Losing Sight of Goals

It seems over the past week I’ve taken a bit of a back seat on learning C and doing my development exercises.  For a while there I was on a roll– I was reading the books and studying, learning the API’s and other debugging tools.  Most importantly, I was starting to create my own exercises and coming up with solutions.

I received some contact from Seattle U on the status of my application earlier this week.  I figure I should get back to it.  So after taking a week off, I’m trying to get back on track.

For most of my recent learning I’ve leveraged Apress’ really awesome set of C/Obj-C/Cocoa development titles.  The so-called “fruit books”, each title features a different citrus fruit on its cover.  They offer a disounted e-book for each title on a limited time offer.  I don’t need more digital textbooks so I stick with the physical copies.  I highly recommend them for anyone doing Obj-C development on the Mac.  They are very clear, lots of source code (free I might add) and they dovetail very effectively into a cohesive set.

Learn Obj-C on the Mac

Learn C on the Mac

Learn Obj-C on the Mac

Learn Obj-C on the Mac

I should head back to it.  Maybe my next post will involve my bubble sort app that I’m writing.

Friday Wrap: On hacks

The week started out so good! I migrated the site over to what I felt was a more robust back-end and site design only to be hacked he very next day.  A bit ridiculous if you ask me.  Here’s how it went down:
At about 4 in the afternoon on Wednesday I recieved an email from my server-side mail account here: [email protected]eekapproach.com.  The message was an automated dump from WordPress that told me that the password had been lost and recovered for my “admin” account.  I’ve seen a few of these lately because I ran GeekApproach in a beta mode on a different domain to make sure I got everything right before flipping the switch and going “live”.

So, mistake #1: Ignoring an automated email from your system telling you that your password has been changed.  I signed in about 7 PM to see my site still in my theme, but garbled text.  I’m now attributing this to (a rather excellent plugin) WP-SuperCache showing me a static version of the page.  In attempting to log-in however, it appeared my old password wouldn’t work.  Refreshing the main page brought me a “This site has been hacked by:” message proclaming the hacker to be “mosleium” (which I don’t believe) and that my data was apparently intact somewhere.

I lightly freaked out– I thought someone had penetrated my root account on the server, not just my WordPress sub-apps, but possibly other more critical things running.  This turned out to be the case.  I successfully logged into cpanel on my box, and hopped into phpMyAdmin to go talk to my mySQL dbases online.  Once there, I got into the users table where the passwords are stored– they are stored in an MD5 hash which is one-way encryptable (I’ll do a post about that later), but the recovery email address field– that is, the email address a new password gets sent to had been changed to some clearly unauthorized user.  I forced an update to the table back to one of my email addresses, and was able to “recover” my password back to myself.

Once in, I couldn’t see any sign of the hacker.  I found my root index.php page overwritten with his content however, and restored my site from the beta/backup site.  Rebuilt SuperCache, done.  Now, to figure out why and how this happened.

I searched around and found a few signs of how the exploit works. Firstly, it looks like it worked in WordPress 2.8.*– I’ve been running 3.1.* trunk for  awhile now.  It sad to see that it wasn’t fixed in my most recent copy.  Based on the above sight, I ended up changing my wp-login.php file to something a bit different.  Simply put, you can pass in an array as a key value here which the system will interpret as being correct and allow you to reset the pass without confirmation.  I’ve changed the few relevant lines of code in the file, and now it looks like this:

$key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
if ( empty($key)  || is_array ($key) ){
// Generate something random for a key...
$key = wp_generate_password(20, false);
do_action('retrieve_password_key', $user_login, $key);
// Now insert the new md5 key into the db
$wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login));

The critical part here is the if ( empty($key) || is_array ($key)) line which stops an empty array from being passed in as a key.

So, with that fix hopefully I’m ok.  It sucks that I’ll need to make that change everytime I update WP because they’re still not including that as a fix yet.

CD-DA Format

After spending some time with my mother on the phone last night involving audio CD formats and why or why iTunes won’t import them, I’ve decided to do a brief write-up on the now ancient CD audio format.

I first knew this format as “Red Book” audio format. It’s a spec dually held by Philips and Sony and was released in 1980. It calls for the following:

  • 2 channels of LPCM (or PCM) audio, 16-bit signed values samples at 44100 Hz.
  • A maximum capacity of 74 minutes of audio (later expanded to 80 minutes)
  • Maximum number of tracks is 99
  • The audio data is in a 2,352 byte block

Wikipedia tells me the format is apparently still licensable for $5000 from Philips which is kind of shocking to me considering how old the format is. Why isn’t this open-sourced yet? I can only assume the logo that Philips lets you license is also part of that 5k. Anyway, at its simplest CD-DA or Compact Disc Digital Audio is stereo audio at 44.1 Khz. When you pop it in a traditional CD player the device reads the information at 1x (about 150 Kib/second) , decodes the LPCM audio and streams it to your speakers.

CD-DA Logo

The CD-DA logo, imprinted upon many a CD.

I recall playing a brand-new CD-ROM based game that I had as a kid with our new Sound Blaster 8-bit audio card. This game loaded data off of the CD-ROM at 2x (making this horrible seeking noise), and then played Red Book audio from the audio portion of the image, thus freeing the CPU to continue rendering the game loop and not having to worry about decoding that audio on its own. This was also my first exposure to IRQ’s (Interrupt Requests) and how you could tell the processor that you wanted to deal with a specific hardware entity, in this case the decoding engine on the sound card. I though it was awesome.

Back in the mid-90’s I was starting to share media with friends across the Internet. With broadband having almost zero penetration at the time I was stuck using a 56k modem and a phone line to get out to the world. Some of you will recall that few people were ever able to get up to the so-called 56,000 bits of data that our modem’s were supposed to bleep merrily down the phone line so often I was reduced to an even slower mode–44k most of the time. On the web I found guys who were trading effectively CD quality audio via encoded files called MP3’s. Developed by the Fraunhofer Institute, MP3 went on to become a standard format for easily encoding and transporting audio–it sounds decent enough, files went from bulky 60 meg .WAV files to 3.5 meg MP3’s. It was great and it transformed the industry. CD burners became cheap and fast enough to put in home computers, media became widely available using a dye sandwiched in between two layers of plastic. Almost overnight we started using these devices more and more and seeking new and higher resolution audio formats for our media.

One of those was the Super Audio CD (SACD).  SACD was also developed by Sony and Philips and offered almost 8 GB of storage on a single disc and a higher audio fidelity for those who had new SACD playback devices. The format never took off and really the only remnant I have of it is a John Williams soundtrack CD from 1999.

Another extension known as CD-Text buried Artist, title and other relevant information in the 5 kb storage area know as a lead-in on a CD-DA disc. This does not adhere to the Red Book standard, but most newer playback devices (car stereos for example) can read this data and output it in some way to the user.  Apparently its rare to find the old Philips CD-DA logo on discs any more since rarely do the adhere to the standard. Not having bought a CD in years I don’t know about that but it stands to reason.

I think at a later date I’ll delve into some of the stranger formats I’ve used included hybridized discs.

2010 Oscar Nominees

I think the Oscars are probably one of the few awards shows I actually enjoy.  For the second year in a row, we’ve gone to see the Best Picture nominees put on by AMC in one big binge.  This year due to there being 10 nominations instead of the usual 5, it was split up into two different weekends.  For shits and grins, I’ve posted my own ballot decisions here.  We’ll see how I do later tonight:

Leading Actor: Jeff Bridges (keeping in mind that the Academy remembers and occasionally feels bad for past transgressions)
Supporting Actor: Christoph Waltz (I’ve never seen a more fastidious, evil character than in Inglorious Basterds.)
Leading Actress: Meryl Streep (I never saw Julie & Julia, but again, its been what 16 years since her last win. C’mon…)
Supporting Actress: No’Nique (‘Nuff said.  Wow.)
Animated Feature: Up (Pixar movies can’t do wrong.
Art Direction: Avatar
Cinematography: The Hurt Locker (and seeing this movie again yesterday made me really appreciate each and every shot.  Shaky-cam is something I really dislike, but I’ve gotta say there was enough locked shots that I wasn’t hurting too much.)
Costume Design: Nine (because the Academy loves a musical, even when the public derides it)
Directing: The Hurt Locker (because Avatar will sweep everything else)
Documentary Feature: Food, Inc.
Documentary Short: The Last Truck: Closing of a GM Plant
Film Editing: The Hurt Locker
Foreign Language Film: The White Ribbon
Makeup: Star Trek
Original Score: Up
Original Song:  “The Weary Kind” (Crazy Heart)
Short Film, Animated: A Matter of Loaf and Death (AARDMAN! How can you not love Wallace and Grommit?)
Short Film, Live Action: The Door
Sound Editing: The Hurt Locker
Sound Mixing: Avatar
Visual Effects: Avatar
Screenplay, Adapted: Up in the Air (too bad it won’t win anything else.
Screenplay, Original: Inglourious Basterds
Best Picture: Avatar (how can you deny $1 billion dollars?)

The Roundup

First off, my grandmother passed away on Saturday morning. She was in her 70’s but had been in hospice for the past…almost two years I guess. Unfortunately I had to fly out to LA to do a gig at Microsoft’s PDC. I’m not sure what else I should be feeling or saying about her. I’ll miss her, but I’m just not sure what to do with it yet.

Anyways, I’m down here on the floor with a Hackintosh. This is how nerdy I am: I actually flew down with an external USB keyboard for my Hackintosh, but I figured out a way to get VNC and Internet Connection Sharing working from my primary laptop so I can at least use a full size keyboard.

My grand plan was to catch up with my Stanford U ObjC/iPhone dev program, but I don’t even know what happened to my day yesterday. I really want to keep up with auditing the class, but I’m sooo far behind… I think its the first time in a long while that is actually something I’m genuinely interested in: I actually wish I know had some disposable income to just pick a school and spend the time learning. I want to keep going with it to figure out if I want to spend $40k+ on an education, but life seems to get in the way.

This wasnt what this post was supposed to be about but whatever…

Landmark Healthcare Bill…PASSES!

I had to post this because I really think it is amazing– the US House of Representatives has passed the huge healthcare bill! It now moves onto the Senate where I hope it will continue to pass.

I’m keeping my fingers crossed, but I hope my elected officials continue to do the right thing. Man..can you imagine? Healthcare for everyone? Wow.

Beginning Windows 7 Installs…

By now I think you’ve figured out that I’m a total geek. I have 4 machines at my disposal: a beefy oct-core Intel i7 920 with 6 gigs of RAM and 2.5 TB of hard drive space, a Shuttle designed set-top box that lets me watch Hulu and my Matroska files at the living room, my work laptop which is an aging Dell Inspiron, and my Hackintosh; a Dell Mini 9 with Mac OS X on it. We could also count the iPhone and the iPod Touch, but I count those as dev and secondary devices. Oh and that WinMo phone I have too…

Jebus. Anyway, I figured I’d start installing Windows 7 tonight on the machine that I could afford to be without for a few days which is the set-top. I’ve been running the build 7064 which was the RC candidate for free on the box for a while. I really hope they fixed the error with the Realtek HD Audio ports as I’d really like to get my TOSLINK audio connection going again at the TV. I’ve been employing a USB DSP– a Plantronics dongle that while sounds good, really makes my living room setup kinda look ugly. 🙂

I’m hoping to do the work laptop, and maybe the primary PC this weekend. I just hate being down machines– I keep getting freaked out that I’ll be unable to use the machines or that something extra horrible will happen.

Fall Foliage

Via XKCD:

via XKDC.org

How can you not appreciate geek humor such as this? 🙂

Nine-Eleven

9/11 is one of those things that can mean so much to people and at the same time mean almost nothing at all.  Don’t get me wrong: I remember where I was on this day in 2001, and I genuinely feel hurt for those people that died in the attacks.  I’m happy that now, 8 years later we’ve begun to actually heal and not concentrate so much on such horrible events.

I remember being woken up by my mother who was telling me something was happening at the World Trade Centers; something big and it was enough to get me out of bed at like 7 AM.  (This was essentially summer for me, and college was 3 weeks away from starting.)  I remember watching the TV, seemingly all morning.  A friend dropped by to watch the news with me.  She left after a few hours.  It was all a little nuts.

I feared for friend’s I had in the area– folks who went across the country for school, people I hadn’t seen in years.  Suddenly I wanted to get in contact with all of them.  I didn’t, really.  That in itself turned out to be a chore I wasn’t interested in either.

The day passed and gradually the friends I had, and some not so friends convened at someone’s house.  Instinctively we all wanted to talk and just feel better.  We did watch <i>Arlington Road</i>, perhaps not the best idea at the time but I think we just wanted to know how someone could do such a thing.

I remember the feeling of despondency went on for weeks.  TV was filled with what ifs, hastily thrown together “documentaries” on what was going on in the Taliban, and suddenly a new country for us to care about: Pakistan.

A sudden haste to remove the twin towers from all forms of media: movies, tv, music, the whole bit.  One of my favorite band’s at the time, Bush had a song called “Speed Kills” that was running up the charts.  The song quickly stagnated and the band actually broke up another number of months later.  I’m actually kind of surprised I remember so much of it.

Time again to let the past be the past I suppose. On to happier things…

Sample Post

This is an attempt to make a first sample post. Its not meant to be anything special, and quite honestly:  it isn’t.

Howzzat?