I’ve currently noticed that after updating to PHP 5.3 on macports, the php-cli (command line executable) was giving me some warnings with no sense because I had all the mentioned libraries installed:

PHP Warning:  Directive 'register_long_arrays' is deprecated in PHP 5.3 and greater in Unknown on line 0
PHP Warning:  Directive 'magic_quotes_gpc' is deprecated in PHP 5.3 and greater in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library './gd.so' - dlopen(./gd.so, 9): image not found in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library './mbstring.so' - dlopen(./mbstring.so, 9): image not found in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library './mcrypt.so' - dlopen(./mcrypt.so, 9): image not found in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library './mysql.so' - dlopen(./mysql.so, 9): image not found in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library './mysqli.so' - dlopen(./mysqli.so, 9): image not found in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library './pdo_mysql.so' - dlopen(./pdo_mysql.so, 9): image not found in Unknown on line 0
PHP Warning:  PHP Startup: Unable to load dynamic library './zip.so' - dlopen(./zip.so, 9): image not found in Unknown on line 0

This seems to be a very common problem after the update. It occurs because most of the configurations in /opt/local/etc/php.ini are now obsolete with PHP 5.3.

So if your update went well, you should have two samples of php.ini in the mentioned folder. One for production and the other for development. To fix this problem just rename you current php.ini file to something else, and then rename one of the samples to php.ini. Restart apache and voilá. PHP cli is back with no warnings and all the installed libraries available.

I got an email today from a hashr user complaining that the add-on was not working on Firefox 3.5. I had noticed it a few days ago, but completely forgot about it.

I’m currently updating the add-on to 3.5, improving the user interface and maybe add some new feature. But for now if you wish to use the extension with Firefox 3.5 you can use a little hack that works with no problems.

Just locate your Firefox profile folder, and then open the extensions folder inside it. There will be one folder with the word “hashr” in the name. Open it an edit the file install.rdf.

Inside the file locate the following lines:

<em:minVersion>1.5</em:minVersion>
<em:maxVersion>3.0.*</em:maxVersion>

And change it to:

<em:minVersion>1.5</em:minVersion>
<em:maxVersion>3.5.*</em:maxVersion>

Save the file and restart Firefox. It should now be working perfectly. If not, check the add-ons manager to see if it’s disabled.

Edit: Mozilla has finally approved the new version of hashr, so this hack is no longer needed. You can find the addon here: https://addons.mozilla.org/en-US/firefox/addon/8539.

I’ve released the second version of hashr extension for Firefox. This version is a major code fix, since the previous version, 0.1, had global variables and functions declared in a way that could cause conflict with other extensions or sites.

This problem in the code was detected by a sandbox reviewer at the addons mozilla site. Because of this problem, the extension is still retained in the sandbox. Now it’s fixed, the functions and variables are in their own namespace, avoiding conflict. So, probably soon it will be out of the sandbox :)

Users of hashr should update quickly. You can update from hashr homepage, or from the mozilla addons site (requires login while in sandbox).

I’ve also received by mail some suggestions to implement/change things in hashr. They aren’t forgotten, it’s just too soon to release them.

Just when things were starting to get exciting in Mozilla Firefox, Google shows up with a internet browser that seems to be a great improvement over current browsers.

So here it is, Chrome running on my computer, I booted up Vista on purpose just to try Chrome out. And I don’t regret it. I just can’t wait for the Mac and Linux versions!

The best thing about this new browser it’s the interface, pure simplicity the Google way. And this is nothing compared to the way that the browser deals with tabs. Each tab, one process, with it’s own memory space address. Which theoretically leads to great stability and no memory leaks (Firefox biggest problem, now improved in version 3).

And to leave you drooling all over you keyboard, Google released a 39 page comic book, explaining every aspect behind Chrome. Check it here.

So this browser seems to be the better of two worlds. It’s based in Webkit, just like Safari, and I liked Safari because of it’s fast rendering. And it’s open-source, just like Firefox. The one thing that’s missing for now it’s support for extended functionality (extensions / plugins) and a Linux and Mac version (coming soon). Well… they could also change the icon, because it’s ugly in my opinion.

Enough talk. Try it here!

One thing that is missing in Ubuntu is an easy way for a novice user to turn on and configure the firewall. It’s bad enough to not have the firewall turned off by default. Even if you argue that Ubuntu is secure by default because it has no services listening on the network on first boot, that’s not an excuse to leave the firewall turned off.

Ok, there is ufw (uncomplicated firewall) which I think it’s nice because saves me all the hassle of messing with iptables when I don’t have the time nor the mood to deal with it. But it’s command-line based! Novice users don’t really like or know how to use the terminal!

To end this problem, there’s Gufw:

Gufw is an easy, intuitive, way to manage your Linux firewall. It supports common tasks such as allowing or blocking pre-configured, common p2p, or individual ports port(s), and many others! Gufw is powered by ufw, runs on Ubuntu, and anywhere else Python, GTK, and Ufw are available.

This project sounds nice to have in Ubuntu by default. In fact I liked it so much that I decided to contribute to it. So expect me to talk more about it in some future posts.

Link: gufw.tuxfamily.org

A semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

Detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more.

Ratproxy is currently believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.

Boa iniciativa da Google em lançar como open-source esta ferramenta que poderá ajudar no debugging e prevenção de alguns problemas de segurança com as aplicações web 2.0.

Aqui fica o link para o post desta notícia no blog da Google.

Se estiverem a usar Firefox 3 (a propósito, já saiu a RC3) experimentem inserir no url:

about:robots

Vão encontrar uma mensagem interessante e um botão “Try Again” estranho :)

Aqui vai um link para um screencast onde são demonstradas as novidades no browser Mozilla Firefox 3 que será lançado ainda este mês:

http://people.mozilla.com/~beltzner/overview-of-firefox3.swf

De todas as novidades, destacam-se as relacionadas com a segurança, onde é dificultada a vida ao utilizador se estiver prestes a entrar num site considerado perigoso ou que não tenha os certificados em dia /inválidos (este último acontece bastante infelizmente, causando uma despreocupação dos utilizadores ao depararem-se com os avisos do browser).

Para quem necessitar de correr Wireshark no Mac OS X, provavelmente vai encontrar o problema de o programa não conseguir encontrar nenhuma interface disponível para escuta. Pode não acontecer na primeira execução, pois este ainda vai beneficiar dos privilégios adquiridos no acto da instalação, mas depois a partir daí não é mais possível encontrar interfaces disponíveis precisamente devido à falta de privilégios. Dado que correr o wireshark com sudo não é recomendado por vários motivos, o problema pode-se contornar facilmente.

Em qualquer sistema baseado em BSD (OS X incluído) a libpcap do Wireshark cria um device BPF para efectuar a captura de pacotes. Logo basta dar permissão ao nosso user para poder aceder a esses devices. E para isso basta inserir na shell:

sudo chown username /dev/bpf*

Isto vai perder o efeito assim que for efectuado um reboot, pelo que terá de ser executado sempre que a máquina reiniciar. Existem soluções mais automatizadas, mas eu pelo menos prefiro e recomendo que seja efectuado manualmente para maior controlo.

Já saiu o Release Candidate 2 do browser Firefox, toca a experimentar :)

http://www.mozilla.com/en-US/firefox/all-rc.html