devdude.com

devdude.com http://devdude.com Technology news, opinion, security info and rants. en February 15, 2008 devdude@devdude.com Homeland Security??? Back in May of this year the House Homeland Security Committee sent an inquiry to DHS officials in regard to DHS's ability to thwart cyber-attacks against their network infrastructure. The questions asked were to ascertain if the DHS had already been compromised by cyber-criminals. At the time of the questions being submitted to the DHS a spokesperson from the department had this to say: <blockquote> "DHS takes the security and protection of its information and networks very seriously,"Â Larry Orluskie, a DHS spokesman, told FCW.com. "We've taken many significant steps to ensure the integrity of our information systems." </blockquote> These are the questions that were submitted to DHS: * What responsibility does the CIO have over DHS' networks? What is the CIO's relationship with the chief information security officer and with the CIOs and CISOs of DHS' component agencies? * What are DHS' information security policies and incident response plans? * How many and what types of incidents has DHS reported to the U.S. Computer Emergency Response Team, including those occurring between 2004 and 2007. * Has DHS taken an inventory of each connection to the network both inside and outside the departmental firewall? Does a complete network topology diagram exist? * Has DHS conducted internal and external penetration tests on its systems and made copies of all reports describing the vulnerabilities? * Has DHS has implemented a secure coding initiative and tested the security configuration for its software and Web applications? * What has the CISO's annual budget been since 2003? * What are DHS' top three initiatives for securing the agency's networks and how is the department measuring those? Last month the 2006 Federal Information Security Management Act (FISMA) report card was issued. In this report card the DHS was given a grade of "D" for their information security. This report was created by Rep. Tom Davis (R-Va.). A recent review by GAO investigators has found that the US-VISIT database, the system that screens people who want to visit the U.S. for potential terrorists and criminals had no security controls on it at all. You would think that a database as important as the US-VISIT DB would be protected by all means. Maybe the departments name should be changed to, "Homeland Insecurity!" http://www.devdude.com/blog/Homeland_Security.html June 21, 2007 COWS Ajax COWS (Changeable Origin Web Services) This API is way cool. The description and the possibilities of COWS is too much to explain. Visit the site and see for yourself. <a href="http://cows-ajax.sourceforge.net/"/>COWS Ajax</a> The most significant feature of COWS Ajax is it breaks the "same origin policy" without creating any new security concerns. http://www.devdude.com/blog/COWS_Ajax.html June 9, 2007 Rounded Corners for DIV Tags Ever wanted those cool looking rounded corners for your DIV containers? Here is a simple pure CSS solution just for that. I can't take credit for this bit of code but I also can't remember where I picked it up. <div id="rnd_container"> <div class="rnd_content"> Rounded corners using a complete CSS solution. </div> </div> Get the code in the codedump section of the site. http://www.devdude.com/blog/Rounded_Corners_for_DIV_Tags.html May 18, 2007 Out of Windows... On to Linux? Lately I've seen blog posts about how some have made the jump from Windows to Linux. I've read the details of their conversion with some very well documented details of how they did it. The details of their geeky trek are very interesting to a fellow geek and there is a lot of good info for others who wish to make the switch to Linux. Their reasons for abandoning Windows are usually the same. Window is not secure enough, it's not smart enough, it's not reliable enough and of course compared to Linux it's expensive, seeing that Linux is FREE. Ok, I agree with the Linux geeks, all those things are true about Windows. Windows has had problems for years but the one thing Windows has over all other OS's, it is easy to use. Let me clear the air after that statement, I've currently got two machines running Linux, one Red Hat and the other Ubuntu, I've even got a dual boot laptop with WinXP Pro and Ubuntu, so no one can say I don't know anything about Linux. On top of all that almost all the customers I work with use Red Hat for server solutions and I provide support for them. Ubuntu Linux is truly an alternative to Windows for the desktop, for geeks and I really like Ubuntu. However, Ubuntu is not ready for the average user, it's close, but not 100% ready. As an example, when I installed Ubuntu on my laptop everything went great but it did not recognize my wireless card. The wireless card is a standard model from Linksys and should be on the list of hardware for Ubuntu to install. After nearly 2 hours of combined research and command line entries, configuration tweaking, I got it to work and it works great. I'm very pleased with Ubuntu as an OS, it's stable, easy to install, nice looking, secure (when you secure it) and best of all, it's FREE. But now lets get to the real meat of why I'm not going to ditch Windows just yet. I'm a software developer, have been for years and as much as I like Linux I can't make the switch. The applications I need to do my job run only on Windows and the alternatives are just not that good. Besides alternatives mean more learning curves, more time I have to spend re-adjusting to new apps that may or may not have the necessary features needed to get my job done. In some instances there are no alternatives to the applications I need. So I turned to WINE or Crossover Office and tried installing the most critical apps and guess what they don't work. For those geeks out there who can spend all their waking time tweaking Linux just so they can say they escaped the Windows trap then you must not have mouths to feed, bills to pay and people who are dependent on you to deliver the goods. In the real world I want things that work and Windows works. Despite Windows' shortcomings and its price tag I don't have to open one command line to install anything, I don't have to troll through pages of wiki docs, forum posts and blogs just to find a solution that the OS should have already fixed for me. I don't want a personal relationship with my PC, I want the thing to just work. PCs, OSs, Browsers and Applications are tools, just like a hammer or screwdriver, humans use them to get things done. For me Windows is the hammer, not perfect, but it gets the job done. Lastly, I'm a gamer, I've got about 200 PC game titles and none of them work on Linux. In conclusion, Linux is novel, neat, nerdy and just plain geeky cool, but it's not a hammer. http://www.devdude.com/blog/Out_of_Windows..._On_to_Linux.html December 20, 2006 Spam Clogging Month October 2006 turned out to be the biggest spam clogging month of the year. This new round of spam is coming in the form of images and are being produced by viruses and zombies. Sounds like a lot of PC's out there are not being protected with anti-virus programs and they are being turned into zombies. Once infected these PC's will relay spam messages all over the world and the user does not even know it. PEOPLE - GET ANTI-VIRUS SOFTWARE! Read the full article here... <img src="blog/img/external-link.gif" align="absmiddle"/> <a href="http://www.networkworld.com/news/2006/110806-image-spam.html"/>What's with all this spam?</a> http://www.devdude.com/blog/Spam_Clogging_Month.html November 10, 2006 Nine Things Developers Want More Than Money The writer of the article is a software developer and came up with the following things 1.) Being Set Up to Succeed 2.) Having Excellent Management 3.) Learning New Things 4.) Exercising Creativity and Solving the Right Kind of Problems 5.) Having a Voice 6.) Being Recognized for Hard Work 7.) Building Something that Matters 8.) Building Software without an Act of Congress 9.) Having Few Legacy Constraints That was the quick list, DevDude recommends reading the entire article: <img src="blog/img/external-link.gif" align="absmiddle" alt="External Link"/> <a href="http://www.softwarebyrob.com/articles/Nine_Things_Developers_Want_More_Than_Money.aspx" target="_blank"/> Nine Things Developers Want More Than Money </a> http://www.devdude.com/blog/Nine_Things_Developers_Want_More_Than_Money.html November 4, 2006 Songbird Web Player Songbird is built similar to Firefox, it's a juke box, web browser and supports extensions and skins (feathers). Cross-platform, open source, multi-language support. Give it a download. <a href="http://songbirdnest.com" target="_blank"><img src="http://songbirdnest.com/files/images/button_guitar.png" border="0" alt="Get Songbird" title="Get Songbird"/></a> http://www.devdude.com/blog/Songbird_Web_Player.html October 20, 2006 125 Cyber Scumbags Arrested Once again humanity has proven that it has truly depraved sick bastards in its ranks. The FBI has arrested 125 people in a child-porn investigation, originating in New Jersey and then spreading to 22 states. All of these sickos have been charged with purchasing photos and videos of children engaged in sexual acts with adults. Some of these horrific images contain children as young as 6 months old involved in bondage and sodomy. Who Are These Scumbags A bible camp counselor from Vancouver, Wash A Boy Scout leader from Mission, Texas A pharmaceutical researcher in New Jersey to name a few... I have to say that these are indeed the worst meat-sacks our society has in its existence. To think that the people who you are supposed to be able to trust around your children are always the biggest offenders. My message to all parents, "Don't trust anybody!" Here are some resources for parents: <img src="http://devdude.com/blog/img/external-link.gif" align="absmiddle"> <a href="http://www.registeredoffenderslist.org" target="_blank"/>National Sex Offenders Registry</a> Here is the Federal Governments Registry <img src="http://devdude.com/blog/img/external-link.gif" align="absmiddle"> <a href="http://www.nsopr.gov/" target="_blank"/>National Sex Offender Public Registry</a> http://www.devdude.com/blog/125_Cyber_Scumbags_Arrested.html October 19, 2006 IFRAME Cash Crooks Have Struck Again Apparently the IFRAME Cash Crooks are up to their same old crooked habits once more. Websense Security Labs have received reports that the latest Windows exploit, "WebView FolderIcon setSlice" Internet Explorer zero-day code is being used on the Internet. The exploit attempts to load malicious software onto vulnerable Windows PC through the Windows Shell. The Windows Shell is part of the operating system that presents the user interface. Microsoft put out a warning on Thursday about the Windows Shell flaw, it affects Win2K, WinXP, Win Server 2003. The component in Internet Explorer known as WebViewFolderIcon is the vulnerable point of entry for the malicious code to run through. The flaw was discovered about 2 months ago and the exploit code has just hit the net recently. MS says it will have a patch available by Oct. 10. Should you want protection now the following links may help. <img src="http://www.devdude.com/blog/uploads/external-link.gif" align="absmiddle" alt="Socket Shield"/><a href="http://www.explabs.com/ss/index.html"/> Socket Shield</a> <img src="http://www.devdude.com/blog/uploads/external-link.gif" align="absmiddle" alt="ZERT"/><a href="http://isotf.org/zert/"/> ZERT</a> http://www.devdude.com/blog/IFRAME_Cash_Crooks_Have_Struck_Again.html October 1, 2006 To WYSIWYG or To Not WYSIWYG? I saw a post on Digg.com titled "Goodbye to Dreamweaver, Goodbye to WYSIWYG." The article's title is inaccurate in its description of the article content but that is not the angle of this particular rant. My beef is with the comments that proceeded the initial post. Here is the first comment, "Good web programmers don't use WYSIWYG. It's nice to see someone make the switch." <a href="http://digg.com/software/Goodbye_to_Dreamweaver_Goodbye_to_WYSIWYG"/>Goodbye to Dreamweaver, Goodbye to WYSIWYG</a> For those who say that good web programmers don't use WYSIWYG editors, either they are not employed or their company is not producing squat! I've been a web designer/web programmer for about 12 years and can say without an HTML editor I would have never been able to produce as much work as I have. Investors/businesses are not really interested in how you get the code written. As long as it gets done, is on time and works are all that matters to the non-technical folks of the world. The investors could care less about a programmer's holy respect for the code. I have used Dreamweaver for years and it serves a purpose, it is far more productive to create your layout in DW or some other GUI editor because you get an almost exact representation of what your design will look like in a browser. Oh, I remember the days of writing HTML in notepad, saving, and then previewing the document, that is the old way. It may still work for those who are not interested in making a living. I write code for me all the time, I write code for the sake of code, but when it comes time to write code for the company another product or service will continue to put food on the table and clothes on my children. These tools are not here to add insult to a programmer but rather build upon programmer's strengths. One of programmer's strengths is to be efficient when producing software. For me producing great software and getting paid for it is the icing on the cake. Whatever tools are at my disposal to further that goal then I will use them. http://www.devdude.com/blog/To_WYSIWYG_or_To_Not_WYSIWYG.html September 17, 2006 Another Cyber Criminal Bites the Dust The guy that was running ibackups.net has been sentenced to more than 7 years in prison for operating the largest known internet software piracy web site. This IPC (intellectual property crook) was selling pirated software from Microsoft and Adobe Systems at huge discounts. He will now have to pay $5.4 Million in restitution and forfeit all proceeds derived from his scheme. Good, he should be punished for his crimes! I have to say as a software developer myself I don't want criminals pirating my software. I make software so that I and others in the company can put food on the table, pay our bills and put clothes on our kids. This scum bag apparently does not know what it means to make a hard and honest living. Read more... <a href="http://www.wired.com/news/wireservice/0,71756-0.html?tw=rss.index"/>Software Pirate Gets 7 Years </a> http://www.devdude.com/blog/Another_Cyber_Criminal_Bites_the_Dust.html September 10, 2006 Digg the rigged? A closer look at Digg's democratic model It seems like the top Diggers over at Digg.com have some amazing karma going on. Their stories and their diggs appear to carry more weight than other diggers. This is allowing the top diggers to have somewhat of a monopoly over the dugg stories on Digg.com. Read More... <a href="http://jesusphreak.infogami.com/blog/is_digg_rigged" target="new">Digg the rigged?</a> Another Link... <a href="http://taylorhayward.org/digg_gaming.html"/>HOW THE DIGG SYSTEM IS BEING GAMED BY A SMALL NUMBER OF USERS</a> A story has even popped up on NewsVine.com <a href="http://juliansname.newsvine.com/_news/2006/09/06/353004-diggcom-users-rebel-will-newsvine-users-follow"/>Digg.com users rebel. Will Newsvine users follow?</a> http://www.devdude.com/blog/Digg_the_rigged_A_closer_look_at_Digg's_democratic_model.html September 6, 2006 Knowing Too Much Info About You Apparently folks are not getting the message about personal privacy. DevDude logged into Google Calendar and did a search on "labor day" and to my surprise many people have posted their personal holiday plans in their Google Calendar and anyone can view it. People, you need to understand that even the smallest bit of info is giving too much away! Keep your personal life private or as much as you can. College students don't allow just anyone to know your class schedule, business people keep your meetings to yourself and your fellow co-workers only. These types of data can really be used to exploit your lives, stalk you even kill you. For those of you out there that have Google Calendars please set your calendar to private and if you must share calendar info you can add specific google users to your permissions list. Don't allow ignorance to make you into a victim. http://www.devdude.com/blog/Knowing_Too_Much_Info_About_You.html September 4, 2006 One Watt Light Bulbs! LED light bulb replacements are here! LEDison lamps are being used to replace 10 to 60w incandescent bulbs in commercial applications (like shopping malls). The LED lamps have ten times the service life of the incandescents they replace, and use only 1 watt! Read More: <a href="http://www.ecogeek.org/content/view/205/1/" target="new"/>One Watt Light Bulbs</a> http://www.devdude.com/blog/One_Watt_Light_Bulbs!.html September 2, 2006 New secure browser Browzar is fake and full of adware Social news rave about Browzar - they claim it a new secure browser leaving no footprints. After looking at it closer, I found out that it's not a browser at all, and moreover, this software thrusts search via it's own PPC-SE full of ads on user. Read More: <a href="http://web3.0log.org/2006/09/01/new-secure-browser-browzar-is-fake-and-full-of-adware/"/> Browzar is a fake</a> http://www.devdude.com/blog/New_secure_browser_Browzar_is_fake_and_full_of_adware.html September 1, 2006 FBI Shows Off Counterterrorism Database The FBI has built a database with more than 659 million records -- including terrorist watch lists, intelligence cables and financial transactions -- culled from more than 50 FBI and other government agency sources. The system is one of the most powerful data analysis tools available to law enforcement and counterterrorism agents. Read More <a href="http://www.washingtonpost.com/wp-dyn/content/article/2006/08/29/AR2006082901520.html" target="new" /><img src="blog/img/news-link.gif" border="0" alt="Read More" title="Read More" align="absmiddle" /> FBI Shows Off Counterterrorism Database</a> Let's hope that with that many records there will be a basic change in how law enforcement shares data. Data sharing has gotten better but there are still many systems that are antiquated and are in need of upgrades. Have a look at the 2005 Federal Govt. Report Card <a href="http://reform.house.gov/GovReform/News/DocumentSingle.aspx?DocumentID=40762" target="new"/> 2005 Federal Government Report Card </a> http://www.devdude.com/blog/FBI_Shows_Off_Counterterrorism_Database.html August 29, 2006 Digg Forces Shutdown of DiggGames.com Domain DiggGames.com, a site that hosts a panorama of web games featured on Digg, was recently forced to abandon its domain name due to legal complaints. Furthermore, "digggames.com' has been banned from being entered as a story URL. Many on digg.com don't seem to realize that if Digg Inc. doesn't protect themselves these kinds of sites could cause legal ramifications for Digg Inc. Allowing sites with Digg Inc's trademarks on them to operate is a lawsuit waiting to happen. Digg Inc. could not control any content on the site and if an Internet user were to become offended in any way they may try to take it out on Digg Inc. http://www.devdude.com/blog/Digg_Forces_Shutdown_of_DiggGames.com_Domain.html August 25, 2006 Federal IT security failing! The Committee on Government Reform has released its 2005 IT security report card on the federal government. In short, D is the grade. Apparently 9/11 did not change much especially in the cyber security world. With the American government becoming more dependent on the Internet and related internet technologies for day to day businees maybe more attention should be paid to security.Have a look at the report card here: <a target="_blank" href="http://reform.house.gov/GovReform/News/DocumentSingle.aspx?DocumentID=40762">Federal Computer Security Report Card</a> http://www.devdude.com/blog/Federal_IT_security_failing!.html March 16, 2006 Cyber Scumbags brought to Justice This is an instance where the American tax dollar is working. The Justice Dept announced yesterday that 27 individuals have been charged with particpating in a child porn ring. These scumbags were using chat rooms to distribute live sexual molestations of children, some were even infants. If there is a Hell there most certainly is a special place in Hell for these bastards!It is good to see that the FBI and other LEO are adapting to the ever changing technology. The Internet should be a safe place for all ages of people and this example of law enforcement working together is certainly a good sign.Read More <img align="absmiddle" src="http://www.devdude.com/blog/uploads/news-link.gif" alt="Read More" /> <a href="http://www.cnn.com/2006/LAW/03/15/childporn.arrests/index.html" target="new">27 Charged in Child Porn Sting</a> http://www.devdude.com/blog/Cyber_Scumbags_brought_to_Justice.html March 15, 2006 To Duck or To Think? Infoliteracy - The following word may well be on its way to becoming another descriptive term for those of us who rely on all things tech to get us the information we crave. Companies like Google, Yahoo, AOL and many more are attempting to inundate humans with as much information as possible. Gone are the days when we had to learn how to use the Dewey Decimal system in the Card Catalog at your local library. Today whenever you need to find some information the technological repositories are at your finger tips for instant searching, browsing and hopefully reading. Of course the information that people research is not limited to just books. We must include the multitude of video, audio, scholarly works, magazines, blogs, forums and I really can't remember the rest. All this information sounds great doesn't it? In most ways having information at our finger tips is great. Information is what can help a society get out of the ignorance they live in. You can search for endless number of topics through the Internet and never seem to come to the end. How is it possible that there is so much information on just one topic? This question leads us to another question I'm afraid. If I search a specific topic how do I know which search return is the most valid? Is it the first one, five searches down or the last, can anyone tell. Another question is where do I search from, a laptop, iPod, cellphone, handheld or maybe a PC. No matter what medium you use to search the Internet you always get a enourmous amount of returns and now the challenge is to begin sifting through them. The headache begins! In todays technological infoliterate geeky existance we have 24/7 inundation of information. Every waking minute of our lives is becoming filled with constant information, from Internet searches to media outlets broadcasting re-runs of old shows on iPods. When do we take a moment to independently think, maybe I need to search it first so that I can have the answer. Are all things in life answered online? As a person who has grown up in the generation that was in between the old and the new information I can say, "No, not all things can be answered online." Sure you can found how the Space Shuttle works online, but can you really find the answer is to why we go into space. You might find someone elses answer, but the question truly begs your own answer. Higher thinking is not just the ability to find information it's the ability to reflect, ponder, meditate, whatever it takes for each person to comprehend and think. Each of us will have to decide how we will handle the info we find online. We will have to think about what others have written, we will have to think! We cannot duck, all though you may feel like ducking before some information hits you in the face. You may want to also duck before a flying object smashes your head while your too busy listenting to the latest podcast to feed your undying hunger for information. Man, the irony in that! To Duck or To Think, you think about it. http://www.devdude.com/blog/To_Duck_or_To_Think.html December 26, 2005 The E-Life Americans are making the final rush to the stores to get those all important last minute gifts for their loved one's. Their money spending sprint will most likely lead them to a store that sells the latest in technological gadgetry. Americans like most industrialized nations are hooked on technology and the list of items is indeed long. The demand for gadgets has never been higher and is only going to increase. So are we addicted to technology or do we really believe it will make life easier. It's probable that there is a little bit of both in our desire for new technology. Most people who are high-tech junkies will probably not ask themselves, "Does this new gadget really make life more convenient or easier?" High-tech junkies are so consumed with getting the latest gadget that they don't have time to ask such deep questions. Let's be real here, if people think owning the latest iPod makes life easier or more convenient then they really have not taken time out for self reflection. Wanting the newest anything, iPod, laptop, car, watch, whatever is just so we can say, "I've got that!" Don't misunderstand me I love technology too. I work every day in a den of geekdom that exudes technology, but I don't run out every whip-stitch and buy the latest thinga-ma-bob or wacha-ma-doogle. It seems that those who work in technology are not nearly as addicted to technology as those who don't. I still find time for taking walks (with no gadgets on me), still take time to read a real book, yes that means on paper (not an e-book on my pocket-pc). As a lover of technology, science and history I do not want to demean the usefulness of technology, after all I would not have a job if it were not for computers. So I guess this Christmas season take a moment to realize are we really giving a gift that is good for someone or just helping them keep up with the Jones'. Maybe a good book would be the better choice. http://www.devdude.com/blog/The_E-Life.html December 23, 2005 Survey - Most Home PC Users Lack Security A survey done by America Online and the National Cyber Security Alliance has found that 81 percent of home PC users lack the three most critical types of security for their PC's. Home PC user's are getting the message about PC security but not nearly enough, most still lack a firewall, updated anti-virus and some type of anti-spyware. Of the group surveyed 56 percent of home PC users had no anti-virus software installed at all or had not updated their virus definitions in over a week. Then 44 percent of the PC users did not have firewall software installed and 38 percent did not have anti-spyware software on their machines. Back to the improving numbers. Apparently the Windows firewall that MS built into their XP SP2 version has secured a lot of PC's without users needing to know they even did anything. While the number of PC users who installed firewall software did rise from the previous year it is still not enough. Home users need to realize that an unsecured computer can cause a lot trouble for the rest of the folks that share the Internet. These unsecure machines become zombies, these machines are operated via remote location from an unscrupulous individual and attacks are issued to any server that can be contacted. What home users don't understand is these types of attacks, often DoS attacks, suck up bandwidth on servers. Well someone has to pay for it. Most times it's a small business whose on a hosting providers server farm and gets hit with high bandwidth costs. Home PC users need to secure their machines and private industry needs to help, oops wait a minute, private industry get's rich off unsuspecting home PC users. That's right, the companies like Symantec and others like the security problems, it keeps them in business, why teach people to secure their PC's when they can sell you expensive software to do it for you. So the best way for home PC users to secure their computers is to become educated about their computers. You don't have to be a geek to figure out a computer and learn how to secure it. Here are some links to free anti-virus, firewall and anti-spyware. <img hspace="0" border="0" align="bottom" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.grisoft.com/">AVG Anti-Virus</a><img hspace="0" border="0" align="bottom" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.zonealarm.com/">Zone Alarm</a><img hspace="0" border="0" align="bottom" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.microsoft.com/athome/security/spyware/software/default.mspx">Microsoft Anti-Spyware </a> http://www.devdude.com/blog/Survey_-_Most_Home_PC_Users_Lack_Security.html December 6, 2005 Adjustable Keyboard DevDude has in recent months been using a new kind of keyboard and mouse for daily software development. The following is a review of the keyboard and mouse, including the benefits of each and there relationship with long hours of coding. Comfort Keyboard <a href="http://www.devdude.com/blog/uploads/comfort-keyboard1.jpg" target="new"><img hspace="0" border="0" align="left" src="http://www.devdude.com/blog/uploads/comfort-keyboard1.blogThumb.jpg" /></a> The Comfort Keyboard is split into three sections that move along a metallic track. Each section of the keyboard uses a unique locking mechanism to keep it in place. The locking mechanism not only keeps the sections from moving horizontally but also preserves the vertical tilt of each section. The Comfort Keyboard is so adjustable that any programmer can find a comfortable position for themselves. I started out with a slight tilt then have progressively tilted each section a little further up, I'm about half way to vertical now and this keyboard is still the most comfortable keyboard I've ever used. The keyboard eliminates all strain on the carpel tunnel nerve, wrists, hands and shoulders. It gives your hands a more natural position while typing. Upon getting the hang (about half a days work or so) of the tilted position of the keyboard I notice that after a few hours of coding that my little fingers were not asleep and that my wrists no longer ached. I've now been using this keyboard for about 2 or 3 months, I will never code on a flat keyboard, or so called ergonomic keyboard again. Pros: Sturdy design Standard size keys for accurate typing Tons of adjustable positions, tilt, rotate, flex, twist, flatten, pitch up and down. Standard 101 Keyboard Windows Key Space bar sliding extensions Easy to install and configure, no software required USB Connector, comes with a USB cable Has the ability to record Macro keystroke combinations Compatible with PC, MAC, SUNCons: None for me! For more info on the Comfort Keyboard go here: <img hspace="0" border="0" align="bottom" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://ergokomfort.com/">Ergokomfort.com</a>Vertical Mouse by Evoluent<a href="http://www.devdude.com/blog/uploads/vertical-mouse1.jpg" target="new"><img hspace="0" border="0" align="bottom" src="http://www.devdude.com/blog/uploads/vertical-mouse.blogThumb.jpg" alt="Vertical Mouse" /></a> This mouse may look weird but once you put your hand on it you will enjoy not having pain in your wrist from long hours at the computer. The purpose of the vertical mouse is to put your hand in a natural position which is like the hand shake position. It did not take long using this mouse to put my ailing right wrist at ease. Once you use the vertical mouse you will attempt to grab flat mouses vertically, bit of change but a good one for your wrists. This mouse even works great when using Photoshop. Pros: Comfortable position for mousing Nice design, durable 1200 dpi optical sensor Easy clicking, great button sensitivity 5 programmable buttons Vertical scrolling USB connection Compatible with Windows XP, 2000, NT, ME, 98SECons: Not wireless (no biggy)More info here: <img hspace="0" border="0" align="bottom" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://ergokomfort.com/catalog/evoluent__verticalmouse__2_3940639.htm">Vertical Mouse</a> http://www.devdude.com/blog/Adjustable_Keyboard.html December 2, 2005 Perl and Ajax There is a new code example in the codedumpster using Perl and Ajax. The example can be found elsewhere on the net, the one I found had a PHP backend but I like Perl better, so I wrote my own using Perl. Ajax (Asynchronous JavaScript and XML) go here for a good description of what it is. <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://en.wikipedia.org/wiki/AJAX">Ajax</a><img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://developer.mozilla.org/en/docs/AJAX:Getting_Started">Ajax: Getting Started</a> http://www.devdude.com/blog/Perl_and_Ajax.html October 13, 2005 Review of News Feed Extensions for Firefox With tons of news web sites of all types available on the Net it becomes a little arduous to constantly surf to all of them to see what content has updated. In comes some cool little apps to bring the news feeds you want right to your browser. <img vspace="0" hspace="0" border="0" align="middle" src="http://www.devdude.com/blog/uploads/ffox.gif" /> DevDude has tried out the following extensions for FireFox. <div style="margin-left: 40px"><img vspace="0" hspace="0" border="0" align="middle" src="http://www.devdude.com/blog/uploads/thumbsdown.gif" /> FeedView 0.9.7 - We could not get this one to work, so the review is well, we don't have one. <img vspace="0" hspace="0" border="0" align="middle" src="http://www.devdude.com/blog/uploads/thumbsdown.gif" /> infoRSS 0.8.9.3 - This one works, it nestles itself down toward the bottom of the browser screen on the status bar. It show the news feeds in a ticker style. There are some feeds built in but when we tried to add a new feed it did not work... umm... needs work. The ticker style while small and out of the way is a little difficult to read. <img src="http://www.devdude.com/blog/uploads/thumbsup.gif" /> Pluck 2.0.5186 - Pluck is a very nice news feed reader. It fits in as a side bar, it's easy to add new feeds and to view feeds. The only hitch is you have to create an account with the Pluck site, but its free, once you create an account you can add all the news feeds you like. Also Pluck looks good too, its design is nice. Pluck is certainly worth trying if your looking for a good integrated news feed reader. Pluck is also available for Internet Explorer and they have a web based version as well. We did notice that some feeds came in kinda slow but other than that it's sweet. The IE version is faster and seems to be far more integrated into the browser than the extension that is used in FireFox. <img src="http://www.devdude.com/blog/uploads/thumbsup.gif" /> NewsFox 0.3.2 - Straight forward, easy to use news feed reader. Integrates into to the browser like a window within you browser. Easily add feeds, has a three pane view, you can have the feeds in summary text or show the web site. It does not have an auto update feature but a click of a button and the feeds can be updated. Not a bad little news reader. If you've got FireFox then you can follow the link below to try some extensions. <img src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a href="https://addons.mozilla.org/extensions/?application=firefox">Fire Fox Extensions</a> </div> http://www.devdude.com/blog/Review_of_News_Feed_Extensions_for_Firefox.html September 15, 2005 Keeping track of the Bad or the Good, which is better? Today's technology companies are making out like bandits on the high seas. They are selling businesses, personal computer owners snake oil and no one seems to notice. Think about it for a moment if we have so many security products available, virus scanners, anti-spyware, anti-malware, anti-phishing and firewalls then why do attacks seem to only increase? Barring under trained employees and just plain stupid administrators, the reason is simple, applications and OS's are generally dumb. You may think different, but Linux is vulnerable too it's just not the big elephant in the room. Any way the philosophy of security has been to keep track of all the bad things in cyberspace and try to deny them access to your computer systems. Why keep track of all the bad crap? Instead why not keep track of the applications you wish to be on your system that are allowed and deny all other traffic unless authorized. If OS's had better methods of controlling software then a threat would never penetrate the software's operation because it would not match the authorized pattern. Keeping track of all the badness in cyberspace is an impossible mission but it will make certain corporations RICH$$$$. Application design should be done from the standpoint of if the program does not know what the request is then it must be an unauthorized attempt at exploitation of the program. Operating systems could be designed to do the same thing and this would prevent breaches of security. Let's have a look at logging on a web server. Most logs contain everything that takes place on a web server. This creates a log of a lot useless traffic, useless because the SysAdmin, the application and the OS know that it logged items that were authorized activity by the application. Instead web server logs should only contain the BAD things, looking for patterns that do not match the authorized ones should be logged. Is this type of operation practical? It could be if OS's makers took into account that authorized traffic can be thrown out of the log because it's not interesting. What your left with is interesting traffic that can then be scrutinized for possible program errors. Popular whiz-bang products that purport themselves to be the next silver bullet of cyber security do not operate based on keeping track of the good, only the bad. The average personal PC user could spend up to $100.00 per year just keeping up with the yearly subscriptions to Anti-Virus and Firewall security companies to track all the bad stuff instead of just keeping track of the applications you are going to use. If traffic is denied through a web server based on known attack patterns then the latest unknown attack pattern will be successful in penetrating your system. Why care about known attack patterns, instead deny everything that does not match what the application is authorized to handle. DevDude has glossed over some info above that is discussed in more detail here: <img hspace="0" border="0" align="middle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a href="http://www.ranum.com/security/computer_security/editorials/dumb/" target="_blank">The Six Dumbest Ideas in Computer Security</a> http://www.devdude.com/blog/Keeping_track_of__the_Bad_or_the_Good,_which_is_better.html September 13, 2005 Feds losing the battle of identity theft? With businesses and private citizens becoming more dependent on computer technology the rise of identity theft is really no surprise. Back in the day criminals would steal your ID from your garbage and they still do. But now the cyberslime have a new tool and they have most users of computers at a disadvantage. The vast majority of users haven't a clue about computer security and the questioned should be asked, "why should consumers be worried with computer security?" The reality is that consumers will have to protect their personal data if they don't want to become a victim of ID theft. Most of the ID theft that really makes the news seems to always be the mishandling of data by the company. Lost or stolen computers, unprotected backups lost in transit and hackers breaking into systems. What can the average consumer do? There is the standard list of things a consumer can do: Use Virus scanner software, use a firewall, use a router/highspeed-modem with a hardware firewall, don't open email attachments from unknown sources, make sure your virus scanner scans incoming emails, when going to a web site enter the address through the address bar in your browser or from your bookmarks/favorites list. Don't click on links in an email, this really is a big no no, unless you know the source of the email. Never shop on a web site that does not offer a secure checkout, the little pad lock icon will appear toward the bottom right of your web browser. Read the security policy for web sites, make sure they do not share your information with others, never give out your personal information in a chat room, message board or instant messenger. Under no circumstances should you ever give out your SSN number over the net. Use strong passwords for web based email services, message board memberships and other web site accounts. Lastly, SHRED every piece of mail you get, SHRED all receipts, packing slips, hell just SHRED all paper of any type. A little common sense combined with some knowledge can go a long way to keeping your personal information secure. <img hspace="0" border="0" align="middle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.idtheftcenter.org/index.shtml">Identity Theft Resource Center</a> http://www.devdude.com/blog/Feds_losing_the_battle_of_identity_theft.html September 11, 2005 Just another reason offshoring sucks! As if it isn't bad enough to try and talk to a call center person where neither one of you can understand each other, now we have to be concerned about call center employees stealing and selling our personal information. This offshoring gig just doesn't seem to be improving. There are many hidden costs, high staff turnover and pathetic cultural communications. The satisfaction rate is dropping to. More companies that maintain offshoring relationships with offshoring providers are becoming more and more dissatisfied with the performance being provided.The new problem arising is ID theft by foreign workers. American businesses need to understand that American consumer are already pissed about having to deal with foreigners and now consumers will have to worry about their personal info having a price tag attached to it. Wake up corporate America the greedy savings can only last so long.Read More <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/news-link.gif" /> <a target="_blank" href="http://news.zdnet.com/Indian call center worker arrested/2100-1009_22-5852487.html?part=rss">Indian call center worker arrested.</a> http://www.devdude.com/blog/Just_another_reason_offshoring_sucks!.html September 6, 2005 IE is the Feds choice. The public may have some issues accessing FEMA's web site. The section for FEMA's online disaster aid registration site only supports Microsoft Internet Explorer. Users of Opera, Firefox and Safari are just out of luck. Um... maybe an important site like disaster aid registration should be compatible with everything. What would happen if the site excluded people by Race or Gender? That could really be an issue... http://www.devdude.com/blog/IE_is_the_Feds_choice..html September 5, 2005 Microsoft portal to aid Law Enforcement Officials Microsoft is launching a new web site that will provide training, tips and information to aid law enforcement in combating cybercrime. The site will teach LEO's how to use basic networking tools such as Trace Route, NS LookUp, Whois Domain LookUps and help to provide forensic skills on finding information on hard drives. These skills may seem like a no brainer to us geeks but LEO's learn how to enforce the law not become a SysAdmin. The new age of LEO's will have to have these investigative skills in order to combat a new threat of cybercrime and cyberterrorism. Without these necessary skills our LEO's will be at a serious disadvantage in fighting crime.Microsoft has already had previous training sessions for LEO's pertaining to BotNets. Botnets are networks of hijacked computers that are used for cybercrime. These hijacked systems can execute DOS attacks for instrusion into other systems. They are also sources of spam, malicious code and extortion attempts. The new portal will offer software tools to help detect botnets.The law enforcement community needs more help from private industry. The problem of cybercrime is large and the skill sets required are broad when it comes to the cyber world. Another area that should be encouraged is in our educational system. Students should be encouraged to pursue careers in IT Security, Programming and Law Enforcement. We cannot allow cybercriminals to retain the upper hand.<img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.htcia.org/">International High Technology Crime Investigation Association</a> http://www.devdude.com/blog/Microsoft_portal_to_aid_Law_Enforcement_Officials.html August 31, 2005 Online Scams popping up on the Net after Katrina There cyberscammers sending spam purporting to be breaking news, if the user clicks the link in the email then the bogus web site will try to exploit vulnerabilities in IE. The subject headers of these emails look like the following:re: g8 Tropical storm flooded New Orleansandre: q1 Katrina killed as many as 80 peopleDon't click these links folks.The other scam going around is a Paypal scam, an email asking for donations. Do not donate your money to organizations you know nothing about or individuals. If you get an email from an organization and they are legitimate then they will provide their non-profit tax ID upon your request. Go here: <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://apps.irs.gov/app/pub78">IRS.gov</a> to check if the organization is real or not.Opinion: These scammers are the lowest form of humanity they deserve nothing less than to fall off the planet! Bastards!To Report a scam go here: <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.ifccfbi.gov/">IFCC</a> http://www.devdude.com/blog/Online_Scams_popping_up_on_the_Net_after_Katrina.html August 31, 2005 Disaster Recovery Hurricane Katrina has sent a clear message to IT folks, "Be Prepared!" The destructive power of Katrina was underestimated and caused an unimaginable amount of damage, not only in infrastructure but human lives. It's too late for the computer systems in New Orleans and other locations along the Gulf coast. Hopefully the IT folks at businesses took precautions to back up data well in advance of the storm, evacuated critical hardware to prevent water, fire and wind damage. Most importantly the employees hauled butt outa of there along with the data! If a company suffered lost data then you were not prepared for disaster and recovery. All companies that have precious data should have a disaster-recovery plan and should conduct tests to ensure that your plan is working. The biggest thing any company can do is BACKUP their data every day, take the backup with you at the end of the day, put in a fire proof safe or some other secure location. If your business is gone when you arrive the next day, then you've got the data in your hands. Hardware can replaced, software can be purchased and reinstalled. Data is lost forever if you do not backup. If your company provides some type of help desk service to consumers consider an alternate site to move operations in the event that your main headquarters is destroyed. Consider also an offsite location to provide phone services. There are a lot of great resources on the Net about disaster-recovery, have a look and prepare your business for the worst. <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://availability.sungard.com/">Sungard</a> <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.disaster-recovery-guide.com/">The Disaster Recovery Guide</a> http://www.devdude.com/blog/Disaster_Recovery.html August 31, 2005 Infrastructural Hackers - The New Terrorism As it stands today cyber criminals have not caused a terrible amount of harm to the citizenry of developed nations, yet! Cyber Criminals have exacted a serious financial toll on businesses, governments and inconvenienced Internet users. What if a disgruntled employee of a sewage treatment plant wanted some revenge against their employer. It happened in 2000 and it is scary! An employee named Vitek Boden in Queensland, Australia released millions of liters of untreated sewage using a wireless connection and a laptop. He was arrested, convicted and put in jail for his crime. Cyber attacks like the one mentioned above are on the rise. Governments and corporations will have to take serious precautions as quickly as possible. Developed countries are dependent on energy generation, power transmission, telecom, transportation, sewage, water and other services. All these types of services are vulnerable to cyber attacks from outside entities but mostly from inside entities. Criminal acts committed by employees are hard to stop but if your computer systems are prepared for attacks and there are safe guards in place an attacks severity could be reduced. The Slammer worm hit back in 2003 it crashed a network at an Ohio nuclear power plant. The worm managed to crash the safety-monitoring system for five hours. Luckily the plant was offline at the time of the attack. There is no telling what may have happened otherwise. IT companies and government have taken note. Information sharing has been improved between private industry and government. Government needs all the help it can get. Read More at <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.infragard.net/">InfraGard</a> <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/news-link.gif" /><a target="_blank" href="http://www.securityfocus.com/news/6767/">Slammer worm crashed Ohio nuke plant network</a> http://www.devdude.com/blog/Infrastructural_Hackers_-__The_New_Terrorism.html August 28, 2005 At home wireless networks are WIDE OPEN! Consumers wake up, the wireless network devices your buying are not secure. You the consumer are required to setup the security features on the wireless device and for novices this can sometimes be a trying experience. You may be asking why are wireless devices not secure when you buy them. Read On... In the year 2004 WLAN equipment sales increased 24 percent, that translates into yearly sales of $1.6 Billion. The manufacturers of WLAN equipment keep the setup and configuration of their hardware simple by not setting up the security features, they leave that up to the consumer. Some consumers assume that when they buy a wireless device that it is secure, even worse some consumers are clueless about the very idea of security. The fact is that if you purchased a completely secured wireless device the average consumer would not be able to figure out the setup of the device. This would create a flood of tech support calls to the manufacturer and could be very expensive for them. If the consumer were to become frustrated with their new device they may well return it and buy a competitors device. So what are consumers to do? Simple, become more educated about technology. The days of having a service technician do everything for you are becoming obsolete. Consumers will need to learn basic technical skills if they are to continue assimilating new products into their lives. The setup of wireless network devices are not difficult it requires a little bit of reading and comprehension. Really good manufacturers will include simple to follow instructions on how to secure your network. Personally I've found that <img align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.linksys.com">Linksys</a> does a great job at this, but I'm a geek, I have the advantage. Why you need to secure your network? Some consumers say, "I don't keep personal information on my computer, so their is nothing to steal." Consumers that say something similar are flat wrong! Any open computer network is a resource for a cyber criminal to use for unscrupulous behavior and when the cops come looking they find you, not the criminal. Example: Cyber Criminals are riding around in their cars at this very moment picking up on open unsecured wireless signals. They map them using GPS so they can easily locate them when needed again. The Cyber Criminal decides to distribute some child porn over your unsecured wireless network. The cyber scumbag doesn't know it but they are sending the child porn to a site that is being monitored by the FBI. Who do you think the FBI are going to pay a visit to? The criminal or you, YOU! That's right you have become the scumbag that has just distributed child porn over the Internet and the FBI has your location. The criminal, they are long gone. If the above example does not convince you to secure your wireless network then you need help. Remember have patience, find a geeky friend to help you out and above all call the manufacturer to get support. Secure your wireless network devices. Below are some resources that will help consumers secure their wireless devices. <img align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.pcmag.com/article2/0,4149,844020,00.asp">Ten Steps to a Secure Wireless Network</a> <img align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.practicallynetworked.com/support/wireless_secure.htm">Securing your Wireless Network</a> <img align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.microsoft.com/windowsxp/using/networking/learnmore/bowman_05june13.mspx">Set up a secure wireless network using Windows Connect Now</a> http://www.devdude.com/blog/At_home_wireless_networks_are_WIDE_OPEN!.html August 27, 2005 U.S. Airman Nabbed on Child Porn Charge Child pornographers are really at the BOTTOM of the barrel, they are equivalent to the jizz at the bottom of a trash dumpster, you know that smelly nasty liquid at the bottom. These sick bastards just need to fall off the planet. To think that a wonderful resource like the Internet and computers have been sullied by such ingrates. Read More... <img align="absmiddle" src="http://www.devdude.com/blog/uploads/news-link.gif" /> <a href="http://www.foxnews.com/story/0,2933,167207,00.html">U.S. Airman Nabbed on Child Porn Charge</a> http://www.devdude.com/blog/U.S._Airman_Nabbed_on_Child_Porn_Charge.html August 26, 2005 Anti-Phishing Tool may be used to track your surfing. Microsoft has announced a new tool that will be embedded into its next release of Internet Explorer. The Phishing Filter as it is known will compare the address of every web site you visit to a list on the user's computer. If no match is found then it does a comparison to a list on a Microsoft server to be verified if the address your surfing to is legitimate. If a match is not found on the Microsoft list then the Phishing Filter will compare the characteristics of the web site you are visiting to characteristics of sites known to have phishing characteristics, which will send an alert to the user. The new tool will be optional it can be turned on and off.This sounds like a great idea but the Phishing Filter is not really necessary if web surfers would just become a little more savvy about the Internet. A little common sense can go a long way to prevent phishing sites from snagging your information. The following resource is great advice, please follow this link: <img hspace="0" border="0" align="absmiddle" src="http://www.devdude.com/blog/uploads/external-link.gif" /> <a target="_blank" href="http://www.antiphishing.org/consumer_recs.html">How to Avoid Phishing Scams</a>Remember that guarding your privacy does not mean you need to compromise your personal information or surfing habits. The great thing about the Internet is its level of anonymity. Microsoft claims that it will not save this information but the information that is gathered will be highly valued. ISP's have been logging where web users surf for years and web servers can tell where you've come from and where you go when you leave the site. So collecting surfing info is nothing new. http://www.devdude.com/blog/Anti-Phishing_Tool_may_be_used_to_track_your_surfing..html August 25, 2005 Zotob Worms Nabbed! The cyber criminals that disrupted PC's with the Zotob worm have been nabbed! Good! These cyber criminals should be punished to the fullest extent of the law. Read more about the arrest of these miscreants. <img align="absmiddle" src="http://www.devdude.com/blog/uploads/news-link.gif" /> <a target="_blank" href="http://www.washingtonpost.com/wp-dyn/content/article/2005/08/26/AR2005082601201.html">Suspected Zotob Worm Authors Arrested</a> http://www.devdude.com/blog/Zotob_Worms_Nabbed!.html August 25, 2005 FBI probes for Chinese cyber spies Apparently the DOD is feeling the same pain that the corporate world has been woefully feeling for years. Cyber attacks coming out of China have been testing the mettle of computer systems at the Defense, State, Energy and Homeland Security departments. Officials can't seem to figure out who is executing these attacks. The DOD realizes that these attacks are not necessarily coming from the Chinese Govt. but may well be non-govt. entities within China. Of course China is interested in expanding its influence over the world economy so some cyber espionage would not be a far stretch. The Chinese Govt. may well being executing these attacks to collect needed information to construct more infrastructure within their own government. Read more... <img align="absmiddle" src="http://www.devdude.com/blog/uploads/news-link.gif" /> <a href="http://www.cnn.com/2005/TECH/internet/08/25/hackers.china/index.html">FBI probes for Chinese cyber spies</a> http://www.devdude.com/blog/FBI_probes_for_Chinese_cyber_spies.html August 24, 2005 DOD, are they on the right track? The DOD (Department of Defense) recognizes the need for user friendly networks but also sees security as a top priority. In our complex technological world government will have to keep up or they will be pushed out. This latest article shows that there are some good ideas being tossed about the DOD these days. Many of the ideas are a great start and shows that the government is willing to listen to geeks who know best. As we all know though government can sometimes talk a better game than they play. Read this article to get a better handle on what the DOD is trying to do. <img align="absmiddle" src="http://www.devdude.com/blog/uploads/news-link.gif" /> <a target="_blank" href="http://www.fcw.com/article90416-08-25-05-Print">DOD's Manhattan Project</a> http://www.devdude.com/blog/DOD,_are_they_on_the_right_track.html August 23, 2005