In the near future, I will be moving the In The Faith blogs to this commenting system. I hate filtering through comment spam, although Jay’s MT-Blacklist, does an excellent job, the comment management is TOO tedious.
Here’s a writeup which should at least help other people get MovableType (or anything else which is based on or can otherwise embed PHP) and phpBB working together, if they so desire. It’s not difficult (especially if you already have phpBB set up and working), but it’s time-consuming.
Source: my life in plaid © 2005 My Life In Plaid
A study takes a look at the grammar and mechanics of instant messaging
Take this with a wink and a LOL: IM is more formal than you might think. But hey, guys, your punctuation stinks.
Instant messaging (IM) is a relatively new form of communication, in which two people exchange typed messages instantaneously over the Internet. Although written, the fact that IM is more immediate and direct than email makes it seem more like speech than writing.
But a recent study of IM-ing by college students found that the communication was more formal – in use of vocabulary and abbreviations – than might be expected in a speech-like medium. The research also uncovered significant differences in how men and women use the medium.
“The most important finding is that IM by college students does not look like bad writing,” said Naomi Baron of American University.Baron reviewed 23 different conversations and surveyed 158 students. When divided along gender lines, the messages between females were more formal – with fewer contractions and better punctuation – than those between males.
Source: LifeScience © 2005 Imaginova Corp
Related websites (not necessarily endorsed by In The Faith):
The Unofficial Smiley Dictionary
The popularity of alternative Web browser FireFox continues to rise at the expense of Microsoft’s Internet Explorer, according to a new study.
From the beginning of December through mid-January, 4.78 percent of Internet surfers studied by online measurement company WebSideStory used the Mozilla Foundation’s FireFox browser, a gain of 0.88 percentage points. At the same time, IE usage declined 0.7 percent to 92.7 percent, the firm reported. WebSideStory said IE use has declined from 96.7 percent since June.
The study measured market share by embedding sensors on major Web sites such as those of the Walt Disney Internet Group, Best Buy, Sony and Liz Claiborne. Previous studies from WebSideStory tested all operating systems, but the company said its Windows-only numbers are more accurate because new configurations in Apple Computer’s Safari browser inadvertently skewed results. WebSideStory retrieves data from 30 million Internet users a day passing through its monitored sites. The company then takes a snapshot of two days and compares the growth.Mozilla, an open-source software foundation formed by Netscape, launched FireFox 1.0 in November, after recording more than 8 million downloads of its test version. As downloads continued to surge, measurement firms such as WebSideStory and Dutch market researcher OneStat.com began releasing data tracking FireFox gains and IE declines. In December, OneStat reported that IE’s market share had slipped to 88.9 percent, a figure Microsoft disputed.
Source: CNET.com © 2005 CNET Networks, Inc
Why do I care? The bittorrent protocol is a wonderful medium of distributed computing, however, its being misused to share copyrighted material is illegal, unethical, and regrettable.
Many open source projects are distributed using bittorrent, a trend which is sure to continue.Here’s the story per Slashdot.org:
Numerous people wrote in with similar stories: “Without providing a reason, both of these sites have shut down: SuprNova.org and TorrentBits.org.” We mentioned a few days ago that the MPAA was going after Bittorrent sites.
Source: Slashdot © 2004 Slashdot
Hmm… It looks like I am getting a MAC…
Apple Computer’s OS X and the open-source BSD operating system provide the “world’s safest and most secure” computing platforms, according to London-based security firm mi2g. The report also describes Linux as the world’s “most breached” online computing environment, followed by Microsoft’s Windows operating system.
According to mi2g, the firm’s Intelligence Unit study analyzed more than 235,000 successful attacks against “permanently connected — 24/7 online — computers” worldwide between November 2003 and October 2004. According to the study, computers running Linux accounted for about 65 percent of all recorded breaches, while Microsoft Windows-based systems accounted for about 25 percent of such attacks. Successful attacks against OS X and BSD-based online systems accounted for less than five percent of the worldwide total.
“More and more smart individuals, government agencies, and corporations are shifting towards Apple and BSD environments,” said D.K. Matai, executive chairman of mi2g. Technology professionals, he said, “don’t have time to cope with the umpteen flavors of Linux or to wait for Microsoft’s Longhorn when Windows XP has proved to be a stumbling block” due to persistent security flaws.BSD (Berkeley Software Distribution), which includes three related open-source variants, each with its own source tree and kernel, are frequently used to run Web severs and other types of Internet infrastructure servers. Mac OS X, which uses a proprietary user interface and other extensions built on top of a BSD-based core, has been distributed on all Apple Computer desktop systems since 2001.
Source: Linux Pipeline © 2004 CMP Media LLC.
Official advice from the source — ASP.NET developers take heed.
Armed with advanced server-side technologies like ASP.NET and powerful database servers such as Microsoft® SQL Server, developers are able to create dynamic, data-driven Web sites with incredible ease. But the power of ASP.NET and SQL can easily be used against you by hackers mounting an all-too-common class of attack—the SQL injection attack. The basic idea behind a SQL injection attack is this: you create a Web page that allows the user to enter text into a textbox that will be used to execute a query against a database. A hacker enters a malformed SQL statement into the textbox that changes the nature of the query so that it can be used to break into, alter, or damage the back-end database.
Source: MSDN Magazine Sept 2004 © 2004 Microsoft
Related websites (not necessarily endorsed by In The Faith):
A must-read for web developers everywhere. Although, Colin’s article specifically handles SQL injection attacks for the ASP.NET environment, his advice can be applied to any data-driven web application. Let us be secure from intrusion.
Every day I see messages on various forums asking for help with SQL. Nothing wrong with that. People want to understand how something works, or have a partial understanding but something is keeping them from completing their task. However, I frequently also see messages that have SQL statements being built in C# or VB.NET that are extremely susceptible to injection attack. Sometimes it is from the original poster and, while they really need to learn to defend their systems, that is fine as they are trying to learn. Nevertheless there is also a proportion of people responding to these questions that give advice that opens up gaping security holes in the original poster’s system, if they follow that advice.
Source: Stuff that’s in my head © 2004 Colin Angus Mackay
Adds penalties of up to five years in prison
WASHINGTON - The House on Thursday passed the second bill in three days that would outlaw “spyware,” irritating software that quietly monitors the activities of Internet users.
It would add penalties of up to five years in prison for people convicted of installing such programs without a computer user’s permission.The bill, known as the “Internet Spyware Prevention Act,” passed 415-0. It would give the Justice Department $10 million to crack down on companies and others that secretly install spyware and those who attempt to trick victims into disclosing personal details and financial information in e-mail scams popularly known as “phishing.”
Source: MSNBC.com © 2004 MSNBC.com
Finally, something that makes a lot of sense. Pass legislation against those spyware creeps. Dump Internet Explorer and take control of your life with FireFox, Opera, Lynx, a homing pigeon, something… just NOT IE…
WASHINGTON (AP) — Companies and others that secretly install “spyware” programs on people’s computers to quietly monitor their Internet activities would face hefty federal fines under a bill the House passed Tuesday.
The most egregious behaviors ascribed to the category of such software — secretly recording a person’s computer keystrokes or mouse clicks — are already illegal under U.S. wiretap and consumer protection laws.The House proposal, known as the “Spy Act,” adds civil penalties over what has emerged as an extraordinary frustration for Internet users, whose infected computers often turn sluggish and perform unexpectedly.
Source: CNN.com © 2004 Cable News Network
If you are transitioning from Classic ASP to ASP.NET, this is a cool framework to implement in the meantime….
In short, CLASP is a Framework developed in VBScript for the development of Classic ASP WEB applications. Now, you may ask yourself, why should I consider CLASP when there is ASP.NET out there?.
- Need to maintain/extend current ASP Applications that will not be migrated over to .NET in the near future.
- All the above while making sure that your code will be easily ported to ASP.NET.- It is a white box, nothing to hide here!, you can modify the code to suit your needs.
Just to see if I could do it really quickly, I upgraded my WordPress install from 1.0.2 to 1.2 Epsilon RC1.
After uploading the new install file to the server, the upgrade was a snap. Just browsing to the upgrade script and let it work for about 90 seconds, in my case.
It took me 4 minutes to install a working WordPress system at In The Valley
Add another 2 minutes to configure the permanlinks to use Clear URIs. The default entry became http://www.inthevalley.net/word/archives/2004/05/15/afraid/ when it was previously http://www.inthevalley.net/word/index.php?p=1
Textpattern took about the same amount of time to install, offers more flexibility on templates, but is still in development. In my opinion, if Dean does licensing right, TXP will gain a lot of territory on MovableType and WordPress.
One thing that Textpattern and Wordpress have in common is that they are both PHP/MySQL publishing systems that use live data. No static pages are created by the system.
From WordPress > About
WordPress was born out of a desire for an elegant, well-architectured personal publishing system built on PHP and MySQL and licensed under the GPL. It is the official successor of b2/cafelog.
WordPress is fresh software, but its roots and development go back to
2001. It is a mature and stable product. We hope by focusing on web standards and user experience we can create a tool different from anything else out there.
OK, I am interested in moving the near dormant photoblog from MovableType 2.661 to WordPress.
The web is buzzing with information, rants, and raves concerning the release of pricing and licensing for MovableType 3.0.
Mena Trott, co-founder of Six Apart,the company behind the Movable Type and TypePad weblogging systems/services, has addressed some of these concerns today.
In The Valley has yet to determine what course of action it will take concerning its 3 active MovableType Weblogs: In The Faith, Anthony K. Valley — Chronicle, and Anthony’s Rank Amateur Photography. These decisions do not need to be made in record time as we have not planned to upgrade from version 2.661 to 3.0 upon release.
None the less, I have no need to flee from MovableType at this time.
Creator of “Sasser” worm arrested. Microsoft’s reward a major factor.
HANOVER, Germany (Reuters) - A tip from reward-seekers and information from Microsoft led to the arrest of an 18-year-old suspected of creating the “Sasser” computer worm, German police and the software giant said on Saturday.
Spokesman Frank Federau for Lower Saxony police said police were certain they had the man behind one of the Internet’s most costly outbreaks of sabotage.
“We are absolutely certain that this really is the creator of the Internet worm because Microsoft experts were involved in the inquiry and confirmed our suspicions and because the suspect admitted to it,” he said in an interview with Reuters Television.
It was the lure of cash that proved the man’s undoing. A group of individuals from Lower Saxony approached Microsoft MSFT.O on Wednesday inquiring about reward money should they turn in the man.
The U.S. software giant in the past has put bounties of up to $250,000 on the heads of other notorious virus writers.
Source: Reuters © 2004 Reuters
Bart’s Preinstalled Environment (BartPE) bootable live windows CD/DVD is just the ticket for Windows Admins who need to rescue PCs.
It’s funny, I was just having this conversation with a couple of Linux Admins at work, “I wonder if someone has created a Live CD/DVD for Windows that’s similar to the Knoppix Live CD for Linux?”
Lady and Gentlemen, BartPE is the answer….
Wired News reports, “MyDoom Spawns More Potent Variant” We should expect a little more viral mayhem.
A new, nastier variant of the MyDoom worm has been released and is beginning to spread across the Internet, according to antivirus experts.
Computers infected with MyDoom.B will launch a 12-day denial-of-service attack on Microsoft.com beginning Feb. 1. They will also launch a separate attack on the SCO Group’s website on the same date, just as the original version of the worm is coded to do.
MyDoom.B also alters system files in order to block infected computers from accessing a list of 65 websites, most of them belonging to antivirus vendors, in an apparent attempt to stymie users attempting to download antivirus application updates or information.
Update your virus definition files. Please.
The RSS Feed Reader / News Aggregators Directory over at hebig.org/blog basically covers the ground that I intended to cover in a new post.
Google RSS Feeds are a hot commodity if you can find them. A perl script, not recommended or supported by Google, that parses the Google topic pages has been released to the public.
Note of caution, do not abuse this hack as Google will ban your IP address, then try to live without Google.
Google may be the site that we love to hate, but honestly, who does searches better?
I am looking to optimize my RSS files for my blogs for cool aggregators like Bradbury Software’s FeedDemon. While looking around at the site, I browsed the FAQs to see find additional information on building a better syndication. That perusing lead my to an article at Harvard Law about RSS 2.0 Specifications.
Of course in the circle of life, all things point back to Six Apart’s Movable Type templates. Not really being satified that SA’s MT is the answer for all things, I googled a little more down the road finding a nice RSS haven of rest at Dancing About Architecture. The search still continues…
Do you REALLY think that people have stopped downloading or did they move on to greener pastures?
According to a report released Sunday by the Pew Internet & American Life Project and comScore Media Metrix, the number of individuals illegally downloading music from the Internet plummeted from 35 million to 18 million between late May and mid-December. “Nothing has ever fallen off the cliff the way that downloading has,” Lee Rainie, director of the Pew Internet project, told Newsday. “Obviously the lawsuits were a watershed, and they dramatically changed some online behavior.” But just how did they change it? Pew researchers would have us believe that fewer people are downloading music illegally. But they sampled only four peer-to-peer applications - Kazaa, WinMX, BearShare and Grokster — each of them known to be heavily monitored by the RIAA. What of BitTorrent? Or eDonkey and eMule? Or Carracho? Isn’t it possible that more of the trafficking is just moving off the radar?
Maybe IRC for the more technically savvy users.
PCWorld.com - New Worm Strikes MSN Messenger.
Well, at least Messenger is free.
A new worm targeting users of Microsoft’s MSN Messenger software has squirmed through the instant messaging application.
The Jitux.A worm comes in the form of an instant message inviting users to click on a URL. By clicking on the URL, users download the jituxramon.exe file, which then becomes resident in their computer’s memory and sends new messages containing the link every five minutes to all contacts stored in MSN Messenger.
Jitux.A isn’t the first worm to wiggle into popular instant messaging networks, particularly MSN Messenger. More than 60 IM vulnerabilities have been published, according to security researchers from Symantec. They range from security holes that could be used to crash IM clients in denial of service attacks to those that allow attackers to install and run malicious code remotely on computers running the vulnerable IM clients.
In short, don’t click on strange links and update your virus definition files.
Microsoft unwraps 'Longhorn' operating system. Big news from CNN Money, today.
Here is the lead in to the story.
Microsoft Corp. Monday gave its most detailed look yet at the next version of Windows, code-named "Longhorn," which promises new methods of storing files, tighter links to the Internet, greater security, and fewer annoying reboots.
Here is the real meat and potatoes of "Longhorn"
The company also talked about the four key "buckets" it sees comprising Longhorn: fundamentals like security and scalability; new presentation technology that includes a rebuilding of Windows' graphics system; a new file storage system called WinFS that makes heavy use of XML, or extensible markup language, data; and new Web services and communications technology.
Source: CNN Money
Today a received another fake PayPal site email. This one tries to get your credit card information and all of the bells and whistles that come with it.
For your enjoyment, I have included the text of said email. For your protection, I have already forwarded this information over to PayPal's Customer Service team that researches these fake sites.
This link will probably be dead soon, but anyway, here is the message.
Here is the URL for the "click here" link:
It's a pretty good fake.
Please verify your information today! Dear Paypal Member.
Your account has been randomly flagged in our system as a part of our routine security measures.
This is a must to ensure that only you have access and use of your paypal account and to ensure a safe Paypal experience.
We require all flagged accounts to verify their information on file with us.
To verify your information, click here and enter the details requested.
After you verify your information, your account shall be returned to good standing and you will continue to have full use of your account.
Thank you for using PayPal!
Yeah. One day I will have more even more bandwidth. That's cool because DSL did NOT work for me. My cable modem rocks!
Still surfing c|net and this article caught my eye: Comcast raises broadband speed bar.
Comcast is doubling the transfer speed of its broadband service, another move in the cable industry's campaign to fend off phone companies in the hunt for high-speed Internet customers.
The Philadelphia-based cable company said on Thursday it will boost its maximum download speed of its Comcast Online service from 1.5 megabits per second (mbps) to 3mbps, at no additional charge to customers. It said it will introduce the increases in 14 U.S. markets at first, but added that the "majority" of its broadband subscribers nationwide will be upgraded by the end of the year.
Somebody at VeriSign had a wake up call and they decided to stop doing that redirect thing.
VeriSign, the administrator of the .com and .net domains, made plans to shut down its new Site Finder service Friday, after the Internet Corporation for Assigned Names and Numbers ordered the company to undo controversial changes.
Now, I really like the logo on this site that a dear friend of mine is running.
His studio is up and running and the great folks over there are ready to build some sites for you. No matter what your business needs are, drop Jon a message.
What You Should Know About Microsoft Security Bulletin MS03-039 (824146) [Security Update for Microsoft Windows].
This is the end user version of the TechNet article that I mentioned earlier.
Not too much technical information here, just enough to let the end user know that this is a Critical Security Update.
Microsoft TechNet issued a CRITICAL update to Windows NT, 2000, XP and Server 2003. Once again, let's get those systems patched.
I'm sure that as we sleep, someone from the Internet "underground" is writing the appropriate virus/app/prog/worm to exploit these vulnerabilities.
NOTE TO READER: Happy consumer, please apply the critical patches from MS on a regular basis. Thank you!
From FAQs @ Microsoft:
What’s the scope of the vulnerability?
There are three different vulnerabilities discussed in this bulletin. The first two are buffer overrun vulnerabilities, while the third is a denial of service vulnerability. An attacker who successfully exploited either of the buffer overrun vulnerabilities could gain complete control over a remote computer. This would give the attacker the ability to take any action that they wanted on the system, including changing Web pages, reformatting the hard disk or adding new users to the local administrators group.
An attacker who successfully exploited the denial of service vulnerability could cause the RPC Service to hang and become unresponsive.
To carry out such an attack, an attacker would need to be able to send a malformed message to the RPCSS service and thereby cause the target system to fail in such a way that arbitrary code could be executed.
What could these vulnerabilities enable an attacker to do?
An attacker who successfully exploited the buffer overrun vulnerabilities could be able to run code with Local System privileges on an affected system. The attacker could be able to take any action on the system, including installing programs, viewing changing or deleting data, or creating new accounts with full privileges.
An attacker who successfully exploited the denial of service vulnerability could cause the RPCSS Service to hang and become unresponsive.
Who could exploit these vulnerabilities?
Any user who could deliver a malformed RPC message to the RPCSS Service on an affected system could attempt to exploit these vulnerabilities. Because the RPCSS Service is on by default in all versions of Windows, this in essence means that any user who could establish a connection with an affected system could attempt to exploit these vulnerabilities.
I'd like a number one, super-sized, and the 24-hour Wi-Fi, to go, please...
Some really good photoshop tutorials that I found tonight, make sure you follow the navigation on the right side of the page to see the next and/or previous tutorial.
Television has a profound effect on the information that I am spoon-fed so I saw the commercials before seeing this article.
OVERLAND PARK, Kan. -- Sprint Corp. plans to offer high-speed wireless Internet access in the U.S. for laptops equipped with WiFi by the end of summer, joining a growing number of major phone companies that have embraced the hot technology.
The new service, announced Monday, will let customers connect with the Web whenever they're near one of about 800 "hot spots" around the nation, mostly through roaming agreements with WiFi carriers including Airpath Wireless and Wayport.
WiFi, short for wireless fidelity, radiates an Internet connection that multiple computers can share within 300 feet from any transmitter.
Now... Why does Windows ME have to be the only platform that is not affected by this flaw.
Windows ME? Give me a break.
The software giant issued a patch Wednesday morning to plug a critical security hole that could allow an attacker to take control of computers running any version of Windows except for Windows ME.
A group of Polish hackers and independent security consultants, known as the Last Stage of Delirium, discovered the flaw and worked with Microsoft to fix it.
"It should be emphasized that this vulnerability poses an enormous threat, and appropriate patches provided by Microsoft should be immediately applied," the group said in an advisory posted to its Web site. The group said that programs designed to exploit the vulnerability will likely be available on the Internet soon.
Some really good information over there about your SPAM problem.
So how to they do it?
1. From posts to UseNet with your email address.
2. From mailing lists.
3. From web pages.
4. From various web and paper forms.
5. Via an Ident daemon.
6. From a web browser.
7. From IRC and chat rooms.
8. From finger daemons.
9. AOL profiles.
10. By guessing and cleaning.
11. From white and yellow pages.
12. From a previous owner of the email address.