Can Philippines keep Earth Hour top spot?

The Philippines, which holds the record for the best participation in Earth Hour since 2009, will again go dark at 8:30 pm on March 31.

This year, Earth Hour will have switch-off ceremonies in three major cities: Makati, Cebu, and Davao. Other cities and towns will also have their own ceremonies.

“To commemorate our country’s fifth Earth Hour, we thought it high time for WWF to observe the movement across the archipelago – which has always been what we’ve aimed for,” lawyer Angela Ibay, Earth Hour Philippines national director said.

The ceremony in Makati, to be held at Ayala Triangle Gardens, will feature an Earth-themed parade led by glow-in-the-dark dance troupe Bailes de Luces and the Caracol dancers. The ceremony will also feature performances by El Gamma Penumbra, Brigada, and other groups. WWF-Philippines national ambassador Rovilson Fernandez will host the Makati City ceremony.

In Cebu City, the ceremony will be held at the Plaza Independencia. The Sinulog Dancers will lead a parade from Fuente Osmena to the plaza, where a candle lighting ceremony will be held. This will be followed by the release of biodegradable sky lanterns.

SM Davao will meanwhile host the switch-off ceremony for Mindanao. Black-light and fire dancers will perform while the city’s lights are turned off. WWF-Philippines national ambassador Marc Nelson will be in Davao to host the ceremony.

With the number of Philippine towns and cities participating in Earth Hour growing each year, the Philippines may get to keep its record as the official Earth Hour “Hero Country” again. Fifty Philippine towns and cities joined Earth Hour in 2007. By 2009, there were 647 participants, and by 2011, Earth Hour had support from 1,661 towns and cities.

If you’re thinking of cheating on Earth Hour, don’t bother. Astronaut Andre Kuipers will be watching you from space.

Kuipers, a Dutch astronaut with the European Space Agency, will be watching the Earth on March 31, when entire cities are expected to switch off their lights for 60 minutes. According to the World Wildlife Fund for Nature (WWF), Kuipers will be sharing photos and live commentary during Earth Hour.

During Earth Hour, an annual event since 2007, towns and cities across the world switch off their lights for an hour to raise awareness of environmental issues and to save energy. This year, Kuipers will watch 135 countries and territories across the world go dark at 8:30pm on March 31.

“Working to understand our planet is what ESA does every day, and taking part in Earth Hour enables people to join us in this commitment,” he said in a statement from the space agency.

But you don’t have to be in space to help save the environment. WWF-Philippines president and CEO Jose Maria Lorenzo Tan said at a press conference for Earth Hour that “we can start where we are.”

On the fifth year of Earth Hour, people should go “beyond the hour,” Ibay said. She said Earth Hour is a symbol of commitment for more sustainable living. “Beyond that, real work begins.”
“If you are online anyway, then pay your bills online,” Tan said. This will cut down on carbon emissions, paper, and will also save you time. You can also set up a rain catchment system to help save water, he said.

“There are many, many things you can do,” he said.

I Will If You Will

Among the many things you can do is to dare your friends to do something for the environment.

WWF-Philippines national ambassador Marc Nelson, for example, has promised to swim with sharks while wearing a panda costume and plant trees underwater while munching on a carrot if 5,000 of his Twitter followers pledge to reuse their shopping bags.

Rovilson Fernandez, also a WWF-Philippines national ambassador, has dared WWF-Philippines’ 23,000 Facebook fans to use the stairs instead of elevators. In exchange, he will wear a panda costume in all the races that he will run in April.

The city government of Makati has promised to lower the city’s carbon emissions if residents agree to step up participation in its solid waste management system.

“The concept of ‘I Will If You Will’ centers around providing a social contract between two parties – connecting one person, business or organization to a ‘promise’ and their friends, family, customers or members to a ‘challenge’ – uniting them behind the common goal of creating a positive environmental outcome,” WWF-Philippines said in a statement.

You can participate through Twitter by tagging the friend you’re challenging. It can be as simple as “I will reduce my water consumption if you will  pledge to support Earth Hour.” At the end of your dare, write “Let’s support #EarthHour” the hashtag #IWIYW, and mention @WWF_Philippines.

“I Will If You Will gives every individual the opportunity to inspire their friends, colleagues, and neighbors to take sustainability actions not just on the hour, but beyond the hour,” Earth Hour co-founder Andy Ridley said. Ridley will be in Makati City for the switch-off ceremony for Earth Hour 2012.


TimThumb security vulnerability discovered, affects many WordPress themes

Over the weekend a vulnerability was discovered in the TimThumb image resizing script. On Monday Mark Maunder, the CEO of Feedjit and the one who originally discovered the issue, blogged about his site becoming compromised and how he discovered TimThumb was the weakness that allowed it to happen. Since that blog post the issue has been confirmed by TimThumb’s creator and patches have been published in an attempt to fix the problem.

TimThumb is a script primarily used for on-the-fly resizing and cropping of images, though another feature allows images from remote websites to be fetched and cropped as well, storing them on the server. The list of allowed remote websites is listed within the plugin, and checked against any fetched files.

As John Ford explained on the VaultPress blog, TimThumb’s vulnerability “allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory.” This file would allow the attacker to further compromise the site in any way. VaultPress further recommended deleting the TimThumb file from any sites that don’t explicitly require them, and updating it in cases where they do. Ford also recommended using the built-in WordPress functions such as add_image_size to resize images, avoiding TimThumb entirely.

Sucuri Security’s David Dede echoed Ford’s statement, saying “if theme/plugin authors were properly leveraging add_image_size vs. adding TimThumb they would be in a safer position today.”

Sucuri also provided a list of a few dozen themes within the theme directory that are using the TimThumb script in some way. According to achat in the wordpress-dev IRC channel yesterday, TimThumb may be explicitly restricted via the theme review guidelines soon. Authors of any compromised themes were going to be contacted, and if necessary, their themes updated by the team at

TimThumb can be used in any PHP environment, on any content management system, though it is known for being extremely popular in commercial WordPress themes. As the news has spread this week a number of WordPress theme shops have responded.

WooThemes published instructions for updating the TimThumb scripts within their themes. Their themes were updated, though version numbers weren’t bumped. Graph Paper PressThemeShift, and ThemeLab have updated the versions of TimThumb within their themes as well. Elegant Themes has published updates to their themes to remove TimThumb from them entirely.

TimThumb was originally developed by a friend of Darren Hoyt’s name Tim, though development is currently run by WordPress developer Ben Gillbanks. Since the news of the vulnerability he has been working to update it via its Google Code Project.

Security issues are never fun. Have you used TimThumb in a client’s project, or used it within a theme of your own? Have you spent any time this week updating sites to repair this vulnerability?