We live in a potentially hostile world. Spammers, scammers, hackers and - alas! - script kiddies are after our site, for all we know. It's bad if - like most people - your site is your personal page. It's humiliating if - like many - it's the internet presence of your company. It's devastating if you are one of those people whose site is their business. Having regular, automated full site backups is a good first step, but they're only good at fixing a disaster after it has happened. Putting restrictions and controls (such as firewalls and tough passwords) is essential, but only if they don't fail. As Einstein bluntly put it "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former". An ingenius hacker, or a stupid script kiddie, might stumble upon a way to bypass your security controls and gain unauthorized access to your site. They can even hack you yesterday and eploit their back door today.

So, what can we do? Sit around, act casual until disaster strikes? No, not at all. What we need is a proactive check of our site files. If anything unusual is added, removed or modified the equivalent of a red alert should go off in our head and force us to take measures to contain and fix the problem before it's too late. It all boils down to an easy way to get a difference between the current state of our site and the last (and also known good) state of our site. This is the question I tried to answer with JoomlaPack SiteDiff.

Today it was one of my most productive days. After a JCE plugin for K2 content items and putting modules inside tabs, I decided to do some PHP hacking, with great results. The object of my pursuit was to create a variation of the Factory pattern, written in PHP5, which can be serialized and unserialized at will. Purists will observe that my implementation is not a direct implementation of the Factory design pattern. In fact, it is modelled as a serializable version of the Joomla! 1.5 JFactory class, which provides static methods for instanciating Singletons. Let's dive to the code, OK?

 

Today I was reading Brian Teeman's blog post "Help my Joomla web site has been hacked!!". It outlines a pretty much scary story of site hacking. As we all know, security is a speed race. We have to upgrade our site software before a potential hacker gets wind of our outdated scripts, otherwise we run the risk of having our site compromised before we can react. What's more, the compromise might be exploited to the attacker's benefit long after we have upgraded the vulnerable site software, adding to our confusion. Quite a nightmare. But the hidden gem of this story, is a link back to Brian's "Are you a Dork?" post. He implies that attackers can easily guess the version of our site's extension, before breaking in our site. How can they? And what can we do to stop them? Read on for the full disclosure.

Edit May 2012: The information in this post is severely outdated. You can use my Master .htaccess or Admin Tools Professional by AkeebaBackup.com instead.

This article is currently available only in Greek Πριν από λίγο καιρό αγόρασα ένα πακέτο σύνδεσης Cosmote Internet On The Go, ώστε να έχω σύνδεση Internet παντού. Η μεγάλη πρόκληση ήταν να το κάνω να δουλέψει, παρά τις αντίθετες διαβεβαιώσεις του πωλητή στο κατάστημα Cosmote, με το Ubuntu Netbook Remix που έχω εγκαταστήσει εδώ και λίγο καιρό στο EeePC μου. Ενώ, θεωρητικά, ο Network Manager υποστηρίζει εγγενώς συνδέσεις 3G Internet, τα πράγματα χωλαίνουν λόγω του μη υποστηριζόμενου USB stick της Cosmote (ZTE MF636) και της εμμονής μου... να θέλω να έχω PIN στην SIM! Ο επιμένων, όμως, νικά!

Edit May 2012: Εδώ και κάνα χρόνο ή και παραπάνω το Ubuntu έχει drivers από τη μαμά του. Δεν χρειάζεται πλέον τίποτα απ'όσα αναφέρω εδώ.

One of the greatest aspects of Lazarus, the free Delphi-like RAD environment of the FreePascal project, is its ability to cross-compile applications targetting Windows Mobile devices. I was taking a look at various CellID-based geolocation software lately and I thought I could probably write something of my own. However, it seems that most information pertaining to obtaining the CellID on WM devices is written for the .NET CF and there is - of course - nothing about Lazarus. So, I wrote my own simple unit to query the Cell ID, LAC and MNC codes of my Windows Mobile phone using nothing but Lazarus.

 

Sometimes there is a need to hide Joomla! modules from registered (non-guest) users. For example, we may have a "please register" banner rendered by a module, which makes it rather pointless to be shown to registered users. Unfortunately, there is no such functionality in Joomla! 1.5.x. Instead of groing old waiting for Joomla! 1.6 to arrive, you can use a viable workaround. 

As I had written about in the past, I am the proud owner of an EeePC 900 since December 2008. One of the things that was bugging me all that time was that it had to run on Windows. Frankly, I couldn't find a good reason to do so, as for the most part I was using Firefox, Skype and OpenOffice, all available under Linux. That, and it was extremely time-consuming waiting for that Windows XP to start up. So, I decided to install Linux on it.

 

As I have already implied, I installed Mandriva Linux 2009 Spring on my EeePC 900. Mandriva is such a great Linux distribution and almost 100% EeePC-friendly. The first obstacle I had to overcome was the seemingly broken touchpad behaviour. The next obstacle I had to overcome was of much less importance: simulating ASUS EeePC Control functionality on Linux. Thankfully, there is a great software called EeeControl, but it wouldn't install on my new distribution. Hey, I am a Linux guy, so I had to fix this too. It wasn't that hard after all. Interested?

 

Mandriva Linux 2009.1 is a great Linux distribution, much more elegant than its predecessor. However, there is a serious "regression" to its predecessor. The Elantech touchpad of many netbooks and laptops - most notably all EeePC's - and probably other brands of touchpads behave oddly. For starters, there is no gesture support. Forget tap-to-click, two finger swipe for scrolling etc. Then, the pointer movement is jerky, as if the touchpad is acting as a touch screen!

This problem happened because Mandriva switched from defaulting to the proprietary Synaptics driver to the open-source generic mouse driver. While this switch should be acceptable for their Free edition, doing so in the Powerpack and One editions is - the least to say - annoying, as it totally ruins user experience, especially if you are a newbie. Thankfully, it's quite easy to fix!

 

One of the things every blogger is aware is the existence of off-line post editors. One of them, Windows Live Writer by Microsoft, is an extremely professional solution – available at no cost. What most Joomla! site owners are not aware of, though, is that this tool can be used to effectively edit new content of their web site.