software

You are currently browsing the archive for the software category.

Facebook and Security issues - 12 Golden Rules

December 31, 2008 in social networks, software | 1 comment

All social network platforms have by nature the embedded risk of getting your personal data stolen or misused. Copy & Paste is just too easy not to speak about digital “methods” for an automatic sniffling of personal data. It is a personal decision if one wants to post his data or not - I personally prefer to see my posted data on the net rather than finding any surprises on Google posted by someone else or related to an individual with the same name.

I believe however that it shall be a human right that everyone has full control over his data and knows exactly who has the right to get legal access to them.

One of the major reasons of Facebook’s success story is the wealth of applications users can easily add to their profile pages:

Quizzes, little games, IQ tests, polls, etc. - there are thousands of these gadgets available. And once you have added an application, your friends are encouraged to add it too. Most of today’s users (at less 90% of my friends/contacts) do not avoid spamming and they send out a recommendation for each and every application they install. Facebook growth is currently around 100K users a week(!) and almost everyone of them (including myself) has installed one of this applications.

I spent some time yesterday to have a look at the programming interface for Facebook. It’s not true that anyone with a basic understanding of web programming can write an application, but I have to admit that it is not too complicated. I was quite surprised to see that the self programmed applications have to run on your own server and not on the Facebook platform. Even though this is a quite modern approach with the benefit of an excellent workload balancing, it has the clear risk that data are leaving the Facebook platform and can easily be stored outside of Facebook without the enduser really realising this fact. - I know that Facebook themselves teach their users to analyse very carefully which application to install, but let’s be honest, how many (especially non technically interested) users are influenceable by these footnotes and hints?

The issue and the danger of this gadget applications is that you can’t know what they are doing in the background: whatever they might look like, in the background, they can collect personal data and most important those of your friends, storing them in an own database on an own server or sending them out by emailing them to a different server.

When people add an application, unless they say otherwise (and again I bet that more than 99.9% of the users won’t decline), it is given access to most of the information in their profile. That includes information you have on your friends even if they think they have tight security settings.

Did you know that you were responsible for other people’s security?

I’m not a guru programer but I’m developing programs as a hobby and even though I do not know about any application misusing data it seems easy - really easy - for an average developer to do so. Because the applications run on a third-party serves, not run by Facebook - it is difficult for the company to check what is going on, whether anything has changed, and how long applications store data for and what they do with it. Facebook’s terms and conditions contain a warning that this could in theory happen, and offer the option to stop an application from accessing your details, many games and quizzes would not work if this option is engaged.

In fact, the only way we can see of completely protecting yourself from applications skimming information about you and your friends is to erase all the applications on your profile and opt to not use any applications in the future. If Facebook is right that they have efficient mechanisms in place to check for unusual behaviour of an application,an insecure application can spread like a (computer virus) and it might be too late waiting for a detection by Facebook.

  1. Don’t subscribe to social networks ;-)
  2. Assume that the personal information and photos you display will be publicly available and not just available to specific friends. Make your choice what to post based on this Golden Rule.
  3. Strong Passwords, always! - It may seem obvious but make sure you use a strong password for your account. Also, I suggest to use a separate password for fast growing platforms like Facebook. The people who want to offend you are using successful platforms.
  4. Secure your birth date - Birth dates are often required to validate your identity. Under Profile, you can choose to not display your birthday - you should at least not post your year of birth.
  5. Privacy Profile Settings - I suggest setting the Profile Privacy > Basic to “only me” for items: Education Info, Work Info and Profile Privacy > Contact Information to “no one” for items: Mobile Phone, Land Phone, Current Address, Email. You may want to display your website address for advertising, but be than aware what further information your have already published on that platform.
  6. Privacy Application Settings - Each Facebook application has similar settings to those of the Privacy settings. New applications are being added everyday. Its difficult to define a set policy. However, I suggest you remove any unwanted applications and/or limit there settings as required. It might be very useful in future to have spend this extra time on carefully reviewing the rights you give to an application.
  7. Privacy Search Settings - Depending on your use of Facebook, you may not want to be publicly visible or you may want to limit what information is available to all users (i.e. your picture, friend list etc.). We recommend changing the search settings from “everyone” to “friends of friends”. You may also want not(!) to tick “view your friends list”.
  8. Privacy News Feed and Mini-Feed Settings - Control what stories about you get published to your profile and to your friends’ News Feeds. You may not want to display information such as joined groups etc.
  9. Joining Groups & Networks - be cautious when joining groups and which authorisations you give to the group.
  10. Think carefully about who you allow to become your friend. Once you have accepted someone as your friend they will be able to access any information about you (including photographs) that you have marked as viewable by your friends. You can remove friends at any time should you change your mind about someone.
  11. Show “limited friends” a cut-down version of your profile. You can choose to make people ‘limited friends’ who only have access to a cut-down version of your profile if you wish. This can be useful if you have associates who you do not wish to give full friend status to, or feel uncomfortable sharing personal information with.
  12. Disable options, then open them one by one. Think about how you want to use Facebook. If it’s only to keep in touch with people and be able to contact them then maybe it’s better to turn off the bells and whistles. It makes a lot of sense to disable an option until you have decided you do want and need it, rather than start with everything accessible.
  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

Tags: , ,

Wishlist Butler!

December 23, 2008 in divers, software, wishlist butler | No comments

wlb Wishlist Butler!
It’s Christmas time! Kids are looking forward to Santa Claus and (a lot) of adults are posting their wish lists on amazon.com and similar services. There is nothing wrong with these services (they are even pretty sophisticated - however they are solely reduced to their own products).

‘whishlistbutler.com’ is slightly different! Besides the fact that the side is run by a Luxembourgian citizen on a Swiss server should already be argument enough that his service is just different and by the end secure and cheap - or at least that you will get value for money ;-).

‘whishlistbutler.com’ was originally designed to set up and manage a “private” wishlist for the purpose of a wedding gift registry. As the idea worked out having been excepted by a large audience the service was continued and can these days be used for the same purpose or a baby shower, a birthday wish list, a to-do list if you do not care about money, etc.

You can set up a wish list in less than a minute and share this list with all your colleagues, friends and relatives, basically with whomever is in the possession of an email.

The main advantage of ‘wishlistbutler.com’ is that it is not(!) bounded to any specific webstore.

‘whishlistbutler.com’ has been kept as simple as possible, and you are not required to create a user account. Just copy the link provided after the creation of the wishlist and send it to your friends, allowing them to see all your wishes. A second “secret” weblink is provided to you for administration purposes.

Your friends can grant the wishes and provide you with feedback if they want to do so. Granted wishes are marked as “taken” in the wish list.

The service is free of charge, but in case you need a specific and a ’serious’ wish list you can donate a few bucks to the author and you will get a version without any advertisements.

whishlistbutler.com‘ is a great idea and of pretty much value to me. I wish the idea will be spread and I’m looking forward to seeing how things are developing and going for this service in 2009.

  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

Tags: , , ,

Firefox 3.0.4 for Mac OS X released

November 13, 2008 in browsers, os x, software, w3 | No comments

Firefox 3.0.4 fixes several issues found in Firefox 3.0.3:

  • Fixed several security issues.
  • Fixed several stability issues.
  • Official releases for the Icelandic and Thai languages are now available.
  • Beta releases for the Bulgarian, Esperanto, Estonian, Latvian, Occitan, and Welsh languages are available for testing.
  • Updated the internal Public Suffix list.
  • Fixed an issue where the IME input tool used to enter Japanese, Korean, Chinese and Indic characters was covered by the “Add Bookmark” panel. (bug 433340)
  • Enabled additional EV root certificates. (bug 451305)
  • Fixed an issue where some passwords saved using Firefox 3.0.2 did not work properly. (bug 457358)
  • In some cases, Firefox would not properly save proxy settings for protocols other than HTTP. (bug 446536)
  • See the Firefox 3.0.3 release notes for changes in previous releases.

See the complete list of bugs fixed.

  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

Tags: , ,

How to open .7z files on a mac (SevenZip)

November 9, 2008 in software | No comments

7z is a compressed archive file format that supports several different data compression, encryption and pre-processing filters. The 7z format initially appeared as implemented as a Windows solution. Both the 7-Zip program and a library to read the 7z file format are publicly available under the terms of the GNU Lesser General Public License.

The MIME type of 7z is application/x-7z-compressed.

For Mac OS X the following tool helps decompressing seven-zip encoded files:

http://sixtyfive.xmghosting.com/products/7zx/

  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

Tags: , , ,

SVN for Wordpress and its plugins

October 5, 2008 in cms, linux, shell scripts, software, w3 | No comments

Go to the root of your webserver and type

svn co http://svn.automattic.com/wordpress/trunk/ .

You need to have svn installed - if not yet done the following command should do this for you.

aptitude install subversion

If you want to update your Wordpress plugins remotely through your linux server, you have to install them through SVN. Go to your plugin-in folder (ususally: ../wp-content/plugins/) and type

svn propedit svn:externals .

(Please note that the period at the end is important).

Your editor of choice should now open and you have to integrate your wished plugins. Find below one example:

akismet http://plugins.svn.wordpress.org/akismet/trunk/
flickr-slideshow-wrapper http://plugins.svn.wordpress.org/flickr-slideshow-wrapper/trunk
sociable http://plugins.svn.wordpress.org/sociable/trunk/
google_sm http://plugins.svn.wordpress.org/google-sitemap-generator/trunk/
lightbox-2 http://plugins.svn.wordpress.org/lightbox-2/trunk/
wp-security-scan http://plugins.svn.wordpress.org/wp-security-scan/trunk/
snapshot http://plugins.svn.wordpress.org/snap-shots-for-wordpressorg/trunk/
syntaxhighlighter-plus http://plugins.svn.wordpress.org/syntaxhighlighter-plus/trunk/
twitter-tools http://plugins.svn.wordpress.org/twitter-tools/trunk/

Please not that I’m using here the ‘trunk’-version, which are the latest development and might contain bugs. You can alternatively specify /tags/XYZ/ - XYZ being the release version you want to install.

After having saved your new entry you have to go back to your root folder (e.g. by cd ../..) and then please type:

svn up

The system will now download the latest version(s) and you only have to (re-)activate your plugins within Wordpress.

A regular updating with ’svn up’ will keep your plugins updated.

  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

CoverScout From Equinux

July 9, 2008 in itunes, software | No comments

equinux CoverScout From Equinux

CoverScout from equinux is a great piece of software helping you for small money to get your iTunes library tuned and optimized. First this software helps you to get covers from different sources: amazon.com, google.com etc. Furthermore it ensure that the cover pictures are stored in EVERY file. iTunes itself stores the pictures in a way, which is quite difficult do understand, not to say more. You can realize this if you want to use your pictures with different media (e.g. your car, other DVD mp3 players, hardware as the Sonos Digital Music System.

Ensuring manually that all pictures are stored in each file is not only a question of time. If you have more than one thousand entries in your iTunes library, I swear you can just forget to get 100% quality by trying to do it on your own. Although in case you would achieve accuracy in this task, it will mean that you spend just too much time on ot.

For less than 30 bucks, CoverScout helps you to achieve this task smoothly and even with fun. the grafical user interface is great and myself being a developer or having worked as developer I believe the price is really modest as this small piece of software works as charm.

  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

Tags: , , , ,

RapidWeaver 4.0 Released

June 8, 2008 in cms, os x, rapidweaver, software | No comments

The wait is over, realmacsoftware.com released their new version 4 of RapidWeaver.

RapidWeaver is a revolutionary piece of web design software made exclusively for the Mac. It’s the perfect choice for creating and publishing beautiful, modern sites, compliant with today’s web standards.

Quickly and easily create and maintain standards-compliant websites from start to finish. Built for new users and seasoned web developers, RapidWeaver gives you the flexibility to get your website online fast without having to compromise.

  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

Tags: , ,

DRM Dumpster (weird service)

May 12, 2008 in itunes, software | No comments

The company www.burningthumb.com advertises DRM Dumpster is the legal way to convert DRM tracks your iTunes music library to standard files. DRM Dumpster uses a CD-RW and iTunes itself to convert all of your DRM music files to standard format files (MP3, AAC, Apple Lossless, AIFF, WAV) that you can use with any music player.

So far so good. I tried the demo and converted a couple of tracks and then bought the full license to convert my whole iTunes library for my mac OS x for $24.95.

Unfortunately I encountered severe issues. The software is burning CD-RW (tried different media) but is afterwards not reading the written information (i.e. null expected 10). DRM Dumpster just continues to erase the CD-RW and to restart with the next songs. I would expect - as the software does recognise that something went wrong - that I’ll be prompted before continuing.

Meanwhile I found MAC MP4-Converter from Ahamediasoft doing an excellent job with a different but similar approach (using virtual CD-ROM drive instead of real CD-RW media).

This said, I contacted customer service from burningthumb.com and kindly ask them if they can revoke my serial and refund my paypal account. Usually I’m made excellent experience in the past with most customer services who do refund you, if you’re polite and if you explain the reasons (software is not working properly). Find enclosed the surprising answer I got from their service department:

The problem you experience happens to some people due to iTunes getting busy on the Internet. The solution to that problem is to turn off your network connection. Then it will work fine.

It is explained in the document named IMPORTANT Read First.rtf under the TroubleShooting section (shown again for you below) as point #5 which I have highlighted:

Troubleshooting:

The first thing to do is try these steps:
1. Re-check all the settings for iTunes and the System Preference described above
2. Make sure you have unconverted protected music - *not* audio books since books are not supported
3. Make sure you have a brand new name brand CD-RW *not* a CD-R or low cost CD-RW (you can order DRM Dumpster
from us on a High Speed CDRW that we know works).
4. Restart your Machine
5. Turn off your Network Connection so that iTunes does not get busy performing network operations
6. Launch DRM Dumpster
7. Tab to the field titled Identify protected tracks by looking for this word in Kind: and press the delete key to leave that field blank
8. Make sure the field titled iTunes burns CDs using: File (Burn Playlist to Disc)
9. Then Dump DRM again.
10. If that does not solve the problem contact us directly via email at support@burningthumb.com

Since you did not first follow the trouble shooting please try it again following all those steps and you will see it is working fine.

That’s funny, isn’t it? First of all I believe that I did reboot my machine last time after installation of Leopard 10.5.2. ;-). Turning off network might be a solution to the technical issue but it’s not a solution for the end user. I’m basically buying software help to avoid switching CD-RW all the time and having the possibility to continue working! And yes, most probably I’ll need network connection for my jobs?!?

That’s weird, isn’t it. After replying them again that this in my understanding a software buck, they replied me the following: That is why we have a free demo that converts 30 tracks. So people can try and decide before they make a purchase.

If you want I can offer you an exchange for something else but unfortunately its your responsibility to try the software and make sure you like it before you make a purchase so we don’t do returns based on that preference that you have expressed.

Well, I leave it up to them. 25 bucks do not bother me too much, but at least I want to inform those of you, who are thinking about buying this piece of wonderful service what might happen to you if you test the free demo with less titles than fitting on one CD.

Please leave a comment or link to your blog in case you experienced similar issues.

  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

Tags: ,

Backup Of Joomla, Drupal, EE, Wordpress, etc.

March 23, 2008 in shell scripts, software | No comments

It doesn’t matter what you’re running as CMS, forum or blog. Most software solutions are based on an Apache2 Server and a mySQL database. But only a few people are aware of appropriate backup solutions.

I hope below script will help people, who are not yet familar with rootserver, and are used to reinstall their systems (guess why I do know this ). Below two scripts will help you on creating a backup for your mySQL database and creating a dump of your whole web presentation files.

Below script will do the necessary BACKUP for you:

#!/bin/bash
# BACKUP SCRIPT FOR ROOTSERVERS
#
# ASSUMPTIONS:
# data stored in a mysql database (dumping and taring DB)
# webfiles (taring all webfiles)
#
# save this script e.g. web_backup.sh
# don't forget to chmod 700 web_backup.sh
# execute script via ./web_backup.sh
#
#
# DO NOT STORE FILES IN WEB ROOT FOR SECURITY PURPOSES!
#
# THIS SCRIPT IS OPENSOURCE
#
# written by Jeannot Muller
#
# mailto:jeannot.muller@ramgad.com:
# http://www.ramgad.com
#
#
# Version 2.1 (23th March 2008)

# DATADECLARATION
HOSTNAME=localhost
DB_NAME='db_name'
DB_USER='db_user'
DB_PASSWORD='db_password'
BACKUP_PATH_DB='xxx'
BACKUP_PATH_WB='yyy'
BACKUP_NAME_DB='database'
BACKUP_NAME_WB='webroot'
WEB_ROOT_PATH='/var/www/'
FTP_DEST='backup999.onlinehome-server.info'
FTP_USER='ftp_user'
FTP_PWRD='ftp_pwrd'
FTP_PATH_DB='/db_backup/'
FTP_PATH_WB='/wb_backup/'

# BUILDING TIMESTAMP FOR ALL FILES
TIME_STAMP=`date +%m-%d-%Y-%Hh%M`

# DATA CLEANSING
# (delete all files older than 20 days)
find $BACKUP_PATH_DB -name "*.tar.gz" -mtime +20 -exec rm -f {} \;
find $BACKUP_PATH_WB -name "*.tar.gz" -mtime +20 -exec rm -f {} \;

# EXECUTING DUMP FROM MYSQL
cd $BACKUP_PATH_DB
mysqldump --opt -c -e -Q -h$HOSTNAME -u$DB_USER -p$DB_PASSWORD $DB_NAME > $BACKUP_NAME_DB.sql

# COMPRESSING: DUMP AND ADDING TIMESTAMP
tar czpf $BACKUP_PATH_DB/$BACKUP_NAME_DB.$TIME_STAMP.tar.gz $BACKUP_NAME_DB.sql

# MOVING TO WEB_ROOT
cd $WEB_ROOT_PATH

# COMPRESSING ALL WEBROOT FILES (and copy latest version)
tar czpf $BACKUP_PATH_WB/$BACKUP_NAME_WB.$TIME_STAMP.tar.gz *
cp $BACKUP_PATH_WB/$BACKUP_NAME_WB.$TIME_STAMP.tar.gz $BACKUP_PATH_WB/$BACKUP_NAME_WB.tar.gz

# BACKUP TO EXTERNAL SERVER
ftp -n $FTP_DEST <<SCRIPT
quote USER $FTP_USER
quote PASS $FTP_PWRD
binary
put $BACKUP_PATH_DB/$BACKUP_NAME_DB.$TIME_STAMP.tar.gz $FTP_PATH_DB/$BACKUP_NAME_DB.$TIME_STAMP.tar.gz
put $BACKUP_PATH_WB/$BACKUP_NAME_WB.$TIME_STAMP.tar.gz $FTP_PATH_WB/$BACKUP_NAME_WB.$TIME_STAMP.tar.gz
quit
SCRIPT
exit 0

Below script will do the necessary RESTORE for you:

#!/bin/bash

# RESTORE SCRIPT FOR ROOTSERVERS
#
# ASSUMPTIONS:
# correct Datadeclaration
#
# save this script e.g. web_restore.sh
# don't forget to chmod 700 web_restore.sh
# execute script via ./web_restore.sh
#
#
# DO NOT STORE FILES IN WEB ROOT FOR SECURITY PURPOSES!
#
# THIS SCRIPT IS OPENSOURCE
#
# written by Jeannot Muller
#
# mailto:jeannot.muller@ramgad.com
# http://www.ramgad.com
#
#
# Version 2.1 (23th March 2008)

# DATADECLARATION
HOSTNAME=localhost
DB_NAME='db_name'
DB_USER='db_user'
DB_PASSWORD='db_password'
BACKUP_PATH_DB='xxx'
BACKUP_PATH_WB='yyy'
BACKUP_NAME_DB='database'
BACKUP_NAME_WB='webroot'
WEB_ROOT_PATH='/var/www/'

# CLEANSING WEBROOT
cd $WEB_ROOT_PATH
rm -R *

# COPYING BACKUP INTO ROOT
cp $BACKUP_PATH_WB/$BACKUP_NAME_WB.tar.gz $WEB_ROOT_PATH

# DECOMPRESSING FILES
tar xfvz $WEB_ROOT_PATH/$BACKUP_NAME_WB.tar.gz

# DELETING SOURCE IN ROOT
rm $WEB_ROOT_PATH/$BACKUP_NAME_WB.tar.gz

# RESTORE DATABASE
mysql -h$HOSTNAME -u$DB_USER -p$DB_PASSWORD $DB_NAME < $BACKUP_PATH_DB/$BACKUP_NAME_DB.sql
  • Digg
  • del.icio.us
  • Google
  • MisterWong
  • Technorati
  • Mixx
  • Propeller
Sphere: Related Content

Tags: , , , ,

© 1995-2009 Dr. med. Jeannot Muller (Europe)