Wednesday, December 9, 2009

Blocking the HTTP Referer, Take 2

I was about to post that RefControl now seems to work on all my systems, but double checked and, alas, no. RefControl is broken on Firefox 3.5 running on Ubuntu 9.04. Time to systematically uninstall RefControl on all my Linux boxes and install Web Developer on each. I can't have a privacy tool that sometimes works on some systems.

Web Developer Add On: https://addons.mozilla.org/en-US/firefox/addon/60
Testing for broken referer blocking: grc.com or http://userpages.umbc.edu/~jmartens/courses/is430/infoleak.shtml

Boycott Muvico

A Muvico theatre in the Chicago area pressed charges for a woman taping friends and family singing "Happy Birthday" in the theatre. She incidentally got a short snippet of "Twilight New Moon" in the background. As a result, she spent two nights in jail and faces a felony charge. This is completely ludicrous, and I for one will not be attending any Muvico Theatres until Muvico drops all charges.

Lauren Weinstein's Commentary: http://lauren.vortex.com/archive/000648.html
Chicago Sun-Times article: http://www.suntimes.com/news/metro/1916606,twilight-taping-arrest-movie-120209.article

Note: I don't know what they were doing singing after the movie started, and that is, to say the least, rude (even with a film as terrible as Twilight). But she wasn't charged with making a public nuisance, disturbing the peace, or the like.

Tuesday, November 17, 2009

DC: Taxation Without Representation

DC has more people than Wyoming. How can it possibly be that they don't warrant representation in Congress?

Thursday, September 24, 2009

Dreaded winmail.dat

There's long been a problem with Outlook, which rather than using standard attachment syntax, uses something called winmail.dat. It's another example of Microsoft intentionally not playing well with others. In the past, if a student has sent me a winmail.dat attachment, I've simply told the student to try again with something not Microsoft-proprietary.

I got a winmail.dat this morning from a co-worker, and rather than just say "try again," I decided to spend a few minutes on the problem (or pointy-haired opportunity). There's a site that seems to do a good job of extracting files from winmail.dat files: http://tud.at/php/tndef/index.php.

There are privacy issues here. Should one send personal, or work-related, or student-generated content to a third-party web site?

Saturday, September 19, 2009

Shawano News and Liquor

As near as I can tell, Shawano News and Liquor no longer exists. 4 or so decades ago, it was the only bookstore in Shawano, WI. They sold other stuff, too. I remember browsing the shelves as a kid and the woman who managed the store (who I think was a Moede, and related to my great grandmother) told me that part of the store was for adults. I told her I could read pretty well, but she still shooed me out of there. Now I think she wasn't concerned about the reading level per se.

Blocking Referer Page

By default, browsers tell servers what page they're coming from, i.e., the page on which the link to the page was clicked. The justification for this is hazy--I can't imagine why I would want to give this information to any server.

I used to use RefControl to block referring information (note the HTTP spelling is referer[sic]). Unfortunately, the current version of RefControl doesn't work with Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.14) Gecko/2009090216 Ubuntu/8.04 (hardy) Firefox/3.0.14, so I went in search of something that would work. I tried No-Referer and Refspoof, neither of which appear to work at all.

A little Googling led to the Web Developer Toolbar, which does successfully block the referring page. It's a bit heavier weight than I wanted, but it works, and it does have other features I may use over time.

Check to see if your referer information is shared.

Monday, August 24, 2009

Airline Passenger Bill of Rights

Another group of passengers got stranded on the ground in a plane for 6 hours, were forced to pay for food and water while stranded, and still the plane was out of food and water by the time the passengers were allowed to depart. Being out of water can be dangerous for people with certain medical conditions. While not as extreme as the flight that was kept prisoner on a plane over night, this points out the need for a passengers' bill of rights. Between the airlines' lack of respect for their customers and the government's security theatre, flying has become very unpleasant in this country.

Amtrak works well, though.

Thursday, August 20, 2009

Humor, Brasero Style

I was burning a backup DVD this morning on Ubuntu 8.04LTS using Brasero 0.7.1, and, as I added files to my project, got the oft seen 3.10GB follows 3.9GB error. I always thought something closer to 4 than 3.10 would follow 3.9, but whatever. Then I burned the backup disk. The drive slid open after burning, as usual, and so I closed it for the verification. Except, instead of verifying, an alert popped up saying that Brasero was unable to eject the disk, and so it then didn't attempt the verification. Did I miss something? When the the tray slides out, isn't that ejecting the disk? This was a backup, and so verification is critical. Fortunately there's diff. It's the old tools that work, though wc has been messed up because somebody decided it should adapt to character sets rather than just count bytes, which I guess is the right choice, but breaks it on some installations. I wrote my own wc in response, and it actually runs without warning and error messages. Other Brasero glitches are that, for data disk projects, it defaults to burning a DVD, but it also defaults to a drive that doesn't burn DVDs. Dumb. This could be Windows software.

Monday, August 17, 2009

LaTeX to XML

There's a LaTeX to XML converter called Tralics which is used by the folks at Inria. Expect a posting on experiences with Tralics real soon now.

Wednesday, August 5, 2009

Speaking of False Positives, Sales, Catching Terrorists

Go Figure

BBC has a columnist, Michael Blastland, with an excellent (based on a small sample) column entitled Go Figure: Different ways of seeing stats. A few pieces in particular that I'll recommend are
  • The problem with junk stats? It's you which discusses the problem with self-report in survey data.
  • A scanner to detect terrorists which discusses the problem of false positives in the context of detecting terrorists. A number of people have pointed this problem in a number of contexts, but policy makers and reporters, in particular, just don't get it. Companies selling face recognition systems and data mining software for detecting terrorists probably do get it, but sell the government junk nonetheless.
  • Just what is poor? explains how the poverty line is set.
Good reading. It appears to be published every two weeks, and there's an RSS feed.

Monday, July 27, 2009

Yahoo Video

A friend suggested I check out a web tool called pipes (they're not going to trademark that name are they? That'd be like trademarking word, or office, or windows, or some other common day-to-day term.

Anyhow, I watched a video showing how to use the tool. The video was boring and not very informative. Or maybe it was informative. Hard to tell. The video site, video.yahoo.com, is very distracting. There's this video playing, but there's also text scrolling around in two places competing for attention. So whenever another part of the screen changes, the eye is drawn to the other place. What's happening in the video I was watching? Don't know--I got distracted. Should I go back and watch the video again? Well, if they really cared they would have hosted it at a more competent video site.

Or maybe not, since the pipes site itself is hosted at yahoo: http://pipes.yahoo.com/pipes/

Sunday, July 12, 2009

Chrome: Darn the Luck

It looks like my favorite feature of the Linux version of Chrome, the lack of Flash support, is going the way of the dodo: http://h3g3m0n.wordpress.com/2009/07/12/linux-chrome-flash-ext/ It's nice to have a browser that doesn't support Flash simply because so many web sites use it for advertising content. Perhaps advertising is the predominant use of Flash.

Saturday, July 11, 2009

Fixing a Broken Link

In November I posted about my last mile, and the entry included the Xohm logo. But I linked to it rather than grabbing my own. And the link rotted. So, I've just grabbed my own and will update the broken link in the old post.

gFTP Much Nicer than Nautilus for sftp

Gnome ships with GUI sftp support built into nautilus, but it's not ideal. I was living with it, and do prefer it over the command line version (I'm getting lazy in my old age) but recently have been evaluating xfce as an environment. This is a whole different story, but I'd like to find a less bloated, less buggy environment than Gnome. Xfce doesn't seem to ship with a GUI sftp client, which is totally fine--why ship software that many users won't use?

Looking around, I found gFTP. So far, it seems gFTP is as good as nautilus in every respect. A major difference, however, is that when transferring files to and fro, gFTP maintains modification times. This way, if I have two copies of the same file in two (or more) places, they all have the same modification time. Seems pretty basic and pretty obvious--and very important--but nautilus gets it wrong.

Is my preference for a GUI sftp client really a sign of laziness? I don't think so. In many cases command line tools are quicker and easier, but when maintaining web directory trees it's nice to be able to quickly glance at two directories and see if their contents match. gFTP does have one quirk that's inconvenient in this regard, however, in that it sorts files and directories differently. IMHO, this is another sign of Linux developers not understanding Unix: a directory is, like a file, a link in a directory, darn it, so sort it like other links.

Thursday, July 9, 2009

Image Editing

I've been a bit frustrated (so, what else is new?) by image manipulation software on Ubuntu. The GIMP makes even the simplest operations complicated. Imagemagick[sic] is sufficiently buggy as to occasionally be useless, though it usually works fine for simple things. I installed a KDE package on my work machine, but of course that comes with an amazing amount of baggage that stays resident after the program terminates. What's a guy to do? Grin and bear the GIMP? I don't think so. As a partial solution, I've installed a version of LView Pro that I registered (and paid for) in 1996 and used to use on Win95 and NT4. WINE certainly has improved in recent years. LView might be sufficient, except it doesn't deal with PNG or EPS images. Neither of these is a surprise: Windows has never had the Postscript support Unix folks assume, and whether PNG was around 13 years ago or not, I'd never heard of it. Still, the LView guys did a nice job with this program. My immediate plan is to use ImageMagick to convert among file formats and, whenever ImageMagick barfs on an image, use LView for the actual editing. We'll see how that goes...

Sunday, July 5, 2009

To Use Blackboard is to Hate Blackboard

It may be that Blackboard isn't so bad from the student side, but it's terrible from the faculty side. This afternoon I was trying to create a quiz and Blackboard locked up before I was halfway done. A couple days ago the same thing happened to me inside the grade center. BTW, who thought the new grade center would be an improvement over the old gradebook? It's harder to use, and very cumbersome. Almost anything a faculty member does causes a page reload while some slow script somewhere runs. Lovely.

Wednesday, June 10, 2009

Chrome on Ubuntu

I've started using Chrome on one of my Ubuntu Linux machines, and kinda like it. It's fast, and pointing it at a PeopleSoft SA page doesn't lobotomize it (Firefox 3 slows to a crawl when SA is visited and remains at a snail's pace until the browser is closed--generally a mercy killing). A few minuses to date:
  1. The formatting on some of the PeopleSoft SA pages is sufficiently messed up as to be unreadable. It's not as though they were all that readable to begin with, though.
  2. It doesn't seem aware of my Flash installation, which may be a simple configuration issue.
  3. I can't right-click on an image and ask it to never load images from that particular server ever again. Thus I see a lot of ads I've trained Firefox to not fetch.

Sunday, June 7, 2009

The Bombe: Prelude to Modern Cryptanalysis

There is a small mistake in the NSA publication The Bombe: Prelude to Modern Cryptanalysis available at the National Cryptologic Museum at Ft. Meade. The bibliography lists Isadore Jacob "Jack" Good as J.I. Good rather than I.J. Good. Anyone active in the Va. Tech Philosophy Club circa 1980 knows the correct ordering of the initials. Another error in the same publication has been noted in Cryptologia.

Wednesday, June 3, 2009

Web Pages by People Who Don't Understand Algorithms

I've used the Online Etymology Dictionary a few times and basically like it. But it's used to look up words. Words have spellings. To browse, picking the first letter, then the second, then the third, etc. would make the most sense. Did I mention that words have spellings? This would be easily implemented as a trie. Instead, we're expected to pick the first letter, and then use a number, like page 23 of the letters starting with 'b'. Two explanations: (1) whoever designed the page didn't care; (2) whoever designed the page didn't have a software background, and so never thought to use a trie.

Monday, June 1, 2009

Improving Usability of myUMBC Continued

In February I talked a bit about improving myUMBC usability. I've gone a bit farther, by partially disabling the spotlight "feature." Here's my up-to-date UMBC-specific karma blocker code:
# Block myUMBC 404 not found chipmunk
[group]
score=10
rule=$url$='dramatic_chipmunk.flv'

# Block UMBC Alerts
[group]
score=10
rule=$url=='https://my.umbc.edu/modules/dashboard/images/alert_bubble.png'

# Block myUMBC Rotating Banner
[group]
score=10
rule=$url^='https://my.umbc.edu/shared/modules/spotlight/'

# Block myUMBC Rotating Banner
[group]
score=10
rule=$url^='https://my.umbc.edu/modules/spotlight/'
This is for the Firefox Karma Blocker add-on, which works nicely.

Saturday, May 30, 2009

Heard on Car Talk

Congressmen should wear uniforms like NASCAR drivers so that constituents can see their corporate sponsorships.

Tuesday, May 19, 2009

Thew and Fro

Spell checkers allow users to add words to their dictionaries. It would be nice if they would also allow users to subtract words. Two frequent typos of mine are 'thew' for 'the' and 'fro' for 'for'. Unfortunately, both typos are English words, though neither is a word I use at all often. Almost always when either occurs in my writing it's a typo. So why can't I tell ispell or Open Office or Firefox or Thunderbird that these are words that should be flagged as misspellings? Actually, I could write a postprocessor for LaTeX documents that flags likely typos, but it would be harder to do this for a clumsier tool, like the WYSIWYG tools. Also this points out a problem with non-text-based tools for text-based applications. A postprocessor would work fine for text files, which means it would be more widely applicable than to just LaTeX, but every GUI has its own spell checker, with its own dictionary, and so they don't integrate well with each other, with simple tools, etc. Going back to elm or mutt for e-mail would solve part of this problem, by raising my productivity for basic e-mail by allowing the editing of e-mail in emacs, but they make multimedia e-mail a bit more of a challenge. OTOH, perhaps they've improved attachment handling in the past few years--worth a look.

Sunday, May 17, 2009

American Film Institute Member Benefits

I belong to the AFI, and like being a member. The AFI Silver, in Silver Spring, MD, is perhaps the best place in the Washington/Baltimore area to see a film. However, one annoying thing keeps cropping up, and more, it seems, this year than in the past.

When a member renews, the AFI sends a few member passes for free admission to a show. The problem is every time, or so it seems, that I try to use one of these free passes, I'm told passes are not being accepted for this particular show. Last night I couldn't use a member pass to see "Limits of Control." The theatre was not remotely close to full. What's the problem? Why do they bother to give member benefits that cannot be used?

In '07 and '08 I don't recall this problem cropping up nearly as frequently. Something's changed in the theatre management, and not for the better.

Saturday, May 16, 2009

LaTeX Blog

Looking for advice on including source code within a LaTeX document, I stumbled across a wonderful, though not terribly active, blog on LaTeX. It's been 7 months since the last post, but there's a lot of useful information there. The URL: http://texblog.wordpress.com/

Wednesday, April 8, 2009

Version Pi

Is this cool (in a geeky sort of way) or what? > latex 450mw-t2 This is pdfTeXk, Version 3.141592-1.40.3 (Web2C 7.5.6) %&-line parsing enabled. entering extended mode (./450mw-t2.tex LaTeX2e <2005/12/01>

Tuesday, March 24, 2009

Throughput from Amazon

I just downloaded an MP3 album and a couple MP3 tracks from another album from Amazon. With the first album, download speeds were about 500kB/s (over 4Mb/s). For the other two tracks, the download speed dropped to under 200kB/s. How come? I noticed it, but didn't give it much thought until receiving the e-mail confirmation from Amazon, and then it was clear. Amazon Digital Services was the seller of the album, and Sony BMG was the seller of the other tracks. They were coming from another server, one which was slower, at least in terms of the bandwidth it was able to give me at the time.

Monday, March 2, 2009

Identity & Authentication Must be Kept Separate

In a recent newsletter, Bruce Schneier referred to an article at Microsoft TechNet by Steve Riley, a Senior Security Strategist. The article is pretty good overall, and certainly worth reading. It's also short, so I won't bother to summarize it here. Instead, I'll just make a few comments:
  • The point that basic computer science principles cannot be glossed over is quite welcome.
  • The statement that the system knows the password is usually, one would hope, incorrect. If passwords are kept anywhere in the system, that file becomes a high-value target. Passwords should have salt shaken on them and then be hashed. The salted hash can be safely stored, and used to verify the user's password.
  • Other examples of authentication with no corresponding identity include boot passwords and disk encryption pass phrases.
  • I'm happy to see anyone make the point, which Riley makes here, that biometrics are best viewed as identity, not as authentication. Biometrics are (typically) public and irrevocable, which make them bad choices for authentication.
Another place where identity and authentication are muddled is with RFID in passports, border crossing cards, or other IDs. The RFID keys are used for both identity and authentication, and most people aren't going to be able to keep them private, and under certain circumstances, no one will be able to.

Monday, February 23, 2009

Blackboard Security, UMBC

A couple items that instructors using Blackboard at UMBC should be aware of: First, at the beginning of most sessions when one is preparing to post new content, a requester pops up asking for permission to run a Java application. The correct answer is, emphatically, no. Everything works fine if you deny that application permission to run, so there's no need to grant it complete and total access to your PC (or to your account on the PC which, for most Windows users, is the same as the PC itself). Second, OIT often refers to Blackboard as a secure place to post grades. In some respects this is true. However, be aware that the grades are transfered in the clear, so anyone eavesdropping can see all the grades of everyone in your class. On campus this is probably a minimal problem for wired users. It's a switched Ethernet, and hard to eavesdrop on. The campus wireless is not encrypted however, so accessing a Blackboard grade book using 802.11 on campus is not secure. By the same token, accessing a blackboard grade book from off campus is not secure.

Sleep

I'm clearly not getting enough sleep if two consecutive posts contain as much overlap as the last two without me noticing until after the fact. As Vonnegut might've said, so it goes.

Improving the Usability of myUMBC

myUMBC has become, in the words of one of our students, very media heavy. Even with a broadband connection, it takes a long time for things to load, presumably due to load on the servers and perhaps scripting locally. One of the annoying things is a rotating banner of supposed news items. I've chosen not to do anything about that yet. Two things I have disabled, however, using Firefox add-on Karma Blocker, are: The chipmunk animation that loads whenever a page is not found. This is doubly bad, since it's not only many useless bytes transferred, but it also makes noise. This is triply bad, because the 404 not found chipmunk normally occurs after clicking a bad link in myUMBC. Karma Blocker rule:
# Block myUMBC 404 not found chipmunk
[group]
score=10
rule=$url$='dramatic_chipmunk.flv'
For those who want to see the animation, the full URL is https://my.umbc.edu/shared/images/player/player.swf?vidLoc=/errors/images/dramatic_chipmunk.flv The second thing is the MyUMBC alert "feature." There is good reason to have such features, but when it's used to tell people not to respond to phishing attacks and to tell people after the fact that the University opened late that morning, it's not clear it's useful. But it also takes several clicks to dismiss the alert, and until dismissed there's this huge honking red thing in a prominent position on the screen. The solution is to get rid of the red thing. The alert is presented as a white number on a red background. Get rid of the background, and it bcomes a white number on a white background. Much better. Karma Blocker rule:
# Block UMBC Alerts
#[group]
#score=10
#rule=$url=='https://my.umbc.edu/modules/dashboard/images/alert_bubble.png'

Monday, February 2, 2009

Disabling Alerts in myUMBC

UMBC's OIT has added an Alerts feature to myUMBC, the system everyone uses for everything at UMBC. Being close to people who were in Norris Hall during the Virginia Tech shootings, I understand the motivation and think that, on the face of things, the alerts are a good idea. However, they're being used for mundane matters--Wednesday around 11am I saw the alert that said campus was closed that morning until 10--and very cumbersome to dismiss. You have to click on the alert notification, click on the specific alert, and then click on something indicating that you've seen the alert. They really want to know we've seen every alert. Unfortunately, myUMBC is very media heavy, and, even from on campus, very slow. So each click takes several seconds. So I looked on myUMBC for an option to disable alerts, or some way to dismiss them more quickly. No luck. NoScript (my favorite Firefox add-on) didn't help, since the alerts aren't implemented as a specific script. So I went hunting. The hunt led to Karma Blocker 0.3.2. Essentially I tell this nifty little Firefox add-on that the myUMBC alert has bad karma, and so it keeps the alert from loading. What it really does is get rid of the red alert background, which means my count of alerts awaiting is a white number on a white background. The rule I use is: # Block UMBC Alerts [group] score=10 rule=$url=='https://my.umbc.edu/modules/dashboard/images/alert_bubble.png' OIT could easily break this by renaming or moving the image file. I'm hoping they don't. If they do, I can make the rule more general.

Friday, January 9, 2009

A Milestone of Sorts

It used to be whenever I bought a new computer, I went into it thinking it'd run around $2k. My Kaypro 4-84+88 was $2k in 1984, my Amiga was $1500 or so in '86 or '87, but came in around $2k with accessories (RAM, 5.25" floppy, etc.). I bought a few PCs from the '90s to a couple years ago that were all in the $2k ballpark. Of course, each one was far more powerful than the one before. Lately when I've priced desktops it's become clear that $2k is now excessive for my needs, or at least as long as I'm not running Vista. I've also bought laptops (kinda in the Kaypro spirit), and the constant was that a laptop would be noticeably more expensive than a comparable desktop. This doesn't seem true anymore. I just bought a Samsung NC10 Netbook, $480 from Amazon. This is a sweet little machine, weighing under 3 pounds and having long battery life (I haven't quite figured out how long, yet). It does come loaded with useless junk, but not as much as my Dell laptop did. And it came with XP, so I've still managed to completely avoid Vista. Speaking of Vista, xkcd just weighed in: Anyhow a dual core CPU, surprisingly low energy consumption, a GB of RAM, and 160GB of hard drive space for under $500. This is good.