(Visit the GobbleRSS website for more details about the application itself.)

After I finished reading my latest book, which is what I usually do during my daily commuting to and from work, I started looking for a way to read my RSS feeds on a Palm device during that time. First, a friend of mine lent me his Palm Zire 31 (thanks!). Next, I started looking for a way to get unread RSS items from Google Reader into the Palm device. I was pretty happy with Google Reader itself, since I could read news at home, or at work (and soon enough, between the two) and not have to deal with duplicates etc. Using a desktop client would have been much more complicated, especially since I use a Mac at home, and a Windows PC at work. So, after looking for a while for a Google Reader API, or some other ways to download unread RSS items from Google Reader, I gave up.

I then started to implement my own Google Reader, which I dubbed GRC - Google Reader Clone.

If you think a little, it's quite simple to implement. You need to save subscriptions (RSS feeds' URLs basically) in a DB table, and at regular intervals, download all of those URLs, parse it, and save the result in another DB table. I started with a simple PHP page which did just that, and used a cron job to call that PHP script every 6 hours. That way, all RSS articles will be saved in the DB, waiting to be read. I then added a couple of flags to each RSS article (starred, unread, new) to be able to sort them, show only one type of items, or star / keep unread specific articles; a-la Google Reader indeed. I then created a pretty simple PHP web page which listed unread articles title, and when I clicked one of them, used AJAX to download the article from the DB and show it in the right-hand panel. Again, very Googlesque! And finally, I created a PHP web page which would load a predetermined number of unread items, show all of them in a very simple layout, and mark all of them as read automatically. This is the web page I download when I sync my Palm. That way, I have RSS articles on the Palm which I can read whenever, and they are all marked as read in the DB already, so I won't have to go over all of them when reading other articles at home or work.

All this left me with a very usable web-based RSS reader, missing a couple of details, all of which I added at some point:

• a subscriptions management page
• a RSS feed of my starred items to be able to share them with my friends
• a link to trigger the download of all RSS feeds manually from the reading page
• a search functionality (which was really missing from Google Reader! Not sure if the new version has it - I stopped using Google Reader just before they made their last big update)
• a way to lock down the application so that I would be the only one able to use it - I used htaccess IP address Allow rules, mixed with password authentication for when I'm not at home;
• keyboard shortcuts to allow easy reading with a minimum of efforts
• and a way to mark articles on the PDA for later reviewing

I solved that last problem by writing the article numbers next to their title on the PDA page. This allowed me to note down article numbers on the PDA while I was travelling, and when I got home, I would enter those numbers on a special field on the reading page to review all of them. Easy enough.



So this is how I created GobbleRSS, which is now available under LGPL at http://gobblerss.pommepause.com

Do you want to skip all this text and just get the Colloquy Blowfish Plugin?
Then click here.

Lately, IRC channels where I hang started using Blowfish encryption for all messages sent to the channel. mIRC and eggdrop support Blowfish pretty easily, but there was nothing for Colloquy (the IRC client I use - Mac OS X only) to encrypt & decrypt Blowfish encrypted messages.

So I started looking for a way to encrypt & decrypt Blowfish messages using a Colloquy plugin. Colloquy allows all sort of plugins: AppleScript, Python, Obj-C, etc. I tried to use the Python template plugin, but it wouldn't even load on Colloquy, spitting some error on load. So I downloaded existing plugins to see how they worked. Most of them seems to use the AppleScript API, and it seems easy enough for my purpose.

Now I needed code to encrypt & decrypt Blowfish messages. Google suggested a Java class that allowed easy encryption & decryption. Adding a simple main method in it, I was able to encrypt & decrypt messages via the command line by passing the key & message as arguments. While this worked just fine, launching the JVM each time I received a message or I sent a message was quite resource-consuming, even with my dual G5.

So I started looking for C or C++ code that would do the same thing. After trying many implementation, I decided to try to compile the eggdrop Blowfish module by itself. I had to change a couple of things to make the blowfish.c file compile alone, but I made it. I also added a new main function to be able to use the encrypt & decrypt functions from the command-line, which worked just fine, and was much faster than the previous Java implementation I used.

Note to Java haters: The Java implementation I used was slower because I had to start the JVM each time I wanted to encrypt or decrypt a message. If I had the JVM already running, and a service that would listen for encrypt & decrypt commands on a socket or something, it would very probably have been almost as fast as the C implementation I currently use. I just wanted to go with the more minimalist approach I could find, so I opted for the C program.

So now, I was receiving encrypted messages in Colloquy, my AppleScript plugin was called for each message, and I was able to change the received message into it's unencrypted form by calling my Blowfish command-line program. Sent messages followed a similar path: Colloquy > AppleScript plugin > command-line encryption > IRC server.

The only problem I had now was special characters. Bold, underline & colors IRC characters were not correctly handled by the AppleScript plugin. So I took the HTML-ized version of the message to be sent and translated all the HTML tags I found into IRC characters. For received message, I did the reverse: I translated IRC characters into HTML tags and passed that new string to Colloquy for display.

Limitations: For sent messages, I only translate specific colors into standard IRC colors; I used the quick picks at the bottom of the "Show Colors" panel in Colloquy. So the colors that will be sent correctly when encrypted are: #FF0000 (red), #44B958 (green), #0013FF (blue), and #EBB51B (orange). All others colors will be replaced with black when sent.
Received message don't have this limitation, so colors in received messages should pretty much always look OK.
Also, my plugin doesn't support background colors, so messages containing those might look weird when decrypted.

That's it. I now have working Blowfish in my Colloquy, and so can you.

You can download the latest version of the Colloquy Blowfish Plugin (version 04) for PowerPC or Intel.
Changelog:
Version 02 fixes a small problem with messages containing colors > 9 (IRC color codes 10 to 15). Those messages would not be shown in Colloquy because of this problem.
Version 03 allows to send or receive unencrypted messages in normally encrypted channel or private messages for messages that start with +p.
Version 04 fixes a problem with % in sent messages, and adds support for multiple channels using just one plugin.

Do you want to skip all this text and just get the new FrontRow Enabler for 10.4.8?
Then click here.

Ok. So I wanted to install FrontRow 1.3 on my old PowerMac G5... Downloaded FrontRow Enabler 1.3, followed instructions, rebooted... And bam, no more login screen. How fun. Checking the comments on Andrew Escobar's page, I realized 10.4.8 wasn't supported just yet. So I used my trusty FireWire cable to fix my PowerMac (see how in the comments of Andrew's page), and started to look for a way to patch FrontRow Enabler 1.3 to make it compatible with Mac OS X 10.4.8.

Here's what I did.

Mount Andrew Escobar' FrontRow Enabled DMG, and open
/Volumes/Enabler_1.3/Enabler.app/Contents/Resources/Scripts/main.scpt
This is the script executed when you execute Enabler.app

main.scpt told me I needed those two patch files:
/Volumes/Enabler_1.3/.frameworkpatch
and
/Volumes/Enabler_1.3/.pluginpatch

Download the Mac OS X Update 10.4.7 Combo PPC from Apple.

Use Pacifist to extract
/System/Library/PrivateFrameworks/BezelServices.framework/Versions/A/BezelServices
and
/System/Library/LoginPlugins/BezelServices.loginPlugin/Contents/MacOS/BezelServices
from MacOSXUpdCombo10.4.7PPC.pkg

Those are the two files that FrontRow Enabler is patching when you click the 'Enable FrontRow' button; I found this info in main.scpt

Patch both files using FrontRow Enabler patches:
cd ~/Desktop/10.4.7-BezelServices.loginPlugin/Contents/MacOS
cp BezelServices BezelServices.bak
bspatch BezelServices BezelServices.patched ~/Desktop/pluginpatch

cd ~/Desktop/10.4.7-BezelServices.framework/Versions/A/
cp BezelServices BezelServices.bak
bspatch BezelServices BezelServices.patched ~/Desktop/frameworkpatch
Use hexdump to be able to see the binary data of each file in clear text:
cd ~/Desktop/10.4.7-BezelServices.loginPlugin/Contents/MacOS
hexdump BezelServices>BezelServices.hex
hexdump BezelServices.patched>BezelServices.patched.hex

cd ~/Desktop/10.4.7-BezelServices.framework/Versions/A/
hexdump BezelServices>BezelServices.hex
hexdump BezelServices.patched>BezelServices.patched.hex
diff the original and patched files to see what the patches changed:
cd ~/Desktop/10.4.7-BezelServices.loginPlugin/Contents/MacOS
diff BezelServices.hex BezelServices.patched.hex

3770c3770
< 000fb60 4bff fed1 2f83 0000 419e 0020 8001 0058
---
> 000fb60 4bff fed1 2f83 0001 419e 0020 8001 0058

cd ~/Desktop/10.4.7-BezelServices.framework/Versions/A/
diff BezelServices.hex BezelServices.patched.hex

512c512
< 00026f0 4800 01d1 8101 0058 3821 0050 7f83 e378
---
> 00026f0 4800 01d1 8101 0058 3821 0050 3860 0003
Ok, so now I know what bytes needed to be changed in 10.4.7 to enable FrontRow.
Now I just need to find the same bytes in the new 10.4.8 files, and create patches for those files.

cd ~/Desktop/10.4.8-BezelServices.loginPlugin/Contents/MacOS
hexdump BezelServices>BezelServices.hex
grep -B 1 "2f83 0000 419e" BezelServices.hex
...
--
000faf0 bfc1 fff8 9001 0008 9421 ffb0 4bff febd
000fb00 2f83 0000 419e 0020 8001 0058 3821 0050
--
...
Close enough... Ok, so BezelServices.loginPlugin/Contents/MacOS/BezelServices needs to get it's 000fb03 byte changed from 00 to 01.

cd ~/Desktop/10.4.8-BezelServices.framework/Versions/A/
hexdump BezelServices>BezelServices.hex
grep "0050 7f83 e378" BezelServices.hex

00026f0 4800 01d1 8101 0058 3821 0050 7f83 e378
Well, what do you know... Exact match. And at the exact same location (00026f0) than the 10.4.7 file; I guess this patch doesn't have to be changed after all.

Close to a solution now; just need to create a new .pluginpatch that will patch the correct byte, and it should work fine.

sudo port install bsdiff
cp BezelServices BezelServices.patched
Now to patch the correct byte, I need an hex editor.
Seems 0xed would do fine.

To verify my patch:
hexdump BezelServices.patched>BezelServices.patched.hex
diff BezelServices.hex BezelServices.patched.hex

3804c3804
< 000fb00 2f83 0000 419e 0020 8001 0058 3821 0050
---
> 000fb00 2f83 0001 419e 0020 8001 0058 3821 0050
Perfect.

bsdiff BezelServices BezelServices.patched .pluginpatch1048
Now let's repackage FrontRow Enabler with this new patch.
And done!

You can grab the new Enabler1.3.1.dmg here.
Warning: Don't install that on anything else than 10.4.8! You'll break your OS X install!

Not that easy...

Note that the following will only work on Tiger, not on Panther nor Leopard!

1. Install Xcode; latest (currently 2.4) is always a good idea.

2. Install fink.

3. Install needed packages using fink:
sudo fink selfupdate
sudo fink install libjpeg libtiff libpng3 libxml t1lib5 uw-imap-c-client-ssl libmcrypt libmhash ming mysql15-dev postgresql80-ssl-dev
Note: Continue with the other steps while this process. It will take a while!
For step 7, wait for this to complete.

4. Download FrontBase for Mac OS X.
It comes in DMG/Installer form. Install it.
Note: You can customize the installation, and deselect everything except FBDeveloperLibraries.

5. Install FreeTDS:
curl -O http://ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz
tar zxf freetds-stable.tgz
rm freetds-stable.tgz
cd freetds-0.64/
./configure && make && sudo make install
cd ..
6. Download latest PHP source; currently 5.2.5
Extract it.

7. Compile PHP
cd ~/Desktop/php-5.2.5
./configure --prefix=/usr/local/php5 --with-apxs --with-config-file-scan-dir=/usr/local/php5/php.d --with-iconv --with-openssl=/usr --with-zlib=/usr --with-gd --enable-gd-native-ttf --with-libjpeg=/sw --with-libtiff=/sw --with-libpng=/sw --with-jpeg-dir=/sw --with-png-dir=/sw --with-zlib-dir=/usr --with-ldap --with-xmlrpc --with-iconv-dir=/usr --with-snmp=/usr --enable-exif --enable-wddx --enable-soap --enable-sqlite-utf8 --enable-ftp --enable-sockets --enable-dbx --enable-dbase --enable-mbstring --enable-calendar --enable-bcmath --with-bz2=/usr --with-curl --with-kerberos=/usr --with-imap=/sw/share/c-client/ --with-imap-ssl=/sw/share/c-client/ --with-iodbc=shared,/usr --with-json=shared --enable-memcache --with-libxml --with-xsl --with-pgsql=/sw --with-pdo-pgsql=/sw --with-pdflib --with-t1lib=/sw --with-gettext --with-ming=/sw --with-mcrypt=/sw --with-mhash=/sw --with-mssql=/usr/local --with-mysql=/sw --with-mysqli --with-pdo-mysql=/sw --with-fbsql
OPTIM=-O2
make
sudo make install
8. Edit your /etc/httpd/httpd.conf: Change
<IfModule mod_php4.c>to
<IfModule mod_php5.c>
9. Restart Apache:
sudo apachectl stop
sudo apachectl start
You can verify that your new php executable works fine by doing:
/usr/local/php5/bin/php -i | grep "Build Date"
Done.

RapidWeaver is a nice software for Mac OS X that allows people with no knowledge of HTML/CSS whatsoever to create very nice websites. (This website was created with RapidWeaver.) It comes with themes, page templates, etc. One of those page template is a PHP Contact Form. It has come to my attention (from the RealmacSoftware support forums) that the PHP code generated by RapidWeaver (version 3.2.1 or less) is vulnerable to mail header injection attacks. I created web pages in both french and english on how to temporarily fix this vulnerability until RealmacSoftware release RapidWeaver 3.5 which is supposed to close this issue. I also did a quick search on Google to find RW-created contact forms, and I tried to exploit them. Each successful exploit was then logged and a warning email was sent to the webmaster with links to RMS forums and to the above page on how to fix this vulnerability. I received a couple of negative answers about this, but I received much, much more positive replies, thanking me for the warning or asking me for help to implement the fix.

Why did I do this: I feel like when you have the resources and know-how needed to help people and make the Internet a better place, it's never a bad idea to use them and act. That is, when time permit..!

References: Jelly & Custard, Email Header Injection in PHP, explains php mail() header injections, and why it's uncool to *not* fix this.

*update: RMS have finally published a fix for RW users: here's the forum post that discuss the new version of the Contact Form plugin (available for RW 3.2.1).

Started to check that out in December 2002. Since then, I created a number of scripts for the FTP daemon for Windows. Many of which not many people still use, but I still use some of them. I'm currently re-writing my main script in Java. Much more fun to code than the last version, which was C coded with Visual C++. ioBanana was my most popular script. Funny name comes from a suggestion in the IRC channel #ioFTPD. I wanted to call it ioB, since there was already an existing script ioA, which almost everybody used (and still use) and my ioB was complementing it. But ioA' developer thought it was too confusing, so ioBanana it became.
When I started that script, I did it for myself. I wanted a script to do everything I needed without having to install X different scripts. The features implemented were the ones I needed, not much more. The script was freely available to anyone then, but other than bug reports, I didn't do much in regards to new features.
After a time, I started to add features I personally didn't need, and I also started to make the script donation-ware. A donation of any amount (above 2$!) gave you a key to unlock the full version of the script. I was using some clever public/private key scheme to lock my executable. Sadly, one day, I moved files around on my system, and the scripts that were supposed to automatically encrypt the executables I was distributing stopped doing it's job. Some time after that happened, ioBanana, the non-free version, was released as a 0day (warez). Soon after that happened, I officially dropped public releases of ioBanana and offered the source code to any developer who would want to continue my work. Harm volunteered. Since he took the project, he released two 'minor' versions (based on my C code) and one major version, completely rewritten in TCL, but kept the name.
I continued to improve my personal version of ioBanana, and as of today (now that I can't compile it anymore!), the script has 13,713 LOC (only counting lines I wrote myself), includes libraries like ZipArchive, mysql++, cmp3info, re_lib and minidumper, but still has some known bugs. That’s why I started a new one in Java. Using OO is so much easier on a programmer's mind!

ioBanana source code can be found on Google Code under GPL.

Apart from scripting, I also took time to answer many support questions in the forums. Even after being pretty much inactive for a couple of months now, I'm still the top poster on ioFTPD forums. I still read the forums once in a while, and might reply to a thread when no one else did, but I pretty much lost interest.

I also got paid by iniCom (the company that now owns ioFTPD rights) for various work; mainly web-related developments. I stopped that relation with iniCom in January 2005, when I decided to stop pretty much all paid contracts I had outside my current job.