Aja Lapus

Category: WWW

  • Redesign At Long Last

    I have announced a redesign more than a month ago, but since WP 2.2 has been delayed, I decided to delay it as well. It’s finished now … well, almost. The upgrading process and the redesign exhausted me. So this post will just be a placeholder. Place your comments here, but I will surely edit this entry later.

    I was just worried about some things the upgrade did to my database, it seems that some non-Latin characters was converted to something else. I will investigate on this matter after I wake up later this morning.

    *after waking up this afternoon*

    After years of having single color accents, I’ve decided to take on dual-color accents to be used on this new design. I just love having complementary orange and blue on almost anything, now they’re on my Web site as well.

    Some pages still wouldn’t work, and some are still being rewritten. The new Projects page will be used to organize all my work including Web development and WordPress plugin development pages.

    This design has been tested on Firefox 2.0.0.x, Opera 9.x and Internet Explorer 7. I may include some bug fixes for Internet Explorer 6 as I discover it, but don’t count on it.

    Credits go to Feed Icons for the standard feed icon, and to FamFamFam for the cute little Silk icons I’ve used throughout the whole site.

    Thanks to Arvin for pointing out that my comment form didn’t work. I’ve only used id attributes on the form elements that browsers handling HTML-compatible XHTML wouldn’t process as query string variable names like what they do on name attributes.

    Criticisms are welcome. 🙂

  • The Basics of Wireless Security

    Wireless connectivity is probably best described to give convenience to its users. Having a wireless access point on your home gives you the comfort to position yourself almost anywhere provided your devices are within the range of each other—on your living room, on your bedroom, and even on the kitchen. There are still many concerns about having this type of connection, however, and most of them is about security.

    Since laptops, smartphones and PDAs, provide for the needs of busy mobile consumers,[1] and most of them gadgets are now being equipped with Wi-Fi, it has no doubt become the next big target of crackers—much like what happened to Microsoft Windows being targeted on exploits and vulnerabilities, and to bluetooth-enabled mobile phones being targeted with worms and malware when they became popular.

    Common things done by crackers to wireless-enabled devices and networks include piggybacking, wardriving, man-in-the-middle attacks, and spying, among others. Explanations are as follows:

    • Piggybacking refers to the act of obtaining access to resources on a wireless device, which include Internet access. Open networks on public places and services, such as hotels and cafés, usually permit this,[2] but some networks even on the said places[3] as well as on homes generally do not.
    • Wardriving is the act of looking for wireless networks usually with the aid of a vehicle,[4] and a powerful antenna on a wireless-capable device, much like what people with radio scanners do to receive police and military transmissions. After connection with the device has been established, the wardriver could possibly do anything to the network or its users. Some has been ethical, however, and act as a tiger team telling the administrator or owner that the network could easily be breached.
    • Man-in-the-middle attacks are somehow sophisticated that includes a cracker acting as the network access point the victims are trying to connect to. He then connects to the real AP himself transmitting and receiving data both ways to seem invisible. But, in fact, he now controls and sees every bit of information the victims are sending and receiving that seem to them to be secure.
    • Spying has been the most critical and publicized problem existing today—even surpassing the popularity of virus and worm attacks today, IMO. Anti-spyware tools just popped up one after the other from nowhere, haven’t they? And we thought it would have ended with just Web browsing with credit card information, but it obviously haven’t.

    Wired LANs probably seem more secure since the only ones receiving data are the ones connected by wire—of which the owners control—while WLANs have access points and terminals that emit signals that could be received by anyone near the devices. However, this concept is somehow wrong. Wired networks with terminals having an active insecure Wi-Fi device could be entered by these crackers to gain access onto the network as well—much like providing the cracker a jack to plug into.

    Having set up a wireless network at home myself, and after trying to configure each and every option presented to me by my router’s Web interface, I’ve searched through forums, blogs and info sites to find ways of maintaining my network security. Here are some basic instructions:

    • Wi-Fi Protected Access (WPA or WPA2) is the secure authentication and encryption method for wireless networks and should always be enabled. Most consumer wireless devices are capable of using at least WPA and WEP (an earlier security method that has known limitations). But, try to utilize WPA2 first, if it is available. It is an implementation of the IEEE 802.11i standard, and WPA is just its subset.
    • MAC address filtering is a feature from routers and access points that permits or blocks certain devices based on the hardware-embedded MAC addresses on their network adapters. Some NICs allow changing the MAC address to match an accepted one, also known as spoofing, so this should not be the only security measure utilized.
    • Change the router’s default settings such as Web interface password, SSID, and IP address. These settings are known by crackers and would immediately tell them if the user has an insecure network. These changes would at least make it harder for the cracker to find the network configuration and administration interface.
    • Most routers come with a hardware firewall that blocks potentially malicious and corrupted signals. This should never be turned off.
    • DMZ forwards all ports to a terminal so that all connections may pass. This is usually used for applications where the user does not know which ports are being used. The Port Forwarding feature, which is as common as DMZ, is more secure since it only forwards the applications’ required ports. Ask support from the application developers to know which ports should be forwarded, and avoid using DMZ.

    There are many more types of security concerns and prevention, but these are the most common ones. Please note that until Windows Vista, Microsoft OSs have not supported an implementation of WPA2. But, a WPA2 update for genuine users of Windows XP SP2 is available for free download. After installing the update, an option to turn off broadcasting of the preferred wireless network list will be available and this would add to security.

    I wasn’t able to test Linux wireless security as I have Ubuntu only on my desktop, which is on a wired connection. You may (and please) reply if you have information about wireless security in these and other operating systems. Thank you.

    One very important rule to security in any digital environment is strong passwords. Choose them wisely; they should not be any dictionary word or phrase, at least one character must not be a lowercase letter, and you should not use one password on every digital account you use.

    Footnotes:

    1. ^ Who are now practically everywhere—students, business people, posers, and everyone else who just have the money.
    2. ^ And are probably not considered as such act.
    3. ^ Where access is restricted to clients and customers only.
    4. ^ The term is usually used on the act using motor vehicles, while warbiking and warwalking are used to refer to wardriving on motorcycles or bicycles, and wardriving on foot, respectively.

  • Not Only WP 2.2 will be Delayed

    You’ve probably read that Matt Mullenweg announced a delay to the WP 2.2 release, which was previously due in 4 days, on your Dashboard already, but it still is worth blogging. As I am creating my new theme—now at a rough estimate of 75% completion after five [half] days of work—I think it would be better to delay the release of AjaLapus.com 4.0 as well.

    New features from WP 2.2, including core Widgets support, integrated tagging system[1] and Atom 1.0 standard syndication feeds, would most probably make me revise my theme a lot more since I am planning to use them anyway. And since I still haven’t tried using nightlies, nor do I have time and patience to install AMP again on either my Linux or Windows installations to test and develop on a nightly, it’d probably be best if I would wait the couple of weeks out for the new WordPress to be released.

    So far, I have the following completion percentages for the templates of the upcoming theme before I delay working on it:

    • Header, Footer, and Single post templates and styles at 100%
    • Homepage, Quasi-static Pages, and Sidebar templates and styles at about 90%
    • Archives [including Tag, Date, Category and Search pages], 404 page, and Page-specific templates at 0%

    And, btw, I’ve already consulted Shari and Lexie about the theme and they seem to like it so far. That was a relief since Shari immediately turned down the first one I’ve made. Well, not that it all depends on them—I really just like positive feedback.

    For those who were browsing yesterday late at night and have been [403] Forbidden from viewing any page, that was most probably be me doing some tests. Ugh. I really need a local LAMP/WAMP installation.

    And, about the issue of ad serving using Google AdSense, I decided to stick to HTML-compatible XHTML Strict since I’ve encountered a FAQ from Google stating that AdSense code within an <iframe> would lead to PSAs or less targeted ads [probably the same case an <object> tag would produce] even though that method was approved by Google.

    So, there you have it—just lame updates. I’m getting busy at school since I’m taking up my Math 321 this summer vacation.[2] I still do hope I’d have more fun before the vacation ends.

    Footnotes:

    1. ^ As Dougal Campbell pointed out, it was pushed to 2.3 milestone—I wasn’t reading the wp-hackers list as well.
    2. ^ If you can’t remember, it’s because of this little problem.

  • Those Little Interconnected Things

    Ok. Now I’ve had my six days of fame.[1] Better get back to the regular blogging programming and routine. 😛 But, let me ask you first: How does a Web event, an impending increase in domain name prices, browser incompatibilities, and advertising limitations result to me having to think of making a new WordPress theme for my site?

    During the time before the 2nd CSS Naked Day, I decided to make a plugin for WordPress that would strip every piece of stylesheet information from a Web page. It was somehow successful given that I was only receiving 50–100 unique visitors a day prior to the creation of that plugin, which in turn made my statistics plugin jump to receiving 200–300 unique visitors a day. In addition to the plugin, Dustin‘s pun resulted to a lot more SERP referrals. More visitors equal higher rankings; my Alexa rank turned from above 3 Million to just above 700 thousand in 10 days.

    Since Text Link Ads consider Alexa as one basis for accepting ad publishers, I thought it would be better for me. And with the impending increase in .com domain name prices, I’m starting to think I really need the money. But, still, I haven’t had ad placements since I’ve reinstalled TLA on my theme,[2] so I think it would be better to go back to [or at least serve it at the same time with] Google AdSense which I have used even before TLA. I was just frustrated that AdSense won’t serve XML-compatible scripts or at least a <noscript> fallback for those who don’t want to or cannot display scripts of document.write nature.

    Since it’s equally hard to modify a theme to contain ad spaces than to make one from scratch, I thought it was better to move to a Version 4 for the site. And because WordPress have deprecated some functions since 2.1, and WordPress 2.2 is just around the corner, I think I’m better off making a new one.

    I then thought of the need to create a theme served only with Content-Type: text/html, since Windows Internet Explorer 7 also has no intention of accepting true XHTML. But, I’m having doubts of doing so since I’ve been a fan of XML rules[3] imposed on HTML since the time I’ve learned them. I’ve also read articles on how to use AdSense with true XHTML pages.[4] So, I would most probably stick to my current content negotiation scheme.

    I’ve actually started making a template with a Web 2.0-ish theme a week ago based on some tutorials I found on the Web. Although, upon showing it to Shari, she told me it was a bit too bright. So, I guess it would have to be redesigned since I don’t want my handful of regular readers straining their eyes, and to be looking at [or rather getting distracted by] the design more than they do at the content of my articles.

    So, I guess you just have to wait for the next version of this site. I am finally going to a pool to swim tomorrow, so don’t expect it to be that soon. *excited* 😛

    Footnotes:

    1. ^ April 1–6 recorded ~2500 hits from human visitors only—more than half of what each previous month’s worth of page views even without Bad Behavior blocking robots.
    2. ^ Maybe because of the irrelevant keywords? IDK. I just hope not.
    3. ^ Must be well-formed, lowercase, etc. Therefore, cleaner and more readable.
    4. ^ One from Keystone Websites, and another from CSSplay thanks to Sir Regnard.

  • Now Showing: Naked <body>

    As you may notice, this site has been stripped off of its stylesheets. Don’t worry, nothing is broken—and it will last only until the end of the 5th of April 2007 in the whole world.[1] I’m just participating in this year’s CSS Naked Day like what I did last year. Cheers to Dustin Diaz—More than 1200 sites are currently signed up! I never actually thought it’d pass the 763 sites signed up last year as it was only 500+ or so when I last checked the list before my site got naked.

    Now, onto the topic …

    I’m somehow surprised to have been getting a lot more visitors this April compared to any other month since this site has started tracking hits. The first and obvious reason is that my CSS Naked Day WordPress plugin has been featured on the Official event page—that I’m not surprised about. The second, more surprising reason? Keywords. Dustin sure has a knack for naming something—in his case, the event he founded—as he’s also famous for the Topless Cameron Diaz photo. 😛

    SERPs referring to this site indicate more searches with the keywords naked and some about stripping getting to my site lately. No wonder Shari‘s been getting thousands of unique visitors a month![2] All she talks about is sex, and even more of it—oh, and sex toys [she dubs them acsexsories], as well—even if the blog awards[3] was the topic.

    Another thing more surprising is that, according to Pinoy Money Talk, Filipinos are more interested in sex than money.[4] Now I really think poverty and overpopulation are not because of lack of good governance—but that would be better for another entry.

    Oh—just so you guys know—I will never, and I mean never, be turning this blog to be about sex just as Shari did to hers. 😆

    Footnotes:

    1. ^ 6 April 2007, 00:00 GMT-12 or 20:00 PhT
    2. ^ As disclosed in her recent article.
    3. ^ Or anything else unrelated.
    4. ^ As reported by Google Trends.