exim vulnerability fun

Lots of fun over weekend for admins with not-quite-latest exim… I’m getting emails from various services saying their user information databases were compromised, which I assumes related to the rootkits that the vulnerability allows you to install. Which makes me wonder: how many sites are storing passwords unencrypted? If a user database is compromised, and the passwords are encrypted, it would only *really* affect people with stupid passwords. Anyway, here we go again, changing logins on god-knows-how-many systems…

iPhone SDK 3.0 beta 3

Beta 3 is out and the new OS fixes the non-working Youtube from the previous beta.

[Update: and also breaks syncing, which now hangs on “Syncing contacts…”]

[Update2: Seems like the contacts syncing hang was a temporary issue…]

Development Standards: Intro

I’ve decided to write an occasional series of articles on coding and development standards. It will be how *I* see them – the standards *I* myself follow – so it might not be for everyone. What it will be is a guide to what to expect if I’m working for you, and what to expect if you’re working for me.

I’ll write separate pieces for CSS, HTML, PHP and possibly for server administration-type stuff too – Apache configuration, and so on.

Expect the first instalment in the near future…

MacBook hard drive upgrade

I just got a new drive for my MacBook (MacBook2,1 – black) and am quite pleased with the simplicity of the process. First up, I didn’t need to add a jumper to throttle the SATA II drive down to SATA I speed. I put it in, it was recognised OK. The drive is a Seagate ST9320421ASG.

Secondly, the restore from Time Machine was pretty damn simple and effective. It’s always the same question with backups – if you don’t test them, do you know they’ll work? I’ve grabbed individual files from Time Machine and that seemed fine, but I had no way of knowing, without having a new drive with which to test, if a system restore would work. It did. Just boot with the DVD (or a copy of it on an external drive, if your DVD drive doesn’t work, like mine) and choose to restore from Time Machine. Just pick which backup to use, pick where to restore it to and wait. I suppose it took about an hour.

Once that’s done, reboot with the new system.

The only things I noticed awry were that my hosts file wasn’t there and that my Downloads directory wasn’t either! Seems a bit odd… Anyway, copy old hosts file to new location, copy old Downloads directory to home dir and sorted. I need to look into the missing directory issue, but all in all, not too bad an experience.

[Update: small, possibly even unrelated error: the firewall seemed to have Ruby blocked for some reason, even though it was listed as allowed – just switched it to block, then back to allowed and it worked.]

[Update2: the Downloads directory wasn’t there because I, er, set it to be excluded… ahem. I’d forgotten about that.]

Screencast as development tool

I’m in the middle of the first phase of building a new webapp and like most web developers (I would bet) when I show someone what I’ve done, it’s not apparent what marvels of engineering I’ve pulled off! So, in order to actually give a quick run-down of where we’re at with the application, I thought about making a screencast of the login, profile creation, module, video upl– well, I’ve said too much already ;)

After thinking about that for a bit, I wondered if any methodologies, agile or otherwise, use screencasts specifically as a tool. I could just Google it, I know. In any case I think it’s a nice way of showing progress on the development – or bugs in the app.

ACCEPT LANGUAGE, DAMMIT!

This is probably an oldie-but-goodie to a lot of web devs, but as search indexing bots don’t always send `HTTP_ACCEPT_LANGUAGE` to the server with the request, it will cause an error if you depend on its presence, which can and will be reflected in the search results, even though not in “any” browser.

Mailplane is almost excellent.

mailapp.png

I’ve just been trying Mailplane which is a nice OS X desktop app for Gmail.

– Drag and drop to attach a file? Check!
– Automatically take and send screenshots? Check!
– Send pics from iPhoto? Check!
– Optionally optimise photo attachments? Check!
– Growl integration? Check!

The screengrabbing and sending in one swift move is very nice, if you end up doing that sort of thing a lot.

But, why provide an interface (this *is* just a wrapper around Webkit, after all) to one of, if not *the* best keyboard-controllable web app there is, then not allow the same shortcuts? All those years (yes, years!) beating Gmail shortcuts into my fingers! Actually, it’s not so much the years using Gmail as the previous years using Mutt, and for that matter vi/vim, that made these shortcuts automatic. That’s why, when I first looked at Gmail as a possible replacement for Mutt, the fact that there was *no* change of habit really impressed me. (And that includes the conversations/threading model, too.)

Well, nice try uncomplex, but I’ll stick to for my Gmail window for now.

(Un)believable!

It would be unbelievable if it wasn’t something I’ve almost come to expect here: Movistar’s iPhone page only works in IE.