Fun with Ajax
September 28th, 2009 by ravi

As an example of how much ground remains to be covered before Ajax Web Apps can be considered mature:

Facebook Friend Request FAIL

Facebook Friend Request FAIL

Sequel Pro now supports SSH
September 23rd, 2009 by ravi

Say you are not a PC. And you use MySQL in some manner that is compliant with the rules and ordinances of your community. And you are part of the dying breed that considers web GUIs nice and all, but a native client application is where it’s at. Then, the go to tool on the Mac for your MySQL interaction needs was CocoaMySQL. And if you thought the awesomeness of this tool could not be improved on, you didn’t reckon on SequelPro, the son of CocoaMySQL. And the hits keep on coming. The latest version (0.9.6) delivers on the SSH tunnelling capability that has always existed as a teaser in the UI. Did I already say awesome?

Download: Audacity of Tanish 0.7 for Posterous
September 22nd, 2009 by ravi

Download Audacity of Tanish 0.7 for Posterous

Download Audacity of Tanish 0.7 for Posterous

This is version 0.7 of Audacity of Tanish — a theme for Posterous. If you do not know what Posterous is, you should find out. This is the first release of the theme. The version number means that it is incomplete — which does not imply that its buggy (which all software is!) but that more essential styling and changes are on their way.

Screenshots: Audacity of Tanish 0.7 for Posterous
September 22nd, 2009 by ravi

For whatever it’s worth, a quickly hacked up version of Audacity of Tanish is now available for Posterous (which now supports custom themes). Below are screenshots; download link coming up next.

Reblog this post [with Zemanta]
Jobs on the Kindle
September 15th, 2009 by ravi

Steve Jobs, like me, doesn’t quite get the point of the Kindle:

A couple of years ago, pre-Kindle, Mr. Jobs expressed his doubts that e-readers were ready for prime time. So today, I asked if his opinions have changed.“I’m sure there will always be dedicated devices, and they may have a few advantages in doing just one thing,” he said. “But I think the general-purpose devices will win the day. Because I think people just probably aren’t willing to pay for a dedicated device.”

[via Steve Jobs on Amazon and Ice Cream – Bits Blog –]

Download: Audacity of Tanish 1.0 for WordPress
September 14th, 2009 by ravi

Download Audacity of Tanish 1.0

Download Audacity of Tanish 1.0

Audacity of Tanish for WordPress is a theme for WordPress — more info here. What’s new in this release:

  • Tileable configurable background choices
  • Option to display most recent post in expanded mode, in the index/home page
  • Popout styling for selected post in index/home page
  • Superimposed author gravatar in post page
  • Collapsible comments block, now attached to the post
  • Built-in support for FancyBox using a WP shortcode (qfgallery)
  • Styling for TABLEs, headings and PREs
  • Ping/trackback comments support
  • Support for multi-page posts
  • More IE related fixes
  • More configuration options
  • Better/clearer link to post page in index page
  • Cleaned up the stylesheet
  • and many, many fixes

Click here for some Screenshots and a video of AoT in action.

Screenshots: Audacity of Tanish 1.0 for WordPress
September 14th, 2009 by ravi

Below are screenshots highlighting features of Audacity of Tanish for WordPress, including ones that are new for 1.0.


Click here to watch the Blair Witchesque video highlighting some of the features (needs QuickTime).

Screenshots: Audacity of Tanish 0.9.5 for WP
September 13th, 2009 by ravi

(Adding screenshots of 0.9.5 release of Audacity of Tanish for posterity ;-) — just moving it from the page about the theme to a post.)

Back in White?
September 10th, 2009 by ravi

Take a look at the screenshots from iTunes 9. It looks like Apple is (regrettably) returning to the white look (also note the blue hues for the checkbox). As well as (again regrettably) adopting the grungy buttons look pioneered by YouTube and adopted, with predictably shiny excesses, by Windows. Or is this just a conservative aesthetic instinct on my part? On the potential plus side, one day perhaps we will see the candy/lozenge scrollbars in Mac OS X replaced with the more subtle ones that iTunes has been sporting for a while.

iTunes 9

John Gruber’s 15 minutes of schadenfreude
September 8th, 2009 by ravi

WordPress users need an upgrade to a fairly new version (2.8.3 or newer) to fix a security hole that was recently discovered. That bit of news has been dispensed via various outlets including Twitter. John Gruber, a smart and interesting tech blogger, seems to be thoroughly enjoying this business, from what I can tell. This is not the first time he has opined on WordPress, but despite what seems to be poorly concealed glee (the man has made three comments — and counting — thus far), I think he is almost as equally wrong this time around as well.

First some background:

As per my reading of Matt Mullenweg (the primary creator of the WordPress platform) this exploit is possible if:

  • You failed to upgrade WordPress for two releases (i.e., both 2.8.3 and 2.8.4 do not include this susceptibility)
  • and you have registrations enabled for your blog (how many self-hosted blogs do that? I do not know)

Gruber’s basic argument seems to be this:

  1. If you run a self-hosted WordPress blog and ignore updates, you can get hacked.
  2. This is the equivalent of “finding your home burgled and your valuables missing”.
  3. He (Gruber) does not know if WordPress is poorly designed (“security-wise”).
  4. However, whether it is poorly designed is a question that is similar to the one that “continues to rage” (for “15 years”) about Microsoft Windows.
  5. Gruber can’t recall any widespread security attacks against Movable Type, Posterous or Tumblr.
  6. Gruber doesn’t update his MT installation but he hasn’t got hacked.
  7. Therefore “the situation with WordPress is different, and clearly more dangerous, than it is on other platforms”.

In consecutive breaths, Gruber first ponders:

I have to wonder when WordPress users will start switching to some other platform.

and then disclaims:

Nor am I attempting to persuade anyone to switch from WordPress to Movable Type.

Let us take him at his word, the second one that is (i.e., he is not interested in persuading anyone to switch), and look at the argument he offers. He starts out with a truism in computer security: all software has bugs, and if you run some software that is reachable via the Interwebs, you can get hacked, especially if you don’t update the software with fixes for such bugs. If you didn’t realise that and decided to run a WordPress blog anyway, then like Gruber I would distance myself from “blaming the victim”, but I would still wonder what else you may have expected.

What you should expect, if I am following Gruber’s argument, is that if one platform (MovableType) has not suffered any “widespread” attacks in one individual’s (Gruber’s) memory, while another (WordPress) just suffered one, then that information recalled from memory “clearly” makes the second platform (WordPress) more “different” and “dangerous”. Even if we do not know if there is anything about the second platform that makes it poorly-designed security-wise.  Or in his other words, this one reported vulnerability in a version of a software two releases old is the equivalent of 15 years of [raging debate on] Windows security (or lack of it).

I am afraid that what is unfortunately made obvious by this line of argument is only that John Gruber runs an outdated version of Movable Type (that he does not care to upgrade) because he thinks, though he does not necessarily know, that it is a safe[r] platform. Which in turn leaves one hoping that he will not be in the unenviable position of blaming the victim, himself, some time in the near future. As I wrote at the top, Gruber is smarter than that… or will be once the 15 minutes of schadenfreude wears off.

Some smaller clarifications: As long as you or your hosting provider perform[s] backups, this exploit (if it occurs) does not mean that you have lost your blog content. Without doubt, restoring that content can be a painful affair, but it’s a lot easier and reliable than contacting the police to recover your belongings.

Oh and Movable Type? Here’s just what one random Googling produced (author: distler):

Remember insecure formmail scripts? How very 1990s, eh?

As if comment spam were not bad enough, MovableType includes, in its default installation, a CGI script called mt-send-entry.cgi which — you guessed it! — can be used to send email anonymously to anyone in the world.

And, no, this is not a merely theoretical issue; it’s being actively exploited by spammers.

Want more?


All these demonstrate is (not that these are the same vulnerabilities discovered in WordPress but) that software is by nature insecure. And all that rot that we all know quite well.

»  Substance: WordPress  »  Style: Ahren Ahimsa