web notes - a blog

Drupal is one of the most popular content management systems and modular web application architectures available.

It would be an excellent system to deploy an RPM management system on. This system would generate .spec files for the modules, ensuring dependencies could be enforced and allowing the use of yum or other methods to automate upgrades.

The success of this approach for developers would be dependent upon their ability to architect their implementations without modifying Drupal and interfacing correctly to the module system.

It also requires that Drupal serve as a server component, rather than just an account-level application. Managed carefully, with configuration files and other innovative methods, rapid deployment of manageable Drupal sites would be extremely cost-effective.

http://web-notes.wirehopper.com/2008/06/23/open-source-rpm-spec-file

I think the near future of the web will focus more heavily on the technology than the functionality of sites.

Two areas will be extremely important, performance - meaning AJAX, and security.

The following URLs are distributing

<?php echo md5("just_a_test");?>

Some people use this code to explore web application vulnerabilities.

If you see these in your stats, you should check your server for anything out of the ordinary. It is possible these URLs are being used to scan your applications for vulnerabilities.

If you own one of these domains, you should check your server for anything out of the ordinary. You need to check the entire server, not just the posted link. It is possible your server is being used for unknown activities. Every PHP application should be checked.

http://honamfishing.co.kr/phpmysqladmin/libraries/nov/wulosu/
http://sans-packing.ru/img/jipeqap/ehudute/
http://www.channelnewsperu.com/imagenes/publicaciones/fotos/emesuki/ohuhud/
http://www.elettrodataservice.it/foto_articoli/pivafof/oqonon/
http://www.marsbook.co.kr/main/created/product/2/mumas/ohalupa/
http://www.municipioxii.it/sunnyway/igodoq/bukosud/
http://www.northfans.ch/forum/admin/settings/ocoyo/azad/
http://www.pattibus.it/phplib-7.2b/pages/godot/eridehi/&disp=single&more=1&c=1&tb=1&pb=1
http://www.stomol.ru/catalog/rivoz/vekudu/
http://www.thoseguysfilms.com/forums/templates/subSilver/images/timuji/ogu/
http://www.unduetretoccaate.it/codice/fog/iyi/
http://www.winbd.net/admin/jist_code/wowoz/opaxi/

If you are seeking professional assistance in securing your site and/or server, I recommend Breach Security.

The presence of a ‘just_a_test’ file on a server is not a reflection of the company that owns the site. It is not a known threat to PCs. That said, all PCs connected to the Internet should have adequate virus/worm/malware protection, updated as recommended.

Additional information this site (there are many excellent resources on the web as well):

http://web-notes.wirehopper.com/2008/03/01/cleaning-after-a-hack
http://web-notes.com/2008/03/27/md5-just_a_test

* Please note this list is not comprehensive, and the ‘just_a_test’ landscape is constantly changing. URLs listed may not be valid (meaning the file(s) was/were deleted). ‘just_a_test’ is only one of many creative web ventures.

Many web applications are integrating and interfacing with PC based applications. This trend will continue to grow, because the web is no longer a separate world where people post information, but a vibrant communications channel that must be kept current to be of value. At the same time, the web sites themselves are more complex, and even with powerful, easy-to-use applications, the ability to post and manage content with familiar tools is very valuable.

Look for these types of features in new applications and plugins (many exist).

• Blogging by email
• Saving word processing documents directly to web applications
• Offline editing with later synchronization (Google GearBox?)
• Drag and drop, desktop to web
• More content conversion utilities
• Greater standardization across all platforms
• Direct, dynamic multimedia connections
• Content delivery networks to reduce the cost of distribution

These are good investments.

With a good toolkit (think dojo), AJAX can let you make a beautiful site.

One strategy I adopted was to use a dual delivery approach on the server side, so server side code can deliver either HTML or JSON. This allows you to reuse the server side logic.

Although I used custom code, with PHP 5.2’s json_encode function and Smarty, an even better implementation would probably be to wrap the delivery logic with a framework like Zend to completely separate the delivery form from the application logic.

There is a tremendous bandwidth savings, and the site interface becomes much smoother, since the only parts of the page that are refreshed reflect the content updates.

In addition, with a toolkit, there are often great widgets and features to create better and more powerful interfaces.

If AJAX will be used, the HTML architecture may need to be adjusted, so it may be worth building up a single page fully, prior to coding the remaining pages. A bit of server side logic can really help as well.