Category Archives: Tips

404er Legit and WordPress community kudos

0 minutes, 30 seconds

Remember way back when we posted 404er? Well, good news! We jumped through the hoops and now our plugin is officially on the WordPress site. Clearly the readme needs to be updated so the page is a little more full featured.

Soon, when we’re indexed, you can search for us by name at your nearest WP admin control panel. Here’s a ‘recently changed’ listing showing the 404er:

Noteworthy is that WordPress.org has really gone above and beyond to help developers. We get a full SVN environment, lots of PR on their site, detailed yet easy to read docs and best off, a really rich code base to code against. Thanks WordPress!

Lifehacker on Passwords

2 Replies

1 minute, 34 seconds

As a fan of security and strong passwords, I read with interest Lifehacker’s article about how easy it is to hack passwords. In general the article is right on the money and I agree with it’s message. However, I took issue with the article on two points.

The first point they’re talking about how easy it is to either guess or brute force your passwords. Guessing and forcing passwords can be done over the Internet with out needing to compromise your (the victim’s) computer. However, the last step is “simply” to get at the cookies on your local machine:

But wait… How do I know which bank you use and what your login ID is for the sites you frequent? All those cookies are simply stored, unencrypted and nicely named, in your Web browser’s cache. (Read this post to remedy that problem.)
– Lifehacker Mar 30, 2010

For me this is crossing the line from informative into fear mongering. Yes, once you have logged into some one’s computer as the user they surf the internet as, it is indeed trivial to read cookies. No, this can not be done over the Internet. No this is not a simple step to make.

The second point (now that I’m not drafting this on my phone and am using a real computer) I see that the original article was published in 2007! Just about all the info in the original article still holds true 3 years later, but I find awkward when the article on Lifehacker has items like this in the article:

EDIT: You might also want to listen to my interview on Connecticut Public Radio about password security.

Which made me think it was a Lifehacker edit in 2010, but was in fact an edit from John Pozadzides in 2007. Speaking of Pozadzides, his blog looks pretty right on and I don’t really have any beef with him (in that totally anonymous Internet beef kind of way), but I mainly take issue with fear mongering, especially when in comes to cookies.

Update: This article seems to be making the rounds on a lot of sites.

Update 2: There’s a great comment from Wangston below.

Google: gmail, mail and calendar sync with Meego Netbook (Google Apps Too!)

Leave a reply

0 minutes, 36 seconds

Recently a reader inquired about how to set up Meego to sync with gmail mail, calendar and contacts based off me mentioning I got it working. I use Google apps for mail hosting at plip.com, so this applies to both gmail and Google Apps (domains that use gmail for their email server). Settings are based off IMAP settings for Thunderbird.

Here’s the steps I took for a clean install of Meego (see matching screenshots below too):

Launch Mail for the first time

Enter your Google Apps or Gmail login info (per google IMAP or thunderbird )

Choose IMAP (again, per google IMAP or thunderbird )

Configure SMTP (again, AGAIN per google IMAP or thunderbird )

Confirm and make sure contacts and calendar are checked

Mail Works!

Launch Calendar and Contacts

Contacts synched!

Calendar synched! (no screenshot :( )

Bye Bye Meego, Hello Ubuntu Netbook Remix

Leave a reply

0 minutes, 54 seconds

Meego, as I mentioned before, is really really cool. I was able to get all my apps installed and even managed to get my Google calendar, mail and contacts syncing by just adding it via the email client under IMAP (BTW – Meego, you should really highlight that feature!). All the apps even appeared as a native icon alongside the pre-installed ones which is a really nice touch. Alas, the lack of a working AIM client is just too much. It’s my primary IM network and it just bugged me that it didn’t work. Which is too bad, because Meego is so close to being perfect. Well, too about AIM and about sleep.

So, what to do? After reading Mr. Doctorow’s latest post, I was reminded about good ol’ Ubuntu. Sure enough, there’s a Netbook remix. Let’s give it a whirl! USB key is prepped and primed and install is imminent.

Also – I love love love (yeah, 3 times) Pendrivelinux.com!. This is a super easy way to create bootable USB drives (aka live “CDs”) of your local linux distro. The old days of some crazy fdisk silliness is gone. Now it’s just point and click. Love it.

Stay tuned for my Ubuntification!

New Love: Meego

Leave a reply

0 minutes, 44 seconds

A bit ago I read a post about Meego 1.0 being available. I had a Acer great netbook that was suffering from a slow slow install of XP. I’d been thinking of going to Linpus, which originally shipped with the Aspire Ones. However, Meego had great live, bootable USB download which allowed me to give the whole OS a spin on my hardware. Everything just works: webcam, USB bluetooth dongle, wifi, NIC and internal SD Card.

Last night, I took the plunge and installed it over XP.

Today, I’m happy to report I’m never going back to XP on this lil’ guy. I got Dropbox, KeepassX, Synergy and sshd all working with out a lot of hassle. The boot time is insanely fast. Google Chrome is WAY faster than FF3.6 in XP. I am a very happy camper.

Go Meego today! Full disclosure – sleep looks to be broken :(

Update: It looks like AIM is broken too. That’s a real bummer because it’s my main IM network.

Smartphones + small screens = Phishing!

Leave a reply

1 minute, 13 seconds

I just read internet’s famous Cory Doctorow’s very interesting post about how he got phished (!). What struck me was not his whole parasite-perfect-timing-phone-reset scenario. The take away for me was that on a small screen you can’t see the entire URL of where you’re going. I can imagine a scenario where phishers look up your friends on facetwitt, send you a “personal” note with a perfectly crafted URL to fit you iphonedroid’s browser. Your phone would hide the fact that you’re not logging into the site you think you are. Yikes!

I’m currently abstaining from all social networking sites. They’re totally awesome and fun and a great way to keep in touch with friends far and near. However, my security hackles go up too high with them, so I’ll have to be happy with my blog and its 4 readers instead of an intensely well read facebook wall (that’s what the kids call it, right?).

Phishers often depend on super popular site like twittface to spam you with a note from a service you’ll likely be using. I laugh these off because I don’t use any them. But if I was a phisher, I’d programmatically crawl the feeds to figure who your friends are and who you actively communicate with. I’d then watch out for nouns and verbs you’d expect in a message based on the vernacular your lil’ group uses, and then I’d phish you like a bunch of mom’s on their iMacs (my mom and her iMac excluded, of course!).

This post largely written on WordPress for Android in casual carpool. Fun!

How to embed Vimeo Videos: The hard way

Leave a reply

0 minutes, 48 seconds

I’ve been chatting with my friend about how to embed Vimeo videos on his site. He was trying to figure a way to do html5 and flash and auto-detect if you’re a desktop browser or a mobile browser (or an iPad). By using JavaScript he could show the user the right video. I’ve accepted this challenge and I introduce: Plip’s Vimeo JavaScript Embedder v.01. One thing I didn’t do was scour the Vimeo forums to see if this had been done. What I did set out to do was:

Learn Vimeo Simple API
Write code some one had requested
Have a programming goal that I could prove could be done in just one night

Arguably, I may not have achieved the last item as I actually haven’t tested it on a mobile device yet (yeah, I’m a lazy, lazy man), but I’m pretty sure it’ll work on a WebKit device.

It should be noted, I don’t think I’m a very good JavaScript coder and this is version .01. Even so, should I add a “JavaScript” category?!

Will the real 404 please stand up?

Leave a reply

0 minutes, 46 seconds

One of the laptops in the house died recently. The svelte new Dell Latitude 13 showed up as its replacement, and it’s great. However, it’s running a factory set up version of IE8. I don’t use IE8, opting for the fox (for debugging) or the goog (for speed) instead, but I noticed that the totally awesome plip 404 page was being usurped in IE8. This will not stand! Just as I will not have my ISP taking over DNS for domains that don’t resolve, I will not have my browser decide what a 404 page should look like.

At first I found some sites that suggested a different header or that you could make your 404 page more than 512 bytes. While this will work, and will work every *every* user, I was curious about a client side setting. Enter “show friendly http error message” check box:

Just uncheck that guy in your IE settings and welcome back fugly plip 404 messages. Interesting enough, there’s all kinds of wackiness in Microsoft land about this. Read on if you care!

3 ingredients, 3 steps = really good hot cocoa

Leave a reply

0 minutes, 26 seconds

Some folks think that you need to get those little packets of mix to make a good cup of cocoa. They’re wrong! Here’s how we do it at home:

Ingredients:

1 super heaping teaspoon unsweetened cocoa powder (preferably, fair trade and organic)
1 teaspoon sugar (maybe two if you’re using milk. we use sweetened soy milk so we cut it down to 1)
1 mug of milk

Steps:

Measure ingredients into your mug
Spoon in 4-5 teaspoons of hot milk into the mug and thoroughly stir into a slurry
Pour in milk while stiring

Enjoy! (ostensibly the 4th step ;)

Yahoo mail hacked?

Leave a reply

2 minutes, 30 seconds

I’ve had three friends with yahoo accounts send me email that was clearly not them sending it. It was a spammer. One friend had every contact emailed, in alphabetical order, in groups of 10. The symptoms seem to be:

Emails are really sent from yahoo account, there’s a copy in the “sent mail” folder
Password is changed such that you need to call yahoo or otherwise reset your password
Groups of 10 people emailed

Another geek friend reported the same with a number of his friends who have yahoo email getting hacked as well. Him contacting me prompted this post to get awareness out there ( you know, to all 3 of you who read this). No real news on the interwebs, leave this post: Who Hijacked Yahoo Mail?

Here’s the nice view of the email (sensitive data yas been obscured with “***********”)::

From: Anders ***********
To: egwit, awarnow, avkirby, starsister77, apnun, ann, jara, apollostwinsis., haywoodashley, me
date: Tue, Feb 16, 2010 at 3:06 PM
subject: Bettina Mischkalla

http://nmprint.com.au/go.friend.php

Here’s the raw email I got from my friend’s hacked account (sensitive data yas been obscured with “***********”):

                   
          
Delivered-To: mrjones@***********.com
Received: by 10.231.143.16 with SMTP id s16cs151659ibu;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received: by 10.140.58.10 with SMTP id g10mr4771311rva.57.1266361611517;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Return-Path: 
Received: from ***********.com (***********.com [207.29.224.50])
        by mx.google.com with ESMTP id 31si10777747pzk.62.2010.02.16.15.06.51;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of 
mrjones@***********.com designates 207.29.224.50 as permitted sender) 
client-ip=207.29.224.50;
Authentication-Results: mx.google.com; spf=pass (google.com: best 
guess record for domain of mrjones@***********.com designates 
207.29.224.50 as permitted sender) smtp.mail=mrjones@***********.com; 
dkim=neutral (body hash did not verify) header.i=@yahoo.com
Received: by ***********.com (Postfix, from userid 501)
	id 2AFAC968B7C; Tue, 16 Feb 2010 15:06:45 -0800 (PST)
X-Original-To: mrjones@***********.com
Delivered-To: mrjones@***********.com
Received: from web53107.mail.re2.yahoo.com (web53107.mail.re2.yahoo.com 
[206.190.49.57])
	by ***********.com (Postfix) with SMTP id 7D7D4968B58
	for ; Tue, 16 Feb 2010 15:06:38 -0800 (PST)
Received: (qmail 11051 invoked by uid 60001); 16 Feb 2010 23:06:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; 
s=s1024; t=1266361597; bh=oJtmpSDF9JfgKjw+1+Q+Wqxiiq1f0Qc9sio+EdymNik=;
 h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:
 MIME-Version:Content-Type; b=oFCN9QuJ13WOanJxxKZHrcbLHOZOMviKII3sm
 Wu/Rno7BWX4i8mBO6CHijcUGJPj/7P1ryPEfVSCB/k72CUbSHcHaJZIpLbF0EXwLje
 uVvkTB/BaeMHhTn5DPbW2h7bcKCvt0AlwfUXUQ+1K3t2zpBH1slw/eUoJqEEVx58A2Ew=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:
  MIME-Version:Content-Type;
  b=kzg14b6v1xa8NPMqRfu5XCsz4dFXa7bASb6Vj3Epb6I74/a8t5rVPWCOBfPtR1C
  2Bg67H5UqE3nmdd/hqTKWmUfOKh/g2rhEuXX23ghs080LTudbyqwF0hQSLVmPlhAQ
  RcedYf86UYfC5Ox8SpH/76T2gc+LRlqglfPenlpLRzw=;
Message-ID: 
X-YMail-OSG: ppvFaJUVM1kacZ05sJo0wMYepvD5By3Oxe96QISv6KgKBxmq0_Q1r1
8k75jrUQId8bPmqNP8IjHUU8OBB8bfkioPzwwMw7pj1Br2YORw.qhjM8uWFe8yr_wQv
i7YEAoLhtQvNnyTU.5SLv6lIQFUrTxp6huhu1iOVzwW5PtokoZoBQLQ82lLd_jMg1L6
9lCXsoRvQi6C5PTDrobDdUz7VOj3h0yRWEFf00zgrQ.Vs9kf2cU2epyUdQQuJ_juBPx
accPy7psP2vYnb7ErtxGxfUayl85HvFPG575oMywmq6e8PKqpKz04xXdgwqhgZ6g5qs
5_feAiiHiTH5Tz5gpTdCCuzNThjs3436jDWaTpWx8-
Received: from [66.196.86.118] by web53107.mail.re2.yahoo.com via 
HTTP; Tue, 16 Feb 2010 15:06:37 PST
X-Mailer: YahooMailWebService/0.8.100.260964
Date: Tue, 16 Feb 2010 15:06:37 -0800 (PST)
From: Anders ***********
Subject: Bettina Mischkalla
To: "egwit@***********.com" ,
  "awarnow@***********.com" ,
  "avkirby@***********.com" ,
  "starsister77@***********.com" ,
  "apnun@***********.com" ,
   "ann@***********.com" ,
  "jara@***********.com" ,
  "apollostwinsister@***********.com" ,
  "haywoodashley@***********.com" ,
  "mrjones@***********.com" 
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii


http://nmprint.com.au/go.friend.php