Gmail now with default HTTPS

This is good news for security conscious folks. GMail now comes with https set as default. From ZDNet:

A day after confirming a major security breach by Chinese hackers looking for GMail account information, Google has turned on default “https:” access for its popular Web mail service.

Google had previously added the option for GMail users to “always use https” back in July 2008 but it was turned off by default.

At least you can also count on the Chinese hackers to force securities measures to be put up.

Google Nexus One

What’s all the hoopla surrounding the Google Nexus One smartphone? The numbers are in after 1 week. The Nexus One sold just 20,000 units in its first week. Not exactly solid numbers compared to other phones. From ZDNet.

That compares with 250,000 units sold for the Motorola Droid and 60,000 units sold for the T-Mobile myTouch 3G in their first week, according to the research.

It pales in comparison with Apple’s iPhone GS.

Wondering about the Apple iPhone 3GS, by the way? That’s 1.6 million in its first week, according to the study.

Not exactly a great start, but how you finish, I guess.

PHP 5.3.1 Released

If you are a fan of PHP, things are getting better. PHP 5.3.1 was just released containing over 100 bug fixes. From Marc Plotz article:

The most significant and security-conscious addition in PHP 5.3.1 is the inclusion of a max_file_uploads INI directive, making it possible to limit file uploads per request to 20 files by default. This is extremely important in circumventing denial of service (DoS) attacks.

If you have not heard of denial of service attacks, the basic principle is that a website gets pounded with hundreds or even thousands of requests at the same time, thus rendering the server essentially useless because all of its sources are being consumed in serving the attack. Thus, a user having unlimited upload possibilities certainly could bring a production server to its knees by constantly uploading something like one hundred files repeatedly from various machines.

You could in effect have 1000 or more files being uploaded at the same time, and a slow or shared server will not handle that well at all. Even a dedicated server would struggle considerably. So, what max_file_uploads does is make sure that no more than 20 files can be uploaded at a time on that server.

Other bug fixes include missing sanity checks around EXIF (exchangeable image file format) processing, while Rasmus Lerdorf himself fixed a safe_mode bypass in tempnam(). An open_basedir bypass in posix_mkfifo() was also repaired, along with the failing safe_mode_include_dir. You can see the CHANGELOG for more details.

The 3-D Movie Experience

After watching Avatar in 3-D three weeks ago, I can’t possibly go back to the two-dimensional movie experience. From now on, I hereby decree all movies to be in 3-D. Well, just the blockbuster ones. I would have love to have seen any of the Star Wars, Lord of the Rings, Pirates of the Caribbean, Spiderman and Batman series in 3-D. By the way, I still have the 3-D glasses in my car. Souvenirs!

Hidden Watermark

I just read an article about 5 Useful Free Plugins for Gimp. One plugin is called Hidden Watermark with a couple of sample images. If you look at the original image and the watermarked one, you can’t really tell difference, until you open up and verify the image. I thought the purpose of a watermark is two-fold: to copyright your images, and to display credit.

The Hidden Watermark plugin covers the first, but not the second. Without a visible watermark, anyone can unknowingly infringe on your artwork. I rather have a visible watermark. I know I’ve stopped using images because I’ve seen watermarks on them. I’m sure others do the same. All the more reason to leave a visible watermark.

Just a personal preference.

Magic Jack 2.0

I’m not exactly sure what the next version of the Magic Jack will be called, but the latest iteration of the popular phone device has a feature that will make the Magic Jack device work with cell phones. It basically works like a mini cell tower. The Magic Jack device recognizes cell phones within 8 feet. You punch in a special code and it connects your cell phone with the Magic Jack. You can then place unlimited calls via internet for free. The new Magic Jack works with any GSM phone from AT&T and T-Mobile. The bad news is most phones from Verizon and Sprint will not work.

Read More