Blogroll (19)

Mac Trojan: Leap-A (OSX/Oomp-A)

There’s some news last night about the first Mac OS X “virus” in the wild. First of all, it’s NOT a virus. It’s a Trojan horse, which requires the user to execute the program him/herself. It’s low-risk and probably won’t spread beyond the few people who’ve already been infected. Good news is that it appears to be broken and doesn’t seem to do anything malicious.

Here’s a fairly detailed explanation of the trojan:

Here are a few tips you can use to protect yourself from this and other attacks in the future (adapted from an email I sent several of my Mac loving friends and colleagues):

  • Same as in the Windows world: If you don’t know what the file is, or where it came from, don’t open it.
  • Make sure your Mac OS X software is up to date.
  • Make sure you have a non-blank password on your user account.
  • In Safari, go do the preferences (Safari -> Preferences…) and click on the “General” tab (in Mac OS 10.4, should be similar in previous versions). UNCHECK the box that says “Open ‘safe’ files after downloading”. This is big, folks. Make sure you’re the one opening downloads, not Safari. It’s a little less convenient to have to open your downloads folder and open the file, but at least you have control over what gets opened and when.
  • From the open the Finder Preferences (Finder->Preferences…) and select the “Advanced” tab. Check the box, “Show all file extensions.” It’s not as pretty, but you’ll be able to immediately spot something like Leap-A: A JPEG image file should end with .jpg
  • Unless you know the program to be safe, don’t enter your password when an application requests it.
  • Keep regular backups just in case anything from this trojan or any other does something bad to your computer. I typically keep weekly backups to an external firewire hard disk drive.

Moral of the story – just be careful

Press Release

Keep an eye out in two weeks for a press release of the DFL. In two weeks we should have a pretty good beta up and running… sort of? It’ll depend on my other responsibilities at work.

The beta is up and running right now: DFL.

Things left to do for this revision:

  • Tie-together a couple back-end administrative tasks
  • Content, content, content
  • More/tighter integration with the DFL data view app that German is working on


Well, as my situation at work would have it, German (coworker), Larry, and I are working on a paper to submit to Siggraph for our work on the DFL. The deadline is Friday.

In the event our paper isn’t accepted, we’re going to look at doing a poster or talk.

Wish us luck!

New DFL site coming

Feb 2 is the tentative due date for the DFL rewrite. Actually it’s the first phase of the upgrade, which will bring it up to speed with the current site in many ways. Additional functionality will be added every few weeks after that.

One of the biggest new features in this update will be the addition of the MRI dataset viewer/rendering application. Let’s just say this is groundbreaking work – the first time anything like this has been done successfully on the web. My coworker, German (yes, that’s his real name), has been working very hard on this application.

DFL update

My boss wants a nice looking front-end to the new DFL site, even if all the links are broken, so expect something next week. As it currently stands the new design is going to borrow heavily from the current one, though it should use space a little bit better and display information a bit more logically. You can see the current site at The new site redesign is taking advantage of the Smarty Template Engine, so expect to see some Smarty tutorials in the near future.

Essential PHP Security

Just received Chris Shiflett’s Essential PHP Security book in the mail today. If it’s like the other O’Reilly books it should be pretty good. It’s pretty short – a smidgen over 100 pages, so it’ll be a good quick read.

Plan on seeing practical examples of how to apply these security techniques – here.

Merry Christmas!

Digital Fish Library

I’d like to introduce you to the Digital Fish Library, of which I’m a developer on. The idea of this library is to catalog MRI data from hundreds of fish species worldwide and provide online analysis tools. It’s like open source resarch, so to speak. Scientists can log in and do dissections and other analyses if they wish. My job is to collect and post the data and develop the website.

The project is currently at if you’re interested in taking a look. I’m in the process of completely rewriting the codebase to take advantage of the Smarty template engine and PHP5’s support for object oriented programming.

Coming from Blogger *shudder*

Blogger is nice and pretty, and somewhat easy to use, but it’s really not that great. After a few short days on the service I’m already switching to WordPress (here) for the moment, and probably soon to switch to my own hosted version of WP in coming weeks.

And thus we begin

Like so many others attending ApacheCon 2005, I’ve been inspired to begin blogging some of my web programming experience, so expect to see short explanations of my ideas, and probably several snippets of conceptual code. I’ve spent some time on the forums over at PHPBuilder from time to time as I develop for work, but now I think is the time to put a little more direction into my work.