Governments are also an ISP for their various agencies. What happens to them (us – I work in government) when there are violations from an employee or student running a torrent client? If they want to do something to protect the Internet, hold ISP’s responsible for not dealing with infected systems on their networks. This would help stop phishing and additional malware propagation. For the holders of copyrights to movies and music, it is time to reconsider your business model. The music industry already went through this when audio recordings came about, which rendered the royalties for sheet music sales as a pretty much worthless scheme. If the same can be said of today’s model in regard to movies and music then fix it, but don’t break the Internet while you’re doing it. When it costs almost $15 to go to a movie and $100 or more to see a concert and we see the celebrities living a lifestyle of Champaign and caviar, not too many people care about the $0.25 the artist did not get for the hit single they obtained from the Internet. My personal opinion of these bills is that we are going back in time; not moving forward. It is basically giving copyright holders and the government a means to carry out online book and record burnings.
While viewing the main page of my Zenphoto installation, I saw an image displayed from one of my sub-albums and right clicked on it to get the image url so I could go straight to the image not the sub-album. When I pasted the url into the address bar, it displayed the thumbnail sized image from the /cache/albumname/…thumb.jpg. So I cleared the url to only have http://mysite.com/cache/ and Apache showed my directory listing. So then I checked to see if I could view the cache for password protected albums and I could. Not good as I have some medical shots in one of my password protected albums. As I type this, I am remembering that Apache should be able to prevent directory listings. So I created a .htaccess file in the cache directory with one line in it `Options -Indexes` and this prevented access to the directory indexes, but I can still copy a url from a displayed thumb and get the thumbnail image, but since my albums are password protected no visitors should be able to see a thumbnail from the password protected albums until they provide the album password. So I don’t see it as a big risk.
Due to many zenphoto sites being listed when I run this Google search to find zenphoto caches.
zenphoto inurl:cache "index of" _w _h
I still think it is worthwhile to share this information.
While this search returns the links to a zenphoto cache, most any result can be changed to view the album and get the index from it. For example: if Google comes back with http://somesite/cache/ results, in some cases, you can take the url and change “cache” to “albums” like this http://somesite/albums/ and get an index of the site albums as well.
I am running Zenphoto version 1.4.1.6 [8326] (Official Build) and trying to change from cache to albums takes me to the default page of my zenphoto site. Sadly, I also came across one defaced zenphoto site while searching.
The domain name associated with this one is HOWCANIDOIT.INFO which has the following registration information.
Domain ID:D35279805-LRMS
Domain Name:HOWCANIDOIT.INFO
Created On:03-Nov-2010 14:14:17 UTC
Last Updated On:31-May-2011 16:50:38 UTC
Expiration Date:03-Nov-2012 14:14:17 UTC
Sponsoring Registrar:GoDaddy.com Inc. (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:CR66112680
Registrant Name:Britt Phillips
Registrant Organization:Worldwide Ad Network, Inc
Registrant Street1:14241 Midlothian Turnpike
Registrant Street2:#106
Registrant Street3:
Registrant City:Midlothian
Registrant State/Province:Virginia
Registrant Postal Code:23113
Registrant Country:US
Registrant Phone:+1.8048972274
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:
Admin ID:CR66112682
Admin Name:Britt Phillips
Admin Organization:Worldwide Ad Network, Inc
Admin Street1:14241 Midlothian Turnpike
Admin Street2:#106
Admin Street3:
Admin City:Midlothian
Admin State/Province:Virginia
Admin Postal Code:23113
Admin Country:US
Admin Phone:+1.8048972274
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:
Name Server:NS53.DOMAINCONTROL.COM
Name Server:NS54.DOMAINCONTROL.COM
The message states that for $180 you can blah blah blah…. Here listen for yourself….from_8048583156_2012-1-13 The website referenced when you go to HOWCANIDOIT.INFO is a redirect to http://members.audiogenerator.com/postcard/?7124637X1166 which has a photo of some scammer, Britt Phillips, holding some cash that references computermillions.com. The phone number belongs to ymax communications/Vocaltec, the folks who offer magic jack and other VOIP services. I will file an abuse complaint with them in addition to the Do Not Call folks, but doubt it helps.
Another telemarketer to block with the Ooma personal block list. Here is the message left by this one from_7167950616_2012-1-12. I am on the do not call list for what it is worth. What gripes me the most is the money making scam they are promoting is using the same robocall technology to make your own $50K/month. Get a life and quit calling me people!
One of my popular posts continues to be the problems I have experienced with my power door locks on my 2004 Pontiac Vibe I purchased from hertz car sales in 2006. As the car has aged, more electrical issues show up that are just plain annoying. The latest two, in addition to the power door locks, are the heater blower motor not spinning up without banging under the dash and the servo actuator for the damper for fresh or recirculating air. The damper would go over to fresh air and just start clicking every second. Some Google searches turned up the problem as a missing tooth on one of the gears in the actuator with a possible solution of rotating the gear 180 degrees. So today I decided to tackle these three issues and ultimately had success. For the actuator, I give fair warning. It is a pain in the butt to get to without taking out the dash. The bolt head size of the screws are 7/32" and even the smallest ratchet will have trouble getting to the screws. I went to O'Reilly Auto Parts and picked up a Ford distributor tool which is a 7/32" socket with knob for turning it. This worked for the lower screw, but not for the top one. I ended up having a ratchet wrench that I was able to use with a socket and finger turning attachment. I bought a SAE and Metric set of these thumb turning sockets from Big Lots sometime ago and never really used them, but they saved the day on this screw. Once the actuator is out, there is a clam shell plastic cover to open. I tried to pay attention to the position of the large gear with the missing tooth as it needed to be rotated so the missing tooth is on the backside. When re-assembling the actuator, I tried to match the position of the damper interface to the same angle and used a stick to push the damper to the recirculate position when putting the actuator back in place as that was the position the damper was in when the actuator was pulled. Putting the screws back in was just as much of a pain as taking them out. If you have a mechanically inclined skinny teenager around who is also a lefty, it might be worth some pizza for their hands to take out the actuator and put it back.
On the heater blower motor, there is a little metal box with three mounting screws that needs to be unmounted to get to the motor mounting bolts. I also had to remove some plastic trim anchors to allow a little black plastic flap to move away from the bracket holding the little metal box. Then there were three screws to take out in order to drop the fan motor. These are also 7/32" and a small ratchet should work. It did for me. Once I had it out, I used some CRC electrical cleaner and degreaser after removing some black fabric cover from some slots on the side of the motor. I sprayed some pretty significant amounts of cleaner into the motor. The resulting fluid that drained back out was a nasty black carbon color. I kept spraying the cleaner and draining the motor until it was draining pretty clear. I also removed some tape over the axle and tried to get some Tri-Flo into it. One note, the cleaner started making the rubber gasket around the blower mounts seem a little too flexible so I took off the gasket and washed it before reinstalling it on the blower mount and reinstalling the blower motor. My guess is it is possible to remove the tape and spray some cleaner into it, but have some rags below the motor to catch the run off. I would also give the cleaner a chance to evaporate before powering up the fan. Once I was done with these two fixes, I decided to go for a final fix on the passenger door power lock that has not worked in over two years.
Check out my previous post for the tear down and reinstall. What I did this time was to get the actual latch/lock mechanism that has the little motor with a worm gear open and clean some electrical contacts and tighten the contacts to the little motor. Taking apart this clam shell is not for the faint of heart. There is a black plastic piece that fits around one corner that has to be removed first. Then there are three Phillips head screws that need to come off. Once the screws were out, I was able to able to eventually slide the metal latch portion off which makes getting into the clam shell easier, but not easy. The direction to slide the metal portion is away from the side that has a blue mark on one of aligning pins. At this point, I started unlatching the little clips all the way around the clam shell. There are three main portions to the inside of the latching and locking mechanism. One is the lock interface to the door key, another is the latch release that interfaces with the outside door handle and the last is the cable connections to the inside door handle and lock toggle. There are two electrical contacts on the plastic internal pieces next two the key lock interface. It is my guess that the these contacts get dirty and are part of the problem with the power door lock mechanism. So I used the electrical contact cleaner to make sure there was no grease on either the embedded silver contacts in the black clam shell or the copper protruding metal contacts from the white plastic pieces. The other electrical contacts are from the claim shell into the electric motor with worm gear. There was a chance the spring memory of the contacts in the motor may have been spread out too far, so I pressed them closer in before trying to reassemble the clam shell. This is where my trouble started. I did not note where the two metal pieces that interface with the latch and lock were in relation to the plastic piece that interfaces with the gear turned by the worm gear and the locking interface. Turns out that it is pretty easy to figure out as one metal piece has a hinge to the black plastic while the other metal piece floats above the black plastic. What this means is, the one next to the black plastic goes on the bottom of this key plastic interface and the other on top. Then the hardest part is getting all of the gear axles and a persnickety spring that provides the locking feel when the inside door lock toggle is moved manually. It will fall out of place pretty easy so I put some thick grease on it to try and hold it in place while reassembling the clam shell. Once the latch and locking mechanism was reinstalled I was pleasantly surprised to see it work. Based on past efforts this could last a day, a week, or a year.
I will admit that at one point I thought I was going to have to order the lock/latch mechanism from the dealer ($205) or start hitting the self service junk yards to find one. But bringing the clam shell and parts inside to the kitchen table and looking it over, it only took about an hour to get it back together. All in all, the three projects took about six hours to complete including the trip to the auto parts store.
After several months of seeing my personal web server's error log fill up with php deprecated errors due to the php commands used by the gallery software, I started looking for a replacement for yappa-ng, which I have been using for several years. The deprecated errors stem from the php commands used in the code being old and unsupported in the next version of php. I checked with Fritz Berger the developer for yappa-ng to see if there was going to be a new version to fix it and his response was not by him. So the tryouts for a replacement started with one requirement, it had be almost as easy to create new photo album as it was with yappa-ng and the server would act as a backup to my full size images. To create a new album in yappa-ng, I simply copied a folder of images to the server and used an administrative interface to recognize the new folder. Yappa-ng did this without the use of a backend database like MySQL. My search quickly found that photo gallery applications that work without a backend database are few and far between. The one that came up regularly in my search was ZENphoto (ZP). The ZP tagline is "simpler web gallery management". While ZP does require a backend database, I can add a new album by copying the folder like I did with yappa-ng and I don't have to use an administrative interface to make the album show up in the gallery. It recognizes the new album automatically and I can leave it at that point unless I want to password protect the album or adjust some other settings available for the album. So technically, ZP is easier than yappa-ng other than having to set up a database.
Installing ZP was fairly straightforward using the set up scripts provided. Where I ran into some issues was the database set up and some other errors the script reported. Each of the problems were fairly easy to fix with some google searches and looking at the very thorough FAQ on the ZP site. Since my web server is self hosted, I have to think that using a hosting provider might have helped avoid a couple of the problems I encountered. After installation, the gallery came up and I moved my albums folder into place with a symbolic link and set permissions on all of the directories and files at 0755 with the owner and group set to the appropriate web application user. From there it was basically tweaking the settings and adding password protection to albums that had a password in old yappa-ng gallery. The administrative interface is pretty simple to use, but there are a ton of settings under the options menu along with additional options to consider under plugins and themes. The theme I have settled on is zpmasonry. It has a front page slide show feature that can rotate images from several albums based on recent updates, popularity or rating. The zpmasonry slide show needs the jcarousel plugin activated to work. So, if you don't see the rotating slide show once activated, look for the plugin and make sure it is enabled/activated.
At this point, I think I am fairly committed to ZP for the ease of use around new album creation and aesthetics, but I have to mention some issues with one relating to security. First, my ZP site is my photography archive. I copy all my images over to the server and at this point I am getting close to 60,000 files. Given that ZP needs to process the full size images down to smaller renditions, I needed to allow some time for ZP to create the smaller web-cache images. And 60,000 images takes sometime as well as cpu cycles. On the security issue, ZP relies on the tiny_mce plugin that includes an ajax file manager. Sadly, the ajax file manager had a vulnerability that allowed anyone to execute commands against the server that could create or change files. Sites running ZP with this plugin were easy to find using a google dork and once the evil haxors had the information the compromise of many ZP sites was underway. My site timbrown.us was compromised as well, but they broke it to the point where site visitors were returned a server error code 500 preventing any of the malicious links inserted into the php files from redirecting them to malicious sites. Right now there many sites that have been taken down or are reported by google as sources of malware. My recovery of the site was to install the latest release that is not vulnerable into a new directory and drop the zp_administrators table so I could be sure the passwords were reset for my installation. I don't think the compromise touched the database at this point, but I need to do some queries to make sure.
Bottom line: If you are looking for a php based photo gallery that is easy to use and manage, give ZENphoto a try. The developers have worked hard to get it where it is today and their continued support of the users that suffered recent compromises shows their dedication to the project.
The day started out with dropping Debby off and photographing her starting a 62 mile charity ride, the Tour de Femme at Cycling Spoken Here; then it was off to Garner to
shoot a standard high school senior drape portrait, then back to shoot Debby at the finish. Then the evening shoot was the first reunion of the NCSU Marching Cadet Fraternity (MCF). The MCF was a Pershing Rifle Drill team formed in the early 1960's by some NCSU students and the organization continued until the mid-1990's. The reunion featured several of the original brothers and many brothers (which includes some ladies BTW) from the 30+ years of the MCF. This butterfly happened to catch me with my camera at the ready on the way in to shoot the senior portrait.
Here is my current blocked caller list for robocallers and that sort of thing. I am on the Do not Call Registry (www.donotcall.gov) and stil get several calls a week. Some people believe their number will expire from registry once you have registered, but according to this FAQ, that is not the case. Once registered, always registered. The sad part of all of this is the most recent rash of callers have been for the make cash from home that tell you that you will make thousands by setting up your own robocaller for cold calls that solicit more people for the pyramid scheme. With Ooma, I have this list and community blocked caller list set to return a "number disconnected" message. I just noticed one of the numbers looks like a Visa card with a CVV code for the caller ID information. That is now shown as #. I guess that could be sweet revenge if it was the robocaller's card information.
| Number | Caller Name | Category | |
|---|---|---|---|
| (402) 718-8885 | Bellevue NE | Robocaller | |
| (702) 944-1367 | Las Vegas NV | Other | |
| (407) 429-2267 | COA NETWORK | Robocaller | |
| (239) 260-1133 | Veteren Benefits | Other | |
| (704) 542-9359 | police protecti | Telemarketer | |
| (813) 416-7751 | TAMPA FL | Other | |
| (516) 453-5658 | TAX RELIEF NEWS | Telemarketer | |
| (216) 282-0010 | IMPORTANT | Other | |
| (239) 325-9715 | Anonymous | Other | |
| (406) 219-2301 | “ | Robocaller | |
| (512) 568-3591 | WORLD OF TENNIS | Robocaller | |
| (802) 321-1223 | ALBANY VT | Robocaller | |
| (661) 846-0715 | Bakersfield CA | Robocaller | |
| (321) 800-9999 | V##############CVV | Robocaller | |
| (615) 777-0988 | COA NETWORK | Robocaller | |
| (727) 674-9999 | CLEARWATER FL | Telemarketer | |
| (734) 542-7758 | MARKET STRATEGI | Telemarketer | |
| (702) 851-1360 | NEVADA STATE CO | Telemarketer | |
| (317) 755-4066 | Indianapolis IN | Telemarketer | |
| (919) 645-0523 | MANLEY1 INC. | Telemarketer | |
| (312) 377-9822 | COA NETWORK | Robocaller | |
| (802) 949-8989 | Unk | Telemarketer | |
| (925) 524-3099 | Unk | Telemarketer | |
| (731) 256-3580 | Unk | Telemarketer | |
| (316) 789-1356 | Unk | Telemarketer | |
| (901) 248-7430 | Unk | Telemarketer | |
| (207) 493-2624 | Unk | Telemarketer | |
| (603) 214-3671 | Unk | Telemarketer | |
| (602) 944-0575 | Work From Home | Telemarketer | |
| (269) 978-1229 | SAFE SOLUTIONS | Telemarketer | |
| (216) 769-3438 | Cleveland OH | Telemarketer | |
| (866) 733-5334 | 800 Service | Telemarketer | |
| (800) 715-4672 | 800 Service | Robocaller | |
| (852) 000-9875 | Name Unavailabl | Telemarketer | |
| (703) 398-0795 | Woodbridge VA | Political Organization | |
| (603) 214-9001 | Service Call | Telemarketer | |
| (612) 808-5628 | HOMEYTEL | Robocaller | |
| (321) 273-0812 | BK AGENCIE | Telemarketer | |
| (435) 238-7786 | Merchant Services | Telemarketer | |
| (206) 339-8453 | WebWiz LLC | Telemarketer | |
| (404) 448-3286 | Atlanta GA | Telemarketer | |
| (206) 338-7584 | Seattle WA | Telemarketer | |
| (773) 966-1039 | BIZCAPITAL | Robocaller | |
| (702) 851-5491 | unused | Robocaller | |
| (805) 880-5102 | Santa Barbar CA | Telemarketer | |
| (206) 984-2424 | Seattle WA | Robocaller | |
| (703) 436-1288 | LORTON VA | Political Organization | |
| (405) 416-1899 | OKLAHOMA | Telemarketer | |
| (208) 376-5080 | ALL AMERICAN PU | Telemarketer | |
| (701) 217-1003 | CREDIT SERVICES | Robocaller | |
| (877) 815-2680 | Virgil www.easycashflowmachine.com | Robocaller | |
| (702) 347-6058 | LAS VEGAS NV | Telemarketer | |
| (702) 946-9496 | Las Vegas NV | Telemarketer | |
| (206) 350-7056 | UNASSIGNED | Robocaller |
Thanks to a combination of the alignment of the stars and some timely contact with Gary Stone at Paddleboard Specialists, Chad Baird at Epic Marketing, and Todd Masinter at Triangle Glides; I picked up a used Naish Glide 12' standup paddleboard from Todd at Triangle Glides. I also had some telephone time with local SUP racer Kevin V. While my wallet and board storage limitations kept me to a 12' board, it's probably for the best as I am finding a casual exercise session is more appealing than racing or blowing myself out on a racing board. I think the Glide will be a big move up from the Ocean Kayak Nalu, which is a great beginner board for SUP.
One of things that sold me on the glide was the AST construction that will stand up to a little more abuse than a epoxy only board and a board review by some guys from Italy. I have been out on the board once since picking it up Tuesday night. I spent more time finding my sweet spot on the board and only did one quick sprint before calling it a night after six miles in about two hours. Hopefully the weather will hold up for some water time this Saturday morning with my SUP friend Deb Mace and I can comment further on the board's performance.
