against spammer, and they can even beat CAPTCHA now.

As the case with email spam, I think combined defense would work best – something like CAPTCHA and RBL for blogs. Let’s see if such thing exist for WordPress.

Being a newbie in Java, I thought it as a solid, foolproof language, which doesn’t break under newbie’s foolish coding style.

It seems that I’m wrong – there are ways to bog down Java app servers with stupid code.

Well, not too surprised though, I guess I just have seen too many example already of human stupidity overwhelming even the best computer systems out there.

I’ve had problems with proprietary mailservers where they put strange characters in the email address. Example: poor_guy/PITA/INDOFOOD@indofood.co.id

Mailman refused that email address straight away.
Not my loss 🙂

However, sometimes there’ll be (l)users complaining that it’s our mailserver that’s malfunctioning, and won’t accept anyone telling otherwise.
Doh….

btw – Lotus Notes can put REALLY weird email addresses as well, but it seems to be configurable.
Example, internally, my email address is seriously doesn’t conform to Internet standard – it shows my position in the company’s hierarchy. But externally, it’s been configured so it’s accessible as my.name@mycompany.com – not too bad.

To proprietary mailserver users – demand that your vendor / sysadmin to fix it, or enjoy the problems.

Bill Gates has been babbling about the idea for years now – but he has been beaten by the Japanese, without much noise.

Computing newspaper (16 Dec 2004) on page 12 carries an article titled “Japan welcomes the arrival of the ‘ubiquitous society'”, where IT is everywhere, integrated, seamless, and enabling things for people.

The revolution was achieved with killer technologies (most IT geek knows that Japanese have access to the coolest gadgets), enabled by brave innovations (3G is old news in Japan, etc), and supported by the government (broadband ? we’ve got 100 Mbps fiber to your home for years, etc).

This also means serious savings for businesses – NEC said that they have cut meeting time by 20%, and travel expenses by 15%. I think these are achieved by doing teleconferences and telecommuting. And NEC said that they haven’t done this aggressively yet – imagine the potential savings once they do.

I must admit that I envy the Japanese for these 🙂

WebDAV (Web-based Distributed Authoring and Versioning) adalah salah satu solusi server-based file storage yang bisa ditawarkan oleh Linux, misalnya dengan menggunakan mod_dav.

Beberapa kelebihan WebDAV :

• Solusi yang “open”, tidak “proprietary”/tertutup.
• Mempermudah development / maintenance website, karena memungkinkan akses ke folder-folder situs secara aman
• WebDAV banyak didukung oleh berbagai software
• WebDAV bisa diakses dari berbagai platform – Windows, Linux, dst

Namun sayangnya, implemetasi WebDAV client di Window Explorer seringkali mengalami masalah jika mengakses server WebDAV yang bukan Windows 🙁 penyakit Microsoft nih.

Tapi jika Anda menemui masalah ini, syukurlah ada solusinya – NetDrive dari Novell adalah software WebDAV client yang gratis dan bagus.

Solusi yang saya pasang saat ini untuk mengatasi para spammer WordPress adalah dengan memasang fasilitas preview untuk komentar.

Ternyata, sekarang para spammer sudah bisa mengatasinya.. mungkin karena sudah banyak yang pakai juga, sehingga cukup insentif bagi mereka 🙂

Yah, kelihatannya saya terpaksa harus pasang Trencaspammer dulu, sambil menunggu solusi semacam RBL untuk blog 🙁 seperti yang diusulkan oleh Harry Fuecks [ disini ]