I logged in to my mail today and found a dozen notifications of new user registrations — I have things set up so that I get an email whenever anybody registers an account on this site. While its exciting to see so many subscribers actually taking the time to register on my site, I was suspicious from the get-go. Call me paranoid, but read on.
I opened the emails up and saw that all of them had weird usernames and email addresses (I won’t post what they were as they could be used to cause damage elsewhere). My geek-sense tingled and alarm bells went off, so I quickly logged in here to see if everything was alright. All was well except that there was an update to Wordpress (2.6.2) available. I checked the release notes and, you guessed it, there was mention of an “exploit” that allowed an attacker using specially crafted usernames (and email addresses I assume) to change another user’s password (presumably mine) to a randomly generated one. This can only happen if you allow visitors to register an account on your Wordpress blog.
Because the new password is random, the attacker doesn’t know it — that’s why, as the release notes say, this isn’t much more than a nuisance in that it doesn’t give the attacker access to the account. However, grouped with a weakness in the mt_rand() function, an attacker could potentiallyguess the new randomly generated password.
The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.
– Wordpress development blog
So if you’re using Wordpress version 2.6.1 and allow open user registrations, you should definitely upgrade as soon as possible. Get the latest version, or if you’re like me, you can use the Wordpress Automatic Upgrade plugin, which works like a charm.
I’ve been playing around with Ubiquity since the day it came out, and I’ve been working on making some routine tasks easier with it.
This time, its a currency conversion command that will get the current approximate value of one currency in terms of the other that you enter. An example command that will convert, say, 10 USD (American dollars) to PKR (Pakistani rupees) is:
currency 10 USD PKR
This will then give you the result right in the Ubiquity window, with no need to open a new tab.
I wanted to use XE’s Universal Currency Converter (UCC) but their terms of use, as I understood them do not allow for automatic extraction of data from their site. This command currently uses Google’s currency converter from iGoogle; be sure to read the disclaimer, as well. If you have a suggestion for a better alternative, I’d be glad to hear it!
To be able to use this command, you need Ubiquity installed and also have to ’subscribe’ to this. Click here, and Ubiquity will present you with an information bar across the top of the window; clicking on the “Subscribe” button will add this command to your subscriptions and you can then start using it right away.
Here’s a screenshot of the Ubiquity command window using this command (click for larger version);
As with all other Ubiquity commands, typing in just part of the command is sufficient for it to understand what you mean — but this, of course, depends on what other commands you have that start with the letters “curr”. You can also take a look at the source code.
Wishing a very happy and blessed Ramadan to everyone all over the World!
It’s a time meant for inward thought and reflection — a time to teach yourself self-restraint and learn to last a (large part of the) day fasting, which is much more than just not eating anything.
The card you see on the right was sent to me by Shahzad Khan (of dehog fame). Click to see the bigger version.
Like this Ubiquity to Ping.fm command? You might also like my currency converter for Ubiquity - check it out!
I often use Ping.fm to update my status across Twitter and Facebook at the same time instead of logging in to each of them and doing it one after the other — it’s the simple things in life that make it better!
And with the Mozilla Labs Ubiquity project (which I will write more about later), a combination of the two was bound to happen! Presenting, Ping Ubiquity which allows you to post to Ping.fm with just a few keystrokes using the Ubiquity add-on (for Firefox) by Aza Raskin.
Installation
To use it you need to have Ubiquity installed (get it here). To install the Ping.fm commands, go to this page, and Ubiquity should recognize that there are some commands for it on there. You will see a bar across the top that will allow you to ’subscribe’ to the commands by clicking the “Subscribe…” button that appears. Ubiquity will then present you with a confirmation page with a warning that this is an untrusted source. I give you my word that these commands do nothing to violate your privacy, and only work to allow you to post to Ping.fm via Ubiquity. You can look at the source code, too!
You will have to set-up your Ping.fm API key in order to be able to use this application with your account. See the command examples below for how to do this.
Commands
To setup your API key, you can either select the key in the browser and type (in Ubiquity) the following:
pingfm-key this
OR — Copy your key and use the command:
pingfm-key <paste your key here>
You can also clear your saved API key by using the following command and hitting Enter:
pingfm-key-clear
To post to your Ping.fm account, use the following command
pingfm (trigger) <your post here>
For example, to post to Twitter, you would use
pingfm @tt This is an update via Ubiquity and Ping.fm!
Or, to post to Facebook, use
pingfm @fb is amazed at how easy things are now!
Log & Updates
September 2, 2008
You might get an error when setting your Ping.fm app key with this command. That’s means my API key has not yet been approved for userbase access by the guys over at Ping.fm, so please bear with me. If you can set you app key, then all is well and you can post all you want!
Planned feature: Ability to get list of last 5 (or 10?) posted updates from Ping.fm. Would love to get some input on this.
August 29, 2008
Release. No planned features exist currently. If you have any suggestions, I’d love to hear about them!
If you’re not sure what Ubiquity is, check out the video below for some examples of what it can do.
People complain honesty doesn’t exist anymore, but what would the World be like if we all really did speak our minds? “Honesty” is a series of shorts by Brit McAdams & Dave Steck depicting a World where everyone says exactly what they’re thinking.
Here’s one from an auto mechanic shop. The script, I think, is great — it’s one of those situations where people are very likely to be thinking one thing and saying something else.
These might not necessarily be funny - but then the cold hard truth seldom is. The thing that struck me is that it feels people really are like this sometimes. We rarely think of people other than ourselves, and many conversations–especially with people we don’t know very well–are so phony, everyone can feel it. The problem, I think, is that people are too caught up in their own World (and problems) to be much interested in what the person opposite is all about.
But I guess it’s human nature to feel “attached” to other people, and making a show of caring about others as much as we do satisfies that. Maybe I’m just cynical. But don’t you think the people around us deserve more attention than we really give them? I think so.
The following series aims to cover some basics on how to improve the security of your email address. Inside, I will try to cover some good ways with which to protect the most important part of your online presence, ie. your email address; following that will be some good password suggestions, advice on how to prepare for a disaster beforehand, and dealing with it after it has happened.
Please do leave a comment and let me know what you think!
Having an email address hacked can elicit different responses from different people. Some just think it’s a terrible inconvenience to not have their name as their email anymore, while some may worry about who hacked in the first place. The fact of the matter is that not many people realize the significance of their personal email address and the implications of it getting hacked, for any and all intents, whether criminal or just amusement.
An email address – especially if it’s the only one you have – can potentially contain a timeline of what you do online. Website registration emails, personal and even business dealings, newsletters and subscriptions can all be pieced together to develop a sufficiently accurate description of who you are.
While that is in itself adequate motive to be careful with your email address, it’s not the only reason to be cautious. If stolen, your personal information can be misused heavily, with you bearing the price. For many people, the email address is the chink in the online armor, and once a hacker has access to that, he or she can potentially access other online resources which you keep information with. The “forgotten password” feature can be used maliciously to gain access to another databank once the hacker has your email address.
Your email address is one of the most important things to protect online. If the thought of a pimply script-kiddy in a far away land snooping through your email sends a chill up your spine, following are some tips and advice to help you secure your email address and keep it private.
Time management is a pain - simple as that. I speak from experience! Whether you’re a freelancer working by the hour or just a geek trying to analyse your computer usage trends, RescueTime is a great software+service that can help you manage your time without any data entry.
I’ve been using the program for quite a while now, and I recently wrote a review of the service for Geekish.
The developers have done a great job of making a simple, easy to use app that does its job well. RescueTime runs in the background and only notifies you if an update is available, and with its 2MB memory footprint, it is basically an install-and-forget program. It’s a great app that can help you and your business become more productive with time management, and I recommend you at least give a try to see what it can do and how it can help in day to day use.
I just always assumed this to be the case, but apparently there was some confusion as to whether software developers who release their code under a free software license can file a copyright infringement claim.
SAN FRANCISCO - In a crucial win for the free software movement, a federal appeals court has ruled that even software developers who give away the programming code for their works can sue for copyright infringement if someone misappropriates that material.
Depending on the license covering the code, misuse could range from redistribution without attribution, reselling or reuse of the code in other works.
The thing people trip over most is understanding what the “free” in free software means. The Free Software Foundationsay “Free software is a matter of liberty, not price. To understand the concept, you should think of free as in free speech, not as in free beer.” That means it is not necessary that the freedoms set by the OSI and FSF apply to all the software you can download for zero price.
The ruling, as I understand it, applies to the developers who release their software and its code under a license that allows other people to look at, modify, and/or redistribute the original authors work without having to obtain permission or paying royalties.
It’s that time of year again — 14th August! A time for celebration, reflection and a lot of that awesome green shade from our flag!
While the creation of Pakistan is certainly enough cause for celebration, I think this independence day also brings with it a warning — a note of caution, if you will. We as a nation need to rethink some things, and quickly.
Our country is under threat from many different angles, internal and external. There is no doubt that we would be nothing without our country, and as cliche as it sounds, we are part of Pakistan, and Pakistan is part of us. Each and every Pakistani owes sincere gratitude to the Quaid-e-Azam and all other people who worked with him to gain independence.
But let’s forget the red jhandis and the Mickey Mouse flags for a second. Where is the country headed? Where are we, as a nation, headed? Do we really — I mean, really — realize the importance of Pakistan?
The slogan Pakistan zindabad, (translation: long live Pakistan) has been transformed into Pakistan se zinda bhaag (translation: get out of Pakistan alive). I’ve got nothing to say to that mainly because, I think, that this sentiment has its roots in lost hope. There is no national sense anymore; if you ask someone for help, the first thought is (generally) “What can I get out of this?” We’ve lost hope - we don’t believe in anything anymore. That needs to be fixed, and in my opinion, the best place to start is with yourself, don’t you think?
So please; Sing the national anthem at school, stand up when it’s played at the movies. Respect the flag; respect the people who made independence possible - and for God’s sake, please don’t make dirty jokes about the founding fathers of our country. Listen to the stories of people who migrated from India; think about the people who helped them. Don’t be ashamed of our culture or our language. Urdu is our language (our mother tongue) and there is absolutely no reason to be ashamed of using it.
I’ll leave you with a quote that can perhaps sum up what I’m trying to say.
Ask not what your country can do for you - ask what you can do for your country.
– John F. Kennedy (1917 – 1963)
Happy independence day, everyone! Long live Pakistan!
I’ve been playing around with 
Time management is a pain - simple as that. I speak from experience! Whether you’re a freelancer working by the hour or just a geek trying to analyse your computer usage trends, 
