30th April, 2008 at 12:40 PM PDT · Filed under Code, PHP
Although you can use variables within strings in PHP, you can’t do functions. Well, not quite. If your function name begins with a dollar sign ($), it works fine. You can exploit this to call non-object functions such as htmlspecialchars.
24th April, 2008 at 08:54 PM PDT · Filed under Security, Software
Although OpenID’s ubiquity is still growing, we already live in a world of “single-sign on,” although in a much smaller scope. Take Google for example: your one Google account authenticates you to your email, RSS feeds, stocks, Adsense, Analytics, and anything else you use. While that makes life easy for you, that one login gives you your life history through all the services you use. Now, if someone else got a hold of your login information, they could change the login password and your alternative email address so that you would be unable to login to or recover your account. Not only that, if your login details were stolen, for example, because you were using Google Talk, it’s not only your Google Talk account that you would have lost: it’s your entire Google account.
However, I think there’s an easy solution to this. Analogous to a well-configured Linux system, you don’t log onto root unless you intend on modifying some important part of the system. By sticking to a lowly, regular user account, you don’t give yourself privileges that you do not need. This model could work just as well for website logins. While you still keep the same login name, services should allow its users to assign alternative passwords that provide different sets of credentials. For example, my 2nd password would only allow me access to my messenger account and nothing more. If that password gets stolen, I can login with my “root” password and remove that compromised login. While all of my contacts may have been deleted or stolen, the attacker never had access to my email account.
I think it’s a novel idea. Now, if only MSN and Google would implement it! That way, I might be able to use one of the only decent IM programs for Pocket PC (they all connect through a company’s proxy).
20th April, 2008 at 01:49 AM PDT · Filed under Design, Software
Well, apparently as of Adobe Photoshop CS3 Extended, 3D models can be imported and videos can be edited. Obviously, as Photoshop is an image manipulation program, it is not exactly the best suited for these tasks. However, if you don’t have the resources to use other programs, then I suppose these features could come in handy. It makes me wonder whether Adobe is running out of enhancements to add though.
The following is a 3D model of a school bus rendered in Photoshop (wireframe mode) and animated into a video. Don’t get too excited now…
I just noticed that RapidShare had implemented a CAPTCHA with cats and dogs (I haven’t been to RapidShare.COM for a while). Their original one wasn’t that hard to break. The new is interesting because it requires a human to recognize the animal that is shown. Computers can’t do that.
But it looks to be still weak. It appears that Rapidshare uses the same image for the cat and dog for every CAPTCHA. It would be easy for a program to find the cat and dog images on the CAPTCHA, extract them, identify them, and remove them from the image so that the text can be very easily OCRed. Maybe if RapidShare distorted the image, used different fonts, added random lines, and used different images for the animals, then they would have a real chance against those automated download programs. In fact, I wouldn’t be surprised if it already has been broken.
Edit: Well, (unfortunately…) it appears they have now added distortion and blurring… >.>
10th April, 2008 at 02:01 PM PDT · Filed under Software
For a long time now, I have been using ByteDropper to quickly upload files to an FTP server without having to boot up an entire FTP client. ByteDropper isn’t alone in its category though; there are several other programs that do basically the same. However, ByteDropper is the best in my opinion. Files can be dragged into the program to upload to any of the pre-configured server profiles, and once the file has been transferred, ByteDropper will provide you a URL to copy and paste. The closest competitor is written in .NET, but it’s a little too slow during boot up to be of much use.
No one seems to know about ByteDropper though. Google returns only two entries for the program, one being the official website and the other a Norwegian forum. I have no clue how I found ByteDropper myself to begin with, and I can assure you that I don’t visit Norwegian forums, less understand Norwegian. ;) ByteDropper’s free, so check it out!
9th April, 2008 at 08:27 PM PDT · Filed under Software
I am curious as to whether anyone knows how to change the interface font of Microsoft Outlook 2007 from Segoe UI(?) to something else, such as Tahoma. It drives me mad that the font in Outlook 2007 clashes with every other program on my system. Oh the inconsistency—ERRGH! One of the reasons I turned off Windows Vista’s Aero theme, other than primarily for performance reasons, was that half of the dialogs still used Tahoma while the rest used Segoe UI. At least when Microsoft chose to make the change from MS Sans Serif to Tahoma, the fonts were relatively similar. (I actually held off on enabling ClearType for a while because the jagged characters of MS Sans Serif, which was common in use at the time, were jarring to the eye when shown next to a ’smooth’ font.)
I’d use Mozilla Thunderbird+Lightning if the combination had more features. Lighting is especially problematic with some of its bugs, eating up my calendar events when I was working with several repeating ones. Most importantly, ActiveSync and Windows Mobile Device Center do not support Thunderbird/Lightning out of the box (and I don’t find BirdieSync, the only available option, worth either my money or RAM).
