I was just looking through a security audit of some sites, and half of the complaints include “the ability for people to know your underlying technology”. For those who are using Apache 1.3 or above (and using a distro that has configuration files in /etc/httpd/conf.d), you will find this solution helpful. Simply create a file called /etc/httpd/conf.d/0-security.conf with the below content:
<LimitExcept POST GET HEAD>
Deny from all
Save it, restart httpd and you are “more” protected… a few notes:
- This assumes that your application will only use GET, POST or HEAD. If your application is fancy (or you don’t know your app, then you might want to get rid of the LimitExcept directive)
- If your application (or application container such as PHP, Python or Java) generates additional HTTP headers that identify their technology, then you might want to use mod_headers to them.
- Anyone with an ounce of network knowledge would know that you can figure out the underlying technology by probing at the TCP layers (nmap with the OS fingerprinting option is very handy). So don’t let auditors fool you – you can’t hide unless you have a security device in front of your servers that remove traces of OS “uniqueness” in layer 3.
One of the great joys of being a gadget guy is to shamelessly spend money on shinny new gadgets… so out of a whim (and impulse), I search high and low to find my beloved Nokia N97 and sourced it from a store in Mississauga. Here are my first impressions:
- The box: simple, elegant, relatively compact, and “mostly” environmentally friendly (bonus points here – the box is black and without the plastic shine, and still looks sleek… remember, the person just paid over $700 for an expensive electronic toy)
- Phone: surprisingly light and solid. The keyboard slide movement is smooth and without any creaking noise – it feels like closing the car door of an expensive luxery automobile rather than a Chrysler K-Car! However, the battery door is purely plastic and prying it open to put in the battery is not a fun experience. If you use too much force, you’ll break every plastic tab from the cover, rendering your phone backless.
- The power-on: it’s Series60 – what more can I say. You have to embrace the fact that you are booting up a computer rather than a phone. If you expect the phone to power up and be able to dial a number in 10 seconds – give up on owning a smartphone right now! (On a side note: if you think you have power off your BlackBerry by clicking on the icon on your home screen – you are sorridly mistaken. That power off is merely a suspend to save power – it doesn’t shut down the phone. You are better off pulling the battery out)
- Guided setup and first impressions: Finally Nokia paid attention to the finer details of the whole-phone experience. I must say it rivals the G1 in terms of ease-of-use. I plugged in my SIM card into the phone, powered on, and within a minute I have a working phone. They even loaded all the useful software (such as Nokia Maps with all the maps, Facebook, Reuters, and a Guitar Hero imitation) into it so I don’t have to hunt it down on the Ovi Store – which I’ll get to my gripe in a second.
- Overall: if you are a Nokia fanboy like myself, then this is the ultimate phone! It’s the most speedy Nokia phone yet, and it does everything an iPhone, Palm Pre, and G1 will do – and then some.
My gripes about the N97
- Ovi – Who is running the Nokia marketing department? Good concept, terrible name, and badly executed. The Ovi Store is often down (or not accessible if you are not using your 3G connectivity), the prices are in Euro (I know, this is a European company with their user base in Europe), and the browsing app is not snappy at all. They should take a page from Apple iTunes App Store or BlackBerry App World and build a usable app. What got me more upset is that I have to download and install Ovi Store app initially – another 500KB of over the air download.
- Web browser – great, you now show me a full-screen experience, but some very important features take too many screen tapping to access. For example – to go to the previous web page, you have to click on the “show menu” icon at the bottom right, click the “back” button, and then click on “select” button. I just want to go back to the last page – is it so difficult to ask for? Also, you’ll notice that your browser will mysteriously quit (probably due to out of memory or browser crash) – it happens to the iPhone Safari browser too, but the frequency is a bit too high (about once every 40 pages or about 10-15 minutes of web browsing)
- E-mail – when will Nokia give a native HTML viewer for e-mails (it’s nice that you can click on the HTML attachment to see the message, but it’s not right)
I still love this phone – and it will take a lot for me to switch to the next good phone. Though my HTC Dream is being shipped this week, as part of my renegotiation efforts with Rogers (and lowering my bill by $50/month). Anyone want a brand new HTC Dream?
If you don’t know me, I love my smart phones. My first smart phone was the Nokia 3650, a Symbian-based smart phone in 2003. When TV shows and magazine articles started to talk about taking pictures and videos, listening the MP3s on the phone in 2006 (and made it sound like magic), I often question them by saying – what is the big deal, I have been doing it since 2003.
In 2006, most of Eurasia already had 3G high speed access, video calling, and a lot of other cool ideas. North Americans are sadly lagging in this area due to poor understanding of the technology – perhaps due to resistence to change, our obsession for free handsets, and the extreme high cost of paying an average cellular phone bill. I know because my monthly bill between my three cellular phone lines cost $400.
I think 2009 marks the year of smart phones – we have Apple and RIM to thank for the popularization of these devices (and the push of much needed cheap data plans). Alan of course have been using smart phones for the past 5 year to see a progression of faster (processor speed/video) and smaller phones, with better cameras.
- 2003 – Nokia 3650
- 2005 – Nokia 6680, 7710 (Yes, I had a touch-screen smart phone in the day)
- 2006 – Nokia N80, E61
- 2007 – Nokia E61i, Blackberry 8830, iPhone 2G, HTC S720
- 2008 – Nokia N81, iPhone 3G, Android G1, Blackberry Storm
A few notable features of the new phones are:
- Applications: most applications in before 2007 were focused on productivity, and almost all of them are not tied to a function of any particular web sites. Facebook and Google created the demand for applications that serve the purpose of a particular website, which also drived the need for Smart Phone platform standardization and a central application store.
- GPS: I was really hoping for the Assisted GPS (AGPS)/Advanced Forward Link Trilateration (AFLT) to take off on the CDMA networks. Unfortunately with the high cost of deployment and the mobile network’s need to realize profits for their AGPS deployment ultimately caused the mobile location space to muture two years late. AGPS/AFLT have been deployed in North America since 2005 for the purpose of E911, but the providers felt that they need to protect this information for revenues rather than innovation. I am so glad Nokia, BlackBerry and iPhones have GPS chips built-in so that we can use location-aware applications such as search and navigation
- Side note: iDEN phones by Motorola were the first phones that incorporated the GPS chip long before AGPS/AFLT, but the network/phones were industry-specific
- Music capability: farewell MP3 players, hello all-in-one phone/MP3 players. I have been enjoying this integration much longer than most typical Canadian/American just because I have been using phones from Eurasia. I am glad they have merged the two together – now I can identify songs from the radio using Shazam, stream audio from last.fm, listen to MP3 from my 8GB microSDHC card, and take a phone call all without taking out my headset during a bike ride.
- Camera: we still don’t have the crazy 7MP+ cameras with Xenon-flash on our phones like the ones found in Japan or Korea, but with 3MP you can finally do something useful like book cover/barcode recognition. QR codes are finally are reality in North America if the application is pre-installed on the phones.
My take on my latest smart phones?
- Android G1: by far the most pleasant experience that a smartphone can get for configuration/set-up. Gone are those complex “please insert CD to computer and load a million software” steps. It has been replaced with a simple “please enter your G-mail account info to continue”. Within 2 minutes of me entering the info, my phone was usable, with my calendar, mail, and contacts all synchronized to my Gmail. You have to hand it to Google for owning the search, e-mail, profile, and now the phone – it may not be the prettiest, but it is smooth.
- Blackberry Storm: I was surprised at the crisp display and easy to use touch screen. I love the fact that the screen is a giant button, and to that there is a difference between hovering / pressing on the touchscreen. The application library is somewhat lacking, and the keyboard is as annoying as the iPhone one, but at least it works. The rotate function is cute for the first 5 minutes, but it is no longer cute when a small bump can flip you between orientation.
- iPhone 2G/3G: no comment. It has the coolest application store, and the iPod integration is by far the best media player from any phone platform.
- Nokia: still keeping my options open on the E71, but my E61i has been a reliable workhorse. The os is slow, but it is much more reliable than the rest of the phones out there.
Dealership repair shops… trust them if you like to donate money to the rich! (Re: solution to Passet/A6 2.8 cylinder misfire)
This may sound like a rant, but there’s a silver lining to my tale:
A year ago I experienced a persistent cylinder misfire on my poor 1998 A6 2.8, and so I go to my trusted mechanic friend at a VW dealership and got the advice to buy new spark wires and ignition coils. In I went, and all the stuff were putted in, the car ran just fine for 8 months.
October came, and car decided to misfire again (the dreaded P300-series error code from the OBD2 readout), but my mechanic friend is no were to be found. As my luck ran out (ie. the dealership closed down), I resorted to the evil act of bringing my beast to the Audi dealership for an official diagnostic. November came, and I dropped my car off at the Agincourt Autohaus dealership – the reset the error codes from the computer and declared the car worthy of driving. This was in fact the biggest mistake I have ever made!
December came, and as I return from the company Christmas party, the car finally smoked and gave out at the intersection of 16th Avenue and Woodbine Avenue on a cold Friday evening, I desperately called everyone from my family to the Audi dealership to figure out what I needed to do. First thing in my to-do list is to call a towing company to get this car OFF the busy intersection. Audi is nice to include a hazard sign in the trunk so that the oncoming traffic can safely ignore the sign and honk at a car that is smoking… 6 towing companies later, and Cardinal Towing came to my rescue promptly and professionally. At least my towing experience has been extremely pleasant.
Now, you must think by towing your car to an Audi dealership (this time, Uptown Audi) with a real problem, they would know what to do right? Wrong! Once again, they misdiagnose the car and said I had burnt spark plug wire, and that my problem with the misfiring cylinders were to replace the spark plug wires, plugs, and clean the injectors and throttle body. $1300 later, I said to myself, they know what they are doing – I dropped the car when it was completely dead so they MUST be able to find the problem. Sadly, within 12 hours of getting the car back (and with only 15 km added to the odometer), the misfire returned. Brought the car back, and this time I got a quote for $4800 to replace two catalytic convertors, 4 oxygen sensors and 6 exhaust nuts.
Any reasonable person would rationalize – why would you want to throw in so much money to a used and old car? On the other hand, if I don’t repair the car, I can’t extract the other 50% of the value of the car (no one would buy the car in the current condition). Out of desperation, we found our old mechanic friend who suggested another person who may be able to save us – but only in January , which brings us to our interesting conclusion to this post.
January 3rd came, and car went into the shop for the catalytic converter replacement – we were told (and have seen) the old part would have burnt up the car if we didn’t repair it. What we didn’t do was to tell the mechanic about the history of the car and why we are doing these repairs, and so another 200km later, the symtons returned. I call the mechanic to ask him to conduct a thorough diagnostic on the car, and turns out the ignition coils were defective again. What made me more mad was that if Agincourt Autohaus properly diagnosed the car intially, we would spend $550 on the repair ($327.30 for the ignition coils at VW/Audi dealer, 1 hour install and standard $95 diagnostic fee) rather than the $2800 catalytic convertor replacement.
The moral of the story:
- Don’t trust Audi dealers, they are crooks. In general, don’t trust the dealers unless you know the mechanic personally.
- Don’t allow dealers to tell you want you need to repair until you see the damage. Our desperation in getting a working car caused us a lot of money. Dealers are evil. (Unfortunately, most repair shops are evil too, so I you just better do a lot of research on the net)
- Trust your instinct – if the car reports a cylinder misfire – triple-check all of the ignition electronics (ignition coils, spark plug and wires) and replace the part if suspect. Our lack of trust (and assumption that 1-year old part cannot be defective) caused a much bigger repair bill than needed. Audi A6 2.8 / VW Passat 2.8 ignition coils tend to get destroyed quickly for some reason.
- Genuine VW/Audi parts are actually better and more reliable.
- Lastly, don’t trust the dealers. They are evil, very evil. I know, I said it before.
If you are a Rogers customer, you might have noticed in the past day that when you typed in a wrong website URL (or any domain name), it claims the site exists and gives you Rogers-Yahoo sponsored advertising. See an example here:
Brings you to:
Shame on you Rogers! Breaking RFC and annoy your customers all at the same time.
The idea of having a Afro-Centric high school being built in Toronto absolutely scares me. I know they have schools for the LGBT community because they are vulnerable, but an afro-centric school? Are we going to now run chinese-centric school because they learn better, or indian-centric school because of the need to accommodate their religion? We live in a multicultural society – not only are we learning how to tolerate each other for who/what they are, but learning to embrace and enrich each other’s live experiences for their cultural diversity. Running special assemblies, creating special credit courses, or having special groups to help cultures in trouble fitting into the school system is the correct way to deal with any issues students are running into. Running a culture-centric school is no better than what happen in USA 40 years ago!
We can’t regress on all the work we have done so far to bring diversity to Canada! Diversity is something we learn by growing up with our friends.
As part of being in the mobile local industry, I get press releases for new and innovative service that has just launched. With my new “unlimited” text messaging bundle, I decide to try the service from AskMeNow.com (short code 27563). My welcome message from them was:
For AskMeNow Help goto askmenow.com or 888-EZ-ASKME. Txt STOP to end. The service is provided at no charge but carrier fees will apply.
Yes, 3 messages and $3.75 of premium messages later, I called Rogers to figure out what the heck is this. I ask them to revert the message, but I really wish they can charge back text message to the origin to ensure SMS applications owners take responsibility to communicate charges to the user, or else face public humiliation.
First mistake – not listen to my co-worker when he said it’s at 3005 W Broadway in Kitsiliano.Â That was 5:55pm.
Second mistake – allowing TomTom to use its point of interest list to send me to the 850 W Broadway.Â At this point, I have already parked my car, paid $4 worth of parking to find out I went to the WRONG restaurant. Timecheck: 6:30pm
Third mistake – allowing TomTom to guide me to 3005 W Broadway in Kitsiliano!Â In TomTom’s brilliance, it decided that 3005 W Broadway = 3005 Broadway = 3005 Broadway E.Â That’s about 6000 house numbers away from the restaurant, and about 2 minute from the Burnaby office (that I originated from).Â Frustrated and mad, I check the clock, 6:55pm.Â I reluctuntly called my collegue at the restaurant, embrassed, and said I will pick them up at the restaurant to the hotel instead of eating with them.
Finally… punching 3005 Broadway E. in Kitsiliano took me to the restaurant I wanted.Â Timecheck: 7:40pm.Â Â Did I bother to pay for parking until 8pm?Â Nope… nor did I care enough to do so.
Lesson of the day – trust your instinct and your friends while driving in Vancouver.Â Unlike the commercial, I am not going toÂ ask “TomTom, where’s W Broadway” again!
(TomTom will be getting a nasto-gram from me very very soon…Â this isn’t the first bad direction I got)