Flash sometimes doesn't like SSL

I found a strange problem recently.  Using Gallery I could always upload new pictures but someone else using Vista could not upload any pictures.  It didn’t matter if she used IE or Firefox, every single upload made Gallery come up with error #2038 (IO). I could say that anyone that uses Vista deserves everything they get, but that would be a little churlish (if true).

A few searches showed that this basically gallery saying “something bad happened with your upload”. No, really? You mean it’s not supposed to be a big red box and no uploaded file?  It’s not the world’s most useful error message.

What got me onto the right path was a message on the gallery forums though it was the other way around. Gallery uses a flash uploader which and this is the same flash if you use Firefox or IE.  It seems it doesn’t like “strange” SSL certificates, such as chained certificates like that site uses (and my site too).  No doubt there is probably some work-around or setting to fix it, but being Vista its probably buried in 20 menu items under some obscure reference.

Setting up the gallery under a non-ssl site fixed it. Perhaps more correctly it was a work-around.

Enhanced by Zemanta

Passwords in PHP

Category:WikiProject Cryptography participants
Image via Wikipedia

Generally speaking it is a really bad idea to hold passwords in cleartext. I am actually amazed people still do this!  The standard way of holding passwords that has been around for years is to encrypt or hash the password and store the result, called a ciphertext.  There have been many ways of hashing the password, starting off with plain old crypt with no salt (a random pair of characters) then crypt with salt through to MD5 and SHA.

The thing is, each one of these hashing techniques results in a ciphertext in a different length.  Now with most languages, this doesn’t matter because you know what hash you are using; its simply the name of the function or some flag you set.

PHP is different, because all of these methods use the one function called crypt which is a little confusing because it is more than plain old crypt.  Around the PHP version 5.3 the developers started putting in the more complex hash algorithms which is good, but the ciphertext has been growing.

A lot of applications store this hashed password in a database and the decision needs to be made; how big should this field be?  For a long while, 50 characters would be enough and this is what programs like JFFNMS use.  Unfortunately the SHA-512 algorithm needs 98 characters so what you get is half a hash stored. When the user enters their password, the program compares the full hash from that password to the half hash in the database and it always fails.

I’ve adjusted JFFNMS to use 200 character long fields which is fine for now. The problem is who knows what the future will bring?

Enhanced by Zemanta

Lottery from ancient rockers

Apparently I’ve won the lottery. What is even more amazing is that it is one based not in Australia but in the UK ELO (England Lottery Organisation) and I didn’t even buy a ticket.  Even more amazing is even though this organisation is based in England, they don’t write English very well; perhaps its declining school standards. They’re so concerned about giving you the maximum return on the dollar (or pound) they don’t even use a proper co.uk email address but a free webmail from umail.

It is, of course a scam. Popularly known as Nigerian 419 or advanced-fee fraud. You can win the money but.. well it seems there is some holdup and you need to pay some “release fee” or some bribe to get your dollars.  What makes me a little sad is it was for only 250,000 UK pounds. I feel ripped off as a few google searches showed people being offered over 500,000 pounds on the same scam. Don’t these crooks know I have a high aussie dollar exchange rate to overcome?

About the only interesting thing about it was that my dspam filters missed it but they’ve now been retrained with that miss. I think sending it as a pdf was why it made it through.

And I now cannot get ELO (Electric Light Orchestra) songs out of my head, thanks a lot scammers! (It’s a livin’ thing, ya know)

Enhanced by Zemanta

Gjay 0.3.2 released

After getting past a series of silly errors gjay version 0.3.2 is now available.  The source code was uploaded to SourceForge and the Debian package has been uploaded to the FTP master site.

This version fixes the linking bug that have been extensively reported in a lot of Debian packages.  This is where you are using symbols of a library from another but not explicitly linking to it.  It means some versions of GCC will fail to link.

gjay will now create playlists for Music Player Daemon or mpd and get mpd to run them too.  It does need for mpd and gjay to be on the same computer, or at least the same directory structure, so both programs know what file is.  While gjay has a full view of the filesystem, mpd uses a relative one off its own concept of a root directory.

As a result of the two music players, both the audacious and mpd client libraries are not linked to gjay but are linked at runtime using dlsym(). It means you don’t need the audacious libraries if you like mpd or vice versa.  I’m not that experienced in using dlsym so hopefully I’ve not stuffed it up; it works for me!

In theory, gjay could pass its playlists onto other music players.  The problem is knowing how to get the list into the player.  After it does its sorting and randomising, gjay ends up with a linked list of file-names. Now for audacious or (with some caveats) mpd it is pretty simple because they use file-names but others don’t do this.  If you know how it is done with your favourite player then let me know.

 

Enhanced by Zemanta