The Dangers of SQL Injection

If you're not participating in the world of web sites development then you will probably find this post of no interest - though if you own a web site that somebody else has made for you, you might want to ask them about this phenomenon.

Somewhere in my memory there lay the briefest of mentions of 'SQL Injection', something that I had stored away into the category of 'it won't happen to me'. But then it did. This post is just to stir the memory of folk like me, and remind them that actually it could very easily happen to them, and when it does, you won't like it...
 

My site, DriveArchive, has been running quite happily for ten years now, which is half a lifetime when it comes to the Internet. I check it most days, just to see if it's actually still there. One day it was indeed there, but it was a mess. The site itself is based on a complicated SQL Server database, very nearly every page has content that exists not in HTML, the underlying code of web pages, but as records in the database which are used to generate the HTML as the page loads.

The site was all over the place, and so I looked at my database. It had become corrupted, in a very odd way. Some of it was fine, some of it was not. The bits that were not had had text data replaced with the name of a web site which it turned out was a dangerous, malware-infested place to go to.

How the heck had that happened? My research began. Well... first job was to fix it. I found to my horror that the last time I had backed up the database was months ago. What a plonker. Though in my defense I have to say that the only method provided by Fasthosts, my hosting company, was so lengthy, difficult and unsatisfactory that it does not encourage frequent backups, quite the opposite.

And, just while I've mentioned them, and I have no reason to believe other hosting companies are better or worse at this, my pleas to them to restore my database fell on deaf ears. It was pointed out to me that they expressly do NOT ever restore your data for you. Nice. Maybe I really should have read the fine print. Thanks, Fasthosts. If I looked in my control panel the database was flagged as being backed up the day before. I'm not entirely sure why they bother if they won't restore it for you!

It took me 10 solid hours of work to fix the database to something near its former glory. I looked into how it had happened, and the likely way was 'SQL Injection'. If you Google that, you'll find out all about it, I won't duplicate all that on-line knowledge here. I sat and coded a defense to the attack, and went to bed.

Next morning, what did I find : it had happened again! What a pain... This time I looked through the logs to my site, reams of relatively meaningless drivel, but there, in the middle of it all was the answer, I found the way in. I fixed it. The hacker is still trying the same trick, but to no avail now.

So... I know all this is a massive IT cliche, but listen to one who now knows... firstly, no matter how awkward, DO YOUR BACKUPS. And secondly, if you have a web site that depends on an SQL based database, find out about SQL Injection and how to stop it - before it's too late.

If you'd like to discuss anything more about this topic, feel free to contact me

Sharp Compet 364P-III Calculator

I was rooting around in the loft the other day and came across this item:

I'm hoping someone out there is interested in this thing, having looked on t'internet for information about it, I think it might be quite a rarity. It's a Sharp Compet 364P-III programmable calculator. I'm not sure how old it is, but I think I acquired it in the mid 80's, and it had been unused for a few years prior to that, so I'm guessing mid to late 70's, maybe. When I got it, it worked, I think. Now, it looks like it might work, but just starts counting upwards from 0 whenever you press the keys. Somewhere I have the instruction booklet. I'm assuming it shouldn't do that, but who knows!?

It is a very heavy bit of kit, solidly built, and in pretty good condition. The display is made up of 16 valves with the numbers arranged inside them, quite a piece of work on their own. And they all light up. I'm guessing these are the most important and hardest to replace components, so whatever it is that's wrong with it may be easily fixed by someone in the know.

When I first got my hands on it I did program it a little bit, but at the same time I got my hands on my first ever PC (then known as a 'micro') so this thing didn't get much of a look-in after that. You compose the program, save it on a magnetic card fed into the machine through a slot on the left. Above the slot is a printer, not sure if that works or not, it appears to use a special roll of silvered paper, no sign of ink or a ribbon.

If you do know anything about this old thing please let me know, and if anybody is interested in acquiring it from me, maybe drop me an email. I don't think it would be a good idea either physically or financially to think about posting it though!

For more pictures of the machine, click here to go to Flickr.

Porsches on the Prom, Llandudno

Well, it was a grand day out to Llandudno on Sunday the 22nd of April 2012, to see all the lovely Porsches gathered there.

This annual event was blessed with fine weather, though rain threatened most of the day. The sun shone, giving excellent photographic opportunities, or just a nice environment in which to enjoy the cars on show.

The majority of the car were 911s, however there were many Boxters, Caymans, 924s, 944s and some terrific 928s, even a 968 and an old 356.

I had to leave early, but I believe they were all off for a tootle around the Marine Drive at the end of the day, which must have been a spectacular sight!

Many thanks to whoever organised the event (I think the Porsche Club of Great Britain), not often you get so much enjoyment for absolutely nothing.

To see some of my pictures of the event, click here to go to Flickr.

Peter Gabriel - New Blood

You might have read my review of Peter's previous album, if not find it here.

This is much the same, but this time he's orchestra'd up his own work, not someone else's. I think the album Scratch My Back was a triumph. I was a little worried about this new effort. But then I saw Peter perform extracts on Jools and I was won around. As usual with Gabriel's work, repeated playing just makes the thing get better and better. There's a quality here that is rare these days.

I guess in an ideal world I would prefer the guy to come up with something new, but this album is not a bad substitute as he significantly reworks some of his best tunes, transforming them into a whole new level.

Aside from the lengthy atmospheric introduction to Solsbury Hill, which gets old pretty quickly, the whole album is spot on. How someone unfamiliar with his oeuvre would take to this is hard for me to say. But it just oozes quality from start to finish.

Very highly recommended, 10/10, you could buy it here.

Acer Aspire One D255E

What's the opposite of an "impulse purchase"? Whatever the phrase is, that's what the buying process for this device was for me. Took me months! Earlier in the year there was an article in PC Pro comparing many Netbooks and this one won. That was just the start.

I then set about looking for alternatives at a better price, but - cutting to the chase - nothing seemed as good. I stood for ages in PC World and Currys playing with netbooks various, and was somewhat underwhelmed. If you get the chance, walk up to a netbook and try running four or five applications at once. Chances are it will fall flat on its face.

Most of them are single core processors, and nearly all have but 1gig of memory. A few years ago their specification would have been thought fabulous, but now they struggle to cope with just the operating system, let alone running a program. (There's an article elsewhere in the blog extolling the virtues of MS-DOS for those who can remember it.)

So, the D255E has a dual core processor. I very nearly bought a single core example once, before the nuances of Acer's name scheme became apparent to me, a mistake I suspect many could have made. It has  1gig of memory and a 250gig hard disk. It has 3 USB ports, N class wifi and a 10.1 inch display. It nominally costs 250 quid, but I decided that 200 was my top limit. Much hard work went into tracking down such a thing, weeks passed but eventually I fluked it - Okobe had red ones for 200 pounds. I'm inclined to think they made a mistake on their web site, because if anything red ones are more than the usual black.

There's no denying, it is a bit slow. It's a 1.5 ghz processor, and the dual core does allow it to multi-task quite happily, but it's no greyhound, Patience is required. Once things are running, they run well, but start up times seem slow.

Having removed all the crapware from the machine, installed Chrome and Firefox and banished IE whence it came, surfing is a totally pleasant experience. And as that's pretty much all I wanted it for, that's fine. But having said that, I have no complaints about how it runs Office, or indeed any of the other apps I've subsequently installed. I can't see it doing video editing, but Picassa works fine for example, as does Google Earth.

The display is very bright and clear as a bell, and it's glossy finish has not caused me problems at all. And once the battery was trained it is genuinely giving me hours of use on a charge. The claim is 8 hours plus, but that must be for doing not-a-lot, I'm getting over 6 hours of normal use, whatever that is...

The wifi range is good, the keyboard is nice to use, the touchpad is responsive, it's light to carry, and looks cute as a button. It gets a little warm on the lap, but nothing to mention, and the fan is quiet. It's great for watching the BBC iPlayer in bed. Speakers aren't that great, well they sound okay but there's little volume, but that's easily fixed with headphones.

If I was to find fault... there's just 1gig of ram, but to install more you have to get your screwdriver out and remove the base... I'm not sure my nerves would take this. Surely a little hatch isn't too much to ask? Or that it should come with 2gig? Because just running a browser the ram usage goes into the red sometimes.

The machine is configured to boot into Android. This is easily bypassed, but I've left it doing this, as the start up time is phenomenal. It feels like just a few seconds from pressing "on" to being able to surf. Catch is, the version of Firefox used in the Android partition is well old, and I can't fathom how (or indeed if) you can update it. And oddly it seems to run very slowly, use it for gmail for example, and it keeps "sticking" as you type your message. There's something not quite right with it all. And there's a small app store to access, but so far I've failed to download anything from it, it just hangs when I try.

But ignoring these minor gripes, I cannot but heartily recommend the D255. I've been using it for a few weeks now and it's performed faultlessly. I attended a long meeting recently, other participants had laptops that they kept having to 'sleep' all the time - me, I just left the Acer on - that battery rocks! As I said before, beware the identical looking single core version, which can be the same price too, confusingly. You may not be as a lucky as me to find one for 200 quid, 240 seems generally to be going rate, but as the opposition catches up with dual cores I expect its price will drop.

Update 2017

Yes, after many years, the Acer is still going, admittedly with only infrequent use these days. It has soldiered on well, and still looks quite new. The battery still gives a reasonable life, and everything still works fine. Software wise, it did start to go slower and slower, until it really got unusable, at which point a complete re-install of Windows sorted it out. Along the way I did try running it using Linux, but this didn't really give me the tools I needed, but it did work okay-ish (see here). I did lose the Android alternative system that the machine came with, no great loss. And then came Windows 10. I took the chance of the free upgrade, which I was surprised I got given that the original system was 7 Starter. BUT, after the upgrade things were not great, it had become very slow, despite the hype that 10 did not need more power than 7.
So... I gritted my teeth and did what I should have done from the very start, upgrade the memory. It came with just 1gig. I had read what was required to upgrade, and when the notebook was new I didn't fancy taking it apart to get the new RAM in, but of course now I wasn't so bothered. And it turned out to be a ten minute job, no problem at all. The worrying bit is prizing the keyboard off and then undoing several key screws, but there's a YouTube video that shows you how to do it. A doddle, and the memory was very cheap. A very worthwhile upgrade and means the machine will run Windows 10 happily. In fact I'm using it this very minute to write this.
So, during it's life Notebooks were in and then out of fashion, but I notice that recently there's been a resurgence in interest in these smaller laptops, this time around as a sort of tablet/laptop hybrid. They are very useful to have around, the number of time I've needed the quick use of a portable device I don't really care about, it's perfect. I now use it mostly to plug in to my car diagnostics, it happily sits on the engine telling me where the latest problem is!