I’m back and just finished moving the blog to the virtual server that I acquired not-so-recently. I decided to try out Slicehost.

In a series of experiments one late night, I wanted to try the Flash demos for the Facebook platform. But I thought to myself that non-production things shouldn’t be hosted on our server.

Electricity, Internet and phone services now totals to a significant slice in my monthly expenses pie chart too. Take note that the decision was made at 5AM on a Saturday! At that point in time, I was rushing to wrap things up. There’s this idea that I’m waiting for where the Slice pays for itself. Let’s hope that that time arrives soon.

P.S. Do check out our Facebook App. That’s what keeping me, err, “busy” lately.

Woke up the other day with a thought about Yahoo!’s slow death (yes, straight from the bed).

What if pieces of Yahoo! get acquired one after the other? Just like pirates waiting to salvage on a burning wreck. It’ll be a mad race to get Flickr, Delicious, Mail, Messenger, Ask and Pipes! That would be fun to watch.

Somebody please publish a list of Yahoo! products and services sorted by its value. It looks like a better way out than slowly killing the whole thing and laying off people.

On another thought, Yahoo! should really open source their Messenger. We have another wave of worms that sends weight loss spam from infected users. The next best thing that they could do is publish the protocol so file transfers on libpurple works as it should. I am that selfish.

I’m on a very brief break and hacked on my Twitter notifier for a couple of minutes. To tell you the truth, a couple of bugs have been ironed out a week after I posted the first version. It has been working so well, I didn’t bother playing around with the code.

Twittipy now prompts for your username and password. If you want it to save to the config file, just uncomment some of the lines. I’m not comfortable with the password saved in a file and I haven’t thought of a way to encrypt them. By the way, Pidgin saves passwords in plain text too. The login prompt is old code from a wxPython experiment some time ago (and it ain’t pretty).

After you get authenticated, an icon will appear in your system tray. To exit Twittipy, right-click on the icon.

Download it here.

I love Wine! No offense to the GIMP folks but I still use Photoshop 7 and when I found out that it now works out of the box with Wine, it gained my trust. Here’s how to install Wine 1.1.4 on Fedora 9.

1. Check if you have wine installed.
   $ rpm -qa | grep wine
2. Uninstall the old version.
   $ sudo yum -y remove wine
3. Download the latest build from Koji. The following is the i386 build.
   $ wget http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-twain-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-capi-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/src/wine-1.1.4-1.fc9.src.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-jack-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-nas-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-core-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-ldap-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-cms-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-cms-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-tools-1.1.4-1.fc9.i386.rpm \
   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-desktop-1.1.4-1.fc9.i386.rpm \

   http://koji.fedoraproject.org/packages/wine/1.1.4/1.fc9/i386/wine-esd-1.1.4-1.fc9.i386.rpm

4. Install the RPMs.
   $ sudo rpm -Uvh wine-*
5. Confirm installation.
   $ rpm -qa | grep wine

I upgraded to the lastest version of Wine just to get Google Chrome running on Linux even if I already read that it’s slow and SSL support is absent. I followed this guide.

I almost got it running but it was really slow (see screenshot below). I also have V8 compiled but when I tried to play around with it, I didn’t know what to do even with the interactive console.

My invaluable thoughts on Chrome:

• I think it’s great that it uses Webkit. Not really sure if it’s faster than Gecko but at least testing with Webkit is more fun now.
• You can drag a tab in and out of the window. That’s cool but I couldn’t pin the window to stay on top.
• The developer tools are almost as great as those provided by Firefox extensions (i.e. Firebug).

This is me amused with little things.

On a side-note, I think it’s about time to get a new laptop. It’s not that my current laptop needs more juice. It works just fine for my needs and brought me great fortune in the past 4 years from college requirements to enterprise software.

Fedora 7 just reached its end of life and I get this OCD that I have outdated software. With the urge to upgrade but no place to backup my files (strange, all of my drives are full), I think a new laptop is the answer.

An extra hard disk would be a lot cheaper but I’m weighing the extra convenience that I’ll get with a more modern laptop. For instance, if I had a newer wireless card with 802.11g (yes, my laptop is 802.11b!), I’ll be using drivers with WPA support and higher transfer rates. With a DVD combo drive (vs a CD-ROM drive), better RAM, graphics card, and processor, makes me convinced that it’s, err, about time.

I’ll be getting an HP/Compaq because all of our laptops at home that carry the same brand are still alive. Also, it won’t be anything fancy. Just a boring normal laptop and it won’t be a tablet like I wished before. The TX2000 and TX2500 are available locally though.

There will be one busy weekend soon.

It’s been a drag since Twitter IM went down. I had a very brief “play” time the other night that gave birth to Twittipy. It’s a Twitter notifier written in python with pynotify and pycurl.

Running Twittipy

1. Create a configuration file in your home directory (~/.twittipy)
2. Set your Twitter username/email and password in the configuration file.
   Example:
   [general]
username = johnsmith
password = unhackable
3. Make Twittipy executable
   $ chmod u+x twittipy.py
4. Fire it up!
   $ ./twittipy.py &

Twittipy requires Python 2.5, pycurl and pynotify. If it complains of missing modules, you probably didn’t meet the requirements.

Roadmap

I did some googling and found other stuff to try that could improve Twittipy.

• Port for other platforms (Windows with pywin32 and KDE via wxPython)
• Icon at the notification area or system tray (via wxPython)
• Encrypt or obfuscate password in config file and/or if password is not found in the config file, prompt and store in memory.
• Make use of the other methods of the Twitter API.

Download it here. There are two more options in the config file, update_interval and last_update. The former defaults to 4 minutes and the latter to the current time.

I’m quite satisfied with it. The notifications of pynotify are less obtrusive than an IM message. There’s one noticeable quirk where a tweet repeats. We’ll fix that for the next release.

Comments are welcome and please check out tweetyPy as well (not mine but also an academic project).

Pidgin kept crashing when I tried tunneling through a remote machine. After minutes of googling around, I found Finch, a command-line version of Pidgin! It used to be called Gaim-text. Really cool!

A couple of days ago I thought that one of my servers got compromised. I thought someone cracked my password by brute force and kept shutting down Apache at 4AM. As it turned out, I made a mistake with the log rotation configuration that the post-rotation restart fails to start Apache.

I immediately installed DenyHosts, disabled keyboard-interactive login and hardened the firewall. It made me feel more insecure which resulted into today’s post.

With a fresh install of FreeBSD 7 on another server yesterday, I wanted to make sure that I do it properly from the start this time.

Apache adds the Server header that reveals the OS, version and some modules. PHP also adds an X-Powered-By header that shows the version of PHP. With those information publicly available, someone can write a script that could exploit vulnerabilities on specific versions of Apache and/or PHP.

For Apache, you can use mod_security. It’s available as a port and at Karanbir Singh’s yum repository for CentOS users. See the directive below.

<IfModule security_module>
  SecServerSignature "Apache"
</IfModule>

Also, just to be a happy camper, I used a new configuration file to be included. Consult your configuration for the path. On CentOS, the default configuration directory is at /etc/httpd/conf.d. On FreeBSD, it’s at /usr/local/etc/apache[n]/Includes, where n may be your Apache version.

For PHP, simply set expose_php to off in your php.ini

Disclaimer: This works for me but I’m not sure if this is the best way to do it. I tried mod_headers first but it didn’t work.

If your laptap starts to crawl if you have too much programs running at the same time, you can try adding IGB of RAM from PC Express.

[found by D. Billano]

I’m supposed to copy and paste the stuff below.

I have randomly selected 5 of you below to be tagged and I hope that you will similarly publish this post in your blog. You have to tag 5 other bloggers and just keep adding on to the list. (Do not replace, just keep on adding! Yes let’s hope a long list!) It’s real easy! Tag others and see your Technorati Authority increase exponentially!

The benefits of Viral Linking:

1. One of the fastest ways to see your Technorati Authority explode!
2. Increase your Google PageRank fast
3. Attract large volume of new traffic to your site
4. Build your community
5. Make new friends!

And these are the people who already took part on this tag:
Blognation, Pinoytek, Reyna, Bluep, Kotsengkuba, Buraot, Iris, Banco De Reyna, Manilenya, Mitch, Melai, Malen, Beng, Sasha, Foolsville, Lloyd Lopez, Vance, JP Loh

The unlucky five are (I didn’t check my Technocrappy page): Dwek, Wildquaker, Sir Joel, Mark Q. and Edwin Kamote (currently unavailable =p).

Just riding along. My blog has attracted all sorts of spambots that exploit WordPress vulnerabilities that I do not want more popularity (if any). Besides, I’m on an all-time low with about two posts per month.

Maybe the higher Technocrappy authority will get me laid.