robohara.com

A few months ago I spun up a new website, SpriteCastle.com. There’s no real content there yet — it’s more of a proof of concept site at this point. Last night after finishing up the latest episode of You Don’t Know Flack I decided to do some tweaking to the Sprite Castle. When I opened the site in Google Chrome, I got the following message:

Crap. I know WordPress has been under attack lately, so my first assumption was that the site had been compromised. Bypassing Chrome’s warning, I opened the site and searched for any sign of malware. I couldn’t find any. I then clicked “View Source Code” and quickly found the problem — links to a “posh laptop bag” website. While viewing the page itself I couldn’t see the link, but while viewing the code there it was, plain as day. A quick Google search shows that I’m not the only person running WordPress with the issue.

After a few minutes of research I tracked the problem back to the free WordPress theme I had downloaded. The theme was injecting links to sites hosting malware in the theme’s footer, and the links were encrypted (technically, obfuscated) making them difficult to find while sifting through the code.

There are lots of websites out there like this one that will help you remove encrypted footer links. Even with those removed, I was still seeing links in my source to malware sites. By using Windows’ FINDSTR command (similar to GREP) I was able to find more encrypted sections (hint: search your PHP files for “EVAL”). Each time I tried dinking with the code, the website would stop loading. Someone spent a lot of time putting those encrypted links into this particular theme.

So, I spent a lot of time getting rid of them.

The simplest branching point in any programming language is the IF…THEN clause, which does exactly what it sounds like:

IF (this) THEN (do this)

One baby step beyond that is IF…THEN…ELSE logic. Even if you are not a programmer you can see that this is used in every single program.

IF PASSWORD IS CORRECT
- ALLOW USER TO LOG IN TO E-MAIL
ELSE
- PRINT “Denied!”
END IF

Simple.

This was also, in its simplest form, the basis for most early forms of copy protection. Consider the old paper-based protection schemes that required gamers to enter a code to play a game.

HAVE USER ENTER CODE
IF CODE IS CORRECT
- RUN GAME
ELSE
- DO NOT RUN GAME
END IF

Once you understand this logic you can see that with a minor change, programs could be re-programmed to always load. Or, “cracked.”

HAVE USER ENTER CODE
IF CODE IS CORRECT
- RUN GAME
ELSE
- DO NOT RUN GAME
END IF

Again, simple. No matter what the user enters at the prompt, the game loads. There are other ways to do it, of course. Another simple way would be to tell the program that no matter what the user enters, it’s correct.

HAVE USER ENTER CODE
CODE IS CORRECT
IF CODE IS CORRECT
- RUN GAME
ELSE
- DO NOT RUN GAME
END IF

In this instance, no matter what the player enters, we tell the code that it was correct and the program continues down that path.

This is essentially how I removed the malware from the theme. The theme checks to see if a particular file exists on the computer. If it is, it reads a serial number from the file. If the serial number checks out, the malware links are removed from the footer.

CHECK TO SEE IF LICENSE FILE EXISTS
TELL PROGRAM FILE EXISTS
IF FILE EXISTS
- DO NOT INJECT MALWARE LINKS
ELSE
- INJECT MALWARE LINKS
END IF

A quick check of the theme’s output showed that the technique worked and the malware links had been removed. With that part fixed I began systematically removing all the malware-seeking code. It took a couple of hours, but I think the entire theme is now clean.

Unfortunately, once Google detects malware on a site it removes the URL from its search engine (SpriteCastle.com no longer shows up in Google searches) and Google Chrome still flags the site as one that hosts malware, even though the links have been removed. To get re-added, a request has to be submitted to Google and a scan of the site has to be performed. That ball’s already started rolling, so hopefully in the next day or two I’ll be back in business.

A few months ago at work I moved out of the room I had sat in for thirteen years (I went home at night) and over into a new room in a new building. The new room is a “room within a room,” meaning I have to walk through someone else’s room to get to my new room. A dozen or so people sit in the outer room and do something for the organization completely unrelated and foreign to what I do. If this were a automotive plant, my group would be ones managing the company’s computer network, while their group would be the ones processing people’s car titles — I think. We’re so far removed from one another that I doubt we even show up on their organizational chart, and I’m pretty sure they’re not on ours.

Because we’re completely different organizations, the door to our room is locked and must be opened with an electronic key card. The card reader sits off to the right of the door and was mounted essentially in a lady’s cubical. That lady’s name is Miss JoAnn. She’s probably five foot tall, pleasantly plump, and always smiling. I’m sure she doesn’t want us stepping inside her cube to swipe our cards any more than we want to step inside it every single time we need to unlock our door, but she’s always smiling regardless. The card reader takes up to five seconds to read our cards, so multiple times a day my co-workers and I find ourselves standing in Miss JoAnn’s cube, making small talk about the weather for a few seconds until the red light turns green and our door lock pops open.

You may recall I was in Seattle last week. When I returned to Oklahoma Monday morning I was informed that Miss JoAnn passed away. She went into the hospital over a blood clot, had a stroke, developed pneumonia, and died. She apparently also had pancreatic cancer, but hadn’t told any of her co-workers. She was there when I left, and gone when I returned.

Above Miss JoAnn’s monitor sat a statue of a little girl sitting on a swing. I assumed it represented her granddaughter, but I never asked her about it. By Monday afternoon, that statue along with the rest of Miss JoAnn’s belongings had been packed into boxes and taken away. By Tuesday morning, someone else had already moved into her cube. I haven’t made any small talk with the new girl sitting there, but I’m sure eventually I will.

For now, I’m going to miss JoAnn.

Episode 130 of You Don’t Know Flack covers pagers, PDAs, and cell phones. In this episode I talk about the first pager I owned and why I wanted one, the first PDA I owned (the Palm Pilot III), and a few of the cell phones I’ve owned over the years (starting with the Star-Tac). I also tell the story about the time I almost got killed, and how I wish I had owned a cell phone that night.

Due to my current crazy work schedule (which now occasionally includes traveling on the weekends) I missed a week of You Don’t Know Flack. I’ll be working overtime this week to squeeze a bonus episode into the timeline to make the numbers right again.

This episode of You Don’t Know Flack was sponsored by VintageVolts.com. I love it when a sponsor and a show topic come together like this. Vintage Volts is all about retro electronics, from computers to pinball machines, arcade cabinets, and all sorts of things. Pretty much if it’s old and plugs into the wall, Vintage Volts has discussed it. I spent a couple of hours going through all of the posts on the Vintage Volts site over the weekend and there’s some great information posted over there.

You can grab episode 130 of You Don’t Know Flack here. If you subscribe via iTunes, Switcher, Podcast Pickle or any of those places, you probably already have it. If downloads get slow, the show is now mirrored at the Internet Archive as well.

The inside scoop on episodes can be found on the You Don’t Know Flack Facebook Page. If you want to know what’s going on behind the scenes and like the know the very second an episode is posted, go “Like” that page. For suggestions, feedback, and criticism, you can e-mail me or leave a message on the official You Don’t Know Flack voice mailbox (206-309-9501).

For Christmas, Susan bought me an OKC Thunder Hoodie. It’s blue and had the Thunder logo along with the words “Oklahoma City” printed across the front. I enjoy wearing it, but over the past month I have enjoyed wearing it more than usual.

Last month I spent a week in Dallas — home of the Dallas Mavericks, one of the Thunder’s rivals. When the NBA voted on whether or not the Seattle Sonics should/could relocate to Oklahoma City, Mavericks owner Mark Cuban was one of two owners who voted no. The Thunder returned the favor by knocking the Mavericks out of the playoffs. You’re welcome, Mark. Anyway, I had a great time wearing my hoodie around Dallas for a week, representing the Thunder.

This week I’m in Seattle. If you want to know how much Seattle hates the Thunder, just know that while I was standing outside the airport waiting for my ride with my hoodie on it took all of two minutes for someone to drive by, honk, and flip me off.

Tonight we had dinner at a local pub that happened to be showing the Thunder game. I was the only person in the pub wearing a Thunder hoodie. That’s not surprising. I’m probably the only person in Seattle wearing a Thunder hoodie. Fortunately the Thunder won the game, which made it easier to gloat on my way out.

My favorite comment of the night: “Hey, our baseball team’s doing pretty good right now if you want to steal that too.”

You never know, we just might. :)

Just minutes after Morgan found the last Easter egg yesterday morning it was time to finish packing and head off to the airport. Yes, I said airport. Those of you who know me know how much I hate flying, but this week I’ll be working out of Seattle, and flying certainly felt like the lessor of two evils when it came between that and driving 2,000 miles each way.

The last several times I’ve flown, it’s been with somebody else. That’s good because also the last several times I’ve flown, I’ve loaded up on Xanax to make it through the trip. I have found that 1 milligram of Xanax makes you not care about most of the stressors that come along with flying, and 2 milligrams make you not care about much of anything. For someone like me who only takes Advil when my back is hurting so bad I can barely walk, 2 milligrams of Xanax zonks me out for the rest of the day. That really wasn’t an option this time as I had stuff to do the minute I arrived in Seattle, so for this trip I had no companion and no drugs.

On my own and stone cold sober, I walked into the airport. It’s amazing how little attention to detail I pay when I am with other people. I checked myself in at the counter and headed off to the TSA line. One thing I found out is that being a “priority member” doesn’t mean much if the priority line at TSA isn’t open. It didn’t matter; the line moved quickly and within 10 minutes I was dumping the contents of my carry on bags into different plastic tubs. If you don’t fly frequently it’s tough to remember what needs to come out of the bags and what doesn’t. Laptops come out, iPads don’t. All metal comes out of your pockets. Your belt comes off too, but I have a pair of shorts that are one size too small that I keep so I can wear them without a belt when I fly. If you have a CPAP, that comes out too. Oh, and your jacket comes off as well. By the time I was done I had I think 5 grey tubs full of crap going through the scanner. After standing in the full body scanner for a few seconds it was back to the other side to repack my bags, put my jacket and shoes back on, and head off to my gate.

The flight from OKC to Salt Lake City was uneventful. When I landed in Salt Lake City, I did so at Gate B14. My next flight was leaving from Gate D11, and was already boarding, according to the Departures board. I walked as quickly as I could from one gate to the next and I was the last person to board my connecting flight. Whew!

Either while coming in to Salt Lake City or leaving, I snapped this picture with my phone. This is a view you don’t get while driving cross country.

Apparently that whole “please turn off your electronics” announcement is becoming more and more optional. On both legs of my trip I sat near people who all but refused to turn their iPads off during take off and landing, even after being told repeatedly by flight attendants to do so. I get it — nobody believes that their cell phone or iPad can really affect what’s going on up in the cabin anymore, but I am not willing to take that chance. In my mind, every major airline accident or incident has been caused by someone in the back row playing Angry Birds. I’m sure if there were an actual safety thread the flight attendants would be more adamant about devices being turned off, but I really hadn’t noticed such cavalier attitudes about following the rules before this trip.

While standing at the luggage carousel I was convinced that flying to Seattle had been a better choice than driving. There hadn’t been a single thing about flying that had been worse. 4 1/2 hours of being on a plane was certainly better than 3 days in the driver’s seat, that’s for sure. As I was standing there admiring just how well things had gone I realized that no more luggage was coming off the carousel.

Yes, they lost my suitcase.

From there it was off to the baggage claim counter to fill out a lost bag claim. Fortunately I had kept the little luggage sticker, which I gave to the lady at the counter. She said my bag was on the next flight and I had the option of staying at the airport for two hours or having it delivered to my hotel. I chose the latter. The people in front of me were not so lucky; they were staying about 40 minutes away from the airport, which is outside of the airport’s delivery range. They were given the option of waiting two hours for their bags or having them FedExed to their hotel and having them arrive on Tuesday.

I was given a website where I could check the status of my bag. By 6pm it had arrived in Seattle and was “on its way to the customer.” It arrived around 10pm. Even though I was only slightly inconvenienced by this I decided not to take it out on the guy who delivers the bag. Do you tip the guy who brings your bag to you after your airline lost it? I debated this decision internally but it turned out to be moot; whoever brought my bag dropped it off at the lobby counter. I got a phone call at 10pm telling me it was down there, so I threw on my shoes and went down to get it myself. In the end I decided to tip myself a few bucks for my effort.

If I get out and do anything I’ll post some pictures and write about it, but to be honest I’m expecting 12-14 hour days this week and probably won’t get out much.

Wednesday evening I was featured as a guest on the Adventure Club Podcast. The Adventure Club Podcast is hosted by two guys, Guy Hutchinson and John J. Both of these guys are involved in a ton of podcasts and projects, some of which have been rolled up into the duo’s Adventure Club Podcast Network. I was featured on Adventure Club #59, so even after listening all all 59 episodes of that show there’s still a lot of other material out there from these guys to dig through.

Most episodes of the Adventure Club feature a couple of interviewees, and so I went on after the pair interviewed Dateline NBC’s Josh Mankiewicz. I did my interview over Skype and I have to say I was amazed at the quality of the final product. I have done a couple of recordings via Skype before and none of them have turned out this good. That in and of itself is making me reconsider having more guests on the You Don’t Know Flack podcast. My problem now would be finding somebody who wants to co-host it semi-regularly with me (maybe rotate through different hosts?) and has a good quality microphone.

My slot on Adventure Club was 30 minutes long. Before the show began I kicked the guys a list of potential topics to discuss. I didn’t know if my list of topics would fill 30 minutes or not, but mostly because I talked so much, we only made it through about the first third of the list. I hope (fingers crossed and all!) that this means the guys will be having me back in the future. I really enjoyed talking with Guy and John and I think they put out a quality product. I’m definitely looking forward to future episodes of their show.

Link: AdventureClubPodcast.com
Link: AdventureClibPodcast Episode #59 (with Josh Mankiewicz and Rob O’Hara)
You can also follow the show on their Facebook Page or @AdvClubPodcast on Twitter.

I had heard of the website Bundle-in-a-Box before, but never really looked into it until one of my friends Robb Sherwin had one of his games added to a bundle. What Bundle-in-a-Box does is group several games together and allow their customers to pay whatever price they think the bundle is worth. The games are downloadable and DRM-free so you can install them wherever and to whatever you want.

This week’s bundle contains five games and the minimum price you can pay is $2, which works out to be 40 cents per game. If you go crazy and pay more than the average price (which is currently $5.85), you get four additional games for a total of nine in all. $5.85 for 9 games is 65 cents per game, big spender.

This is the part where I talk about what you else in this world you could get for 40 cents instead of a game. McDonald’s now charges 25 cents for additional tiny plastic cups of McNugget dipping sauce, so with 40 cents in your pocket, you could buy one additional container of sweet and sour sauce there. For 40 cents you couldn’t afford the cheapest item on Taco Bell’s menu, a “cheesy roll-up,” which is a tortilla with some melted cheese inside it that costs 79 cents. At the mall, a single gumball from the gumball machine costs fifty cents, so you couldn’t buy one of those either. The cost of a single stamp is 46 cents now, so with only 40 cents to your name you couldn’t buy enough postage to mail a latter to your next door neighbor. I suppose on iTunes you could buy 40% of a single song. I’m not sure they pro-rate them that way, but you get the idea.

One of the downfalls of digital distribution, be it games or music or movies or books, is that many consumers think digital goods should cost less than their physical counterparts. And I agree, to an extent. When I first added my book Commodork (which retails for $15 in paperback) to the Amazon digital bookstore, the initial price Amazon suggested was $9.99 which I was told by potential consumers was too high. I almost immediately lowered the price to $4.99, which I was also told was too high. Currently you can buy DRM-free PDF copies of my books Commodork and Invading Spaces for $2.99 each from my website. Each of those books represents a year’s worth of work. I wrote Commodork by waking up early and writing, staying up late and writing, and writing on weekends. For a year. If you figure I worked on Commodork 10 hours a week for an entire year, at $2.99 that means I earned a whopping .006 (six one-thousandths) cents per hour. Robb Sherwin told me last night he spent 2 1/2 years working on Necrotic Drift, his game in this week’s Bundle in a Box. A game which, again, you can own for 40 cents.

For Christmas, my son and I each got a new game for the PlayStation 3 (Call of Duty and Need for Speed). The total price of these two games combined with tax was $130. The cost for 5 games here is a minimum of $2. I won’t lie; I paid the whopping $6 to get 9 games. That’s more than “cheesy roll-up” money, but it barely covers the price of a combo meal.

Bundle-in-a-Box takes PayPal, Google Checkout, and credit cards. When I bought my Bundle it took about 8 seconds to pay and then I received the e-mail containing the download information about 4 seconds later. It will take you much less time to buy these games than it will take you to read anything I’ve ever written. Ever.

This week’s bundle contains an RPG, puzzle games, a couple of graphical adventure games, and of course my friend Robb’s text adventure. Won’t you consider buying a bundle of 40 cent games this week?

Link: Bundle-in-a-Box

Whenever I visit our nation’s capitol for work, I end up either at the mall area or in Navy yard. Shortly before 11am, both of these areas become packed with food trucks. I’m sure this happens in a few other areas as well.

People who live and work in the area probably take them for granted, but I find the whole experience quite exciting. This Oklahoma City Food Truck Tracker lists 7 food trucks, most of them novelty in nature. FoodTruckFiesta.com on the other hand, a website that tracks food trucks in the D.C. area, lists 118 different trucks for downtown, with another 28 for Arlington and 13 for Fairfax.

One thing I like about the food trucks is all the variety. Literally steps away from one another I found Mexican food, Korean food, Indian food, and Italian food. Last time I was in D.C. I had a burrito from the Chupacabra truck. This time I settled on a trio of tacos (one chicken, one beef, and one fish) along with a bag of chips and a bottle of water from the DC Taco Truck. Prices are slightly higher than fast food (my lunch was $10 even). I probably wouldn’t eat at the trucks every day if I worked in D.C., but… okay, I am lying. I would eat at the trucks every day if I worked in D.C. For what it’s worth, everything I’ve had from the food trucks has been tasty and fresh.

The food trucks are much more advanced than I would have guessed. Every one I’ve visited accepted credit cards. Many of them are also on Facebook and Twitter and announce daily deals and discounts online.

I believe variety is the spice of life, which may be why I enjoy the D.C. food trucks so much. I love all the different colors on the trucks and all the different types of food you can get in such a small area. I can’t wait to try a new one the next time I inevitably go back.

Over the weekend Google announced they will be shutting down Google Reader (their RSS Aggregator) on July 1, 2013. This may or may not be a big deal to you. If you don’t use RSS, it’s not a big deal to you. I use RSS feeds every day. It’s a big deal to me.

If you don’t use RSS feeds, allow me to explain. Imagine you are the manager of a newspaper in a small town. In this town, there are 200 businesses. There are two ways to get news stories for your newspaper. One way is, every morning you could go visit every single business and ask the owners if they have any news for you. Or, you could set up a voice mailbox and have the business owners call and leave a message if they have any news for you.

That’s what RSS is. It’s a system that allows you to subscribe to updates from websites. I subscribe to RSS feeds of roughly 200 websites. Some of them are news sites like CNN and ABCNews. Some of them are tech sites, like Wired and Tech Crunch. Some of them are blogs, some of them are podcasts, and some of them are functional. Netflix has an RSS feed of new releases. You know those annoying websites that only seem to update once or twice a month? When they do, my RSS reader (Google Reader) adds a little “(1)” after their name in my list. That’s how I know something new has been posted. I don’t have to visit the site day after day after day wasting my time to see if something new has been posted. When they do, well, “Joshua calls me.”

There are dozens if not hundreds of RSS readers out there, most of them free. Some of them you have to install, some of them are browser plug-ins, and some of them (like Google Reader) are web/cloud-based. The reason web-based RSS readers work best for me is because I use multiple computers throughout the day. I use my laptop downstairs, my main workstation upstairs, my work computer, my phone, and my iPad. What’s so nice about Google Reader is that it keeps track of what you have read on their server so when you move to a different device, you don’t get the same news stories again. Remember our newspaper editor? Without RSS it would be like having to call all 200 business owners every time you moved to a different room. RSS isn’t used by everybody, but for someone like me who tracks a couple hundred different websites it’s indispensable. Some of you may be thinking, “Who cares? I get my updates from places like Facebook and Twitter!” Ah, but guess where the people posting the links you read are getting them from? That’s right, RSS feeds.

Google Reader is free, which makes it tough to spend too much complaining about its demise. For its part, this is not unprecedented by Google. They’ve set up lots of free projects before only to pull the rug out from under their users and shut them down. Without going all sour grapes, it does make you question the stability and security of Google’s other products. The reason Google offers free services is so they can glean information from your data and use it to market things to you. Apparently the information being gleaned from Google Reader wasn’t enough to keep it up and running. It does make you wonder what’s next.

Years ago I was using an online service to keep track of all my “favorites,” so that I could access them from whatever machine I happened to be using at the time. When that service closed down, I found an open source solution and installed it on my server. I’ve been using it for years and couldn’t be happier. No matter where I am, all I have to do is visit a page on my webserver and all my favorites are there waiting for me. There are other cloud and web-based RSS aggregators out there, but each time you get burned it makes it a little harder to trust the next guy.

Feedly, another online RSS aggregator, reported 500,000 new users over the weekend. Digg also announced that they plan on launching their own RSS aggregator. I think Google missed the mark here. RSS is nowhere near dead.

Early this morning after camping at Lake Murray, Susan broke out the metal detector and the four of us headed down to a spot near the lake known as Buzzards Roost. We didn’t know why it was called that until, well, we saw the buzzards.

Susan and the kids wasted no time in scavenging the area. Susan works the metal detector and whenever she gets a hit on some metal, the kids take turns digging up the dirt and sifting through the piles to find their treasure.

The “best” find of the day were these old, broken eye glasses.

The worst was this underwear strap.

The fact that this was an old, used strap of elastic that was at some point in time attached to someone else’s underwear did not prevent Morgan from picking it up and swinging it around.

Other bits of treasure included this old beer can.

Somebody somewhere thinks this is fun.

The final tally, according to Morgan, was “28 nails, 2 cans, 5 pop tops, and 2 unidentifiable pieces of metal.”

The best find of the day were these brand new sunglasses, which we did not need a metal detector to find. Someone had left them sitting on a rock next to the boat dock.

I think we can clearly see who the winner of this adventure was.