Tag Archives: irishblogs

My Galaxy S4 Home

Galaxy S4 Home

It’s crazy how many pixels the screen of the Samsung Galaxy S4 has. 1920×1080 pixels. That’s more than many computer users have on the desktop.

Of course, in 5 years time everyone’s going to be marvelling at their 4096 pixel wide screens and this will seem oh so quaint.

These are some of my most used Android apps, including Reddit is fun, Gmail, Feedly, Falcon Pro, WordPress, FBReader, Podkicker Pro, Amazon Kindle and Google Plus. Flipboard looks stunning on it and is one of the pre-installed apps that unfortunately takes up around half the 16GB internal space. The camera is superb. The background image is one I took in my back garden and processed in Pixlr Express. You can find some more photos in my Blarney post I made this morning.

It beats me why manufacturers of Android phones couldn’t make it possible to uninstall those apps I don’t need. I have all the gesture stuff turned off, and the Samsung Keyboard but they still remain on the device sucking up space. There’s still 4GB of free space so I have some breathing space still. Phew.
I really need to set up Folder Sync on this phone to copy stuff off on a daily basis.

The original Pinocchio was a dark, grim story

My son Adam has taken an interest in Pinocchio after receiving a little wooden toy that looks similar to the well known character. He watched a few videos on Youtube of the Disney classic and since I knew the original would be available as a Kindle download I offered to read him a few chapters before going to bed.

What an eye opener.

I never saw the original Walt Disney cartoon but I’m familiar with the characters and the story. I’ve only got to chapter 6 of the story but so far Geppetto is in gaol for child(puppet) abuse and Pinocchio has killed Jiminy Cricket (Talking Cricket in the story) with a mallet to the head. (Apparently he reappears alive at the end of the story but it’s not explained how)

.. but unfortunately it struck him exactly on the head, so that the poor Cricket had scarcely breath to cry “Cri-cri-cri!” and then he remained dried up and flattened against the wall.

pinocchio collodi hung

In an awful twist, later on in the novel Pinocchio is caught and hung by the cat and the fox. He dies and “Collodi actually intended that to be the end of his tale, but public outcry from fans got him to return to the story and bring the puppet boy back to life.” (src)

I may read the story for myself, but I’ll track down a book based on the Disney movie instead. It’s not just the much darker imagery and events in the book but also the odd, old fashioned English. It’s difficult going. Reading the story aloud is difficult.

Pinocchio to Talking Cricket: “Take care, you wicked, ill-omened croaker! Woe to you if I fly into a passion!”
The soldier without disturbing himself in the least caught him cleverly by the nose and gave him to Geppetto.

For further reading, you can find the original Pinocchio for free in many places including Amazon. Also take a look at this commentary and this one.

Trials Evolution Gold Edition: Beach Head

Here’s an early level from the demo of Trials Evolution Gold Edition called Beach Head. I wasn’t expecting the war setting with exploding bombs, smoke and flames or the export to Youtube option either!

This was recorded on a PC with an i5 2400 CPU and an Nvidia 560ti GPU. Some people with Nvidia cards are having problems running the game but it worked ok for me.

I was a big fan of the original Xbox 360 game but this is more of the same, just flashier and bigger! It’s a simplistic platformer at heart so don’t go into the game expecting something deep and meaningful. It’s very accessible, with the quick restarts making up for the many inevitable falls.

Having had my fill of the game on Xbox, I think I’ll wait until there’s a deep discount on the Steam Store for this. Try out the demo, it’s fun!

17,827 Euro for a Commodore 65 on Ebay

The Commodore 65 was a prototype computer produced by Commodore between 1990 and 1991 to be an improved Commodore 64. I’ve hardly ever come across it online and never heard of it back in the day, but when Commodore was liquidated they sold the prototype machines. If you have one and are willing to part with it you could be in for a nice surprise!

c65 on ebay

This one on Ebay went for €17,827 last month. It’s not as if much can be done with it as it was never official released but I guess you can run it in C64 mode.

Anyone got one or played with one? (via)

If you thought software development was hard …

shot4-550x412

You should read about the development of a Ludum Dare entry called Ponk.

It’s a C64 version of Pong, developed on a real C64 with only a C2N datasette to save code. Back in the day I was lucky enough to have a 1541-II disk drive. I can’t imagine how painful it must have been working with a slow and unreliable cassette.

datassete

In the end he couldn’t transfer his game to a PC so he had to take screenshots of his game and OCR them, hand checking every byte. I did something similar about 20 years ago when I was tinkering with a C64 to Amiga cable and needed to somehow transfer a C64 programme from the Amiga to the C64 to do the transfer .. Painful.

playing

Wow. Well done Sosowski. (via Indiegames)

mfunc in WP Super Cache 1.4 and beyond

WP Super Cache is a full page caching plugin for WordPress. It creates static pages that are served quickly by the web server. Sometimes however, users still want parts of their pages to remain dynamic and be non static. That’s where mfunc, mclude and dynamic-cached-content came in.

Security

Unfortunately it was reported recently that remote visitors to sites using the plugin could execute any code they like by simply leaving a comment containing the right mfunc code. These functions are now disabled by default, and a filter removes harmful code from comments but if enabled they pose a security risk. I considered adding a security code to the mfunc tag but unfortunately the best way of dealing with this problem is to replace it completely with something different. The next release of the plugin will do away with mfunc, mclude and dynamic-cached-content entirely.

The new dynamic cache system

The development version of WP Super Cache has already been updated with a new filter based system. It uses a cacheaction filter called “wpsc_cachedata”. This filter runs when a page is first cached and also when a cached page is subsequently served. It also runs when caching is disabled for known users, something that has always been broken when using mfunc.

Almost all the data that is displayed on your website will run through the cacheaction filter “wpsc_cachedata”. When a page is first cached, the data that is shown to the first visitor of that page goes through that filter. The second visitor gets a cached page and that page too goes through the filter. What this allows us to do is define a template tag (or more than one) that a function hooked on that filter can search for in the filtered data. It can replace that tag with some other text, usually derived from code that has to run on each request. The visitor is then shown the page with the replaced tag.

Example code

The readme.txt hasn’t been updated yet but an example plugin, dynamic-cache-test.php is included in WP Super Cache. It’s fairly simple but it’s documented so it should be easy enough to follow. A template tag is inserted at the bottom of the page using the wp_footer action, and a filter then replaces that tag with text and the current server time. That test plugin replaces mfunc code that would look like this, excluding the necessary code to hook on to wp_footer and print it.

<!--mfunc echo "<!-- Hello world at " . date( 'H:i:s' ) . " -->"; -->
<?php echo "<!-- Hello world at " . date( 'H:i:s' ) . " -->" ?>
<!--/mfunc-->

WP Super Cache has it’s own action hooks using add_cacheaction() and do_cacheaction(), and work like WordPress actions or filters. The reason the plugin needs those is because they are available before WordPress is loaded. They allow developers to hook into the plugin from the very start of the PHP process and modify how it works using plugins. Those plugins are usually copied into wp-super-cache/plugins/ but I encourage you to move that directory elsewhere because when WordPress updates the plugin it will delete any custom changes you make. The next time a new version of WP Super Cache comes out WordPress will delete the wp-super-cache folder, replacing it with the new update. In your wp-config.php set $wp_cache_plugins_dir to the location of the new plugins directory.

If you use this filter system in your own plugin for distribution do not ever define the template tag for the user. Let the user decide what it is or generate a random tag and save it somewhere. It’s important to keep the tag secret so visitors cannot trigger your function maliciously. It is however better than the remote user running any code they like as was the case with mfunc!

I hope to release a new version with this code late next week. If your plugin or site uses mfunc please download the development version on a test server and start the process of updating your code.
On the other hand, if you don’t want to update your mfunc tags you could try W3 Total Cache instead. It uses the mfunc tag with a secret code.

WP Super Cache 1.3.2

WP Super Cache is a full page caching plugin for WordPress that will speed up your website.

This is a security release and any users of the plugin should update as soon as possible. This release and the last 2 (1.3 and 1.3.1) address the following issues:

  • A visitor to a website using WP Super Cache can remotely execute code by way of a specially crafted comment left on the blog. The comment may even be moderated and it will still cause a problem. If you allow untrusted user content on your site through other means it should also be filtered in a similar way. See the function no_mfunc_in_comments for the existing filter. This will be mitigated in the next release by using a security keyword in the mfunc/mclude/dynamic-cached-content tag.
  • An XSS vulnerability was found in the plugins settings page of the plugin. This has been fixed as well.

The dynamic cached content features are now disabled by default as they should really have been a long time ago. This was announced in the Upgrade Notice of the previous release so hopefully site owners will be prepared for it. If you depend on this feature you can enable it again on the Advanced Settings page. I would encourage you to use Javascript instead for any dynamic features or use a short cache expiration time.

Support for the mobile theme in Jetpack has been added in this release by way of a helper plugin. If you enable this feature in Jetpack you should visit the Plugins tab of WP Super Cache and enable the Jetpack plugin there. Caching will be changed to PHP mode, and mobile device support enabled but you may have to manually remove the WP Super Cache mod_rewrite rules in the .htaccess at the root of your site.

I would like to thank WordPress.org user kisscsaby for finding the mfunc problem in WP Super Cache and W3 Total Cache and Frank Goossens for his help fixing it.

Edit: I should have stated this above. I did not know about the issue with mfunc until 3 weeks after kisscsaby posted it to a public forum. I don’t read every post on the support forum unfortunately and the user did not email me. I released version 1.3 within a day of hearing about the problem. Unfortunately the XSS vulnerability became known 24 hours after that requiring another release within 36 hours of the previous one. When it became clear that mfunc could be exploited still I released version 1.3.2

I’m leaning towards removing the mfunc/mclude/dynamic-cached-content feature completely. It’s only used by a tiny minority of users (who will be inconvenienced, sorry) but it’s dangerous code to have in the plugin.

Who gets your data after death?

I have to admit that filling in the inactive account settings for my Google account gave me the shivers. There’s not much that would stop me logging into my Google account for more than 3 months. It would have to be one of the following:

  • Trekking through a rainforest pursued by secret agents monitoring all radio communications.
  • Lost on a desert island with only 80’s computer equipment to keep me amused.
  • In a coma after a botched attack by terrorists who are hell bent on killing open source developers.
  • Dead.

None of the above are very appealing options but at least one is as inevitable as, err, taxes, so it must be faced.

I added a trusted contact and was then presented with a popup asking for a subject and email body. Writing that was unsettling but I hope more services do something similar. I’ve heard too many horror stories about Facebook accounts that have been frozen on the death of an account holder.

You can choose what data is or isn’t shared with a contact. Included is Latitude, which has tracked my whereabouts for the last 2 years and will continue to do so. It makes me wonder how my descendants will cope with the deluge of information. It may very well end up as an anonymous zip file on someone’s computer I guess.

The list won’t be frozen in time either. Do I add my siblings? What about my son when he’s older? What age? I should set a calendar reminder for his 18th birthday. I’ll have to warn those trusted contacts because Google sends an email and a text message when the account goes inactive. Like a letter from the grave.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Here are a few options.

  • uBlock Origin is a free, open source, ad blocker for your browser.
  • Use pi-hole if you have a spare Raspberry Pi on your network.
  • Set the private DNS settings on your phone to dns.adguard.com to block adverts and trackers.