I have had many routers from many different manufacturers. Never did any router I purchased stood out like this Belkin N+ Wireless Router.

A quick run down of this router:



Belkin's N+ Wireless Router features a USB Storage port on the back of the router for connecting USB storage devices such as an external hard drive or thumb drive to the network. Now you can centrally store and share media content and files from the USB hard drive to every computer on the network.

This router also features gigabit Ethernet ports for a wired connection that can handle applications that take up a large amount of bandwidth. The N+ router is based on the draft 802.11n 2.0 technology which provides the wireless range to easily cover any-size home or office. The N+ Router has the bandwidth and speed for handling media intensive applications that take up large amounts of your bandwidth.

Since I connected it to the internet box, this router has not failed me a single time. I have this router now for about 2 months and I am quite impressed in regards of reliability and performance! I am in a three story home the router is in the basement and I still get top reception in the attic! Fantastic speeds. It just works. I bought a second Belkin N+ in case the one currently running ever goes down.

What do I like about this router?

The admin section is easy to navigate and operate. I like the additional public access mode (dual SSID)! This is quite a cool feature. Currently I have the regular wireless network which I password protected. The router allows a second wireless network for public use. What it does is it lets you offer an additional access point for people so they can connect to it and access the internet but they are excluded from the local network. A nifty feature I learned to appreciate when I have friends/guests over. I don't have to fiddle around with their computers to get the wireless setup going since I always add special security implementations. All they do is launch the browser and they get to see the Belkin Public Access Landing page. They enter a from me defined password and they can start surfing. Just like with airport/hotel internet access just without the charges :). I wished the landing page would be customizable.

The reliability is unseen in any of my previously owned routers. Top job on this one Belkin you really did impress me with this router.

Looks like I have fallen victim to a bug in Apple Mail 3



on my MacBook running Mac OS X Leopard 10.5.8.



This is what happened:

I tried sending a larger file (33 MB) through my GMail (Google Mail) Account. I have my GMail account setup to utilize IMAP functionality.

I received a dialog box from Apple Mail telling me that the file was too large after trying to upload it. Later I found out that GMail comes with a 25MB sending limit.

I didn't give it much of a thought and sent the 33MB file through my alternative personal account.

Every time I started Apple Mail I received an error message saying it has problems with my Gmail account I tried sending that 33MB file through.



Basically my GMail account was not working anymore within Apple Mail.

Trying to find a solution I came to the conclusion that it seems to be in fact an Apple Mail bug and not a GMail problem.

What seems to have happened is that Apple Mail kept trying to send the 33MB email and was stuck in a loop, ending up with an error dialog box.

This is basically what I did to fix this problem:

1) Logged into my GMail account and disabled IMAP functionality.
2) Signed out of GMail.
3) Went into Apple Mail and deleted the GMail account.
4) Closed Apple Mail.
5) Logged back into GMail and enabled IMAP functionality again.
6) Started Apple Mail and added the GMail account again.
7) Checked for mail.

Everything seems to be working as expected again. The GMail account synchronized properly and this seemed to have fixed the problem.

Hope this will help people with the same problem trying to find a solution.

This should work with any version of ExpressionEngine that has the Metaweblog API Module installed. I currently have a 1.6.x version installed.



Once the module is installed we have to create a new file on our server and link to that file in the head section of our main index file.

If we do not do that posterous will show us an authorization error message. So we have to actually help posterous a little bit out to work with our ExpressionEngine system.

For this example let's assume the following:

1) Website Address: http://www.eesite.com/
2) Expressionengine Install: http://www.eesite.com/
3) Metablog API: http://www.eesite.com/?ACT=43&id=23



4) Weblog ID: 6



5) Name of saved RSD File: rsdinfo.txt (in the root folder of our website)
6) Location of rsdinfo.txt: http://www.eesite.com/rsdinfo.txt

The content of the RSD file, rsdinfo.txt, looks like this:

<?xml version="1.0" ?>
<rsd version="1.0" >
<service>
<engineName>ExpressionEngine CMS</engineName>
<engineLink>http://www.eesite.com/</engineLink>
<homePageLink>http://www.eesite.com/</homePageLink>
<apis>
<api name="MetaWeblog" preferred="true" apiLink="http://www.eesite.com/?ACT=43&id=23" blogID="6" />
</apis>

</service>
</rsd>

Lets link to rsdinfo.txt into the head section of your main index file.

<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.eesite.com/rsdinfo.txt" />

Example shown in my code editor:



Now that the hard part is finished lets go over to posterous.com and finalize the ExpressionEngine Autopost integration.

Login to your posterous account.

Select Manage from the top right hand menu,



Select the option to the left:



Click on the large 'Add a Service' button.



From the service list within the blogs category select 'MovableType'



Enter the ExpressionEngine login and site information and that's it!



Enjoy!

I am currently working on the eCommerce integration for a client website. The bank recommended to use Zen Cart as one of their compatible shopping carts. I associate piece with the word Zen, unfortunately not even close to what I experienced in the following blog entry.

I never worked with Zen Cart before so I went ahead and downloaded and installed the most recent version from their website. I followed the install instructions to every detail as I do with every script I install.

A couple days later I have received this message by email:

Dear Sirs:

RSA, an anti-fraud and security company, is engaged in contract to assist Poste Italiane S.p.A. and its related entities "(Gruppo PosteItaliane)" in preventing or terminating online activities that target or may potentially target Poste Italiane/Gruppo Poste Italiane clients as potential fraud victims.

Poste Italiane S.p.A. is one of the largest Italian companies and operates mainly in the postal and banking/financial sectors. Poste Italiane official sites (www.posteitaliane.it and www.poste.it) are among the most famous Italian sites and are registered by the competent Italian authority on Italian top-level domain (.it).

RSA has been made aware that you appear to be providing Internet Services to a fraudulent Web site, which is part of a phishing attack* and/or other fraudulent scams against Poste Italiane/Gruppo Poste Italiane and/or Poste Italiane/Gruppo PosteItaliane clients. These activities violate Poste Italiane/Gruppo Poste Italiane's copyright, trademark and other intellectual property rights and may violate the criminal laws of the United States and other nations.

E-mail fraudulent messages have been broadly distributed to individuals by a person or entity pretending to be Poste Italiane. These e-mails use Poste Italiane name and identity (including trademarks) without authorization. The e-mails request recipients to verify and submit sensitive details related to their Poste Italiane accounts. The fraudulent website is located at the following URL address http://xxxxxxxx to which you provide services and which is under your control.

The fraudulent website not only represents a misuse of Poste Italiane intellectual property; its purpose is to improperly obtain personal information of Poste Italiane customers in order to fraudulently access their bank accounts. The owners of those websites typically perpetrate identity-theft related activities, such as using customer's credit cards or bank accounts without authorization. In addition, since the vast majority of all of the e-mails are not being sent to actual Poste Italiane customers, the actions serve to damage the reputation and image of Poste Italiane.

We understand that you may not be aware of this improper use of your services and we appreciate your cooperation.

Please take all necessary steps to immediately shut down the fraudulent website, terminate its availability to the Internet and discontinue the transmission of any e-mails associated with this website.

We specifically would ask that you also take the following actions (if relevant or possible):

- Please provide us with a tar/zip file of the source code for this site, so that we may analyze it to help prevent further attacks.
- If any customer data that has been captured is stored on your systems or equipment, please send us that data so that the customers to whom that data relates can be notified and steps can be taken to protect their credit.
- Please provide a copy of any records you maintain that indicate the name, contact information, method of payment or similar information that may be useful in helping to learn the identity and location of the customer for whom the website has been operated.

Moreover, we specifically would ask that you also provide us with a copy of any records you maintain that indicate the name, contact information, method of payment or similar information that may be useful in helping to learn the identity and location of the customer for whom the website has been operated.

Thank you for your cooperation in preventing and terminating these fraudulent activities.

Sincerely,
RSA Anti-Fraud Command Centre
Poste Italiane - Security & Safety - BSI

Tel: +44 (0)800-032-7751 (UK)
Name: Maurizio Alfonsi

Tel: +1-866-408-7525 (US)
Address: V.le Europa, 175, 00144 Rome (IT)

EU Fax: +972-9-9728101
Tel: +39 06 59582527

US Fax: +1-212-208-4644
Fax: +39 06 59585785

E-mail afcc@rsasecurity.com
E-mail: alfonsim@posteitaliane.it

http://www.rsa.com

For more information about RSA's AFCC http://www.rsa.com/node.aspx?id=3348

* Generally speaking, "phishing" is an e-mail scam that attempts to trick consumers into revealing personal information - such as their credit or debit account numbers, checking account information, Social Security numbers, or banking account passwords - through fake Web sites or in a reply e-mail. As described in the letter above, the fake web-site through which the fraudster is attempting to collect Poste Italiane's customer data is under your responsibility.

Ok I thought well another of those pesky spam emails. Then the same day I received this email from the data center I rent my server from:

We have been contacted by representatives of Poste Italiane about a phishing site that was hosted in your VPS on the site iceriverdiamonds.com. Below is a portion of the received email report:
---
E-mail fraudulent messages have been broadly distributed to individuals by a person or entity pretending to be Poste Italiane. These e-mails use Poste Italiane name and identity (including trademarks) without authorization. The e-mails request recipients to verify and submit sensitive details related to their Poste Italiane accounts. The fraudulent website is located at the following URL address http://xxxxxxxxxxxxx to which you provide services and which is under your control.

The fraudulent website not only represents a misuse of Poste Italiane intellectual property; its purpose is to improperly obtain personal information of Poste Italiane customers in order to fraudulently access their bank accounts. The owners of those websites typically perpetrate identity-theft related activities, such as using customer's credit cards or bank accounts without authorization. In addition, since the vast majority of all of the e-mails are not being sent to actual Poste Italiane customers, the actions serve to damage the reputation and image of Poste Italiane.
---
The offending files were removed from the xxxxxxxxx.com web directory already. Our admins have determined that they were placed there by the apache web server user 'nobody'. These files were uploaded to the account iceriver by a hacker taking advantage of a vulnerability in the shopping cart script installation on that website. Please make sure that the proper measures are taken to update the shopping card script to a secure version or perform any changes necessary to ensure that the website does not get compromised again.

Please let us know if you have any questions.

Thanks,
Joel

WOW what just happen? I have turned into a criminal without even knowing it. Basically what happened is somebody, a hacker, used a security vulnerability of the Zen Shopping Cart to create a full blown phishing site on my server. Putting me in a situation that looks like I am creating a phishing site trying to steal customer names and passwords.
Being put in a situation like this is really a bad thing. I am fortunate enough that the admins of the data center took the time to fully investigated this case and found out that this was in fact a hack attack. What would have happened if they wouldn't even have made that attempt? One possibility the whole site could have been shut down. I don't even want to think about how the law would have treated me. Thinking about it what an easy way to frame somebody.
I also have to say that I am happy this happened before the site went live and before I put in any work into the customization of the Zen Cart Shopping cart. I have yet to understand how the hacker/s found this site at all. It is not advertised, nor listed on any search engine, etc.
One thing is for sure after this nightmare I will never be able to look at the Zen Shopping Cart. It seems you ge what you pay for it. Zen Cart is free!

UPDATE: 11/16/2009

One unsecured script and this much inconvenience and damage!
Just received an email from Google:

Dear site owner or webmaster of ,
We recently discovered that some pages on your site look like a probable phishing attack, in which users are encouraged to give up sensitive information such as login credentials or banking information. We have begun showing a warning page to users who visit this site in certain browsers that receive anti-phishing data from Google, as well as users redirected to this site from various Google properties.

Below are one or more example URLs on your site which appear to be part of a phishing attack:



Here is a link to a sample warning page:
http://www.google.com/interstitial?url=http%3A//

We strongly encourage you to investigate this immediately to protect users who are being directed to a suspected phishing attack being hosted on your web site. Although some sites intentionally host such attacks, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
If your site was compromised, it's important to not only remove the content involved in the phishing attack, but to also identify and fix the vulnerability that enabled such content to be placed on your site. We suggest contacting your hosting provider if you are unsure of how to proceed.

Once you've secured your site, and removed the content involved in the suspected phishing attack, or if you believe we have made an error and this is not actually a phishing attack, you can request that the warning be removed by visiting
http://sb.google.com/safebrowsing/report_error/
and reporting an "incorrect forgery alert." We will review this request and take the appropriate actions.

Sincerely,
Google Search Quality Team

This is the message users are greeted in supporting browsers when going to :



At this point I submitted the form to have this message removed.

Conclusion:

What a hassle caused by a script with lack of security and a hacker who has nothing better to do than to steal and abuse peoples information and data. Karma can be a bitch and I am sure it will bring the proper justice to the hacker that initiated all this.

What is the moral of this experience? You get what you pay for. Do not save money at the wrong end.
I never used open source free shopping carts but the bank was so sure to suggest it I just took it as a secure solution and went ahead and installed it on the clients server! What a big mistake this turned out to be.
I explained the whole issue to the client and explained that it is best to get one of my proven ecommerce solutions and have a professional programmer connect it to the bank. All worked out in the end and the client is happy, all I care about.

I just got a view of these and thought to share it with you. Somebody sending out emails pretending to be the Facebook team, containing an attachment with a virus/spyware. Windows users should just erase this message and not open the attached ZIP file, which contains an EXE file. Once you launch the EXE file you will have a virus/spyware installed on your computer.
I personally will never understand people that enjoy destroying/crippling information stored on computers from people they don't even know.

Details:

Email: The Facebook Team (service@facebook.com)
Subject: Facebook Password Reset Confirmation.
Attachment: Zip File
Message:
Hey,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Facebook Team

I have already posted about the crash of one of my four 1TB Seagate hard drives. It seems the saga continues with another 1TB Seagate Barracuda hard drive.
Every time I started my local journal application my system froze for 2-4 minutes showing the ball of doom, you know, that little colorful twisting ball. Every time I would backup the hard drive in question it would have the same result during the backup process. I figured I am dealing with a corrupt file which causes the system to 'freeze' temporarily, when accessed.
I ran the Disk Utility and click on the Verify option. Following the screen with the results of this hard drive:



Looks like a more serious problem. I don't really know what to make out of this. Is it my Mac Pro (first generation) causing these drives to fail or is it the hard drive? All other drives I have up to 750GB work without a hitch for over a year now. Just these (4 weeks old hard drives) cause a huge headache.

As if this morning didn't give me enough problems, I saw the following screen as I tried to pull up my website at PixelGrinch.com:



Can this morning present anymore 'positive' surprises for me? Judging by this screen I assumed all files are gone and lost. My last backup dates back over a month. You know what that means if you are talking about regular blog entries. I connected to my server and the files seemed to be available. I contacted my webhosting specialist and there was an issue with the ip address assigned within the Apache configuration file. No clue on how this happened. The website is running fine again and I am happy.

But what a bad start in the day. Both these issues wasted 4 hours of my day.

Adobe Air seems to be a nice cross platform framework. I thought giving it a shot and installed it to take advantage of nice 3rd party applications for the Adobe Air framework. I received the following screen (this is just one of the three applications I tried installing showing the same screen):

Is this an application I want on my computer? Not me! On paper Adobe Air sounds like a great solution but screens like this give me the creeps :) and I stay away from it.

My previous related post about my first 'successful' MobileMe Existing Account Renewal can be reviewed by clicking here.
I just logged in to check my profile and it shows: Your subscription will end on Jan 30, 2009.

I must have completely missed the memo here! Didn't I just successfully renew my existing account August 12, 2008 for my account that was supposed to be expiring November 2, 2008. I love Apple, but this MobileMe is a true pain. Needless to say I threw out the box from my first 'successful' renewal in August 12, 2008. I would have never thought this is going to be a problem at MobileMe.
I got a new box for another $100 because I read about nightmares from people with the exact same problem. Instead of wasting my time on email and phone listening to scenarios like: 'Without the number of your box we can not help you'.

So for this time I decided to take snapshots, so here we go:



I used the code from the new box (second box. At this point I have spent 200$ just to get a 1 year renewal subscription)


I was presented with the following screen:



Finally, after confirming the renewal I have been presented with the following screen:



I pulled up my MobileMe profile and it shows: Your subscription will end on Jan 30, 2009.

You have to be kidding me. Obviously this is a MobileMe bug that is costing me AND others a lot of money which could have been flushed down the toilet. At least that way we would have gotten a flush out of it. At this point I am quite frustrated that I am going nowhere with my MobileMe account renewal. I tried to go through the renewal process again and the following screen blessed me with its present after entering my code:



I contacted MobileMe support at MobileMeSupport@apple.com ( I am posting this address for others in this situation trying to contact MobileMe support by email. I was not able to find a support email at the MobileMe support website at all. I found out about this one by using the .Mac support email I had on file).

I guess it will be interesting to see how MobileMe support handles this case especially with the first 'successful' renewal I do not have the box and code for any more. I will keep this post updated as long as new information are available.

Follow Up (September 13, 2008):

As expected the MobileMe support didn't help me at all and didn't make an effort of finding out what happened in regards of my first key. After all it has been applied successfully and confirmed by on screen dialogs during the renewal application of the key. Bottom line hang on to your keys even if the system shows your subscription has been applied successfully.
To the second key they said that it has been applied but only as I told them my key from the box. I asked why it still shows an ending subscription date of January 30, 2009? She said the key has been applied and it is valid until January 30, 2010. So all I have is their word for it and nothing else. For .Mac I at least got an email with subscrition information. I am out of 99$ because I threw out the key after MobileMe confirmed a successfully applied renewal key. Either the system experienced a glitch or has programming bugs that caused this problem either way I know what I read and see on the screen and it should not be my burden to proof a successfully applied renewal subscription. Everything on the server is logged and I am sure the answer lies within it if there would have just been an effort from the support personnel.

I am honestly disappointed about MobileMe in obvious beta stage and their support.

My MobileMe (formerly known as .Mac) account will expire November 2nd, 2008. So I went to the store and picked up a MobileMe subscription box. Trying to renew my existing account at http://www.me.com/activate brought up the following screen:



I can login to MobileMe just fine. Why the activation is giving me an invalid password error message is not quite clear to me. Unfortunately the MobileMe support section does not offer any email support. The only way is an online chat and and they operate to certain hours only. Too bad they are offline now. I would like to add all this has taken place within FireFox and Internet Explorer 6 and 7 on a Windows XP machine.



Follow Up ( August 13th, 2008)

The next morning I tried it online through my Mac Pro and all worked fine. The subscription has been applied.

Follow Up 2 (September 11th, 2008)

This is turning into a significant waste of time and headaches. This follow up can be reviewed by clicking here.