Domain registration spammers are gonna spam

Hello

My name is Gredel and I have recently got hold of indemadrid dot com.
Funds are a bit short so I am thinking of releasing it for a small fee.
Would you be interested?

Thank you for your time.
Gredel

So, are you telling me every time someone goes for a .net domain there is an automated system out there that does a whois and offers and alternative with .com? Wow.

Of course I marked it as so and did not reply.

Google Chrome Flags

Google Chrome, será por opciones…
chrome://flags/#enable-tab-audio-muting

ADVERTENCIA Estas funciones experimentales pueden cambiar, dejar de funcionar o desaparecer en cualquier momento. No ofrecemos ningún tipo de garantía de lo que pueda ocurrir si se habilita alguna de estas funciones experimentales, y es posible que el navegador se bloquee repentinamente. Bromas aparte, ten en cuenta que el navegador puede eliminar todos tus datos y que tu seguridad y tu privacidad se podrían ver comprometidas de forma inesperada. Cualquier experimento que habilites se habilitará para todos los usuarios del navegador, así que te recomendamos que actúes con precaución. Si estás interesado en probar nuevas e interesantes funciones de Chrome, prueba nuestro canal beta en la página chrome.com/beta.

Continúa leyendo Google Chrome Flags

Set featured images via URL in WordPress.com

Me parece una funcionalidad cojonuda pero, ¿por qué no está disponible en el wp-admin y solo en el editor nuevo? Esto de temer dos editores en paralelo se nos está yendo un poco de las manos, amigos de wp.com

Álvaro Hey. Good to talk to you. I really love the new “add featured image via URL” option. (I think it should in jetpack). Just one thing, I noticed it´s not available in my older blogs. I wan to map mrfoxtalbot.com to mrfoxtalbot.wordpress.com and I could really use this feature. Is there a way to fix this so I can set featured. images using a URLs on mrfoxtalbot.wordpress.com? Thanks a lot for your help.
Victoria hi there!
Victoria on WordPress.com, featured images must be uploaded to your page,
Victoria you won’t be able to use an image URL
Álvaro Silly question then.
Álvaro My mistake (I was convinced I had seen it on wp.com but must be mistaken)
Álvaro Thanks for your help, have a nice day.
Victoria oh ok,
Victoria thanks you too!

 

Biblioteca Multimedia ‹ AFA La Paloma — WordPressEditar entrada ‹ AFA La Paloma — WordPress.com

Quoting: The Top 7 Reasons why Indexhibit is a piece of Hipster crap

A great article I read a while ago whose author has taken down. I hope Benedikt Wolters does not mind me quoting him. I rescued the article from the Internet Archives.

The Top 7 Reasons why Indexhibit is a piece of Hipster crap

Indexhibit…

… is some weird kind of minimalistic Hipster-CMS for designers, artists, grandmas or all kind of hip people. I wont put a link up here for pagerank reasons and because as the title sais: It’s a piece of crap! People, who know me, know that i dont have any respect for that Hipster/Artish-Field. Anyhow, so when I first saw a website build with it I was like “lol i have to take a look at that things source code”. So i downloaded the “latest” (see below) release and started laughing. This is the top 7 List i strongly advise you or any inteligent individual to notuse this piece of software and furthermore why.

#1 (weird) Code Documentation

It seems to me that some kid or designer female has written that stuff because every line of code as banal as you can think it is, is commented (im serious!). Ok, i’m a documentation fan, but the comments are kind of childisch in some way. You can jumpstart at a conclusion about this software yourself. Here are my favorite ones:

#2 Deprecated

The software is totally deprecated. Im not speaking about the use of the (very) old mysql Library in php. No! The software is so old, that i cannot even install it on my windows machine with the newest xampp-Version. And even after 30 minutes of fiddling i get around 3-4 deprecated-notices on each page

Deprecated Errors

#3 Code Bullshit

The software seems to follow some paradigmas (some pseudo object oriented structure) but fails in implementation (unlogical). Also there are some sort of Don’ts and some general error in reasoning.

A few Examples:

I really dont understand this reference: If someone could explain this variable to me, i’d be pleased. (And this comment is also funny because it proves my point that EVERYTHING is commented…) Oncall Array Initialisation ($adm = null; before), every C/C++ Programmer’s Brain would probably explode now at the latest. And just a another fail: oh speaking of set_magic_quotes_runtime is also deprecated, but is just a design fail.

#4 Release Cylcle

The latest version was released back in 2008. The Forum is not really active, so you cannot really call it a community. There are no code guidelines, whatsoever. But amazingly there are still people using it.

#5 Web Standards

I just say: Applying a XHTML 1.0 Transitional Doctype to an HTML Template does not make it XHTML 1.0 Transitional!!!

#6 install.php is not deleted!

The install.php script remains on the server, there are no checks whether it has been renamed or delted. You can easily overwrite the site’s configuration file with your own rouge mysql server. I tested around 50 Indexhibit pages and in 70% the install.php file was still on the webspace. The reason for this is the people who actually use this CMS are Hipsters and dont know anything about tech at all.

Install Screen even though software is installed

#7 Insecure Login Policy

This is the login procedure:While exploiting the login procedure itself turned out to be very tricky because of very restrictive regexes, you can see that it is completely cookie based, and an attacker could steal the cookie and use it to authenticate himself as an administrator. There is no User-Agent, IP-Validation. There is only a Two-Day-Cookie-Lifetime, which is not stored into the db, so you could use an old cookie to authenticate yourself.

#8 SQL Injection Vulnerabilities

Yes its 2011. We’re reading about Data Leaks every day, so you should think that there would be a SQL-Injection security awareness by now, even on the Hipster side of the Planet. But unfortunately already in the routing-process in /index.php there is a SQL-Injection Vulnerability:

I like the //clean up the uri-comment, it could be interpreted almost ironically. You could easily request:
/index.php?'=''AND(SELECT/*a*/*/*a*/FROM/*a*/ndxz_users/*a*/INTO/*a*/OUTFILE/*a*/'/www/yourpath/ndxz-studio/data.txt')/*a*/AND/*a*/''=' and dump the user database to a file or do other nasty things you could do with a sql-injection.

Conclusion

DO NOT USE IT!

PS: Dear Hipsters, why is small black (8-9px) text on a white page, with dotted hover state border-bottom so damn cool?

Tags: injection , sql , vulnerability , webdesign , indexhibit , idiots
Trackback URI – Written: 2011-08-29 17:31:34 – Last change: 2011-08-29 17:31:34 – 9 Trackbacks – 21 Comments

Comments (21)

Gravatar photo
#1 xz August 6, 2011 2:51 PM

I must agree on each point you made. But still I like the idea of super micro “cms”, that needs nothing. Almost. And it more that enough for a microsite managed by some no-tech person. Even though I spend night patching that crap driven by vision of simple cms, that would take me minutes to deploy.

#9 no utf8 database

#10 lenght12() function to check, if password/userid is [a-zA-Z0-9]{6,12}. I almost hit the wall with head when I saw this.

#11 @vaska, the author of indexhibit, is acting as arrogant and know-everything person. Just read the forums, or the code. Someone posted my fork with patches on forum, and the post was removed right after.

10 wtf per minute.

report
Gravatar photo
#2 Norman November 18, 2011 7:00 PM
I’m dealing with indexhibit right now trying to set up a website for a graphic designer. it’s my first attempt ever. while i can understand the authors discontent with the program, i don’t get the hate for people who just want a neat and simple cms for their webpresence. should they just be excluded from having their own webspace? i’m a big fan of division of labour and it shouldn’t take someone hundreds of hours to be able to create a decent web presence… plus, the hipster stereotype gets old… but for the rants sake. anyway, since i haven’t invested that much noob time into indexhibit yet, i would be really curious if there are any recommendable alternatives without the above mentioned designflaws. any constructive solutions would be much appreciated.
report
Gravatar photo
#3 Tm November 20, 2011 5:27 AM
I agree with your article but you never give us another alternatives ! If you know another very lightweight CMS artist oriented, please say it.
report
Gravatar photo
#4 Joe January 9, 2012 1:45 PM
Bad code or not, it seems there is a demand for this kind of a lo-fi cms system. Instead of calling it Hipster Crap, you should really consider building something equal or better than this, since I guess you have the skills to. You’ll se how much people will appreciate you for that.
report
Gravatar photo
#5 Joe January 9, 2012 1:46 PM
-And for free, of course. 🙂
report
#6 SG February 28, 2012 1:18 PM
Comment deleted by administrator
Gravatar photo
#7 Rene March 9, 2012 3:42 PM
“The reason for this is the people who actually use this CMS are Hipsters and dont know anything about tech at all.” thats the point. Some people like myself want use something simple for upload own work, and coding is for developers not a graphic designers so still, I think so far it was best option for customize and upload portfolio. I see your point, but don’t be ignorant or dont forget about people who wants do on their own. As WordPress is more attractive though but still more complicated, posts, portfolios etc sometimes dont look as should.
report
#8 Jon-Paul Kelly March 19, 2012 10:57 PM
Comment deleted by administrator
Gravatar photo
#9 sebastien March 25, 2012 7:40 PM
I understand where you’re coming from but Indexhibit is not hipster shit. It’s minimal and it has to be since it’s to showcase your work. Exactly like the white walls in an art gallery. If you have a problem with artists (hipster/artish as you call it) you shouldn’t be
a web designer. Anyways, I look at the header of your site and I find it cheesy as hell and I’m not a hipster. I love art and I love design and I’m also a developer and yes, I think the way they handle Indexhibit sucks with not having the code open-sourced and the code is not the greatest either but the idea behind Indexhibit is great.
report
#10 ray ban aviator sunglasses sale March 26, 2012 8:36 AM
Comment deleted by administrator
#11 Will March 26, 2012 6:41 PM
Comment deleted by administrator
Gravatar photo
#12 Will April 8, 2012 10:25 AM
Also, shows you can dish it out but can’t take it. Deleting comments that disagree with you, and question your ability to judge this CMS? That’s pathetic and you are a coward.
report
#13 Meghan April 10, 2012 3:05 PM
I’d much rather see someone’s work displayed on a plain white page than some cheezy template website, which is usually the only option for someone who doesn’t know code and who can’t pay a bunch of money for a custom designed site. And, yeah, I totally agree with the previous poster. Most indexhibit sites are much easier on the eyes than yours, my friend. Oh and PS your adolescent sexism (“Was this coded by a GIRL??” i.e., I hate girls! Mostly because they ignore me! Mostly because I’m pimply and unappealing as a human!) up top is probably not winning anyone to your side.
report
#14 Vaska April 15, 2012 6:33 PM
Thank you for the constructive criticism.
report
#15 ray ban uk April 19, 2012 8:15 AM
These are only a few, there is whole host of ray ban glasses that are available and can easily ship them for you at very nominal rates, as per order.Most of the new era present here are actual collectible jewellery items.But some ladies like it to be dangling from their the hundreds hats.Well that is entirely a personal matter of choice, but first let us have a look at the DC shoes hats available under the charm’s category.Some of them are made of Ray-Ban RB3211 and others of gold.These Ray-Ban New Arrivals are mostly worn to express your thoughts and personality.Possessing a new era cheap is a matter of pride and a matter of envy for the onlookers.ray ban uk are nothing but pendants that you can attach to any form of jewelry you like.
report
#16 cool May 4, 2012 8:18 PM
cool story bro.
report
#17 cheap oakley sunglasses May 8, 2012 4:33 AM
Because you are cheap oakley sunglasses a valued reader of the world’s finest news site, we want to offer you the chance to try unlimited access to all of the award-winning news, oakley sunglasses outlet, videos and interactive features available to Digital Subscribers at this special rate of just oakley frogskins for your first 12 weeks.
http://www.cheapoakley-store.com
report
#18 Kameko May 15, 2012 12:41 AM
kind of hilarious that you say you hate the hipster/arty type and yet you blatantly have an instagram feed in your sidebar.
report
#19 Ray Ban Sunglasses May 26, 2012 1:53 PM

And for three times and dream working experience guardiola, dressing dao sighs: Ray Ban Sale “is he let we won many champions, Ray Ban Wayfarer and also Shared experiences many hard to forget things, now he’s gone, we will always Ray Ban UK remember him.”

The melon handsome confirmation from Barcelona earlier and Gerard pique has over small contradictions, nowadays when pelosi say goodbye at really, peek acknowledges that all red blue activists can release however. “Yes, a time really is over, but at the same time, another new era that is open, http://www.raybanwayfarer2140uk.com it is interesting. Beera’s watts will do great, I’m very firmly believe that. As for pelosi to leave at, I think nothing is Ray Ban Online such a form with the end of this season, the Ray Ban Sunglasses better we deserved to win the cup, because we had many, also pay many, but also played so good football.”

report
#20 so June 11, 2012 6:00 PM
ok indexhibit sucks. but it’s easy to edit for non web developing experienced designers like me. can you suggest another easy CMS that create my portfolio site?
report
#21 megan June 19, 2012 3:57 AM
I find it offensive that you think that “some kids or designer females” are the cause of banality. There is no possible way that designer male would do that, because according to you, they seem to lack banality. Also the abundance of spelling and grammatical errors is laughable.
Your point is moot.
report

La RAE & Planeta, no se puede ser más jeta

Resulta que le han mandado un Cease and desist a Ricardo Soca de www.elcastellano.org para exigirle que retire los enlaces a la web de la Real Academia Española de la Lenguna que ha publicado sin seguir el sistema (de mierda) que ofrecen ellos por constituir esto un delito competencia desleal. Como diría Jose Morraja, “¡¿Perdoooooooona?!”.

Básicamente les han requerido a que no usen deeplinking, cosa que hace Google todos los días como marca de la casa y no creo que hayan mandado una carta a Mountain View para decirles que paren. Me resulta difícil imaginar una amalgama similar tan compacta y atrevida de estupidez y caradura.

Podéis leer la historieta completa aquí y decirles lo que pensáis a los mangarranes del departamento legal de Planeta aquí. A todo esto, el diccionario de la RAE debería editarse con dinero público y que los beneficios fueran al erario público (que los tiene que dar). No entiendo qué sentido tiene que el copyright del contenido del diccionario de la RAE esté en manos de una editorial privada, y menos las de una que actua de esta manera. Y eso por no mencionar que la web de http://www.rae.es es una bosta pinchada en un palo.

Scumbag Steve Planet

Por cierto que yo también he incurrido en un delito de competencia desleal la hincharme a poner links al diccionario en este entrada. ¡Que vengan a por mi!.

(Noticia encontrada aquí via menéame. También hay algo más de información en este otro sitio)

Ah, por cierto, esta es una ocasión perfecta para hacerle un poco de publicidad a www.dirae.es, hasta que lo quiten.

La RAE nos obliga a retirar servicios del portal

Ricardo Soca

Cuando vi aquel mensaje amenazante en mi correo electrónico, pensé que el remitente sería de esas personas que emplean su tiempo en enviar mensajes-basura, un cracker o depredador, de los que se enorgullecen de sus acciones vandálicas en la red. Esta conjetura se vio fortalecida por el hecho de que el IP de donde provenía el mensaje está señalado en Wikipedia como origen de actos de vandalismo en la red: http://es.wikipedia.org/ wiki/ Usuario_ discusi%C3% B3n: 213.192.254.2.

En el mensaje se me advertía, en nombre del Grupo Planeta y de la Real Academia Española, que debería retirar los avances de la vigésima tercera edición del diccionario académico, pues estaría violando, aquí en Montevideo, no sé qué leyes civiles y penales del Reino de España. No podía concebir (ahora puedo) que la Real Academia y un grupo empresarial de la envergadura de Planeta pudieran zanjar sus conflictos sobre uso de contenidos mediante mensajes anónimos en la internet. Ni que creyeran que yo podría «competir» con ellos.

Después de intercambiar varios mensajes y llamar por teléfono a la sede del Grupo Planeta en Barcelona, pude comprobar que mi conjetura era errónea: mi interlocutor acabó identificándose como Álex Calvo, del Departamento Jurídico de dicho grupo, quien dijo actuar en «en nombre de la Real Academia Española, en adelante RAE», todo ello con «un profundo respeto hacia nuestros usuarios» y con el objeto de «procurar la continuidad de su buen nombre en el sector», según reza el mensaje inicial sin firma enviado desde la dirección electrónica acalvog@planeta.es.

La docta casa me advirtió asimismo a través de este insólito apoderado, que «queda prohibida la introducción de enlaces que faciliten el acceso directo a cualquiera de los contenidos de los sitios web de la RAE, salvo en el caso de que se utilicen los procedimientos que la entidad implemente para ello, bien sea por medio de botones integrables en el navegador o de otro tipo de recursos de software».

Según Planeta/RAE, este nuestro modesto portal estaría practicando «competencia desleal» y cometiendo «un ilícito penal de acuerdo con» leyes que rigen en el reino peninsular.

Sintiéndome intimidado por entidades tan poderosas, he retirado del portal los contenidos cuestionados, pero no puedo dejar de señalar que hace nueve años empecé a distribuir nuestro boletín La palabra del día, que hoy llega a un universo de 212.000 suscriptores gratuitos. Pues bien, hace tres años, la Real Academia decidió apropiarse del nombre del boletín y tiene su propia «palabra del día». Nunca cuestioné este procedimiento, característico de la política de ninguneo de RAE, pero es sintomático que, a partir del momento en que nuestra buena amiga Silvia Senz se lo hizo notar a la Academia Española mediante un mensaje dirigido a la cuenta en Twitter @RAEinforma, le fue bloqueada su suscripción a este servicio de la RAE en esa red social.

El papel de las instituciones académicas, sobre todo de aquellas que son financiadas en todo o en parte por el dinero de los contribuyentes, es generar y transmitir conocimientos, devolviendo a la sociedad el fruto de sus investigaciones con la máxima divulgación posible. Que las empresas privadas comercialicen material cultural para obtener ganancias no está mal, forma parte de su papel en nuestra organización social, pero las instituciones académicas no deberían involucrarse en la busca de lucro.

Habíamos pensado hasta ahora que este sería el caso de la Real Academia Española, que desde Madrid pretende dictar las normas del castellano a un universo de 450 millones de hablantes diseminados en veintidós países de cuatro continentes, trabajando en colaboración con un conjunto con otras tantas academias nacionales . Pero la RAE retacea el fruto de su trabajo por razones comerciales: su diccionario no ofrece en la web todos los servicios de su versión comercial en disco, el Nuevo Tesoro Lexicográfico de la Lengua Española no ofrece en la red los mismos servicios que su versión de pago en DVD, y no permite la divulgación de sus trabajos fuera de su página web por razones comerciales.

En el siglo XXI, la Academia ha delegado en empresas privadas del Reino de España una parte de la autoridad que hace 298 años le confirió Fernando V para unificar la lengua del imperio. En efecto, es sorprendente que una compañía poderosa como el Grupo Planeta pueda presentarse en nombre de la Real Academia, presionando para impedir la divulgación en la internet de obras en cuya elaboración han participado las veintidós academias, como es el caso delDiccionario de la lengua española y pretende imponer las leyes del reino a los países hispanohablantes.

Para oír la conversación telefónica con este empleado de la editorial española, pulse aquí.

Para ver la intimación enviada por Planeta/RAE a elcastellano.org, pulse aquí.

Si desea enviar sus comentarios, puede hacerlo

Este es el contenido que tanto ha ofendido al personal de Planeta:

Lo que hacía Soca (y, como él señala, no hace la página de la Academia) es permitir la comparación a dos columnas entre una definición en la vigésima segunda y en la vigésima tercera ediciones. (Jamillan dixit)

El maldito Double Click y las cookies del Averno

Estás mirando algo en una web (la de la cámara GoPro pongamos) y al rato te vas a otra web (la wiki del Fallout en este caso) y te sale un anuncio de eso que has estado viendo antes en otra web distinta. ¿Sospechoso no?.

El maldito Double Click y las cookies del Averno

Pues resulta que Double Click es una empresa que usa un sistema de cookies compartidas para saber dónde has estado, aunque no sepa quien eres (…que probablemente también lo sepa).
Negocio muy gordo y de dudosa moralidad.
No en vano Google compró Double Click por más del doble de lo que pagó por youtube (3.100 millones de dólares!)
He encontrado la respuesta de PR de Google, pero no me quedo del todo tranquilo. ¿Privacidad?