Entrecard Drop list
I've been trying to come up with an easy way to fulfill my Entrecard dropping responsibilities, and until now I couldn't figure out a way that reconciled fairness with my absolute laziness. So I decided to create an Entrecard drop list.
It's not as neato as Matthias', in that it doesn't check for widgets. I figure I'll just manually ban people from it if I go to their site and they don't have a widget. What I do is have a script that checks my drop list periodically, and then adds an entry when someone drops.
Then when I go to the drop list page, it organizes the list by the number of times each user has dropped on me in the last 30 days. That way I'm dropping on the folks who religiously drop on me first, instead of using the toolbar which neglects some really fanatical droppers if they should wait until after I've done my run to drop on my site.
Previous to this, I was using the toolbar to drop (because it's faster than dropping from the EC website, which is heinously slow these days). I was putting people who drop a lot into my favourites, but maintaining that system was time consuming, so I neglected it. I get the feeling that I might have been dropping on some people daily who weren't reciprocating, I was just dragging people around like dead weight in Delsey luggage. 
So yeah, that's my grand plan #2 to organize my drops. Previous mentioned rules will of course land people in the drop slammer. 
Friends don't let friends exec();
There was a thread today on Webhosting Talk about a guy who was trying to make PHP unzip something and it was failing. I shudder when I see shit like this, I tried to reply twice, but deleted my response because I sounded like a condescending asshole - so I decided to vent in the only place I can really get away with being a condescending asshole... right here.
PHP can be built with built-in functions that support creating and extracting ZIP archives, so I can't really think of why you'd choose to use exec() instead.
Let me say this in no uncertain terms, exec() should be renamed to YesImAskingForIt() and take a mandatory argument along the lines of PLEASEHACKME before it'll function. Don't get me wrong, there's some cases where it's a handy way to solve your problem, but generally speaking there's another solution which is safer and gives you better control over what happens when you get an error.
Any time you're going to stoop to using exec() (and it really doesn't matter what language you're using the equivalent function in), you need to be goddamn sure you understand the implications of what you're doing. All of them.
... and in the case of the poster linked above, if you can't figure out that the unzip executable doesn't have permission to write the files to the working directory, you probably don't understand enough of what's going on with exec() to have a contingency plan for all the possible outcomes a malicious user could cause.
I finally wound up replying, keeping my response short and sweet to try not to sound like a jerk. It still boggles my mind how people can think that something like $files = exec('ls'); is acceptable, even if not a ticking time bomb when they start trying to pass arguments to the programs they're executing... but for now I'll try and keep that to myself and act civil.
Oh and in case you're wondering, what I said about exec() goes for backticks as well.
lolacunetix
The Talkback page at my Hungry Hacker Industris website has been getting more and more attention from spammers these days, despite the fact that they can't actually spam anything worthwhile - all it does is make a mess for me to clean up. I'm not sure if the incident below had anything to do with the rather nasty result of an attempt to spam on my server or not, but I like to think I pissed someone off enough that they decided to step it up a notch.
Well, someone decided to be a smartarse this weekend and point a lame-ass rip-off of Nessus at my server (unauthorized, by the way). The almost 1,000 garbage posts this troglodyte left on my talkback page took me a good ten minutes or so to clean up, so I thought I'd make them someone else's problem. I tracked the offending poster back to an NTL (UK ISP) address, which is apparently now owned by Virgin Media. The RIPE whois entry for NTL's netblock is even nice enough to include a webpage which you can report abuse.
So I pasted an explanation and an excerpt of the logs, along with the time and date and the other pertinent information. I figure since I had to clean up the mess an NTL customer made, the least they could do is take a couple of minutes to read and delete my abuse ticket. Heck, maybe they'll do something, and the little smartarse who made the mess will get a nice "knock it the hell off" letter in their mail. That'd be nice.
What strikes me is the "bull in a china shop" mentality of the internet's nefarious evildoers these days. Nessus et al have their place in authorized pentesting, they can cut down on the time it takes to rule out the stupidly obvious (which let's face it, a good portion of security flaws fall into this category, and also "lol" at the companies that just take a Nessus report and put it in a .PDF and call that a pen-test)... it's my opinion though that they don't have any place in actual blackhat hacking - they make such a collossal mess that it's almost painfully obvious that you're trying to get in.
It's like using a C4 breech satchel when what you really need is a lockpick.
