iOS Device Owners: Encryption is broke; Update ASAP!

To all Apple users that I know (and any others that stumble across this article),

It is rather imperative that you upgrade your iOS and OS X devices as soon as possible. Perhaps even right now, before you finish reading why. Your network communications are at risk!

Apple’s SSL implementation has a rather simple, yet critical flaw in it that allows an attacker to intercept ALL of your encrypted (HTTPS and other SSL) communication. All iOS apps are vulnerable ( Calendar, Facetime, iBooks, Keynote, Mail, Safari, Software Update) as well as third-party apps, such as Facebook and Twitter. Some apps, like Chrome, are not affected by this; nonetheless, it is of supreme importance that you update your devices!

  • You should make sure that your iOS 7 devices are updated to 7.0.6, as this fixes the bug.
  • For iOS 6, Apple released an update to 6.1.6, for the iPhone 3GS and fourth-generation iPod touch.
  • OS X 10.9 should be updated to 10.9.2 to fix the bug.
  • Any OS X Version before 10.9 will not have this issue.

DO NOT update over, or connect to any public wireless (WiFi) if you have not patched, as you put ALL of your data at risk.

Please refer to the Apple Knowledgebase page on updating your iPhone, iPad, or iPod touch for information on how to update your devices.

This security flaw in the SSL library causes all SSL certification to return as secure, as it partially bypasses the check. For those that are interested, you can see the offending file (sslKeyExchange.c via Apple OpenSource) or read more about the issue on the Apple Knowledgebase.

After you have patched, you can visit http://gotofail.com to see if your device has been properly patched.

Folder Diff in Windows Command Line

Sometimes I wish I could easily use something like the lovely Linux diff tool in Windows, but am loathe to really want to install anything more than necessary. Today I was surprised to find that my basic Windows command-fu wasn’t totally wasted on previous versions. This is what I came up with (copypasta into Notepad (or anything that isn’t WordPad/Word/etc.) and save as filediff.bat):

As you can see, it is a very minimal script right now, and it should probably be updated (for Sanity‘s sake) to nicely exit when something goes wrong. Like when you try to diff a local folder with a folder on another computer across the network. This script won’t work and it just barfs an error without quitting, creating an unnecessary file.

That was the whole point of writing this little script up, too, which was a bummer.

Shorten URLs in PHP With Bitly API

Today I found myself visiting a project I tend to update each year. I am laying the framework for creating a more “social network” style site for WizardSpire. While playing around with FluxBB, I came across a modification that would send out a tweet for each new topic started. This is pretty fantastic and exactly the sort of thing I want to do with WizardSpire, so I implemented it (with some alterations) and all was good. When the first tweet came out though, I realized that the way URLs are handled by default in the script is kind of unsightly and doesn’t leave a lot of room for post title or hash tags.

Seeing as Bitly is one of the more popular URL-shortening services, I went straight to them to check out their API, to see how I could do this. It turns out that it is super easy to implement: all you need is a validated email on their dev site, and a little snippet of code similar to this:

This is how I implemented it with the tweeting modification. In addition to the bitly change, I created a set of if conditionals to append hash tags depending on which forum the topic is being posted in. (This will only work if you use the modification linked above):

If you have any questions, let me know!

Edit: I have done a major update to the above plugin and am sending the code to the original author, with the intention of it becoming integrated. It is available on GitHub!