Yahoo! Mail Unlimited Storage

Logging into my Yahoo! Mail today, I was surprised with a message “The storage meter is going bye-bye”.

Yahoo! Mail with unlimited storage

Yahoo! is still in the game of free emails. I am a Yahoo! Mail Plus user so I have access to POP and SMTP but I do welcome this upgrade!

After all, if free users get unlimited storage, what do paid users get? πŸ˜‰

Yahoo! Mail Storage Bar

My AdSense PIN Has Arrived

Despite of a shadowy day (the shadow is in my head) today, I am thrilled to learn that my AdSense PIN has arrived safely at my home. It felt good.

Google AdSense PIN

I’ve been busy and tired lately, this is a very big hurdle for a non full time blogger like me. Less and less time (and energy) to get online and write! The good news is that the cold is going away little by little.

My Version of Pidgin Portable

Latest Update click here.
I am a curious programmer, and was all the way wondering on how apps on PortableApps were made. Since Pidgin, the replacement for Gaim was released I was waiting for a while for Portable Apps but I guess they must be busy with the number off apps they have to handle.

So I went and analyze the Gaim Portable sources, read some info on Pidgin official site, downloaded NSIS and I managed to make it work! I was planning just to use it personally but as always I feel like sharing it.

You can download it here:

PidginPortable.zip md5sum: f4ea8c532f43166b7ef61ee915c1218e

Pidgin Portable in the Launcher

And if you want spell checking support, extract this to PidginPortable\App\aspell

aspell.zip md5sum: 19a0d7cf3a384e17b642825220121462

They are zip archives since I have not learned about the install files from Portable Apps yet.

The Pidgin files were copied from my local installation, by guidance from the Pidgin FAQ: Running Windows Pidgin From a USB Drive.

The installed size is around 8.48MB. Like Gaim Portable, I’ve utilized UPX to compress the EXE and DLL files.

Modifications were done mainly to the NSIS script, to use new Pidgin variables and names. Many references to the original site http://PortableApps.com/GaimPortable were not changed, even in the quick splash image I made. In addition I just added my name in the source and version πŸ™‚

There maybe some problems that I have not encountered, so you might want to use the official release from Portable Apps once it is released. They are the experts.

10 May 2007: Updated with GTK Theme Selector:

PidginPortable.zip md5sum: dabbfc11b03512e01d79fda935be8bb1 Updated below

Pidgin Portable and Theme Selector

*The GTK Theme Selector will override the settings by the Pidgin GTK Theme Control if used. If you don’t need the selector, simply delete the executable and it will disappear from the menu. The overwriting problem exists as I have to ask the Theme Selector to copy its settings written in settings/.purple/.gtkrc-2.0 to what Pidgin looks for: settings/.purple/gtkrc-2.0 (notice the dot before the filename).

I still can’t figure out how to enable aspell support so as you can see I have disabled the aspell download.

Continue reading My Version of Pidgin Portable

Why You Should Not Use Shared Passwords

You have probably heard this many times, your friend or someone told you that you should not use the same password for all of your website memberships. Perhaps they never told you why. I have seen people taking this for granted many times, using the same password even for online banking accounts! So I am going to let you know from a technical point of view, while being as simple as possible with my choice of words.

My points here directly relates to good database design, but as users you don’t have any choice and you are not even aware of what is happening at the server. Now let’s examine two scenario of how passwords can be stored in the database. For simplicity I only have 2 fields; username and password.

1. Bad Password Storage

Username Password
john j0hN78h#k-
jane j4n9K^jsla69

2. Good Password Storage

Username Password
john f03d03e0335dad4713cd5122eebb0738
jane 5844a15e76563fedd11840fd6f40ea7b

What are those?

The tables that looks like Microsoft® Excel worksheets above are indeed database tables. Database administrators can easily see the data in this format using any tool they have.

Why is one bad and the other not?

I mentioned that a database administrator can easily see the tables. For the bad example, he/she can simply see your password even though as you can see they are quite good passwords (containing lowercase, uppercase, numbers, symbols). For the good example, the password is stored using a one way hashing algorithm – the password is stored as something else.

Are all database administrators evil?

No they are not. But what if the database gets cracked? A malicious cracker can immediately see your password if the first example is used. It is fine if it is just a instant messenger account, or something not important but I have heard people losing money! Not because banks practices bad password storage, but because users use the same password elsewhere!

How to detect if a site is using bad password storage

Simple. If you try and use the Forgot password link, they send you your actual password. This means that they can read your password from the database. Good sites always reset the password to something else either directly via email or asking you to use a form. No, they will not tell you how they store the passwords, silly.

If the system can’t read my password how do I log on?

I mentioned a conversion process earlier called one-way hashing. Using the good storage practice, the database stores gibberish that can be reproduced only by your correct password. When you first set your password, it converts the text into the hash:

“j0hN78h#k-” => f03d03e0335dad4713cd5122eebb0738

From the storage examples, the exact, same hash can only be generated by the string “j0hN78h#k-” that only john knows. It is not stored in the database. When john tries to log in, the system will reproduce the hash f03d03e0335dad4713cd5122eebb0738 from what john entered. Even if he misses one characted, e.g. “j0hN78h#k” the hash becomes a98d3bfa2f9d11fb0bfcc6e6f7ae8b73. When the system compares this with what is stored in the database, it would not match and john receives an error!

Why do I write this?

I signed on to a service yesterday and my 32 character password got truncated so I had to use the Forgot Password function. The system sent me my actual truncated password and I immediately feel glad I didn’t recycle any of my current passwords! The moral from this article is that don’t share passwords between systems. If one site is cracked, you risk of compromising the others. I rather be using many different passwords than going through hundreds of sites changing my password if a site is compromised!

The email I received yesterday from a site that (still) practices bad password storage:

Hi Ady Romantika,

Thank you for forgot password request.
Your details are as below:
User Name: ady[at]romantika[dot]name
Password: xxxxxxxxxxxxxxx

Click Here to for Login into XXXXXXXX.

It is not 100% safe as well, if you use simple passwords based on dictionary words as malicious users can deploy the try and error technique, or even use a software to crack your password. Believe me, there are many software available that can do that today!

I hope this has been useful for everyone. Remember, practice safe computing.

Global Warming Effects Geeks Too

In the area where I live (and work) it has been so hot for quite while now. Since I am working in an air-conditioned office at work and in my home office I did not really realize how seriously the heat has become until I received multiple alerts from my SMART monitoring software.

Seagate disks have an extra SMART attribute BE, which means the number of °Celcius before the temperature of the drive reaches 100 (boiling point). The threshold is set to 45 by Seagate, which means that if BE value reaches 45 it is bad for the drive. This attribute balances with C2 (temperature). For example if the drive temperature is 40, C2 will read 40 and BE will read 60. This means that it takes 60 °Celcius more before I can boil water with the hard drive.

My Seagate Momentus has been reaching 55° Celcius for quite a while, and this means that the special attribute reading is now 45 – SMART failure. I am not too worried but I did get myself a notebook cooling pad.

SMART Failure

To make things worst, on Saturday night after a fun night with a bunch of close friends celebrating my birthday, the 2 drives connected at the primary channel on my development PCs started to have problems. This is based on logs as I went to sleep after reaching home that night. It was on Sunday morning I realized what have happened.

After some testing I found that the IDE cable was at fault. Pheww! Luckily not the disks! So I got myself some new IDE cables and now it’s running fine. This is what happen when the kernel can’t write to the disks:

crazyload.jpg

The processes keeps on hanging there waiting for their turn to write. I am however not very sure that heat can damage IDE cables as I have never heard of this being mentioned anywhere before.

Now I am in the process of scratching my head thinking on what to do to cope with this heat problem at my home office. Any ideas?

WordPress Plugin: Random Posts Widget

My better half was complaining that she can’t find a suitable plugin for displaying random posts on her sidebar. I tried to look myself, and there were some references to the plugin but nowhere to be found. One good plugin I found is Random categories with random posts by Mike Stickel but it uses categories which is not what we are looking for. Also, it requires tinkering with PHP codes which is not suitable for less technical bloggers.

So I went to analyze his code for a little while. What the heck, I’ll just create a simple widget version with no categories involved. So I took about 30 minutes to write this simple code with not so many options. It is a widget and configurable in the Sidebar Widgets page:

Random Posts Widget configuration

  • Widget title: the title of the widget
  • List types: ul for bulleted list, p for paragraph, br for paragraph with line breaks
  • Before title and After title: you have to find out what your theme uses before and after the widget headers. A simple way to do this is to identify a currently existing widget in your site and viewing the source. Find the title and see what is printed before and after. For example it might show as <h2>Widget Title</h2> which is used by most themes.
  • Post count: Number of random posts you would like to be displayed

Basically that’s it. It’s really a simple widget.

I don’t like to reinvent the wheel but since I can’t find any I just have to create one myself. Most probably I will have not so much time to maintain this plugin, but it is suitable if you are looking for a (very) simple plugin to display random posts.

You can download it from WordPress Plugins Directory: Random Posts Widget, or view online here: randomposts.php

Current Version: 1.5.0

Installation

Copy the file to the wp-content/plugins/widgets directory and activate it in the Plugins page. Then drag and configure it in the Sidebar Widgets page.

Warning: Will only work on widgets enabled blogs.

Change Log

  • 07-May-2007: Fixed a bug of displaying widget before and after tag
  • 14-Jun-2007: Fixed a bug where pages are also selected. Now it only displays posts.
  • 26-Jun-2007: Removed before and after configuration options, now taken from theme settings. Was broken for some themes with embedded class in the header tags. Reported by Guohua. Thanks.
  • 03-Aug-2007: Overhauled entire engine to optimize queries. This has been tested on a test blog with 50,000 posts on an old machine (Pentium III 600MHz) in maximum 3 seconds. Also removed duplicated results and added category to choose.
  • 04-Aug-2007: Fixed a bug where wrong permalink was displayed.
  • 10-Aug-2007: Fixed a bug where if 1 post count is selected an error occurred.
  • 27-Sep-2007: Added ability to detect database version (WordPress 2.3 has database changed) while maintaining backward-compatibility with 2.2.x

Live Free or Die Hard

As a long time Bruce Willis fan (you’ll know if you see my gravatar and IM avatars), I was thrilled when Azidin told me that a new Die Hard movie is going to be released this year. It is going to be the 4th installment to the Die Hard series, being the 4th.

I have never expected that Die Hard 4 would be made, since I read somewhere that Willis said there will be no more sequel.

It’s planned to be aired in 28 June 2007 in Malaysia. This is one of the movie that I will make pre-booking to watch.

IMDB entry: Live Free or Die Hard (2007)

WP-Cache and GoDaddy Hosting

I have several blogs hosted on GoDaddy servers.

If your WordPress blog is hosted on GoDaddy hosting, do not use the WP-Cache plugin or your site will intermittently produce Error 500 (Internal Server Error). I can’t spot the error even when I enable the error logs – there seems to be none!

I’ve heard similar complaints from other GoDaddy hosting users. One thing I am sure about is that the problem is not because of the combination of WP-Cache and WordPress 2.1.3 as I have blogs hosted elsewhere that works fine with this combination.

I guess I will have to dig deeper… when I can find the time! Anyway the server speed and stability so far is good without WP-Cache – which is what we want to achieve by caching the pages. Hopefully the blogs do not overload the server anytime soon.

Imation Disk Manager II

A funny story. I just bought myself a 4GB flash drive to substitute my old 128MB Imation flash drive. So I was trying to format the Imation drive when I found a big loophole to the software.

The Imation flash drive comes with a firmware that automatically creates an executable to run the Imation Disk Manager II software. You can make the whole disk public, separate the disk to 2 partitions (public & secured), and the whole disk secured.

imation1.jpg

For the secure partition you’ll need to run the software and enter a password if you want to access the files in it. I am not in the hacking business so I have no idea how secure it actually is. But this is another story, not about the secure partition.

After I have copied the files to the new location, I simply execute the software and it let me reformat the entire disk without asking for a password. Easy, but dangerous. If the drive falls into the hands of somebody clueless (say your 4 year old brother) or someone with bad intentions, you can say goodbye to your data πŸ˜‰

imation2.jpg

I was actually looking for looking for the Imation Swivel Pro flash drive but no shop in Low Yat have the 4GB version. They only have the 2GB version. I surely don’t think that the Imation Clip Flash Drive is available over there!

In the end I got myself a Sandisk Cruzer Micro 4GB drive which is a U3 compatible drive. Now I have Portable Apps and U3 in one drive πŸ™‚

New Header and Footer

I’ve just updated the header and footer for this site. At first I only changed the image but then the night scene was not quite suitable for the default header colors. So I decided to play around with Photoshop and make some color adjustments.

The header image was taken last weekend, when we went to the lake that separates Cyberjaya and Putrajaya to try some night shots after returning from the Community Club. We have been wanting to go there for a while and with a tripod in hand we got some pretty good shots. It’s about time we utilize the DSLR!

Here’s a bigger photo (click for a bigger image):

Wawasan Bridge Putrajaya at night

Unsolicited Mails

I hate it when I receive unsolicited mails such as this one. I have never registered for any services by this company, and most importantly I only use my disposable emails from Yahoo! to register for any untrusted services in the Internet.

So this is a human imbecile who harvested my email. I already have 2Mbps broadband. I was thinking of bombing their email with like a million messages a second but considering today’s computing and storage power I think it will just be useless and wasting my precious time.

spambroadband.jpg

Hmm… This low life company (so called Broadband Multimedia) is located in KL and have branches in Johore and Penang. I will never be a customer of a company who spams me without me asking for it. Never ever. I am guessing ez-marketing is an affiliate or a subsidiary who is specially created to spam Internet users. 😑

Kelab Komuniti Taman Tasik Cyberjaya

On Sunday afternoon we got bored at home and decided to go out, just anywhere. We finally decided in the car to go to Taman Tasik Cyberjaya, also to check out the latest addition, the Community Club. For non Malay speakers, Taman Tasik Cyberjaya translates to Cyberjaya Lake Park. Some people prefer to say it as garden but it’s more like a park to me.

The whole area was quite big, and I actually broke some sweat walking all the way from the park entrance to the community club. Yes, there are actually 2 different entrances (maybe 3) – one to the park and the other one to the community club. Since I was looking for the community club but parked at the park entrance I had to walk quite a long way.

Coming from Persiaran Multimedia (MMU road) we’ll first encounter the park entrance, as the community club entrance was actually further. But after we left the park and went to look for the community club entrance, we discover something new (at least for us) – that MMU has a second grand entrance at the back complete with the big sign and a guard post. Cool.

Click on continue reading for more…

Continue reading Kelab Komuniti Taman Tasik Cyberjaya

One Day Blog Silence

On April 30th 2007, the Blogosphere will hold a One-Day Blog Silence in honor of the victims at Virginia Tech. 32 innocent people died at the US college massacre.

One Day Blog Silence

I support this as a human, and since it has got nothing to do with religion, politics (hope not!) or anything else. Massacres are bad. I pray that it would never occur again anywhere in the world.

Can someone suggest to Ted to suggest the same for PPP and the posties? πŸ™‚

Hosting: Responsibility of Customer or Provider?

This post is specially dedicated to Exabyte’s latest customer newsletter, which provide very useful information on how customers could prevent servers from overloading and causing service downtime.

I do agree with what Exabytes have to say, and it is true that I noticed that when the services were down, it was indeed caused by processes using too many CPU and memory resources. However it must also be noted that not all users are efficient programmers, and sometimes the codes simply made to achieve a certain goal without considering the impact to the server resources. This is the user’s fault.

I guess you know that there is a big BUT coming: when I experience service downtime I can see that many many cron (task scheduler) jobs are running out of control on the server. Some of them were even a few weeks old. The processes are obviously user cron jobs. In this case there is a lack of policing activity from Exabytes. When a service is down, the engineers simply restart the service and not do any investigation on what caused the overload.

After receiving an email confirming that the service is already up, I usually go in and check the zombie processes and they are still there, hogging MySQL and CPU resources.

We need to keep in mind that not all users are technical and have shell access like me, and they might not even know that their application / cron job is causing any resource problems. So IMHO it’s the provider’s responsibility to alert users if such case happens.

Now I only serve images on the server, and the server in US actually checks if the user is from Asia and if the Exabytes server is up. If it’s up then the images will be served from there. If not then users will have to wait for images to load a little longer.

Click on continue reading to read the rest of this post.

Continue reading Hosting: Responsibility of Customer or Provider?