How publicly released exploits helped WorkSimple

[Photo by Honza Soukup]

A couple years back when I released WorkSimple, my PHP knowledge was very limited. I went through a couple versions of WorkSimple adding features and such but without thinking of security. Then, about a year and a half ago, I came upon a zero-day exploit site [1][2] site. On the site, it chronicled the current exploits in WorkSimple. Now, of course I acted quickly and fixed the problems. At first, I was offended by this. Then, I realized the helping hand it had lent me. Not only did these sites show how one could use the exploit, but also how to fix it. The user login system used MD5 hashed passowords in a specified [plain text] file in a specified place. After, the hashes were salted and in a .php file as not to display the contents. 


It definitely made me think more about security; not that I did not before just more comprehensively. To this day, I'm surprised that people use WorkSimple. Besides the terrible coding of it, the design is attrocious (which will be updated in 2.0 of WS). So, these zero-day exploits helped me be a better coder. It's difficult to design a perfect application without having something breaking. Apart from the aforementioned notes, I would think that it even created a little bit more publicity for WorkSimple :)

New hardware


So, I recently came into posession of an IBM Model M (1391401) and wow. This beats the hell out of my Logitech G15. A long with the keyboard, I thought I'd buy myself a new mouse while I was at it. Well, I ended up buying a Kensington Orbit with scroll ring.


The keyboard is amazing to type on. Though some may find it a bit loud, it's a pay off for the sheer coolness of it. I'm still getting used to my trackball and, as you can see, it has an extra wrist-rest attached to it.

I finally got the PowerEdge 6400 going. Turns out it was the RAM. It needs to have one entire bank to be filled, rather than two DIMMS. Debian Squeeze and even CentOS 5 didn't detect the RAID card so it couldn't see the disks at all. For the hell of it, I popped in Windows Server 2003 (as it only has a CD drive and no PXE) and what do you know: it sees the card. I installed Server 2003 and got VMware Server running on it. Although this setup is not lightweight, it does the job.



Thanks Nyko, now I have an unusable Xbox!

A little while ago, I wrapped my 360 in a  wood Oblivion Xbox 360 skin. Lately, I've been getting more RROD's than usual. I'd be in the midst of a game and it'd shut off with three red flashing red rings. I've had the Nyko Intercooler on my Xbox for the last couple years and, I thought, would make the RROD problem go away. Apparently not. So today, I took off the Intercooler.

Picture is of the Intercooler.

Nice scorch marks there.

The power connector on the back of my Xbox 360

Nice! Without the Intercooler, my Xbox doesn't turn on. With the Intercooler it runs for a couple minutes. As you can see, there's obvious burnt plastic. When I took the Intercooler off (which was a bit hard because it melted), bits of crap (best way to describe it) fell off. Looked sort of like dried up snot actually...

This is my second Xbox now and I'm pretty sure I can't send it back now, so, I'm screwed.


Oh, great

So, my SCSI drive came in the other day. Dropped it in a drive bay and fired up the server. But oh no, beeping arose. Looked up the beep code and now it's about the processor. Either the processor isn't seated well or I need to replace it. Awesome. I probably should have grounded myself before hand. Strange enough, if I change the jumper settings on the motherboard, from the default 700Mhz to 750Mhz, the beeping stops. Dell says the default speed is 550Mhz but I'm not sure if these are the default processors.

Now, I have a 65 kilogram, metre long brick sitting here. Doubles as a place to put cups though.

PowerEdge 6400


So I got this Dell PowerEdge 6400 and wow. First, this thing is gigantic. Eight hot swappable SCSI bays in the front. Free is a good price ;)

Inside this thing has two Intel Pentium III Xeon processors, running at 750MHz each. Where you see the RAM is actually a tray of RAM. You can remove the tray and fill up 16 DIMMs. Hot swappable PCI ports too. Three redundant power supplies in case a tornado hits or something. I'm planning on getting a SCSI drive or two and getting Solaris running (or perhaps Nexenta).

SHOUTcast server

As finicky as I am about music, I'm one of those guys that'll change the song halfway through it. So, I thought I'll set up a local SHOUTcast radio to prevent that and create less distractions.

Download SHOUTcast DNAS either beta or stable (I chose stable) from here. Edit sc_serv.ini in the SHOUTcast program files folder. The only thing you need to change is your password and whether you want a public or private server. Next, download Winamp to make it easier to manage. Also download the SHOUTcast plugin for Winamp (here) and the null output plugin (here).


Once everything is installed, open up Winamp and go to DSP/Effect. Click 'Configure the active plug-in'. Go to the 'Output' tab and proceed to fill in your information. If you chose to use the stable version of SHOUTcast DNS, check the legacy mode box. Select your encoder and it's settings. Check the boxes for auto connect. Make sure your output is using the null output plugin, unless you do have a soundcard (for whatever reason). 

Start up SHOUTcast DNAS, either GUI or CLI then Winamp. Open up your favourite music player with the URL 192.168.x.x:8000/listen.pls and listen away!