29 Sep 2007

Autumn has come -- time to learn new stuff !

The leaves are falling from the trees en masse, and the weather gets rainy, windy and too unpleasant to pursue my usual daily cycling agenda -- it´s a season called "Autumn", and guess what, I don´t wanna slip with my bike and land flat on the ole kisser ;-)

Staying indoors is usually a little depressing, but this year it´s actually a very fine opportunity to compensate the inescapable annual "autumn blues" by keeping myself busy with hopefully reasonable stuff.

This year Kismet brought me some pretty cool things (the Adobe Community Expert nomination, plus recently the Adobe Creative Suite 3 Master Collection), and regarding the wealth of tools I now have in my hands, it´s clear what I need to deal with now:

1. learn some of the Creative Suite components like e.g. Flash

2. go more in-depth with AJAX (Asynchronous JavaScript And XML) based stuff like Adobe´s SPRY framework and/or other frameworks like jQuery or Ext, which are made to perform in modern browsers and require JavaScript to be enabled -- and gaining more insight in the pro´s and con´s of building browser-based AJAX web applications vs. building "proprietary" applications using Flash respectively Flex

3. exercise myself in creating more results which actually make sense to me and others

4. very important IMHO :: see for myself how far I can go with learning without losing sight of my "core business" which is, guess what, doing websites with/without Dreamweaver and developing PHP based stuff.

I expect:

1. to get an insight in applications I never worked with so far -- I do need to know what others are referring to when ranting about stuff like "Actionscript"

2. to understand how several Creative Suite components will work together. Guess that using Firework CS3 integration with Dreamweaver CS3 to create a website prototype in the first application and pass it on to DW should be indeed interesting to learn.

3. to familiarize myself with graphics software like Fireworks, Illustrator and Photoshop without too many problems. I have been working with Corel´s applications quite intensely over the years, and many things are of course similar

4. to get a broader view of "all things web development" -- although HTML, CSS, PHP, databases and related stuff will always remain my principal "bread and butter", I can´t afford focussing on this alone.

5. to extend my own business with some more service & knowledge (of course !) -- and to add some value to my "Adobe Community Expert" status respectively the associated quality of advice I´m supposed to provide.

I don´t expect:

1. to become more than a "generalist" in some areas. The CS3 tools provide sooo many features, and the learning curve may be too steep to fully understand e.g. Flash respectively what I could do with it -- but I need to become at least a "generalist" on behalf of my clients, because how am I supposed to estimate the true expertise of an associated Flash guru, if I´m not able to understand the basics of what he´s doing or supposed to do ?

2. to become the greatest Flash animator on earth -- there are soooo many wonderful folks out there who, since years, have done immensely great stuff, and that´s an area where I´d never be able to really compete. However, the Flash CS3 data handling features, combined with my PHP skills, is something where I *want* to push myself forward.


Phew, that´s quite a self-imposed agenda until christmas, and I truly wonder if my goals can be achieved at all -- however, even if I´ll just be realizing 2/3 of all that, I *will* have learnt something essential, and this is actually what I´m after.

23 Sep 2007

Customer website was hijacked -- thank you !

What is this ?



This is the result of a database driven website been hijacked by some moron who somehow found his way into the website´s admin section, and who replaced several records in the site´s CMS (Content Management System)

At times I´m - with the respective customer´s consent of course - keeping an eye on websites I did for former clients, and that´s why I just noticed that 3 pages have been overwritten with some "Hello my name is..." crap and links to whatever porn sites.

It seems that this fellow must have detected one rather tiny loop hole (I know which one :-) in a certain CMS admin page which - by mistake - has not been "hardened" -- well, shit happens, but that´s now been fixed.

However there´s something that this fellow doesn´t know, and which might give him some headaches, should he ever be able to detect another security hole:

1. years ago when I developed this tailor-made CMS for my customer, I added a nifty self-acting "incremental backup" feature to the "update content" form:
  • on page load the record´s current content is getting loaded in some hidden form fields, and when...
  • someone clicks the "update" button, the current content gets inserted into a separate table
Very fortunately I had to add this feature to the ex-customer´s "multi-user capable" CMS at some point, because one of the staff members had to be fired for whatever reason, and before leaving the office, he (unattended of course) logged in to his CMS account and overwrote most pages with nada -- so I implemented this feature to make sure that the CMS will not even become a victim of "friendly fire".

Well, for me it was actually a snap to crawl the CMS backup table using a separate "admin only" list which lets me filter the records by various (combinable) search criteria like "date added", "title" -- spotting the undestroyed version was very easy, and restoring the hacked CMS records from those backup versions was done in a minute.

2. very fortunately I added a "mail notification" trigger to the update forms as well, means whenever anyone *but me* updates a record, I get an email containing some info about the updated record´s "ID" and "title" -- this has always been a very handy feature for monitoring what´s going on in the CMS, and getting such a notification now made me instantly aware there´s something weird going on.

However, this example demonstrates that such security holes can affect you very easily and of course when you don´t expect something bad to happen -- I´m certainly not too proud of having missed to "seal" one certain page, but I´m proud to have added some other safety precautions.

Well, gotta say thanks to this unknown moron though ! Without his attempt to wreck havoc I certainly wouldn´t have been noticed this miss -- however, the last laughter is on my side actually, because my efforts to restore the CMS contents have been *much* easier than his multiple record editings performed on a certain date.

Added 2007-09-24

  1. while googling for "my name is Alfred" I have found out that this fellow or a group of website hijackers have submitted this stuff (either with identical text or slightly modified variants) to *lots* of websites and forums -- considering the sheer amount of hijacking it seems that it´s assumingly a large group of folks which must have prepared some predefined text snippets to be copied to whereever they can.

  2. a *very* recommended read on all things related to "Web Vulnerability" can be found on the Acunetix website. Besides providing one of the most comprehensive lists of vulnerability issues I´ve ever seen, you´ll be scared to see which commonly used "web applications" (forums, content management systems etc) have what exploits -- well, and there´s lots of clues on what keep an eye on. You live and learn !

16 Sep 2007

installing Adobe CS3 Master Suite on Win XP :: phew, worked :-)

Wow, I´m a happy camper for sure now -- a couple of days ago Germany´s FedEx brought me a nice parcel from Adobe US :: the Creative Suite 3 Master Collection for Windows :-)

While I was full of pleasant anticipation when being informed that this was coming my way soon, I honestly felt pretty scared to actually install the Master Collection once I had it -- quite some customers who received it earlier this year, reported that installing the Suite was unexpectedly painful and (to some) managed to even whack up their OS, and Adobe confirms that the installer should indeed have undergone some more "system compatibility" tests before delivering their CS3 suites to customers.

However, to me the installation was an absolutely smooth experience ! Phew, no errors at all, and the Master Suite even detected my existing "stand alone" Dreamweaver CS3 installation and installed the other components alongside this one without messing it up -- it´s this what I´ve of course been most afraid of.

Well, now that all installed Master Suite components are working as (not :-) expected, and considering the fact that I´m able to write this blog entry from an undamaged XP system, I have to say :: I´ve certainly had lots of luck on my side, while others very regretfully didn´t -- however, I´ve thankfully also been explicitely warned (by reading lots of forum posts or Adobe´s installation FAQ) to first shut down several 3rd party applications which could possibly damage the Master Suite installation:
  • virus detection software, which is said to often just savagely block the installation of "official" software
  • Chat applications like "Windows Live Messenger" or "Skype"
  • the rather new Safari 3 browser (beta)
  • Google Desktop (as indeed reported by several users to have been causing problems)
Well, at the time of installing the Master Suite, all known "critical" secondary applications were shut down -- I´m sure that this (and, assumingly, an improved installer version) has lead to a smooth and indeed pleaseant experience which I didn´t anticipate.

Huge thanks also to several fellow Adobe Community Experts, who provided some precious and unbiased advice based on their own experience !

Some final thoughts on what should be improved in the next installer version though:
  1. As the installer first performs a system check in order to check against the specified "system requirements", it will report 512 MB of RAM as - sort of - "insufficient RAM detected, please update your system, 1 GB is the minimum required !"

    This is not quite true, as it´s only the included video (and maybe audio) editing components which do require that much RAM for a very good reason -- in other words, non-video components such as Dreamweaver, Flash, Acrobat, Fireworks, Photoshop do run quite smoothly on my 512 MB RAM system. Well, you´ll assumingly need more RAM when trying to perform a so-called "round-trip editing" (i.e. pasting images from Fireworks to a Dreamweaver page) between several applications, what´s a different story ... but this "generalized" message alone is way too scary and made me cancel the initial installation, what wouldn´t have been required after all.

  2. a certainly great thing is to choose which component you want to install, and some components do have sub-components -- however I don´t understand why deselecting e.g. the main video editing component does not automatically deselect the related sub-components as well.
But let´s not be too picky now -- I´m VERY happy ! :-)

7 Sep 2007

OT: Luciano Pavarotti : my tribute

This is certainly off-topic here, but I feel like sharing some personal thoughts and, well, emotions.

When I was a kid, classical music and, in particular, Opera didn´t mean anything to me. I didn´t like listening to those old and dreary songs played by a bunch of aging bald fiddlers sitting in the local theater´s orchestra pit -- and all those strange & highly pathetic plots, spoken/sung in a language you don´t understand plus performed by strangely acting fellows of unspecified gender, all heavily wrapped in funny clothes I´d never dare wearing in public, was just too weird. Mind you, Opera is something your parents and teachers use to personally like and consider "culturally valuable" (yikes alone because of that !), that´s why they force you to "enjoy" it by dragging you in a theater -- and you just say OK because you know you´ll otherwise get ripped off your weekly pocket-money ! Well, even if I would have had developed a soft spot for this voluntarily, I certainly wouldn´t have admitted it, because opera was considered absolutely uncool for my generation, and - well - when you´re a kid, you´re prone to be an opportunist anyway in order to not being considered uncool yourself.

Now that I´m 46, I do see things with different eyes and am allowed to even be uncool. At this age noone expects you to be "hip", and that´s a huge relief after all, because you´re finally free to like what you like without having to justify yourself.

Luciano Pavarotti, one of the certainly most famous opera tenors of all times, has passed away yesterday, and thanks to YouTube I was able to watch some of his live performances -- I gladly admit that I now wish I had paid unbiased attention to this great and in particular *very moving* opera singer before, and I can´t help feeling that I definitely missed something valuable by having been somewhat ignorant towards this genre.

I´ve now watched a lot of Pavarotti videos -- all of them are just awe-inspiring, and some will just drive me to tears. You can *see* that he was a singer with a HUGE and highly emotional voice, who wholeheartedly loved to sing great songs spanning ages and genres -- and that he was someone who made both his audience and his fellow performers (of all ages, genres and nations) just *love* him without any reserve.

When e.g. a politician passes away, chances are very small that he´ll be mourned in a neighbor country anyway, and definitely not by a taxi driver living there. However, if an artist like Pavarotti dies, it´s your turkish neighbor next door who you *never* heard listening to Opera (neither did he hear that from me) and who never even talked about music at all -- but who´ll instantly be telling you "have you heard that Pavarotti is dead ? How sad !! He was such a good man !!" with an exceptionally earnest voice. This is a phenomenon which shows how important a celebrity has *really* been and what traces he has left in the lifes of those how really count -- the "ordinary men" ! It´s Aslan, the muslim Kebap maker, who´s supposed to have no cultural bonds to what Luciano Pavarotti´s art (italian opera) originally represents -- but Pavarotti has left something precious to remember for everyone on earth, no matter what nationality, belief, social standing and whatever else man-made "criterion" tries hard to separate us from each other. In my lifetime respectively in my "western" culture I have so far witnessed just one other deceased artist of the same caliber who was equally mourned and remembered by *everyone* :: Freddie Mercury -- and in my lifetime it´s so far been the passing of only those 2 singers which was the very first thing they tell you in the radio and TV news. It was mentioned in the news for days, and at least for one day these announcements always preceeded other news about politics, economy, natural desasters and other stuff which usually affect everyone´s lifes pretty much !

One of my most favorite Pavarotti videos over there at YouTube is Miserere, sung together with U2´s Bono -- an outstanding song written by Zucchero and here performed in Modena (Italy), which not just serves Bono´s own vocal intensity very well, but also IMHO might probably represent one of Pavarotti´s truly finest and highly emotional moments ever -- at least I can´t imagine how something like this can be topped by any singer on earth ever.

You might want to see and hear what happens at approx. 04:00 -- how, at the end of his part, Pavarotti´s great and loud voice unexpectedly pours out a high & long & even louder note that´s bursting with a staggering, yet in this song´s context (as I take it, about feeling deeply miserable caused by feelings of guilt towards the ones you betrayed, yet asking for forgiveness and help) absolutely appropriate mixture of agression & dispair and abruptly stops at its very climax, and how Bono himself is getting moved by this so much that his voice just breaks in his next part.

Pavarotti´s and Bono´s rendition of "Miserere" will go straight to the bottom of your heart and stay there for very long, regardless who you are or where you come from or what music genre you´re usually attached to, and this is one of the finest and moving moments in music I ever witnessed.

I feel like having to pay my belated and overdue personal tribute to Luciano Pavarotti -- it´s now clear what exactly people loved him for so dearly, and why he is getting missed. You have been *truly* cool !