Archive for the ‘Tools’ Category

Posted on November 6, 2008 - by snipe

Photo Retouching - How to Salvage a Dark Digital Photo

I prefer not to shoot with flash when I can help it - I don’t like the way it washes colors out. Unfortunately, sometimes if you don’t leave the exposure open long enough, or don’t have time to adjust your exposure in the first place (candid shots are my favorite but can be a bitch if you only have a second to capture the moment), you end up with under-exposed photos that may be too dark to use. Dark photos are particularly challenging to retouch, because as you make the image lighter, it can end up looking very grainy. This tutorial will show you a few ways to salvage a dark photo and minimize some of the graininess.

(more…)

Posted on October 6, 2008 - by snipe

Is IMAP/POP3 Gmail or Gtalk periodically rejecting your password?

I have run into this many times: my Gtalk password is stored in my email program (Thunderbird as an IMAP account) and my Gtalk password is stored in Adium, and every now and then, when I start my computer, Google tells me my password is wrong.

(more…)

Posted on September 8, 2008 - by snipe

Simplest weather tool ever

If you can’t be bothered to check weather.com (or a comparable weather service) before you head out for work in the morning, you may not always know you need to bring an umbrella.

UmbrellaToday is the easiest weather tool to use, giving you a simple YES or NO answer when you enter your zip. Plus, you can set it up to send you a text message at a specified time (ideally before you’ve left the house for work) if you’re going to be needing your umbrella that day.

Posted on August 13, 2008 - by snipe

Managing registration spam in vbulletin

As the administrator of several forums, I don’t even have words to describe how frustrating forum spam has become. On my photo gallery software site, I had to take down the phpbb forums because the signal-to-noise ratio was just out of control. I had been using phpbb for most of the forums I set up for a while, however one of them had become a constant target for hackers and phpBB always seemed to have vulnerabilities. I decided it was worth my sanity to shell out the cash for vbulletin, and overall I’ve been very happy with that decision.

Of course, I had the same issues with spam as I did with phpbb. On one forum that had been around for many years, I was receiving upwards of 60-100 spam registrations a day. I had changed our forum settings to require my approval before anyone could post, which was great at sparing our users from spam posts about viagra, but was doing nothing to help my sanity. Out of those 60 new registrations, *maybe* one was valid. It got to the point where the sheer volume was overwhelming, so the accounts pending approval started to pile up. Unless the new forum member emailed me directly, they simply never got approved. Not a good way to run a forum, for me or for our users. I was feeling frustrating and cranky, and the users were being neglected and denied the ability to participate. Fail².

When I logged into my vbulletin admin two days ago and saw that there were over 1,000 accounts awaiting my approval (and by way of a quick glance through the list realized that 95% of them were spam), I decided I needed to revisit some anti-spam tactics for vbulletin. I was already using vbulletin’s built-in captcha, and had added the NoSpam! plugin a year or two ago - I’ll go into it more in a moment. NoSpam! definitely helped, but as I was in a rush when I installed it, I didn’t force myself to sit down and come up with a range of good questions.

My goal was to find a solution (or several solutions) for registration spamming, not post-spamming - since logic would dictate that if the users who are able to successfully register are not spammers, you don’t have to worry about post-spam.

My first thought was to see if there was an Askimet system for vbulletin. Askimet does such an outstanding job at keeping Wordpress blog comments spam-free that I thought it would be the perfect place to start. A quick Google search turned up less than stellar news. The reviews on Askimet’s vbulletin port were not great, citing many instances of false-positives, which would ultimately end up creating even more work for me in the long-run, since I’d be fielding user complaints of poists not showing up, etc. The more I thought about it, Askimet wasn’t really the right answer anyway, since it screens only posts, not registrations.

More Googling turned up an excellent blog post by Cormac Moylan, appropriately titled Fighting Spam in Vbulletin, where he goes into detail on several of the available options for fighting spam in vbulletin. The article was from 2006, but there were some products listed that I wasn’t aware, so it was very helpful. He, too, agrees that the Askimet port to vbulletin is not as awesome as its Wordpress flagship. In a similar fashion to his post, I’m going to go through the available products and my own conclusions below.

NoSpam!

This plugin allows you to add an additional barrier to the registration process, where the user sees one of a randomized list of questions YOU define, and they have to type the correct answer into a text box. Spambots have been improving their OCR capabilities over the past several years, so an image captcha alone just doesn’t cut it anymore.

With NoSpam!, you create the questions - and the answers - so you’re able to really control the level of screening you want to implement. A simple math question (2 + 2 = __, with possible answers of “four” or “4″, for example) will be harder for a bot to grok than a basic image captcha. NoSpam! did help, and I recommend it. The fact that it was less effective as time wore on is very likely my own fault, since I stuck with basic math problems. I would expect that if spambots can easily detect and fool image captchas, they are probably capable of detecting basic math prompts these days. I’ve since changed the questions to ones that require an actual human to solve, but still easy enough for new users to get through. For example, for the Wench forums, one of my NoSpam! questions is “Fill in the blank - International _______ Guild.” Still not rocket science, but since the questions are more topical to the forum content itself, its doing a better job.
[download]

Enhanced Captcha Image Verification

I’ve only recently installed this one, but it looks like a great tactic to get around spambots - the demo speaks for itself. Its quite brilliant in its simplicity - four boxes with random images, and text that asks you to select a specific image from the group. Certainly easy enough for a real person to complete, but it will be more of a challenge for bots to figure it out. The install in vbulletin was very easy - upload the images, and then install the product by uploading the xml. Couldn’t ask for a simpler plugin.
[download]

Check Proxy RBL on New User Registration

If a bot gets past the first barriers - the standard image captcha, the enhanced image captcha, and the NoSpam! questions, there is one more line of defense - running the IP address of the registration user through the RBL, or Real-time Black List, databases, to see if it matches any of the known spammer IP addresses. If it finds a match, it deletes the signup and can either alert you by private message or by automatically starting a thread in a designated forum category of your choice.

I have just installed this one, so I’m not able to give you a success rate, however Cormac reported an 80% success rate with no mention of false positives. (Update: see my own updated numbers at the bottom of this post.)

This plugin comes with a small handful of RBL server addresses to check against, but this post on the Anti-Abuse Project site offers quite a few more, including:

bl.spamcop.net
cbl.abuseat.org
dnsbl.sorbs.net
socks.dnsbl.sorbs.net
dul.dnsbl.sorbs.net
http.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
misc.dnsbl.sorbs.net
dnsbl.njabl.org
combined.njabl.org
zen.spamhaus.org
rbl.spamlab.com
accredit.habeas.com
list.dsbl.org
multihop.dsbl.org
unconfirmed.dsbl.org
dnsbl.ahbl.org
dnsbl.burnt-tech.com
bl.deadbeef.com
dnsbl.delink.net
access.redhawk.org
no-more-funn.moensted.dk
spam.tqmcube.com
ko.tqmcube.com
prc.tqmcube.com
dnsbl.tqmcube.com
ubl.unsubscore.com
psbl.surriel.com
blacklist.spambag.org
combined.rbl.msrbl.net
dnsbl-1.uceprotect.net
dnsbl-2.uceprotect.net
dnsbl-3.uceprotect.net
cblless.anti-spam.org.cn
bl.spamcannibal.org
cbl.ni.bg

[download]

Banning E-mail Addresses and IP Addresses

Although this one seems like a no-brainer to me, I should definitely mention it. Vbulletin comes with the capabilities of banning whole or partial email addresses and IP ranges. I have been cultivating my domain ban list for several years, and you’re welcome to snag it and use it for yourself. (My list is fairly aggressive, so it might not be appropriate for everyone - for example, I don’t allow .ru domains at all, since I know none of our members would have a .ru address. You can gank my list here.

Apache’s mod_security

Another option to prevent post spam is to install Apache’s mod_security. Mod_security is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc - and has the added benefit of blocking spam posting as well.

Mod_security is basically a series of rules and regexes that Apache runs POST and GET data through. If it finds a match to potentially harmful or spammy information sent to the server via a POST or GET method, it will prevent the form submission from going through, throwing a 500 Internal Server Error message and logging the incident to a file.

Although I am a big fan of mod_security, its not going to be for everyone. If your forums are very active, it can really spike your server’s CPU load. Out of the box, its incredibly restrictive (which is good!), and blocks a lot of false-positives. It takes a while to comb through the incident log and refine the rules so that there is a balance between security and legitimate user-submitted content. This is definitely not for the novice, or for someone who needs a quick fix, but it should be considered as an option. You can find the download here and a tutorial on setting it up here.

Still not perfect

So as we’ve seen, there are some steps you can take in vbulletin that will make a significant difference in the amount of registration-spam you experience. These plugins and techniques are geared at intercepting and blocking spambots, specifically - however it should also be noted that sometimes the spammers actually *are* real people - and unless you’re willing to manually screen and approve every forum registration, there isn’t much you can do about those. Anything you could implement that could confuse them or prevent them from registering are the same things that will prevent your legitimate users from registering.

*** Sept 8, 2008 Update ***

I’ve now been running this plugin for about two weeks, and the RBL New User Registration check has prevented over 200 spam registrations. Registrations that would otherwise have made it through all of the aforementioned checks, since the RBL plugin collects the username, which means the registrant had to have gotten to and completed the registration form.

Over 200 spam registrations blocked, and approximately 10-15 total false positives (which could probably be remedied by removing a few of the more aggressive RBL servers from my list.) I can firmly state that the 10-15 false positives, compared to the 60 spam registrations a day I was getting, falls into the win column. Whitelisting an IP takes just a few seconds, so its not a big deal.

The ultimate outcome - these plugins combined have, for now, allowed me to turn off manual registration approval completely - with ZERO spammers making it through the blockades. My users are happier, and I’m happier.

Posted on August 11, 2008 - by snipe

Turn any photo into a vintage photo

With the Bakamatsu Koshashin Generator, you can turn any photograph from new to old in seconds. This vintage-style effect is quite convincing - check out our example below, and there are more samples on the website.

While its certainly possible to do this on your own in Photoshop, this online conversion does such a nice job, I can’t imagine doing it manually. There’s nothing to download, and the conversion is free, so check it out!

Bakamatsu Koshashin Generator via [Lifehacker]

Posted on July 22, 2008 - by snipe

Generate lists of banned words for forums and other applications

If you develop software for a living, or if you moderate any online forums, you may have found yourself in the situation where you need a list of banned or blocked words. The problem is, what works for one application doesn’t work for another. A forums targeted at adults can probably have a little more latitude than a game designed for children.

Rather than maintaining multiple lists for multiple audiences, check out BanBuilder.Com, a website that lets you generate a list of banned words based on rating (PG, PG-13, R), location (US swear words versus UK, etc) and export them into various formats including csv, text, sql insert statements and more. The service is free and there’s nothing to sign up for. Just use it when you need it.

Note: the export function isn’t working just yet - but you can help the project by adding your own swear words to the database. Check back in a day or two for the export feature.

And if you have suggestions, post them here, since this is my own little pet project!

Posted on July 20, 2008 - by snipe

Poll Everywhere Gathers Votes by SMS

The website Poll Everywhere allows users to sign up for a free (limited) account and run an SMS poll of up to 30 votes per poll. For projects requiring higher volume capabilities, they have monthly plans going up to 10,000 votes ($370 a month, no contract) and they offer custom plans for even more extensive needs.

From the Lifehacker website:

Need to know how many folks coming to your big bash prefer beer, wine, or soda? Poll Everywhere offers a free polling service that lets you send up to 30 SMS messages with simple reply instructions to gather opinions. You can also send a link to your polling page by email, Twitter, or whatever service you’d like, but the convenience of having to text less than 10 characters back likely boosts your return rate. Poll Everywhere’s free plan doesn’t let you see who exactly voted for what, but it could come in handy when you need a small group’s opinion.

Posted on July 3, 2008 - by snipe

GUI Planning Made Easy with the Pencil Project

Designing a good GUI is arguably one of the most difficult - and critical - phases of application development. It’s absolutely one of the most overlooked, and part of the reason for that may be the fact that we haven’t had many tools that allow us to quickly and easily throw together a GUI design that can then be put through its paces. Photoshop mock-ups, although easy enough to do, can be time-consuming - and if you’re purely a developer, you may not even have access to Photoshop in the first place. Fortunately, your days of scratching out GUI designs in crayon on the TGIFriday’s placements (don’t laugh - I’ve done it) are over.

Five years ago, people used a specific piece of software because it did what they needed. Even if the interface was miserable, it was the only thing out there that did the job, so they learned to suck it up. These days, there are so many pieces of software that do the same - or virtually the same - things, that the user actually has a *choice* - and the winner will almost always be the one that’s easiest to use.

The Pencil Project is a Firefox addon that takes much of the hassle out of GUI development, with an easy-to-use drop-and-drop interface with text editing and a library of shapes and form widgets.

From the Pencil Project website:

The Pencil Project’s unique mission is to build a free and opensource tool for making diagrams and GUI prototyping that everyone can use.

Top features:

• Built-in stencils for diagraming and prototyping
• Multi-page document with background page
• On-screen text editing with rich-text supports
• PNG rasterizing
• Undo/redo supports
• Installing user-defined stencils
• Standard drawing operations: aligning, z-ordering, scaling, rotating…
• Cross-platforms
• Adding external objects
• And much more…

Pencil will always be free as it is released under the GPL version 2 and is available for virtually all platforms that Firefox 3 can run. The first version of Pencil is tested against GNU/Linux 2.6 with GTK+, Windows XP and Windows Vista.

Obviously, if you’re a crappy GUI designer, or if you don’t take the time to test your designs, The Pencil Project isn’t going to save your hide, but for developers who care about GUI design, it can shave quite a bit of time off that design process. Assuming you’re the latter instead of the former, visit the Pencil Project website to learn more and download it now.

Posted on July 2, 2008 - by snipe

Dropbox versus FolderShare for Syncing Files Between Computers

In my eternal quest to sync up all of the various aspects of my life (contact lists, bookmarks, addons), and to cover the control-freak side of things using version control systems like Subversion and CVS, Dropbox and Foldershare were the next natural step. (more…)

Posted on July 2, 2008 - by snipe

Sync Your Browsers Across Multiple Computers with Mozilla Weave

Those of you who have upgraded to Firefox 3 may be feeling the loss of Google Browser Sync, Google’s free Firefox addon that previously allowed you to sync bookmarks, stored password, cookies and more across multiple computers. For folks like me, who work on multiple computers throughout the course of the day, this was an invaluable tool for keeping track of passwords at the very least.

I was heartbroken to discover that Google had effectively abandoned the project around the time that Firefox 3 came out - so much so that I delayed upgrading Firefox for a while.  I was hoping they’d change their mind, or get around to updating it - but eventually I realized that Google Browser Sync has been discontinued, and the download has been replaced with the following text:

Google Browser Sync is no longer available for download. Instead, to get similar functionality, we suggest using Mozilla Weave, Google Toolbar for Firefox, or Foxmarks. Support for current Google Browser Sync users will continue through 2008. We’ve also posted the code to Google Code in hopes that someone will use it to develop something cool.

As such, it will not be updated for Firefox 3. However, the code has been made available to the public

Fortunately, the folks at Mozilla Labs came to the rescue, with their new project, Mozilla Weave. Mozilla Weave syncs forms, history, cookies, passwords, tabs and bookmarks - and even has support for Weave add-ins. Plus, you can mount your storage slot using WebDAV - although Mozilla strongly warns against using this space for general storage, as they may delete the contents at any time.

I’ve installed it so far on Win XP and Mac OSX (Leopard), and it’s working smashingly. Learn more about the Weave project, including the basics of how it works and the fundamental principles, at the Mozilla Labs Weave page, or try it out by downloading it today!