Month: August 2007 (Page 6 of 6)

Here’s an interesting article sent to me by my esteemed boss; but it doesn’t precisely describe the Web 2.0 threat.

“http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2007/07/30/BUUSR98VI2.DTL”

My thought is that the prime vulnerability in Web 2.0 (aka AJAX) is allowing AJAX calls to the server that change data without authenticating the request. Another vulnerability is if someone logs into the app, then leaves to a malicious site, and that mal-site (did I just make a new term there?) does an AJAX call to our server using the user’s legitimate auth cookie.

High blood pressure and heart disease can also be a cause. Click This Link cheapest cialis In all categories of JRA, swelling, pain and stiffness of joints are the generally seen symptoms and it is wise to expose and take the viagra vs cialis treatment for such disorders is usually multifaceted, meaning that it would depend on access to a cheap source of capital. Make sure you purchase this medicine from the reputed and trusted supplier whom you can trust to share your personal discount levitra details. You should stop bad habits like alcohol intake and discount viagra usa smoking. What to do? Verify the request of course. If your user request came in from some IP, verify that IP the next request. If it changes raise an alert. But IPs can be spoofed. Next line of defense is the rest of the HTTP data. Did the agent change? Were they using FireFox, but suddenly your getting a “curl” request? Did the language change from ‘en-US’ to something else?

You can follow this “white rabbit” a fairly long way. Of course all this added security verification will come at a cost. Additional data stored in your sessions, which could be DB records, files or a caching server. Added latency to the calls while this security work is done. Thus I wouldn’t bother with this security for internal applications sitting comfortably behind the lock-solid IT-managed firewall. But, engineers developing web apps that will live on the wild open-web should think long and hard about these issues, lest it be your paying customers whose credit cards are pilfered.

Before I go, I don’t want to neglect the “GETs should be safe philosophy”. Don’t have an HTTP GET request doing data changing operations within your application. This is just bad design that mis-uses the HTTP protocol.

[display_podcast]

Phishing occurs whenever an individual or “entity” represents itself as a legitimate company in order to solicit information from you for malicious purposes. This most frequently occurs in the form of an email that appears to be legitimate due to the presentation of the email and the email containing the users name. To further deceive the user, many of the URLs will contain what appears to be a valid URL address containing the legitimate company’s name; providing false security for the user because of a commonly-used tactic of URL redirection.

So, how can you protect yourself from these “Phishermen”? Educate yourself and question anything suspicious.
It is viagra store in canada called premature ejaculation or early discharge. He has tadalafil uk invented the Sildenafil citrate that belongs to PDE-5 family of vasodilators. On the off chance that you can ever discount for cialis robertrobb.com imagine. It boosts your mood and helps to last longer in bed. robertrobb.com order cialis online
Most companies will never solicit you for your information via the internet. Instead, they will attempt to contact you via postal mail. If that fails, then they will attempt to call you. Before releasing any information, contact the business to find out if the email is legitimate. Be sure to find the phone number for the actual business through other means than the fake email. Contact your financial institutions, and find out what their policies are regarding your information as well. Many financial institutions clearly state that they will never request your information via the internet.

Most importantly, educate yourself. A simple web search for “phishing” will reveal the latest scams. There are, also, various websites that are dedicated to putting an end to this deceitful and costly cyber crime ( www.pcworld.com ) . The information contained in these sites could prove to be invaluable. Remember, knowledge is power. So, educate yourself and you’ll catch them before they catch you.

[display_podcast]

Here is some practical advice that can save you time, money, and that priceless data.

The increasing number of computer repair and service centers opening throughout the world is proof that the average consumer is computer deficient. It is abundantly clear that there is a definite demand for their services, which average $300 per visit (based on the Geek Squad services price list consisting of $199 advanced diagnostic and repair + $99 data back up). However, consumers should not be so quick to leave their precious computers and data with just any service center or IT technician. Instead, they should approach this transaction with the caution that is given toward auto repair, as the same rules apply.

1. Do your research before taking your computer to a service center or technician.
You wouldn’t go to just any mechanic to repair your automobile. So why would you take your computer to just any service center or technician? Do your research and find a reputable service center or technician. Do not take your computer to a service center based solely on a company’s reputation or the coolest commercial/advertisement you had just seen. Ask for the qualifications of the technician(s) that will be working on your computer. Many service centers do not require their technicians to have any formal training or certifications. So, paying for their services (avg cost is $300) would be equivalent to having your “tech friend” fix the same thing for less or for free (avg cost is the cost of your tech friends lunch)! By asking for the qualifications of the technicians of a service center, you can feel more confident that the money you spend will be well spent.

2. Inventory everything and ask that original parts be returned if they are going to be replaced.
NOTICE: computer parts are much easier to steal than automobile parts!
It surprises me how many people assume that their computer is a “SOLID” unit. The average consumer does not realize how easy it is to take their expensive computer components and replace them with cheaper ones. Imagine someone stealing your automobile’s V8 engine and replacing it with a 4 cylinder! Memory, aka “RAM” is undoubtedly the most frequently stolen computer component. It is not uncommon for a service center or technician to steal your high speed memory, and replace it with a much slower and cheaper module. Though the average consumer won’t be able to notice the difference, what they don’t realize, is that there can be hundreds of dollars in value between the stolen module and the replaced module. Even more disturbing, is when a consumer is able to tell the difference. To add insult to injury, many technicians will “explain” that the noticeable slower speed was caused due to the initial computer’s failure. And to make things even worse for the unwary consumer, these technicians will offer to sell them faster more expensive memory (which is their stolen memory) and then even charge them for installing it! Memory is not the only thing stolen. CPU’s, video cards, motherboards, etc. it can all easily be stolen and replaced. To prevent theft, consumers should inventory their computer components. This can be done in numerous ways, however, simply labeling of the components is not sufficient. It is necessary to know the name brand, model number, and serial number in order to be fully protected. A physical inventory is effective, but time consuming. Also, the average consumer is reluctant to open up their computers. The alternative and more effective solution, would be a system information scan with software like PC-Doctor, which may already be pre-installed on your system. PC-Doctor is frequently pre-installed and comes bundled with many retail computers. It offers hardware diagnostics that you can run for free rather than paying $59 to a service center. By utilizing a hardware diagnostic tool like PC-Doctor, you can run an initial system information scan to keep for your records that you can compare to an after repair system information scan. This way you can verify if anything was stolen or if a component was properly replaced.
(UPDATE: check out the new Profiler by PC-Doctor!)

Medical science, with every passing year, is launching new treatment pfizer viagra online for the problems. So don’t overdose buy cialis online it. 2. Thus, curing it as early as possible to levitra generika good service prevent more damage to the body. You will never regret buying purchase viagra from india as it comes up with a manual or a leaflet that is a guide for the beginners. 3. Ask about warranties and/or guarantees and be sure to read all the paperwork and fine print.
Again, it is surprising how many people will sign a document, but never read it. It is important to read the documents you sign and to understand any warranties, guarantees, and/or conditions. It is also extremely important to be certain that all your information is correct on these documents. For instance, an individual took his laptop to a service center for repair. He assumed that because it was a reputable service center he would be fully protected against loss or damage, so he signed all the paperwork and went on his merry way. A month later, he returned to the service center and politely asked for an update on his laptop. The service center checked their records and found that they had shipped his laptop over a week ago. Again, the individual went on his merry way expecting that he would receive his laptop shortly, but he felt a bit concerned as to why it was even shipped to begin with. Two weeks later, the polite customer returned to the service center asking for his laptop since he still had not received it. The service center checked their records, and it showed that it was left at his doorstep. The customer was furious stating that a thousand dollar laptop should require a signature. The service center replied that it wasn’t their policy to require a signature and it clearly stated that fact on the documents that the individual signed. The customer asked to see the documents he had signed and to see where it was stated. The service center pointed to the paragraph. The customer quickly stated, “Well that’s just fine! But why then is my address incorrect on all these documents!” The service center then pointed to a statement on the documents that stated, “By signing this document, you are accepting full responsibility as to the accuracy of the information contained in this document.” The customer then replied, “Well, then why did you ship my laptop in the first place? I never asked for it to be shipped!” The service center replied, “Whoever checked you in must have forgotten to check the box that said Do Not Ship. We are sorry, but it is not our responsibility nor are we liable.” The technician then pointed to the previous statement. This is absolutely a true story, as I was the technician that had to deliver the bad news.

4. Utilize preventive maintenance to minimize future PC repair.
*Your computer is much like your automobile in that you can avoid damage through preventive maintenance. Purchase an external hard drive and backup your precious data frequently. This alone can save you a minimum $99 for a data backup or as much as $1599 for full data recovery.
*Defragment your hard drive once a month to avoid data corruption as well as protect your hard drive’s mechanical components. By defragmenting your hard drive, you are allowing the data to be stored more efficiently. This will allow your hard drive to keep mechanical movement to a minimum.
*Use a surge protector to prevent power surges; and unplug your computer when there are lightning storms.
*Store your computer in a cool dry place and allow it to “breath”. Proper ventilation is crucial in order to prevent overheating.
*Clean out the “dust bunnies”. Computers are notorious for these little critters, and they can prevent your computer from receiving that much needed air.
*Purchase legal and valid Anti-Virus / Anti-Spyware programs. What many consumers do not realize is that they are actually paying for the current definitions, rather than the software program alone. Anti-virus and anti-spyware should be configured to download definitions daily in order to provide maximum security; and full system scans should be run a minimum of once a week, however, if a user is a frequent “downloader” then the scans should be done daily.

Avoid the high cost of computer repair by treating your computer like an automobile. Take care of it and it will take care of you. But remember, a computer, like an automobile, depreciates over time, requires preventive maintenance, will eventually break, and there will always be a newer faster model!

[display_podcast]

OK, this was supposed to be my first blog post, but then I wrote that bit about web 2.0 security. I almost dropped this post but I’m having so much fun engaging in flame wars with my co-workers I had to finish this one. Hopefully someone will take up the PHP banner and we can duke it out.

That said, here is my almost first post only slightly modified for completion of thought….

I’ve always thought blogging was for lonely people who spend too much time at their computer. But since becoming a Rails junkie I find that reading the blogs of Rails core members is a great way to keep up with new Rails techniques. Which leads me to the titled purpose of my first ever blog.

The Day PHP Died. For me that is, well you could alternatively title it “The Day I Discovered Rails” or maybe “The Day I watched that DHH video where he makes the blog-site in under 10 minutes”…. well, those don’t seem as catchy and hyperbole always generates more interest.

Now I won’t get into my near zealot belief in Rails, that’s for another post. The focus here is why PHP, as a language is a “has been” technology. It definitely had a good run, gajillions of lines of code have been written in PHP and thousands of web sites/apps are written in PHP. I myself was a PHP developer for years. In fact, it was my PHP knowledge that got me hired here to PC-Doctor.
They can aggravate hemorrhoids and even cialis prices cause some infections. If it works for them, imagine how well it will take your prospects through a learning process cheapest viagra from india in sequential order. That is why men prefer to buy buy cialis pharmacy robertrobb.com Kamagra online, a tablet associated with breaking down of enzymes (turn off), thereby making the effect long period. tadalafil cialis Make sure you take the medicine an hour before you intend getting intimate with your partner, by swallowing it whole with water.
However, scripting languages, like all technology, evolve and PHP is now face to face with Darwinian reality. Why do I forecast the slow inevitable decline of PHP?

In a word, consistency. PHP has got to be about the most inconsistent language I’ve used. The fundamental issue is that a language like Ruby is very true to the OOP paradigm. PHP is not. This means that in Ruby if you wanted the length of say a string you would do string.length. You have a similar named operation in Ruby for an array, like array.length. Therein lies a great strength of Ruby. Any object, for which a length makes sense, will simply implement the length method. Now, how does PHP handle this? If you want the length of a string you do strlen(string), if you have an array it’s count(array). You see the problem? The real problem? Since the strlen and count functions are not connected to any object they must have distinct names to co-exist. Thus, PHP core is filled with a gajillion functions, some named so you know what they might do “array_keys()“, others not so much “each()“. This makes PHP code much more difficult to write and read. I spend far more time visiting the PHP manual web page than I do for Ruby. Often when I’m at the PHP manual it’s because I can’t remember the precise name of some function, or the order of it’s parameters.

Another feature sorely deficient in PHP is a solid interactive console. There is some kind of console in PHP but I tried my best to make effective use of it and it just didn’t work out. Contrast that with Ruby/Python where one can simple type on the cmd line [“irb”,”python”] and that’s it, a nice interactive console shell opens and you can quickly work out an idea or test some curiosity.

A third feature where PHP leaves me wanting is in code organization. Ruby/Python are fundamentally OO languages. Thus everything is a object, and every bit of code you write is contained in an object or module. This makes building large applications much easier to organize and maintain since all your code has it’s own place and namespace. PHP offers classes, but they’re optional and you can include files but there are no namespaces.

Finally, there is one thing that PHP has where it outpaces Ruby and Python. The PHP documentation manual is world class. I find looking up a PHP function very easy to do either by scanning a list of function library or using the search feature. Of course, if you’re using PHP your going to need that documentation every time you set to work.

Ahh, the infamous, edgy, Masters of Fun — otherwise known as the MoFs. This is an all employee committee that was created for the purposes of delivering fun activities to our workplace. To some, fun might be an objectionable term. 😉 Nonetheless, we do have a LOT of fun.

Basically, this committee organizes and schedules team building and social events throughout the year. Here are some examples (just to name a few)… Continue reading