I’ve always like the political cartoons in the economist-
Been a while, The Economist
Posted by Mr. Pig
on October 28, 2007
No comments
How our financial system really works
Posted by Mr. Pig
on September 29, 2007
No comments
Clear video explaining how our financial system works. Heard people talking about national debt, creating money out of nothing and the Federal Reserve? Watch this video and learn all there is to know.
read more | digg story
Gripes with HC Schedules.com – An open letter to Robert Teller and the Hunterdon Central Board of Education
Posted by Mr. Pig
on August 31, 2007
3 comments
Before I start, I’d like to inform you that I have never met or directly communicated with Rob Teller beyond Instant Messaging. I have no interest to talk to him ever again. My experience, as well as that of close family, has been negative and unless I’m promised differently I’d rather not communicate with Teller again. I am a student at Hunterdon Central High School and have had the displeasure of using this site my Freshman year. I am going to try to present you with the facts and only the facts. I do think a site like HCSchedules is useful if executed correctly and if basic security measures are taken. I have not known of any problems with the site until its MySQL databases (the databases storing students information) were released to Robert Teller during/preceding the take over. I also figure you’d like to know what qualifications I have, if any, in my claims. Well, I don’t have any written qualifications but I’ve been programming for a number of years, I know PHP and MySQL interfaces (what this website was developed with), and I’ve been working with security and cryptography for some time as well.
The recent media coverage of the site has been, as far as I can say, inaccurate on a few levels. The reports have addressed the school’s complaints and Robert’s responses but have not mentioned anything I have witnessed in relationship to the site. I do not even know if the school is aware of how the information collected is being used. For those that don’t already know Hunterdon Central sent out the following e-mail regarding the website on August 15th, 2007:
“Please be aware that Hunterdon Central does not sponsor or authorize a website called HCSchedules.com. The site is being used by students to see what other students are in their classes. The information is not reliable and Counseling Services cannot verify data reported on this website. Also, please be aware that the website is requiring personal information from your child that you may prefer to keep guarded. Hunterdon Central is recommending that its students not interact with this website.”
I’d also like to clarify that the site has collected similar information throughout it’s entire life and this Hunterdon Central email does not seem to be related with the recent take over by Robert Teller which is why I assume that the school does not know how the collected information is being used. On that note I’m going to compare basic security procedures every website takes with the security on Robert Teller’s website, or lack thereof. I’d also like to mention that this lack of security has been around for (as I imagine) the life of the site. On almost all websites that have user accounts and passwords they require the user to fill out a registration form with a username and password. This form than gets sent to their server, sometimes encrypted and sometimes unencrypted. When it reaches the server the information is stored in a database (in this case a MySQL database) and encrypted. This encryption protects the data (usually just the password or any personally identifiable information) from the administrators or hackers being able to view it. This makes sure that no one, other than you knows your password. Even the site owners. However, HCSchedules has none of this. The passwords are saved in plaintext, readable to anyone who has access to the MySQL database (in this case Robert Teller or a hacker). Adding this basic security technique would require no more than 20 minutes and about fifty lines of code on the average system. (Really all they need to do is add the word PASSWORD() and put the users password between the parentheses to protect it)
Why does Robert Teller’s site not have this basic protection? I can’t tell you, I don’t even think he’d be able to tell you, as he didn’t do the programming for the majority of HCSchedules. I hope encryption is added soon. Why is this dangerous? Because any hacker with the will to obtain access to HCSchedules’ MySQL database or even Rob Teller himself could abuse knowledge of passwords.
Most people use one or two passwords for everything. This means Robert or any competent hacker has your password to almost all of your accounts, including email and school network accounts. You submitted your school ID and your password, this means he could go to any computer on the school’s campus, enter your ID and your password and log in as you, delete or modify school-related files, send inappropriate emails to teachers, and download illegal materials under your name. Disciplinary action against an unsuspecting victim would be the result. Although one could make the argument that Robert Teller cannot be expected to abuse personal information, in my experience, his behavior has been less than scrupulous. He has instant messaged me my own password and school ID and even abused password knowledge; in the case of my sister, to log in to a victim’s AIM account.
In closing, I propose the following to Robert Teller: Fix security holes in HCSchedules and don’t release personal information to anyone, even family members. It doesn’t seem you can keep the promises you make on your website “None of your information is ever released to ANYBODY.†I ask Hunterdon Central to either demand the use of common security features on HCSchedules and overview the website or create another website that provides the same functionality. I would be more than happy to help in either the creation and security in a future or current HCSchedules website.
XFire Related Random Code
Posted by Mr. Pig
on August 29, 2007
No comments
Well, I haven’t posted in a while so I decided to post the next bit of code I worked on… and it turns out it was getting a list of users (usernames) someone with xfire installed has.
I decided it’d be easiest to just check inside the chatlogs directory. (which is under documents and settings)
Here’s how to do it in C++:
// Let’s grab our username so we can scan first
char userName[256] = “”;
DWORD sizeOf = sizeof(userName);
GetUserNameA(userName, &sizeOf);
string sysUsername = userName; //Save itstring userList = “XFire->getUsers\n===============\n\n”;
WIN32_FIND_DATAA findData;
memset(&findData, 0, sizeof(findData));
HANDLE findHandle = NULL;
string file = “”;// Let’s get the first file
findHandle = FindFirstFileA(string(“C:\\Documents and Settings\\” + sysUsername + “\\Application Data\\Xfire\\chatlog\\*”).c_str(), &findData); //Get the first file// Let’s get the rest of the files
do {
file = findData.cFileName;if (findData.dwFileAttributes == FILE_ATTRIBUTE_DIRECTORY && (file != “.” && file != “..”))
userList += file + “\n”;
} while (FindNextFileA(findHandle, &findData) != 0); //Get the next file in order (loop until finished)FindClose(findHandle);
userList += “*** End List ***\n”;
return userList;
New X-Fire Spammer
Posted by Mr. Pig
on August 8, 2007
21 comments
Frag.Ops 2.2
Posted by Mr. Pig
on July 5, 2007
No comments
A new version of the best game ever made… errm Mod I guess. Will be coming out soon.
Frag.Ops is a total conversion mod for UT2004 and in my opinion is one of the best games ever made. Check out their site and new video; links follow…
http://www.frag-ops.com/
http://www.gametrailers.com/player/usermovies/78631.html
It’s been a while – Some PHP Code
Posted by Mr. Pig
on June 19, 2007
No comments
Well, it’s been a while sense I last updated this… works being done on HE and some of my other projects. School’s almost over (one more day). Anyway, I recently created a sig generator for a game I play called Frag.Ops. A nice community member (known as Diesel_Fuel_Only) created a stats site for all the servers. It runs UTStatsDB with no modifications (other than images). I wanted to create sigs for the site, the only problem was he wouldn’t give me access to his MySQL databases because he’s kind-of a duche. Anyway, the work around was the parse the site directly, and build the sigs. He now made his own (that suck balls) so I decided to release the code I used to parse the site, as well as generate the images.
I split it into two classes. One to parse the site, and one to build the image. The image class is a php GD interface. The UTStatsDB parser is a different class. You enter the ID of the player you want, and the URL of the site pages, and it gathers some data about the player. A download link to the classes will be at the bottom of this post. First, heres and example of how to use them:
$thisID = 7;
$statObj = new statsParser($thisID, ‘http://www.fostats.com/fostats/playerstats.php?player=’, ‘http://www.fostats.com/fostats/index.php?stats=players’);// Check stats
$mRank = $statObj->playerMissionRank;
if ($statObj->playerMissionRank == 0)
$mRank = ‘N/A’;$wRank = $statObj->playerWarRank;
if ($statObj->playerWarRank == 0)
$wRank = ‘N/A’;// Build Array
$text[0] = ‘Player: ‘ . $statObj->playerName;
$text[1] = ‘Total Kills: ‘ . $statObj->playerKills;
$text[2] = ‘Total Deaths: ‘ . $statObj->playerDeaths . ‘ KDR: ‘ . round($statObj->playerKills / $statObj->playerDeaths, 2);
$text[3] = ‘Mission Rank: ‘ . $mRank . ‘ War Rank: ‘ . $wRank;
$text[4] = ‘Overall Rank: ‘ . $statObj->playerOverallRank;
$totalText = 5;// Make the image
$imageSys = new imgEditor(‘bgimg.png’, ”);
$imageSys->setFont(‘main.ttf’);
$imageSys->setSize(12);
$color[0] = 255;
$color[1] = 255;
$color[2] = 255;
$shade[0] = 150;
$shade[1] = 150;
$shade[2] = 150;for ($iLoop2 = 0; $iLoop2 < $totalText; $iLoop2++)
$imageSys->addShadowText($text[$iLoop2], 5, 19 + (20 * $iLoop2), $color, $shade, 1);$imageSys->outputToFile($thisID . ‘.png’, ‘./built_sigs/’);
This work is licensed under the Creative Commons Attribution-NoDerivs 3.0 United States. If you wish to use my work for the public (generate sigs/images for the public/more people than just yourself you must include “Generated using classes by Matt Razza” in the image you generate (or page if it’s just a stats page)). If it’s just for you, it’s not needed.
Download: Here
See the classes, and example code in action:
Merc Zboard “Driver” Version 0.1.1
Posted by Mr. Pig
on April 10, 2007
21 comments
NEW VERSION FOUND – HERE
Small update to my “driver” for the MERC Zboard on Linux.
READ THE README – and anything the shell scripts say.
Changelog:
==============================================
Zboard Config Changelog
Copyright (C) 2007 Matt Razza
==============================================Version 0.1.0 – Version 0.1.1
Added:
-”status” command
-”checkZboard” command
-Added ability to remove existing maps to keys
-Added Zboard Compatibility testerChanged:
Fixed:
-Changed all references of “Zboard config” to “Zboard Config”Removed:
Download Source (tar.bz2) MD5: 557bb8594795f70cd0210a21ac8e0edc
MERC zBoard “Driver†Finished
Posted by Mr. Pig
on April 2, 2007
1 comment
This version is now deprecated; please visit this post.
Well, I finished my hacked together linux version of the zEngine. It’s command line only and should be pretty easy to use. I haven’t been able to test it too much, but it should work. I decided there was no point to an eBuild or Makefile so I included two small shell scripts you can run. READ THE README – and anything the shell scripts say.
Download Source (tar.bz2) MD5: 115b0a3e150d048b43bcfbfaa0276f05
