Baccou Bonneville web site has been hacked on September 12, 2005. All PHP files had been changed. The index.php file had been changed to a page on the glory of the hacker named "morocco.security.rulz". Another page presented "PHPShell by Macker Version 2.6". This page consists of two programs: Haxplorer, a server side file brower and PHPKonsole, which allows to run commands on the web server (see screenshots).

My thoughts considering this attack:

• Hopefully, we make use of a Revision Control System (CVS) so that we were able to restore the pages
• There was probably a lack of precaution in our web page and directory rights
• The attack is not yet fully explained. It seems that a POST was made on the blog just before the attack started. Is there a security hole in b2evolution?
• Is it really an exploit to hack the web site of our small company?
• It's also a proof that our web site exists: it has been hacked.

Update (09/15/05)
The hack is now fully explained. My web hosting provider used PHP safe_mode. For more information about safe_mode, you can read the following article: PHP's safe_mode or how not to implement security by Ilia Alshanetsky. To summarize, do not use safe_mode!

The Model Driven Architecture (MDA) has been defined by the Object Management Group (OMG). The OMG is a non-profit consortium. The promise of MDA is to manage models instead of coding using a programming language. Models are built using Unified Modeling Language (UML), another creation of the OMG.

Dream of reality? I think it's just the natural way to a higher level of abstraction, like the way from assembly to high level languages like C. So MDA (or something like that) will be a reality but we do not know exactly when. In the meantime, it's important to learn MDA. Just to be ready.

Here are some links to start with MDA:
- MDA home page on the OMG
- MDA to Revolutionise Application Development, a free 30 minutes webinar from Compuware with some explanation about Compuware OptimalJ
- MDA tools from modelbased.net
- MDA: the vision with the hole?, by Ashley McNeile

I will upgrade this list if have some new interesting links. Of course you can use the comments if you have some.

Imagine you can have your to-do lists at home, at your office. Imagine you can share your to-do lists with others for some (little) collaborative work. This is possible using Ta-da-list, a free web-based user interface to manage to-do lists. For each of your to-do lists, you can even decide if it is public or only shared with some people. Ta-da Lists is provided by the others of Basecamp, a commercial web-based project management tool.

Test it by viewing Baccou Bonneville public to-do lists!