Pidgin 2.0.1 Released

Have you heard? Pidgin 2.0.1 has just been released two hours ago (as of the time of writing – 25 May 2007 20:10 GMT). This release fixed various bugs, where 112 tickets were closed. Go here to see the Milestone page and here to download Pidgin.

However my most waited enhancement is not in this release. Maybe some day.

I shall be building and testing my version of Pidgin Portable soon.

I have updated my version of Pidgin Portable to use Pidgin 2.0.1 🙂

PayPerPost Direct

Well well well. PayPerPost has just introduced a new service called PayPerPost Direct (PPP Direct).

If you’re crazy about making money via blogging, blog ads, or anything related then you should really check it out. If you are already a PPP postie then I guess it needs no introduction. PPP has certainly came a long way, and is rapidly growing to be one of the best bloggers’ tool to make money.

PPP Direct is actually a tool where advertisers can contact bloggers directly and offer something to write on. Opposite to the traditional PPP where bloggers must choose opportunities that were offered, PPP Direct offers a direct button or link on your blog for advertisers to make you an offer. Much like ReviewMe, but different in many ways.

First, the revenue margin for PPP direct is very high where PPP charges only 10% of the amount you charge the advertiser. 5% of that goes to Paypal and credit card processing fee. This also means that the advertiser can use their credit card to pay for your post, meaning this is quick and easy for the advertiser. This is indeed very different from ReviewMe which takes half of your hard-earned money. In my opinion, this is one of the biggest advantage of PPP Direct and many people will have positive reaction about this.

Next, you’ll be paid immediately after your post got approved by the advertiser. Yay! And if the advertiser does not approve (or negotiate) your post within 4 days – it’ll be automatically approved. Yay!

You’ll have the ability to negotiate with the advertiser, if you feel that the request is not reasonable or you feel that your post should cost more.

Finally this is my own opinion, but I think PPP staff is more proactive and serious in handling the operations. There are many other services but the services are slow, and the staff and rules are really difficult to deal with.

Go ahead, try it out now! If you are not a member use the link on my sidebar to register. Also don’t forget to check out PPP blog where they made a very very nice video introduction to the service 🙂

Imagine Hiro Yelling “Bonsai”

I am working at night this week and as always as I want to enjoy the “lunch” my wife prepared for me I would look for something to watch. Searching for Heroes I found this clip containing an interview with Masi Oka (Hiro Nakamura) and Milo Ventimiglia (Peter Petrelli):

The script originally contained the word “Bonsai” and luckily Masi Oka is fluent in Japanese (he goes to weekend school to learn Japanese). Just thought it is interesting.

4.0Mbps Streamyx?

I was browsing through some blogs when I found myself on this particular post in doBot’s blog. Here’s the official announcement.

Familiar Malaysian forums have been discussing this for a while, and as usual I’m left behind again. Some of them mentioned that the 4Mbps is nothing if TMNet still decides to limit/throttle traffic especially for P2P users. I’m actually neutral in this P2P throttling issue, even though I am a heavy bittorrent user. Why? Well actually the number of broadband users in Malaysia is not that high, and most concentrated only among savvy Internet users. If most of these users are using P2P daily and TMNet does no policing act on it, the whole Streamyx infrastructure will most probably overload. This, is not deniable due to the incompetency of TMNet but IMHO every company deserves a chance to improve themselves, provided that they are trying to improve.

As I read everywhere in the media, TMNet is heading a committee for the second submarine link (I don’t remember the project name). That is indeed very good if it can provide us a secondary pipe and a fail-over mechanism. I have no idea but I am really hoping that this will widen our International link in a massive scale.

On the introduction of the 4Mbps link, I think it is to soon if no International link upgrade has been done. If anyone from TMNet can enlighten me that would be great, as I have no idea of what is going on in there that they actually decided to offer the 4Mbps package.

The price of RM268 is indeed quite high, but it is very reasonable IF AND ONLY IF there would be a huge improvement to speed and reliability. I know users in some other countries pay a lot more for broadband, and of course some pay less. It’s really just business and you can’t really do much about it. I’d pay RM268 if the service is good and reliable, with superb customer support. I guess I’ll just wait and see before running to the nearest TM Point.

If you want to be the first to test this service, go quick as they are offering RM198 before 17 June 2007. I need your feedback on the service before deciding. Oh yes, check the availability/coverage in your area first before even thinking about it. And of course, you have to be with 3km or less from the exchange 😉

I wonder how they would consider/calculate a package upgrade?

What do you think… would you go for this package?

What Are .ISO Images

Have you ever downloaded a file with the extension .iso and have no idea what to do with it? It has been not once, not twice, but at least 6 times I have provided a .iso file to a friend / family member and the .iso file ended up to be a single file on the CD/DVD. I know there are many computer users out there who still have no clue about .iso images.

ISO Image

Newer CD/DVD burning applications usually will associate .iso files so that when you click on such file the software will launch and open the CD/DVD burning wizard. However, most often than not I see the files having ‘unknown’ icons and not associated with anything.

A normal user will encounter .iso files much less often than geeks like me. But there are circumstances where .iso files are needed. One good example is when I was asked for a MS-DOS boot disk for a laptop without any floppy drive. So I just took a bootable .iso image I created a while ago and send it via e-mail (the size is not that big, just about the size of a floppy).

So the .iso file usually ended up in a CD/DVD rather than the files in it.

Simply put, an .iso file is an image, sort of an archive to house many files in it. It is an exact image of a CD/DVD file system. I know some gamers who use illegal games have utilities like Virtual DAEMON Manager to mount .iso images and fool the game that there’s a CD/DVD inside the drive.

Tools like IsoBuster can also help Windows users to see (and extract) the files contained in .iso images.

So next time when you receive an .iso image don’t burn it using the normal burning wizard. For Nero, use the Recorder > Burn Image menu:

Using Nero to burn .iso image

For more geeky technical reading on mounting .iso images on Linux, click on Continue Reading

Continue reading What Are .ISO Images

Freaking Out Over Tests

What kind of shopper are you? When you have something in mind do you just go and buy it without any research? I used to be like that until I made several mistakes buying things not worth the price!

I’ve found this site TestFreaks, and they are in Alpha mode. The contents that they are offering looks promising and perhaps before my next gadget shopping I will refer there for my decisions.

Since I own a DSLR (Nikon D50), my friends seek my advice for deciding what kind of camera they want. Hey I am no expert, but merely a beginner. After this what I will do is either refer them to the digital camera reviews available at TestFreaks.com. Or better, I can go there and give advice to my friends like an expert 😉

Naughty, eh?

New Metrics & Ranking System

I was alerted by Firefox earlier today to update one of the plugins I use: SearchStatus. It is a plugin which displays Google PageRank, Alexa Rank, and the latest update includes Compete Rank.

SearchStatus plugin with Compete Rank

It turns out Compete has been around for quite a while now. I am surprised why I never heard of them. According to the about page, the service has been created in 2000.

Five main areas provided by Compete are:

  • Compete SnapShot™
  • Compete Search™
  • Compete Toolbar™
  • MyCompete™
  • Compete Blog™

The technology looks promising, and I am going to register to use MyCompete. Why don’t give it a try?

Compete Logo

This is definitely NOT a sponsored post!

WordPress 2.2

WordPress 2.2 has just been released about 14 hours ago. There are a lot of new goodies with this release, among the big ones are Integrated Widgets, Full Atom support, New Blogger importer, Infinite comment stream, protection against plugins or edits that will break your blog, and also a hook for a future WYSIWYG support in Safari.

There are a bunch of new features for developers too. Looks like I will have to check my simple random posts widget plugin whether it still works in 2.2.

WordPress 2.2 also marks the total obsoleteness of my blogger rss import plugin 😉

Now I have to find time to upgrade all blogs I maintain. I own only one blog, though.

My AdSense PIN Has Arrived

Despite of a shadowy day (the shadow is in my head) today, I am thrilled to learn that my AdSense PIN has arrived safely at my home. It felt good.

Google AdSense PIN

I’ve been busy and tired lately, this is a very big hurdle for a non full time blogger like me. Less and less time (and energy) to get online and write! The good news is that the cold is going away little by little.

Domain Marketplace

Are you running a specific online business, or at least planning to have one? Do you realize the importance of having a good, catchy domain name for your business?

I had several experiences (good and bad) when it comes to buying special domains. Once I was even involved in a fraudulent domain purchase transaction which costs USD10k (I’m at the buying/victim side!) for a very catchy short domain name. Our mistake was that we bought the domain from an ordinary guy, and not from a real company.

It was a dumb decision indeed, and I was strongly involved in the decision making process. Who would turn down such a good deal for a very good domain. Believe me it was good but for obvious reasons I can’t mention it here.

I found a very good marketplace, which specializes in domain buying and selling – BuyDomains.com. They have been around for quite a while now (since 1999) as I researched a bit about them in the Internet.

They provide highly valuable articles as well, such as Five Key Considerations, How To Build Your Brand Online, and E-Commerce Basics for Small Businesses.

In the end, if you bought any domain from BuyDomains.com, you can also engage with their partners for Website Building. If you’re serious about your business you need to consider making some investments in good domain names and website. Trust me, it’s important.

My Version of Pidgin Portable

Latest Update click here.
I am a curious programmer, and was all the way wondering on how apps on PortableApps were made. Since Pidgin, the replacement for Gaim was released I was waiting for a while for Portable Apps but I guess they must be busy with the number off apps they have to handle.

So I went and analyze the Gaim Portable sources, read some info on Pidgin official site, downloaded NSIS and I managed to make it work! I was planning just to use it personally but as always I feel like sharing it.

You can download it here:

PidginPortable.zip md5sum: f4ea8c532f43166b7ef61ee915c1218e

Pidgin Portable in the Launcher

And if you want spell checking support, extract this to PidginPortable\App\aspell

aspell.zip md5sum: 19a0d7cf3a384e17b642825220121462

They are zip archives since I have not learned about the install files from Portable Apps yet.

The Pidgin files were copied from my local installation, by guidance from the Pidgin FAQ: Running Windows Pidgin From a USB Drive.

The installed size is around 8.48MB. Like Gaim Portable, I’ve utilized UPX to compress the EXE and DLL files.

Modifications were done mainly to the NSIS script, to use new Pidgin variables and names. Many references to the original site http://PortableApps.com/GaimPortable were not changed, even in the quick splash image I made. In addition I just added my name in the source and version 🙂

There maybe some problems that I have not encountered, so you might want to use the official release from Portable Apps once it is released. They are the experts.

10 May 2007: Updated with GTK Theme Selector:

PidginPortable.zip md5sum: dabbfc11b03512e01d79fda935be8bb1 Updated below

Pidgin Portable and Theme Selector

*The GTK Theme Selector will override the settings by the Pidgin GTK Theme Control if used. If you don’t need the selector, simply delete the executable and it will disappear from the menu. The overwriting problem exists as I have to ask the Theme Selector to copy its settings written in settings/.purple/.gtkrc-2.0 to what Pidgin looks for: settings/.purple/gtkrc-2.0 (notice the dot before the filename).

I still can’t figure out how to enable aspell support so as you can see I have disabled the aspell download.

Continue reading My Version of Pidgin Portable

Why You Should Not Use Shared Passwords

You have probably heard this many times, your friend or someone told you that you should not use the same password for all of your website memberships. Perhaps they never told you why. I have seen people taking this for granted many times, using the same password even for online banking accounts! So I am going to let you know from a technical point of view, while being as simple as possible with my choice of words.

My points here directly relates to good database design, but as users you don’t have any choice and you are not even aware of what is happening at the server. Now let’s examine two scenario of how passwords can be stored in the database. For simplicity I only have 2 fields; username and password.

1. Bad Password Storage

Username Password
john j0hN78h#k-
jane j4n9K^jsla69

2. Good Password Storage

Username Password
john f03d03e0335dad4713cd5122eebb0738
jane 5844a15e76563fedd11840fd6f40ea7b

What are those?

The tables that looks like Microsoft® Excel worksheets above are indeed database tables. Database administrators can easily see the data in this format using any tool they have.

Why is one bad and the other not?

I mentioned that a database administrator can easily see the tables. For the bad example, he/she can simply see your password even though as you can see they are quite good passwords (containing lowercase, uppercase, numbers, symbols). For the good example, the password is stored using a one way hashing algorithm – the password is stored as something else.

Are all database administrators evil?

No they are not. But what if the database gets cracked? A malicious cracker can immediately see your password if the first example is used. It is fine if it is just a instant messenger account, or something not important but I have heard people losing money! Not because banks practices bad password storage, but because users use the same password elsewhere!

How to detect if a site is using bad password storage

Simple. If you try and use the Forgot password link, they send you your actual password. This means that they can read your password from the database. Good sites always reset the password to something else either directly via email or asking you to use a form. No, they will not tell you how they store the passwords, silly.

If the system can’t read my password how do I log on?

I mentioned a conversion process earlier called one-way hashing. Using the good storage practice, the database stores gibberish that can be reproduced only by your correct password. When you first set your password, it converts the text into the hash:

“j0hN78h#k-” => f03d03e0335dad4713cd5122eebb0738

From the storage examples, the exact, same hash can only be generated by the string “j0hN78h#k-” that only john knows. It is not stored in the database. When john tries to log in, the system will reproduce the hash f03d03e0335dad4713cd5122eebb0738 from what john entered. Even if he misses one characted, e.g. “j0hN78h#k” the hash becomes a98d3bfa2f9d11fb0bfcc6e6f7ae8b73. When the system compares this with what is stored in the database, it would not match and john receives an error!

Why do I write this?

I signed on to a service yesterday and my 32 character password got truncated so I had to use the Forgot Password function. The system sent me my actual truncated password and I immediately feel glad I didn’t recycle any of my current passwords! The moral from this article is that don’t share passwords between systems. If one site is cracked, you risk of compromising the others. I rather be using many different passwords than going through hundreds of sites changing my password if a site is compromised!

The email I received yesterday from a site that (still) practices bad password storage:

Hi Ady Romantika,

Thank you for forgot password request.
Your details are as below:
User Name: ady[at]romantika[dot]name
Password: xxxxxxxxxxxxxxx

Click Here to for Login into XXXXXXXX.

It is not 100% safe as well, if you use simple passwords based on dictionary words as malicious users can deploy the try and error technique, or even use a software to crack your password. Believe me, there are many software available that can do that today!

I hope this has been useful for everyone. Remember, practice safe computing.

Global Warming Effects Geeks Too

In the area where I live (and work) it has been so hot for quite while now. Since I am working in an air-conditioned office at work and in my home office I did not really realize how seriously the heat has become until I received multiple alerts from my SMART monitoring software.

Seagate disks have an extra SMART attribute BE, which means the number of °Celcius before the temperature of the drive reaches 100 (boiling point). The threshold is set to 45 by Seagate, which means that if BE value reaches 45 it is bad for the drive. This attribute balances with C2 (temperature). For example if the drive temperature is 40, C2 will read 40 and BE will read 60. This means that it takes 60 °Celcius more before I can boil water with the hard drive.

My Seagate Momentus has been reaching 55° Celcius for quite a while, and this means that the special attribute reading is now 45 – SMART failure. I am not too worried but I did get myself a notebook cooling pad.

SMART Failure

To make things worst, on Saturday night after a fun night with a bunch of close friends celebrating my birthday, the 2 drives connected at the primary channel on my development PCs started to have problems. This is based on logs as I went to sleep after reaching home that night. It was on Sunday morning I realized what have happened.

After some testing I found that the IDE cable was at fault. Pheww! Luckily not the disks! So I got myself some new IDE cables and now it’s running fine. This is what happen when the kernel can’t write to the disks:

crazyload.jpg

The processes keeps on hanging there waiting for their turn to write. I am however not very sure that heat can damage IDE cables as I have never heard of this being mentioned anywhere before.

Now I am in the process of scratching my head thinking on what to do to cope with this heat problem at my home office. Any ideas?