November 23, 2003

Comments RSS Feed Added

The other day, while setting up my linkblog and its RSS feed, I decided to also setup an RSS feed for my blog comments. The idea is simple, really. Weblogs are great because of RSS. I don't have to poll (visit each site repeatedly, looking for updates) anymore. My aggregator does that for me. However, when I get interested in a discussion on one, I'm back to square one again: polling.

By providing a feed of the 10 most recent comments on my entries, I'm making it a bit less tedious for you to keep up with any interesting discussion that might occur here. Yeah, I know it's not likely, but on the off chance it happens, you now have an easy mechansim for staying involved.

Subscribe here

Thanks to revjim's example for making this trivial to do.

If I get really ambitious, may I'll set up per-post feeds someday.

Posted by jzawodn at 07:13 PM

Real-Time PHP-Nuke Hacking

A couple weeks ago, I posted asking for web discussion board recommendations. In the comments Rasmus Lerdorf pointed out that most system suck because their security is a joke.

Of course, he's right. I've been on Bugtraq long enough to realize that the popular PHP-based boards and community systems seem to get compromised in some way or another (SQL injection, cross-site scripting, etc.) on a very regular basis. That's part of the reason I asked in the first place. I was hoping someone who knows more about the scene would enlighten me. And, despite that fact that I omitted security from my original list of requirements, it worked nicely.

Then, yesterday, I was looking at the MythTV project, which is an impressive Linux PVR solution (think "Open Tivo"). Literally as I was browsing the site someone compromised it. See the screenshot at the right? I took that just in case it was fixed before I had a chance to right this. Indeed, a couple hours later the site was back to normal.

Witnessing this real-time "hacking" is a sobering example of how far things have to come. If you've been brainwashed by Eric Raymond's "all bugs are shallow" logic, ask yourself why we keep seeing this sort of thing happen with popular Open Source Software such as PHP-Nuke.

Come to think of it, I think I've written about this before. Looking back over it, I still agree with myself.

Posted by jzawodn at 08:21 AM