Posted: July 8, 2009 at 11:22 pm | Tags: Business, Detroit, Election, History, mcs, Michigan Central Station, Nature, security, train, updates, Volunteer, work
The following is being re-posted with permission of John Mohyi, the chap heading up the efforts at Michigan Central Station. I’m glad to report that great progress is being made, ideas are coming into the fold, and more people are getting involved.
Since our strategic grassroots restoration effort to save the Michigan Central Station (MCS) began on June 30th 2009 volunteers have eliminated nearly three dumpsters worth of debris, planted over 1,000 flowers, and inspired a sense of hope in the heart of Detroit.
I have been working closely with the station owners, students, residents, businesses, elected officials, organizations, and volunteers to secure the future of the station. Many individuals have come out of the woodwork and needless to say we could never have made it this far without them.
To me the Michigan Central Station is a symbol for the city of Detroit. At one point it was known for its greatness and then slowly it slipped away into the decrepit state that exists today. It seems as if the more debris we remove from the building, the more corrupt and incompetent politicians we remove from office in the city of Detroit. After we remove the debris is when the real work begins.
After this Friday, July 10th, the MCS project will move into its next phase. In addition to various skilled volunteers, Home Depot corporate has expressed interest in sponsoring our efforts by providing equipment and professional volunteers to help us achieve our objectives. Assuming everything goes according to plan it will not be very long until the station comes to life. For this part of the volunteer effort we will need volunteers who are 18 and older with a decent background in construction.
Once the building is safe and secure, we will need skilled artists to help with the aesthetics of the building. I envision the second main room with the metal roof as a giant mural. As you can imagine this will be an enormous project and the College of Creative Studies (CCS) will likely play a key role.
Continue Reading
Posted: June 15, 2009 at 8:59 pm | Tags: apache, gallery, linux, PHP, script, security, updates, webserver, work
So I have all kinds of stuff that needs to get posted on here, including pictures of the half torn-down Tiger Stadium as well as the Packard Pant and whatnot. However, it’s been screwy getting in to make any updates before recently.
Here’s the story.
I’ve been working on a small freelance project where the most time consuming bit was going to be the photo gallery. So I wrote something up to show the pictures, browse directories, make image previews, etc. Instead of being ghetto-fab and just using CSS to set the width of the images, I found a nice thumbnailer script that uses PHP’s GD library and even had an image cache so that it wouldn’t be ridiculously slow every time it was run. It’s called Smart Image Resizer from Shifting Pixel. I was excited and decided to test it.
Well, the script was set up to search all directories in the folder “galleries” and take the first image from each folder and use that one as the preview image. Simple enough, right?
Well, not when it encounters an empty directory.
It tried passing something like “array index[2]: Invalid” to the PHP script as an argument for the image. This, unbeknownst to me, caused my web server’s security to freak out and give errors like the following:
2009-06-10 21:33:23 XX.XX.XX.XX /thumbnail.php?/.?width=350&height=350&cropratio=1:1ℑ=/gallery/test1/. HTTP/1.1 domain.com Access denied with code 403 (phase 2). Match of “rx (\\.(?:gif|jpg|png|bmp|jpeg)|^http://$|^[0-9]+$)” against “ARGS:image” required. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "825"] [id "340161"] [rev "14"] [msg "PHP Injection protection for Image ARGS (S)"] [severity "CRITICAL"] 403
Except like I said, I had no idea that this has happened. So from where I sit, I’m just trying to FTP some files and go about my day. Then it locks me out. No big deal right? Server’s getting rebooted or something, I’ll just try again later.
Still can’t get in. I check the server from my phone, it’s fine. Eventually, I get back in, go back to testing, and get locked out again. I proceed to go down to my girlfriend’s house, assuming that it’s blocking my IP address for whatever reason, and it locks me out there.
So I’m pretty bothered and confused at this point. Keeping mind that this has happened over the course of a few days. Eventually, I get in touch with my hosting people and figure it all out. But that still won’t stop the server from kicking me off if it doesn’t like the image value to pass.
So I patch my gallery to only pass something to the script if there is a file there, and all is well again.
On top of that, I worked till almost 730 today, put in almost a full day on Sunday, had to rebuild my home network setup and have had random day to day stuff to deal with.
Updates are coming soon. Till then, there CAN be a thing as too much security .
