Wordpress 2.0.3 ‘Bug Fix & Security Release’

Matt announced a release for Wordpress today on the Wordpress Development Blog. This release addresses several bugs and a security issue raised on Bugtraq.

Files changed in this release:

wp-admin/admin-db.php
wp-admin/admin-functions.php
wp-admin/admin.php
wp-admin/categories.php
wp-admin/cat-js.php
wp-admin/edit-comments.php
wp-admin/edit-form-advanced.php
wp-admin/edit-form-ajax-cat.php
wp-admin/edit-form-comment.php
wp-admin/edit-link-form.php
wp-admin/edit-page-form.php
wp-admin/edit-pages.php
wp-admin/edit.php
wp-admin/import/mt.php
wp-admin/inline-uploading.php
wp-admin/link-categories.php
wp-admin/link-import.php
wp-admin/link-manager.php
wp-admin/list-manipulation.js
wp-admin/list-manipulation.php
wp-admin/moderation.php
wp-admin/options-discussion.php
wp-admin/options-general.php
wp-admin/options-misc.php
wp-admin/options-permalink.php
wp-admin/options.php
wp-admin/options-reading.php
wp-admin/options-writing.php
wp-admin/page-new.php
wp-admin/plugin-editor.php
wp-admin/plugins.php
wp-admin/post.php
wp-admin/profile.php
wp-admin/profile-update.php
wp-admin/templates.php
wp-admin/theme-editor.php
wp-admin/themes.php
wp-admin/upgrade.php
wp-admin/upgrade-schema.php
wp-admin/user-edit.php
wp-admin/users.php
wp-comments-post.php
wp-content/plugins/akismet/akismet.php
wp-content/plugins/wp-db-backup.php
wp-includes/cache.php
wp-includes/capabilities.php
wp-includes/classes.php
wp-includes/comment-functions.php
wp-includes/default-filters.php
wp-includes/functions-compat.php
wp-includes/functions-formatting.php
wp-includes/functions.php
wp-includes/functions-post.php
wp-includes/kses.php
wp-includes/links.php
wp-includes/pluggable-functions.php
wp-includes/registration-functions.php
wp-includes/template-functions-general.php
wp-includes/template-functions-links.php
wp-includes/vars.php
wp-includes/version.php
wp-login.php

Unfortunately I havent had time to look into the security issue itself and detail its effects / how it has been patched, the post by Matt details the changes pretty comprehensively. I have however created a diff/patch from 2.0.2 to 2.0.3 and checked it into my SVN repository:

http://svn.lobstertechnology.com/wordpress-patches/wordpress-2.0.2-2.0.3.patch

You can apply this patch from the top directory of your Wordpress installation using the ‘patch’ program from a UNIX shell.

patch -p1 < wordpress-2.0.2-2.0.3.patch

However I haven’t yet personally tested patching up to 2.0.3 yet, I would suggest taking a backup first.

Update: TI 7×21 FlashMedia/SD Host Controller (104C:8033 & 104C:8034)

Bit of an update, my previous post is now getting a significant amount of traffic; in fact it’s my hottest post yet!

Progress over at http://tifmxx.berlios.de/ – I downloaded the latest revision of this driver and it appears to be going through re-structuring, still not-functional I am afraid.

However, a month since contacting TI I received a response to my telephone-based support request by email.

From: support@ti.com

Hello Michael,

I am sorry TI doesn’t support software drivers for cardbus devices,
please see below for more details on this:

TI PC Card, Flash Media, IEEE 1394 and Smart Card Controller
Devices:

Texas Instruments (TI) I does not develop software drivers for
these multi-function controllers. Our devices are used in Personal
Computers and add-in cards from many manufacturers. These
manufacturers include drivers from Microsoft and, for certain
platforms, from the Linux community that enable the PC Card and 1394
functions in these TI devices. Texas Instruments does not provide
drivers for Windows, Linux or any other operating system.

If you are encountering difficulties with your PC or add-in card,
please contact the manufacturer for support. Texas Instruments does
not provide any support for these end products.

If you require drivers for Flash Media or Smart Card you need to
contact the PC manufacturer. TI does not provide drivers for atypical
system applications.

Additional information

To find the manufacturer of the card, use the FCC’s web page
http://www.fcc.gov/oet/fccid/ to search for the FCC ID number printed
on the bottom of the card. If it came preinstalled, please contact
the store where you purchased the computer.

Third-party vendors have developed Card &Socket Services driver
support for other operating systems. These vendors include Phoenix
Technologies/Award Software, and SystemSoft:

Microsoft
www.microsoft.com 800-426-9400

Award Software/Phoenix Technologies www.phoenix.com
800-677-7305

Systemsoft Corp.
www.systemsoft.com 800-796-0088

Softex, Inc.
www.softexinc.com 512-452-8836

Best Regards,
Sandeep.

TI assumes no liability for applications assistance or customer
product design. Customer is fully responsible for all design
decisions and engineering with regard to its products, including
decisions relating to application of TI products. By providing
technical information, TI does not intend to offer or provide
engineering services or advice concerning Customer’s design. If
Customer desires engineering services, the Customer should rely on
its retained employees and consultants and/or procure engineering
services from a licensed professional engineer (LPE).

***Please do not delete the below Thread ID when replying to this
email, doing so will delay our response to your inquiry***

[SR THREAD ID:1-3RGCWY]

Dear Michael Cutler

Thank you for choosing Texas Instruments Technical Support. Your
case 1-227511394 has been resolved. See the description below for
details.

Would like Linux driver for this card. I told him we didn’t supply
them and to contact PCMCIA, but he said that he knew somebody who had
managed to get these from TI

Regards,

X0045551

Texas Instruments

Semiconductor Technical Support

http://www-k.ext.ti.com/sc/technical_support/pic/americas.htm

If you have further questions please reply to this email.

TI assumes no liability for applications assistance or customer
product design. Customer is fully responsible for all design
decisions and engineering with regard to its products, including
decisions relating to application of TI products. By providing
technical information, TI does not intend to offer or provide
engineering services or advice concerning Customer’s design. If
Customer desires engineering services, the Customer should rely on
its retained employees and consultants and/or procure engineering
services from a licensed professional engineer (LPE).
***Please do not delete the below Thread ID when replying to this
email, doing so will delay our response to your inquiry***
[SR THREAD ID:1-3RGCWY]

And my response.

Dear Sandeep,

Thank you for taking the time to respond to my query. I appreciate that Texas Instruments (TI) does not tend to support end-users of your devices, especially with driver problems and believe me if it were that simple I would not be taking up your time today.

The reason I am contacting you is simple, I am trying to use my TI 7×20/7×21 Flash Media controller (PCI ID 104c:8033) within Linux. After a lot of research on the subject I discovered this page on the Everest Consultants Inc website. It suggests the Texas Instruments hired Everest to produce Linux Device Drivers for this particular chip; judging by the write up they have produced a well designed and much needed driver solution. I contacted Everest about obtaining this driver and they referred me to you.

http://www.everestinc.com/fml.htm

In the meantime I continued researching this on the internet and discovered an open source and “free” (as in freedom) effort to produce a driver for this device. Unfortunately it isn’t progressing particularly quickly because technical documentation on this chip is scarce.

http://tifmxx.berlios.de/

I also discovered another person who had managed to obtain a binary version of what are presumably the Everest-made drivers. It is also interesting to note that the ‘modinfo’ for the driver states it is under GPL (Gnu Public License) and as such, the source code should be available on demand.

http://www.webcon.ca/~imorgan/tifm21/

I have been recording my progress on my personal website. In the past seven days I have had 243 unique visitors who have searched for this device in relation to Linux and discovered my website and the record of my progress, a handful have contacted me directly about it.

There is a great demand for Linux support for this device, I would like to see either the Everest-made GPL driver source code made available or, extensive technical documentation – sufficient to allow open source developers to produce a driver – made available to the Open Source Community.

Yours Sincerely,


Michael Cutler . o O ( http://blog.lobstertechnology.com/ )
PGP: 0xC3ABA735

I will follow up by calling them again during mainstream office hours and see where I can get myself transferred to this time. :)

Using MEncoder to convert a DVD to DivX

More for my own benefit, but here goes...

This is an example of using MEncoder (Windows version) to convert a DVD to DivX. The original movie was widescreen and is being rescaled here to 720x408 to keep the 16:9 aspect ratio. The video bitrate I used was 1024kbit but you can tweak this as desired.

It may seem unusual for the first run to output to NUL ( /dev/null ) but actually the first run is writing information out to the file "divx2pass.log" and the second pass writes the movie out.

XML:
  1. mencoder -dvd-device D:\DVD\DVD_VIDEO dvd://1 -ovc lavc -lavcopts vcodec=mpeg4:vbitrate=1024:mbd=2:turbo:vpass=1 -oac mp3lame -lameopts vbr=3 -ffourcc DX50 -vf scale=720:408 -o NUL
  2. mencoder -dvd-device D:\DVD\DVD_VIDEO dvd://1 -ovc lavc -lavcopts vcodec=mpeg4:vbitrate=1024:mbd=2:turbo:vpass=2 -oac mp3lame -lameopts vbr=3 -ffourcc DX50 -vf scale=720:408 -o DVD_VIDEO.avi

Related Links
MPlayer (provides MEncoder) - http://www.mplayerhq.hu/homepage/
MEncoder Introduction Guide

MediaCodeSpeedEdit tool for DVD-Writers by ala42

Stumbled across this when trying to find out why my 16x DVD media wouldn't burn at anything higher than 4x.

Download your drive's latest firmware, feed it into MediaCodeSpeedEdit and you can edit the burn speeds for all media the drive can recognise.

Save the modified firmware and re-flash your drive with it. Pretty neat!

My only gripe is that the way you do it seems a little odd from the user-interface point of view. You select the media code of your blank discs by name, then double-click it to replace its burn speeds with the speeds of another media code. But hey..... it works!

Related Links

MediaCodeSpeedEdit - http://ala42.cdfreaks.com/MCSE/

Determine the number of open files in your program (C/C++)

The code below will display the number of files open by the running process. It does this by getting the maximum file descriptor number and then iterating through each possible fd trying to do an 'fstat' on it. If errno returns anything other than EBADF 'file descriptor is bad' it increments a count.

It is fairly portable, tested and working on Linux & Solaris.

C++:
  1. /*
  2. * ofiles.c - Displays the number of open files for its own process
  3. * Copyright (C) 2005 Michael Cutler <m@cotdp.com>
  4. *
  5. */
  6.  
  7. #include <stdio.h>
  8. #include <sys/time.h>
  9. #include <sys/resource.h>
  10. #include <sys/types.h>
  11. #include <sys/stat.h>
  12. #include <unistd.h>
  13. #include <errno.h>
  14.  
  15. extern int errno;
  16.  
  17. int main ( int argc, char** argv, char** env ) {
  18.  
  19.    int i = 0;
  20.    int fd_counter = 0;
  21.    int max_fd_number = 0;
  22.    struct stat   stats;
  23.    struct rlimit rlimits;
  24.  
  25.    max_fd_number = getdtablesize();
  26.  
  27.    getrlimit(RLIMIT_NOFILE, &rlimits);
  28.  
  29.    printf( "max_fd_number: %d\n", max_fd_number );
  30.    printf( "     rlim_cur: %d\n", rlimits.rlim_cur );
  31.    printf( "     rlim_max: %d\n", rlimits.rlim_max );
  32.  
  33.    for ( i = 0; i <= max_fd_number; i++ ) {
  34.       fstat(i, &stats);
  35.       if ( errno != EBADF ) {
  36.          fd_counter++;
  37.       }
  38.    }
  39.  
  40.    printf( "   open files: %d\n", fd_counter );
  41.  
  42.    return 0;
  43.  
  44. }

Example:

CODE:
  1. [mcutler@rasco ~]$ gcc -o ofiles ofiles.c
  2. [mcutler@rasco ~]$ ./ofiles
  3. max_fd_number: 1024
  4.      rlim_cur: 1024
  5.      rlim_max: 1024
  6.    open files: 3
  7. [mcutler@rasco ~]$

Time Synchronisation With Windows 2000 or XP

If you're running Windows 2000 or XP at home, it's very unlikley that you have a 'Primary Domain Controller' to give you the time of day. ;)

Windows 2000 & XP has a built in "Windows Time" service that is also compatible with public SNTP Time Servers, all you need to do is configure it.

I chose a local SNTP server from the list: http://support.microsoft.com/kb/262680

CODE:
  1. Microsoft Windows 2000 [Version 5.00.2195]
  2. (C) Copyright 1985-2000 Microsoft Corp.
  3.  
  4. C:\>net time /querysntp
  5. This computer is not currently configured to use a specific SNTP server.
  6.  
  7. The command completed successfully.
  8.  
  9.  
  10. C:\>net time /setsntp:ntp0.uk.uu.net
  11. The command completed successfully.
  12.  
  13.  
  14. C:\>net time /querysntp
  15. The current SNTP value is: ntp0.uk.uu.net
  16.  
  17. The command completed successfully.
  18.  
  19.  
  20. C:\>net stop w32time
  21. The Windows Time service is stopping.
  22. The Windows Time service was stopped successfully.
  23.  
  24.  
  25. C:\>net start w32time
  26. The Windows Time service is starting.
  27. The Windows Time service was started successfully.
  28.  
  29.  
  30. C:\>

Done! Immediately after the last line "net start w32time", I noticed my clock jumping forward a few minutes. You can see messages in the "Event Viewer" from W32Time, for example:

CODE:
  1. Event Type: Information
  2. Event Source:   w32time
  3. Event Category: None
  4. Event ID:   593
  5. Date:      26/07/2005
  6. Time:      11:40:05
  7. User:      N/A
  8. Computer:   LOCALHOST
  9. Description: Time service corrected the clock error by 220 seconds

Unicode? Character Sets? UTF-what?

I was inspired to add this note after recent frustrations about the complete ignorance of character sets in both Commercial & Open software...

I seriously recommend everyone reads the following, less ISO-blahblahblah and more UTF-8, no excuses!

The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)
http://www.joelonsoftware.com/articles/Unicode.html

SSL Certificates Rant…

It’s May; it’s coming to that time of the year where I have to update my SSL certificate again. As I did last year I had a good look round for an official SSL option. Since I only use it for accessing my own web-mail and a few other toys, I loath the thought of having to pay for it. Even the cheapest I find are still more than $100, which is absolutely ludicrous considering you have to renew it annually.

There may be hope yet though; Startcom.org began a project making themselves a free SSL Certification Authority. Provided you pass their verification tests they will issue you a SSL certificate endorsed by themselves free of charge. Unfortunately, they are not widely known enough to be taken seriously; they haven’t made it into the CA bundle of any major browsers yet.

Their project does look very promising though; they have already issued more than 3,000 server certificates and had more than 14,000 browsers install their CA certificate as a trusted Certification Authority.

My current solution is Do It Yourself SSL. I am my own Certification Authority, meaning I can issue my own server & client certificates. I do however get the annoying SSL nag-screen’s until I manually install my Lobstertech CA certificate into the browser I am using. For the moment this is all I need. I can sit comfortably reading my web-mail knowing its encrypted using 256-bit AES and it didn’t cost me a penny.

[to be continued]