Squirrel Hacker

So there is this new site on the internet called swoopo that is essentially a combination of ebay and a slot machine [1]. It seems harmless enough to begin with, until you actually go and look at how it works. But first, lets look at some previous bids that have taken place.

If you dont want to click on that, some of the interesting things that you might see are:

Wii Fit | Nintendo WiiFit + Balance Board Original Price:  89.99 Auction Price: 80.40 Saving: 0%

Asus Eee PC 1000 10”… Original Price: 699.99 Auction Price: 338.85 Saving: 14%

You may be wondering if their math is wrong… no it isn’t, and no I did not make these numbers up, nor did I photoshop them into the picture, you can go look for yourself if you want. You may now be wondering how a 700 dollar item, sold for less than half of what it is worth gives you a 14% saving. Well, that is because of the way that their site works:

Amazing bargins indeed. The problem is that they only appear to be such amazing bargins at the time, until you see how much you actually spent on an item. If each bid costs you 75 cents, they only need for there to be 933.32 bids to break even… well if they were giving the item away for free. That is generally not the case, so it is in reality an 85 cent bid, which means that they only need to get 823.5 bids to break even. Which would put the price of the item at around: 123.52. So, on the 700 dollar item they actually made quite a bit of money, 1333.11 dollars (or there abouts). The other problem with this is that every time that someone bids, the ‘auction’ gets an additional 10-20 seconds added on to its time, this gives everyone else extra time to outbid you, meaning more money for swoopo.

The only way to beat them it seems, is not to play.

At work I was told to add in the magic method __isset() (which is technically done by overloading the function…). Essentially it lets you call isset() on private and protected variables in your classes:

 
/**  As of PHP 5.1.0  */
 
class MyClass{
 
private $private;
 
public $public;
 
protected $protected;
 
public function __isset($name) {
        echo "Is '$name' set? ";
        return isset($this->name);
    }
 
}
 
$myClass = new MyClass();
 
echo isset($myClass->private); #Is 'private' set? false
 
echo isset($myClass->protected); #Is 'protected' set? false
 
echo isset($myClass->public); #false

This function will be called whenever the variable is unreachable by a normal isset call (private and protected variables)

Nice and easy if you know exactly what you want. Unfortunately sometimes people have the habit of adding underscores to the start of their variables, but not always. So to make this work, I decided it would be a good idea to make it check to see if the variable was there, or if maybe there should have been an underscore at the begining. So it became:

 
/**  As of PHP 5.1.0  */
 
class MyClass{
 
private $_private;
 
public $public;
 
protected $protected;
 
public function __isset($name) {
    if(isset($this->$name)){
        return true;
    }
 
    $name = "_".$name;
        return isset($this->$name);
    }
 
}
 
$myClass = new MyClass();
 
echo isset($myClass->_private); #Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 134136 bytes) in isset_r.php on line 20

Curious, so I changed it a bit to see what was actually happening in there…

__private___private____private_____private______private_______private________private_________private

__________private___________private____________private_____________private______________private___

____________private________________private_________________private__________________private______

_____________private____________________private_____________________private______________________

private_______________________private________________________private_________________________priv

ate__________________________private___________________________private__________________________

__private_____________________________private______________________________private_______________

________________private________________________________private_________________________________

private__________________________________private___________________________________private______

______________________________private_____________________________________private______________

________________________private_______________________________________private__________________

______________________private_________________________________________private__________________

________________________private___________________________________________private______________

______________________________private_____________________________________________private______

________________________________________private_______________________________________________

private________________________________________________private

Fun stuf… the lesson is: name things a standard way and you are good to go, if you don’t it will screw things up royally (but it might make a pretty design).

Just found this thing in my RSS reader. Pretty nasty looking, while its probably going to turn out to be a dog or something that has been left floating in the water too long (which is somewhat tragic in its self), you have to admit that it does look other worldly (or at least just a little creepy).

More news here.

Why has windows taken my drive hostage (sorry… my so called ‘Generic Volume’)? Who knows, all I know is that I had problems getting it to recognize the drive (my guess is that the usb port is bunged up… Now about 6 hours after I finally managed to get it plugged in and recognized by Windows (or Ubuntu for that matter…) it will not release its hostage. Very annoying. (On a side note, why hasn’t wordpress hijacked the ctrl+s command yet for posts… I am so used to it in google docs that it has become natural for me to hit it… then firefox tries to save the page). Hopefully the hostage situation can resolve itself peacefully with out me resorting to

format c:

Another strange thing is that I have been recieving emails from Rogers. Ya… Rogers… whoopee, 1 Mb/s connection for 35 bucks (where you rarely get above 100 kb/s)! They say that my online bill is ready for viewing… so I go there, I can’t remember my password, fortunately they do not encrypt their passwords, so they can send it to me (ok, yes they encrypt them, but its one of those two way ones where if someone got the key they could get everyone’s passwords… hash with a salt people!). Good, so I sign in and I see that… no… my bill is not available for viewing. I am apparently not even signed up for the Internet…? Or something? Maybe?

Oh, and if you are looking to get a huge spike in your blog traffic, post something on giveawayoftheday.com that says that you have an equivalent thing but its free all the time instead of just that day. Bingo 1000+ viewers.

I should put up ads..

Alternatively you could post that you hate KDE4… I might do that a bit later…

[sarcasm]Not only is their customer support top notch, their login screen is super secure. [/sarcasm] It just begs to be attacked.

http://acer.custhelp.com/cgi-bin/acer.cfg/php/enduser/acct_login.php?p_userid=[emailaddress]&p_next_page=myq_upd.php&p_iid=[6 numbers]&p_created=[10 numbers]

Ya… its all done as a query string…