Recently I discovered the uses for Google Calendar, helping me to organise my somewhat busy and overcrowded lifestyle. Even more recently - I decided that it would be a great idea for my Nokia N65 8Gb to sync with my calendar as well!

I scoured around the internet, and found all sorts of crazy solutions. Some that were free and flaky, some that were stable but charged you… such as GooSync. I guess if your going to use the extra features and want true cross-compatibility, yeah, it’s worth the extra charge. However, I just wanted to sync my Google Calendar with my Nokia N95 8Gb. That was it.

The solution is surprisingly simple, free, and works perfectly. Just follow these steps:

1. Go download “Mail for Exchange” for free from Nokia’s website

2. Follow these setup instructions on Google’s support website.

That’s it! Once you have done this, the Mail for Exchange application will sync your Google Calendar with your Nokia Symbian S60 device, at whatever interval you want, or “always on”.

Happy syncing.

I was recently checking out holidays to Las Vegas (taking advantage of the whole recession and cheap flights thing) and decided to check out a few sites including Expedia and LastMinute.com … only to notice this:

From what I perceive, they have trademarked the colour “magenta” (on their website, double-clicking this block will highlight the words within the block).

Is this even possible to trademark a colour? One of my friends has made it a little more clear to me into what LastMinute.com could be referring to. She explained to me that an organisation can trademark a colour - but only in reference to the colour being used on their own logo. NOT the actual colour itself. For example, if you was to design a logo with the purple that Cadburys use, or the orange that Easy.com use on your logo, and your logo was becoming more exposed to the public - they’re going to come after you, as the public may percieve your logo to be a part of their organisation.

However - it’s still not clear to the end-user whether LastMinute.com have trademarked the colour itself, or just the use of the colour on their own logo. It’s very unlikely that they have trademarked the colour - I’m going with the latter.

One of the ways I plan to implement more secure ways of messaging internally is by designing a system that will allow users to specify a password to the message thread. Once the message has been set up, the recipient of the message is asked for a password before the message thread is opened. It will be upto the sender to notify the recipient of the password through their own means.

This certainly will be an optional feature. By default, no password protection is turned on.

During my never-ending quest for visually tidy and functional ajax scripts (it always seems to be one or the other), I found a small, neat and a very well presented website showcasing free-to-use and visually impressive AJAX scripts.

These AJAX gems include such examples as tabbed browsing, windows, rating systems, tooltips, image manipulation, re-arrangeable tree structures and menu systems, DHTML effects and much more. A must see.

MiniAjax.com via DHTMLgoodies.com

Development has now started of the website. I have installed a copy of a WAMP server, consisting of:

• Apache 2.2.6
• PHP 5.2.5 + PECL
•  SQLitemanager
• MySQL 5.0.45
• Phpmyadmin

I have downloaded this package from the WAMPServer 2 homepage and installed it successfully. I will start testing the server with some example scripts.

Over the past few weeks, I have been thinking about how to stop abuse with images. The most common case of repeat abuse is the classic case of a user requesting the removal of a photo on a website. Once this photo has been removed, what is stopping the offending user uploading the same photo?

There is one method to stop this, although it requires research as there are very easy methods to bypass this security system to an expert user. The method is to calculate the MD5 hash of the photo and store this in an database within a table of offending MD5 hashes. When the offending user uploads the photo again, the MD5 hash is first calculated, and then run by a list of offending MD5 hashes that were previously banned. If a match is found, the uploading of the photo is forbidded.

Although this method is a good way of stopping techincally novice users from repeat uploading the offending photos, to an expert user who has knowledge of MD5 hashing, a very small alteration of the image can bypass this system. The MD5 algorithm is not just the only hashing algorithm that can be used, others can be used too. I am using MD5 as an example.

Over the last few years, especially with the development and release of the iPhone, multi-touch display has become more and more talked about - not just amongst professionals, but amongst the average consumer since the iPhone introduced the multi-touch interface phone commercially to the world.

Multi-touch displays can very easily be used to increase security within applications, by offering a user directed mode of login. These log-in patterns using multi-touch displays can range from small examples such as touching two areas in the correct place at the same time for a stated number of seconds, or a more complex mode of log-in where by the user specifies a series of gestures against the multi-touch display within a certain time-frame for example.

I have been looking around on the internet for multi-touch API’s but it appears that this technology has yet to involve the developer market. Despite the lack of support at this moment in time, I did manage to find an API in development on Google Code. The API was still in heavy development, but allowed a sneak peek into what technology it used. It appears that the API utilised Adobe Macromedia Flex, an authoring package that allows developers to create Rich Internet Applications (RIAs). Flex is very similar to Microsoft Silverlight, which also allows the same developer features, but Flex has an advantage - as it allows the flex application to be delivered through the Macromedia Flash plug-in.

Take a look at the Touch API here @ Google Code
Take a look at Adobe Macromedia Flex here.

Whilst looking into how to build an email pipe that recieves and manipulates incoming mail, I thought to myself if this could possibly be used for a security tool. The short answer is yes, it can be, but would require a little research into how it would be used. One idea I came up with was:

• Email Authentication
  The email authentication would work by sending the user trying to log-in an email. This email would contain a link that is open to the user for 120 seconds. The user must log-in via this method, if he/she has selected to do so. This doesn’t have to be just at login, it can be anywhere on the website that requires verification.

The above example is just a skeleton example, so much more (such as IP Verification etc.) can be added to this system. I will add more as I discover more.

Recently whilst browsing some old bookmarks, I found that I had bookmarked a website that held quite a few scripts that had been developed in various different languages for different platforms by a programmer called Benjamin Lupu. Whilst browsing his scripts in the HTML section, I came across some very intuitive and fundamental scripts that he has built. Many of these scripts incorporate the use of simple and often unused elements of the HTML programming language. Some of these scripts include:

• Record Drag/Drop Position [visit here]
  [A very specific script which allows to stor the last position of an HTML element dragged by user into a persistant cookie]
  This can come into use during the Login / Authentication phase of the website. This can be used as another form of human authentication as the system can specify a certain area that the user must drag and drop the box to. This requires human intervention and will proove very difficult for non-human users to complete.
• Submit Form With A Input Button [visit here]
  [Use an input button to submit a form instead of a Submit button]
  This script is a fundamental use of JavaScript, and how the input button can be used to submit data without actually using the designated Submit button. This also opens the door to many different possibilities, such as using AJAX to call different methods and send data without actually having to “POST” data via the browser, as that is the point where spyware etc will intercept the data.
• Get Screen Resolution [visit here]
  [Get screen width and height in pixels]
  This script is one of the very rarely used JavaScripts in web development today, but still caries its uses in certain areas. Although I have yet to research this, I am presuming that if a non-human browser is visiting the website, it will not carry a screen resolution. During the protocol checks when a human or non-human is browsing the website; if the JavaScript detends that the web browser is less than 640×480 or undefined/null, chances are that the browser of the website is non-human.

You can view the entensive list of useful scripts by clicking the link below. Many of these will proove useful during the development of the website.

Visit: Un Peu Plus Loin

sIFR (Scalable Inman Flash Replacement) is an emerging technology that allows the developer to replace headlines or small lines of text with a flash replacement, enabling the developer to display any font they want without it being installed on the users machine. If flash is not available on the users machine, it will fall back to the CSS rendering. Before you continue reading;

See an example of sIFR in action here.

As you can see, this opens up many possibilities when wanting to design a clean and stylish website, without sacrificing valuble server processing power as the JavaScript to render this technology is downloaded once into the users cache (about 10Kb) and then whenever the script is needed - it will be pulled from the users cache.

When it comes to security, this may pose a different issue. The sIFR rendering technology is a behaviour, it is not an object placed into the code of the website. This allows screenreaders and search engines to read the rendered title, but it also means that spyware/malware and keylogging software can read this aswell. If this is to be used on the website, I may only use this for page headings… but it will not be used to render any personal information.

Mike Davidson - sIFR