All work and no play makes jack a dull boy. It was the December holidays, stretching all the way to January at least before the start of the upcoming Lent university term. With Portal, Skyrim, and TF2 boring me out these days, why not get back onto some RPGs like World of Warcraft? Well as you should know, World of Warcraft (WoW), despite it’s launch since 2004 is still the most widely played massively multi-player RPG in the world (though some SWtoR fans would argue otherwise).

So it’s $15 a month to head back into Azeroth at least for the holidays, for a month. Paying to play a game, could be a turn off for many. I was initially skeptical of paying too. But later do I know paying does has it perks as it not only provides a much better mature gaming experience not only in support and game uptime, but sieves out casual trolls and kids you usually see on free-to-play games, not to mention flame-bait and trolls.

So what did I do within the period of a month? Leveled up 3 toons with a cumulative total of 200 levels, now that is quite alot of (anti-social) time. That also means exploring the worlds and various (and revamped) expansion zones I missed out over the years. I never quite got to the current level cap of 85, not seeing the need to level up so quickly, so technically I actually had not touched the Cataclysm zones as of yet, despite starting on it already on my ass-kickin’ Worgen Death Knight.

Dragons in Northend

Chilling out over Stormwind

Exalted in Orgrimmar

With the start of Lent around the corner in a few weeks time, it’s time to put all my toons into deep freeze till the upcoming summer holidays at least. Not to mention considering gearing up my characters for the new level-90 cap when blizzard releases the Kungfu- touting pandas on the new Azeroth southern continent in the upcoming “Mist of Pandaria”. But not of course till we get “Heart of the Swarm” or the long delayed Diablo III on the next Starcraft/Diablo franchise.

Surprising, with the exception of a number of local British students I know here in the university, no Singaporeans studying here plays WoW at at. Not only that, some do not even know about the game, let be any PC or Xbox game titles I know at the back of my head released within the last 5 years. So for WoW I usually end up playing with my friends in the States anyway, with almost all of my toons on US servers.

I know you must be screaming “NERD ALERT” right now, yea but it’s a “problem” either the poor Singaporean kids here, I hope this is not what you get with ultra nerdy students coming from top schools and Junior Colleges who “take pleasure by studying”. That is really sad, but the fact is this is the stereotypical image of various top Singaporean JCs, just study study study- Not even any extra-curricular activities or nothing about heading to a pub to chill for the night or a game of pool after a long day of work. Of course that is another huge area to debate about what I define as a “balanced and healthy” college life. I mean hey! college life is literally one of the best times of your entire life. I definitely wouldn’t like to look back at my college days and see myself remembering just only all the studying as a socially-inert study-bot.

That would be really, really sad.

It interesting that such technology and capability already existed ages ago, but no one seemed to put it all together for the consumer. Apple seem to always get that right, this time they are doing it again with a new slate tablet computer called the iPad.

At first glance, it looks like an over sized iPhone, which the distinctive bezel, form factor and home button. It’s not running the full workstation-capable version of OS 10 contrary to much speculation, but rather a portable-enhanced version of OS 10 which is largely similar to the interface on the iPhone, for a larger screen. It comes in 2 favors, Wi-Fi or one with additional 3G in 16GB, 32GB, or 64GB capacities on flash drives.

The fun device seems to cater for a void in the market which tries to be neither on both ends, namely a phone nor a work-capable computer. If you need an, it will only truly shine for it’s wireless capabilities and size, so it will be wise to get the one with 3G. Otherwise, it will just be a regular slate with no noticeable selling points. To me, the iPad seem to fit into the market for people looking to have a device around the house for quick access to emails and the internet, but not much one being a full-fledged computer, something which might rival the iMac or iBook. So technically it’s in a class of it’s own filling the void between the iPhone and the iMacs.

Though multi-touch may be a selling point, capacitive touch screens are good for gesture based commands and navigating menus. Not exactly that impressive for writing, something a tablet must be good at. Capacitive touch screens are just simply something notorious for precision. Moreover, I don’t see a need for a slate, being a tablet user myself for almost 5 years, having used on screen digitizers (wacom penabled screens) on convertible slates as well as traditional pen based drawing tablets (intuos4) from wacom, I find the lack of precision of the screen a big turn down for a promising product- It is just not as practical as I’ve expected it to be too. In short, the precision offered on dedicated tablets is very important and is something I don’t see the iPad fitting well into my needs as a student who needs to use a tablet for lectures as a student, let be precise enough to take down notes or do drawings accurately on.

The iPad is after all, a fun product not intended for work. Like, the iPod touch bigger brother. An expensive toy.

Hardware-wise, it does bags 10 hours of battery life. But big no nos will be the lack of a user-replaceable battery and a small resolution XGA screen- You can’t really call the slate an internet machine with a screen resolution of 1024×768! The 1Ghz A4 processor of the iPad is adequate, despite not being as speedy as most mainstream tablets on the market now. This apple designed processor is largely tailored to the basic needs of the device and OS, thus would be adequate for the basic functions it aims to serve, don’t expect it to be much of a production computer though.

The really cool thing I like about it is that it can run literally all iPhone apps on it out of the box, so that will allow many users to port over from existing iPhone platform and also establishing a good base for the new product to grow on.

I can’t deny that the device is indeed very pretty, but it will never be powerful enough to be justifiable to do descent work as a proper computer or for school, etc, yet too big to conveniently carry around as a portable device. It’s trying to be something, but not really found it yet. Anyway, with apple aggressively promoting the iPad SDK since it’s launch, it will be fair however to give it some time for iPad dedicated apps to grow on it where it’s functionalities can be truly realized. But for now, and for me, I will be putting my money for the next gen iPhone maybe coming out in June, that will be a better choice.

Video of the iPad at the click:

I had this problem with iTunes previously, but solved the problem by reverting the program, so I am posting this here in case anyone who experienced the problem on a same setup can get a solution here.

After updating iTunes on my PC to the spanking new 9.0.2 64-bits to suit my current system platform, I kept getting numerous errors whenever I try to install new apps on my phone. The system will just fail an app install each time and will demand a phone restore each time I plug the phone back into the sync cable. Bad!

Also, what you will get from iTunes will be a myriad of irritating, yet not very helpful error messages only the person who wrote the program knows about. I mean who knows error codes man? So much for user friendly apple software!

Seemingly, the programs are not installed at all on the phone, but with the icons showing on the springboard. True enough, launching them will crash you back to the homescreen. iTunes will simply just hate your iPhone (Latest firmware 3.1.2) and treat it like some foreign virus, demanding it be cleansed with a restored backup each time after plugging your phone into your PC.

I’ve heard about file permission errors in the iTunes music directory. Sometimes, R-clicking on your iTunes music folder C:\Users\username\Music\iTunes and unchecking “Read only” under “Properties” will help.

In the end, it turned out that it’s an iTunes program error with the 64-bit version. Apparently, the latest iTunes 9.0.2 64-bit does not work on my setup running Windows 7 64-bit Ultimate. Force installing (the installer will recommend you to install the 64-bit version) the 9.0.2 iTunes 32-bit version makes everything work like a charm.

I came across this problem when doing some word processing on my new installation of Office 2007 on Windows 7. If you are running the final release build of Windows 7 (build 7600) and Office 2007, you may have this problem of being unable to use your mouse to click on text or click-drag the right scroll bar. Closing your Word window will result in an App crash. Even after many restarts, running the Office diagnostics (no problems) and having the latest Office updates do not seem to work either. My add-ons do not seem to affect the situation enable or not, so the problem will lie mainly on word’s core.

A quick fix which worked for me till Microsoft releases an official fix is to revert the office registry settings back to the default value, (well despite my Office install being still largely set on default). That means renaming the current registry values to an alternative backup value so that word can re-create the registry values again.

Click start and under run, type “regedit” (start -> Run-> enter “regedit”). The registry editor will pop up and navigate to: CURRENT_USER/Software/Microsoft/Office. From there, do the following:

Make sure that word is closed when doing this. After that start word and you should be able to click on text and drag the scroll bar using your mouse. Unless if you are really sure of what you are doing, do create a registry backup before altering any values on the editor, do this at your own risk. But if anything crops out, you can always rename your registry values back to the original values.

With my university term starting in October, it’s very much shopping time to get the gears and stuffs in preparations for my departure. Shopping is good therapy, well, not until you see the bill!

The choice of my desired system was much of a personal debated topic as well. The story started with this quad core desktop which I currently use as my primary computer, but it won’t be something I would see lugging all the way, let be shipping with my books to UK for use in the dorms. It will be too much to handle, let be to move around if I have to switch rooms between semesters. So the logical choice will be a laptop, which brings us to another problem- There is currently no laptop I have which has as much computing power as my desktop, the solution? Get a new laptop? What laptop? well!

After much searching and re-searching, I finally come to choose few desktop replacement laptops which I will using for my whole university term of 4 years till I graduate- namely the Alienware M17x (which gave me mixed feelings about it’s exclusivity when it was made available in Singapore now, though I planned to get it while in UK), the Clevo/Sager NP9850 (or the Core i7-940 based NP9280) and IBM/Lenovo Thinkpad W700. These babies are not so much your average laptop, with 17″ screens and weighing about 5kg- not much the proper definition of “portable” but beats lugging 20kg of steel and monitor around as well. Anyway this laptop will be based in my room as a personal system where it will be permanently mated to the wall socket. I will be using my current lighter Fujitsu tablet for lectures and tutorials.

The IBM Thinkpad is cool because it has a tablet built-in which is cool for illustrations or a quick doddle, but is not compared to a dedicated tablet which I already have. Though you can the bells and whistles such as Quad core processors, workstation graphics and DDR3, the W700 is expensive, let be overpriced- about $9000 fully loaded with not much graphic options as well. And yes, there is no Macbook pro which can satisfy my computing requirements, so I am leaving that completely out.

The Alienware however, appeals to me through 5 main points- Price, performance (it’s claimed to be the fastest laptop in the world at the moment), gamer orientation, X-factor and support is backed by Dell, which I say is superb. What’s more it has freaking cool lighting and doesn’t look like a laptop my dad would use. So for a laptop which is as or even exceedingly powerful than my desktop, I feel there is a need to turn to the “all-powerful”:

I am only having gripes to forgo the Sager NP9280 with the i7 processor, as that is truely proper desktop processor but it’s just a shame that laptop do not offer SLI or a blu-ray writer, what’s more it looks ugly.

Mmmm it seems that once you put your foot in quad cores and 1200p HD screens, you will never own a system lower than that. The laptop specified at the following costs about $5500 including GST. I have yet confirm prices through phone with Dell but it can be roughly $300-$500 cheaper by ordering through phone than online.

Frankly speaking $5500 is a considerable sum at a go. But after some consideration of this being my primary system for daily use with school, projects and maybe work, it’s quite a bargain for what I can possibility achieve with it. So do I consider this much of an investment rather than a purchase?

Can’t wait to get my hands on this.

Following the upgrade of the site, I’ve successfully integrated gallery2 with wordpress 2.8, able to call wordpress functions within gallery itself and maintain your wordpress sidebar. This was not previously achievable with gallery1 considering that some wordpress and gallery share some variables which needs to be redefined to avoid conflict, with this new setup I am glad to say that problem do not exist now.

True there are other plugins for wordpress such as WPG2. WPG2 looked promising, as it allows you to call and display photos in your posts as well, but it’s too evasive for just the simple need to integrate gallery into your wordpress theme. What’s more WPG2 requires users to disable URL rewrite which messed up my permalinks and my old gallery URL structure, too much of a hassle.

All what needs to be done is just the ability to call any wordpress function within gallery and maintain the same layout as your blog through all gallery’s pages. Though this is a simple mod, surprisingly, there had not been any well documentation on the internet integrating them together, so I will just write one here for anyone looking to do the same.

Step 1- Including the wordpress header
For starters, we need to include the wordpress header in all of gallery’s pages, we do so by including it in main.php found in your gallery’s root folder. You can include it anywhere by lets do it at the top of the file.

In main.php find:

Then add at the bottom add the path to your blog header file, you can omit “wordpress/” or otherwise in the require path if your blog is on your site’s root:

Step 2- Including your wordpress template
Next with your chosen gallery template to modify, (I will recommend one which you can choose from the gallery’s website which reassembles closely your current theme, then you might only need minimal tweaks to suit the stylesheet your site’s layout) open the theme.tpl file and you will notice that the file follows the typical layout of a html file with html, body and their respective closing tags as well.

Unless you have custom headers and footers, wordpress header and footer files by default however, do have their own <head> and <html> tags as well, so you simply just can’t include them into the gallery template file as that will result in html errors.

A way around this to create another duplicate of header.php and footer.php in the same folder and deleting all the duplicate code, keeping the code after the <body> tag for the header.php and before the </body> tag for the footer.php. You might want to call these new files subheader.php and subfooter.php.

So effectively what code remains is the html code for your template itself. Do not worry about your blog stylesheet as it will be integrated on the third step. Your sidebar.php can be left as it is as it’s simply just encased in <div> which can be included without messing your code format.

So assuming you are using the wordpress “default” theme, for subheader.php, deleting everything before the <body> tag, we have:

Likewise, deleting everything after </body> for subheader.php, we have:

With that done, now is time to include these new files into your gallery template, use smarty tags to include your blog header, sidebar and footer into the theme file.

Simply just add this code, after the <body> tag in theme.tpl

And before the </body> tag in theme.tpl, the sidebar and your modified wordpress footer to complete the wrap:

Step 3- Adding blog your stylesheet
With that done, this last step is to simply re-introduce your wordpress stylesheet in the gallery template itself. In theme.tpl, between the <head> tags, simply call you wordpress CSS file by adding the code:

Likewise, you might want to modify the path /wordpress/ if you blog nests in a different folder or on the root directory.

Adding conditional CSS in gallery’s theme.tpl
I thought this was a simple affair, but it’s not so straightforward. If your site features conditional CSS, which uses conditional tags to call out a specific targeted browser stylesheet, file etc.. simply adding the conditions in your theme.tpl will throw your gallery into a white blank page due to gallery itself trying to phase the conditional tags themselves, that should not be the case as the tags should be printed out in clear and not phased. A way around this is to print them out using the php phaser, which effectively by-pass the phaser itself:

Within your head tags, you can add as many conditional statements, here is an illustration for include additional stylesheets for IE6 and IE7:

With that and you are done. The gallery on this site was coded in a similar manner, so you can check that out as well.

Due to be launched on the 5th of May and the first of it’s kind in the world, Dell Swarm by Intel and Dell is an online ordering portal targeted at students and value hunters alike. So it works like a mass order system we usually see taking “lobangs”, only that this time, you are dealing the lobang directly with the supplier. You start by picking the laptop you would like to purchase, which is the “Buy” part, so you are the first buyer to join a Swarm and you’ll enjoy a price lower than dell.com.sg’s best discounted price (after cash rebates). So say your starting price is $899 SGD. You enter and the price drops so $854 SGD.

Dell swarm 2009 site main page

The swarm page

Keep in touch with social networking or SMS

Here comes the good part, for every member you comes in and joins your “swarm” you will get a lower price for every member which comes in, so say after 8 members joined your swarm, the prices drops to $809 SGD. To reach the maximum discount, you can grow the Swarm by Sharing with your friends through social networking sites and functions, such as facbook, tweeter, etc.

When you’re ready to join the Swarm, click on the Buy button, register and the website will contact you once the Swarm ends and the price is finalised. This happens once the limit of 15 buyers or 72 hours is reached.

For users not ready to buy yet. You won’t be left out either with a range of monitoring services available, you can also choose to follow your choosen Swarm through updates via email and SMS.

To test drive the site, visit http://dellswarm.com/sg/ and log in with the following information (Prices shown in beta site are placeholders only.)

Read more about the new spanking new website on the click:

About Dell Swarm Singapore

(Only available in Singapore at the moment)

1. What is a Swarm?
   A Swarm is a group that forms to buy selected Dell laptops powered by the latest Intel® processors for less. How it works, in 3 simple steps:
   • Swarm: Be the first to buy to get the discounts going, or join the Swarm after to bring the price down further.
   • Share: Tell your friends about Dell Swarm, the new way of saving on the latest Dell laptops. You can do this via Facebook, Twitter, Social sharing or simply email.
   • Save: Everyone gets to enjoy the final price once the Swarm’s time limit or its maximum number of buyers is reached!
2. How much of a discount will I get?
   With Dell Swarm, you will pay less than the best prices offered on dell.com.sg. And that’s for current models equipped with the latest Intel® processors. The final price though, depends on you. For the more buyers there are, when the Swarm ends, the less you pay!
3. Which specific products will be offered on Dell Swarm?
   The following products will be offered on the 1st week (5th May 2009):

   a. Inspiron Mini 12
   There’s a new kid in town. One that’s super thin and ultra-portable – the Inspiron Mini 12, weighing in at less than 1.1″ thick and 1.236 kg.
   • Intel® Atom TM Z530 Processor
   • Vibrant 12.1″ display
   • Advanced wireless options for superior mobility
   • Dynamic and customisable user interface

   b. Dell Studio 14
   Get creative and connected with this personalised, Hi-Def, 14.1″ widescreen laptop with rich multimedia features.
   • Powered by Intel® Core™ 2 Duo processor T6600 for compact performance
   • Experience intuitive interaction with multimedia keys, which illuminate when touched.
   • Sleek and Stylish

   Products on offer the 2nd week (12th May 2009):

   c. Dell Studio XPS M1340
   Blending power with elegance, the Studio XPS 1340 is designed to deliver the ultimate mobile laptop experience.
   • The latest Intel® Core™2 Duo processors P8600 for blazing fast performance
   • Premium design with genuine leather accents, anodised aluminum, edge-to-edge display and
   backlit keyboard
   • Optional NVIDIA® Hybrid SLI graphics deliver incredibly lifelike videos, movies and gaming
   • Watch all your DVD movies in brilliant HD with automated hi-def up-conversion

   d. Dell Studio 14
   Get creative and connected with this personalised, Hi-Def, 14.1″ widescreen laptop with rich multimedia features.
   • Powered by Intel® Core™ 2 Duo processor T6400 for compact performance
   • Experience intuitive interaction with multimedia keys, which illuminate when touched.
   • Sleek and Stylish

4. How long does each Swarm last for?
   Two Swarms open every Tuesday, right after Monday midnight, and end on Thursday midnight. The Swarm ends when it reaches the maximum number of 15 buyers or a time limit of 72 hours. To ensure that you enjoy the optimal discount, just get a total of 15 buyers before the time’s up!
5. Is Dell Swarm only available in Singapore?
   Yes. You must be located in Singapore to buy on dellswarm.com. People outside of Singapore are not permitted to purchase laptops from this website. Dellswarm may soon be available in other regions.

FUNCTIONS ON DELL SWARM

6. Buy
   When you’re ready to join the Swarm, click on the Buy button, register and Dell will contact you once the Swarm ends and the price is finalised. This happens once the limit of 15 buyers or 72 hours is reached.
7. Follow
   If you’re not ready to buy yet, you can choose to Follow a Swarm and get updates on its current price via email and/or SMS. Once it reaches the price you want, you can then join the Swarm to buy it.

   If you don’t see a product you like, you can check out our upcoming Swarms by following them, which arrive every Tuesday. Or opt for SMS updates on what’s coming next. Simply click the follow button on the website.

8. Share
   Tell others about Dell Swarm, so they too can buy in a group and save. If they join your Swarm, your savings will get even greater! Here are three ways for you to share.
   • Option 1: Share with friends and followers – Use Facebook or Twitter to share with everyone how you’re saving on a brand new laptop by joining a Dell Swarm – and how they can do so too.
   • Option 2: Social sharing – Use Digg, del.icio.us and other tools to bookmark your Swarm so others know how they can save by joining one.
   • Option 3: Email it – Drop him or her an email.
9. What does the message box on dellswarm do?
   Type your message regarding Dell Swarm into the Latest Buzz box, and it will appear both on the dellswarm message board and on the dellswarmsg Twitter page.
10. I have a Facebook account. How can I use it to share my Swarm?
    Facebook Connect seamlessly connects your Facebook account with dellswarm.com, giving you access to your network in several different ways.
    i. Publish stories – leave a message about Dell Swarm
    ii. Invite Friends – invite your friends to join you on dellswarm.com
    iii. Or simply join the dellswarm Facebook group and tell everyone how you are a big fan of our great deals!

OTHERS

11. Can I opt out of a Swarm after I joined?
    By joining a Swarm, you are agreeing to buy the item at the price you see when joining a Swarm so your purchase is not retractable. However, rest assured that you are paying a lower price than if you were to buy on dell.com. You enjoy greater savings on top of the discounted price at the start of the Swarm if there are more buyers. How much you save really depends on how many buyers there are at the end of the Swarm.
12. Can I join a Swarm after it has ended?
    Unfortunately, no, because Swarms are exclusive group buys with special prices for those who join. However you can definitely follow the next Swarms and join when they open. Or you can send us an enquiry and Dell will get back to you as soon as we can.
13. How do I stop getting email or SMS updates on Swarms?
    The option to unsubscribe can be found on the Swarm alert email so click on the link and you will not receive Swarm email updates. To unsubscribe to SMS updates on Swarms, simply reply to the SMS update.
14. Can I pay for an item in a Swarm before the maximum 15 buyers or time limit of 72 hours is reached?
    You only pay for your purchase at the end of a Swarm. If you wish to get your Dell laptop powered by the latest Intel® processor earlier but at a higher price, you can buy it at dell.com. Our suggestion is for you to join a Swarm and enjoy the lowest price at the end of the session!
15. Will I enjoy further discounts on my next Swarm buy if I joined and bought products in previous Swarms?
    Swarm buyers enjoy the same discount whether you have bought in a Swarm or not. But you can always gather your friends to join your Swarms for greater savings./li>

16. Will I get more discounts if I recommend friends to join than if I were to join a Swarm with strangers?
    We don’t differentiate between friends you already know or those you haven’t met so the discount you enjoy depends just on the number of buyers at the end of a Swarm./li>

17. When will I get my computer after I pay for my Swarm purchase?
    Once the Swarm ends and the final price is confirmed, you will receive a call from Dell.com to confirm your order and delivery. Your order will reach you in 5 to 7 working days after that. However, you can track your order anytime you like with the order reference number, by calling 1800-394-7476 or going to dell.com./li>

18. Are there any other ways I can find help on my Swarm purchase?
    Find some of the commonly asked questions in the FAQ section in dellswarm.com or you can also see ‘How it Works’ to understand the mechanics of the group buys and how you can save. You can also get help using Dell Chat. Get answers from our Dell Product Advisors using instant messaging anytime you want./li>

For more info, you can follow the swarm on Twitter @dellswarmsg, hashtag #dellswarm

Am updating all scripts on my servers as I type along in this blog post, there is quite much updating to go, I guess I just sneak an update here. After much investigation of the previous hacking attempt in my last blog post, it seems that the DoS problem narrows down to a vulnerability in the roundcube webmail program, so if you have that running on versions before 0.2.1, please do an update.

In layman’s terms, what the hackers did is to exploit a code injection vulnerability in Roundcube towards Apache which causes it to eat up so much resources that it forces Apache run a safety shutdown to terminate the script, thus explaining those sudden SIGTERM disabling all your server’s webservice. But once that happens, it will unable to start itself up again as a Apache is “still” running the service and using the ports, thus resulting in a denial of service.

I’ve updated all my servers and did a full rootkit scan, currently all is running fine and A-OK. (Keeps fingers crossed). Oh yes, do note that roundcube-0.2 requires PHP 5 to run.

I guess, the cool thing about being your system administrator is that you get you get to learn all kinds of shit which comes thrown at your server.

Mmm don’t know should I try to install PHP 6 on my development server, I am sooo liking their new date functions.

Sorry for the 1 hour downtime last night from 12:30am to about 1:30am (Singapore time). The site is up and functional now. I jumped when I got a downtime message from my servers, strange, the server can be reached and pinged, so not a hardware or network problem, but my website cannot be reached. A short search later led me to finding Apache stopped and unable to restart automatically. After viewing my logs, it seems that my server was issued a SIGTERM to terminate Apache, possibility hacked with a Trojan:

A snippet of the logs:

This is like 1 of the 10 trys this hacker from Germany tried to spam my servers with. These bastards seem to trick the server to killing my processes and downloading a Trojan called Kaiten. But based on what I see in the logs, they are unable to run it. Think setting all downloaded files unable to execute in the temp folder was a good choice.

So it’s very much a DDoS attack. It managed to get a service to run under the “apache” username which blocked the ports required by Apache itself. I managed to find the pesky process blocking port 80, killed it, restarted Apache successfully and changed all my passwords. I am puzzled if the file was not run, then how the file managed to kill Apache in the first place.

So if you try to run Apache, you get an error with this message:

for a quick fix to the solution, what you can do is to find the pesky service running by entering the following command as root

The next thing is to do a complete scan of your server for any residual files lurking. Who knows what could be installed with the Trojan, I will be damned how they got in the first place. Now I have to consider whether to reload all my backups and do a fresh install of the OS on the infected servers.

Mmmm, I guess say the wise saying goes “No server is unhackable”, but I think with every such incident, you just get stronger every time you combat them.

Update: Updated post and removed the hacker’s IP to prevent it from getting indexed here.

Received an unexpected email from “Singnet” Today, apparently without a doubt (even without the obvious spelling errors), though this E-mail is obviously a hoax, I do not know how many people are fooled into thinking it is genuine. It reads:

In addition to my previous article on phishing, lets dissect this email headers to raise the truth and origin of this email- and you should whenever you see a questionable email, or one which asks for personal details, though it may seem to come from a legitimate source.

So lets take alook at the headers, you can view it by right clicking email and selecting properties or options in your mail program.

The first part looks completely OK, the server which pulls this email from the singnet server into my singnet account is valid. The return path is the email which your email program will automatically use as a reply address, since it’s placed at helpdesk@singnet.com.sg, it appears to be a legitimate email.

*Note that I replaced @ with [at] to prevent indexing of the phisher’s email here.

However, clicking on reply will create a message with a reply to the email helpdesk [at] j- mail .info which is obviously not the same email which it is sent or perceived to be sent from. Do note not to trust what you see on the “reply” box as sometimes it can be a formatted name made to look like an email address. You will understand what I mean sometimes when you reply to an email and you see like “John Tan” underlined in outlook rather than johntan@someemail.tld, this is the case where the phisher can replace “John Tan” with “helpdesk@singnet.com.sg” while the email is still sent to the phisher’s email helpdesk [at] j- mail .info hidden behind the name for example.

It seems that the email was sent from a server with a university of Berkeley web email account running the squirrelmail webmail software, presumably from some unfortunate soul who had their student email account hijacked by this phisher. The sender details are as follows:

True enough, the sender’s IP 128.32.61.106 originates from California Berkeley contrary to a Singapore IP and origin- area where it should be sent from instead. The sender masked the email to the helpdesk email and return/send path helpdesk@singnet.com.sg while it’s actually sent out from Berkeley’s own smtp server at smtp-out1.berkeley.edu (smtp-out1.Berkeley.EDU [128.32.61.106]).

Going abit further, we can tell that the attack was sent via a web browser interface via HTTP which can only mean port 80, through automated or manual means. And through the problematic email account (account “mdnoerper”), this will allow the Berkeley administrators to trace the source of the problem and plug the phisher.

Then many will come to ask, what those phishers can do if they take control of my email account? Well despite the obvious fact of the possibility of your bank account being emptied to some Swiss account if you respond with your details to bank phishing emails, taking control of your inbox may allow a hacker to take over a server for their own use if they manage to execute any Trojans within the email storage itself. Otherwise they can always use your email for spamming or sending out more phishing emails and having you accountable.

I hope this will shed more light on phishing emails. Remember surf smart, mail smart, it’s a rough digital world out there.

The site has grown a very fair bit, so I guess it’s deserving to give the site it’s own box on the web. Installed 2 new servers in the Datacenter on the 28th of September. This new Quad Xeon Linux box will host the site. Having largely worked on the Windows platform, I’ve been doing quite alot of reading on Linux and Unix OS and hands-on in preparing the server for the web, including installation of the operating system, switch networking and securing the server. Though there was alot to learn and try. Linux is really interesting to configure which just brings me away from the luxury of GUI and back to the old MS-DOS days in the early 90s. But the good thing is that once you get the hang of the commands unique to the platform, most of the logic will still largely be similar to DOS. Will be looking to move the site over soon after the new server is ready for it.

Currently I have about quarter rack free space in Pantech 21 (Pandan) which I can lease out to anyone looking to co-locate their servers. The infrastructure I have in place for each 1U will be 10Mbps shared with 2IPs, one power plug and RJ45 port for $95 SGD/month. Ping is good, always not exceeding 17-25ms. Currently I have only about 6Us of space left so place is limited. Places will be offered on a case by case basis and access based on trust, so feel free to reach me if you are interested.

One problem, one too many, I am quite fad up with an incident trying get my modem repaired today but never got anything done at all. It have to be like that, the day where I have to submit my UCAS application online, the day just after the Comex IT show, my DSL modem just went poof. After further inspection, it turned out that the power supply adapter was faulty, so the modem is completely A-ok.

The object of attention
The victim is my reliable and trusty 2wire 1800HG gateway modem, 3 years and only one disconnect in it’s entire life. Not bad an experience after not-so pleasant experiences with Aztech and Linksys modems and routers myself, this is one little mean modem, only that’s it’s power supply ain’t working. So got up the Singnet technical line and told them of my problem. They told me that my current modem is out of warranty, (ok yes fair enough, I know) and the only place to get any replacement will be their suppler and the official (and only) 2wire vendor in Singapore is at 76 Playfair Road, in the LHK 2 Building.

The service center
So I got my butt off there after calling the supplier up and confirming with their counter staff, who informed me that they do offer walk-in power supply replacements for out-of-warranty models for $35 each. Later do I come to know after braving the long journey there, putting and wading through the heavy rain (to appear at their service center drenched), I was told that my modem is and end-of-life model and they do not offer any more repairs or spare parts. What?

The technicians there blatantly told me to head to Simlim Square or Tower to look for second hand adapters or an equivalent. A new modem there cost $300. Failing to accept the fact that I could have possibly wasted 3 hours of my time, all wet and miserable, just to get my equipment repaired. I called Singtel technical help line up there again hoping (and considering) that they could strike a deal with them for a replacement of failed equipment, also considering that I was still on a contract with Singtel, so aliasing with them will prove some help, after all Singtel is a big customer to the supplier.

Left hanging
I explained to them my problem, the fix I was in and how it led to my current situation. But no, I can only get a new modem by renewing or extending or upgrading my contract with them, otherwise, I can consider purchasing one from their hello shop as exclaimed by the operator “It might be cheaper than what they are offering there”. They knew I needed a replacement, but the conversation was not about helping customers, it’s more like fighting for you to put the money on them- Singtel or the supplier. It just simply paints a situation in line with the Chinese saying: “chen huo da jie” or thriving/making opportunities over other’s misfortune.

Now what?
That was getting me nowhere, I thanked the Singnet operator, coyly saying: “Thank you so much for not offering any good support at all” and hung up. I accepted the fact on being sent on a wild goose chase and started questioning myself on my way back on my loyalty with Singtel. I had been with them for almost 15 years for my home internet connection since the Teleview era, let be patronizing their service to my business clients and even my whole family mobile lines with them. Was I wrong to stay with them all this while? I guess so, they don’t bother after all.

Looking back
Reflecting on this, there were few questionable quirks in this incident, firstly both the supplier and Singtel knew what modem I was using, but they were more efficient into telling you “Your warranty is out!” rather than clarifying that they even have support for the model. There should be at least some form of continued support for products passed EOL they can’t assume that no one in Singapore still uses their old products and just dump the whole line away.

I just feel that we customers are just more of less just entities to offer a paid service and no more than that. The thing which I am sure of now is the obvious lack of recognition to long term customers- the ones the operator should pay more attention on rather than trying to get people to jump the orange and green boats. No wonder I keep getting stories from contacts I have working with Singtel about the negative subscribers rate they are having now, let be the mobile side with the new number retention policy in place and the known failure of Mio TV.

I definitely won’t be obligated to extend my contract with them next year.

With all that aside, I can always look into fixing the power supply problem myself, after all, I am an engineer. Only that I always felt that using 3rd party power supplies will have long term consequences to using tested supplies for the model itself.

Good thing I have a spare modem lying around the house.

Was at the Comex Show again tonight after the Nike Human Race. Some of my running kakis wanted to go check out the show after dinner around the area. There were few rather cool last minute deals includes bluetooth headsets going for $29 with 1-1 exchange. Display set cameras at 40% off retail prices as well as laptops slashed $1000 off their retail prices (such as some Sony Viaos going at $1299 from $2199), though similar spec-ed models from other brands are already selling at their “discounted” prices.

The place was in a great mess with lots of slippery waxed-flyers and litter all around, very different from the spick and span conditions when I visited on the first week days. Especially on the 6th floor with smaller exhibitors. At around 9pm, there were many exhibitors who had already vacated their booths, while some desperately trying to sell off their remaining stocks. Gone are the soft and calm mood of the place where both customer and exhibitors alike are all fighting for deals and bargains, let be blasting the air waves with their voice and PA system to out shout each other from booths getting the attention, deals and offers across to customers.

Anyway, managed to get quite a few good deals for some of my Shunqiang, Eric and Qiwen who were looking to get memory cards. They got quite a good deals for Kingston MircoSD cards going at $8 each with a full-sized SD adapter. I remembered paying close to $30 for that almost half a year ago darn! Goes to say how low memory card prices had gone down over the years, not to mention the large profit margins earned from early adopters.

Sean was a little more spendthrift, who dumped $799 on a Sony Cybershot semi-pro camera with tons of freebies such as a free photo printer, etc as well.

For me, this is one IT show where I didn’t even put a penny on, well mainly as I didn’t need anything at the moment. But the show was a good eye-opener to update myself and do some market research on current IT prices. I will be sinking most of my purchases next year before flying off the UK, where I will get a new hybrid video/still camera and multifunction Canon printer which I will bring abroad with me. Thereafter, I will be intending to purchase an Alienware laptop in the UK itself.

On my way home along Nichol highway, lines of trucks are lined up alongside the convention center by the loading bays, presumably the staff all getting ready to vacant and move out of the exhibition area after the event.

Will update on the Nike Human race tomorrow.

Was around comex on Friday mid-afternoon. I think visiting during office hours may be the best time to check out the deals, especially before the weekend rush. Technically, we can say that is the last of the IT shows we can expect this year, with PC and the IT show 2008 over for this year already. The place was packed but largely only around the entrances where all the flyer distributors are clogging up the entrances, the 4th floor is crowded, but still allows traffic flow with the 4m wide walkways. Everything is much clearer on the 6th floor.

There were not many good deals, NEC, HP/Compaq, let be Fujitsu and Sony do not even have any deals which can raise any eyebrows. If I do not miss much after walking around, I think much of the specials for this year’s fair will largely be peripherals. I think a good buy there will have to be few Logitech products Mclogic were having on sale, to my surprise, the $129 Logitech VX revolution mouse selling at $59 was sold out right at day one. There was no stock for the whole show period when I was there on Friday. Singnet is the only one in the house giving free laptops with their broadband plans while Starhub’s offers are simply plain to none.

Being largely a consumer fair, there wasn’t anything for corporate users, let be managed networking products on sale which I was looking for. I was scouting around for a new managed switch, but seems that Linksys is the closest you can get to Cisco in the fair. 3Com only had gigabit switches the most. Nevertheless got some contacts from few stores who have their shops back at Simlim, I guess it goes to say with the exception of only very few very good bargains, the line of IT shows in Singapore is just a no mere “get together” for vendors, let be part time students looking to distribute flyers and earn a quick buck here or two. Why people always have the impression that IT show deals are cheaper? it’s not at all!

Ordered a new server today from Dell. I will give the wait for the upcoming PC show a miss for servers as only consumer products will only be on sale at the coming exhibition later this month. Nevertheless, having said that, what I can say besides putting up with the hassles of automated telephony, Dell always never fail to impress me with their excellent phone service and service courtesy. I remembered purchasing my first Dell, an Axim PDA around 2005 and if it’s not the friendly service, it’s their one to one exchange policy right at your doorstep which I simply love as well. It’s like straight no-frills or having to put up with service centers or queues.

The thing which is worth noting is the great difference from online price to that of the price you get when calling in. My configured system was about $1500 cheaper when I ordered it through the phone than similarly configured online, they even threw in a free redundant power supply unit as well. This is so as I learnt when accidentally landing on their technical support line on the Dell phone directory. Chatted with the service technician there who gave me some good advice to go talk to the sales consultant where they can always give a better rate. So as I found out today, yea savings!

As part of my usual updates and sharing of Phishing emails I receive in my junk folder in addition to my previous entry on phishing. Here is an interesting new find I got recently, so as claimed by Singnet themselves.

This email is smart by using your email’s domain and top level domain (usually in the format domain.tld) and verifies it with a list of valid ISPs before replacing all references to “itself” as singnet.com.sg (in my particular case) and send them to you formatted and “personalised”. Kinda neat, but should seriously do better in the design section or at least know the ISP customer contact protocol, and even corporate colours which Singtel uses very strongly in all emails they send. This one made it’s way automatically into my outlook junkmail folder, though I kinda fished it out for dissection while going through for any legitimate emails in the junk folder before emptying it everytime. This one is worth noting however.

Similar with most phishing emails, this one has it’s sender email masked as info@customercare.org, which bares no relation to your ISP so it will be already a big giveaway, let be the email masquerading as one from Singnet, M1 or even Starhub, they can actually fool more users if they were to replace their formatted name as the name of ISP, but with all fake emails, there will usually one or two little differences which any veteran will recognize in an instant anytime.

Since this one is targetted at Singapore users, you should take note of this email to date and be vigilant on it, especially inexperienced or new users on the internet.

Remember Singnet or any ISP, let be online banking services, given DBS, UOB, Paypal etc will NEVER ask you for your Userid and password through email at all, no matter how real or true the email will claim to be.

It is official straight from Mr William Henry Gates III himself- on June 27th, Bill Gates will stop commuting to Microsoft’s Redmond campus on a daily basis, and begin full-time work at the Bill & Melinda Gates Foundation where he plans to donate his fortune of approximately $40 billion towards charitable causes. Bill Gates will retire from his day job as chief software architect of Microsoft, the company he founded more than three decades ago.

Gates said he is leaving gradually in order to smooth the transition of his duties to the two men who will assume them–chief technical officers Ray Ozzie and Craig Mundie, who have been named chief software architect and chief research and strategy officer, respectively, effective immediately. Steve Ballmer will still take the throne as the company’s key man, but Bill, despite his official announcement, Bill will still visit his Redmond office once per week, doing what Ballmer tells him to do.

There had been rather lots of speculation of what will become of Microsoft with the absence of their founder, and the problem is not just related to Microsoft as of yet- Apple is under speculation of a suitable successor as well, given the recent rumors of Steve Job’s progressive “thining-up” in all his press conferences together with his health problems.

Rather meaningful photo credit from Gizmodo

The Pyro achievement pack is out today, so got about over the night to play Pyro over my few favorite public servers such as the 32 player [300]Yen Japanese server, and got my Axtinguisher already!

It’s remarkable that most of the achievements for the Pyro are easily obtainable this time, contrary to the Medic pack which many are almost impossible to get on public servers, having the need to realistically grind them on closed server to get them. It’s also pleasing to know that Valve allows milestone 3 to be locked this time by simply getting 22 and not all of the 35 achievements. I will provide a rundown of the new achievements I’ve got so far in case you are wondering how to get them

Just as all the server full of Pyros now, no one will be an idiot to play a spy this time round. It’s also commendable that Valve has contributed much to the PC gaming platform than any PC developer has done in year, also with the recognize of community based contributions (which too made Counter-strike too) such as the introduction of maps CP_Fastlane and CTF_Turbine. Without further ado, lets talk about the new weapons.

The Flare Gun – Milestone 1
The first weapon to be unlocked at milestone 1, this is a single shot reloadable weapon with only 16 ammo store which replaces the shotgun, and no you can’t get fireworks or a light show firing this up in the air. Given it’s lightweight projectile, it’s trajectory is almost straight and allows the Pyro to only ignite an enemy at very long range. Damage is minimal and this weapon serves more of a distraction tool than one to kill, especially to messing up camping sprees of snipers and superflourous Engineer beehives, sending back for health. You will most of the time able to employ this weapon as assist tool, though the chances of you able to get a clean kill with this weapon largely low. You do need to aim it very carefully on your part, having test fire rounds on where it land before releasing you barrage on distant foes. It’s also good for retreat runs on corridors where the fire splash damage can catch and foe running up on you.

The Backburner – Milestone 2
The second Pyro unlockable, this flamethrower is Valve’s definition of what the original “left click only” flamethrower should be. Taking some hints of the spy’s critical back attacks, this weapon guarantees critical hits whenever it’s used on an opponent from behind, able to mow healing medics or even heavies from the back with ease. To aid in survivability, it grants the Pyro an extra fifty health from 175 to 225, which can be topped up to 150% it’s value with a medic. I can say this variant of the flamethrower is very much built for the thinking Pyro who knows every nick and cranny of the map at the back of hand and likes to ambush their opponents. The bad is that unless your foes are weakened, it’s not a recommended frontal assault weapon as there will be no critical damage on enemy frontal damage. There is also no compression blast capability (which I will touch on later) contrary to the old flamethrower.

The Axtinguisher – Milestone 3
The third and final Pyro unlockable is The Axtinguisher. This mighty axe guarantees critical hits on any enemy only when they are currently on fire, otherwise it’s just like any small meat tenderizer with fancy barded wire wrapping. There had been significant changes to this planned weapon- it was planned initially only be able to guarantee a single shot critical kill on a foe lighted by your flamethrower, but now you can get it to work as long as any enemy is on fire- a great combination with the another Pyro buddy riding alongside with you doing the igniting, or say coupled with a The Flare Gun and covering you from a distance. Now will the spies feel challenged!

My thoughts on the new weapons
Personally after using the Axtinguisher, I still feel that the old Axe is still up for the better job unless you are playing on a server full of Pyros on your side. And given most situations, you will most probably whip up your shotgun than your Axe to finish any foe. The Axtinguisher is also mostly useless on other Pyros as their flame retardant suit makes them impossible to ignite for long and changing an Axtinguisher kill on them, so in all yup unless you demand the bragging rights, I find the old Axe still a better choice with usual criticals.

The same applies for the flare gun as well. Usually in a team based map, we will leave the long distance attacks to team snipers or soldiers who are better at picking enemies from afar. Moreover, personally as a Pyro I find myself faced in more situations with a close to medium range foe where a shotgun will be more effective in finishing them off than whipping up a flare gun which only lights them up and my next other better choice being a melee weapon? The flare gun is impressive, but remove the all-roundedness of the Pyro to attacking Long and Very-close range only, given the big gap and lack of medium range attacks, I will choose the midrange shotgun anytime over the flare gun.

However, the backburner is a great weapon and the 100% guaranteed critical hits from the back will cut out most of the chance factor in your attacks, especially for those who prefer not to take a calculated chance on when your critical rounds are coming. The additional 50 health comes very much of a welcome as well and aided me in survival in many situations, to the extent of running back to spawn with only 1-5 health on few occasions, something I would never have done if I had 175 maximum health!

Compression power!
I have to give honorable mention to the Compression feature (right click) on the old flamethrower now. Valve mentioned about the long awaited series of balancing for the Pyro, with rumors ranging from assists points ignition to doubling flamethrower attack kills. Their answer to the balanced Pyro is the compression defense system. It takes 25 ammo of your 200 to initialise one and does a very good job in protecting yourself- only if you know how to use it. I was so amazed by this new feature that I got up on a “compression training server” with a group of friends where we perfected the art of compression- rockets, stickies, etc you name it all deflected. It was here where I accidentally got the “Hotshot” achievement as well as fully realizing the ricochet offensive capability and killing your foes with their own ammo!

Besides the defense power, it’s strong in offense as well- no more having to whip up a shotgun to clear sticky traps or clearing sticky ladened control points, one wisp and they are all gone! For flying projectiles, the key is to compress early the moment your enemy fires the rocket or you will miss it. An enemy coming too close to you with a melee? Backstabbing spy? Compress them! They will get pushed away and if you get them in the air, compress at their feet when they land to get them up again! It’s fun (to you) and frustrating (to them). Now try to whisp enemies into your team sentries, now thats cool!

In all, my recommendations for a balanced Pyro loadout will be either the Backburner/Old Flamethrower, shotgun and Fire axe.

Last but not least, here are all the Pyro achievements explained and tips to get them based on my experiences in getting them. I got most of them playing maps Dustbowl and Goldrush. There are few of them which I was unable to get and will post updates when I get them. (* denotes easily obtained on casual play).

One thing worth noting that the Pyro’s Huoduken in the “OMGWTFBBQ” achievement also works on engineer buildings as well, and as how human players can be killed on one blow, it’s the same for buildings as well. I hope Valve fixes some of the bugs for few of the achievements. Ok that is all I have for now for my comments on the new Pyro achievement pack, don’t you feel that with all the heat on the servers now, its the best to release the Spy achievement pack next? Followed by the Engineer? Feel to to share your comments and how you get them otherwise too. Cheers!

For those looking to spend your weekend at the PC show at Sutnec, it pays to be informed and doing your homework before committing to anything, thats means know what you need to buy without having to put up with the crowds there. You can view a full list of pricelists from almost all the exhibitors here ranging from cameras, monitors, network solutions, desktop and laptops at the link.

Thanks to coldfreeze from Hardware zone for putting them up!

Here are some news for ya team fortress fans. Straight off the news oven from Computer and video games.com. The Pyro class is next in line to receive an achievement and unlockables upgrade in Team Fortress 2 as confirmed by Valve! Uh-oh just like the previous medic frenzy, won’t we be seeing more BBQs coming up then?

As elaborated, the last class to receive the upgrade goods was the Medic, whom can now receive unlockable weapons for collecting specific Achievements based on its healing abilities. Earn all 36 of the Medic’s achievements and you can get your hands on The Ubersaw, which will take damage done in melee attacks and convert it directly to ubercharge. As said by Valve, we can expect equally useful fiery additions for the Pyro as well.

Speaking to PC Gamer, Valve also revealed that the ‘Meet the Sniper’ video is next in line on its comedy trailer release list. Unlockable weapons system are the main things of Team Fortress 2 classes now and will be introduced in the future to the other classes over time. Specifics of the changes weren’t clear, but you can be rest assured that the Pyro will definitely get more recognition for the fiery wrath and damage he can dish out after the next update:

That means assist points for lighting up an enemy? A non-cri flamethrower with an increase in range? A Fire Axe that gains health/ammo per hit? Your guess, only time will tell. Stay tuned for the exactly list of (another 36?) achievements to come.

Well, I was really hoping that Valve can introduce a cosmetic “icon tag” system which shows up on the scoreboard which identifies and rewards players who achieves 100% achievements.

All about Phishing
Phishing is nothing new to most web users nowadays, but despite how aware we are, there will always still be people who get caught unaware by them, even I was almost fooled once. Phishing mails had came a long way from simple autonomous plain-text mails to nicely detailed craft emails from various banks or monetary organizations- all made to appear like official emails to cheat or exploit their victims. While thankfully most phishing emails often appear obviously different from the genuine ones, though there are some exceptionally very good ones which mimics the official email letterhead on top of masking emails and sender’s addresses.

I found this of a concern as I believe that almost most people out there are users of these few payment or banking services, so there will bound to be exploits and cause for concern. Here are 3 “rather commendable” emails I’ve received personally myself to date which I will be using as examples for my illustration:

Case one- Paypal account deactivation (one of the possible “problems” your account can have)
For long paypal has always emphasized that they do not send out any emails to users with regards to asking for personal account information. The only time you will get an official email from them is upon registration.

This email I’ve received is one the best ones I’ve got which looks almost like the real thing. With proper image headers, support, contact and paypal addresses at the email footer as well- it simply amazes me is how professionally laid out it is and how phishing emails had came through. This particular ones states you account has been suddenly deactivated and have to follow up to their “resolution center” with your login details to verify your account so it can you it again- very cunning.

Checking the email URLs for authenticity
Upon closer inspection in the HTML coded url, it actually points to a site other than paypal.com. So a good habit in outlook is to hover over any hyperlinks to see which root domain is it actually pointed to (in this case one called “update-informations.com” with a “paypal” subdomain). I can presume that these cheaters also use the same domain for other banks simply by changing the subdomain, e.g. HSBC.update-informations.com or CITI.update-informations.com.

A general rule is anything originating from your bank’s root or top-level domain (TLD) is genuine, this includes it’s subdomains (e.g. anything before the “.” like sgsubs.subway.com- “sgsubs” is the subdomain), to the domain name (or mid level domain MLD) itself (e.g. subway.com) and subfolders, anything following after the slash “/” from the TLD (e.g. subway.com/blt_special), with the following examples you can test yourself with:

- https://anything.paypal.com = Real (though they seldom use subdomains)
- https://www.paypal.com = Real
- https://www.paypal.com/cgi-bin = Real
- http://login.data.paypal.com = Fake (masked MLD)
- https://paypal.com.survey-infos.com = Fake (another masked MLD)

Another good way to tell you are on a real site is the presence of secure http, or the secure hypertext protocol denoted by https:// before your actual URL. The absence of a website icon can also be a give away as well. You can read more in relations to paypal at their Security Center.

I’ve received similar official looking emails from “HSBC” and “Bank of America” as well. However, these emails are more or less based on the similar hit-and-run principal- in other words you can’t fool people unless you are either a member of any of those banks. It was a dead giveaway for me as I was neither a HSBC or Bank of America member, so something was definitely amiss.

Such emails can take few over forms as well, such as asking you to update your personal particulars (e.g routine update, survey, etc) to an email warning you of unauthorized account access, alerting you to “login” immediately to rectify the problem. Remember, banks WILL not ask you for account information through email, they will always mail it to your physical home addresses. When in doubt, ALWAYS call your bank to confirm the email before proceeding or even providing any personal information, and please do yourself a favor by not calling the phone numbers listed in the phishing email itself.

Case two- Update my Google Adsense details?
Being a Google advertising user myself, I believe most users will simply pounce at any official email sent from them. But won’t all members be confirmed of their details through snail mail and only at the point of registration? Why the email out of the blue? In fact, these emails will be the same for other “problems” to get your attention to act, such as account intrusion, account deactivation, etc… Sneaky…

The page is made to look like a standard plain text email, but it is infact HTML coded, so the URLs shown are not the true URLs. As suspected, what appears to be a link pointing to http://adwords.google.com/ is rather, directed to a subdomain with “adwords.google” on the root domain “g500oz.cn”, a China registered website. Now ain’t that sneaky or what?

Hidden sender’s email- who actually sent the email?
At a glance, the email header reads, “adwords-noreplay [adwords-noreply@google.com]“, though the word “replay” is already a big giveaway, do note that sometimes phishers put a true-looking email as their sender’s email name (where we normally put to address names such as “John Tan”, or “Jennie Tay”). This is a flaw in outlook as it will automatically renders the next best available thing- if a name is provided, it will show the name, if not an email will be shown. Doing it seemlessly by default may allowing phishers to mask the true senders “from” email address from the user’s view unless you view the actual message properties. So, in all do not trust what you see in the outlook headers, especially if you suspect the source of it.

Encoded/variable URLs – do not click!
This URL however (adwords.google.com.g500oz.cn/select/Login), is safe if you accidentally click on it. As the most just your browser type, screen resolution settings and IP address (which gives geographical info) can be captured which actually means nothing to them. Thereafter, the most you will be directed to is a “ripped” login site made to look like the host’s site where “logging” won’t get you anywhere, but all your real login data captured and stored to be later exploited.

However, if you were to encounter a link however one in the format: “www.phishingsite.com/webscr?cmd=_your@email.com” or with your@email.com replaced with a numerical id such as “file.php?=&id=232137″ with a question mark character tied to a variable/parameter (I have an example in the following case 3), these will actually send a verification back to the phisher/spammer server indicating that your email is indeed active. You can only expect more spam to come your way when that happens.

Case three- websbiggest.com or websbiggest.net?
This example is not much of phishing case but simply one of the most ingenuous ones I came across in verifying your active email. It’s very interesting one and I will believe will fool most users due to the very legitimate look of the domain name and how the site appears to look.

The email I’ve received from them has an encoded URL for me to click and “verify” my search engine submission, going by “websbiggest.net/update.cmf?d=shaunchng.com”. It’s outright, not hidden and is a legitimate top level domain (TDL), seems to be OK with no problems and most webmasters would simply pounce on free search engine submission.

I however, copied the TDL “websbiggest.net” and pasted that in my browser for verification, the page loads and it appears completely normal. Upon closer inspection, the URL I was directed too was perfect (www.websbiggest.net) and no hidden subdomains or HTML overwritten hyperlinks just like in the adsense and paypal email. I was paranoid, as it was a completely legitimate and functional search engine, till I started mouseovering all their links and they all point to the “http://websbiggest.com/” domain. Got ya!

Besides having a keen eye for detail (or you will miss this one) some background knowledge of your search engine submissions will be useful as well- I’ve never added my site on the webbiggest.com search directory but “they” had sent me a rather looking legitimate email with a full site description of my site (presumably taken from my site’s meta description or google cache). I verified that the .net TDL and the .com TDL are indeed 2 separate identities.

In other words, the search engine with the .com top level domain (TLD) is real, but the page with the different .net TLD is actually a container housing the .com site inside it so it appears active. Another way to verify this is to check the page info (firefox) or page properties (in IE) by right clicking the page. People using internet explorer can only do so by selecting “view source” on the page they right click on, where firefox will allow you to view the source of specific frames- prompting you that the page you are viewing has nested frames.

A closer look at the domain registrar verfies my claim, the legitimate .com domain has a proper DNS and nameserver: NS1.WEBSBIGGEST.COM and NS2.WEBSBIGGEST.COM while websbiggest.net is registered with all similar “ripped” contact details, only that the account is registered anonymously and pointed to nameservers from DirectInc, (NS0.DIRECTNIC.COM and NS1.DIRECTNIC.COM) a budget webhost based in New Orleans, LA.

What amazes me is the extent and measures phishers take into creating their phishing emails directed to their “cheat sites”, this one is a good example.

When encountering such emails, just simply ignore and delete them and you will be safe. Do not attempt to reply them too.

I hope this article with these few examples helps you into your awareness of phishing emails and how to properly handle them despite resembling like their legitimate counterparts. It will be sometime before phishers get their capabilities up again and that is only when arming ourselves- the end user with these basic habits where we can minimize exploits and fraud not only for yourself but for your immediate loved ones as well.

Got some time to complete the orange box game Portal today. For those who never heard of the game, it’s one kinda unique first person shooters (FPS) meets puzzle games. Portal is developed by Valve, the same company which brought the world Half-life and brought the game Counter-strike into the retail channels.

The staff on the Portal project were previously students of the DigiPen Istitute of Technology who created an independent game freeware game Narbacular Drop in 2005. Portal is based largely on the original Narbacular Drop concept considering that the team are now all employed at Valve.

Certain elements have been retained from Narbacular Drop, such as the system of identifying the two unique portal endpoints with the colors orange and blue. A key difference in the signature portal mechanic between the two games however is that Portal’s “portal gun” cannot create a portal through an existing portal unlike in Narbacular Drop. Portal took approximately two years and four months to complete after the DigiPen team was brought into Valve, and no more than ten people were involved thus the rather small, short yet very funny gameplay portal offers.

Portal involves people going through 19 levels of the Aperture science enrichment test center, guided by a super intelligent computer by the name of GLaDOS, voiced by Ellen McLain, who also and the commentator voice in TF2.

About GlaDOS in Portal
GlaDOS is cool, I mean, she something like a near-perfect a biological operating system- she is a research computer who had hrashly overtook the Aperture facility by releasing a neuto-toxin gas, killing and evacuating everybody in the complex- She have only one purpose and ablity- develop the portal gun autonomously by means of volunteer tests subjects going through the enrichment test center- promising tasty and moist “Cake” at the end of the series of camber tests.

With jokes aside, some of the rather interesting textured walls

GlaDOS your last “boss”

The cake is not a lie!

The mission ends with GlaDOS wanting to “murder you”, but you escape and put your familiarity of the portal gun to good test as you make you way from chamber 19 through the facilities research and industrial areas into GlaDOS central area, where she tries very comically to kill you just as how navie she is always in the game. Here is the last part of the last boss fight with GLaDOS damn funny speech:

I was not until I completed the game where I came to know that the eyes you throw into the fire actually speak- In the video you will see 4 different ball “modules” GlaDOS is made up of a central AI system which is hot-plugged with several control chip sphere to provide her with her various traits and/or to control her, with an explanation of each:

1) Purple (Quiet) – Morality eye – A hotfix install preventing the re-occurring release of the deadly toxin
2) Orange- The inquisitive eye which builds GlaDOS intelligence
3) Blue (Video with some overlapping content from other eyes)- The knowledge core of GlaDOS who is obsessed with “Cake”
4) Red The angry thing – The part with expresses anger and revenge

The ending escape scene

GlaDOS singing “Still Alive”

Cake and your companion cube back!

Portal will definitely be one of the most humorous games I’ve played. Now after playing portal I am so into my companion cube, I want one!

Here are more of an archive of GlaDOS voices through the game

Speech Part 2
Speech Part 3
And of course not forgetting the adorable sentry turrets as well.

With the new Team fortress achievement packs out, I bet everyone on the steam server will be raiding on medics hoping to get all the new achievements (aka new weapons loadout). Many of the achievements can be unlocked while playing normally on any causal server, but if you simply wish to speed up the process for the OMG OMG BFG uber-bonesaw you saw that guy having on a public server, here are some tips I have for you on all of them.

TF2 Pyro Frenzy!

April update Medic Rush on GoldRush

“Scouts no more in a corner” – Blast Assist on interteam team achievement

The screenshots here show how some of the achievements can be unlocked if you group up with some friends to grind on a server. My favorite will defiantly have to be “The Raid” where you can a bunch of 10-16 scouts of the other team running straight into heavy mini and medic syringe guns. You can easily get 5-6 achievements for your team at a go on a single map round doing this, some of them being “Does It Hurt When I Do This?” and “Big Pharma” achievement just to name a few. Its also a typical laughing stock on how it is done too, trust me.

I’ve got almost all the achievements as of yesterday with few more left as I have only reached about half of the 1 million heal points for “chief of staff” together with milestone 3 after playing few hours for 2 days so far, with one weapon unlocked per day since I’ve started playing. The new Level 5 syringe gun (crap I don’t remember those fancy Kso-bomatic-zerg names!) is nice but pathetically little in health generation. The new critical medi-gun is very useful in helping you getting few more achievement as well, though that only most of of them only works with the old medi-gun, so stick to the old one even if you got the new one, so as not to take chances and wasting people’s time.

Engineer setup for the “Medical Breakthrough” achievement

Mass medic BBQ aka “circle of fire” for the “Infernal Medicine” achievement

My favorite “The Raid!”- Scout Massacre teams running into mini and syringe guns

With that I present to you a short but extensive tip and guide into getting all of them yourself, with the help of your friends of course!

asterisk * denotes an achievement which can be easily obtained in-game public server casual play, but can take sometime or based on luck.

Thats all I have, feel free to let me know if you have gotten yours in another way or either. Cheers!

P.S: Oh yes I guess to all those grievers over the last few days in many servers mocking people on the “console command” Valve accidentally left out to unlock all your achievements prior to the hotfix update, you will notice that your achievements are all like gone now.. whahah serves ya right! Remember there is no easy way out!

May 3rd 01:00am Update: I’ve got the uber saw! Apparently from my achievement list, you need not get almost all the achievements to unlock the last milestone 3. I still have Chief of Staff leftover (which can be achieved slowly over time) and my milestone 3 was just unlocked today! The uber saw is the only cool weapon in the update. The Kritzkrieg from experience do not have much of the wow factor as the old uber-charge, besides doing a good job in confusing your teammates who run into the enemy lines the moment they get charged.

Of them all, the Kritzkrieg is overall best for defense where health is not a concern but terrible at offense and as a counter-uber measure. So the best loadout for the versatile medic will have to be the new Blutsaugher syringe gun, the old medi-gun and the new Ubersaw to charge things up real quick. The damage of the new uber saw is greater too, one clean shot of an injured enemy will guarantee a kill and 25% uber boost! Nice!

Ok enough for medic for now. Hope my favorite class, the engineer will have new laser mounted tesla-coil sentry guns or spy detector building probes for the engineer achievement pack.

For those TF2 fans, the day of the major update has arrived, with a new game mode called payload in the goldrush map (very similar to thehappycow style tf2 maps) and many new spy-friendly fixes and misc updates on top of the new “loadout” menu for the medic with 39 new achievements. Here is the low down on what is up:

Pop on the update by simply logging into Steam and the update will kick in automatically.

Here is a video of the new goldrush map and medic weapons explained in the video on the click courtesy from gamevideos:

Got some cool stuff today, or like those peeps in hardware zone will call “a Hoot”, will let ya in for in with this teaser on the left to figure out the parts.

I wanted to challenge myself in building a sub 10k 3Dmark2006 PC around $1000 without overclocking, the budget itself is a challenge I gave myself too, but I think in the computer world, what you pay is what you get. This system will be a major upgrade from my current Pentium 4 system, retaining hard disk, power supply, media drives and casing. This is so after countless revisions and price checks over the last months, finally I can have a capable system both for work and play!

Part are brought from various stores based on my research since the past month (with stores):
Intel Quad Core Q9450 Processor (1333FSB) + MSI Neo-3 P35 ATX Motherboard- $657 (Bliss)
4GB (2×2GB) Kingston DDR800 PC6400 ram – $136 (Powersys)
Powercolor ATi Radeon HD3870 DDR4 512MB – $305 (Fuwell)

Total: $1098

I was rather satisfied and fortunate to get the processor and board at that price as no store will sell them to anyone so low before, kudos going out to the helpful staff at Bliss computers. The Radeon card comes with a professional cooling system from Zalman, so it’s very much a dual slot cooler card with ultra zippy DDR4 memory- ATi’s most powerful single GPU solution to as of date.

I was initially considering the cheaper Geforce 9600GT ($239) for my graphics solution till Vista SP1 came along with DirectX10.1 support, which yields a promising 20% increase in performance in Assassin’s Creed with 4XAA enabled. Assassin’s Creed is one the first DirectX 10.1 game to be released recently and only the Radeon HD3800 series cards are the more future-proof cards in the market today with DirectX10.1 support, therefore my rather unusual shift to ATi considering my 2 previous graphic solutions being Nvidia cards.

Assembled and replaced all my old PC parts in the evening and got everything tested and working, only that my re-animated hard disk with XP refuses to boot in my new system, it’s not an activation problem, which I can get done by calling up Microsoft tech support, but more of a boot incompatibility. So a backup, reformat and re-installation of XP is the cleanest solution. The bad being that I hate reinstalling all my programs and games when I get vista soon, gonna pop by SLS soon or maybe tomorrow to get Vista home premium with SP1 so I can get my system up and running by next week.

Now to backup about some 400GB of data… sigh.

This mission is fairly straightforward though largely requested, so I won’t be going into too much detail on it as my previous most sought after walkthrough, The doctor vanishes due to the challenge of this mission being set on timely executions and not much on survival. So here goes, also played on hard difficulty.

You start off with your base on the Southeast, start by building at least 3 Venoms, then rush your raiders and bikes to attack the MCV before it leaves the city on the West exit, as shown on the screenshot below. There it will deploy there permanently like a sitting duck with few shatterers and zone raiders guarding it.

From here on everything is largely done easy on your pace now, build up all your defenses and strike force. Personally I prefer the use of Venoms on this mission, 3-5 squads of about 20 of them with laser capacitor upgrades will make short work or anything which comes in their way. Paired with a redeemer, you can level all the northern bases with ease. This is also on top of detonating all the base’s Tiberium veins for the bonus objective.

The main problem of this mission is getting your timings and strategies right, that is why this mission is not easy complete in a whole.

Stopping the MCV

Full objective list

Full intel list you have to achieve

A short moment after capturing the GDI Construction yard, meteor showers will come in on the Northeast followed by a horde of Scrin attack banshees, welcome them openly with your Venoms who will take them all out with ease. For a 100% objective and Intel complete on this mission you need to play the mission a little while longer and kill some Scrin to collect more intel. Given that, do not send your MCV straight to the pickup point after capturing it. Instead send it there and wait out at the pickup point guarded by troops (as ultimately all Scrin troops will be targeting your MCV). More scrim troops will make their way in from the north east. You need to reveal a shielded harvester, kill a shard walker and reaper tripod before completing all objectives, so be patient and let them out out.

A Scrin mothership will appear on the Northwest but won’t pose any threat at all as you will be able to collect all your intel even before it can reach your MCV. You can up your score by destroying it with your Venoms too if may.

After completing the mission, a rather dramatic kane cut scene will show.

There had been lots of word going on lately on a particular C&C mission being rather difficult to complete, namely the 7th NOD mission known as “The doctor vanishes”. I’ve completed the mission myself, so why not share my own experience and how I went about it in this mission walkthrough. I’ve completed the mission on hard difficulty so what you experience in your game might be different at a different setting. There are many ways to play this mission, I went for the superfluous, covert approach, so here goes!

Behold the superfluous beehive!
First off you start on the Southeast corner of the map, with a green tiberium field on your left. Immediately start building up your base defenses starting with spider then laser turrets all facing the ramp. You will need a crane as well as 3 harvesters going to keep yourself and your cash flow busy.

My left kill zone

The right kill zone

Makin’ short work of enemies

Do take caution when placing the turrets too near the ramp base as enemy tanks and rocket squads can use the height vantage point over your defenses and hit your them out of your range. A good indicator will be like as shown above with a good level “kill zone” for enemy troops to engage your turrets.

Technically, it would be ideal to position both kill zones at the ramp, the 2nd one being directly above your start point expanded with a mini forward base, but given the fact first wave will come in less than a minute time, you won’t be able to counter their large forces in time- mostly comprising of predators and rocket soldiers, making jello out of any armoured tanks they can possibly encounter. The enemy is also smart into not attacking your turrets but it’s nerve control center, so always keep repairs in handy. The best bet is to have your right kill zone just above your starting power plants as shown above. Having more spider than laser turrets is a good choice, but they won’t hold out for long either, quick leveling up your tech level and have at least 2 obelisks up on each kill zone, then you are really safe.

Though one can argue on spending the money instead on tanks and rush them to the bases and capture the objective. There are however 3 enemy bases in all and though one is lightly defended just north from your location with guard towers, attacking them with any sizeable NOD force will severely weaken them upon taking one base down- remember you have to deal with both their offensive and defensive forces. To make matters worst, there are 2 more other bases constantly sending tanks and rocket squads to your base, you won’t be able to take any assaults thereafter. Their tanks love crushing your infantry and NOD tanks can’t stand a chance against their rockets and armor, so the best bet is to secure your beehive.

The covert forces
Now here is the fun part, once you have build up a sizable defense, there won’t be enough green tiberium left to feed and build your army. But before you go into the red, ensure that you’ve trained one commando and at least 3 specters. The base on the north east is defended on their south entrances but guarded by pillboxes on the eastern entrances. You can start by stealing some blue tiberium from the northeast base using your newly formed covert team. When the time is right start by sneaking past enemy tanks on the exit ramp to your right leading up, keeping to the right edge of the screen. You have to get your timing right after an enemy assault and sneak past before the next wave comes. You will pass a space shuttle like building and see a monorail track, behind the top north east field is the fenced blue tiberium field. The enemy base is on your immediate left.

Op on the Northeast

2nd Tiberium forward base

Clearing the center base

Leveling the bases
A combination of artillery force fire (ctrl-Rclick) will make short work of any buildings in the fog of war. Start by destroying all their buildings at the back especially their refineries so you can keep the cash for yourself. Always keep your specters away from the front line with your commando at the front, you might considering grouping them so you can call them out by numbers. If any patrol predator tanks were to come your way push your commando in front and engage them, she will be able to sustain fire from 3 tanks without any sweat, then let your artillery turn the tanks into scrap metal in few nicely placed shots. Your commando is also very useful into clearing and rocket squads harassing your specters, just don’t get her against any watch towers and you will be fine. Stick to his technique and you will be able to clear the whole base with 4 units. Start building a forward base up right on your enemy field and start building up your main attack force.

There you will be able to make short work of the center GDI base and stop the wave of attacks. The 3rd base is located right on the Northwest corner of the map. right behind the facility housing the doctor. But you have to get past a whole city of garrisoned buildings to reach him.

Entrance to the city

A center forward base is good for arming and repairs

Commando urban clearing

Clearing the garrisoned city
Attacking here can be done in any way you prefer- you can choose to flush them all out using purifiers or flame tanks, personally I still prefer clearing them with my long distance artillery, at the same time leveling out the whole city in the process with my commando- yes the same veteran strike team. The thing is that all garrisoned buildings are anti-air (i.e only rocker squads) so having a commando doing back to back C4s is a rather effective way to clear the city as well. While taking out all the buildings in the city, do start building a sizable scorpion tank battalion of say 20 tanks and 20 mantis as well, because the mission is not over after capturing the 2 objectives yet.

Capturing bonus objective

Capturing final objective

Hammerhead attacks

Thereafter you can start capturing your final objective, not forgetting your bonus one as well. Carryalls will arrive to extract the doctor and load him into one carryall transport. Then all hell will break loose- the map will suddenly spawn few rocket squad hammerheads, slingshots and shatterers all targeted at your carryall. Here is where your scorpion tanks and mantis will come into good play, getting rid of them is relatively easy, but getting them off your carry all is the tough part as they only concentrate all their fire on that one target.

Engaging Shatterers

Opps we sunk a ship!

Carry all at destination

The computer is rather persistent too, sending few hammerheads right at the end to meet my carryall destination, not knowing about my base anti-air defenses. The mission will end once you’ve successfully protected the carryall upon reaching the other Southeast end of the map (i.e your base) . Congrats!

Objectives completed

Intel gathered for this mission

Only bonus objective

Thinking of dropping by the IT show tomorrow of over the weekend? Do check out this comprehensive list of scanned and photographed pricelists here.

Credit going out to coldfreeze from the HWZ forums

On the internet, I guess everyone is no stranger to spam and I believe neither is any of us is a fan of one. Spam always plague webmasters and our websites, finding difficult to balance the exposure of our emails so that we can still reach out to our intended audiences, but not extent of spam bots reaching us even beforehand.

I’ve been creating websites for more than 10 years, favoring bit of live with spam day in and out in comments and emails sent from form contact. The thing is no matter what you do, spam in inevitable. The bright side is that there is an array of methods which can employ to reduce spam you receive, let be on comments or form submissions through email. Here are few of my favorite useful techniques I’ve developed and picked from others as a webmaster, compiled in quick pointers: (The pointers here assumes that you have a a certain degree of knowledge of HTML form elements).

1. Using Catch pa Images
   A Captcha is a type of challenge-response test to determine whether the user is human, the server will ask a user to complete a simple test (e.g type the letters of a distorted image, the addition of an obscured sequence of letters or digits) which the computer is able to generate and grade. Any user entering a correct solution is presumed to be human given other computers are unable to solve the it.

   However, though widely used and largely effective method against spam, this method is the most shunned by users as it hinders the user processes by adding an additional step before form submission. User entered form field values may be lost if the page refreshes after the user accidentally keys in the wrong value. Whats more, Catch pa is server side intensive on your site (even if you pull the service from an external catch pa provider), having the need to run image manipulation programs each time a form is loaded, not to mention massive memory usage for portals and is not as clean and code efficient as other options listed below.

2. Akisnet Verification
   Released on October 25, 2005, Akismet, or Automattic Kismet, is a spam filtering service created by Automattic. Akismet attempts to filter link spam from blog comments and spam TrackBack pings and learns from experience from past spam messages to dynamically create future spam rules to block future spam. There are localised versions which stores it’s own “blacklist” in databases when it always refers to as part of the auto moderation process.

   The main challenge in Akisnet is the possible blacklisting of rightful comments due to possible strict filtering rules (e.g IP address, signature or domain). Commenters can be wrongfully flagged and it is usually difficult to participate or even get legitimate emails through because all input are sent to moderation before approval or deletion, unless “unbanned” by a human moderator.

3. Having hidden input fields
   A rather simple but rather effective method is to include hidden < input > fields carrying a fixed particular value which the form processor will run only when that particular value is received, either through $_GET or $_POST events. This works to a large extent (even reducing up to 80% active spam) as most spam bots will only submit form fields and ignore hidden fields which are often assumed to pass redundant server variables.

   This method will fail however as the hidden form value is always fixed, so spam bots can always attack your form unless you change your input value time to time as spam bots are able to harvest all hidden field values and submit them wholesale without any changes. A way to counter this is to add some dynamism into your secret hidden value- an example is to send an md5 hash of the month and year string so it auto updates every month, just make sure your form processor you call to runs on the same server/clock so that it can verify it from there without any timelag between months

4. Create bait/fake fields and hide with CSS
   This idea is based on the fact that spam bots do not see webpages just what how humans do- They skim through webpages by the source code, looking for tell tales code signs are as < form >, < input > or < div > elements with a telltale name such as “name”, “email”, “message” etc. The trick is to name your elements otherwise- e.g. give your true field elements completely unrelated and misleading names to fool the spam bots, like “hedge” for your actual email name field or “dog” as the name of your message textarea (you can always simply just get your form processor to take those values as true name, message, etc). Thereafter create few bait fields with tempting names such as “email”, “name” or “message” and hide them in CSS using the visibility: hidden element tag. The trick is now to get your form processor to ignore any submissions with your bait fields filled as real humans will only submit the fields visible and rendered on the browser.

   Using CSS to hide elements however, will not be cross-browser capable, not to mention some CSS tags being incompatible with older browsers, handheld mobile browsers or those users with images and external reference files linking turned off in their browsers, so it’s generally good to have a redirect or a special non-css versions for them upon detecting their browser type. Not doing so will expose all elements such as your intended hidden fields. Unless a human dissects and implements the spam attack, you can always put messages beside those bait fields telling users to leave them blank.

5. Get users to do simple math
   This method involves the system random generating 2 integers for the user to perform some simple math on it (usually addition) with the answer keyed into an “answer field”, these 2 integers are then also passed onto the form process script where it will be executed only if both submitted values are equal with the sent value in the “answer” field. This method provides for variation and ambiguity to spam bots, lowering their chances of a successful form submission compared to a fixed input field.

   However, just like Captcha images, this involves a form of challenge to users which will be big thumbs down to people who may have mental or physical problem working our your challenges, let be even simple math additions. Being an additional step, this also adds to the hassles for submission which is irritating to users who may want to contribute out of courtesy,let be potential clients for business contacts, we definitely do not want to burden them too much with such challenges or frustrate them when they accidentally enter values wrongly or unintentionally.

6. Avoid JavaScript validation.
   JavaScript validation is quite a popular choice in terms of employing client-side browser validation, this is given given the ability to check the form without having the user refresh or go to another page, whats more JavaScript can prompt users with and alert or change the style of fields to attract correct attention. All these offers a degree of “dynamism” as required field elements are put through an “onsubmit” event where the Javascript will go through all the fields based on code and prompt the user. This is before the JavaScript passes the form values onto a recipient form processor script specified in the form action.

   Most spam bots usually do not see JavaScript and will submit straight into the < form > tag “action” value, something JavaScript is incapable to block. Though a way against this is to also use JavaScript to print the form “action” value out as a string combination. It is usually advised to use methods 3 and 4 in combination with JavaScript to achieve the maximum protection against spam bots.

7. Use flash movie elements to submit form
   Flash have a nature of containing all it’s form elements in a flash movie itself, being an independent embedded activeX element, it completely shields all your form input values such as your fields and even the path to your form processor. Therefore if your choose an external form processor option, you can name it non-intrusively (like not form_processor.php/cgi, etc…) and place it anywhere on your server to be executed, spam bots are non the wiser and will not be able to find it. It is almost the perfect solution to mask all your values, whats more dynamism with ajax and form validation also can be added in flash without reloading the page at all.

   On the contrary, Flash elements (depending on your version of flash) is a nightmare for older browsers and computers, not to mention not fully compatible with mobile devices/handhelds, slower in loading and usually not recommended and uneconomical (overkill) to include in simple websites unless as part of a whole flash enabled website, where it’s intended application are usually more desirable and recommended. The frequent need of updating player versions is also quite a hassle for users and generally, most flash websites do not utilise the power of form handling unless it is a completely thought out one allowing you to “tab” jump fields or Ajax driven, usually flash form sacrifices speed and feedback flexibility with eye candies and looks to boot.

8. Cookies to benefit users
   This last point focuses more on the user-friendly aspect of web forms. User-friendliness is key in web and process design, knowing the few methods listed above we can learn that challenges to users should be avoided at all costs, thus the effective use of cookies here can be brought to your benefit. With or without a login system, you can use methods 3 to 5 listed above like the hidden fields method to populate a simple direct no-frills form with little or no challenges towards email forms or commenting users who have previously successfully contributed a legitimate entry.

   Only new users, or say visitors after 2-3 unsuccessful logins to your site will have their cookies reset and be faced with Catch pa or math challenges for all your comments and form. This adds greatly to contribution and rewards feedback and regular participants, especially those who contribute out of goodwill

Ok that is all I have on anti-spam for forms, do note that this is list is completely non-exhaustive, do feel free to add on or critique any points if so. Cheers and take care!

Well just when you thought EA (aka old ruins of westwood) is totally done calling 2008 with the FPS “Tiberium” looks like they have something else up their sleeves with a new sequel to the largely popular Red Alert series. We’ve seen C&C 3 adn Kane coming up previously, so we can technically and most expectedly see Red Alert next in the rotation for a sequel.

Many old time gamers will know Red Alert as part of the Command and Conquer series which took the world by storm and redefined real time strategy since the mid 90s. Red Alert was a classic which we can only reminisce on but will never set our hands on playing given what Red Alert 2 (RA2) can offer in terms of graphics and eye candies.

However RA2 did not quite get the package right in a rather non-catchy and as immersive story line delivered in the classic RA1 series. Coupled with the fact that it simply takes no brains to complete any new C&C title on hard released since the late 90s. I hope EA won’t disappoint with this new title, presumably too, their answer to Blizzards up and coming Starcraft 2.

More info and larger cover shot of what you can expect in this comoing April’s edition of PC gamer here.