One of the shortcomings of Firefox is not having a way to clear out the authentication cache. What this means is, if you have signed in to a web app with some sort of basic authentication (i.e. Kerberos), you can’t really “logout” without closing your browser. Internet Explorer gets around this with a ClearAuthenticationCache function.

I ran into this exact problem today while developing a web app.  Apache says it can’t be done.  I did find that there are severalworkarounds” but none very easy to implement. In my case, I just needed to capture the Kerberos username through a webpage.

Here’s my setup (short version):

    Apache2 with a Kerberos protected directory (“/kerb”).
    PHP server side
    Firefox client side

Only the “/kerb” directory is protected by Kerberos. When I want to prompt the user to enter their Kerberos login, I insert an IFRAME into a normal, unprotected PHP file (say, “getuser.php”):

<iframe width="0" height="0" style="display:none;" src=""></iframe>

What happens is, Firefox will request “getuser.php” and begins to process the HTML within. When it tries to render the IFRAME, it will make a request for “/kerb/index.php”. Apache will send back “401 Authentication Required.” Although my browser may have Kerberos credentials cached, it will not use it, because I already have a username of “bad” and a password of “pass” in the URL. Apache will respond with another “401 Authentication Required”, which will cause Firefox to prompt me for the username and password, essentially overwriting the cached credentials.

It’s not ideal, it’s a hack, but until there is an API to actually tell Firefox to clear it’s cache, it will have to do…


One thing about Javascript exploits is that the payload cannot really be obfuscated.  That is because the payload needs to reside in memory in a fixed location so the exploit can “jump” to it.  Nowadays, most of the Javascript exploits I see are obfuscated to the Nth degree.  That is, there is no real way for a human being to go through it line by line and figure out what it is.

This is where spidermonkey comes in.  Spidermonkey is a command line Javascript Engine.  You can feed it Javascript and it will execute it on the command line.  Without going though too much detail, the basic process at this point is to find where in the Javascript a “document.write” line is.  After all the decoding and obfuscating, the Javascript exploit still needs to render the payload.  Simply change the “document.write” to a “print” command and feed it to Spidermonkey:

js sample.js

The output should be more Javascript.  After a few iterations of this, the payload should become obvious.  The payload will look something like:

unescape(“% u9090% u9090% u9090…

There are a few key characteristics: most will have some kind of a NOP-sled.  It always requires an “unescape” function.  It will always use Unicode encoding and it will not be obfuscated.

Once the payload is spotted, you can convert it to binary.  Javascript payload bytes are reversed, so with “%u45ab” the first byte is 0xab and the next byte is 0x45.  Follow that throughout the unicode string and you will have the opcode to be executed in memory.
Using gawk and hexdump, one can quickly look for strings and URLs (since most Javascript payloads are limited in size, they are mostly second-stage downloaders):

gawk -F "%u" '{ x=1; while(x<=NF) { printf "%c%c",
strtonum("0x" substr($x,3,2)),strtonum("0x"(substr($x,1,2)));
x++; } }' js-payload.txt | hexdump -Cv

In the above example, the file “js-payload.txt” contains the “unescape” line above.
The output:

00000000  0e 00 90 90 90 90 90 90  90 90 90 90 90 90 90 90  |................|
00000010  90 90 90 90 90 90 eb 54  8b 75 3c 8b 74 35 78 03  |......?T.u<.t5x.|
00000020  f5 56 8b 76 20 03 f5 33  c9 49 41 ad 33 db 36 0f  |?V.v .?3?IA?3?6.|
00000030  be 14 28 38 f2 74 08 c1  cb 0d 03 da 40 eb ef 3b  |?.(8?t.??..?@??;|
00000040  df 75 e7 5e 8b 5e 24 03  dd 66 8b 0c 4b 8b 5e 1c  |?u?^.^$.?f..K.^.|
00000050  03 dd 8b 04 8b 03 c5 c3  75 72 6c 6d 6f 6e 2e 64  |.?....??urlmon.d|
00000060  6c 6c 00 43 3a 5c 55 2e  65 78 65 00 33 c0 64 03  |ll.C:\U.exe.3?d.|
00000070  40 30 78 0c 8b 40 0c 8b  70 1c ad 8b 40 08 eb 09  |@0x..@..p.?.@.?.|
00000080  8b 40 34 8d 40 7c 8b 40  3c 95 bf 8e 4e 0e ec e8  |.@4.@|.@<.?.N.??|
00000090  84 ff ff ff 83 ec 04 83  2c 24 3c ff d0 95 50 bf  |.???.?..,$<??.P?|
000000a0  36 1a 2f 70 e8 6f ff ff  ff 8b 54 24 fc 8d 52 ba  |6./p?o???.T$?.R?|
000000b0  33 db 53 53 52 eb 24 53  ff d0 5d bf 98 fe 8a 0e  |3?SSR?$S??]?.?..|
000000c0  e8 53 ff ff ff 83 ec 04  83 2c 24 62 ff d0 bf 7e  |?S???.?..,$b?п~|
000000d0  d8 e2 73 e8 40 ff ff ff  52 ff d0 e8 d7 ff ff ff  |??s?@???R???????

Or, you can use “strings” instead of “hexdump”:


So at this point, we know the exploit uses functions found in “urlmon.dll” and most likely writes its download file to C:\U.exe. Certainly a long way from looking and obfuscated Javascript code…

When I am in the middle of doing something on the computer (i.e. writing a document), please, please, whatever you do, DO NOT pop up a login prompt for something that got disconnected and is now re-connected (i.e. Outlook w/ Exchange Server).  >>>I<<< am the human.  >>>I<<< am in charge.  This is >>>my<<< system.  How on earth could Microsoft UI designers think that it is OK to pop up a login prompt while I am typing a sentence, causing my last two words to appear in the “username” field?  If you really need my attention, do so nicely: beep or even flash something on the screen.  But never, ever, interrupt me whilest I am writing something unless is it really, really, ***REALLY*** important.

While I am obviously writing the above in frustration, it does seem that computers today are designed, well, for the computer.  Microsoft Windows can’t handle too many open windows (ironic) because the computer needs more memory.  What about MY needs?  Am I not the important one in this relationship?  When the OS needs to do something, it does it, without the slightest regard for what I was doing.  It’s like this, yo: if I happen to be in the middle of a high-performance 3-d game, DO NOT download and install updates to the OS and then pop up a dialog box to ask me if I want to reboot right now.  Are you a child?  No, I do not want to reboot right now!  I want to continue playing my game!  And why would the “reboot now” button be the default?  If I was typing a sentence and I happened to press <SPACE> or <ENTER>, guess what?  I’m now rebooting the computer.

It’s about the USER.  The home personal computer is supposed to enable the USER to do more.  It’s not the other way around.

Problem: By default, X11 apps on Mac OS X Leopard behaves like the old Unix X11: when you click on a window, say to select a button, you only activate that window.  Another click is required to actually select a button.  I’ve noticed this irritating behavior when using Gimp for Mac.  When you click on the toolbox to change the tool, you have to click twice.  When you select a tool (like Oval Select) and then click on the drawing window to select something, you first have to click in the drawing window and the click and drag to make your selection.

The following fix will make X11 behave like a standard Mac (or Windows) application:

Start X11, then start a Terminal window (Application/Terminal or Command-N):

X11 Terminal

Type in the following command:

defaults write org.x.X11 wm_click_through -bool true

Then, restart X11.

PHP function to query mySql database for a single value. Feed it the query string and ensure that the database connection has been previously established.

Syntax: string mySqlQuerySingle( string $string )


function mySqlQuerySingle($query) {
        if(!$q = mysql_query($query)) return (array());
        if(!$ret = mysql_fetch_row($q)) return "";
        return $ret[0];

Example (assuming the highest value in column “id” in table “table” is “47”):

$query = “SELECT MAX(id) from table”;
$ret = mySqlQuerySingle($query);
echo $ret;



I’ve been reading Dreaming in Code by Scott Rosenberg and one of the things he mentioned was “Lego Code.”

Like the toy Lego, Lego Code are pieces of code that the programmer uses and puts together in different combinations to create something new. This really appeals to me because for every application I write, I tend to write the code from scratch. There are many reasons for this, as Rosenberg explains in his book, but ultimately, it make code-writing longer and introduces new bugs. Perhaps the best reason for writing code from scratch is that most of the available code out there does not do exactly what the programmer wants. Instead of taking the time to read the available code (if it’s even readable) and change it, one tends to just write the thing from scratch.

While it would be difficult for a group of people to get together and decide on a “Lego Code” standard or even agree that a particular coder’s version is the “right” code (just look in or mySQL and see how many code fragments there are), I think it’s a good idea to use this concept at the lowest level: the coder. If I can create my own Lego code pieces, each one being small enough to almost guarantee that they will be bug-free, I can enter the playground with a backpack full of customized Lego pieces: pieces that I wrote and like and can use effectively.

I think one of the best examples of Lego code is jQuery, the free Javascript library. That is really good code which simplifies what a lot of coders need. No need to recreate “show/hide” Javascript (which I did just before I found jQuery), just use jQuery and use the toggle() function!

A common task for a web application is to insert new records into a database table.  This function assumes that the database connections to mySQL are already defined.  The function will return the next ID from a mySQL table.


string getNextID( string $field, string $tablename );


Note: This uses the mySqlQuerySingle function.

function getNextID($field,$table) {
           $query = "SELECT MAX($field) FROM $table";
           if($eventid=="") $eventid=0;
           return $eventid;


# Update database table
$nextid = getNextID(“id”,”customers”);
$query = “INSERT INTO customers VALUES($nextid, $name, $address …);