Webmaster BlogFree Webmaster Tools and Resources

CONTENTS
November2009
9 From the Editor’s Desk
After a decade of frantic OS development,Apple
consolidates. Also, we do a little re-organizing ourselves.
14 Feedback
Readers respond.
18 Does Snow Leopard Fix
Leopard Annoyances?
We revisit our grievances with Leopard to see if
Snow Leopard addresses them.
19 Snow Leopard’s Funny Math
Gigabyte or gibibyte? Which is it?
20 Gmail Fail: Is the Cloud Reliable?
Does Snow leopard Fix 18 How feasible is today’s cloud computing?
Leopard Annoyances?
On the Cover
Image by Splash light
28
iPHONE CENTRAL
28 Apple: AT&T Didn’t Ask Us to
Reject Google Voice
Apple continues to “study” the Google Voice app
and notes its concern that the app “appears to alter
the iPhone’s distinctive user experience.”
29 Is AT&T’s 3G Service
Getting Better?
The wireless service provider is updating its 3G band.
29 Apps with Maps: iPhone Car
Navigation
The iPhone].o software update enabled iPhone apps
to finally support turn-by-turn navigation.
WORKING MAC
62 Favorite Office Tips
Get more out of Microsoft Office with these five
useful tricks for PowerPoint, four helpful hints for
Excel, and two practical pointers for Word.
63 Next Mac Office Due Late 2010
An update to Microsoft Office for the Mac will
include Outlook.

COVER STORY
32 Let It Snow!
Everything you need to know about Mac OS X 10.6,
aka Snow Leopard, is in our 16-page guide.
55 Online Backup Services
Want to add an online backup service to your overall
backup strategy? We rate seven Mac-specific services.
72 Apple Updates iPod Lineup
73
We have all the news about Apple’s recent update
to its music-player lineup.
iTunes 9 Debuts
New features and improvements await you in the
latest update to Apple’s jukebox software.
DIGITAl. PHOTO
Recover from Digital Photo
Disasters
Protect your pictures from loss or accidental
erasure. We show you how.
80 Snapshot: High-Speed Photography
Our Snapshot series takes you behind the scenes
of a great photo.
i3 ilJ5i,
82 Logic Studio versus GarageBand
Are you a musician who needs a more-powerful tool
than GarageBand? See ‘What Logic Studio has to offer.
83 Recording a Song on an iPhone
Compose and record a song on your iPhone, and
export the audio to your Mac for editing.
HELP DESK
86 Mac as x Hints
Sequentially name copied files, rename open files,
get Safari’s debug menu back, and more.
88 Mac9″
Disable Safari 4′S image cache, put spare hard drives
to work, catalog Mail messages by date, and more.
BACK PAGE
’00 Hot Stuff
Check out the cool stuff we’re into right now.

http://rapidshare.com/files/288385837/Macworld_2009-11a.rar

Product Description:

“Fearless, deep, and snarky. And did I mention funny? Oh my goodness this guy is funny.”
—Dean Nelson, author, God Hides in Plain Sight, and director, Writer’s Symposium by the Sea at Point Loma

Where do we go when we die? Will we have personal chats with God on fluffy clouds? What are the odds I will be devoured by a demon? Life’s deepest mysteries question what happens when life is over.

With Pocket Guide to the Afterlife, Jason Boyett becomes your tour guide to the Great Beyond. From the profound to the profane, from the light at the end of the tunnel to your ascension to the celestial void, here’s everything you need to know this side of the everlasting Unknown, including

* What to expect upon arrival in destinations like Heaven, Purgatory, and the Chinvat Bridge
*

Whether your understanding of the Christian Hell comes from the Bible or from an Italian poet
*

Which dream scenarios you’ll want to avoid because they predict your impending demise
*

Why defibrillators are so important when it comes to having near-death experiences

Pondering your eventual demise has never been so much fun.

* Publisher: Jossey-Bass
* Number Of Pages: 224
* Publication Date: 2009-08-03
* ISBN-10 / ASIN: 0470373113
* ISBN-13 / EAN: 9780470373118

http://rapidshare.com/files/279811776/0470373113_Afterlife.rar

Attempting To Secure PHP

This is a serious task. The goal / trick is to have PHP as secure as possible without restricting functionality beyond usability. What that means will depend much on your needs. Below is a list of some things to be aware of and to serve as a starting point for the responsible system administrator.

It is always good practice to test any new build to be sure your unique requirements are still functioning properly under a given set of build parameters.
Understand What You Are Building

When getting ready to build PHP do not blindly check and uncheck options without understanding the implications of doing so. Understand what functionality this will cause and what implications that has for the way you are running PHP. You can be sure that hackers will know how to use various PHP flaws and how to check for them so you should take the time to read the documentation and do some research.

For example, many experts recommend that “register globals” and “magic quotes” should be avoided. If scripts require them, you need to consider finding new scripts. If you do not understand why that is the case take some time to research them, you will find it very enlightening.
Master Your php.ini

One excellent way to start hardening PHP is by using your php.ini file wisely. Do a web search for “custom php.ini” and you will find many excellent articles on tips and tricks, just be sure you understand how different changes will impact users’ scripts. (For example, disabling the mail() function will stop many spammers from exploiting popular scripts; however, in that scenario no scripts using this function would be able to send mail. Truly, PHP security is a balancing act.)
Run As The User Instead of “nobody”

PHP runs as part of the web server so that, among other things, certain tasks can be done once and held in memory instead of repeating them each request (IE so its not as slow as it is natively). This means that it runs as the web server’s user “nobody”. Since that is the case PHP and directory permissions generally need to be very loose so PHP can manipulate things. This can make it so that any user can use a PHP script to read and write other users’ data. At times, a flaw in PHP can even allow a PHP script to gain root access or take over data in requests on other users PHP scripts.

You can run PHP as the user (like CGI scripts do with Apache’s suexec) with EasyApache’s “PHP As User” option. This will enable suPHP. This allows much better permissions. That means that vulnerable scripts are limited to the user in question and are less likely to affect other users. It also changes how PHP interacts with Apache; for example, directives like php_value are not valid for mod_suphp. Other options exist to run PHP as the user, see “Configuration of How Apache Serves PHP Requests” for more info.
Use Hardening Tools Like phpsuhosin

The suhosin extension “was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core”. Is it right for you or is it too restrictive? How can you find out? What compatibility problems might you see? To answer those questions and more see the FAQ and other resources at the suhosin website.

That community would be an excellent starting point to start learning about flaws in PHP as well as other extensions, configurations, and techniques you can use to protect your server and your users.

Since many popular scripts are not compatible with suhosin’s restrictions, (depending partially on how you configure it of course) it is highly recommended to test suhosin support before implementing it on a production server.
Do Not Allow Insecure Scripts

This might seem obvious but it requires diligence. It is a very nebulous concept and can range from settings policies to looking for and removing known problem scripts perhaps going as far as recommending non-PHP alternatives.