I have been using Gmail for a long time and one of the features that I enjoyed has been the ability to retrieve mail from other accounts automatically, which makes consolidating your various email accounts a cinch. Otherwise, you have to set up many different accounts on your mail client, if you have several accounts to keep on top of, like me.
Suddenly, during December last year, I noticed that this feature was not working anymore and I was not sure what was causing it. First I checked to make sure that my mail server had not caused the problem. After spending a bit of time looking through the server authentication log, I did not see any problems with the user credentials. A few head scratches later, I found the culprit in Gmail itself.
Apparently, there was a change in Gmail settings in the way it treats self-signed certificates. The accounts that I checked through Gmail are hosted by a mail server that I control, using self-signed certificates. It was fine for a while, but now Gmail thinks that no SSL security is better than using a self-signed certificate.
Considering how many CAs have been compromised lately, I feel that making people drop SSL encryption because their certificate was not signed by a registered CA is a little on the strange side.
First day of 2013. It will be an interesting start of the year, with many things already underway. There is the “fiscal cliff” issue in the US and there are a lot of other stuff going on in other parts of the world. Let me also say that the Mayans were not proven wrong, since they never made the prediction in the first place. So let this new year be filled with broken promises, wrong predictions and failed resolutions!
Despite all the hype about the breaching of Mac OS X security in the media, it pays to remember that this is not the first time it has happened. There have been many Flash Player and Java bugs in the past.
What is new here is that the bugs in Java has been exploited to carry out a silent install of the malware. This exploit has been so successful that it is estimated that up to 500,000 Apple machines have been infected so far.
If you have been unlucky you may have been infected, but there are ways to find and fortunately, remove the malware from your system.
For my day to day travel, I often take a 3G dongle as my own personal internet connection which does not get monitored, filtered and restricted, unlike the wifi connections available at the places that I am currently working. I carry the dongle with me everywhere I have my laptop, in case I need to connect to my server through SSH (work internet only permits ports 80 and 443).
Last year, after using a Huawei K3565 dongle from Vodafone, I purchased a Huawei E5832 wifi modem so that I can use it with other devices and share it with friends occasionally. I did not have any problems connecting it to my MacBook Pro on Snow Leopard. It worked flawlessly.
Last week, I acquired a new MacBook Air with OS X 10.7 Lion pre-installed and for the life of me, I could not get the modem to work via USB (still works as a wireless router of course). I sometimes connect the dongle directly via USB when the battery is going flat so I can keep using it regardless of the amount of charge left in the battery.
One suggestion in Whirlpool is to install the connect software from Three http://forums.whirlpool.net.au/archive/1751706 but cancelling it after it has installed drivers for the modem. I find this a little slack from both Huawei and Virgin to not have the USB connection issue resolved.
If you follow the suggestion to download the Three software, the post suggests that this method works.
This is a topic that has been written about many times before, but so far there is no good replacement that I have seen, other than oauth. Password security has been proven to be the weakest link in many organisations’ security schema.
The recent case of security breach at Gawker Media is a case in point. It proves that passwords get reused for other websites in quite a few cases and that people often choose really obvious and weak passwords.
However, until there is a replacement, the best case scenario is to use a strong password, but strong passwords are hard to remember. If one has a different password for every site that requires registration, then each person would have quite a few complex passwords to remember. This is why people choose weak passwords and reuse passwords across sites.
I guess rule number one is to not use your banking password for anything else. So, in a sense, one can have multiple tiers of security depending on the importance of the sites. This, however, is quite tricky to define since people place different levels of importance to different sites.
Let us hope that there is a new scheme around the corner to allow for better security all around.
I have noticed that in the time I have had WordPress 3.0 installed, the volume of comment spam has dwindled quite significantly. It seems that the use of captcha and a few other plugins has somehow reduced the amount of spam hits that the site gets. Although according to analytics I still have visitors from Argentina (?)
According to this story, there was no hint of the two complainants involved in Mr Assange’s case that they were raped. In fact, they sent text messages boasting of their conquests the very next day. If they did not feel that they had been raped, then what are the charges for? The Swedish authorities continue to deny that there are ulterior motives, but to observers, this should be quite obvious by now.
One of the editors of Wikileaks.org, Julian Assange, has been arrested in London at the request of Swedish police for rape charges which allegedly occured in August this year. While rape charges should be regarded as serious, the circumstances of these rapes are suspicious and the timing smell of a state-sponsored frame up.
After nearly eight years of near constant running, the server on which the agit8.org website has been hosted, is now officially retiring. The website has been running on an old and outdated (!) hardware that was Pentium II 400Mhz with 256MB of RAM. It happily ran for years without complaint, except for a dead power supply fan and it also handled mail for about four other domains.
The old server was happily serving pages running Mandrake 9.0 and Apache 1.3. The new server hardware is based on the Intel Atom architecture and is quite a bit snappier at 1.6Ghz with 4GB of RAM. Page views should be a little snappier from now on.
The US department recently seized up to 82 internet domains. The operators of which have been accused of selling counterfeit goods. While the websites are still operational, the manner with which this event unfolded is a definite concern for all website operators. If left unchallenged, this procedure can, in the near future, be applied to other “infringements”, such as linking to contents deemed unsuitable for public consumption, political differences, or even in the cases of blogs and forums where a user might post something that is not agreeable to the content industry. The ease with which the US Department of Justice can seize domains demonstrates the attempt by the department to shift the burden of proof to the domain owners. It is now the case that you are guilty until proven innocent.Link to the story that inspired this post