The concept of doing network scanning via JavaScript is hardly new and is quite easy for anyone with even cursory knowledge of JavaScript. However, the assumption was that as long as you browse the web with JavaScript disabled you are safe from hostile sites from scanning your network. Alas, this was not to be, in a very interesting post Jeremiah Grossman shows how can this be done with plain HTML using no JavaScript what so ever. His methodology relies on Firefox's quirk, whereby the page loading would wait for the tag to be processed before rendering the rest of the page. This means you could use the link tag to reference local IPs and use a subsequent image to see how long did it take for the IP to respond. If the response was very quick, then you know the host has something listening on a given port and if it does not, well then the port is being blocked or filtered. The problem with his approach is that to scan an entire network would be rather slow and require multiple iframes to perform th...

Now that the Jet-lag has worn off (all-night flights suck, even when they are first class) I figure it would be the perfect time to blog about my recent visit to Microsoft's Web Dev Summit. A few weeks ago I got an invite from Brian (who thanks to Wez he got through my spam filters) to come to Microsoft and see what kind of cool stuff they are doing and to give some feedback from the "enemy camp" so to speak ;-) on the stuff they are doing. I thought it'd be a great opportunity to see what's going on the other side of the fence and readily agreed. So, last week, I caught a plane to Redmond where I joined a number of other PHP luminaries (Wez, Marcus, Frank, Laura, etc...) and a lone Ruby developer (Yes, they do exist!). Over the next two days we had a very tightly packed schedule of presentations from Microsoft folks on things ranging from IIS7 to LINQ. Despite the very tight schedule we've got a number of opportunities to have informal talks with Microsoft developers which in my experience were quite i...

A new Apache 1.3.37 is out and I had to upgrade all my servers to it, in the process I've had to compile mod_deflate, a high performance compression module that works MUCH faster then mod_gzip. This is primarily thanks to the fact it does not use temporary files, but instead does everything in memory. Since the official mod_deflate package has been abandoned by its author, even though the code still works with a few minor tweaks. So, I've decided to post a patched version of this module for all interested Apache 1.3.37 users. You can download it here: http://ilia.ws/uploads/patches/mod_deflate-1.0.21i.tar.bz2 MD5: 4bd8b6773d9cb843494faceae3c9c945 The package also includes a short README files that explains how to install this module on your server. For people too lazy to read the README, the instructions follow at the bottom of this blog entry ;-). Installing mod_deflate 1) Apply mod_defalte.patch on top of Apache 1.3.37 2) copy mod_defalte.c into the src/modules/extra directory 3) Add --activat...

Here is a new "plan" by the Canadian Copyright Licensing Agency to stop piracy at the root, the kids! They invented a superhero of their own to fight the evils of piracy... Zooom.... BAM... and all that good stuff. Their website can be found here http://www.captaincopyright.ca/Default.aspx

Yesterday, I went to Montreal for a quick business trip, and as I was walking out of the terminal building in the airport I recieved a very interesting SMS from Rogers (my cell phone provider), which went like this: "Welcome to the USA! Access ur voicemail as you do at home. Dial +15147347699 to reach customer care. Enjoy!" Is there something I missed in the news? ;-)