Stimulating Pixels

I’ve got three ideas for iPhone Apps that I’d like to try. Up until a few weeks ago, no one had done any of them. Then I discovered the “CardStar” App which is right in line with one of them.

CardStar lets you punch in the numbers under the bar codes from various membership, V.I.P. and reward cards and then recreates the bar codes themselves on the screen. The idea being that you can store as many as you want in your iPhone/iPod Touch and leave the actual cards at home.

With all the other stuff I carry around, anything that can keep me from having to take something else along is great. So, the idea of CardStar is awesome. I’ve only been using it for a little while and have run into a few issues.

First off, some scanners have a hard time with reading the barcode on the screen and some simply can’t do it. This isn’t CardStar’s fault. Just an issue between the way the two technologies work.

CardStar’s FAQ recommends having the merchant use their handheld scanners instead of the flatbed ones. I’ve seen this in action at my local Winn-Dixie. The flatbed didn’t work at all, but the handheld was able to pick up the bar code. Sadly, some handhelds don’t seem to be able to pick up the bar codes either.

A second issue I’ve run into is that some places won’t let you use anything other than the original card. I’m guessing most grocery, drug and retail stores don’t care, but my local library does. Once again, not CardStar’s fault. Just the way things work.

There are some changes I’d make to the User Interface of CardStar to make it more intuitive, but all it all, it’s a good little app. For the time being, it’s also free. If you have an iPhone or iPod Touch, go pick it up and give it a try.

This is an amazing use of software and public images to create something new in the world. I saw a video with the original version of this some time ago and was very impressed then, but the secondary controls they have added now are even better.

Very Cool

As more and more of us become electronic cyborgs (via pacemakers, internal drug delivery systems, etc…) the potential for detrimental hacking of those devices increases as well. See, for example, this story found via boingboing about researchers who have figured out how to hack into a pacemaker and shut it down via remote control.

I can see this being part of a plot to a movie. Some political leader dies and they think his pacemaker just gave out, but it was really an assassination. Of course, there is frightening real world potential for this.

I’ve written before about how WordPress doesn’t really have a way to allow you to put administration tools in a secure location unless you do the same thing with the entire blog. This concerns me since I’m often on a wireless network that is open and not mine. Say, for example, at a book store with free wireless. While surfing on an open wireless network is generally pretty benign, sending any username/password across it without them being secure/encrypted makes it very easy to steal them.

I’ve hunted around a few times before, but had never really found a good solution. While doing some work on my site, I decided to try again and this time came up with “Admin-SSL“. It’s a plug-in someone wrote for WordPress that allows you to move all the “admin” stuff to a secure location. Something that isn’t possible with the default install of WordPress (where you are either all secure or all open).

There are two examples of the power and benefit of open-source software with this plug-in. First off is the basic fact that WordPress is open which allowed for the plug-in to be created in the first place. While this isn’t limited to open source software, it’s a big help.

Second, when I installed the plug-in on my site, it didn’t work properly. Some of the software that runs my site is different where the plug-in was originally created. However, since I could look at the source code, I was able to find a fix that works and allows me to use the it. To contribute back to the overall community a little, I’ve sent a note back to the original author explaining what I ran into and how I fixed it. This gives him the opportunity to let other people know about the issue and a way to fix it. Possibly even creating a specific fix for the issue in the next version.

Stop reading…. unless you are a web geek and/or are specifically looking for a fix for Admin-SSL on version 1.3 of the Apache web server. Below are the details of the fix that works for me. YMMV.

First, the short and sweet fix to try:

When you configure Admin-SSL (at least version 1.1) on a server running Apache 1.3, under the “Other Settings” category and the “HTTPS Detection” section

change: “The name of the HTTPS $_SERVER variable”
to: “SERVER_PORT” (without the quotes)

and change: “The value of the HTTPS $_SERVER variable when HTTPS is ON”
to: “443″ (again, without the quotes)

Now some details. Admin-SSL uses the predefined $_SERVER['HTTPS'] php variable to check for secure connections while pattern matching to see if it should redirect a page to a protected URL. While this variable is available in Apache 2.x it is not in the Apache 1.3.x versions of the server.

See the list of “specials” under the “RewriteCond Directive” for reference:
Apache 2.x – http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond
Apache 1.3 – http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html#RewriteCond

You can use an existing feature in the Admin-SSL configuration (described above) to get around this limitation assuming the port that your host uses for SSL is different from. Usually, SSL is set to run on port “443″. If your provider uses a different port, you can simply use that instead. The only exception to this is if you have a host that runs both HTTP and HTTPS over the same port. In that case, there is no way to tell the difference in the script using the above method.

All this, of course, assumes that your host provides you with a way to access your site via HTTPS with either a private or shared cert. A general practice is for them to setup URLS like:

“https://www.your-site.com/~your-username/” that would simply give you a secure version of “http://www.your-side.com/”. If you don’t see a colon followed by a number after the .com, you should be running on 443. If you see something like “https://www.your-site.com:1234/~your-username/”, that means that your host is running HTTPS on port “1234″, or whatever the number there is. That’s the number you would want to configure.

If, for some strange reason, that number is “80″, you’re going to have to fins another solution, because that’s the standard port for web traffic which means the script wouldn’t be able to tell the difference.

I’m on yet another trip. This time by car to North Alabama to visit the mom. Before I left I went to the library to see what books on cd were available and found “The Da Vinci Code” by Dan Brown, which I haven’t read yet. Back in October, CJ loaned me a copy of Digital Fortress (also by Dan Brown) which I actually managed to find time to read. Even though there were a few pretty big flaws in its logic, I enjoyed the book and decided listening to the Da Vinci Code would be a nice way to spend the 20 hours or so of road time I would cover round trip.

The library CDs have seen a fair amount of use and a few are quite scratched up. I managed to get through most of them without missing but a few minutes collectively across the first seven disks. The eighth CD however was a different story. It simply would not play past the first couple of minutes. Luckily, I hit this CD shortly before I arrived so I simply spent the last little bit of the outbound trip listening to the radio instead.

Since the CD player I put in my car also plays MP3 CDs I figured I’d try to rip the rest of the thirteen CDs to MP3s for the return trip. One of the CD rippers I have (CDex) has some ability to do “Jitter correction” and also power through scratches. While there are a few little blank outs in the mp3 they are much more minimal than what was occurring while I was trying to listen to the original CDs. Not the easiest way to go about things, but it’s effective.

I plan on putting the MP3 CD in with the rest of them when I return it to the library. Maybe someone else can benefit from the little hack as well.

For those designers of you out there, if you are working on a layout and you need some faux text, the site lipsum.com will provide you with the as much of the good ol’ “Lorem Ipsum” standby as you want. I used to use snippets from Augustine’s Confessions until I found that site.

For those of you lost at this point, here’s part of an explanation from the lipsum.com site:

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using ‘Content here, content here’, making it look like readable English.

I wrote about making a IR->RF->IR transmitter system for eTTL flashes a while ago. I’m loving the fact that it looks like someone is actively working on a similar concept. It’s called Radio Popper and it should be out before too long.

My flight back from ATL last night was on a Boeing 767-300. These aircraft have three rows of seats in the main cabin. Two seats for the outside rows and three in the middle. As you enter the plane, the first two rows are “A” and “B”. The middle seats are “C”, “D” and “E” with the “F” and “G” making up the last row. I’ve been on these flights enough that this is in the back of my brain but a standard for most passengers I’ve seen is when they enter the plane, the ask the flight attendant which aisle they need to go down to get to their seat.

Last night, I saw a great little hack. One of the flight attendants drew a little diagram with a note saying that you could get to the A, B, C and D seats from the first aisle while E, F, and G where the second one. I mentioned that I thought it was a great idea, and she said that it really seemed to help. It was in the perfect place. Just as soon as the passenger realizes they need to make an aisle decision this little sign was there. I wish I had snagged a picture, but I had already stowed my camera.

I just saw something about a hack that I use and wanted to pass it on. If you have some files that you need to have backed that are way more important to you than other ones, a great way to do it is to send them to a free e-mail account like gmail. For example, if you are writing your thesis for your Ph. D. it’s probably a good idea to send copies to your gmail account every now and then.

In the world of backups, one of the best things you can do is have an “off-site” copy of your files. Using a web mail account, you are all set without the headache of building a server. Google or the like has already done it for you. If you hard drive crashes or your laptop gets stolen you still have the most recent copy that you sent to yourself. If you made recent changes that you hadn’t e-mailed to yourself yet, you’ll loose those, but that’s much less bad than having to start over from the top.

In the past this was a little harder to do since the limits on email account sizes was pretty small, but when they started being measured in gigabytes, it’s a valid solution. I’ve also taken to sending copies of software that I download to myself. For example, I use an editor called UltraEdit and every time I have rebuild my computer, it takes me forever to dig up a copy since it didn’t come with a CD. I’ve sent a copy to myself so next time all I’ll have to do is search for it in my account (which is incredibly easy) and pull it back down.

(There are even some hacks out there that all you to see your email account like a hard drive on your computer that I’ve tried before that work pretty well. But, since that’s not official supported by google, I’m staying away from it.)

I’ve recently starting a migration over to gmail. I’ve played around with it on and off for a while but didn’t make a move for two main reasons. 1) I’m a bit paranoid my email being used to send ads to me and 2) I didn’t like the idea of using an unencrypted web page (once again because of my healthy paranoia).

The ad thing is just on principal and is actually fairly easy to overcome with some hacks out there. The main thing was sending everything over the clear on whatever connection I happend to be on. If I only sent emails from home this wouldn’t be a big deal, but I’m often on open wifi and various corporate networks. The good news is that it’s easy to secure all your gmail traffic. Instead of using “http://mail.google.com/” you can simply use “https:mail.google.com/”.

As near as I can tell, your login is always sent secure, but if you start with the “https” all your correspondence is encrypted up to the google servers.