Archive for the ‘Software’ Category

Right-click menus for redesigned Facebook using Firefox!

August 13, 2008

With the recent redesign of Facebook, I’ve been getting questions regarding whether the add-on for Firefox is compatible with the newly redesigned version of Facebook.  After confiming over the last couple weeks with some of the ~500 daily users and the 2,000+ downloaders who have shared emails, the current version of UltimateFacebook is not only fully-compatible with Firefox 3 (and naturally Firefox 2), but also with the newly redesigned version of Facebook.  Install it by clicking here.

The add-on enables you to right-click any Facebook user and:

  • write on their wall
  • send them a message
  • poke them
  • add them to your friends
  • view their friends
  • see a thumbnail of them by rolling over their name in a news feed, photo gallery, etc
  • see how you connect to them
  • tag them
  • bookmark them – a.k.a ‘save them as a crush’ (invisibly — kept private)

Advertisements

UltimateFacebook added to Softpedia and certified 100% Clean of Spyware, Adware and Viruses!

August 5, 2008

Woot!  Got an email from the folks at Softpedia!  They’ve just added and reviewed UltimateFacebook, the Mozilla Firefox add-on that makes using Facebook easier and more fun.  It’s beed certified to be 100% Clean of spyware, adware and viruses.  Very cool.  With several 1,000 people now using the add-on, it’s cool to see the social graph grow from the my graph of 200 or so friends in May to almost over 900,000 Facebook users in the graph today.

Here are the links

http://mac.softpedia.com/get/Internet-Utilities/UltimateFacebook.shtml

http://mac.softpedia.com/progClean/UltimateFacebook-Clean-38864.html

http://apps.new.facebook.com/ultimatefacebook/

Facebook Right-Click Menu for Firefox. Make Facebook WAY easier to use!

May 15, 2008

So over the last several months I, like tens of millions of people, have been using Facebook to find and stay in touch with friends and my biz network. As I used it more and more, I became more annoyed with how long it would take me to send messages, write on walls, etc. So I’ve written a Firefox add-on to make that easier. Called ‘UltimateFacebook,’ all you do is right-click a hyperlinked name in a news feed or a person’s profile image/thumbnail and a menu will appear. You can now send messages, write on walls, poke users and add or view friends with 1-click instead of the 2-3 it normally takes to get to the page to normally do the action. I’ve been playing with it for the last several months and have had about 300 people helping me test it. It’s rather stable at this point, but is an alpha product. Holler with ideas and/or feedback, but definitely try it out.

Click here to read more and try the add-on!

Right-Click Facebook menu for Firefox

Injection attack vulnerability in phpMyAdmin w/ fix

November 12, 2007

phpMyAdmin

Over the last several weeks Jason Lidow of DigiTrust Group and I have been chatting back-and-forth about a number of vulnerabilities he and his team have been finding in open-source packages using MySQL and PHP. In particular, his DigiTrust Group guys have been uncovering a gaggle of exposures in phpMyAdmin, the most widely used control panel for managing MySQL from virtual hosts (I use it on more than a couple of my web apps).

Over the weekend, Jason sent over an issue that piqued my interests. It details potential injection attacks in phpMyAdmin. I hate these things. They’re dirty, and I don’t mean in the good way. The attack described would let normal users take over administrator’s accounts..

This one in particular is more evil than others I’ve come across as it’s a one-time action with an evergreen effect.

The phpMyAdmin folks have developed a patch/fix for the exposure and is now available at http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7.

The super-geeky report of the vulnerability is available here:
http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html.

To read more about Jason’s crack team go here http://www.digitrustgroup.com. These guys are probably the best I’ve seen at what they do (they actually scare me a little). DigiTrust Group has, over the last several years, turned from a few wunderkind genius hacker types to a serious consulting org that works for everyone from Fortune 1000s to small and medium-sized companies as they grow and need help finding potential IP and infrastructure exposures.

What’s an injection attack???:

This type of XSS vulnerability is also referred to as a stored or persistent or second-order vulnerability, and it allows the most powerful kinds of attacks. It is frequently referred to as HTML injection. A type 2 XSS vulnerability exists when data provided to a web application by a user is first stored persistently on the server (in a database, filesystem, or other location), and later displayed to users in a web page without being encoded using HTML entities. A classic example of this is with online message boards, where users are allowed to post HTML formatted messages for other users to read.

These vulnerabilities are usually more significant than other types because an attacker can inject the script just once. This could potentially hit a large number of other users with little need for social engineering or the web application could even be infected by a cross-site scripting virus.

The methods of injection can vary a great deal, and an attacker may not need to use the web application itself to exploit such a hole. Any data received by the web application (via email, system logs, etc) that can be controlled by an attacker must be encoded prior to re-display in a dynamic page, else an XSS vulnerability of this type could result.

Ajax thought for the day

August 22, 2007

DIV innerHTML updates are way cooler for binary actions than dealing with responses.

Skype update 08/17/2007

August 17, 2007

So I drove by Skype and eBay on the way to dinner/Happy Hour tonight.  Absolutely NO parking spots available on the campus AND the cars were parked out on the road all the way to Hamilton.  EVERY person on call apparently is on location for the crisis.  At least eBay takes the billion $ crisis seriously.  I’m personally getting a little pissed about seeing the ‘connecting’ icon spin all day long while they have a good hunk of my cash to make and receive calls.

I have a 2×4 AND a pipe wrench in my toolkit.  I’m more than happy to reboot servers if it’ll help.

Life without Skype sucks!

August 16, 2007

So the big news today is that Skype went down.  While I don’t heavily use Skype, I do rely on it for daily calls so I don’t burn my cell minutes.  Haven’t used a landline really for a couple years now.  So today, I’ve found myself pissed at the constantly spinning connecting icon and watching it like a puppy dog at a steak dinner!

Extracting Plesk Backups on Mac OS X

May 20, 2007

Here’s another reason why Mac’s kick ass!  I’m currently managing several sites via the Plesk Control Panel.  Yesterday an issue came up where I needed to get a number of files from a backup for use on a stage machine.  After blowing about 30 minutes on finding the right package and installing it, guess what?!?!?!  Any Mac OS X system with Stuffit 10 (and up) can simply decompress the files and you’re good to go!

Plesk Control Panel

How cool is it to see people use something you’ve built!?!?!

February 7, 2007

I was on eBay and came across several listings made using WipBox. How cool is that?!?!? Read the post and check out the listings!

http://wipbox.wordpress.com/…-wipbox-users/

Holy 45,000 pvs and 3,000 new users this week!

February 6, 2007

Yesterday and today have been INSANE on WipBox!!!  45,000+ page views and 3,000 new users in the last 2 days.

There will be a moderate update happening tomorrow night with some solid bugs/usability fixes.  Also there will be a tutorial on what  the graphs do and how to use them best. I’ve also wrangled  some resources to help get BIGGER releases done to and make it way more usable and friendly.

Please keep sending in bugs, though. I’ve been putting them into the bug tracker and have all of them slated to be addressed as soon as possible.

Also, please be patient.  I originally created this for myself to use in less than a month.  For me it works great.  But, it’s becoming VERY clear that, as more people have been signing up, I’m finding  things need to be made more usable.

J.