Its a very special time of year for RouterTech - we are officially 1 year old! Little did I know when I first made the site live by removing the beta testing password that it would be as much of a success as it has. We now never fail to have a user online at any one time and frequently have over 10 concurrent users browsing and posting in the forums. We have produced a resource valued and respected by many and succeeded in releasing firmware that allows many people to get far above the factory specification out of their “budget” routers.

This doesn’t mean that we don’t have lots planned or lots still to do. Our overall aim is provide open source firmware that works on all AR7 routers, and furthermore provide exemplary technical support where no problem goes unsolved and no releveant question goes unanswered. We’ve come a long way in this but we still have some way to go. In this regard special thanks go to thechief and biro for their amazing work on the development of the firmware and to Neo and Shotokan101 for their support responses on the forums and for the testing and authoring of tools and scripts to assist users of our firmware.

This is a fabulous project and one we hope to continue to work hard on and make thrive in the technical world.

After a while of downtime which various blogging policies were sorted out, SoC Gossip is back up and running again. If you’ve forgotten what it looks like, want to see whats new or want to get back writing for the site I advise you head on over there now.

Hopefully it will become a useful resource for the school of computing once again. I certainly missed it during the downtime and look forward to writing a fair few interesting articles for it over the coming months. Keep a look out!

A note for all users running WordPress 2.1.1 who have upgraded or installed it in the last week - you need to upgrade to 2.1.2 NOW. A cracker managed to gain access to the WordPress file repositories and swap out some of the files in the release package with some that contained malicious code which could be used to take over the site and the server on which the site was sitting. This is of course very serious and the WordPress team are looking into exactly how this could have happened. In the meantime they have assured users that the new release, the 2.0 branch and the SVN versions of the software are perfectly safe. If you’re a WordPress user, update your blog and spread the word.

I never thought I’d actually see the day, but its happened. Flash actually works on my Linux desktop! For a long time the flash player 7 was unstable and problematic with a lareg number of interactive website elements to the extent I had to block all flash images and view them in a different browser if I really wanted to see them to avoid firefox crashing and me losing all my open tabs.

Now that flash player 9 has finally been released things work properly. My browser is no longer trying to use flash 7 to open flash 8 files and committing suicide. 100% CPU utilisation for anything which plays sound or has remotely interesting animations is also a thing of the past. I can honestly say that I may well be unblocking flash if this good behaviour continues.

As for if I’ll start using YouTube the answer is no - browsing it can potentially be a huge waste of time and as such I only believe in its use for the purposes of embedding video on blogs and such, although even then a download of an .mpeg or .avi file would be preferable. Being able to use flash properly does of course mean I’ll be able to view embeded YouTube videos on blogs which is a superb development. I have to say I’m quite excited by it all.

We’re still making progress! Today the RouterTech team announced the release of the next major version of its firmware, v2.2. There are many great changes and improvements in this version and yet the stability and reliability users have come to expect from our firmware will remain as solid as ever. Existing and interested potential users of our firmware are encoraged to download it from the RouterTech website. While you’re at it, why not help support us and spread the word about quality open source firmware by buying some of our merchandise? Go on, you know you want to.

As ever huge thanks to the devlopment team and others who have and continue to work so hard for the project. I continue to be impressed by your efforts and feel really rather proud to be a part of it all - as my friends will testify, I’m guilty of plugging the project at every opportunity! Hopefully as my schedule frees up in the next week or so I will also be able to spend some more time on the forums and the project in general which can only be a good thing.

All attempts to contact ebay about this issue/vulnerability through publicised channels proved to be in vain as I got no decent response or action on any of them, so I’m publicising it here in the hope someone who can actually get hold of ebay will let them know. I’m not going to give precise details of the exploit so that anyone could do it, but I’m going to provide enough details so that the risk is made clear to anyone with half a brain (which, judging by the responses I got from ebay staff, they don’t have).

We’ve all heard of spoof e-mails with a link to a fake site that looks like ebay in an attempt to grab peoples ebay logins, but imagine if it was possible to send a link out to people in an e-mail or ebay message that did exactly the same but where the link actually was based at the ebay.com domain. You’ve guessed it, it is in fact possible to do just that.

In various places around the eBay website there are redirects in place, that is to say some code behind the scenes checks to see if a number of things are true before allowing a user to visit a particular page or group of pages and if they are not, redirect a user to another page on eBay first. A truely secure site would ensure that the URL to redirect to was one from inside the eBay domain, but it doesn’t. In fact it allows you to place any link there at all.

What this means is that if a suitable redirect is chosen and a spoof website link is placed in as a part of it, you can send people links in the eBay message system that look to be to a location on the eBay site because of how the URLs start. If the message implies a user may have to sign-in again, the user may not even think its suspicious that the login screen comes up, indeed even if the message didn’t say you would need to login, you need to do it so frequently on the site anyway they would probably still get away with it.

Now while this doesn’t mean every person would fall for it, it certainly makes it more likely you would, especially if you were in a hurry. So what can we do about it? All of you reading this, send a message to eBay. At the very least it will increase their mail volumes which will make me feel better considering how they ignored me, and at best they will finally see that something is wrong. Failing that, just don’t fall victim to this one yourselves! If you see a login screen on eBay check the URL every single time to make sure its legit, even if the link you just clicked on was legit!

For those wondering if I fell for this, no, I didn’t, in fact I don’t believe its being properly exploited yet. I discovered this by somone sending me a legitimate link where they had mistyped the redirect part of the URL and I noticed the potential for damage when I clicked on the malformed link and ended up outside of eBay.

It was with great sadness today that I read the uptime project is to close. This was a service that allowed PC and server operators to track their uptime, compare their uptime against other users and also broadcast the information to their sites and in forum signatures by way of a dynamic .png image. Money and time have been sited as the two main reasons for the closure which is sadly the way so many good and innovative websites go these days. I’d like to take this opportunity to thank the uptime project team for their hard work and their innovative idea and wish them all the best for the future.

As for this site you will have noticed that Lara’s uptime is no longer displayed in the sidebar. I am currently working on a hand-rolled solution to displaying my uptime and the overall averages so hopefully you should be able to track my personal server’s uptime the way you’ve always been able to. I may even provide an RSS feed or similar for it this time around

Its not usual for me to shout about projects I work on that I’m merely paid to complete and then play no further part in, but I’m making an exception this time.

TheOnlinePhoneBook.com is a special new site that links into Facebook to allow you to recover your phone numbers if you ever lose your phone or SIM card and are left with no way of finding out your contacts numbers.

The way it works is quite simple; Login to the site with your facebook details, save your number, choose who’s number you want and who can have yours. Thats it. Then as the site takes off the number of numbers available to each of us will increase until hopefully everyone will be able to recover their whole phonebook. In just 2 days nearly 200 people have started to use the service and have preferences saved for over 20,000 friends.

Once you’re using the site all you have to do if you ever lose your numbers is just visit the site, login and hit download. You can choose any number of formats to get your numbers in, including vCard which means that for some phones you can upload the numbers straight to the phone in a matter of minutes. I’m not sure how well this site will take off, but one thing is for sure - if it takes off it will be very useful to us all. So, if you use facebook, hop over there now and get involved. Its secure and won’t take a second!

I was checking my RSS feeds this morning and I noticed a really amusing song about WordPress has been posted up on the net. If you’re a techie, use WordPress for your blog or just want a chuckle, be sure to give it a listen!

Yet another mile-stone was reached in the realm of RouterTech today when we reached over 1000 registered users on the site. Seeing as we purge users that are clearly registered for the purposes of spam this means that all users have registered to post or download our firmware and software. This can only be a good thing and I for one am very pleased with the whole thing