Morsel Code

So I saw this interesting link bait on my Facebook feed, but the source of it happened to be Zappos.com. I thought it could of been from a Zappos blog, since those guys happen to be pretty hip and could of shared it, however when I clicked the link it redirected me to a seemingly malicious site meant to spread more of this malicious page.

Now I decided to see if I could replicate this, just to make sure I wasn’t crazy.

http://www.zappos.com/bin/zapposset?src=google&ref=googk2zappos_731072p27&tgt=http%3A%2F%2Fmorselcode.com%2F&h=sAQCH4MaP

Turns out it was easy, you only need to replace the tgt parameter to any encoded URL and it will redirect you.

Now the value of this exploit about as equal to the value of the zappos.com TLD. If people trust that URL then you can easily convince them to click it. Sharing it on Facebook, Twitter or any other social network would be easy and make it look legit. Possible uses are for phishing or specifically phishing for Zappos.com info to just feed the browser an exploit and possibly compromise their machine.

EDIT: After getting an email from Joe Levy, he told me to do a Google search (inurl:”target=http”, and variants thereof) to find new URL’s that could be potentially exploitable and within a minute I found that Yelp.com and Autodesk also had easy to exploit redirect scripts.

http://usa.autodesk.com/adsk/servlet/oc/redir?siteID=123112&url=http%3A%2F%2Fmorselcode.com

http://www.yelp.com/redir?url=http%3A%2F%2Fwww.morselcode.com

With everyone hating on bitcoins, Mt.Gox getting ‘hacked’ and the crazy speculation and volatility of the market, I decided to say how much I enjoy BTC. 

Since I had several ATI HD5670’s sitting around, I decided to throw them into a computer and start mining bitcoins. I mined probably 12 coins all time.

With that I’ve purchased a BTC shirt in only Bitcoins (about 2) and today I bought a $50 Amazon GC with 3.3 bitcoins. BTCBuy.info’s automated system made it really easy to do the transaction and I got my GC in about 20 minutes. Pretty good.

Just gotta say, even with all the craziness going on, its still worth my time, even if bitcoins go bust (or even become worth some ridiculous amount, it is still fun to cash out a little now and again).

So I’ve been silently proud (until now) about a few number/money parsers, URL parsers and such that I’ve written.

One reason why I am so proud of them, is that they are NOT perfect. However, they are short and sweet and cover, my guess is, about 99.5% all cases of data they are given and produce the proper results. If someone is trying to be malicious, they can be, but that won’t get them too far, since I encode everything I can remember to, into-db and outto-html. Basically 99% of my DB queries aren’t written by hand and are created via my ORM (SimpleModel), so that helps me from getting exhausted by writing queries, which typically leads to flaws.

There we go. I’m happy to have taken only few minutes to parse money and urls. :D

So looks like GeoHot (George Hotz) settle with Sony over the circumvention of DRM on the PS3.

BULLSHIT.

So I donated a small amount to George’s cause. Hoping for him to win the lawsuit and eventually change the DMCA section that would prevent me, you and everyone, from modifying a piece of hardware that you own.

Now I do not know 100% what is in the settlement, since George is bound by a non-disclosure, but I cannot see why he would of agreed to this.

George is a white-hat and not a black-hat, and what he was doing, was white-hat hacking. I believed what he was doing was rightfully his to do. I wasn’t ever planning on hacking my ps3, nor will I, but having the opportunity to do that, legally, should be my right and my choosing.

Fuck Sony. Well at least fuck SCEA and their lawyers and C-levels.

So it looks like I might have to sell out, ever so slightly, in order to get the stream of cash to go full time on my side projects.

I’m going to wait it out a little bit, see what happens over at Solera, but I can’t stay there forever.

Maybe my Pulse site will be the project to startup.

Since Woot launched their minion program mid-Feb, I was debating whether I should signup and incorporate it in with WootOn!. I delayed for a week since CJ deactivated my old account and ended up just creating a new one with a different email.

I got a approved a few days later, somehow got excited enough to integrate the affil links dynamically via CJ’s API into my JSON cache for Woot and pushed it live. This serves the affiliate info for Woot, Shirt, Sellout and Kids.

I checked the next day and I had done something like 20k unique impressesions. WOW! I was not expecting that at all. I then decided it was time to update WootOn! to look, well, not so 2005-ish.

My end of month stats for March 2011 (including 20 hours of down time, due to me updating my cache and breaking the affiliate stuff) were 925k impressions, which lead to $45k of sales on Woot.com plus a pretty penny to my own pocket.

Thanks everyone who uses WootOn!, Woot.com and CJ.

More to come soon! (Push notifications for Woot Offs!)

Tis the season to feel like shit and code like it too.

Maybe I wasn’t born to code. Maybe I should of played a sport or done something physical. I can’t keep my mind in one place. This happens twice a year and sometimes it lasts a few weeks and sometimes it lasts a few months.

I’d rather be super productive on something I hate than be like this. I need to prevent these episodes. Arg!

I wish there was a registrar that catered towards the developer that had 30+ domains.

I want privacy for free, a sweet little API, and a good workflow for registering. Plus a good price like $8 a year would seal the deal. Basically I am looking for Linode for domains.

Do you know of one?

These last years I’ve been thinking about where am I heading next. I know I’m capable of doing my own software company but without steady income or medical benefits, it scares me.

I keep thinking that working for a big company like Google would be pretty sweet, but it just isn’t as exciting as selling my company to Google.

Veteran startups sound exciting too, like Zynga or Twitter, where they were at a year ago. Even more exciting seems to be some company like Forrst who just raised their seed round of $200k.

Who knows. I sure don’t. Though I kind of do.

There are few things I need to do when I get a new mac. Apple makes a great operating system. It’s solid and works to my liking, for the most part, so I change a few things.

First things I change are a few of the basic settings in System Preferences. I change the keyboard to allow me to tab into select boxes (this isn’t on by default). Then I turn on FileVault. FileVault is a home directory encryption tool that doesn’t seem to slow down my computer what so ever, while giving me a little peace of mind that if someone had hardware access to my machine, my documents would be secure(r).

Next I install a few good apps such as Alfred, Spark, Dropbox, Logmein, Chrome and Adium. Overtime all my computers end up with VLC, uTorrent, Handbrake and Perian (to make QT suck less) on them, so I am mentioning those as well.

Out of all those apps, the one I’d say helps me out the most is Alfred. Alfred is basically a sexy Spotlight with some great external search abilities. I don’t really use the dock anymore because of Alfred, it just helps me out that much. (I do also override the default Alfred key-binding to overtake spotlights ⌘-Space)

Once I’ve setup those few good apps, I modify my .inputrc, symlink .profile to .bashrc and then copy over my .bashrc from my linux box. I like having close parity between my linux and mac terminals (though I got to say, the ubuntu terminal is superior).

As for coding, I’m either in Coda or Vim, so there isn’t much to say there. However while I code, I take full advantage of spaces and expose by enabling the side buttons on my MS mice to do those respective actions. I have to say, I’ve grown extremely fond of the Microsoft mice and keyboards, I just never get carpel with them.

Wow, that is a lot to say about what my macs need to get them to where I want, but once they are all there, it is some serious, efficient, smooth riding.