How do I… Add music and narration to a PowerPoint presentation?

• Date: March 4th, 2008
• Author: Susan Harkins

The best presentations engage the audience using a number of creative tools. Sound effects, such as music and voice recordings can mean the difference between a good presentation and an outstanding presentation. You can energize your audience with a quick tempo, play your company’s latest jingle, or add narration to an on-demand presentation. At the very least, you can play music at the beginning and ending of a presentation as the audience enters and leaves the room. The only limits are good taste and your imagination.

This blog post is also available in PDF form as a TechRepublic download.

About sound files

Microsoft PowerPoint supports media clips, which include sound and video files. The computer playing your presentation will need a sound card and speakers. That doesn’t mean just the system you use to create the presentation, but any system on which you might play the presentation. Today, most systems come with everything you need, but older systems might need an upgrade. (It’s highly unlikely that you’ll encounter such an old system, but don’t rely on that — check it out first!)

Table A lists the media files PowerPoint supports, although this article deals only with sound files.

Table A: Media support

File	Explanation	Attributes
MIDI	Musical Instrument Digital Interface	Sound
WAV	Microsoft Windows audio format	Sound
MPEG	Motion Picture Exerts Group	Standard video format with a constant frame per second rate
AVI	Microsoft Windows video format	Video format with a constant frame rate per second
GIF	Graphical Interface Format	256 color picture that supports animation.

Like most special effects, sound can catch the attention of your audience and convey a message or emotion in a way words or pictures can’t. On the other hand, used poorly, sound can be distracting or even annoying. As always, your purpose will determine how much, if any, sound your presentation needs.

The basics — inserting sound

Including sound is as simple as selecting a file:

Use existing clips by double-clicking one of the Title, Text and Media Clip layouts from the Slide Layout task pane. Double-click the media clip icon shown in Figure A to launch the Media Clip dialog box.

Figure A

Choose a media slide from the Slide Layout task pane

When you double-click a WAV or MIDI file, PowerPoint displays the prompt shown in Figure B. The options Automatically and When Clicked are self-explanatory.

Figure B

PowerPoint will play the sound file when the slide is current, or you can click the icon to play it

Work with unique sound files by choosing Movies and Sound from the Insert menu and then selecting Sound From File or Sound From Clip Organizer. You can also record sound or play a track from a CD. After selecting a file, PowerPoint prompts you to specify how to execute the file (see Figure B).

If PowerPoint doesn’t support a clip’s format, choose Object from the Insert menu and choose the appropriate object type. Alternately, you can convert the file to a supported type. Use a search engine to search for “video file conversion.” However, don’t be surprised if the converted file is less than satisfactory. It’s difficult to maintain quality when converting media files.

In PowerPoint 2007, you’ll find the Sound option in the Media Clips group on the Insert tab.

PowerPoint displays a sound clip as a small icon, which shows during Slide Show view. When the presentation plays the clip automatically, you might want to hide the icon. There’s really no good reason to display it.

To hide the icon, right-click the icon and choose Edit Sound Object from the resulting submenu. In the Sound Options dialog box, shown in Figure C, check the Hide Sound Icon During Slide Show option, and click OK. Double-click the icon in PowerPoint 2007 to find these options.

Figure C

Edit the file’s attributes

If you choose the click option, it’s worth mentioning that clicking the icon a second time doesn’t disable the sound — the file plays from beginning to end once you click it. In PowerPoint 2007, clicking the icon restarts the file.

To learn just how long a file lasts, right-click the icon and choose Edit Sound Object. The file’s playing time is in the Information section at the bottom (see Figure C). If you want the file to play continuously, while the slide is current, check the Loop Until Stopped option. Moving to the next or previous slide will cancel the loop.

Narrating a presentation

To record a unique sound or message, you’ll need a microphone. Unfortunately, some microphones that come with today’s systems aren’t very sophisticated. If you record someone talking, it may sound distorted when played. Suddenly, you may have a lisp or an accent! Specialized software can clear up some problems, but they’re expensive and that’s just one more piece of software you’ll have to learn. It might be more efficient to invest in a better microphone.

PowerPoint makes it easy to narrate a presentation, which is a plus in a Web-based, automated, or on-demand presentation. You might also use this feature to include a statement from an individual, such as a celebrity or your company’s CEO.

Don’t jump right into recording. First, write a script and rehearse it. Once you’re comfortable with your speaking part, you can record your narration:

1. Choose Record Narration from the Slide Show menu to open the Record Narration dialog box. In PowerPoint 2007, this option is in the Set Up group on the Slide Show tab.
2. Click Set Microphone Level to check your microphone. Read the sentence that appears in the Microphone Check dialog and let the Microphone Wizard adjust your microphone automatically. Click OK.
3. If you need to adjust the quality to CD, radio, or telephone, click Change Quality to open the Sound Selection dialog box. Just remember that quality increases the file’s size. If file size is a concern, you may have to compromise quality just a bit.
4. By default, PowerPoint stores the narration with the presentation. To store the sound file in a separate WAV file (in the same folder) check Link Narrations In. Click Browse to change the location of the separate WAV file, but use caution when doing so — only store the two separately when you have a good reason for doing so. If a sound file is over 50MB, you must link it.
5. Click OK and start recording. As PowerPoint displays your presentation, you narrate just as you want the message played. Continue to narrate each slide until you’re done.
6. At the end of the presentation, PowerPoint will prompt you to save the timings with each slide. This can be helpful if you didn’t get each slide just right and you need more practice.

Step five mentions linked files. If you’re using the same system to both create and show the presentation, linked files are fine, but not necessary. Linked files are a good choice if the sound files are large or if you plan to change the source file. By default, PowerPoint automatically links sound files that are larger than 100KB.

To change this setting, choose Options from the Tools menu, and then click the General tab and update the Link Sounds With File Size Great Than option. PowerPoint 2007 users will find this option by clicking the Office button, clicking the PowerPoint options button (at the bottom right) and then choosing Advanced. The option is in the Save section.

Use the Package for CD (PowerPoint 2003) or Pack And Go Wizard (PowerPoint 2002) to make sure you save linked files with the presentation. Names can be problematic: A linked file’s path name must be 128 characters or less.

More options

Narration is only one type of recoding you might consider. If you can record it, you can include it in your presentation. To record a single message or unique sound, choose Movies and Sound from the Insert menu and choose Record Sound. In PowerPoint 2007, this option is in the Sound option’s dropdown list, in the Media Clips group on the Insert tab.

In the resulting Record Sound dialog box shown in Figure D, enter a description and name. Click Record when you’re ready to begin. Click Stop when you’re done. Use Play to listen to the new recording. Click OK to save the sound with the presentation. Or, click Cancel to exit and try again. If you save a sound, it appears as an icon, which you can use anywhere in the presentation you like. Mix this capability with action settings for a unique effect. Just don’t over do it!

Figure D

You can record sounds inside PowerPoint

Playing a CD

Playing music is a great way to begin or end a presentation. However, the music doesn’t have to be a top 10 tune. It only needs to be appropriate. For example, you might play Mendelssohn’s Wedding March if your presentation is about catering receptions. Or, pleasing dinner music might be the way to go. It’s really up to you; just keep your audience in mind. To include a song from a CD, do the following:

1. Insert the CD.
2. From the Insert menu, choose Movies and Sound. Then, select Play CD Auto Track to open the Insert CD Audio dialog box. In PowerPoint 2007, choose Play CD Audio Track from the Sound option’s dropdown list. You’ll find this option in the Media Clips group on the Insert tab.
   • The Start At Time and End At Time fields let you capture just part of a track instead of using the entire track.
   • Use the Sound Volume button to control the audio’s volume.
   • Check the Hide While Not playing option in the Display Options section if you don’t want the audio’s icon to show when the music isn’t playing.
3. Click OK when you’re done. PowerPoint lets you play the track by clicking or displaying the slide.

Like other sound files, Power Point displays a CD icon on the current slide. Just be careful that you don’t violate any copyright laws when including someone else’s music in your presentation.

A word on animation

You can use custom animation to control sound files to add a unique and creative dimension to your presentation. To get started, select a sound icon and display the Custom Animation task pane. PowerPoint offers a ton of options, and does a good job of disabling inappropriate choices for the selected clip.

Creating custom animation can be complicated and the truth is most presentations won’t need that much energy. However, the feature’s there and you might as well learn a bit about it. There’s an entire tab dedicated to animation in PowerPoint 2007. Click the Custom Animations option in the Animations group to create custom effects.

Design for effect

Multimedia files can liven up any presentation and sound is definitely part of that mix. You can play an appropriate tune or your company’s jingle. With one click, you can play your company’s latest radio ad for the head honchos. Whether you’re pitching a new product or sharing photos of your new baby, use sound to set the mood.

Susan Sales Harkins is an independent consultant and the author of several articles and books on database technologies. Her most recent book is “Mastering Microsoft SQL Server 2005 Express,” with Mike Gunderloy, published by Sybex.


By:
Amresh Anjan

Assemble the perfect system administrator’s toolkit

Assemble the perfect system administrator’s toolkit

The Job

Picture this: You’ve been in IT for the past 15 years. The IT manager of a big firm, you manage a team of 10 IT staff that serves the in-house needs of more than 500 employees, and you know you do a great job at it.

After another day hard at work planning the new PBX migration project, your mobile phone rings. It’s your CEO on the line. There’s a problem with his home PC, which refuses to boot. He needs to retrieve a critical document from it for a keynote presentation the next day. He lives down the road from you.

So what do you do now?

A) Tell him you’re an IT manager, and you don’t do PC servicing anymore.

B) Tell him that you’re at as much of a loss as he is.

C) Tell him not to worry and show up at his house an hour later with the team leader.

D) Tell him not to worry and that you’re be right over in 5 minutes yourself.

If your answer is option A, B, and maybe even option C, then I suggest you head down to Toni’s excellent Career blog for some advice on getting a new job.

If your answer is D, then perhaps this Right Tool post is for you.

Sometimes, there’s no other way but to rollup your sleeve and get your hands dirty. Nothing beats being prepared, however. To help you along, I have put together a list of items that you can assemble into your very own system administrator survival toolkit.

The list is presented in no particular order.

The Tools

As you might have noticed by now, today’s Right Tool post is somewhat different. Instead of the tool, I’m presenting you with a list of 20 tools that you might want to consider throwing into your own system administrator’s toolkit. (Come on, you know real IT pros builds their own kits.)

1. Cable tester
2. Portable labeler
3. Bluetooth mouse
4. Anti-static strap
5. Releasable cable ties
6. Portable hard disk drive
7. Encrypted USB flash drive
8. Crimping tools
9. Hard disk wiper
10. Hard disk to USB adapter
11. USB hub
12. RJ11 cable
13. Patch cables
14. Multimeter
15. Screwdrivers
16. Multi-plug adapter
17. Original disc media
18. Serial to USB adapter
19. RJ-45 extender
20. Wireless modem

The Right Tool for the Job?

How well does this lineup represent your needs? Please let us know what you would put in your toolkit. And yes, it should be something you can lug around relatively easily, so you can leave out that 42-U server rack and SAN array.

BY:
Amresh Anjan

10 things you should do to protect yourself on a public computer

• Author: Kris Littlejohn

Most of us will occasionally have to use a public computer for one reason or another. Maybe it’s an emergency situation (your own computer crashes or you get caught without your laptop when traveling) or perhaps the opportunity is just too convenient to pass up. But whatever your reasons, using public computers will always carry an inherent risk of exposing your personal data. Here are some things you can do to protect yourself and lessen that risk.

#1: Delete your Browsing History

This should be the first step you take to protect your privacy when Web surfing on a public computer. When you’ve finished browsing, it’s a good idea to delete your cookies, form data, history, and temporary Internet files. In Internet Explorer 7, you can do this all at once under Tools | Delete Browsing History. In older versions of IE, each of these must be deleted separately, under Tools | Internet Options.

In Mozilla Firefox, go to Tools | Options, click the Privacy tab, and select Always Clear My Private Data When I Close Firefox. By default, this erases your browsing history, download history, saved form information, cache, and authenticated sessions. Click the Settings button and select the options to erase your cookies and saved passwords, too.

#2: Don’t save files locally

When you’re using a computer other than your own, even if it’s a trusted friend’s machine, it’s polite to avoid saving files locally if you can help it. This is basically equivalent to not cluttering up another person’s home with your junk. On a public machine, though, this goes beyond politeness and is an important security practice. Many of the files you would normally save locally, such as e-mail attachments, can contain private or sensitive information. An easy way to protect this data is to carry a flash drive and save files there when necessary. It’s also a good idea to attach the flash drive to your key ring so you’ll be less likely to misplace it and create a new security problem.

#3: Don’t save passwords

This should be obvious when using a public computer, but if the option is already turned on, you might forget about it. To make sure passwords are not saved in Internet Explorer 7, go to Tools | Internet Options | Content. In the AutoComplete panel, click the Settings button and verify that the Prompt Me To Save Passwords check box is deselected. None of the other AutoComplete features needs to be enabled either, so deselect them as well. In Firefox, choose Tools | Options | Security and deselect Remember Passwords For Sites.

#4: Don’t do online banking

You should remember that ultimately, a public computer is never going to be anywhere close to completely secure, so there are some things you just shouldn’t use them for. If you really need to check your balance on the road, you’re much better off finding a branch office or ATM or using your phone.

#5: Don’t enter credit card information

As with online banking, public computers are not the place for online shopping. Your purchases from eBay or Amazon.com can and should wait until you can browse from a more secure location. A little added convenience isn’t worth the trouble of having your credit card hijacked.

#6: Delete temporary files

Temporary files (often abbreviated to “temp files”), as opposed to temporary Internet files, are created when you use programs other than a Web browser. For instance, when you create a Word document, in addition to the actual document file you save, Word creates a temporary file to store information so memory can be freed for other purposes and to prevent data loss in the file-saving process.

These files are usually supposed to be deleted automatically when the program is closed or during a system reboot, but unfortunately they often aren’t. To find these files, do a search on all local drives (including subfolders, hidden, and system files) for

*.tmp,*.chk,~*.*

This will bring up all files beginning with a tilde or with the extensions .tmp and .chk, which are the most common temp files. Once the search is complete, highlight all and Shift + Delete to remove them. (If you don’t hold down Shift, they’ll usually be sent to the Recycle Bin, which you would then have to empty.)

#7: Clear the pagefile

The pagefile is the location on the hard disk that serves as virtual memory in Windows. Its purpose is to swap out data from RAM so that programs can operate as if they have more RAM available than you actually have installed in the computer. Anything that can be stored in memory could also be stored in the pagefile. To have this automatically cleared on shutdown, you need to use Local Security Policy.

To access Local Security Policy, open Control Panel, double-click on Administrative Tools, and double-click on Local Security Policy. Then, click Security Options in the right-hand pane and scroll down to Shutdown: Clear Virtual Memory Pagefile. Double-click that item and make sure it’s enabled.

Note: On many public machines you won’t have the rights to get to Local Security Policy, and while this task can also be accomplished from the registry, on these machines you likely won’t be able to use regedit either. In this case, you can delete the page file manually. First you’ll have to change the settings in Windows Explorer. Click View | Folder Options and the View tab, then scroll down and click Show Hidden Files And Folders. Deselect the Hide Protected Operating System Files check box. Now, find the file named pagefile.sys. It is usually (but not always) on the C: drive. Delete it; a new one will be created when the system reboots. Speaking of which…

#8: Reboot

When you’re finished using the public computer, the final thing you should do is a hard reboot. This will not only clear the pagefile, if you’ve enabled that option, but it will also clear out everything you did from the physical memory (RAM).

#9: Boot from another device

This is a fairly advanced option, and one that is often overlooked. If you boot from either your own USB drive or from a CD, many of the problems mentioned above can be avoided. Today, many Linux distributions have the option of running completely in memory after booting from a CD. If a public computer has had its BIOS options left at default (which happens more often than you would think), this could be an option. If you are able to do this and remember not to save any other files to the local hard drive, everything will be gone when you reboot.

#10: Pay attention to your surroundings and use common sense

Finally, you need to remember to pay attention to things outside of the actual computer that could be a risk. Be aware of strangers around you (potential shoulder surfers) and remember that a public computer is just that — public. Don’t view any truly sensitive documents you couldn’t bear for others to see. Remember the security camera over your shoulder. Cover your hands from view when entering any login information to prevent any casual spying.

Most important, remember that there is nothing you can do to make a public computer completely secure. A truly malicious owner or user could install a hardware keystroke logger that would be impossible to detect without actually opening the case and inspecting it. With that less-than-comforting thought, use common sense and use public computers only for nonsensitive tasks.

---

Kris Littlejohn is a graduate of the University of Texas at Dallas, distinguished by its large population of nerds and lack of a football team (almost unheard of in Texas). He builds computer systems, does network consulting for small businesses, and teaches chess. He grew up in a home that had four times as many computers as people and has been trying to tame the beasts for most of his life.

BY:
Amresh Anjan

How do I… Create an animated image in Flash for my Web page?

• Author: John Lee

Because Flash has evolved into a ubiquitous multifaceted tool for deploying all kinds of content to the Web, it is easy to overlook its streamlined and easy-to-use Timeline animation features. Flash’s Timeline allows you to create smooth and smart animations that can be as simple or as complex as you would like them to be.

In this document, I’m going to show you how simple it is to create the illusion of depth in a Flash animation using nothing more than the Timeline palette and the Oval tool — without a hint of ActionScript code. Mind you, most professional Flash animators do rely on (rather complex) ActionScript for their animation effects, but we’ll work up to that later.

This blog post is also available in PDF form as a TechRepublic download, which includes a sample Flash file created using the technique described.

If you don’t own a copy of Flash CS3, you can download a fully functioning 30-day trial.

Creating a file

Let’s start by opening Flash CS3 and creating a new file. From the File menu, select the New option. In the dialog box that appears, select Type: Flash File ActionScript 3.0. Even though we won’t be using ActionScript at all in this example, let’s keep the file compatible with the most recent iteration.

Your layout should look like Figure A.

Figure A

The default layout of the Flash CS3 workspace

Lots of animation tutorials get you started by having you animate a bouncing ball, but we’ll go a little farther than that. We’re going to animate a moon coming out from behind a planet, revolving around to the front, and then disappearing behind the planet — while increasing and decreasing in size as it comes toward and moves away from the camera on its orbit.

The orbiting idea came from a TechRepublic member who is trying to perform the same function using JavaScript. Can you describe how to accomplish this animation using JavaScript? Submit your answer using our new Blog Submission Tool.

Start by saving your file. It’s always a good idea to save your file as soon as you create it, because as you work and save every few minutes, a fast hit on [Ctrl]+[S] will be a habit that you’ll form quickly.

Let’s start by changing the color of the stage to black so that our planet and moon will be living in outer space instead of on a boring whiteboard.

Go to the bottom of the screen and in the Properties palette, click the Background color box and choose a black swatch. While you’re in the Properties palette, click in the field labeled Frame Rate and change the number from 12 to 24. Since most film animation displays 24 frames per second, this setting will look much more pleasing to the viewer. Refer to Figure B to see how these changes should appear.

Figure B

Making the background of the Flash movie black and changing the Frame Rate to 24 frames per second (FPS)

Next, go to the Layers palette at the top of the screen. It’s tied directly to the Timeline window, so as you add layers to your file, you add layers to the working Timeline. Double-click the first layer and rename it “Planet.” Click the Insert Layer button again and rename the new layer you create “Moon.” Finally, click the Insert Layer button one more time and name the third layer “Mask.” Your Layers palette should resemble Figure C.

Figure C

Creating the layers for the animation

Now let’s get drawing.

Start by selecting the layer named Planet in the Layers palette to ensure that the planet you’re about to draw is on the correct layer. Then, select the Oval tool from the Toolbox on the far left, and for the Fill color, choose a pleasant blue. Also, make sure that no Stroke option is selected; otherwise, when you draw the planet on the stage, it will have a line around it. Refer to Figure D if you are unfamiliar with the Toolbox.

Figure D

Selecting the Oval tool with a blue fill and no stroke in the Toolbox

Go to the Black stage and while holding down the [Shift] key (to constrain our Oval tool into drawing a circle), click and drag to draw a circle on the stage that will represent our planet. Don’t draw the planet too large, or there will not be enough room to animate the moon in orbit.

Next, lock the Planet and Mask layers and select the Moon layer in the Layers palette.

This step is important!

The Timeline can animate only one object on a layer, and it will be much easier for you to create your animations if you keep all of your stage objects on separate layers. Figure E shows you how to lock a layer.

Figure E

Locking the Planet and Mask layers and selecting the Moon layer

Now, go back to the Toolbox and select the Oval tool again. For the fill color, choose an orange-yellow hue. Then, go back to the stage and draw a smaller circle that will represent the moon. Your stage should look like Figure F.

Figure F

The stage with the planet and moon in place

The planet and moon are on the stage, so it’s time to animate the moon. Flash can put an object in motion only if it exists as a Symbol. So before we can put the moon in orbit, we have to turn it into a Symbol.

Click on the moon to select it, then right-click on it to bring up a contextual menu. From that menu, choose Convert To Symbol. A dialog box will appear, as shown in Figure G. Give the Symbol a name of (you guessed it — Moon) and select the Movie Clip option. Click OK to return to the stage, where you’ll notice that the moon has a blue bounding box around it.

Figure G

Converting the Moon object to a Symbol

Rather than painstakingly animating the moon in orbit by hand, you’re going to rely on Flash’s Motion Guides and keyframes to do all of the heavy lifting.

A Motion Guide is exactly what it sounds like: a line that will guide a symbol about the stage. Keyframes are specific frames in the Timeline in which you can change the position or properties of a symbol and have Flash animate the transitions between the frames.

Right-click on the Moon layer and from the contextual menu, select Add Motion Guide. Click on the Motion Guide layer to select it, as shown in Figure H.

Figure H

Selecting the new Motion Guide layer for the Moon layer

The Motion Guide layer is where you will create your orbit path for the moon. Select the Oval tool from the Toolbox again, but this time, select a White stroke and no fill. Then, go back to the Stage and draw a narrow, horizontal oval around the center of the planet, as shown in Figure I.

Figure I

Creating the Motion Guide for the moon’s orbit

Motion Guides work best when they have a beginning point and an end point, but right now our orbit is a closed circle. Choose the Selection tool from the Toolbox and click and drag to select a small segment of the orbit path near the top center. Press the [Backspace] key to delete it. Your Motion Guide should look like Figure J.

Figure J

Breaking the oval to give the Motion Guide a beginning and ending point

Select the Moon Symbol and place it at the left-hand open end of the Motion Guide. It should snap into position via an anchor point in the center of the Moon Symbol. Then, choose the Free Transform tool from the Toolbox and reduce the size of the Moon Symbol to about half of its current size. Your stage should look like Figure K.

Figure K

Reducing the size of the moon and placing it at the start of the Motion Guide

Here’s where keyframes come into play. Go up to the Timeline and click and place your mouse into the 48th frame at the top layer (the one labeled Mask). Click and drag straight down to the bottom layer to select the frame across all four layers. Then, right-click in the selection and from the pop-up menu, choose the Insert Keyframe. Your Timeline palette should look like Figure L.

Figure L

Inserting keyframes at the end of the animation

Now, go back to the Stage and select the Moon symbol. Click and drag it to the opposite end of the Motion Guide, allowing it to snap into place, as shown in Figure M.

Figure M

The Moon at the ending position of the animation

Here is where the magic happens. Go back to the Timeline and select Frame 1 of the Moon layer. Right-click the frame and choose Create Motion Tween. The Moon layer will turn blue, with an arrow leading from keyframe 1 to keyframe 48. If you press the [Enter] key, you will get a preview of the animation, as the moon revolves around the planet.

But our animation lacks depth. Let’s start by making the moon appear bigger as it revolves toward us. Use your mouse to select Frame 24 in the Moon layer and right-click on it. Select Insert Keyframe again, making your Timeline look like the example in Figure N.

Figure N

Inserting a new Keyframe into the middle of the timeline

Now, select the moon on the stage and choose the Free Transform tool from the Toolbox again. This time, increase the size of the moon by about 100 percent (Figure O). Hit [Enter] again to preview the animation and see the moon increase and decrease in size as it moves to and from the camera.

Figure O

Increasing the size of the moon at the new Keyframe

We’re almost there. All we need to do now is make it look as if the moon disappears behind the planet at the back of its orbit.

Lock the Moon layer and the Motion Guide layer and then unlock the Planet layer and the Mask layer. Select the planet and copy it to the Clipboard. Go back to the Timeline and just as you did before, select Frame 6 of the Mask layer and insert a Keyframe. Then, in the same layer, insert another Keyframe at Frame 43. Your Timeline should look like Figure P.

Figure P

Inserting new Keyframes in the Mask layer

Select Frame 1 of the Timeline in the Mask layer. From the Edit menu, choose Paste In Place to drop a copy of the planet in the exact position as it exists on the Planet layer. Repeat this process at Keyframe 43 of the Mask layer. Finally, select Keyframe 48 of the Mask layer, right-click and then select Clear Keyframe to remove the empty Keyframe and extend the mask to the end of the movie.

Press [Ctrl]+[Enter] to test your movie. You’ll see that the Guide layer is not visible in the final SWF file.

That’s all there is to creating an animated 3-D effect with 2-D objects in Flash. Keep the Flash Timeline in mind the next time you need to quickly create a simple, attention-grabbing animation.

John Lee is a consultant specializing in design and illustration and a freelance technical writer. You can visit his Web site at johnleestudio.com.

BY:
Amresh Anjan

Convert an MPEG video file into Flash video?

• Date: September 27th, 2007
• Author: John Lee

Converting an MPEG, AVI, or QuickTime video is a simple process that involves using Adobe’s Flash Video Encoder, a separate program that installs on your hard drive in conjunction with the installation of Flash CS3 itself. If you already have Flash CS3 on your computer, you can open the Flash Video Encoder from the Start Menu.

If you don’t own a copy of Flash CS3, you can download a fully functioning 30-day trial from Adobe. If you don’t have multiple MPEG, AVI, or QuickTime files of your own to use in this exercise, you can download a couple of low-resolution stock QuickTime files from FreeStockFootage.com and save them to your hard drive.

Oddly, Flash CS3 does not provide a stand-alone FLV viewer for watching FLV files from your hard drive. But you can download a free FLV player if you need one.

This blog post is also available as a TechRepublic gallery and TechRepublic download.

Converting files

Begin by opening the Flash Video Encoder if you haven’t already. You should see a screen resembling Figure A.

Figure A

The Flash Video Encoder

Click on the Add… button in the upper-right corner. This will open a dialog box that you will use to locate one of the MPEG, AVI, or QuickTime files on your hard drive that you will be converting to FLV format.

After you have added a source video file, it will be listed at the top of the Encoder’s Queue, with a default setting of Medium Quality. (Figure B)

Figure B

The first source video added to the Queue

The Flash Video Encoder is set up for batch processing of videos, so if you had a large number of videos you wanted to convert to FLV format, you would simply add them to the Queue by clicking the Add… button and listing an unlimited number of source videos so that the Encoder could process them all automatically in the order you listed them.

Let’s add a second video to the Queue now. Click the Add… button again and locate another source video you wish to convert to FLV format. When you are finished, the Queue should resemble Figure C.

Figure C

The second source video added to the Queue

Many people convert their source videos to FLV format for posting on video-sharing sites such as YouTube. However, most of these sites will automatically downgrade the quality of the video to help conserve their bandwidth. If you want to ensure a high-quality FLV file makes it online intact through one of these video-sharing services, you will need to change the default Quality Settings before you convert your source video.

For the sake of comparison, let’s just change the settings for the second video in the Queue. Select the second video in the Queue window and then click on the Settings button on the right side. A dialog box will appear that shows the first frame of the video with several settings tabs underneath. Click on the Encoding Profiles tab and from the drop-down list, choose the option named Flash 8 — High Quality 700 kbps. (Figure D)

Figure D

Setting the second Source video to a High Quality setting

Next, click on the Video tab and from the “Quality” pull-down menu on the right, select the option labeled “High” (Figure E). These settings should work fine. Click the “OK” button to close the Settings dialog box.

Figure E

Adjusting the video quality of the second source video

Now you’re ready to process the Queue and convert your source videos to FLV format. Click the Start Queue button on the right and let the Encoder get to work. As the Encoder converts the videos, you will see a preview play in the bottom-right of the screen. (Figure F)

Figure F

Processing the Queue

When the conversion is complete, the videos in the Queue will be marked with a green check mark (Figure G), and the FLV version of your source videos will be in the same directory as their source videos.

Figure G

Both source videos have been converted to FLV format

Now, open the stand-alone FLV player you downloaded earlier and preview your new FLV movie. (Figure H) These FLV files can be used in the creation of your Flash content, or they can be uploaded to any video-sharing site that accepts videos in FLV format.

Figure H

Viewing the new FLV files through the stand-alone FLV player

John Lee is a consultant specializing in design and illustration and a freelance technical writer. You can visit his Web site at johnleestudio.com.

BY:
Amresh Anjan

How to protect private information stored by Word

• Date: February 25th, 2008
• Author: Susan Harkins

Word automatically stores a few pieces of information about your computer’s identity (or you) when you create a new document. You can get a glimpse by opening a document, even a blank one, and choosing Properties from the File menu. The Summary tab will display, at the very least, your Windows logon name (which might not be your real name).

Word documents also store a randomly generated number that someone can use to trace a document back to your computer, if they have access to your computer. Within most organizations, a file is easy to trace this way.

Most of the time, this information is helpful, but it can be intrusive and even abused by others. You can inhibit this information but it’s an all or nothing venture because you must disable these properties via your document template. For most of us, that’s Normal.dot. The first trick is to find and open Normal.dot (or the appropriate template). Most likely, your Word templates are in the following folder:

C:\Documents and Settings\your name\Application Data\Microsoft\Templates

If that path doesn’t seem to exist for you, you’ll need to take a few extra steps to view hidden folders:

1. From the Start menu, choose My Documents.
2. Choose Tools and then select Folder Options.
3. Click the View tab and click Show Hidden Files And Folders in the Hidden Files And Folders section.
4. Click OK.

Once you find the template, open it in Word and follow these steps to disable the appropriate properties:

1. Choose Options from the Tools menu and click the Security tab.
2. Select the Remove Personal Information From File Properties On Save option in the Privacy Options section.
3. Deselect the Store Random Number To Improve Merge Accuracy option.
4. Click OK.
5. Save the template file and close it.

There’s one drawback to disabling the random number option. If you merge revised documents, Word will no longer prompt you to merge changes when you open a revised document. Fortunately, you can perform the merge manually by choosing Compare And Merge Documents from the Tools menu.

Another possible drawback might be the trouble you get in with your system administrator. If you really feel you need to make these changes to your template, check with your administrator first. I don’t want you to get in trouble. It’s also possible that you can’t change your template — kudos to the administrator who’s in control. Now, as a user you might not like that much control, but you might have to negotiate your needs with your administrator.

BY:
Amresh Anjan

Basic e-mail security tips

• Date: February 25th, 2008
• Author: Chad Perrin

There’s a lot of information out there about securing your e-mail. Much of it is advanced and doesn’t apply to the typical end user. Configuring spam filters such as SpamAssassin, setting up encrypted authentication on mail servers, and e-mail gateway virus scanner management are not basic end-user tasks.

When one can find end-user e-mail security tips, they’re usually specific to a single mail client or mail user agent such as Microsoft Outlook, Mozilla Thunderbird, or Mutt. This sort of information is of critical importance to many users of these applications, but there are few sources of more general security information for e-mail users that aren’t specific to a given client application.

The following is a short list of some important security tips that apply to all e-mail users — not just users of a specific application. They are listed in the order one should employ them, from the first priority to the last. This priority is affected not only by how important a given tip is, but also by how easy it is to employ; the easier something is to do, the more likely one is to actually do it and move on to the next tip.

1. Never allow an e-mail client to fully render HTML or XHTML e-mails without careful thought. At the absolute most, if you have a mail client such as Microsoft Outlook or Mozilla Thunderbird that can render HTML e-mails, you should configure it to render only simplified HTML rather than rich HTML — or “Original HTML” as some clients label the option. Even better is to configure it to render only plain text. When rendering HTML, you run the risk of identifying yourself as a valid recipient of spam or getting successfully phished by some malicious security cracker or identity thief. My personal preference is, in fact, to use a mail user agent that is normally incapable of rendering HTML e-mail at all, showing everything as plain text instead.
2. If the privacy of your data is important to you, use a local POP3 or IMAP client to retrieve e-mail. This means avoiding the use of Web-based e-mail services such as Gmail, Hotmail, and Yahoo! Mail for e-mail you wish to keep private for any reason. Even if your Webmail service provider’s policies seem sufficiently privacy-oriented to you, that doesn’t mean that employees won’t occasionally break the rules. Some providers are accused of selling e-mail addresses to spamming “partners.” Even supposedly security-oriented Webmail services such as Hushmail can often be less than diligent in providing security to their users’ e-mail.
3. It’s always a good idea to ensure that your e-mail authentication process is encrypted, even if the e-mail itself is not. The reason for this is simple: You do not want some malicious security cracker “listening in” on your authentication session with the mail server. If someone does this, that person can then send e-mails as you, receive your e-mail, and generally cause all kinds of problems for you (including spammers). Check with your ISP’s policies to determine whether authentication is encrypted and even how it is encrypted (so you might be able to determine how trivial it is to crack the encryption scheme used).
4. Digitally sign your e-mails. As long as you observe good security practices with e-mail in general, it is highly unlikely that anyone else will ever have the opportunity to usurp your identity for purposes of e-mail, but it is still a possibility. If you use an encryption tool such as PGP or GnuPG to digitally sign your e-mails, though, recipients who have your public key will be able to determine that nobody could have sent the e-mail in question without having access to your private key — and you should definitely have a private key that is well protected.
5. If, for some reason, you absolutely positively must access an e-mail account that does not authorize over an encrypted connection, never access that account from a public or otherwise unsecured network. Ever. Under any circumstances.

Be aware of both your virtual and physical surroundings when communicating via e-mail. Be careful. Trust no one that you do not absolutely have to trust, and recognize the dangers and potential consequences of that trust.

Your e-mail security does not just affect you; it affects others, as well, if your e-mail account is compromised. Even if the e-mail account itself is not compromised, your computer may be if you do not take reasonable care with how you deal with e-mails — and that, in turn, can lead to affecting both you and others adversely as well.

Don’t be a victim.

BY:
Amresh Anjan

5 of the best desktop operating systems you never used

• Date: March 19th, 2008
• Author: John Sheesley

Bill Gates’ original dream when he created Microsoft was to have “a computer on every desk and in every home, all running Microsoft software.” Clearly, he accomplished that goal. Depending on whose statistics you want to believe, Windows has a market share in the high 80% - low 90% range. So, unless you run Linux or prefer Mac OS X, chances are you’re a Windows user.

When it comes to desktop operating systems, your choices are really pretty narrow. You either run Windows, or you do some Unix-like OS. There are the 12,000 different Linux distributions. There’s always FreeBSD if you prefer your Unix without a Finnish flavor. You could go the vendor route and run AIX or HP-UX. Sun has Solaris, and as much as you might want to, you can’t forget SCO. And of course, there’s always Mac OS X. Although it may sound like variety when it comes down to it, it’s still Windows vs. Unix.

There are other options, or at least there USED to be. Here are a list of five of the best operating systems that you probably never used.

OS/2

No discussion can be had of Microsoft alternatives without mentioning OS/2. Until Microsoft shipped Windows 2000 Professional, OS/2 4.0 was probably my desktop OS of choice. For the purposes of this section, I’m referring to OS/2 2.0 and later, not IBM and Microsoft’s ill fated OS/2 1.x series.

IBM billed OS/2 as being a “Better DOS than DOS” and a “Better Windows than Windows”. Anyone who ever ran OS/2 knows that IBM largely succeeded. From a technical perspective, OS/2 was much more solid than DOS, Windows 3.x or even Windows 9x.

OS/2 had many innovations that we come to view as standard equipment in an OS today. OS/2 was the first major 32-bit operating system. It was completely multi-threaded. Its HPFS file system resisted fragmentation and could natively support large filenames. OS/2 was the first major OS to integrate a Web browser into the operating system. It was also the first operating system to offer voice-control.

There are many reasons why OS/2 failed. Windows 95 came out and even though OS/2 was more stable, its inability to run Win32 API-based programs doomed it. It ran DOS and Windows 3.1 programs so well, ISVs never had an incentive to create native OS/2 programs. Microsoft’s licensing scheme with OEMs discouraged hardware vendors, including IBM itself, from bundling OS/2. It didn’t help that IBM couldn’t market OS/2 to save its life.

Even though the last version of OS/2 shipped in 1996, IBM continued to support OS/2 until December 31, 2006. Many OS/2 supporters have tried to get IBM to release OS/2’s source code for open source development, but IBM refuses. Supposedly this is due to some of the Microsoft code that still exists in OS/2 that IBM has exclusive rights to. At the same time however, IBM licensed OS/2 to Serenity Systems who continue to support, upgrade, and extend OS/2 in their own product called eComStation. Below is a screen shot of eCS from my test machine:

One final bit of OS/2 trivia. Microsoft co-developed OS/2 1.x with IBM. When IBM and Microsoft got ‘divorced’ in the late 80’s, Microsoft took its part of the code for what was to become OS/2 3.0 on the IBM/Microsoft product roadmap and created Windows NT 3.1, which today lives on as Windows Vista and Windows Server 2008.

Every OS/2 user’s favorite quote from Bill Gates is, of course: “We believe OS/2 is the platform for the 90’s.”

NeXT

The NeXTSTEP OS is one that even I never used. It came up in conversation with Jason Hiner who had used it while a student at IU. NeXTSTEP has a important place in history that can’t be overlooked.

Today, Apple is Steve Jobs and Steve Jobs is Apple. You can’t really think of one without the other. It wasn’t always that way though. In 1985, in grand Greek Tragedy form, Steve Jobs was forced out of Apple by John Sculley, the executive that Jobs himself brought in from Pepsi to save Apple from financial disaster. When Jobs left Apple, he went on to form the NeXT Computer Company.

NeXT’s initial goal was to create powerful workstations for education and business. The NeXT workstation’s major innovation at the time was its 256Mb WORM drive that it used for removable storage rather than a traditional floppy drive. The NeXT came with the entire works of Shakespeare on a single CD-ROM which was one of the ‘cool factors’ about the box when it was introduced. The NeXT workstation also continued Job’s history of thinking different when it came to design, because the NeXT workstation was a simple Borg-like cube.

At the heart of the NeXT workstation was the NeXTSTEP OS. This OS was based on the Mach Unix kernel. It was originally developed for NeXT’s PowerPC CPU, but Jobs also created a version of it that ran on the Intel 486 CPU called NeXTSTEP 486. Here’s a screenshot of NeXTSTEP from Wikipedia:

NeXTSTEP is significant because when Jobs finally retook his rightful place as the head of Apple in 1996, he did so by arranging Apple to buy NeXT. In doing so, the NeXTSTEP OS came along as part of the package and ultimately became Mac OS X.

BeOS

The BeOS was an interesting, powerful, and probably the most jinxed OS that was ever created. It debuted in 1991 and some of its innovations such as a 64-bit journaling file system in BFS, still haven’t found their way into current operating systems.

BeOS came very close to becoming the operating system that we use on the Mac platform today. BeOS started out as an proprietary operating system for the BeBox which was a workstation that ran PowerPC CPUs. When the BeBox failed to go anywhere in the marketplace, Be tried to sell the company to Apple to replace MacOS, which by 1996 was starting to show its age in the face of Windows 95. Apple nearly did it, but decided to buy NeXT and bring back Steve Jobs as mentioned above.

Be then continued its desperate bid to find a home and purpose for the OS. It started by trying to peddle BeOS to the makers of Mac-clones who were cut off from Apple when Steve Jobs returned. That didn’t work. (Yes, in the mid-90’s you could actually buy clones of the Mac. Apple licensed the OS and the Mac ROMs to OEMs. One of Steve’s first actions upon getting back in at Apple was to squash the Mac-clone market.)

Be then tried to port the BeOS to the Intel platform and get some traction against Windows. That didn’t work either. Be next tried to create a version of BeOS for Internet appliances. When that failed as well, Be sold out to PalmSource who wanted to include BeOS technology in their next OS. Guess how that turned out? PalmSource subsequently crashed and burned, selling the rights to BeOS to Access Co, a maker of mobile devices.

I never used BeOS other than to install it and kick it around a little to see how it worked. I have a copy running in Virtual PC on my test machine, but due to limited hardware support of the virtual machine environment, BeOS won’t come up in color and won’t talk to the network card. The screen shot below comes from jfedor.org.

DESQview

The last two I want to mention aren’t really operating systems per se, but rather operating environments. But, if Windows 9x can qualify as an operating system, so can these. The first is DESQview.

DESQview was a program that ran on top of DOS that allowed you to multitask DOS programs. As a matter of fact, until Microsoft introduced Windows 95, with the exception of OS/2 the best way to run multiple character based DOS programs was through the use of DESQview.

DESQview didn’t multithread programs, because such technology didn’t exist at the time. Rather, through the use of QEMM, DESQview used expanded memory on your computer if it had an 80386 CPU to run DOS programs simultaneously. If you only had a 286, you couldn’t use expanded memory, but DESQview would still task-switch programs through extended memory. It wasn’t as efficient as running on a 386, but it still got the job done.

Of course, Windows 3.x could multitask DOS programs. Compared to DESQview however, Windows 3.0 it had so much overhead, that it was slower and often wouldn’t leave enough lower 640Kb memory behind for DOS programs to run. If you had enough extended memory in your computer, QEMM, DESQview’s memory manager, could actually free almost the entire lower 640Kb memory area for program use.

DESQview was one of the first victims in the PC tradition of Good Marketing Beats Better Technology. Even though DESQview multitasked DOS programs better than Windows, Microsoft ultimately won the day. Quarterdeck, the maker of DESQview, tried creating a GUI-version of it called DESQview/X, but this never went anywhere. Ultimately, Quarterdeck sold out to Symantec. Symantec still owns the rights to DESQview, but doesn’t market it.

I used DESQview extensively in college. Even on a 80286 without QEMM, you could still multitask programs very well using DESQview. Unfortunately, I couldn’t find my copy of DESQview to grab a screenshot for this blog post. I’ll see if I can find it and get one. For now, I found this very grainy image from Charles Petzold’s Web site.

GEOS / GeoWorks

In early 90’s if you wanted to get on the GUI bandwagon and didn’t want to use a Mac, your only choice was really Windows 3.0. But to make Windows 3.0 work properly, you really needed to have 386 with EGA or VGA graphics. If you had an ‘older’ computer, you were pretty much out of luck. That’s where PC/GEOS came in.

GEOS was a GUI that ran on Atari and Commodore 64 computers. In 1990, GeoWorks created a version of GEOS called PC/GEOS which would support a GUI and limited multitasking on 286 and even some XT machines (8088-based PC clones). GEOS was lightweight, fast, and easy to use but never got traction from software developers because it was hard to program for and the developer kit was expensive.

GEOS included Ensemble which was its own office suite program consisting of a word processor, spreadsheet, dialer, database, and calendar. This was in an era where Microsoft Office didn’t exist and if you wanted these applications you had to buy them separately. GEOS was also used by AOL for the DOS version of their connection software.

Once Windows conquered the desktop and hardware caught up to Windows’ appetite, GEOS fell out of favor. GeoWorks ultimately sold out to NewDeal Inc, which tried to market the OS as a Windows alternative to those with older machines and for schools. When this didn’t work, NewDeal ultimately failed and sold its business to BreadBox who continue to make, support and update a version of GEOS called BreadBox Ensemble.

My copy of GEOS is long gone, but I ran it for a while on my Tandy 1000. It did the job, but I needed more power than what was in the supported applications and it didn’t run DOS programs very well. The attached screen shot is from the Guidebook Gallery.

All that and more

So there you have 5 of the best operating systems you probably never used. Each introduced innovations that we still use today, as well as some we’re still trying to catch up with even though the programs debuted in the 20th century. In each case, they were overlooked, underrated, and ultimately crushed by the Microsoft steamroller.

There are plenty of OSes I left off the list: CP/M, TRS-DOS, LDOS, DR-DOS and others (which I encourage you to remind me of.) We’ll try to cover those in the future as well.

BY:
Amresh Anjan

USB Disk Security (exe)

Overview: USB Disk Security provides 100% protection against any malicious programs trying to attack via USB drive. Compare USB Disk Security against other antivirus solutions, you will find out its highlights: USB Disk Security provides 100% protection against any threats via USB drive, however, the majority of other products are unable even to guarantee 90% protection. USB Disk Security is the best antivirus software to permanently protect offline computer without the need for signature updates, but other antivirus software should update signature database regularly, and they cannot effectively protect offline computer. This light and easy to use solution is 100% compatible with all software and doesn't slow down your computer at all. You pay USB Disk Security once and get it all, however, other antivirus products should be paid for updates every year. Version 5.0.0.18 improved detection of threats.

Format: Software | Size: 1,042KB | Date: Mar 2008 | Version: 5.0.0.18 | System Requirements: Windows 95/98/Me/NT/2000/XP/2003 Server/Vista | License: Free to try | Price: $55.00 | Limitations: Limited malware removal | Screen Shot | Downloads: 125

BY:
Amresh Anjan

Secure temporary files in Linux

• Date: February 25th, 2008
• Author: Vincent Danen

On a typical Linux system there will be at least two, if not more, directories or partitions meant to hold temporary files. There is always the /tmp directory, and often a /var/tmp directory as well. With newer Linux kernels, there can also be /dev/shm, which is mounted using the tmpfs filesystem.

One problem with directories meant to store temporary files is that they can often be targeted as places to store bots and rootkits that compromise the system. This is because in most cases, anyone (or any process) can write to these directories. Insecure permissions are problematic as well; most Linux distributions set the sticky bit on directories meant to contain temporary files — this means that user A cannot remove a file belonging to user B, and vice versa. Depending on the permissions of the file itself, user A may be able to view and/or modify the contents of that file, however.

A typical Linux installation will set /tmp as mode 1777, meaning it has the sticky bit set and is readable, writable, and executable by all users. For many, that’s as secure as it gets, and this is mostly because the /tmp directory is just that: a directory, not its own filesystem. The /tmp directory lives on the / partition and, as such, must obey its mount options.

A more secure solution would be to set /tmp on its own partition, so that it can be mounted independent of the / partition and have more restrictive options set. An example /etc/fstab entry for a /tmp partition might look like:

/dev/sda7 /tmp ext3 nosuid,noexec,nodev,rw 0 0

This would set the nosuid, noexec, and nodev options, meaning that no suid programs are permitted, nothing can be executed from that partition, and no device files may exist.

You could then remove the /var/tmp directory and create a symlink pointing to /tmp so that the temporary files in /var/tmp also make use of these restrictive mount options.

The /dev/shm virtual filesystem also needs to be secured as well, and this can be done by changing /etc/fstab. Typically, /dev/shm is simply mounted with the defaults option, which isn’t enough to properly secure it. Like the fstab entry shown for /tmp, it should have more restrictive mount options:

none /dev/shm tmpfs defaults,nosuid,noexec,rw 0 0

Finally, if you don’t have the ability to create a fresh /tmp partition on existing drives, you can use the loopback capabilities of the Linux kernel by creating a loopback filesystem that will be mounted as /tmp and can use the same restrictive mount options. To create a 1GB loopback filesystem, execute:

# dd if=/dev/zero of=/.tmpfs bs=1024 count=1000000

# mke2fs -j /.tmpfs

# cp -av /tmp /tmp.old

# mount -o loop,noexec,nosuid,rw /.tmpfs /tmp

# chmod 1777 /tmp

# mv -f /tmp.old/* /tmp/

# rmdir /tmp.old

Once this is complete, edit /etc/fstab to have the loopback filesystem mounted automatically at boot:

/.tmpfs /tmp ext3 loop,nosuid,noexec,rw 0 0

Little things like ensuring proper permissions and using restrictive mount options will prevent a lot of harm coming to the system. If a bot lands on a filesystem that is unable to execute, that bot is essentially worthless.

BY:
Amresh Anjan

How do I… Create a 3D logo in GIMP?

• Date: March 18th, 2008
• Author: Jack Wallen

The GNU Image Manipulation Program (GIMP) is the open source answer to Photoshop. There are many who would disagree with that statement, but when you really get into it, GIMP can do pretty much everything Photoshop can do and do it just as easily.

One thing GIMP does very simply is create 3D logos. The application does this with the help of what is called “Script-Fu,” which is GIMP’s scripting extension. One of the default extensions is Logos. We are going use Logs to create various 3D logos.

A note on fonts

One of the first things you are going to want to do is find yourself some good fonts to use. The default fonts installed in Linux are not the greatest (especially if you are trying to create a groovy logo for yourself or a company.) The fonts need to be .ttf (or .TTF) format. After you have rounded up enough fonts to satisfy your creative needs, place them in the ~/.fonts directory and restart. Once you have logged back in, GIMP will see all of the new fonts and be able to use them. You are ready to start creating.

The GIMP UI

If you are not terribly familiar with the GIMP UI fear not, most everything you are going to do can be done via menus. The first menu you will be looking at is the Xtns menu (Figure A)

Figure A

The Logo menu is found quickly in the Script-Fu submenu in the Xtns menu. Xtns = externals.

Once you are in the Logo menu you will see 29 possible choices. Each of these choices will render a very different type of logo. The choices range from an Alien Glow to a Web-Title Header. There are some very fun choices and some very standard choices. Let’s take a look at something fun.

From the Logo menu let’s choose Bovination. This type of menu, as you can probably guess, is all about Cows. This will create a logo that has a nice bovine print in the lettering. So click Bovination to bring up the options window (Figure B).

Figure B

The text “Fear The Cow” is the default text. You’ll want to change that.

So the first thing to do is to change the text to suit your needs. Once you have done that edit the pixel size. This can be tricky because you’ll need to make adjustments up or down depending upon your needs. Obviously a smaller font size is going to render a smaller image. Get too small and the clarity is sacrificed.

Now with many of the Logo Scripts the choice in font will have a drastic impact on the quality of the logo. For instance, with Bovination you will need a fatter font to render the pattern. Figure C shows a Bovinated logo with a too-skinny font whereas Figure D shows a Bovinated logo with a font better suited for the pattern.

Figure C

Not enough beef to this font.

Figure D

Now that’s a side of beef!

Before saving the image, there are some interesting tricks to play. Let’s say, for example, you want to use the second bovinated logo but you want to place it on another image where the background is not white. This is most certainly possible by extracting layers. Take a look at Figure E. This is a screen shot of the layers that make up the image from Figure D. What we want to do is remove the background layer so the text and the text effects are the only thing remaining.

Figure E

Of the three layers, the top two make up the text and the text effects.

Once you remove the background, what you have left is the text (and text effects) on a transparent background (Figure F).

Figure F

Now your cow logo is almost ready to copy and paste as a new layer on an image.

Before you can actually copy and paste this image you have to merge the two remaining layers together. You can merge two ways: The first is to hit [Ctrl]-[M] and the second is to right click the image, go to the Image menu, and then select Merge Visible Layers.

When you merge layers there are three options:

1. Expanded as necessary
2. Clipped to image, and
3. Clipped to bottom layer

The first option works in most cases. Once the layers are merged you can copy and paste that logo to your hearts content.

Another logo

Let’s take a look at another type of logo that gives you an even more 3D appearance. The “Glossy” logo is one of my favorites. I use it all the time. Once you start the Glossy logo Script-Fu you will have a number of options to play with. There are only a few that are really necessary. Take a look at Figure G which illustrates the options for Glossy.

Figure G

I have no idea why the text “Galaxy” was chosen, but there you have the default text.

The two most important options in Glossy are the Font and the Blend gradient.

There are two different types of blend gradients: Text and Outline. I generally make them the same gradient. You can choose different gradients but it will most often muddy up your work. I am going to work with a fun font and work with the Abstract 1 gradient. Other than the font and the gradient, I am leaving everything else set to default. Take a look at Figure H for the final results.

Figure H

Pretty groovy for such quick work

The various types of logos have plenty of different options. You can spend the better part of a day playing around with the options tweaking your logo to perfection by changing fonts, altering gradients, and adding or removing patterns. With The GIMP, the sky is the limit.

Final thoughts

As you have seen, creating a 3D logo in The GIMP is simple. But don’t stop yourself short of creating the perfect logo. Remember, once you have created the logo with the help of Script-Fu, you can always take that logo two or three steps higher using the standard GIMP tools.

BY:
Amresh Anjan

What is cross-site scripting?

• Date: March 18th, 2008
• Author: Chad Perrin

Cross-site scripting, also known as “XSS,” is a class of security exploit that has gotten a fair bit of attention in the last few years. Many users, and even Web developers, aren’t entirely clear on what the term means, however. I’ll explain cross-site scripting for you, so you will know where the dangers lie.

Defining cross-site scripting

JavaScript is a powerful tool for developing rich Web applications. Without client-side execution of code embedded in HTML and XHTML pages, the dynamic nature of Web applications like Google Maps, Try Ruby! and Zoho Office would not be possible. Unfortunately, any time you add complexity to a system, you increase the potential for security issues — and adding JavaScript to a Web page is no exception.

Among the problems introduced by JavaScript are:

1. A malicious website might employ JavaScript to make changes to the local system, such as copying or deleting files.
2. A malicious website might employ JavaScript to monitor activity on the local system, such as with keystroke logging.
3. A malicious website might employ JavaScript to interact with other Websites the user has open in other browser windows or tabs.

The first and second problems in the above list can be mitigated by turning the browser into a sort of “sandbox” that limits the way JavaScript is allowed to behave so that it only works within the browser’s little world. The third can be limited somewhat as well, but it is all too easy to get around that limitation because whether a particular webpage can interact with another webpage in a given manner may not be something that can be controlled by the software employed by the end user. Sometimes, the ability of one website’s JavaScript to steal data meant for another Website can only be limited by the due diligence of the other website’s developers.

The key to defining cross-site scripting is in the fact that vulnerabilities in a given website’s use of dynamic Web design elements may give someone the opportunity to use JavaScript for security compromises. It’s called “cross-site” because it involves interactions between two separate websites to achieve its goals. In many cases, however, even though the exploit involves the use of JavaScript, the website that’s vulnerable to cross-site scripting exploits does not have to employ JavaScript itself at all. Only in the case of local cross-site scripting exploits does the vulnerability have to exist in JavaScript sent to the browser by a legitimate website.

Types of cross-site scripting

There are currently three major categories of cross-site scripting. Others may be discovered in the future, however, so don’t think this sort of misuse of Web page vulnerability is necessarily limited to these three types.

• Reflected: Probably the most common type of cross-site scripting exploit is the reflected exploit. It targets vulnerabilities that occur in some websites when data submitted by the client is immediately processed by the server to generate results that are then sent back to the browser on the client system. An exploit is successful if it can send code to the server that is included in the Web page results sent back to the browser, and when those results are sent the code is not encoded using HTML special character encoding — thus being interpreted by the browser rather than being displayed as inert visible text.

  The most common way to make use of this exploit probably involves a link using a malformed URL, such that a variable passed in a URL to be displayed on the page contains malicious code. Something as simple as another URL used by the server-side code to produce links on the page, or even a user’s name to be included in the text page so that the user can be greeted by name, can become a vulnerability employed in a reflected cross-site scripting exploit.

• Stored: Also known as HTML injection attacks, stored cross-site scripting exploits are those where some data sent to the server is stored (typically in a database) to be used in the creation of pages that will be served to other users later. This form of cross-site scripting exploit can affect any visitor to your website, if your site is subject to a stored cross-site scripting vulnerability. The classic example of this sort of vulnerability is content management software such as forums and bulletin boards where users are allowed to use raw HTML and XHTML to format their posts.

  As with preventing reflected exploits, the key to securing your site against stored exploits is ensuring that all submitted data is translated to display entities before display so that it will not be interpreted by the browser as code.

• Local: A local cross-site scripting exploit targets vulnerabilities within the code of a webpage itself. These vulnerabilities are the result of incautious use of the Document Object Model in JavaScript so that opening another Web page with malicious JavaScript code in it at the same time might actually alter the code in the first page on the local system. In older versions of Internet Explorer (before IE 6 on MS Windows XP Service Pack 2), in fact, this could even be used on local Web pages (stored on the local computer rather than retrieved from the World Wide Web), and through those pages break out of the browser “sandbox” to affect the local system with the user privileges used to run the browser. Because most MS Windows users have tended to run everything as the Administrator account, this effectively meant that local cross-site scripting exploits on MS Windows before XP Service Pack 2 could do just about anything.

  In a local cross-site scripting exploit, unlike reflected and stored exploits, no malicious code is sent to the server at all. The behavior of the exploit takes place entirely on the local client system, but it alters the pages provided by the otherwise benign Website before they are interpreted by the browser so that they behave as though they carried the malicious payload to the client from the server. This means that server-side protections that filter out or block malicious cross-site scripting will not work with this sort of exploit. For more about local cross-site scripting, see the explanation at DOM Based Cross Site Scripting.

Protection Against Cross-Site Scripting

The most comprehensive way to protect your Web design from being exploited by cross-site scripting is to translate any and all special characters in user-provided input — even in URLs — into display entities, such as HTML entities. This applies not only to server-side code like PHP, Perl, and ASP.NET code, but also JavaScript that works with any user-provided input as well. This may interfere with the operation of Websites where users expect to be able to use HTML and XHTML in their input, such as for Website design helper applications — in which case more complex code may be needed to protect against malicious code. Such fine-grained filtering is just one side of an arms race against malicious security crackers, however, and cannot reasonably be 100% effective.

Another way to protect your Website from cross-site scripting exploits is to never directly use any user-provided input in your pages. Accepting a limited number of values in user-provided input that are each used as “keys,” for lack of a better term, to choose from among certain predefined options is an example of how user-provided input can be used to define output, but obviously greatly limits the dynamic nature of Web applications. If your website does not need greater dynamism than this provides, however, this may be your safest option for generating output based on user input.

Similarly, input validation that simply strips out all characters unauthorized for specific, limited input types (such as removing everything but dashes, parentheses, periods, and digits from input expected to contain telephone numbers), or that rejects input containing unauthorized characters entirely, can be used. This is a useful technique for many forms of input, but not all. Such validation techniques should be used whenever possible, because they not only provide some protection against cross-site scripting, but also against direct attempts to compromise the server itself through buffer overflows, SQL injection, and other attempts to exceed the bounds of the system.

Cookies are often used to provide some form of security against cross-site scripting. Many cross-site scripting exploits are designed to “steal” session cookies, but a cookie can be “tied” to a particular IP address so that hijacked cookies fail validation when employed by cross-site scripting exploits. There are potential work-arounds for this sort of security, such as when the legitimate user of a given cookie and a cross-site scripting exploit both originate from behind the same proxy server or NAT device, of course. Internet Explorer implements an HTTPOnly flag that prevents local scripts from affecting a cookie to try to guard against this sort of cookie abuse, but it is ineffective against cross-site request forgery attacks, where unintended requests may be sent via cross-site scripting exploits alongside a cookie used to authorize the requests at the server.

The single most effective means of avoiding cross-site scripting in Web development, however, is to design your website so that it does not require client-side code at all. That way, if your users want to turn off the JavaScript interpreters in their browsers, they can do so without losing the ability to make use of your Website. This does not protect against all forms of potential malicious input to your server, of course, and it does not actually limit the vulnerability of your website all by itself — but it does give visitors to your website the option of protecting themselves.

BY:
Amresh Anjan

Pick up tips about cloning Java objects

• Date: June 20th, 2007
• Author: Peter Mikhalenko

Objects in Java are referred using reference types, and there is no direct way to copy the contents of an object into a new object. The assignment of one reference to another merely creates another reference to the same object. Therefore, a special clone() method exists for all reference types in order to provide a standard mechanism for an object to make a copy of itself. Here are the details you need to know about cloning Java objects.

Why create a local copy?

The most probable reason for creating a local copy of an object is because you plan to modify the object, and you don’t want to modify the method caller’s object. If you decide that you need a local copy, you can perform the operation by using the clone() method of the Object class. The clone() method is defined as protected, but you must redefine it as public in all subclasses that you might want to clone.

For example, the standard library class ArrayList overrides clone(), so you can call clone() for ArrayList, like this:

import java.util.*;class MyInt {

private int i;

public MyInt(int ii) { i = ii; }

public void increment() { i++; }

public String toString() {
return Integer.toString(i);
}
}public class Test {

public static void main(String[] args) {
ArrayList al = new ArrayList();

for(int i = 0; i < 10; i++ )
al.add(new MyInt(i));

ArrayList al1 = (ArrayList)al.clone();

// Increment all al1's elements:
for(Iterator e = al1.iterator(); e.hasNext(); )
((MyInt)e.next()).increment(); }
}

The clone() method produces an Object, which must be recast to the proper type. This example shows how ArrayList’s clone() method does not automatically try to clone each of the objects that the ArrayList contains — the old ArrayList and the cloned ArrayList are aliased to the same objects. This is often called a shallow copy, since it’s only copying the “surface” portion of an object. The actual object consists of this “surface,” plus all the objects that the references are pointing to and all the objects those objects are pointing to, etc. This is often referred to as the “Web of objects.” When you copy the entire mess, it is called a deep copy.

The Cloneable interface and deep copies

By default, classes in Java do not support cloning; the default implementation of the clone() method throws a CloneNotSupportedException. You should override implementation of the clone() method. Remember that you must make it public and, inside the method, your first action must be super.clone(). Classes that want to allow cloning must implement the marker interface Cloneable. Since the default implementation of Object.clone only performs a shallow copy, classes must also override clone to provide a custom implementation when a deep copy is desired. Basically, if you want to make objects of your class publicly cloneable, you need code like this:

class Test implements Cloneable
{
...
public Object clone()
{
try
{
return super.clone();
}
catch ( CloneNotSupportedException e )
{
return null;
}
}
...
}

If you are happy with a protected clone, which just blindly copied the raw bits of the object, you don’t need to redefine your own version. However, you will usually want a public one. (Note: You can’t create a private or default scope clone; you can only increase the visibility when you override.)

Possible problems and a solution

Since the clone() method is protected, subclasses have to explicitly agree to be cloneable by overriding this protected method with a public method. All of the Collections classes do this. The subclass also has to implement Cloneable for the default cloning mechanism in Object.clone() to work.

If you have an object that you know has a public clone() method, but you don’t know the type of the object at compile time, you have problems. For instance, say x is declared as an Object. You can’t just call x.clone() because Object.clone() is protected. If Cloneable defined a public clone() method, you could use ((Cloneable) x).clone(), but it doesn’t. You either have to enumerate all the classes that you think x could be, or you have to resort to reflection.

Another problem arises when you try deep copying of a complex object. You’re assuming that the clone() method of all member object variables also does deep copy; this is too risky of an assumption. You must control the code in all classes, or you must know that all classes involved in deep copy operation do such a copy in the right way.

One solution to these problems is to clone using serialization. Serialization is usually used to send objects off somewhere (such as into a file or over the network) so that somebody else can reconstruct them later. You can abuse serialization to immediately reconstruct the object yourself. If the object is serializable at all, the reconstruction should be a faithful copy. In normal uses of serialization, the original object is nowhere near a faithful copy; it could be on the other side of the world at the far end of a network connection. You can be sure that changing the copy will have no effect on the original.

Peter V. Mikhalenko is a Sun certified professional who works for Deutsche Bank as a business consultant.


BY:
Amresh Anjan