Firefox still sucks.  I don’t care what everyone else in the world thinks, and I know it’s an unpopular opinion, but it’s the truth.  While they bitch about “standards” all the time, the fact is, 95% of what Firefox calls “a standard” isn’t even ratified yet.  When developers can’t tell a “Standard” from a “Request For Comment,” all sorts of malady ensues.
     It’s also disingenuous on the part of Web Developers to say, “It won’t render right in IE because IE sucks!” when the fact is, any Web Developer worth their salt would make an attempt to make a page render right in the predominant browser and its inferior counterpart.  Yet, for some reason, the call is to “blame Microsoft” every time a Developer makes a stupid mistake or doesn’t know what the Hell they’re doing…

     There’s also this ridiculous assertion that Firefox is inherently bullet-proof as far as being hackable.  The case is that IE is the predominant browser, so it makes sense to use it as the target for widespread attacks.  Firefox is an even more broken mess from a Security standpoint, and the veracity of its issues span across multiple platforms, despite claims otherwise.

     A nice little case in point of “shitty code” in Firefox is this attack vector I found two years ago and apparently still isn’t fixed…

     Get out your favorite PHP editor, and send an image in a stream… but in the header, use these two lines instead of something normal:

echo "Content-type: image/jpg";
echo "Content-length: 0";

     Now, with every other user-agent in the world, this won’t work for two very important reasons:

1. “image/jpg” is not a valid content-type.  “image/jpeg” is.
2. A connection-length of zero bytes tells the user-agent not to receive any data.

     Firefox, on the other hand, will go ahead and render the invalid content-type, zero-byte image at whatever size the Server streams to it, proving that it doesn’t care what’s actually being received from a possibly malicious host.

     Can you say, “Exploitable,” boys and girls?

     I knew you could…

     A few people have asked where the comment avatars went lately …

     Well, the old suggestion was, “Sign up for MyBlogLog and it’ll pull them from there,” but Yahoo screwed that up recently.

     The best suggestion now is to go to Gravatar and sign up … you can even add multiple e-mail addresses, each with its own picture if you like, to your primary account.

     So check it out … It’ll work automagically on thousands of Wordpress-based sites out there, as well as a lot of other places you might not expect…

     From what I’ve seen, this is the only page on the Internet that actually answers this rather popular question, and it’s out there on the ‘net about a million times…

     “How do I get my screensaver to take up the full screen on the A920?”

     If you have a miniSD card with a converter, you can easily size your background image to the perfect resolution of 176×220 (the screen’s natural resolution) on your computer, pop the card in the phone, select the image, assign it as a screensaver and that should make ‘em full screen, right?
     Oh, hell no.  It’s much more convoluted.  You’ll end up with white bars at the top and bottom of the screen, and the vertical res cropped, thus destroying your picture and making your phone’s desktop look like total crap.

     The fix is easy, although convoluted.

     Hit the “Camera” button, then hit “7″ for “Settings & Info.”  Select “3″ for “View Mode” and set it to “Portrait.”  The phone will probably power off at that point, but when it comes back up, the white menu bars at the top and bottom are gone.

     I have no idea why the hell they’d drop it under Camera Settings…

     And, the fact that it crops photos in landscape mode when the vertical size is bloody well larger that the horizontal size is beyond me.

     And, why they insist on calling a background image a screen saver is totally messed up…

     It’s no friggin’ wonder everyone keeps calling their XP background a “screen saver” these days.  *shakes head*

     Quirky, at best.  And for sure, it should be filed under “annoying stuff to piss people off.”

     If you’re using Pyzor to help you block spam (a lot of people use it alongside SpamAssassin), then you’ve probably run into these nasty “pyzor: check failed: internal error” messages in your maillog since July 21st.
     After digging into on my own a bit, I found two things.  The first was the “InternalError” was being caused by a corrupt “servers” file that contained nothing but “File Not Found” information.  The second was that the “discover” command line was returning:

downloading servers from http://pyzor.sourceforge.net/cgi-bin/inform-servers-0-3-x
Traceback (most recent call last):
  File “/usr/bin/pyzor”, line 4, in ?
    pyzor.client.run()
  File “/usr/lib/python2.4/site-packages/pyzor/client.py”, line 991, in run
    ExecCall().run()
  File “/usr/lib/python2.4/site-packages/pyzor/client.py”, line 185, in run
    self.servers  = self.get_servers(servers_fn)
  File “/usr/lib/python2.4/site-packages/pyzor/client.py”, line 410, in get_servers
    servers.read(open(servers_fn))
  File “/usr/lib/python2.4/site-packages/pyzor/client.py”, line 119, in read
    self.append(pyzor.Address.from_str(line))
  File “/usr/lib/python2.4/site-packages/pyzor/__init__.py”, line 458, in from_str
    fields[1] = int(fields[1])
IndexError: list index out of range 

     Obviously, linking to non-existent files, especially in the /cgi-bin/ directory, is a bad thing.

     As a temporary measure, simply disable your “pyzor discover” cron job, and manually add “82.94.255.100:24441″ into your “servers” file (wherever it may be with your configuration).

It started as a slight itch in his nose; a tingle in the beginning.  If you were experiencing it, it would only have been enough of an itch to bring your finger up to scratch and then go on. The hour he spent searching for the illusive object with the tweezers, he didn’t scratch just so he could remove whatever it was. He made up for the torture of not scratching by moving his finger quickly, over and over again…feeling the sensation of relief for one single second before the itching began again. He pulled the tweezer out of his nose and scratched, rubbed and desperately dug with his finger to find the twig-like thing in his nose; knowing he had proof that something was there. The relief affected his entire body, giving him goose bumps and the confusing sensation as though he had just had an orgasm.  He would have checked his pants, but the itching continued.

But then the itching didn’t stop.

Another tingle, another scratch.
Another tingle, another scratch.

He noticed his nose was red from where he was scratching it so much.  He put lotion on his nose and thought perhaps what caused his nose to itch so much was living in the dry air from furnace heat during the winter months.  After all, his skin was scaly from getting so dry.

Two days later his nose was raw and red…but he continued to scratch despite how painful it was because the itching was much worse.

And then non-stop scratching.

The itching continued.

Three days later his nose was bleeding and burned when he scratched.  But he couldn’t help himself.  The incessant itching became maddening for him.  He couldn’t sleep, he wasn’t eating…he wasn’t living.  All he could do was keep scratching.

He looked in the mirror and cried as he scratched and rubbed his inflamed nostril.  Blood stained his index finger and fingernails.

And then it began to itch deeper into his nose, but the sensation changed from tingling to more of a crawling feeling.

He stuck his finger deep inside his nose to relieve the itch and when he looked in the mirror, his finger was in his nose up to the knuckle and still, the itching continued.

He had not left home during these last three days.  He couldn’t get to the door before having to scratch his nose.  He felt embarrassed and incapacitated by the itch.  He just knew at some point the itch would stop and he decided to wait it out.

But it didn’t stop.

Knuckle deep in his nose, wiggling his finger around, rubbing and scratching, he felt a slight prick by what seemed like the tip of a twig.

“What the fuck is that?  What the goddamned fuck is in my nose?” he thought to himself.  He grabbed his tweezers and put them deep inside his nose.

At first, the cold metal felt good against his hot and sore nose.  But then the metal felt uncomfortable and burned in the way that metal objects don’t belong that far into a nasal cavity and his body let him know it through pain.  He kept pinching and searching for the twig-like thing, and an hour later he finally felt it again.  He pinched tightly and pulled slowly to make sure he could pull whatever it was out.  He felt something move with his slight pull.  Just as he felt hopeful, just as he felt confident he would be able to get it out, a piece of whatever it was broke off.

He looked down at the tweezers to determine what he had pulled from his nose.  What he saw looked much like a splinter.

He shoved the tweezer back in and kept searching.  The metal stung, his nose itched, and then…

he felt whatever it was in his nose move on its own.

It crawled up his nasal cavity, increasing the sensation of an itch that could only be matched by a horrible poison ivy exposure.  It itched so much more intensely now that he could barely feel the movement of whatever it was inside his nose.  His nose itched so much that he began to bleed some more and and the rawness burned like fire.

He stopped itching.

It stopped moving.

His head felt hot.

His nose throbbed.

He looked at his finger.

And then he fell to the floor.

He didn’t move.

The silence in the bathroom felt sterile.

Then began a scratching sound followed by the sound that iceburg lettuce makes when someone has ripped it in half.  His head split in half and each of the halves rocked back and forth like a freshly discarded walnut shell.

There was nothing inside his head.   No brains, no blood, no juices.

From the empty shell that used to house memories, a personality, and the blueprint for his life, crawled something that looked like a roach.  Every part of its body was symmetrical - each half of it’s shell was identical to the other.  Each leg had the same bend on one side as it did on the other side.  Each eye carried the same glassy reflection of the bathroom light - a bright, obtuse, white shape in a pool of black glass.

The only difference was one of the bug’s antenna was shorter than the other.

     Ya know, I saw a random bug report in the Wordpress forums about the Search Everything plugin with no actual description about what the bug was.  It just had a code snippet and said “108.”  No explanation, no fix… Just a complaint that says “108.”

     In SE-Admin.php, change Line 108 from:

<p><input type=”checkbox” id=”search_drafts” name=”search_drafts” value=”true”  <?php if($options['SE4_use_draft_search'] == ‘true’) { echo ‘checked=”true”‘; } ?>

     To:

<p><input type=”checkbox” id=”search_drafts” name=”search_drafts” value=”true”  <?php if($options['SE4_use_draft_search'] == ‘true’) { echo ‘checked=”true”‘; } ?> />

     Of course, while you’re at it, you can fix Line 102 from:

<p>     <input type=”checkbox” class=”SE_text_input” id=”appvd_comments” name=”appvd_comments” value=”true”  <?php if($options['SE4_approved_comments_only'] == ‘true’) { echo ‘checked=”true”‘; } ?>

to

<p>     <input type=”checkbox” class=”SE_text_input” id=”appvd_comments” name=”appvd_comments” value=”true”  <?php if($options['SE4_approved_comments_only'] == ‘true’) { echo ‘checked=”true”‘; } ?> />

     After doing that, some of the check boxes will actually show and work on the Settings page…

     There’s a stopper-style bug in the the latest Akismet plugin for Wordpress.  If you have multiple pages of Spam Comments, it keeps returning the first fifty — not good if you get as much Spam as we do, as we have to periodically check for false positives.
     The fix is easy…

     In Akismet 2.1.4, change wp-content/plugins/akismet/akismet.php, line 483 from:

        $comments = akismet_spam_comments( $current_type );

     to

        $comments = akismet_spam_comments( $current_type, $page );

     And Enjoy. 

     Arne Brachnold’s Google Sitemap Generator for Wordpress is a pretty neat piece of software that’ll build a Google-style XML-Sitemap, and ping Google with it every time you update your blog.
     Good stuff for SEO, good stuff for making sure Google has your site indexed. 

     After setting up a few blogs with the latest, I found a caveat that just annoyed me to death: you’re in the Admin, but when you manually update the sitemap, it comes back with a blank page. Sure, I know how to work around it, but they guys I’m setting this stuff up for get all huffy about it.
     Pretty quick bug to figure out.  There’s even a nice ticket on Trac (Ticket 604) that I’m unable to post this solution to…
     Line 2463 of sitemap.php is:

<script type=”text/javascript” src=”list-manipulation.js” mce_src=”list-manipulation.js”></script>

     Of course, that doesn’t exist, but if we change it to:

<script type=”text/javascript” src=”../wp-includes/js/list-manipulation-js.php” mce_src=”../wp-includes/js/list-manipulation-js.php”></script>

     …then all is right and good with the world.

     Hopefully, Arne’ll drop this in his next release — and be able to close Ticket 604 on Trac. 

[Ed. Note: The text of this article refers to "the latest" Wordpress (2.1.x) and version of the plugin for it (3.0xxx).]

     Yesterday, I was called to fix this bug, which caused a SQL error when users would go to the Stats / Leaders page:

Error:

mySQL query error: SELECT m.id, m.name, m.email, m.hide_email, m.location, m.aim_name, m.icq_number,
  f.id as forum_id, f.read_perms, f.name as forum_name, c.state
  FROM ibf_members m, ibf_categories c
  LEFT JOIN ibf_moderators mod ON((m.id=mod.member_id or (mod.is_group=1 and mod.group_id=m.mgroup)))
  LEFT JOIN ibf_forums f ON(f.id=mod.forum_id)
  WHERE c.id=f.category AND c.state != 0

mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘mod ON((m.id=mod.member_id or (mod.is_group=1 and mod.group_id=m.mgroup)))’ at line 4

     Not too difficult to spot that first LEFT JOIN is broke … Editing the query in ~/sources/misc/stats.php, line 255, and surrounding `mod` with backticks did the job.

     Although, it’d be nice if customers would keep their software versions up-to-date…