Pidgin 2.0.1 Released

Have you heard? Pidgin 2.0.1 has just been released two hours ago (as of the time of writing – 25 May 2007 20:10 GMT). This release fixed various bugs, where 112 tickets were closed. Go here to see the Milestone page and here to download Pidgin.

However my most waited enhancement is not in this release. Maybe some day.

I shall be building and testing my version of Pidgin Portable soon.

I have updated my version of Pidgin Portable to use Pidgin 2.0.1 🙂

Imagine Hiro Yelling “Bonsai”

I am working at night this week and as always as I want to enjoy the “lunch” my wife prepared for me I would look for something to watch. Searching for Heroes I found this clip containing an interview with Masi Oka (Hiro Nakamura) and Milo Ventimiglia (Peter Petrelli):

The script originally contained the word “Bonsai” and luckily Masi Oka is fluent in Japanese (he goes to weekend school to learn Japanese). Just thought it is interesting.

4.0Mbps Streamyx?

I was browsing through some blogs when I found myself on this particular post in doBot’s blog. Here’s the official announcement.

Familiar Malaysian forums have been discussing this for a while, and as usual I’m left behind again. Some of them mentioned that the 4Mbps is nothing if TMNet still decides to limit/throttle traffic especially for P2P users. I’m actually neutral in this P2P throttling issue, even though I am a heavy bittorrent user. Why? Well actually the number of broadband users in Malaysia is not that high, and most concentrated only among savvy Internet users. If most of these users are using P2P daily and TMNet does no policing act on it, the whole Streamyx infrastructure will most probably overload. This, is not deniable due to the incompetency of TMNet but IMHO every company deserves a chance to improve themselves, provided that they are trying to improve.

As I read everywhere in the media, TMNet is heading a committee for the second submarine link (I don’t remember the project name). That is indeed very good if it can provide us a secondary pipe and a fail-over mechanism. I have no idea but I am really hoping that this will widen our International link in a massive scale.

On the introduction of the 4Mbps link, I think it is to soon if no International link upgrade has been done. If anyone from TMNet can enlighten me that would be great, as I have no idea of what is going on in there that they actually decided to offer the 4Mbps package.

The price of RM268 is indeed quite high, but it is very reasonable IF AND ONLY IF there would be a huge improvement to speed and reliability. I know users in some other countries pay a lot more for broadband, and of course some pay less. It’s really just business and you can’t really do much about it. I’d pay RM268 if the service is good and reliable, with superb customer support. I guess I’ll just wait and see before running to the nearest TM Point.

If you want to be the first to test this service, go quick as they are offering RM198 before 17 June 2007. I need your feedback on the service before deciding. Oh yes, check the availability/coverage in your area first before even thinking about it. And of course, you have to be with 3km or less from the exchange 😉

I wonder how they would consider/calculate a package upgrade?

What do you think… would you go for this package?

What Are .ISO Images

Have you ever downloaded a file with the extension .iso and have no idea what to do with it? It has been not once, not twice, but at least 6 times I have provided a .iso file to a friend / family member and the .iso file ended up to be a single file on the CD/DVD. I know there are many computer users out there who still have no clue about .iso images.

ISO Image

Newer CD/DVD burning applications usually will associate .iso files so that when you click on such file the software will launch and open the CD/DVD burning wizard. However, most often than not I see the files having ‘unknown’ icons and not associated with anything.

A normal user will encounter .iso files much less often than geeks like me. But there are circumstances where .iso files are needed. One good example is when I was asked for a MS-DOS boot disk for a laptop without any floppy drive. So I just took a bootable .iso image I created a while ago and send it via e-mail (the size is not that big, just about the size of a floppy).

So the .iso file usually ended up in a CD/DVD rather than the files in it.

Simply put, an .iso file is an image, sort of an archive to house many files in it. It is an exact image of a CD/DVD file system. I know some gamers who use illegal games have utilities like Virtual DAEMON Manager to mount .iso images and fool the game that there’s a CD/DVD inside the drive.

Tools like IsoBuster can also help Windows users to see (and extract) the files contained in .iso images.

So next time when you receive an .iso image don’t burn it using the normal burning wizard. For Nero, use the Recorder > Burn Image menu:

Using Nero to burn .iso image

For more geeky technical reading on mounting .iso images on Linux, click on Continue Reading

Continue reading What Are .ISO Images

New Metrics & Ranking System

I was alerted by Firefox earlier today to update one of the plugins I use: SearchStatus. It is a plugin which displays Google PageRank, Alexa Rank, and the latest update includes Compete Rank.

SearchStatus plugin with Compete Rank

It turns out Compete has been around for quite a while now. I am surprised why I never heard of them. According to the about page, the service has been created in 2000.

Five main areas provided by Compete are:

  • Compete SnapShot™
  • Compete Search™
  • Compete Toolbar™
  • MyCompete™
  • Compete Blog™

The technology looks promising, and I am going to register to use MyCompete. Why don’t give it a try?

Compete Logo

This is definitely NOT a sponsored post!

WordPress 2.2

WordPress 2.2 has just been released about 14 hours ago. There are a lot of new goodies with this release, among the big ones are Integrated Widgets, Full Atom support, New Blogger importer, Infinite comment stream, protection against plugins or edits that will break your blog, and also a hook for a future WYSIWYG support in Safari.

There are a bunch of new features for developers too. Looks like I will have to check my simple random posts widget plugin whether it still works in 2.2.

WordPress 2.2 also marks the total obsoleteness of my blogger rss import plugin 😉

Now I have to find time to upgrade all blogs I maintain. I own only one blog, though.

My AdSense PIN Has Arrived

Despite of a shadowy day (the shadow is in my head) today, I am thrilled to learn that my AdSense PIN has arrived safely at my home. It felt good.

Google AdSense PIN

I’ve been busy and tired lately, this is a very big hurdle for a non full time blogger like me. Less and less time (and energy) to get online and write! The good news is that the cold is going away little by little.

My Version of Pidgin Portable

Latest Update click here.
I am a curious programmer, and was all the way wondering on how apps on PortableApps were made. Since Pidgin, the replacement for Gaim was released I was waiting for a while for Portable Apps but I guess they must be busy with the number off apps they have to handle.

So I went and analyze the Gaim Portable sources, read some info on Pidgin official site, downloaded NSIS and I managed to make it work! I was planning just to use it personally but as always I feel like sharing it.

You can download it here:

PidginPortable.zip md5sum: f4ea8c532f43166b7ef61ee915c1218e

Pidgin Portable in the Launcher

And if you want spell checking support, extract this to PidginPortable\App\aspell

aspell.zip md5sum: 19a0d7cf3a384e17b642825220121462

They are zip archives since I have not learned about the install files from Portable Apps yet.

The Pidgin files were copied from my local installation, by guidance from the Pidgin FAQ: Running Windows Pidgin From a USB Drive.

The installed size is around 8.48MB. Like Gaim Portable, I’ve utilized UPX to compress the EXE and DLL files.

Modifications were done mainly to the NSIS script, to use new Pidgin variables and names. Many references to the original site http://PortableApps.com/GaimPortable were not changed, even in the quick splash image I made. In addition I just added my name in the source and version 🙂

There maybe some problems that I have not encountered, so you might want to use the official release from Portable Apps once it is released. They are the experts.

10 May 2007: Updated with GTK Theme Selector:

PidginPortable.zip md5sum: dabbfc11b03512e01d79fda935be8bb1 Updated below

Pidgin Portable and Theme Selector

*The GTK Theme Selector will override the settings by the Pidgin GTK Theme Control if used. If you don’t need the selector, simply delete the executable and it will disappear from the menu. The overwriting problem exists as I have to ask the Theme Selector to copy its settings written in settings/.purple/.gtkrc-2.0 to what Pidgin looks for: settings/.purple/gtkrc-2.0 (notice the dot before the filename).

I still can’t figure out how to enable aspell support so as you can see I have disabled the aspell download.

Continue reading My Version of Pidgin Portable

Why You Should Not Use Shared Passwords

You have probably heard this many times, your friend or someone told you that you should not use the same password for all of your website memberships. Perhaps they never told you why. I have seen people taking this for granted many times, using the same password even for online banking accounts! So I am going to let you know from a technical point of view, while being as simple as possible with my choice of words.

My points here directly relates to good database design, but as users you don’t have any choice and you are not even aware of what is happening at the server. Now let’s examine two scenario of how passwords can be stored in the database. For simplicity I only have 2 fields; username and password.

1. Bad Password Storage

Username Password
john j0hN78h#k-
jane j4n9K^jsla69

2. Good Password Storage

Username Password
john f03d03e0335dad4713cd5122eebb0738
jane 5844a15e76563fedd11840fd6f40ea7b

What are those?

The tables that looks like Microsoft® Excel worksheets above are indeed database tables. Database administrators can easily see the data in this format using any tool they have.

Why is one bad and the other not?

I mentioned that a database administrator can easily see the tables. For the bad example, he/she can simply see your password even though as you can see they are quite good passwords (containing lowercase, uppercase, numbers, symbols). For the good example, the password is stored using a one way hashing algorithm – the password is stored as something else.

Are all database administrators evil?

No they are not. But what if the database gets cracked? A malicious cracker can immediately see your password if the first example is used. It is fine if it is just a instant messenger account, or something not important but I have heard people losing money! Not because banks practices bad password storage, but because users use the same password elsewhere!

How to detect if a site is using bad password storage

Simple. If you try and use the Forgot password link, they send you your actual password. This means that they can read your password from the database. Good sites always reset the password to something else either directly via email or asking you to use a form. No, they will not tell you how they store the passwords, silly.

If the system can’t read my password how do I log on?

I mentioned a conversion process earlier called one-way hashing. Using the good storage practice, the database stores gibberish that can be reproduced only by your correct password. When you first set your password, it converts the text into the hash:

“j0hN78h#k-” => f03d03e0335dad4713cd5122eebb0738

From the storage examples, the exact, same hash can only be generated by the string “j0hN78h#k-” that only john knows. It is not stored in the database. When john tries to log in, the system will reproduce the hash f03d03e0335dad4713cd5122eebb0738 from what john entered. Even if he misses one characted, e.g. “j0hN78h#k” the hash becomes a98d3bfa2f9d11fb0bfcc6e6f7ae8b73. When the system compares this with what is stored in the database, it would not match and john receives an error!

Why do I write this?

I signed on to a service yesterday and my 32 character password got truncated so I had to use the Forgot Password function. The system sent me my actual truncated password and I immediately feel glad I didn’t recycle any of my current passwords! The moral from this article is that don’t share passwords between systems. If one site is cracked, you risk of compromising the others. I rather be using many different passwords than going through hundreds of sites changing my password if a site is compromised!

The email I received yesterday from a site that (still) practices bad password storage:

Hi Ady Romantika,

Thank you for forgot password request.
Your details are as below:
User Name: ady[at]romantika[dot]name
Password: xxxxxxxxxxxxxxx

Click Here to for Login into XXXXXXXX.

It is not 100% safe as well, if you use simple passwords based on dictionary words as malicious users can deploy the try and error technique, or even use a software to crack your password. Believe me, there are many software available that can do that today!

I hope this has been useful for everyone. Remember, practice safe computing.

Global Warming Effects Geeks Too

In the area where I live (and work) it has been so hot for quite while now. Since I am working in an air-conditioned office at work and in my home office I did not really realize how seriously the heat has become until I received multiple alerts from my SMART monitoring software.

Seagate disks have an extra SMART attribute BE, which means the number of °Celcius before the temperature of the drive reaches 100 (boiling point). The threshold is set to 45 by Seagate, which means that if BE value reaches 45 it is bad for the drive. This attribute balances with C2 (temperature). For example if the drive temperature is 40, C2 will read 40 and BE will read 60. This means that it takes 60 °Celcius more before I can boil water with the hard drive.

My Seagate Momentus has been reaching 55° Celcius for quite a while, and this means that the special attribute reading is now 45 – SMART failure. I am not too worried but I did get myself a notebook cooling pad.

SMART Failure

To make things worst, on Saturday night after a fun night with a bunch of close friends celebrating my birthday, the 2 drives connected at the primary channel on my development PCs started to have problems. This is based on logs as I went to sleep after reaching home that night. It was on Sunday morning I realized what have happened.

After some testing I found that the IDE cable was at fault. Pheww! Luckily not the disks! So I got myself some new IDE cables and now it’s running fine. This is what happen when the kernel can’t write to the disks:

crazyload.jpg

The processes keeps on hanging there waiting for their turn to write. I am however not very sure that heat can damage IDE cables as I have never heard of this being mentioned anywhere before.

Now I am in the process of scratching my head thinking on what to do to cope with this heat problem at my home office. Any ideas?

WordPress Plugin: Random Posts Widget

My better half was complaining that she can’t find a suitable plugin for displaying random posts on her sidebar. I tried to look myself, and there were some references to the plugin but nowhere to be found. One good plugin I found is Random categories with random posts by Mike Stickel but it uses categories which is not what we are looking for. Also, it requires tinkering with PHP codes which is not suitable for less technical bloggers.

So I went to analyze his code for a little while. What the heck, I’ll just create a simple widget version with no categories involved. So I took about 30 minutes to write this simple code with not so many options. It is a widget and configurable in the Sidebar Widgets page:

Random Posts Widget configuration

  • Widget title: the title of the widget
  • List types: ul for bulleted list, p for paragraph, br for paragraph with line breaks
  • Before title and After title: you have to find out what your theme uses before and after the widget headers. A simple way to do this is to identify a currently existing widget in your site and viewing the source. Find the title and see what is printed before and after. For example it might show as <h2>Widget Title</h2> which is used by most themes.
  • Post count: Number of random posts you would like to be displayed

Basically that’s it. It’s really a simple widget.

I don’t like to reinvent the wheel but since I can’t find any I just have to create one myself. Most probably I will have not so much time to maintain this plugin, but it is suitable if you are looking for a (very) simple plugin to display random posts.

You can download it from WordPress Plugins Directory: Random Posts Widget, or view online here: randomposts.php

Current Version: 1.5.0

Installation

Copy the file to the wp-content/plugins/widgets directory and activate it in the Plugins page. Then drag and configure it in the Sidebar Widgets page.

Warning: Will only work on widgets enabled blogs.

Change Log

  • 07-May-2007: Fixed a bug of displaying widget before and after tag
  • 14-Jun-2007: Fixed a bug where pages are also selected. Now it only displays posts.
  • 26-Jun-2007: Removed before and after configuration options, now taken from theme settings. Was broken for some themes with embedded class in the header tags. Reported by Guohua. Thanks.
  • 03-Aug-2007: Overhauled entire engine to optimize queries. This has been tested on a test blog with 50,000 posts on an old machine (Pentium III 600MHz) in maximum 3 seconds. Also removed duplicated results and added category to choose.
  • 04-Aug-2007: Fixed a bug where wrong permalink was displayed.
  • 10-Aug-2007: Fixed a bug where if 1 post count is selected an error occurred.
  • 27-Sep-2007: Added ability to detect database version (WordPress 2.3 has database changed) while maintaining backward-compatibility with 2.2.x

Live Free or Die Hard

As a long time Bruce Willis fan (you’ll know if you see my gravatar and IM avatars), I was thrilled when Azidin told me that a new Die Hard movie is going to be released this year. It is going to be the 4th installment to the Die Hard series, being the 4th.

I have never expected that Die Hard 4 would be made, since I read somewhere that Willis said there will be no more sequel.

It’s planned to be aired in 28 June 2007 in Malaysia. This is one of the movie that I will make pre-booking to watch.

IMDB entry: Live Free or Die Hard (2007)

WP-Cache and GoDaddy Hosting

I have several blogs hosted on GoDaddy servers.

If your WordPress blog is hosted on GoDaddy hosting, do not use the WP-Cache plugin or your site will intermittently produce Error 500 (Internal Server Error). I can’t spot the error even when I enable the error logs – there seems to be none!

I’ve heard similar complaints from other GoDaddy hosting users. One thing I am sure about is that the problem is not because of the combination of WP-Cache and WordPress 2.1.3 as I have blogs hosted elsewhere that works fine with this combination.

I guess I will have to dig deeper… when I can find the time! Anyway the server speed and stability so far is good without WP-Cache – which is what we want to achieve by caching the pages. Hopefully the blogs do not overload the server anytime soon.