Parrot gets cookie

Before I encountered Lisp, I had been using Perl for a while. Nowadays I’m mostly toying with an unfinished unofficial Arc implementation. Surprisingly the two got together: Parrot, the expected Perl 6 virtual machine, is made to support other languages as well. There are already projects for Parrot implementations of APL, Basic, Befunge, Brainfuck, CL and dotnet, to name a few. The list includes a mostly working Python implementation.

Another plus: it uses continuations everywhere (not what you’d expect be necessary with Perl), so it’s ideal for a Lisp dialect host. You can use CPAN, wxPerl, SDL, sinp.py, interact with Perl and Python, and so on. There’s just one implementation, targeted at portability, so you don’t have to bother with your favorite CL implementation not supporting platforms.. Perfect. I love it.

Caught by a CrackerTracker

Our friends group has this forum. It’s really useful for chatting about topics that concern the whole group and multicasting (birthday) invitations. It is rented at some host that probably decided to get rid of all phpbb insecurities at once, and installed a filter. It now features a really impressive button showing a key and ‘ctracker’ on it. After that, there is (at story-time) ‘blocked 33 attacks’.

So I really wanted to know what counted as an attack. Apparently, POSTing a simple SQL injection query didn’t trigger it. Or anything I’d try to send it. So, I went to cback.de, who made the tool. According to the GPLv1′d source (well, it didn’t even mention a version number), it triggers when you put things like ‘UPDATE FROM’, ‘.htaccess’, ‘chr(‘, or ‘php_’ in the query string (the url part after a question mark). Which makes me think, is this real security, checking only the query string?

I mean, 80% of the places in phpbb where you can submit info to PHP use POST.. If I went for security, I’d seek for leaks there.. I’d bet adding this CrackerTracker added no security to the forum; it did make the host look stupid. I mean, just me posting a ‘don’t click here’ link to search.php?php_is_nice shocked users, who got accused of something completely innocent (besides spoiling logs).

They would get a simple page labelled ’security alert’ in red, telling them that they tried to attack the forum, and that they had been logged. And, they increased the ‘hit counter’ on the way.. :-)

Unexpectedly, others (non-friends) also followed the link. En masse. In less than 2 days, the counter increased by over 1100. Sorry, host, didn’t mean to help you brag about your safety..

Notes:

• The link is not to our forum.
• It may be that WordPress visited the link itself a couple of times, to check if it really existed. So, I already substracted 20 clicks from 1,1E2, resulting in 1,1E2. For the convenience of otherwise confused readers, I wrote down 1100, which is the same value but with a different uncertainty. (They still nail me at school if I write down 1080 in a test!)

Sunshine in Holland

After some period of rain and cold, the sun shines again in Holland. And quite well too, KNMI say today’s max is 27 °C. It used to be like 13 degrees, almost no sunshine, and plenty of water from the skies. For example, a few days ago I was soaking wet after cycling 200 meters homewards. Lucky there was a bus stop there.

I never expected it to get hot any more this year. We already had a heat wave this year, and temperatures quickly went down after that, just when my holiday was planned. Ah, well, at least we had a roof. And these days I’m in school or at home, so I keep dry either way.