lolz.ws and lulz.ws Are Shutting Down on August 9

August 2, 2010 at 5:42 PM

I have decided to shut down my URL shortening sites, lolz.ws and lulz.ws, on August 9.

Here are some of the reasons why I have come to this decision:

  • The lack of traffic on these sites.
  • Most URLs were created by spammers.
  • lolz.ws was in the jwSpamSpy spam list for which reasons I do not know, causing it to be blocked by some web filters.
    • No email has ever been sent from this domain since the day I registered it.
    • It has since been taken out of the spam list as I requested but some filters still block the domain.
  • lolz.ws was once blocked for pornography.
  • The fact that there are many other URL shortening sites out there.

Posted in Projects | Tags: , , ,

How to Revert Your SVN Repository on Assembla

July 24, 2010 at 11:36 PM

There is no simple way to revert your repository to a previous revision on Assembla. However, a reversion is possible by following these steps.

First, export the SVN repository in your space. This can be done under the Import/Export section of your repository. It’ll take a minute for the dump to be created. Once that has completed, download the repository dump.

Then, extract the contents of the ZIP file to a temporary directory, then run the following commands in the temporary directory:

svnadmin create REPO_NAME
svnadmin load REPO_NAME < rXX.dump
svnadmin dump -r 1:YY REPO_NAME --incremental > rYY.dump
gzip rYY.dump

Replace XX with the current revision of your repository, YY with the revision you wish to revert to, and REPO_NAME with any name, such as your repository’s name. This name will not be carried over later.

Afterwards, delete the repository tool on Assembla by going to Admin -> Tools, then clicking Delete next to it which is located on the right. Now re-add the Source/SVN repository tool.

Finally, import the dump to the newly created repository by going to the Import/Export section and uploading the gzipped SVN dump. The process will take from a few to several minutes depending on how large your repository is.

Your repository should now be reverted back to the revision you specified.

There is no simple way to revert your repository to a previous revision on Assembla. However, a reversion can be done following these steps.

First, export the SVN repository in your space. This can be done under the Import/Export section of your repository. It’ll take a minute for the dump to be created. Once that’s finished download the dump.

Then, extract the contents of the ZIP file to a temporary directory, then run the following commands in the temporary directory:

svnadmin create REPO_NAME
svnadmin load REPO_NAME < rXX.dump
svnadmin dump -r 1:YY REPO_NAME --incremental > rYY.dump
gzip rYY.dump

Replace XX with the current revision of your repository, YY with the revision you wish to revert to, and REPO_NAME with whatever you like. The temporary repository name will not be carried over.

Afterward, delete the repository on Assembla by going to Admin -> Tools, then Delete it on the right. Now re-add the Source/SVN repository.

Finally, import the dump to the newly created repository by going to the Import/Export section and uploading the gzipped SVN dump. The process will take a few to several minutes depending on how big your repository is.

You’re repository should now be reverted.

Posted in Programming, Workarounds | Tags: , , ,

Outputting A to ZZZ in PHP

June 23, 2010 at 8:21 PM

Here is a way to output from A to ZZZ in PHP. There are probably better ways to do this but it works. I wasn’t able to find an example written in PHP that would do this so I wrote my own. I’m not sure if there is any use that this code will provide as it is mainly just a proof of concept.

<?php
$letters = range('a', 'z');

for ($a = 0; $a < 78; $a++)
{
	if ($a >= 26)
	{
		if ($a >= 52)
		{
			// AAA to ZZZ
			$orig_letter = $letters[$a - 52];
			for ($b = 0; $b < 26; $b++)
			{
				$orig_letter2 = $orig_letter . $letters[$b];

				for ($c = 0; $c < 26; $c++)
				{
					$letter = $orig_letter2 . $letters[$c];
					echo "$letter\n";
				}
			}
		}
		else
		{
			// AA to ZZ
			$orig_letter = $letters[$a - 26];
			for ($b = 0; $b < 26; $b++)
			{
				$letter = $orig_letter . $letters[$b];
				echo "$letter\n";
			}
		}
	}
	else
	{
		// A to Z
		$letter = $letters[$a];
		echo "$letter\n";
	}
}

Posted in Programming | Tags:

The Serious Privacy Issues with Facebook

May 7, 2010 at 9:53 PM

Facebook has been making a lot of changes recently and many of which I am not pleased with them. Most of the issues mainly come down to privacy, which is slowing eroding away. The default privacy settings on Facebook are defaulted to Everyone. Everytime a new privacy setting comes along, it’s setting is usually defaulted to Everyone. It seems that Facebook is trying to push users to be more open and public whether if they know it or not and if they like it or not.

One of the recent changes on Facebook is that the information that is listed on profiles have been turned into “Connections”. This means that now just about every piece of information listed on your profile is now associated with a page you like (or are a fan of), and they’re public too. This includes your current city, hometown, education, work history, and all your interests and activities. The problem with this is your connections are now public to everyone. Sure, you can control the “Visibility” of them on your profile, but that doesn’t mean they won’t show elsewhere on the site publicly to others that aren’t your friend. For example, when you make a connection to a page by simply liking the page, it is possible that you will show up on the page under the list of the people that like that certain page. There is, however, pages you cannot control the “Visibility” of on your profile and these pages are ones that not categorized, which are the ones placed under the Other category, in your interests. Also, every page you like is also able to show posts on your news feed unless you explicitly choose to hide them from your news feed or decide unlike the page.

I have decided to unlike every page I “liked” since I have became annoyed with all the news feed spam I received from these pages and how the connections were made public to everyone. This means that I no longer have any interests listed on my profile, oh well. I have noticed that when you do list your current city, hometown, education, and work history, you do not automatically like the page associated with it. This means if you unlike these pages, Facebook does not remove these pieces of information from your profile.

Another issue is that if you mention a page’s name in any post on your wall, it may show on up the page itself without you having any say of this happening, regardless if you have a connection with the page or not. If the privacy on the post mentioning the page is set to public, it may be visible for everyone to see on that page.

You are automatically opted in Instant Personalization which automatically shares your public information. Currently sites such as Docs.com, Pandora, and Yelp are able to see your public information. You can opt out from Instant Personalization, but this does not prevent your friends from sharing information about you to these sites, which Facebook says, “Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application.” So in order to fully opt out, you must block every application that is part of Instant Personalization to prevent any information from being shared, which is completely unacceptable.

Data you have set to private is shared with apps you use on Facebook. Almost all your data is shared with applications you authorize. Even your friends can share information about you to applications they use without you knowing. This is a big issue since you are now trusting the application developers to keep your data private. Many of application developers are unknown and this creates a major risk of your private data spreading. Facebook does not check applications to see if they are indeed doing something malicious such as ones out there to steal user’s information.

Posted in Issues, Social Networking | Tags: , ,

So I Haven’t Blogged in a While

March 29, 2010 at 6:42 PM

As you may have noticed, I have not posted anything on my blog for about two months now. I just haven’t had much to write about recently and have also been busy with other things in life so I haven’t had much time to create new posts.

I plan on posting more soon.

Posted in General | Tags: ,

iPrism is Blocking lolz.ws for Pornography?

January 25, 2010 at 3:37 PM

So today I have discovered that lolz.ws is on the filter list on iPrism for pornography/nudity.

Now the last time I checked, lolz.ws has no sort of pornography or nudity which makes this baffling to me. It is simply a service to make short URLs similar to bit.ly and TinyURL.

I have had issues with this domain before. The domain was in the jwSpamSpy spam domain blacklist a few months ago for some odd reason. Since the domain was in there some other web content filters had been blocking the site. I was able to get the blacklist removed for the domain though.

Update 1/27: iPrism has updated the rating of the site to “Internet Service”

Posted in Issues | Tags: , , , ,

The Dislike Button is Not Here

December 30, 2009 at 10:46 PM

Last month I wrote about fake “Dislike Button” groups and fan pages and how they were creating spam. Well now is seems this one group called “Dislike Button™ is Finally Here! Add it Now!” keeps popping up in my news feed. At the time of writing the group has 1,239,032 members and is increasing rapidly. The member count keeps increasing because every person that joins the group is following these bogus instructions:

Click 1 ► Join

Click 2 ► Invite People to Join

Click 3 ► Select All Your Friends

Click 4 ► Send Invitations

Click 5 ► Dislike Button™

Obviously after sending the invitations no dislike button will appear, this is where people mostly lack common sense. Since everyone keeps joining the group, I keep seeing it in my news feed because they either accept the invites or go “oh hey yay!” and join it. Even worse, they too invite all their friends. I have reported this group several times, but Facebook as usual does nothing. Hell it lets me report it again after reporting it when usually it doesn’t allow you to, so I doubt they’re getting the report at all.

What are wrong with these kind groups? They create spam in the news feed and requests.

Since I’ve gotten tired of this crap, I’ve been tempted to create this Facebook group called “Your friend and 12 other idiots joined the group Dislike Button…

Posted in Social Networking | Tags: , , , ,

Dislike Button on Facebook? O RLY?

November 8, 2009 at 12:26 PM

So Facebook has tons of fake group and fan pages cause people can’t get enough attention. Most of them I don’t care but this one I feel like writing about. I start to see my friends joining a group called “DISLIKE BUTTON is finally here– Add it now!” I obviously know the group is fake but I go to check it out anyways.

This group has instructions on how to get a dislike button on Facebook. I know it’s not true, but here are the instructions for supposedly getting a button:

NOTE: IF YOU DO NOT DO EACH STEP CORRECTLY, THIS WILL NOT WORK.

Step 1: Follow this twitter application http://twitter.com/guinnessrecord

Step 2: Click invite people to join!

Step 3: While you have the invitation page up, copy and Paste this script into your address bar EXACTLY AS IT IS and hit enter:

javascript:var numfriends=document.getElementById(‘friends’).getElementsByTagName(‘li’).length;fs.click(document.getElementById(‘friends’).getElementsByTagName(‘a’)[1].parentNode);for(var i=0; i < numfriends; i++){fs.click(document.getElementById(‘friends’).getElementsByTagName(‘a’)[i].parentNode);}

Step 4: Confirm invitations sent.

Step 5: To finally get the dislike button you must then click here- http://tinyurl.com/fbdislikebutton If that link doesn’t work, make sure you thoroughly completed steps 1-4-5.

HINT: If it didn’t work. You didn’t do it right; repeat steps 1-4.

Lets get into detail:

  • Step 1 is just obviously the user wants more followers on Twitter.
  • Step 2 is getting people to go to the Invite Friends page.
  • Step 3 is just executing JavaScript code in order to have everyone on the Invite Friends page to be selected so users don’t waste their time selecting everyone.
  • Step 4 is sending out the invites to all your friends.
  • Step 5 goes to http://www.facebook.com, how do I know? It’s called http://preview.tinyurl.com/fbdislikebutton

See, just another fake Facebook group wasting my time and I got gullible friends joining this crap.

Posted in Social Networking | Tags: , , ,

Login By Username On MySpace By Emulating iPhone Login

October 31, 2009 at 8:16 PM

One day I was logging onto MySpace using the iPhone app, I was curious to try using my username (it’s your vanity URL, if not set it’s your Friend ID), and it worked. Now I’m not sure why MySpace freaks out over being able to login by the username because Facebook intentionally allowed logging in by username earlier this month.

Since this login works on the iPhone/iPod Touch, there has to be a way to bring it to the computer in order to use this method. Since my router is pretty much a Linux server running DHCP on it, I could easily run a packet sniffer in the middle to find out how the iPhone/iPod Touch was communicating to MySpace. The packet sniffer I used was shell based and is called Justniffer.

After figuring out the packet sniffer I figured out that the iPhone app uses SOAP+XML to exchange data. Once you type in the username and password, it sends the password in clear text to MySpace in order to create a hash and salt of the password. I am not sure why they really need to do this since you already sent the password over clear text, they could just save themselves a HTTP request by doing it in the actually login process.

Update 11/5: MySpace has fixed this issue and logging in by username no longer works. The following error now occurs, “The email supplied is not registered to a valid user.”

The first step of the authentication request makes the following HTTP request:

POST /SecurityService.asmx HTTP/1.1
Host: mobileservices.myspace.com
User-Agent: MySpace/1.6 CFNetwork/459 Darwin/10.0.0d3
Content-Length: 595
Content-Type: text/xml; charset=utf-8
Authorization: OAuth realm="http://mobileservices.myspace.com/",oauth_consumer_key="1000002",oauth_token="",oauth_signature_method="HMAC-SHA1",oauth_signature="MC37B2CcYBDeJPlT%2BT1jsjCZPSM%3D",oauth_timestamp="1256437313",oauth_nonce="9EC617B6-DEB7-427A-9463-B6AE3CFD8F4A",oauth_version="1.0"
Soapaction: urn:MySpace.IntegrationServices/GetSaltAndHash
Accept: */*
Accept-Language: en-us
Cookie: SessionDDF1=2962622b49c74a011793142740791e622b72e026b3477387; SessionDDF2=22b8f3a96cb338ae3990d279b29cefa01e58e2c5118f4486
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Header>
<MySpace xmlns="urn:MySpace.IntegrationServices">
<Version>iPhone: 1.6</Version>
<DeviceID>b6aaa9591ef5811e499ee1bf04758b3533eaccd7</DeviceID>
</MySpace>
</soap12:Header>
<soap12:Body>
<GetSaltAndHash xmlns="urn:MySpace.IntegrationServices">
<request>
<TokenType>Mobile</TokenType>
<Clear>p@ssw0rd</Clear>
</request>
</GetSaltAndHash>
</soap12:Body>
</soap12:Envelope>

In this example the password simply is p@ssw0rd. Notice how there is no spot for the username in this request, all it does is create a salt and hash based on that password. I have no idea why this is necessary but knowing MySpace they obviously think it is.

This request will outcome the following HTTP response:

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 547
Content-Type: application/soap+xml; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Server: 7b262264f255ce9e4eea78ee5ed43e765b933575b6ad33d5
Set-Cookie: SessionDDF1=8c39718f6f8758c74900ce98793335c96e886d8666f52130; domain=.myspace.com; path=/
Date: Sun, 01 Nov 2009 02:52:01 GMT
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<GetSaltAndHashResponsexmlns="urn:MySpace.IntegrationServices">
<Results>
<Status>Success</Status>
<StatusCode>Success</StatusCode>
<SecurityComponents>
<Salt>Q8NysHYF/cKqV/+RES0NdA==</Salt>
<Hash>N+HrTQhAJencbKruQ2e8/qDKhELcJDq824aoSYzl5MA=</Hash>
</SecurityComponents>
</Results>
</GetSaltAndHashResponse>
</soap:Body>
</soap:Envelope>

Now since they have received the salt and hash, we can proceed onto step two of the authentication. This actually verifies the login information with the salt and hash along with the username or email it has received. This step makes the following HTTP request:

POST /SecurityService.asmx HTTP/1.1
Host: mobileservices.myspace.com
User-Agent: MySpace/1.6 CFNetwork/459 Darwin/10.0.0d3
Content-Length: 858
Content-Type: text/xml; charset=utf-8
Authorization: OAuth realm="http://mobileservices.myspace.com/",oauth_consumer_key="1000002",oauth_token="",oauth_signature_method="HMAC-SHA1",oauth_signature="L3vOxtNAADDGBRv2i16UvMoP97g%3D",oauth_timestamp="1256437314",oauth_nonce="E493D130-9496-4A17-A861-5862C657DF57",oauth_version="1.0"
Soapaction: urn:MySpace.IntegrationServices/Authenticate
Accept: */*
Accept-Language: en-us
Cookie: SessionDDF1=2962622b49c74a011793142740791e622b72e026b3477387; SessionDDF2=22b8f3a96cb338ae3990d279b29cefa01e58e2c5118f4486
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
<soap12:Header>
<MySpace xmlns="urn:MySpace.IntegrationServices">
<Version>iPhone: 1.6</Version>
<DeviceID>b6aaa9591ef5811e499ee1bf04758b3533eaccd7</DeviceID>
</MySpace>
</soap12:Header>
<soap12:Body>
<Authenticate xmlns="urn:MySpace.IntegrationServices">
<request>
<RequestData>
<Hash>N+HrTQhAJencbKruQ2e8/qDKhELcJDq824aoSYzl5MA=</Hash>
<CaptchaInfo>
<CaptchaLevel>Medium</CaptchaLevel>
<CaptchaGuid></CaptchaGuid>
<CaptchaImageSize>Sz120</CaptchaImageSize>
<CaptchaText></CaptchaText>
</CaptchaInfo>
<Salt>Q8NysHYF/cKqV/+RES0NdA==</Salt>
<Credential>somerandomusername</Credential>
</RequestData>
</request>
</Authenticate>
</soap12:Body>
</soap12:Envelope>

In this request we have used the hash and salt, along with the username which is called Credential here. In this example it is somerandomusername. Now since this is all sent the following HTTP response occurs:

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Length: 566
Content-Type: application/soap+xml; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Server: 12e0f2a61ef7e974de69e6f93fc8612bb56e8a9e86e1792c
Set-Cookie: SessionDDF1=ee28a6c308e5ab151a34f39f979df9e80737ca2a9eeb80d7; domain=.myspace.com; path=/
Date: Sun, 01 Nov 2009 02:59:28 GMT
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<AuthenticateResponse xmlns="urn:MySpace.IntegrationServices">
<AuthenticateResult>
<StatusMessage>Invalid username or password.</StatusMessage>
<Status>Error</Status>
<ErrorInfo>
<Name>InvalidCredentials</Name>
<Description>Invalid username or password.</Description>
</ErrorInfo>
</AuthenticateResult>
</AuthenticateResponse>
</soap:Body>
</soap:Envelope>

Since the the password to somerandomusername is invalid, we are presented with “Invalid username or password.” I honestly do not understand why there needs to be a creation of the salt and hash before the actual authentication request is made.

Now since I know how the requests are made, I’ve wrote a program to emulate these requests. The program was created with Eclipse using Java 1.6.

The program can be downloaded here.
The source code is included and the program may be modified and redistributed freely.
DISCLAIMER: I am not liable for ANY damages caused by this program.

Here are screenshots of the program in use:

Usage
Arguments for the program.

LoginFail
Example of a failed login.

LoginLockedOut
Example of a failed login on a locked out account. Notice in the response it says “There was an error in processing this request.”

LoginSuccess
Example of a successful login.

Posted in Issues, Programming, Social Networking | Tags: , , , , , , ,

Facebook Friends Edit Pencil Disappeared?

September 3, 2009 at 3:04 PM

Here’s a little annoyance, I go to edit the Friends box on my profile on Facebook to make it show more friends, and I noticed the pencil is gone. Great, and it appears people were having this issue for a few days now. I’ve even found a couple of questions on the Facebook Help Center about it. I decided to study the issue, appears it’s a CSS styling error. Appears Facebook is having a lot of these problems recently, and they haven’t fixed them but instead they have been busy publishing press blog posts and interviews, of course.

I first mentioned in that Help Center thread:

This seems to be to happening to all Boxes except for the Information one. It appears to be a CSS styling problem for the pencil not to be appearing.

I have noticed the CSS problems growing (i.e., the header). There have always been cases of boxes popping up randomly too. Hopefully Facebook doesn’t become another MySpace and fixes these issues.

Then later on I found a workaround:

Hmm, it appears I figured out how to pop it out.

If you are using Firefox and have the add-on extension Firebug, do the following:

1. Right click on the Friends label of the Friends box and click Inspect Element.
2. Here it highlights when the console pops up, right above it should say: <div id=”box_app_2356318349″ class=”box”>
This is the one you want. Note that the numbers in the ID may be different, don’t worry about this.
3. Click on the “box” part of the tag and put this in “basic_info_summary”
It should look like this afterwards: <div id=”box_app_2356318349″ class=”box basic_info_summary”>
4. Click the pencil, notice how it pops up now.

This is a workaround I’ve found, hopefully Facebook fixes this, I doubt most users will understand my instructions but I tried my best to clearly to explain them to users having this problem.

So everytime you are going to have to use that workaround to edit the Friends box, or any other box for that matter until they fix the issue (all the pencil icons except for the Information box disappeared for me -.-).

Update: These same instructions for the workaround appear to work for Chrome, according to the Help Center thread.

Update 2: Appears Facebook has fixed this issue.

Posted in Social Networking, Workarounds | Tags: , , ,

Older Posts »