Posts

Posted on

Twelve Days of Divorce

As Christmas is nearly here, I am sitting and listening to Christmas music. When “The Twelve Days of Christmas” comes around, I can’t help but laugh at an acquaintance of mine some time back. He had just gotten a divorce and came up with NEW words to the old tune.

Now I do not remember the entire thing (this was probably forty years ago), what I DO remember goes like this:

On the eight day of my divorce,
My ex-wife took from me,
Eight place settings,
Seven credit cards.
Six-cylinder Maverick,
FIVE POWER TOOLS!
Four radial tires,
Three bedroom home,
Two little children.
And my stereo and my color tv!

I wish I could remember the rest of it…

Merry Christmas

Posted on

Falcon 9 landing

Congratulations to SpaceX for the absolutely amazing landing of a Falcon 9 first stage a mere six miles away from its launch point. The pinpoint landing came after the successful launch of nine Orbcomm satellites. The booster had to make a U-turn 50+ miles and a decent distance northeast of the Cape to return to a targeted spot six miles from the launch pad. They had to keep from centrifuging the remaining fuel, regain stability, and drop from hypersonic through supersonic to subsonic speeds and then a complete stop, upright, dead center on the target.

Blue Origin accomplished a landing of a much smaller suborbital booster just this last November, an accomplishment not to be scorned. But their success was on a entirely different, and smaller, scale. Up and down was an achievement to be proud of. But the mechanics involved in the SpaceX endeavor are, shall we say a bit more complex?

I’ve heard comments that this is the way rockets are SUPPOSED to land, evidenced by the sci-fi movies of the 50’s. We have finally arrived, I’ve heard. But hold on a minutes! If I remember those movies, the INSIDE of those rockets provided very spacious, apartment-sized quarters for the crews., complete with artificial gravity. Technology still has a way to go to match that.

Elon Musk and SpaceX are probably the group that is going to make the 50’s movies true!

Posted on

Sphider 1.5.1 released

Sphider 1.5.0 was a major departure from older versions of Sphider in that it incorporated prepared statements, adding significantly to the security of Sphider. It performed very nicely.

But we did not like the database backup and restore procedures. Backup was quick enough, but restore was S-L-O-W!. The larger the database, the worse it got. There had to be a better way. There was, and we found it.  We grew our database to include:

    10 sites
    10 categories (5 top level, 5 sub-categories)
    10, 641 links (pages)
    70,317 keywords
    40,006 kb of cached text
    171,495 kb total size

A backup, producing a gzip file of 14,079 kb, was accomplished in 16 seconds.
A total restoration took 32 seconds. This was a definite improvement over the 6 1/2 HOURS for a smaller database.

Also, as we were no longer looking for coding errors, we began concentrating on the results (or outcomes of admin actions) looking for anything that just was not exactly what we expected to see. We found several bugs which were repaired and tested. Nothing earth-shattering, but bugs nonetheless. Sphider 1.5.1 is the result.

Since Sphider 1.5.1 seems to be the achievement of what we originally set out to do, namely, dispensing with deprecated code, improving security, fixing a few bugs in the original releases, etc., this will probably be the last release for awhile. In the event of some operational problem of immediate concern, a simple patch should be sufficient instead of a whole new release.

Now despite the hours of testing and line-by-line code reviews and results analysis, Murphy’s Law still reigns. We’ll leave it at that.

Posted on

If cats were bigger…

Do you remember the study that came out about two months ago that basically said, “if your cat was bigger, it would kill you”?

That study is pure rubbish. I have witnessed close up the various personalities of a number of house cats over the last forty years or so. Cats are NOT intimidated by size. I have seen a 9 pound cat face off against a 90 pound doberman. The cat was NOT cornered. It WELCOMED the confrontation. Although it could have very easily gone the other way and ended in disaster, the doberman backed down. I have seen similar instances of cats very willingly face overwhelming odds and either emerging victorious or escaping unscathed. They live for the challenge.

If your cat really wanted you dead, either you or it would already be dead!

One other thing. Although they can be wonderfully graceful, they can also be complete klutzes. If they were bigger, their klutziness COULD possibly kill you by accident. If that were to happen, you would no longer be operating the can opener. The cat then will become hungry. You, being of no possible use dead, would most likely be eaten.

Unless you mistreat your feline, it will not purposely kill you. They are smart enough not to lose their meal ticket.

Posted on

Sphider for WordPress?

Several years ago, there was a Sphider for WordPress introduced. It was based on the 1.3.4 version of Sphider. Time moved forward, Sphider for WordPress did not. You can still find it. It just most probably isn’t going to work.

A few months back we tried to update it. THAT was a lost cause! So now we have taken our newest Sphider and have started to convert it. It does work, mostly. Still having a few issues, such as suggest doesn’t work and we aren’t sure why not. Also having trouble getting the search integrated into WordPress, although there has been some progress there.

Naturally, since this is a tiny blog, there isn’t much we can thoroughly test it on. Give us a bit more time to get the integration part down and maybe we’ll put it out as a beta, even without suggest working. But maybe we’ll find the problem there, too.

That would be nice, a working version of Sphider for WordPress.

UPDATE: December 15. Integration with WordPress has been accomplished. Suggestions still are not working. Being able to spider and search from WordPress is still a significant achievement. The MAJOR components have been tested and are functional. Still need all the minor branches to be tested.

UPDATE: December 23. Suggestions STILL not working, but Sphider now does a re-index when a post is added or edited. Duplicate domains are being entered in the domains table, but that should be an easy fix. Getting closer to being generally usable.

Posted on

TLD Mania

ICANN is issuing new top level domains faster than I can create new spam filters to stop the trash coming from the likes of .top, .download, ,mobi, .date, .xyz, .click, .rocks, .wang ….

Supposedly, there really are legitimate web sites using these TLDs, but I personally have yet to actually SEE any of them. The ONLY reason I even know most of these exist is the sudden appearance of a ton of spam from each one of them.

I administer the filters for a number of email addresses, and some of the owners have not been as careful as others and their email address has gotten on some spammer’s list. And once you are on one, you will shortly be on scores of them.

I have yet to see a legitimate email from ANY of the new TLDs.

ICANN thought all these new TLDs would be a great idea, a real boon to the internet. Well, they certainly have been a boon to ICANN and a bunch of shady businesses which are making mucho dinero off their creations! For the rest of us, they are more of a… I’ll be polite and say nuisance.

It’s time for ICANN to pull in the reins, maybe even start phasing out the use of some of the new TLDs. For those legitimate websites (if there really are any) with one of these fad TLDs, my advise would be to give it up get a real TLD. Then I might actually visit you.

Posted on

Sphider 1.5.0 Search Tool is now live

Find the new Sphider 1.5.0 on our Downloads page.

UPDATE: 1 December 2015,   18:25 UTC. If you downloaded 1.5.0 before this time, the auto-suggest may not work if you installed Sphider to any directory NOT named /sphider. The current posting DOES work.

If you are affected, you do not need to re-download. Simply find “autocomplete.js” in the js_suggest directory,and edit line 7 from:
$.get( “/sphider/js_suggest/suggest.php”, { keyword: keyword } )
to
$.get( “js_suggest/suggest.php”, { keyword: keyword } )

Posted on

Football Bowls

Are you a college football fan? I used to be. That’s right, used to be! For one thing, college football has gotten completely out of hand. It is now driven by bucks, BIG bucks. Then there is the media hype. All in all, the hype, the show-boating, the scandals, the money… these things have driven me away in large part.

And now the time of year is coming when the plethora of bowls begin. I just read that this year there will be 40 different bowl games! Can you believe that? Forty bowl games, requiring 80 competing teams. It seems bowl officials are having difficulty finding enough teams with winning records to fill all the slots. This means that teams with losing seasons still have a shot at being in a bowl.

In 1970, there were a total of eleven bowls, four major, seven minor. In 1970, only the best of the best got to go to a bowl. This made the bowls meaningful, worth going to, or watching, or even listening on the radio.

Today, the thrill is gone. The major bowls, heck, all the bowls are more hype than substance. It’s all being driven by profit. Advertising.

For the sake of the game, I for one think it’s time to cut back on the number of bowl games. W-A-Y back! I’m thinking maybe 15 bowls, tops!

But then again, I do have my quirks.

Posted on

This is why we decided to update Sphider!

85 CVE-2014-5194 94 1 2014-08-07 2014-08-07
6.5
Static code injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote
authenticated users to inject arbitrary PHP code into settings/conf.php via
the _word_upper_bound parameter.
86 CVE-2014-5193 79 1 XSS 2014-08-07 2014-08-22
4.3
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows
remote attackers to inject arbitrary web script or HTML via the category parameter.
NOTE: the url parameter vector is already covered by CVE-2014-5082.
91 CVE-2014-5082 89 1 Exec Code Sql 2014-08-06 2015-11-04
7.5
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and
earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary
SQL commands via the (1) site_id or (2) url parameter.

And it all started because the deprecated code was making Sphider useless. The deeper we dug…

Ain’t that the way life works? You start out fixing one problem and find two more to take its place.

Have we fixed ALL the problems? Probably not, but it is a darn good start!

Posted on

Sphider 1.5.0

Version 1.5.0 is just days away from public release. Testing is continuing, but going very well. The NEW Sphider User’s Guide is essentially complete and being reviewed. We could say it is ready to go now, but rather put it through its paces a couple more times before publishing it on Tuesday, December 1, 2015.

So what’s so special about Sphider 1.5.0? For starters, it is fully up to date. PHP 5.6 loves it. So does MySQL 5.6. And all the html is HTML5, which is very strict in structure. Because Sphider is written in PHP, if you do a “view source” on a web page it ain’t gonna be pretty. But it is correct.

Having read the change reports for MySQL 5.7, which was just recently released, no changes appear to be needed. And, although still in Release Candidate stage, early examination of the coming PHP 7 does not reveal any issues. Sphider 1.5.0 is ready!

Security has also been a concern. Sphider 1.3.6 is ripe with opportunity for SQL injection attacks. Simply getting rid of the deprecated MySQL extension and replacing it with the MySQLi extension did nothing for security. Moving to prepared statements DOES virtually eliminate SQL injection attacks. With prepared statements, bound variables are kept separate and never parsed as a part of a generic SQL statement.

Wherever GET, POST, or REQUEST data is used, it is escaped, matched, and any otherwise reduced to safe data.

One critical Sphider page was once COMPLETELY rewritten, using unescaped GET data everytime the settings were changed. No more. This page (which you never actually SEE), is now static in structure and completed on call from the database. Of course, changing the configuration means updating the database, which in turn uses GET data. The thing is, now 1) the GET data is parsed and escaped, and 2) is written to the database using the prepared statement process. This critical page can no longer be hijacked and used as a weapon against you.

Originally, there was some PHP code written into some .html pages. If you looked at the page in a browser and went to “view source”, anyone could view snippets of actual PHP code. No more.

We also found that, if you dug deep enough into the spider functions, our earlier efforts to improve Sphider broke a couple things. We corrected those. We ALSO found there were things in 1.3.6 that were SUPPOSED to work, but didn’t. We corrected those, too.

So, are we claiming Sphider 1.5.0 to be bug free, the perfect Sphider? No, we aren’t that vain. But, for today’s environment, Sphider 1.5.0 is a good fix for the dying Sphider 1.3.6. And you won’t have to pay money for Sphider-plus or Sphider-pro and get functionality you don’t need.

We feel the Sphider User’s Guide is l-o-n-g overdo. Wouldn’t it be nice to really know what all the setting do, what happens on each of the admin pages, and what kind of searches you can do? It’s always nice to have a road map.

(Did we mention that spelling suggestions now works much more reliably? I supposed it USED to work before, but in today’s world, it was a no-show on most browsers we tried.)

Watch our Downloads page. Sphider 1.5.0 should be making its appearance there this coming Tuesday.