Digg hates me!

It’s true! Digg hates me. We were friends a few years back. The bloggers around the world submit the awesome links to you and you helps us to give some traffic for our blog. It is win-win situation for both sides. I didn’t know that things has been changed until I submit one of my posts to that site today.

I got this error below as soon as I enter my link in yours. Look at the screenshot. How bad is that? Your development team didn’t create the overlay message properly and your QA failed to find out about it.

I’m sure you can’t even read your own message so I posted the text below.

Stop right there criminal scum!

This page may be a forgery or imitation of another website, designed to trick users into sharing personal or financial information. Entering any personal information on this page may result in identity theft or other abuse

It’s not the first time that you treat my site like a spam site, Digg! I will show you the email history that I and your support team had a couple of months back.

Digg Support – Nov 18

Hello mchlsync,

We use the Google Safe Browsing API to help prevent spam and malware from getting submitted to Digg.com. It appears that Google has flagged that domain. For more information please check the link provided below:

http://code.google.com/apis/safebrowsing/

I went to Google Web Master tool and checked my site. I found no issue, Digg!

I replied to your support with this screenshot.

Digg support team – Nov 19~

Hello,

We’ve contacted our development team who are investigating the issue, and will fix it as soon as possible. Please don’t hesitate to contact us should you have any further questions.

For more information, please see Digg’s FAQ section (http://about.digg.com/faq).

Follow us on Twitter! http://twitter.com/digg

After a few hours on the same day, they asked me to try again.

Try again now, it should work. Let us know if you’re still having problems

When I checked it again, I found that the issue has been fixed.

But today, the issue show up again. I’m not sure how you guys are handling the regression issue but it’s not cool if this issue keep on coming back again and again.

So Digg! do something about it!

backwp.php in Twenty Eleven Theme

Some of you know that my blog was under attack a few months back. I started taking care of my blog’s security as much as I can since then. One of the things that I did is that I installed WP-Malwatch to scan the suspicious activities on my blog everyday. That plugin is kinda useful tho.

I received a notification from that plugin saying that it’s suspecting some viruses on my blog this morning so I quickly logged in and scanned my current template manually on dashboard. I found one new file called backwp.php inside the theme folder.

I’m guessing that it might be the back-up file of Twently Eleven them but I couldn’t find any information from theme download page so I posted a question about that file on forum and am still waiting for the answer. Let me know if you have any idea about this file. For the time being, I deleted this file and tested my blog. It’s still working. I think that it’s very safe to delete that file.

Another weird thing which is happening since I started using “Twently Eleven” theme is that I’m getting this error often when I’m playing around in dashboard area. I tried contacting with people behind this theme and no reply from them.

This theme is awesome and it was created by the official wordpress.com team but after using it for a while, I realized that this theme comes with quite a few problem as well.. Maybe, it’s time for me to look for new theme..

I’m back!!

Good evening guys! Yeah. I’ve been away from blogging for several months. I’m so sorry about that. I tried writing some posts during these days but I couldn’t manage to finish them and they are still lying on my draft lists. Anyway, I’m glad that I am finally able to come back to this blog and update you guys about what I’ve been doing during my absence.

Elena Sync

First of all, I’d like to introduce you to my first baby. Her name is Elena Sync and she is 8th months old now. She has big cute eye. :) I’ve been playing with her most of the time.

Fitness/Dance

As a software guy, I’ve been spending so much time in front of computer, staying late and eating junk food and drinking beer at the middle of the night during past a few years. As a result, I was getting a lot of weights and it affected my health as well. so, I decided to join a local gym called FitnessFirst and hired a personal trainer to train me hard. After that, I managed to lose around 18 kg (of course, after spending a lot of times and money ). ^^

I also joined Melbourne Shuffle class at R! studio and used to attend Yoga class in Fitnessfirst as well.

New Job

I worked as a Solution Architect for developing brain training games/applications with Silverlight/Windows phone 7 at Memolife. Due to some reasons, I resigned from Memolife and joined Alex Golesh‘s company called Sela International ( and Simulation Software and Technology ) in Singapore. (Thanks to Alex!)  I will be participating in giving training, consulting and making the training materials for Sela. I’m pretty excited about this job. Wish me luck!

 

Silverlight Guys, What should we do next?

A couple of months back, my boss went back from Norway and UK. He met with one guy from Google. That guy told my boss that HTML 5 is the future and we should be more focusing on HTML 5 than Silverlight that we are currently using. When my boss back to the office, the first question that he asked me is whether we should move to HTML 5 instead of Silverlight for our next products. To me, this question is NOT something new because I know that it’s just a matter of time. Someone will ask this question sooner or later. I even asked myself a lot of times since long time back. I’m working with Silverlight but I’m also watching HTML 5, CSS 3 and ECMAScript 5 (JS 1.8.5) very closely and I even subscribed to HTML 5 working group mailing list so I guess I know what’s happening in both Silverlight world and HTML 5 world.

Coincidently, what top guys from Microsoft said at PDC 2010 makes a lot of noise in Silverlight community and etc so we got a bit of tiny noisy in our office as well. So, I’m writing this post to share how we can simply answer this kind of question and some of my thoughts about “Silverlight Vs HTML 5″ debate. If you are running a company and having some doubts in investing money on Silvelright for your future products then I hope this post might help you to clear some of your doubts. But of course, I’m not a big guy from any giant company and I have no control over both Silverlight and HTML 5 (and also, any other technology.. :-) ) so I don’t mind if you think this post is crap. :) All I can say here is that I’m just a guy who loves cool technologies so this post is nothing to do with Microsoft or any other company. All are purely based on my personal point of view.

The first thing that I consider is the status of HTML 5. What is the current status of HTML 5? HTML 5 is still under (heavy?) development and it will take a few more times to get the final version.. Let’s forget about when the browser guys will finish the implementation.  The standard recommendation document itself has not been finalized yet. So, when will HTML 5 be finished? I think nobody knows the exact date of HTML 5 release at the time of writing. According to the WHATWG FAQ, they are no longer working specifically on HTML5. Initially, the editor estimated that they’d reach Last Call in October 2009, Candidate Recommendation in the year 2012, and Recommendation in the year 2022 or later but they also said that they are no longer working on it so we don’t really know what it will be finished as well. Let’s take a look at how many browser supports how many percentages of HTML 5′s new features now. (Note that there might be a lot of ways to test those new features in browsers but a simple guy like me uses very simple “Acid for HTML5” website in this comparison. )

  • Google Chrome (version : 7.0.517.41 beta) :  231 and 12 bonus points
  • Safari (on Windows) (version: 5.0.1 (7533.117.8) : 207 and 7 bonus points
  • Opera (version: 10.63) : 153 and 7 bonus points
  • Mozilla Firefox (version: 3.6.10)   : 139 and 4 bonus points
  • Internet Explorer 9 (version:9.0.7930.16406) : 27 and no bonus points

Note: According to the IE Test Center, there are a lot of tests and IE 9 is the top one among other browsers. I’m not really sure about those tests and I don’t know the differences between “Acid for HTML5” and IE Test Center. Please feel free to drop a comment if you know the differences. Thanks.

As you can see, each browser has different scores for HTML5′s new features. Can you guess how long it will take to have all browsers support all new features of HTML 5? Do you remember the time when we were in Ajax world and we did suffer a lot for implementing different tricks for different browsers?

If you look at Silverlight world, we are hitting the version 4 already.  Silverlight works perfectly the same in the following browsers.  So, it will save a lot of times for implementing a lot of hacks for different browsers.

  • IE 6 (SP1. SP2), IE 7, IE 8 and IE 9
  • Firefox 3
  • Safari
  • Google Chrome

But I didn’t say that both Silverlight and HTML 5 are cross-browser thing. Well, we started learning Silverlight because MSDN mentioned that it’s the cross-browser but the truth is that the term “Cross Browser” can be different from person to person. Does “cross browser” means it works in each and every browsers and on each and every platforms?  Trust me, there is no such a thing that works in all browsers on all platforms. So, does it mean all major browsers and major platforms? Well, Microsoft doesn’t support Linux platform officially until now.  So,  Let’s be realistic. how many browsers supports all features of Silverlight and all features of HTML 5? As I mentioned above, there is currently no browser that supports all features of HTML 5 (and nobody knows what the all features of HTML 5 are until WHATWG releases the recommendation. ). For Silverlight, there are four browsers that officially support by Microsoft and all of Silverlight features will work the same on all supported browsers. Do you see the big differences?

What about tools and languages? HTML 5 is everything. It’s just a markup language so you will have to use at least Javascript and CSS in order to develop HTML 5 websites or applications. Sometimes, we may even want to use any server-side script like C# or Java or Php or etc. If you are using Silverlight, you can use the managed code like C#, VB.NET and etc. But one thing for sure is that there is no good or bad thing in choosing languages. Some developers love Javascript and some prefer C#. It’s all about personal preferences. I love both C# and Javascript. But For our company, we already have the applications which are developed in Silverlight. So, converting all applications to HTML 5 with Javascript is a huge thing to do for us and it has no big value for us to do that as well.

As of now, HTML is damn hot because the most of us are assuming that all browser guys will be supporting HTML 5 in all browsers so once we develop one application in HTML 5 then it will be able to run on each and every browsers or platforms. one shot, all bird dies! nice, huh? But wait, does all browsers support HTML 5 now? Nope. I already mentioned the comparison above. Is all browsers going to support HTML 5 very soon? Not likely. I’m pretty sure that it will take some time.. maybe. 1 or 2 years..  4 or 5 years.. or even more..

So, what should we do next?

Well, it’s very obvious that it’s still safe for us to use Silverlight for our products. Did Microsoft’s strategy and focus shift to HTML 5? We don’t know.  Bob Muglia, President of the Server and Tools Division at Microsoft, mentioned that Silverlight is very important and strategic to Microsoft and they will be working hard for next release of Silverlight in his post. But he didn’t mention that the strategic didn’t shift. So, we can also assume that the strategic might has been shifted but will be still investing money on Silverlight.. Nobody knows it is going to be less investment or not. However, I’m very sure that Silverlight still have big future… Silverlight is not just for web after all. We can use it for developing the out-of-browser applications and Windows Phone 7 applications as well.

But of course, as a developer, we can’t totally depend on one technology only. So, it’s better if we should keep our eye open for other interesting things including HTML5/CSS3/JS1.8, Node.js, Google Go and etc as well so we can use it when we need it. :)

What do you think? :)

My blog was under attack

Bad news! guys.. My blog was under attack for several times during this year. (Thanks to my readers who informed me about the problem.) I have successfully removed the injected script from my blog so it’s safe for you guys to read my blog again. (Actually, It was safe for you guys because the domain in the injected script is in the blacklist so the browser will automatically block you from accessing it. ) In this post, I will inform you about the injected script and the list of changes that I did to prevent this from happening again.

The attacker was targeting the footer.php file in the current theme that I’m using. The following script was injected in footer.php file.

The Injected Script

Fig 1: The injected script

Analyzing the Javascript

By looking at the script, I knew that that person was using Javascript function “unescape” to decode his encoded string. But I couldn’t say what he wrote in that encoded text. So, I used the online JavaScript Escape/Unescape Converter tool to decode the string.

I copied the whole text and paste it in “escape text” textbox and click on “Complete Unescape” button.

Here is what I got for the first conversion.

Fig 2: The decoded script - part 1

As you can see, the text was encoded twice so I copied the text between unescape brackets and converted it again in converter webpage.

Here is the second part of the decoded script.

Fig 2: The decoded script - part 2

But there are some % and number (e.g. %62 ) in the URL but it’s very easy to figure out what it is.  I went to the “HTML URL Encoding Reference” page and I got the ASCII character for four numbers.

  • %20 = {whitespace}
  • %62 = b
  • %65 = e
  • %63 = c

The purpose of this script is that when user access my blog then it will show this site below in iframe. But luckily, this site is in black list so the most of browser will warm you or refuse to show that site so the attacker will not get what he wanted.

Fig 3: Black website

I thank to him for not deleting any data or etc. It encourages me to take good care of my site even I’m very busy. :)

What did I change to prevent this?

I changed the following things but honestly, I have no idea whether it will work or not. I will have to wait a few months or year to see the result. I’m posting this because if you are facing the same problem as I had and you don’t know what to do then you can probably try doing the same thing like I did. Please feel free to let me know if you have any better idea or suggestion.

Tips

  1. Ensure WordPress and all plugins are up-to-date.
  2. Delete all unnecessary plugins or themes that you are using in your blog. If you have other extra files in your host, do delete them as well.
  3. Disable unused accounts in your host and change the password of current account that you are using.
  4. Use auto-backup software or plugin or etc to back-up all files (including images, samples) and database.
  5. Double-check the security setting of your blog (You can read the best practice for WordPress Security in this link Hardening WordPress ) If you are not familiar with those things then you should ask your hosting provider to help you or get someone to do this.
  6. Install some security plugins. I installed the following plugins for security in my blogs

Well, That’s all that I did. Like I mentioned, let me know if you have any better way to secure the wordpress blog. Thank you all for reading.. :)

Related ~