Log in


Archive for January, 2007

Wasting time with IE bugs

Categories: Web Development
January 30th, 2007 by Peter

You might also know these little ‘by the way’ feature requests from your boss, which cost you 2 days of work and look like 5 minutes of work. I spent the day with one of them.

I tried to develop a little web page with “Web 2.0 style” overview of some videos about our research. After finishing the dynamic list creation in PHP (30 minutes), I started to evaluate the different available JavaScript libraries. As one example, we found BoxOver, which produces really nice-looking tooltip windows, and Scriptaculous. After some playing, we had a basic set of effects on the page.

Next step was to implement that the click on a video preview image leads to the loading of an embedded video player, running the chosen video. YouTube and friends solve this by embedding a flash movie – nice as copy protection, and nice to control through images with JavaScript event handlers. However, we wanted to keep our original movie formats, and therefore looked for a solution to embed MPEG files directly with Windows Media Player or Apple QuickTime Player. Elizabeth Castro provides a great summary of all the things that can go wrong while embedding these players in your web page. The most relevant information was that video player embedding usually demands explicit width and height tags, even if they are marked as optional. After some testing, we got a static version working.

So far so good, but how to show the media player on click ? First option was to hide the media player element and re-show it in the click event handler. This does not work for IE7, since the click on the image brings up an “I disabled an ActiveX control for security reasons and now your page is messed up. Sorry.” warning without any option to continue anyway. I can understand the reasons not to embed hidden ActiveX controls without notice, but I would like to decide myself if this is a problem or not. The second problem was that some browsers started to load all (==10) movies at the same time, since the hidden player object element was already part of the page. Bad user experience with low bandwidth, as you might guess …

Our second idea then was to add the video player code dynamically in the onClick() routine, which is the usual “Web 2.0″ style of modifying the page content on client side. It worked *great’ on Firefox, but the JavaScript code crashed on IE7 all the time. With an useless error message, it took me hours on the web to find the original source of the problem. It seems like Microsoft is not able to fix an approved bug for the appendChild() method, which is known since IE5.5 (!):

[source:JavaScript]
function msvideo(file) {
new Effect.Appear(“enlarge_” + file,{ duration: 3.0 });
var tags = document.getElementsByTagName(‘img’);
for (var i = 0; i < tags.length; i++) {
if (tags[i].id == file) {
var newotag = document.createElement('object');
newotag.setAttribute('type','video/x-ms-wmv');
newotag.setAttribute('data','./data/movies/' + file);
newotag.setAttribute('width','‘);
newotag.setAttribute(‘height’,’‘);
newotag.setAttribute(‘id’,file);
newotag.setAttribute(’standBy’,'Loading player …’);
addParam(newotag,’src’,’./data/movies/’ + file);
addParam(newotag,’controller’,'true’);
addParam(newotag,’autostart’,'false’);
addParam(newotag,’qtsrcdontusebrowser’,'true’);
addParam(newotag,’enablejavascript’,'true’);
tags[i].parentNode.replaceChild(newotag, tags[i]);
}
}
}

function addParam(o, key, value) {
var newparam = document.createElement(‘param’);
newparam.setAttribute(key,value);
// breaks on IE5 to 7 due to MS Bug 927917
o.appendChild(newparam);
}
[/source]

As I understood, you cannot add new child nodes to an open parent container in IE, which is no problem in all the other browsers. If you remove all calls to addParam() in the example above, then everything is fine. The problem – WM10 is shown in IE7, but does not play anything, since the “activate ActiveX plug ins explicitly” feature stops your video from playing with the default settings.

In sum, I found hundreds of postings regarding similar problems with the DOM support in IE. We ended up with converting all videos to flash, and using an embedded player like YouTube:

http://www.dcl.hpi.uni-potsdam.de/

2 Comments »

Hacked again

Categories: Administration
January 11th, 2007 by Peter

Our root server was hacked again, and again by a buggy PHP script of some folk (lets call him LUSER) hosting his content on our site. It was not that nasty, but there might be newbie admins which find this story useful.

While solving some other problem, I recognized a process iroffer in the netstat output, which is usually not on this system.

First: Don’t panic. Really. Every system is hacked sometime. EVERY system.

The first action was to perform a chkrootkit run with a fresh installation (apt-get install --reinstall chkrootkit). If you are paranoid, check the MD5 sum of the binary against a reasonable source.

Even though chkrootkit is not the ultimate oracle, I trusted the negative result and expected a typical web script hack. Therefore, I went through the list of all open files with lsof and looked for suspicious process names. I found three of them, usr, httpd and again iroffer. httpd is a little bit nasty, since the true web server is shown as apache in lsof. But if you know the web presence which was hacked, you will easily determine all relevant processes in the list.

The lsof information showed me the right directory for the binaries. One of them was hidden in a file looking like a session cookie (.sess_1403881), the other two (mybot.state, httpd) in a directory called “…”. All of them were situated under the web page directory of LUSER, and ran under the account of the web server. I used the PID’s from lsof, and looked on the ps output:

[source:C++]
mymachine:/# lsof|grep “iroffer “|grep -v REG
iroffer 22080 www-data cwd DIR 3,3 4096 14625 /tmp/.sess_140388140388140388
iroffer 22080 www-data rtd DIR 3,2 4096 2 /
iroffer 22080 www-data 0u CHR 1,3 115632 /dev/null
iroffer 22080 www-data 1u CHR 1,3 115632 /dev/null
iroffer 22080 www-data 2u CHR 1,3 115632 /dev/null
iroffer 22080 www-data 4u unix 0xc59251a0 35230838 socket
iroffer 25388 www-data cwd DIR 3,8 4096 148093 /LUSER_WEB_DIR/.sess_140388140388140388
iroffer 25388 www-data rtd DIR 3,2 4096 2 /
iroffer 25388 www-data 0u CHR 1,3 115632 /dev/null
iroffer 25388 www-data 1u CHR 1,3 115632 /dev/null
iroffer 25388 www-data 2u CHR 1,3 115632 /dev/null
iroffer 25388 www-data 4u unix 0xc59396e0 46334738 socket
mymachine:/# ps waux|grep 22080
www-data 22080 0.0 0.2 1912 516 ? S 2006 0:01 /usr/local/apache/bin/httpd/ -b perl
r
[/source]

You can see that the command line in ps is forged. It was even worser for the httpd process, since it was in one line with all the other apache processes, only on a different terminal.

I disabled the web presence of LUSER, killed and removed the binaries. I also checked /tmp, /var/tmp, /etc/rc* and /etc/init.d, in order to throw away startup links and garbage for these tools. Next time we are able to reboot the machine, we will check if the processes appear again.

What can we learn from this ?

  • This was a simple attack. Real rootkit attacks forge every system information you can imagine, so the only chance to detect them are portscans from the outside and an increasing traffic counter at your hoster.
  • Know your processes. Use ps and top frequently, in order to get a natural feeling about the ‘right’ list of running daemons.
  • Learn lsof, ps -c and netstat.
  • The typical PHP attack (mis-use of include statement for remote download) can be avoided by using the latest PHP 5.2 with default options.
  • Calm down. It’s only ones and zeros. ;-)
No Comments »

Document process at OGF

Categories: DRMAA
January 9th, 2007 by Peter

For our DRMAA standardization activities, I analyzed the GGF document process several months ago. Since OGF still relies on the old document, we have no change in the rules so far. Why is this a problem ?

Actually there is no way to fix issues in a finished doucment without restarting the OGF recommendation document process. The GGF / OGF document process was originally derived from the IETF document process (RFC 2026). I found out that most parts are identical; except for a section where RFC 2026 allows changes to a document that do
not lead to a status change. This special rule was not taken over by the
GGF. One should use this knowledge as starting point for some discussion
with the GFSC about a document process enhancement.

No Comments »

Adding new fonts to Mac OS X

Categories: Software Development
January 8th, 2007 by Peter

Martin tried to add some new font to his Mac OS X Tiger machine, but the Apple font management application did not recognize the new fonts instantly. After some investigation, he found out the Apple Type Services for Unicode Imaging (ATSUI) need some cache invalidation. When you copy new fonts to /Library/Fonts with the Finder, the ATSUI server is notified automatically (see here) – but not when you use the shell cp command.

No Comments »

Ede

Categories: Gags
January 4th, 2007 by Peter

** german only, sorry **

In the unlikely case that you never heard the favourite transrapid talk of Edmund Stoiber, here is the link:

http://www.dumkesoft.de/stoiber_transrapid.html

Those guys lead our country, oh yeah …

No Comments »

Citing W3C and RFC specifications

Categories: Research
January 3rd, 2007 by Peter

I stumbled over the problem of how to cite W3C, OASIS, RFC and other standards with BibTex in the right way.

The W3C guys agreed on some mechanism, and Jean-Marc Rosengard developed a web interface to generate BibTex entries for W3C documents. Very helpful, but I fear there is nothing similar for OASIS, since there standards overview is not machine parsable at all.

For RFC documents, Roland Bless generates BibTex information for all RFC documents ever published.

1 Comment »

  • You are currently browsing the troeger.eu blog archives for January, 2007.