<?
$dirName = "./files/";
$dir = opendir($dirName);
while ($fileName = readdir($dir))
{
  echo("$filename<br>");
}
?>

This simple example, other than not being pretty, has one obvious drawback – it will list the . and .. shortcut references to the working directory its parent directory. We can wrap the echo statement in an if statement so that it is only called when $fileName does not point to . or ..

<?
$dirName = "./files/";
$dir = opendir($dirName);
while ($fileName = readdir($dir))
{
  if ( ($fileName != ".") && ($fileName != "..") )
  {
    echo ("$filename");
  }
}
?>

Now lets have a little fun.  First, instead of listing the files as plain text, we will make them hyperlinks…

<?
$dirName = "./files/";
$dir = opendir($dirName);
while ($fileName = readdir($dir))
{
  if ( ($fileName != ".") && ($fileName != "..") )
  {
    echo ("<a href=\"$dirName/$filename\">$fileName<a/>&ltbr&gt");
  }
}
?>

Hyperlinks are nifty, but rollover image swaps are a lot more fun. Assuming we have two image files named img_icon_on.png and img_icon_off.png for the onMouseOver and onMouseOut events, we want our end-result links to look something like this:

<a
	href="somefile"
	onMouseOver = "document.img_icon.src='layout_images/nav_images/img_icon_on.png'"
	onMouseOut  = "document.img_icon.src='layout_images/nav_images/img_icon_off.png'">
<img
	src="layout_images/nav_images/img_icon_off.png"
	name="img_icon"
	border="0"
/></a>

The caveat here is that we need each img tag to have a unique value assigned to the name attribute, and we need our document.<resourcename>.src portions of the onMouseOver and onMouseOut event handlers to reflect the unique img name they correspond to. We can simply append the name attribute and the DOM element names with the name of the file the link will reference. Using str_replace() we can remove any . characters from the filename so that it won’t break the output HTML:

<?
$dirName = "./files/";
$dir = opendir($dirName);
while ($fileName = readdir($dir))
{
	if (($fileName != ".") && ($fileName != ".."))
	{
		$cleanFileName = str_replace(".","",$fileName);
		echo ("
			<a
				href=\"$dirName/$fileName\"
				onMouseOver = \"document.img_icon_$cleanFileName.src='layout_images/nav_images/img_icon_on.png'\"
				onMouseOut  = \"document.img_icon_$cleanFileName.src='layout_images/nav_images/img_icon_off.png'\"
			\">
			<img
				src=\"layout_images/nav_images/img_icon_off.png\"
				name=\"img_icon_$cleanFileName\"
				border=\"0\"
			/></a>
		");
	}
}
closedir($dir);
?>

Check out the new Filth.FM Android app!

I’ve launched a new app under a company I co-operate, Skematic Design. It provides the ability to stream media from the internet radio station filth.fm They play electronic music, particularly dubstep, drum and base, and grime, so if you’re into that you’ll be in heaven.

To implement the app, I had to use the Android MediaPlayer class, actually extending it into a new class in order to manage the player’s state more easily. I also implemented a Service sub-class to provide background playback, etc. I will be adding some articles about how to do that soon. Meanwhile, check out the app at https://market.android.com/details?id=fm.filth.android.

Carrier IQ was one such vulnerability in which a rootkit, installed into many Android devices by manufacturers and carriers, is able to record keystrokes, passwords, text messages, browser history, and so forth. WTF?! Controversy and legal battle surrounded the discovery, leading to the involvement of the EFF and other such agencies.

Another, somewhat more recent issue with privacy related to Android was the discovery of HTC’s HTCLogger.apk by androidpolice.com. In this case, the good ole privacy-protection minded folks at HTC went above and beyond the call of duty to protect their customers’ data by logging bookoos of it in plain text, where it is accessible by any application using the very very common android.permission.INTERNET permission. Thanks guys!

Let’s make it clear though. Neither of these risque behaviors is committed by the actual Android system, nor are they exploits of technical flaws – the device manufacturers and carriers pushing those devices are the culprits to these invasive, and outright stupid, leaks of data, as they are intentionally putting this slaw dog garbage into their customized versions of the open-source Android platform. That’s why I was surprised by the somewhat slanted portrayal of these issues in an article on wired.com that paraphrases the androidpolice.com article. After correctly rewriting the findings of Trevor E. et al on Android Police in an effective less-informative manner, the Wired.com article goes on to say

Out of all the currently available mobile operating systems, security issues and exploits plague Android the most by far. Because applications submitted to the Android Market are not vetted by Google in advance, malware and insecure applications have a far greater chance of slipping in undetected. In August, McAfee released a report citing Android as the “most attacked operating system,” with Android mobile malware attacks jumping 76 percent in a three month period. In May, the popular Skype app for Android was also discovered to contain a security vulnerability, which could allow malicious apps access to personal data.

But as Android Police says, the Skype loophole pales in comparison to HTC’s security issues. Whereas Apple could deploy a quick fix just a week after its GPS-gate affair (which was little more than location data being cached in the iPhone and not being encrypted during backups), Android OS updates are notoriously slow to roll out. Because the carrier takes care of the updates, it can be months before they are pushed to customers, if at all.

It should be made clear (yet again) that this issue with HTC logging data and personal information is something introduced intentionally by HTC into their models, so there really is no reason that HTC and the carriers pushing the affected model would have a hard time pushing updates to remove it – they just have to do it.

Updates to Android which are “slow to roll out” are those made to the base, vanilla Android system by Google’s developers. They are slow to roll out because manufacturers/carriers have to take the updated base system, integrate their custom changes back into it, fix, test, modify, etc., and finally release to market. Aside from the costs and efforts required to do that, many carriers are commercially inclined to hold back major updates from existing devices, so that newly released devices can offer the newer platform exclusively, creating an artificial need for users to pay to upgrade to new phones. K thanks. There’s nothing inherent to Android’s design or architecture that makes updates slow; it’s the business models of the adopting manufacturers and carriers.

Android, being an open platform all the way down to system source code, introduces some interesting trade-offs.. the rate of market penetration suggests that there is a rapidly growing community contributing to the platform in some way duh, and the openness allows lots of uninhibited experimental and bleeding-edge development to reach the market, providing new tools and technologies to users at a fascinating rate.. just look at the number of carriers and manufacturers providing custom flavors of the platform with various enhancements, and look at the endless count of useful, creative, nifty and inspiring applications freely available for Android.

It’s great for geeks like me who want to experiment, test, bend, break and make, but it does put more burden on the end-consumer to be  savvy and aware of the complexities within the system. Of course, the lack of restriction and review can sometimes amount to security vulnerabilities and risks for the end user, living within both applications and the platform they run in. It also puts burden on carriers and manufacturers to be aware of which  issues affect their customized flavors and which do not, and to roll out the updates for those that do.

Android’s open source model is quite different than Apple’s proprietary, centrally controlled approach, and each has their set of advantages and drawbacks, to both the manufacturers and carriers, to developers,  and to the end users. And, maybe Apple can get core-system updates (no pun intended on core) out to the user faster than Android is able to. But to blame the Android platform for HTC’s slow release of critical fixes to problems they intentionally introduce is misinformed.

One thing anyone can do is root and flash their device with Cyanogen mod or any other custom Android system image. Many of the more popular custom roms are well tested, open-sourced, and thanks to the communities around them, have updates ready for many devices before phone manufacturers and carriers even begin.

]]> http://www.speakingcode.com/2012/01/25/android-open-source-or-open-season/feed/ 0 http://www.speakingcode.com/2012/01/20/megaupload-com-taken-down-for-piracy-anonymous-retaliates-with-ddos-attacks/ http://www.speakingcode.com/2012/01/20/megaupload-com-taken-down-for-piracy-anonymous-retaliates-with-ddos-attacks/#comments Fri, 20 Jan 2012 21:50:05 +0000 rootlicker http://www.speakingcode.com/?p=209

MEGAUPLOAD – unlimited access no longer available

Megaupload.com was shutdown, and founder Kim Dotcom was arrested along with three employees. U.S. officials claim that last year Kim Dotcom earned $42 million, while costing copyright holders  $500,000,000 (yeah, 500 MILLION dollars). I’m not supporting infringement or stealing, but the last time I checked, movie stars and the agencies behind them don’t look to be hurting for cash – duplicating isn’t stealing, it’s duplicating..

The EFF and others have raised serious concerns because U.S. Authorities have arrested a Dutch citizen living in New Zealand for violating U.S. copyright infringement laws. U.S. officials claim that some of the copyrighted material was hosted on servers in Virginia, which is grounds, they say, to justify the arrests. Despite rejections from their legal team, Kim Dotcom and the employees of Megaupload.com have allowed press to photograph and tape them, stating they have nothing to hide.

The news was followed up almost immediately by a massive Distributed Denial of Service attack on websites of the U.S. Department of Justice, the FBI, the MPAA, the RIAA, and Universal Music. The Anonymous collective is taking claim for the attack, which is already being called one of the largest to date. At the time of this writing, all but the Universal Music site are no longer down, and I was unable to grab screen shots of the other sites in time.

What makes this attack particularly fascinating is that it is being distributed via web-pages as a client-side browser-based attack. By loading the page, anyone can participate in the attack, even without knowing, contributing their bandwidth and resources to flooding the target with endless bad requests. Too many of these requests will overload the server, rendering it unable to respond to valid requests from legitimate users. In addition, the attack uses a hive-mind approach, allowing coordinators to specify the target that the arsenal of attackers collectively focuses on.

Question their morals. Question their skills. Question their tactics. But you can't question their style!

A recent post on behalf of Anonymous, in response to the SOPA/PIPA blackout protests, contains a list of concrete civil demands, largely related to copyright and patent law, and citing many particular institutions, bills, and practices.

“As we watch the web go dark today in protest against the SOPA/PIPA censorship bills, let’s take a moment and reflect on why this fight is so important. We may have learned that free speech is what makes America great, or instinctively resist attempts at silencing our voices. But these are abstract principles, divorced from the real world and our daily lives.”

We all have our opinions of Anonymous and the notorious infosec tactics they use to draw attention to their cause; regardless of the ethical and moral view points on their actions, it’s worth evaluating this list and pondering the implications in their own light.

Anonymous’ list contains several strong points. While many may see them as “radical”, most of Western history’s (and beyond) forward-thinking minds, who shaped the modern ideas of freedom we now celebrate, were considered radical and outrageous in their time. Martin Luther, Thomas Jefferson, Ben Franklin, Thomas Payne, Copernicus, Leonardo da Vinci, Pythagoras…

Protecting rights-holders is important, but there is a lack of much needed balance in our modern society’s implementations of such protection. As Anonymous points out, most of the media giants, who not surprisingly support legislation like SOPA and PIPA and so forth, steadily rake in the profits of a multi-billion dollar industry. While some lucky artists and marketable personalities benefit from the profits, most artists, particularly the independent ones, do not. This was a huge issue back in the Napster days, where many artists found that the Internet and distributed file sharing (like P2P) enabled them to reach new audiences never before possible – not only because “the word” spread faster, but also because it did not require them to have access to expensive publishing equipment and physical distribution channels, or large amounts of bandwidth and powerful servers, to massively deliver their content to anyone in world.

Another point Anonymous makes is that charges for infringement are, quite frankly, ridiculous. If one downloads 10 cd’s worth of music illegally, perhaps he did something unethical, and perhaps it deserves punishment. But should that punishment, at the very most, exceed the initial cost of the 10 cd’s one downloaded without purchase? Absolutely not. It didn’t truly cost the artist anything, because in all honesty, the purchase never would have happened, even if the content was not illegally made freely available. The current laws do not consider that without having a means to acquire it for free, most people would just go without. Cases of college students and young kids being sued for hundreds of thousands of dollars or imprisoned or expelled for downloading or sharing bits over the wire is absurd. If one deletes the material obtained, he should not be held financially liable. If one wants to keep the material, he should not have to pay more than it’s face value. By today’s laws, one is given neither choice. Now, you might say that doesn’t seem reasonable, because someone could download the material, transfer it to another storage, and then delete it from the computer or device on which the material was found by authorities, making the claim that it was removed while still keeping it secretly elsewhere – in my opinion, this ease of duplication demonstrates how obsolete the current ownership model is. Perhaps people distributing material should be charging media companies for the marketing and promotional service being provided!!

This leads right into another important argument raised by Anonymous – that our notion of ownership is fundamentally erroneous and incompatible with the digital age. When European settlers first arrived in America, the natives willingly (and perhaps even a bit deviously) traded large portions of land for cheap commodities like clothing, jewelry, guns, and liquor. The concept of owning land was preposterous in their eyes. Fast forward to today, where man claims ownership of land, water, air space, air waves, frequency bands, mathematical formula, technical processes, chemical compounds, species, coded functions, phrases, images, names, ideas… it’s hard to make anything without somehow infringing copyright or patent ownership in some way. The space of ownership has become too crowded. Just look at .com domain names. Our civil legal system is bogged down and tied up with thousands upon thousands of endless patent violation and copyright infringement cases. Competition has ceased to imply striving for better quality and innovation, being better at marketing and selling, or building brand loyalty; instead competition means courtroom battles and patent warfare, as has recently plagued the mobile phone industry.

When you start to investigate these issues and form a high-level picture, it becomes clear that in any given market, the majority of patents or copyrights related to that market, and the lawsuits and enforcement around them, fall into the hands of a few massive, very profitable companies, such as media ownership and the “big 5″ media giants: Disney, AOL-TimeWarner, Viacomm, Bertelsmann, and News Corp. So who is really being protected? Without going too far off on a tangent, it’s worth mentioning that the reach, influence, power and practices of said companies is nothing short of scary. Their desire to control and dictate what information (including artistic media) is spread and how it is spread, and who profits from it is, without question, out of line.

Being myself an artist, my own opinion is that the worth of any artistic expression is beyond and outside the scope of dollar value. Saying my music or my writing or my image or my creative anything is worth X amount of money is an insult – it’s worth something that all the money in the world does not amount to. Digital formats can be shared without a physical medium that has costs. The cost comes in bandwidth and electrical usage, which is incurred by the ISP and electrical companies, and paid for by the subscriber.

That’s not to say artists don’t deserve compensation for their hard work and their ability to bring value to peoples lives through their art – but there are other ways to do so, and many successful independent artists make a living off those alternative means – merchandising, tickets for events, donations and pay-what-you-can downloads, scaled pricing & allowing purchase of individual songs, subscription-based services, short-run collectibles, memorabilia, and so on and so forth.. . The days of needing a nation-wide publisher and physical distribution network with chains of retailers are over… businesses of all kinds have to embrace the change and find new models to do business effectively and fairly, without demanding ownership of everything short of the sun.

Unfortunately the laws and rules are often set by the people least qualified to make them. People with expertise go into their own fields, and many make an effort to dissociate from politics all together. Perhaps our model of representative democracy, focused around typically otherwise useless bureaucrats having exclusive meetings and fundraising dinners, while lobbyists representing private interests hang around making donations to campaign finance, is simply a model that doesn’t work for the public interest. Perhaps all of these issues hint at a broader issue beyond media copyrights and software patents. Perhaps the business model of multimedia giants is not the only thing obsolete and due for change…

Is it possible to run a fair democratic government in which subject matter experts have the stronger voice of influence and politicians do not? Would Americans ever embrace, or even accept, a true governmental reform? History asserts that it’s very possible, but people have to desensitize themselves from fear-inspiring, hype-pushing, nonsense buzz-word jargon that is forced down through the mass media channels in an effort to silence the cries of outrage; we all have to be open minded and willing to accept the challenge of re-visioning our system. It is ridiculous that non-violent activists are arrested as trespassers and public menaces, or detained indefinitely without due process, labeled as “terrorists”, when they gather to make peaceful demonstrations or use unconventional, but non-violent, tactics to expose the issues and flaws. We have to stop judging or criticizing activists in terms of the legality of their action, and instead look at the moral and ethical viewpoint independently from the notions of law, because the laws are the very thing being drawn into question. I’m not advocating doing anything unethical or harmful, but remember that during the civil rights movement, unjust laws were broken in an effort to point out their fundamental injustice, from sitting in the front of the bus, to sitting in public restaurants, libraries, and schools, from using public water fountains, to lining up at voting booths. All of those acts were illegal and most prolific civil rights leaders were arrested numerous times for breaking those kinds of laws.. Yet, there is no moral or ethical fault in their “criminal” actions.

Our founding fathers themselves outspokenly believed that a good government is one which is routinely reformed and modified to meet the changes of society, and even expected revolutions to occur periodically. This doesn’t mean violence or chaos, it simply means civil demand for change – so much demand that it amounts to something.
The past couple of generations in the United States are, in comparison to those before, politically quite complacent, but it does seem that momentum is starting to grow among the the uniting populace. Whatever happens, it will be interesting to see the dynamic between the public, the government, and the particular corporations that exhibit strong influence in the political, legal, economic and social spectrum.

Craigslist.org is among the ranks of anti-SOPA and anti-PIPA protestors

The list just keeps on growing, as what now seems to be the general consensus comes to light – SOPA and PIPA are unacceptable, and the citizens of the U.S. and the Internet will not tolerate legislation which impedes the free flow of information. Connecting and sharing, the foundation of the Internet, is a basic human construct which cannot be stopped. Craigslist has blacked-out their home page in the joint effort to raise awareness and rally its users in the protest against these bills. I hope that people are taking a few moments to sign the petitions, write and call their representatives & senators, and spreading the word to others.

Mozilla.org blacked-out against SOPA and PIPA

Among many other big Internet companies, Mozilla has joined the fight against SOPA, PIPA and blacklist legislation by blacking out their site, showing users information about the dangers of these bills and how to help fight them. Wikipedia, Google, Reddit, the EFF and others are participating in similar black-outs to raise awareness. The Internet is a collective community, and has incredible influence when united on a common ground.

Wikipedia pages still load normally, but at the instant they finish loading, an overlay wipes out the material, displaying the message in protest to SOPA. This is done using JavaScript code which alters the pages’ DOM, removing all nodes for the content. To prevent the black-out overlay, simply press your browser’s stop button or hit the escape key at the moment the normal content loads, just before the overlay appears. If you’re timing is off, refresh the page and try again. You’ll have to do this “hack” for each page you look at.

Thanks to B.C. and A.G. for their discovery and insight to this important vulnerability :-p

(Edit) You can also disable JavaScript  to browse freely in Wikipedia during the black-out. Thanks ernest

Reddit.com Blacked-out and raising awareness of SOPA, PIPA, and ACTA

Reddit.com has joined Google, Wikipedia, and many others in blacking-out their site in protest of blacklist-legislation like SOPA, PIPA, and ACTA.  Speaking Code  strongly objects to any legislation that empowers anyone or anything to restrict the flow of information on the Internet or elsewhere. We cannot allow our government or any other to set a precedent of censorship and control of information dissemination. These bills provide a framework which will undoubtedly be leveraged for subduing free speech on the Internet in the future. Our hats go off to all of the big players willing to sacrifice a day of business in effort to raise awareness and speak out against the madness!

Google blacks out in the fight against SOPA/PIPA

Google has blacked-out their logo on the google.com homepage, showing only a black bar linking to an online petition against the outlandish legislature, which would subject the Internet to U.S. censorship and control. I’m actively against Internet regulation of any kind – there are better ways to fight piracy, that don’t require censorship, fascism, and imposing limitations on freedom. As a computer scientist, I belief that this sort of policy hinders innovation and openness, while also creating a huge burden of technological overhead. As an artist who creates music, writings, multimedia, code and so forth, I think the concept of intellectual property is pretty dumb; the notion of restricting the reach of my creative output – expressions of my point of view – be it for monetary reasons or otherwise, is beyond selfish, self-centered, and plainly stupid. What’s sad, though, is that these bills do little to actually stop piracy. Often enough, our legislation demonstrates a lack of technological understanding, and the SOPA/PIPA bills are no exception.

Kudos to Google, Wikipedia, Reddit, and the many other companies and individuals for being outspoken against the Stop Online Piracy Act and Protect Intellectual Property Act.