Version 2.0 of my price watcher for Amazon, CowBoom, eBay, GameFly, GameStop, Microsoft Store, NewEgg, Walmart and any other site if you’re good with regular expressions. I mark these new updates as version 2.0 because the system use to just look for HTML snippets and inform you if they showed up or disappeared. I currently have watches for “Notify Me When Available” to see if store.sony.com will inform me as soon as they carry the PS4 on their website again. I also have a few searches looking for cheap items over at CowBoom going to notify me when one of their systems shows up cheap. Currently my system is invite only but just fill out my contact form if you’re interested in checking it out.
Also, if you’re not good with regular expressions and would like for me to come up with a regex for a website I’ll add it into the system. My next version of this system will use a hybrid of my current system using DomDocument to grab pricing data. I have a few ideas that I think would make the system a bit faster at parsing through the pricing plus I’d like to make the system smarter calculating in shipping costs if applicable.
While doing a bit of research after finding a few links on the web as well as emails from friends which my browser automatically download a file to my system, security.awt, and would have prompted me to install. This really isn’t a security file but rather malware who’s goal was to most likely grab all my personal info, text messages included and send it to some far off place on the web. I believe we should all have the mentality of if we didn’t go searching for it on the web then we shouldn’t install it as this will keep us mostly safe. The nice thing about Android devices is by default it will not let you install anything outside of the Google Play store unless you change your settings to do so.
You can find out if you have it enabled by opening “Settings” and navigate to the “Unknown Sources” option (under Applications or Security depending on your device).
You most likely have this turned off but if you’re using an outside repository to get games or apps for free or perhaps more likely you’re taking advantage of the free/cheaper games on the amazon market using the Amazon Marketplace App then you’ve probably left it off. If this is the case then you will want to turn it back off.
I recommend only enabling this option to initially install the app(s) then turning it off after because it doesn’t need to be enabled to use the apps once they’re installed.
I’d also recommend everyone install Lookout Security & Antivirus phone their Android phones as it’s free and does a decent job of protecting your phone. It can be found on the Google Play store and you should make it a point to download it as soon as you get a chance.
So I found a good way to proxy traffic if you ever find a need to do so. It just requires you have a linux box somewhere such as Dreamhost, Putty the SSH client and a browser with an addon that lets you create a proxy. If you don’t have a Dreamhost account then you can connect to a Linux server you have setup at your house. Just make sure you have port forwarding setup for SSH on your DSL/Cable Modem and pointed to your Linux box.
It’s fairly straight forward and the below is for Dreamhost. I saved mine with the SSH tunnel info so every time I connect I’ll have an dynamic port setup and ready for the browser to proxy through. Below are some images to help you set them up.
The destination should be your server name for Dreamhost. This could be localhost or the IP of the server you’re connecting too.
The 2nd part of this is connecting to the proxy you just setup locally. The best way to manage this is through Socks v.4 or v.5. I’m a Chrome fan so I’ll recommend SwitchySharp that lets you through a little icon switch between your “Direct Connection” and the proxy you’ll setup. FoxyProxy is also a good one for FireFox if you’re a fan of it.
For SwitchySharp just create a new profile that looks something like this:
Then just switch between to the profile if you have the proxy open through your SSH tunnel.
It’s just that easy assuming you have a Linux server available. I’d recommend Open Suse if you’re new to Linux distributions.
The awesomeness that is Google has figured out a way to speed up the web browsing world. The guys at Chromium have a white paper page on it and it has the potential of cutting the page load times of websites to just 1/3 of the normal TCP load time. Chrome and Firefox 11 already have implementations that use this and can be enabled for testing. Firefox has announced its version 13 will have it enabled by default. Google’s services and ads as well as Twitter already have SPDY implemented on their servers. Microsoft stated that while it’s a good idea it’s doesn’t speedup the web for applications such as those in the mobile world. Fixing this at the operating system would probably be a better solution but for the sake of time I feel SPDY will be a quick solution to the problem. I just hope we come up with a standard that iOS, Android and the Microsoft’s winsockets can all adhere to.
One of my somewhat recent projects I worked on completely in Flash was a “YouTube widget” in which I created a video carousel that adheres to the specifications given by YouTube that reads the XML feed for each of 6 our channels though the XML parser I wrote would read any YouTube feed. They do require that you use their embedded or chromeless player which we ended up just going with the embedded player. I’m very excited about this project and take a bit of pride in how it turned out.
A major vulnerability was found in WPS and routers using WPS. This vulnerability can lead to you being able to break the WPS and ultimately the WPA/WPA2 encryption on the router. Some important details in regard to this is even if the router has WPS disabled that it can still be circumvented.
This brute force attack is available via an code.google.com open source project called Reaver. This project is only supported on the Linux platform but is fairly straightforward for compiling. Just give it the interface to connect on and the BSSID of the target wireless network. I found I could get the BSSID via kismet easily enough.
Some devices they tested had a blocking mechanism to prevent brute force attacks. Below is a table in the PDF dealing with vendors and vulnerabilities.
Vendor
Device Name
HW-Version
FW-Version
Lock down
WPS-certified
D-Link
DIR-655
A4 (Web Interface)
A5 (Label)
1.35
No
Yes
Linksys
WRT320
1.0
1.0.04
?6
Yes
Netgear
WGR614v10
?
1.0.2.26
Yes
Yes
TP-Link
TL-WR1043ND
1.8
V1_110429
No
No
Firmware versions are up-to-date as of 18.10.2011.
Introduce sufficiently long lock-down periods in order to make an attack impractical. Of course this requires a new firmware release.
Attempts before lock down
Lock down time
Attempts per minute
Maximum attack time
Maximum attack time
Comment
11000
0 minutes
46.15
3.97 hours
0.17 days
no lock down
?7
4.20
43,65 hours
1,82 days
Netgear WGR614v10
3
1 minutes
2.82
65.08 hours
2.71 days
Requirement for WSC 2.0 certification?8
15
60 minutes
0.25
737.31 hours
30.72 days
Lock down configurations making brute force less practical
10
60 minutes
0.17
1103.97 hours
46.00 days
5
60 minutes
0.08
2203.97 hours
91.83 days
Assumed time per attempt: 1.3 seconds
?6 – WPS-functionality always stopped to work somewhere between 2 and 150 failed authentication attempts. The functionality did not even return after several hours. I would consider this a bug in the firmware which causes a DoS rather than lock-down functionality.
?7 – No consistent lock down pattern was found. However on average about 4.20 authentication attempts per minute were possible.
?8 – http://www.wi-fi.org/files/20110421_China_Symposia_full_merge.pdf
These gauges are rendered using SVG or VML and will animate the gauges. Because of their use of SVG and VML it’ll actually work in IE6 which I find amazing.
The geochart is showing states with color and size indications of density vs. population. It doesn’t appear to handle markers very well but when I switched the geochart to use regions it loads all the pieces of data like 50 states with a population and area defined quickly. The markers issue is probably because it’s geocoding the location of every state every time it loads but I’m just speculating.
These APIs are just a small part of the Google API available to developers who want to fiddle with things. If you’re further interested in playing with these APIs then you can check them out in their visualization playground. I also wanted to see how complicated it’d be to add JavaScript to blog posts.
This post covers how to resolve a few issues with using the import and export feature of WordPress multiuser 1.2.4 when migrating to the latest version of WordPress which at this time is 3.3.1. I’ll start by explaining the process where you can export the blog posts, pages, categories and links in an XML format called WXR, or WordPress Extended RSS. You can then take this export and import it into another blog like the latest version of WordPress.
I’ll start by going over how export which is just go to Manage > Export which will then allow you to download the XML for the specific site your on. Please not that you will need to go to each of your blog sites of the WPMU and use the export to WXR to get all the data for each of the sites.
Importing the XML is simple enough. Just go to Tools > Import in the WordPress admin area. This will probably require you to download the plugin and install it. It’ll also bark about not being able to upload unless the /wp-content/uploads/ or what ever directory you selected for uploads is writable by the server. Once you’ve done this and get a bunch of options to import from just simply select WordPress. You’ll then come to a page that should tell you to select a WXR file to upload.
This is where changing the WXR file may be necessary. I would at this point recommend backing up your current database information in case the import isn’t exactly what you expected. Once your information is backed up then open up the XML export and verify the following tags exist and look correct:
Make sure that the following tag exists: <wp:wxr_version>1.0</wp:wxr_version>. If this tag doesn’t exist then you’ll find that the importer will throw up an error saying that the WXR is invalid. I plugged in version 1.0 though the current version is at 1.1. I
Next you’ll want to take a look at how your category tags look within the <items>. You’ll see a bunch of <wp:category> with nicenames listed at the top of the feed and those should be fine. I’m talking about the ones specific to each post and page. If they look like this:
<category><![CDATA[News]]></category>
Then you’re going to need to update them with a domain and nicename attribute to look like this:
Please note the beginning ‘>’ and space in those replace commands as that is important. This should setup your WXR to import correctly. Well it did for me at least. There was also an issue with the blogrolls, or links in the newer version, which didn’t import at all but I had so few that I didn’t feel like it was worth the time fixing the XML to make it work.
If you have any further questions feel free to contact me in regards to any of this via my contact form. I hope this can be found useful to someone out there and I do offer cheap support for migrating websites from one host, platform, version to another.
