What’s this, huz.org.uk is back after only 18 days of downtime? Good work, 123reg and PlusNet! I hope next time is just as smooth!

And what tipped me off that the site was back up and running? The appearance, in my inbox, of lots of alerts that the PHP form spammers were back. Well, at least someone missed me. :~

Look forward to the resumption of my exciting schedule of never updating soon! I suppose I’d better start the Huz FM feature back up.

Haven’t had a good rant on here for a while.

Apparently spammers, not content with spamming-up my comments, have now moved on to abusing my email form (now defunct). What fun! This time they’ve concocted an ingenious wheeze for injecting their own headers into the generated emails, allowing them to add their own ‘Cc:’ and ‘Bcc:’ lines with impunity. That allows them to fire emails off to all and sundry - in addition to me, the unchangable ‘To:’ addressee, of course.

This is all possible thanks to the wonders of injection for the PHP mail() function. It’s simple enough: you shove in some magic characters when filling in the form, and suddenly you can write whatever you want in the email headers. Not good.

Why is this still possible? It’s 2006! The first time I came across a problem like this, it was on a MUD. Yes, that fine piece of 80s technology, friend of university procrastinators everywhere. (The only friend, but we won’t go into that.) You could exploit badly written code to inject your own, wreaking all kinds of havok if you chose your mark carefully.

Sound familiar?

Why is the PHP mail() function so stupid? Why is it left to the PHP programmer to prevent this nastiness? Why is it left to any user of any similar function to consider all these possibilities? It’s not reasonable to expect PHP programmers each to duplicate each others’ effort, all to thwart the same idiotic flaw in a built-in function.

I’m sure it’s a simple oversight on the part of the PHP developers - as are most flaws allowing this kind of injection - but hey, it’s not called a rant for nothing. Bloody PHP, and bloody spammers.

That’s “facts”, that is.

I don’t want to give you some lame fact that you’ve all heard before, though! Instead, have this tidbit from the VideoGaiden blog, or whatever they want to call it:

“See that White Witch costume that Joanne was wearing in the Narnia review? That was the ACTUAL ONE from the classic BBC version of The Lion, The Witch and The Wardrobe. A bit of TV history, shipped up special from that London. What about that, eh?”

I recognised that costume, I did.

See that bit on the blog where they say they were in a meeting with the BBC about the future of VideoGaiden, yesterday? I’m hoping the meeting was more “please have a 500 part series on BBC1 starting next week” and less “piss off home.”

Can I have my Consolevania Christmas special soon, please? It is February.

So, Microsoft have finally coughed out an update to Internet Exploder, eh? At least, they’ve released a public beta of it. This should be quite an exciting moment - the first update for Internet Explorer for around five years, and probably the first major update since Windows 98.

Well, the interface has been streamlined a bit. Your ability to modify it has certainly been “streamlined” as well; in fact, there are many aspects of the new interface that you can’t move around at all. Considering the flexibility you get in Internet Explorer 6, that’s a bit disappointing.

The two biggest additions to the interface are a search box in the top-right, exactly as you find in Firefox - although Microsoft’s naturally defaults to MSN Search rather than Google, a setting Microsoft are at least wise enough to allow you to change - and a neat little RSS button, almost exactly like, er, Firefox. This button allows you to subscribe to fine RSS feeds, keeping you up-to-date on your favourite sites - even without having Internet Explorer open. It updates its feeds as a Scheduled Task in Windows. What it does with them then is a mystery, I didn’t keep it around long enough to find out.

The other major addition is tabbed browsing. As anyone who’s converted to Firefox knows, tabbed browsing can revolutionise your browsing experience. Microsoft have augmented it with a neat little feature, which bears a remarkable resemblance to an aspect of Mac OS X. At the press of a button, you’re presented with miniature thumbnails of all your open tabs, allowing you to flick to the one you want with ease.

Let’s not forget the Phishing Filter (I’m surprised they didn’t go for “Phishing Philter”), which supposedly warns you if you end up at a dodgy web-site. Not stolen from NetCraft at all, then.

It’s an improvement on Internet Exploder 6, no doubt, but the interface is currently horrible. Not quite as ugly as the default Firefox theme, but getting there. It is also unusably slow on my clockwork computer, so it’s been exorcised. IE6 is all I need, really.

But IE7 is a good step in the right direction, and stealing successful ideas then improving on them has always been Microsoft’s forté.