Category Archives: Tips

3 ingredients, 3 steps = really good hot cocoa

Leave a reply

0 minutes, 26 seconds

Some folks think that you need to get those little packets of mix to make a good cup of cocoa. They’re wrong! Here’s how we do it at home:

Ingredients:

  • 1 super heaping teaspoon unsweetened cocoa powder (preferably, fair trade and organic)
  • 1 teaspoon sugar (maybe two if you’re using milk. we use sweetened soy milk so we cut it down to 1)
  • 1 mug of milk

Steps:

  • Measure ingredients into your mug
  • Spoon in 4-5 teaspoons of hot milk into the mug and thoroughly stir into a slurry
  • Pour in milk while stiring

Enjoy! (ostensibly the 4th step ;)

Yahoo mail hacked?

Leave a reply

2 minutes, 30 seconds

I’ve had three friends with yahoo accounts send me email that was clearly not them sending it. It was a spammer. One friend had every contact emailed, in alphabetical order, in groups of 10. The symptoms seem to be:

  • Emails are really sent from yahoo account, there’s a copy in the “sent mail” folder
  • Password is changed such that you need to call yahoo or otherwise reset your password
  • Groups of 10 people emailed

Another geek friend reported the same with a number of his friends who have yahoo email getting hacked as well. Him contacting me prompted this post to get awareness out there ( you know, to all 3 of you who read this). No real news on the interwebs, leave this post: Who Hijacked Yahoo Mail?

Here’s the nice view of the email (sensitive data yas been obscured with “***********”)::

From: Anders ***********
To: egwit, awarnow, avkirby, starsister77, apnun, ann, jara, apollostwinsis., haywoodashley, me
date: Tue, Feb 16, 2010 at 3:06 PM
subject: Bettina Mischkalla

http://nmprint.com.au/go.friend.php

Here’s the raw email I got from my friend’s hacked account (sensitive data yas been obscured with “***********”):

                   
          
Delivered-To: mrjones@***********.com
Received: by 10.231.143.16 with SMTP id s16cs151659ibu;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received: by 10.140.58.10 with SMTP id g10mr4771311rva.57.1266361611517;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Return-Path: 
Received: from ***********.com (***********.com [207.29.224.50])
        by mx.google.com with ESMTP id 31si10777747pzk.62.2010.02.16.15.06.51;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of 
mrjones@***********.com designates 207.29.224.50 as permitted sender) 
client-ip=207.29.224.50;
Authentication-Results: mx.google.com; spf=pass (google.com: best 
guess record for domain of mrjones@***********.com designates 
207.29.224.50 as permitted sender) smtp.mail=mrjones@***********.com; 
dkim=neutral (body hash did not verify) header.i=@yahoo.com
Received: by ***********.com (Postfix, from userid 501)
	id 2AFAC968B7C; Tue, 16 Feb 2010 15:06:45 -0800 (PST)
X-Original-To: mrjones@***********.com
Delivered-To: mrjones@***********.com
Received: from web53107.mail.re2.yahoo.com (web53107.mail.re2.yahoo.com 
[206.190.49.57])
	by ***********.com (Postfix) with SMTP id 7D7D4968B58
	for ; Tue, 16 Feb 2010 15:06:38 -0800 (PST)
Received: (qmail 11051 invoked by uid 60001); 16 Feb 2010 23:06:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; 
s=s1024; t=1266361597; bh=oJtmpSDF9JfgKjw+1+Q+Wqxiiq1f0Qc9sio+EdymNik=;
 h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:
 MIME-Version:Content-Type; b=oFCN9QuJ13WOanJxxKZHrcbLHOZOMviKII3sm
 Wu/Rno7BWX4i8mBO6CHijcUGJPj/7P1ryPEfVSCB/k72CUbSHcHaJZIpLbF0EXwLje
 uVvkTB/BaeMHhTn5DPbW2h7bcKCvt0AlwfUXUQ+1K3t2zpBH1slw/eUoJqEEVx58A2Ew=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:
  MIME-Version:Content-Type;
  b=kzg14b6v1xa8NPMqRfu5XCsz4dFXa7bASb6Vj3Epb6I74/a8t5rVPWCOBfPtR1C
  2Bg67H5UqE3nmdd/hqTKWmUfOKh/g2rhEuXX23ghs080LTudbyqwF0hQSLVmPlhAQ
  RcedYf86UYfC5Ox8SpH/76T2gc+LRlqglfPenlpLRzw=;
Message-ID: 
X-YMail-OSG: ppvFaJUVM1kacZ05sJo0wMYepvD5By3Oxe96QISv6KgKBxmq0_Q1r1
8k75jrUQId8bPmqNP8IjHUU8OBB8bfkioPzwwMw7pj1Br2YORw.qhjM8uWFe8yr_wQv
i7YEAoLhtQvNnyTU.5SLv6lIQFUrTxp6huhu1iOVzwW5PtokoZoBQLQ82lLd_jMg1L6
9lCXsoRvQi6C5PTDrobDdUz7VOj3h0yRWEFf00zgrQ.Vs9kf2cU2epyUdQQuJ_juBPx
accPy7psP2vYnb7ErtxGxfUayl85HvFPG575oMywmq6e8PKqpKz04xXdgwqhgZ6g5qs
5_feAiiHiTH5Tz5gpTdCCuzNThjs3436jDWaTpWx8-
Received: from [66.196.86.118] by web53107.mail.re2.yahoo.com via 
HTTP; Tue, 16 Feb 2010 15:06:37 PST
X-Mailer: YahooMailWebService/0.8.100.260964
Date: Tue, 16 Feb 2010 15:06:37 -0800 (PST)
From: Anders ***********
Subject: Bettina Mischkalla
To: "egwit@***********.com" ,
  "awarnow@***********.com" ,
  "avkirby@***********.com" ,
  "starsister77@***********.com" ,
  "apnun@***********.com" ,
   "ann@***********.com" ,
  "jara@***********.com" ,
  "apollostwinsister@***********.com" ,
  "haywoodashley@***********.com" ,
  "mrjones@***********.com" 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii


http://nmprint.com.au/go.friend.php

Another Very Poor Man’s Google Analytics Post

2 Replies

1 minute, 15 seconds

A bit ago I wrote a post about using command line tools to get stats of this blog. I recently wrote another version of this to get the most popular posts here, sorted by the most popular at the top. I love that this can be done in all in one command.

Here’s the command:

tail -1000000 access_log|grep 'GET /blog'|cut -d" " -f 7|egrep -v '.png|.jpg|wp-includes|.css|/page/|/category/|xmlrpc|wp-trackback|/feed/|wp-login|/wp-content/|/trackback/|wp-comments|wp-app.php|wp-admin|comment-page|index.php|?p=|page_id|comments|feed'|sort|cut -d"/" -f 3|uniq -c|grep -v ' 1 '|sort -nr>plip.blog.tops.txt

This breaks down into the following:

  • get the last 1000000 of the blog access log
  • look for requests to “/blog”
  • split by space, and get the 7th field, the URL being requested
  • exclude a ton of items
  • sort the results
  • split by the “/” slash and get the 3rd field, the blog name in the URL
  • get the unique list of blog names with a count for each URL
  • remove the singletons
  • reverse sort so the most popular is at the top
  • write it all to a file called plip.blog.tops.txt

The results are in! The winner is currently chocolate-crinkle-cookie-photos! W00T

   137 chocolate-crinkle-cookie-photos
   119 two-loves-css-recaptcha
   109 24-hours-in-photos
   104 our-pet-venus-fly-trap
   103 ruby-less-way-to-add-key-frames-to-flv-videos-for-the-likes-of-jwplayer
    94 toss-your-salad-code
    91 update-firefox-does-have-reset-more
    91 firefox-reset-is-really-launch-in-safe-mode
    84 keep-those-passwords-safe
    81 photos-food-bikes-sunsets-and-stars
    79 thoughts-on-very-large-monitors
    78 when-the-cat-is-away-the-worms-will-play
    76 photos-from-around-the-bay
    76 our-tree
    75 one-foggy-morning-in-my-commute
    74 wordpress-exploit-fog-fruit-plants-and-plates
    72 recaptcha-now-google-recaptcha-will-help-google-books
    72 from-burning-man-town-to-oaktown
    67 gmaps-pedometer-google-calc-8-94607843-minutes-per-mile
    66 the-massive-compost-tower
    65 on-theft-privacy-and-data-loss
    64 pizza-and-dough-from-scratch
    60 this-is-not-an-ipad
    60 go-faster-encoding
    57 fixed-theme-wp-updated-more-wp-hacks
    44 every-vehicle-is-a-prius
    42 photorec-to-the-rescue
    41 the-very-very-poor-mans-google-analytics-tail-cut-sort-uniq-wc
    41 on-comcast-internet
    38 taking-the-plunge-safari-4-full-time
    35 secret-jumps-of-tunnel
    35 i-got-four-cores-but-a-distributed-load-aint-on-one
    34 stir-fry-dinner
    33 tasty-comfort-food
    32 fancy-diff
    26 how-to-fix-zend-studio-5-5-zde-in-os-10-6-snow-leopard
    24 ping-traceroute-and-quotes
    22 wordpress-rich-mans-blog-poor-mans-cms
    21 new-news-old-open-source
    20 old-broken-usb-hub-ipod-charger
    19 gmail-contest
    19 alternate-way-to-have-google-analytics-track-pdfs
    17 this-is-what-makes-a-happy-saturday
    17 macchiato
    16 american-born-chinese
    15 rogue-mysql-queries
    15 fixed-gear-slipped-chain-thankful-for-brake
    13 simple-wp
    13 plip-is-no-longer-a-cobblers-child
    11 plix-plixing-better
    11 itunes-imovie-on-lenovos-new-media-center-pc
    10 wonderful-bike-lane-signs
    10 this-is-what-makes-a-happy-sunday
    10 plip-ts-on-your-back
     9 plipgo-01-released
     9 bart-speaks
     8 yet-another-redesign
     7 update-plip-content
     7 plixing-for-pleasure
     7 plip-for-peace
     7 long-be-gone
     7 kodiak-11-released
     7 dot-com-casualty
     7 dont-just-commit-commit-intelligently
     6 verge-works-solves-all-your-woes
     6 simpsons-for-ever
     6 simple-is-better
     6 plip-gets-its-own-dictionary
     5 aids-ride-completed

Fixed theme, WP updated, more WP hacks

Leave a reply

0 minutes, 32 seconds

Back when I fixed this blog’s instance of wordpress, I broke the theme. Today I fixed it. W00T! Sadly, this is because I found even more instances of a hacked wordpressery. This was based on the remv.php hacks. I can not stress enough how important it is to keep your software up to date. Go subscribe to the wordpress release feed if you need to. Just stay up to date.

While finding the instances of remv, I took a peek at it. It’s actually pretty neat! If you have LAMP stack handy and are interested, here’s a copy. Enjoy!

Update: Here’s the home page of PHPRemoteView (aka remv.php) translated from russian. Checkout the rockin windows 95 style windows!

Keep those passwords safe

2 Replies

1 minute, 52 seconds

A problem with online security is that there’s no standards for passwords. You may come up with the silly simple single password you use for all site. This works well, until you encounter a site that wants one that is, say, 2 characters longer than the one you use. What then? Or, maybe you’re a bit better and use a scheme where you “encrypt” the domain name into your password. Again, this works fine until a site forces you to break this scheme, and then you’re shit out of luck. The net result is that you either A) have extremely simple passwords or B) forget the passwords often or C) write them down next to your computer.

In case you didn’t think so, options A, B and C suck. Don’t do it. Be smart and be safe.

The way to do this involves some pain in the ass security, which I’ve said before different levels are acceptable. I feel that protecting your passwords are critical, so I’m willing to accept a somewhat higher PITA level. My PITA of choice for passwords is KeePass. Being an open source project (W00T!), some of the execution of the user interface is left to the developer, so you may find some ports are better than others. However, the vanilla OS X and Windows flavors I use at work and home respectively, simply rock. The Android port I use is the icing on the cake. I can download a copy of my password file and have all my passwords on the go.

KeePass, much like TrueCrypt, has really thought about how to store passwords. Here’s a list of some of the great features:

  • generate a secure password based a given site’s rules (8+ letters, 1+ number etc.)
  • hot keys to quickly copy username and password
  • android version puts the username in alert menu so you can easily copy and paste it into a web form
  • encrypt notes for extra info like security question you also won’t remember and wrote down next to your password
  • ported to just about every platform, including iphone and android

The net result of this is that you never forget a password, you use secure passwords and no one can get at your passwords. This is secure and this is how you should do it! For the forward thinking, store your password file on a USB cary with you or, if you’re like me, you’ll put it on your dropbox account, and then you can seamlessly use it on all your computers. Doubly handy!

Update: Firefox does have reset & more

Leave a reply

0 minutes, 16 seconds

A bit ago I posted about how Firefox 3.5 doesn’t have an easy way to reset all the cookies and cache files and the like. I stand corrected. Not only does it has this feature, it has an even better ‘clear for the last hour’ or ‘clear for all time’. Handy! I took some screen shots to show ya.

Gmaps Pedometer + Google Calc = 8.94607843 minutes per mile

Leave a reply

0 minutes, 41 seconds

I just got a new pair of running shoes and I wanted to take them for a spin. I have no idea how fast I run because I only run with an ID. I don’t have a watch, a GPS or anything else. Well, OK, I do have my first ever pair of running shorts. However, those don’t tell you where you are or what your mile splits are.

You know how to most easily track your route and distance (again, with out a GPS)? Gmaps Pedometer! It’s a google maps mashup that allows you to easily double click your local (or remote) running route.

After I had done this, and I had noted the time I left and returned, I had this math to do: 4.08 miles per 36.5 minutes to minutes per mile. I thought, heck, why don’t I drop it into google and maybe they’re that smart? Sure enough, they are. Thanks Google!

PhotoRec to the rescue!

Leave a reply

0 minutes, 45 seconds

Recently the SDHC card for our new camera went bad. All computers and the camera said that the card needed to be formatted and could not be read. Running windows “chkdsk” reported that “The type of the file system is RAW.” After googling around I found a great app called PhotoRec. This is an open source app for all OSes that focuses on recovering images and movies from a hard drive, USB drive or flash memory. It is DOS based, but is extremely easy to use and does not require you to install anything, just extract the zip contents and away you go.

It not only recovered the images that we recently took and wanted to restore, but also found EVERY photo we’d EVER taken. This, when I think about it, isn’t that surprising given how computers delete data, but I like that it worked so well. I gave a donation with in minutes of seeing my photos restored. I encourage you to download and donate today if you’re data is in peril!

photorec

Firefox “reset” is really “launch in safe mode”

Leave a reply

1 minute, 6 seconds

I know that it’s not that hard to find out how to do it , but I am still disappointed two fold in how hard it is to reset Firefox 3.5. First, if you look at Safari, it’s super easy to reset it. Secondly, it’s not called ‘resetting’, it’s called ‘safe mode’. Further, your mom doesn’t want to do this on her mac:


/Applications/Firefox.app/Contents/MacOS/firefox-bin -safe-mode

Yeah, I guess for the most part your mom isn’t doing bleeding edge AJAX development that hoses her browser so she needs to do a full factory reset like I was today. But still, make it easier for me?

Sadly, the lil’ ol’ plip blog probably isn’t popular enough to give ‘reset ff3.5’ a higher ranking in google to turn up ‘use safe mode, silly!’

For those who read our Safari full time post of yore, you ask, “what’s the verdict?” The verdict is I use both. I would say that on a Mac, Safari is hands down an insanely fast browser. Faster that FF3 or FF3.5. However, firebug is the absolute no contest, pack it up and go home winner of JS debugging, DOM tweaking, ad hoc CSS styling, OMG there’s-another-feature-I-didn’t-know-about web developers god send life raft. Indeed. So, I use both. Yes, it does help to have a silly amount of screen real estate:

Update: Firefox 3 had the feature want, I just remembered!

Update 2: I’m wrong. Firefox 3.5 does have it.