technozid

Today, the new version 1.0.11 of Joomla! was made available for download:

Joomla! 1.0.11 [...] is being designated a Critical Security Release. All existing Joomla! users MUST UPGRADE to this version, due to several High Level vulnerabilities that affect ALL Previous versions of Joomla! [...] If you are using ANY previous version of Joomla!, you need to upgrade to 1.0.11 as soon as possible.

Just in time, because also today, Secunia found security issue #20 with this software (admittedly in Joomla! 1.0.10):

A vulnerability has been discovered in Joomla!, which can be exploited by malicious users to conduct SQL injection attacks. The vulnerability has been confirmed in version 1.0.10. Other versions may also be affected.

Seems the developers are actually taking security a little less lighthearted. At least the security advisory sounds pretty straightforward.

Via Andreas

With an almost 3-week delay we finally switched on our fibre-optic link today. The delay was caused by the electrician of our landlord (do you say landlord also for office buildings?), who has the exclusive right to do all wiring in the building. Fact is he broke the cable the first time, but it cost him more than a week to borrow(!) the measurement equipment to confirm it himself and then another 10 days to get a new pre-confectionated(!) cable. That’s Mr. I-installed-many-fibre-optic-networks-before for you Our ISP and myself were righteously furious at this guy and his exclusivity deal. I hope the accounting from our ISP check his invoice really thoroughly…

Along with the fibre link came a tripling in speed for our connection (from which this blog benefits too since it is hosted on one of our servers). Once the link was established, we experienced a short but fascinating speed rush as our connection worked at stunning 100 MBit/sec. Just for the fun of it I downloaded a long movie from archive.org with some impressing download rates. However 15 minutes later the router was throttled to regular speed, but even the tripling is quite nice. Probably ISP’s should occasionally switch high bandwidth on for customers, so that they enjoy it and are more likely to upgrade next time.

A couple of years ago my company bought the software package QuarkXpress from someone at eBay. Recently we tried to upgrade that version to the most current one, but Quark declined the upgrade saying the version was already upgraded. This upgraded version is registered to the person who sold us our old version, which is a clear violation of Quark’s licensing policy. But even though this person – who is known to Quark – is using a pirated copy Quark still declares this as not being their problem…

So it’s up to us – or more precisely to me – to try and resolve that issue so that we can upgrade the package. So I browsed my old email archives (glad I still had them) and finally found two mails between the vendor and myself. Unfortunately there was no address and not even a name, but I had the eBay auction number.
Next I tried to access that auction within eBay, but since it was older than 90 days it wasn’t there anymore. However I still found the rating and by this I could access the vendor’s profile. He’s still active in eBay. Since I intended to write a (snail mail) letter to him, I needed his name and address. So I set out to contact eBay regarding that issue.

Have you ever tried to contact eBay?

First attempt: footer navigation, imprint or contact address. Nothing!
Second attempt: “My eBay”, contact link or contact form. Nada!
Third attempt: Help center, contact form. Hooray, it’s there! Oh… category selection. None really fits. Ah… this form might do it. It requires the auction number. Duh! It rejects my 3 year old number. Well, I randomly selected one from the current auctions to make it submit.

Once I got the email-CC of my request I thought that I’d only had to wait for an answer. Ha-ha!

The answer came half a day later and said that they could see no association between me and the auction in question. Well, of course there was none since I randomly picked an auction to make the form submit! But the REAL auction number was inside the text. I politely pointed out this fact and repeated my question. The answer came the next day, saying basically ‘Who are you and why are you emailing us?‘.

Er….Pardon? So I repeated the whole issue, gave auction numbers, mentioned account names and again asked for the name and address of the vendor. The answer came half a day later, saying again basically that they don’t know who I am. It turned out that the email address registered with eBay was an internal mailing list inside my company along the lines of ebay@… – never meant to SEND email, only to receive it. My own emails were sent under my regular account – so there was an address mismatch. And some eBay policy somewhere says that in this case – even if correct names and passwords are quoted – no information may be disclosed. Not that there was a unique tracking code attached to each email, and the initial email originated from eBay’s own form center.

It took me a couple of more and more irritated emails to find out about this policy. One of the customer reps (I got a new one upon each mail exchange – despite the tracking ID) hinted that I could of course change the eBay mail address in the “My eBay” area. Which I did.

So, finally, I made everything right, and finally I was eligible to ask the question I intended to ask all along: name and address of the vendor! I shivered with anticipation as I hit Enter…

… only to get the answer half a day later that they couldn’t find the auction because it’s older than 90 days, and that I “should contact them earlier the next time!”. The question for the vendors name and address was studiously avoided.

Epilogue:
The vendor in question is listed as an eBay PowerSeller. He’s still selling similar software packages and he is posting a sales tax identification number alongside with his auctions – not easy to find – but present as required by national law. It cost us 10 € for a database query to get the name and company address associated with that ID number. Tomorrow’s mail will deliver our letter to him. We’ll see what happens.

I was reluctant to upgrade my WordPress 1.5.x to the most recent version because there were quite a lot of warnings given on the official site. Especially the part about backing up the SQL database made me postpone. However Brian just posted a reassuring explanation with a handy script, promising a painless WordPress update in 35 seconds. Well, it took a bit longer for me since I had to adjust a few paths but – hey – it worked just fine! Welcome to WordPress 2.4! Thanks Brian!

I just got an email from my ISP NetCologne saying that they just upgraded me from 2 MBit to 6 MBit without extra charge. I immediately made a speedtest and reached ~550 KBit KByte/sec upon downloading a 10 MByte file. The theoretical maximum would be 768 KBit KByte/sec but with all the overhead a realistic value would be ~650 KBit KByte/sec. Maybe I should check the settings to see what those ~100 KBit KByte/sec fricitional loss attribute to. Anyway, thanks NetCologne!

Scientists from my hometown’s university have found out that eBay-auctions, which end during the day achieve higher profits compared to auctions ending in the evening. Popular belief is that evening-endings are more profitable since more surfers are online. However one needs to take into account that the number of auctions ending after 6pm is significantly higher due to the same reason. During daytime, there is a shortage of auction-endings and therefore higher bids might be achieved.
Of course this will only work as long as this does not lead to a paradigm shift with more sellers shifting to during-the-day acution endings. The results might be interesting though for (pseudo-)commercial Powersellers offering larger volumes. They can both test the theory and shift a partion of their stock to end-time-endings and another portion to evening-time-endings.
Via heise.de

Philip has managed to reverse-engineer the Google PageRank algorithm and confirmed the fears of all professional webmasters.

Though this is satire of course, the interesting point is that there has to be such a piece of code, and that it most likely will look rather similar to the one Philip made up. It would be really interesting to have a look at it.