Feeds:
Posts
Comments

Archive for the ‘Technology’ Category

As most of you no doubt have heard, Facebook
founder Mark Zuckerberg was recently married.
Preparations for the ceremony were kept tightly
under wraps, and measures were taken to
protect the privacy of those who attended.
What incredible irony is this, that Mr.
Zuckerberg and company should be entitled to
privacy whenever they want it, while the rest
of us must suffer our personal information to
be harvested like so much ripe fruit?
Facebook’s data gathering tactics can be
somewhat circumvented, but not everyone knows
how. Some would suggest abstinence from
Facebook services, but really, that’s not quite
enough. It takes a bit of effort, and a fair
amount of irritation. But even then, who’s to
confirm that we’ve really got all our bases
covered in the fight for privacy? Newer and
more clandestine methods of surveilling end-user
activity always seem to turn up after already
having been active for some time. So when
someone shows he actually believes in privacy,
yet still, for all intents and purposes, forces
divulgence upon others, is that not hypocrisy?

Read Full Post »

I know this is slightly old news, but I still wanted to talk briefly about it.  Near the beginning of March, GitHub users received this message via email.

A security vulnerability was recently discovered that made it possible for an attacker to add new SSH keys to arbitrary GitHub user accounts. This would have provided an attacker with clone/pull access to repositories with read permissions, and clone/pull/push access to repositories with write permissions. As of 5:53 PM UTC on Sunday, March 4th the vulnerability no longer exists.

While no known malicious activity has been reported, we are taking additional precautions by forcing an audit of all existing SSH keys.

. . .

Until you have approved your SSH keys, you will be unable to clone/pull/push your repositories over SSH.

. . .

Sincerely, The GitHub Team

The following is a rough sequence of events that led up to the official notification of the users.  All times are in PST.

March 1
3:14 AM
Homakov opens Rails issue 5228 for mass assignment vulnerability. [source]
March 2
6:10 AM
Homakov tests the vulnerability by opening an issue “from the future”. [source]
Homakov's Future Issue
March 2
10:07 AM
Issue 5228 is closed. [source]
March 3
3:19 PM
Issue 5228 is deemed not a Rails issue. [source]
fxn's Comment
March 4
8:49 AM
Homakov fully demonstrates the vulnerability by committing to the Rails master branch. [source]
Homakov's Commit
March 4 GitHub suspends Homakov’s account. [source]
March 4
9:53 AM
GitHub fixes the vulnerability on their site. [source]
March 4
12:31 PM
GitHub posts an entry on their blog informing the public of the exploit. [source]
March 4
1:56 PM
Homakov describes the procedure for the exploit on his blog. [source]
March 4
4:20 PM
GitHub posts another blog entry detailing Homakov’s reinstatement, as well as amendments to their security policy. [source]
March 4
4:22 PM
Homakov’s account is reinstated. [source]
March 7
10:22 AM
GitHub sends out an email informing all users that their public keys have been frozen and will be unusable until manually approved. [source: email]

This is a classic case of hacker discloses vulnerability by exploiting vulnerability.  Opinions often vary as to whether or not this is an appropriate method of disclosure.  The intentions of the responsible parties have to be called into question, as well as the level of severity of the exploit.  In this case, many argued that Homakov tried to report the issue but was brushed off, leaving him with no other way to call attention to the vulnerability.  Others argued that he was trying to inform the wrong people, or that he simply should have refrained from exploiting the security hole himself.  In any event, the damage (if it can be called damage) was extremely minimal considering what could have been produced by a malicious attack.

As stated in GitHub’s blog post, the final verdict was “no malicious intent”, and Homakov ultimately had his account restored.  After reading through loads of comments, the general attitude of GitHubbers seems to be one of praise rather than condemnation, but it’s certainly an arguable issue in the way of ethics.

When, if ever, is it okay for hackers to act on a vulnerability in order to demonstrate flaws?

Read Full Post »

Part two of a two-part focus on Gmail.

It’s said that disorganization is a sign of genius.  I guess I’m not a genius—not when it comes to work spaces.  If it’s a place where information is stored, I generally keep it organized, whether it’s my desk, my hard drive, or my email inbox.  And thankfully, with a Gmail account, it’s ridiculously simple to keep order in what can otherwise be a chaotic stack of virtual correspondence.

The following is by no means the be-all, end-all method to organize your mail.  It’s just how I use some of the available tools to make my mail-checking quick and efficient.

Here’s a basic inbox setup.  A few messages—some read, some unread—from various senders.  For the sake of simplicity, I’ll be sticking to the Classic inbox style.

Inbox Before Filter

Inbox, before filtering (click to view full)

It’s not incredibly messy, but there’s enough here to demonstrate how I use filters, labels, and label settings as a sort of ad hoc filing system to split up and organize my mail.  I also eschew email hoarding, making sure instead to delete and archive.  Old mail that will serve no future purpose gets cleared out, and mail that needs to be kept goes into the archive, leaving behind a clean inbox—the goal.

The first thing to do is determine how specifically you want your mail sorted.  You may want some messages filtered at the domain level, such as twitter.com for all your Twitter notifications.  Alternatively, you might want something more specific, like davidwebb@pseudomail.com for only messages from your friend David Webb at the pseudomail.com domain.

Once you’ve chosen how you want your mail filtered, you can create a label that will be applied to all the messages that meet your chosen criteria.  In this example, I’m going to filter emails that come from Google, so I’ll create a label called Google.

Note: Remember that although labels are similar to folders, they don’t work exactly the same way.  In many other email services, a single message can only be in one folder at any given time, whereas in Gmail, a message can have multiple labels applied to it.  You can also think of Gmail’s Inbox as a permanent label, i.e., one that can’t be deleted, that gets applied to all your mail by default.

Click on the settings gear at the top right corner of the inbox and select the Settings option.

Gmail Settings

Settings (click to view full)

In the Settings screen, select Labels.  You’ll be presented with an overview of your current label configurations.  Click the Create new label button, and in the popup that appears, enter the name for your new label.

Creating a Label

Label creation (click to view full)

There is an option that allows you to nest your labels, but again, for simplicity, we’ll leave that option alone for now.

Note: There are several other ways to create the exact same label.  You can even do it on the fly when creating a filter.  I’ve just done it through the basic Labels screen to show you where you can go to view and manage all your labels at once.

Once your label is created, you’ll see it in the list on the left side of the screen, under the Compose button.  Now you can set up your filter.  While still in the Settings screen, select Filters.  Click on Create a new filter.  The search bar will drop down to allow you to specify your criteria.  Since I want to filter mail from Google, I’ll put the domain google.com in the From field.  I could specify criteria for the other fields as well, but because I want to target all Google messages, I’ll leave those fields blank.  Click Create a filter with this search.

Note: If you’re unsure of the domain that you need to enter, open an existing email that you’d like to filter, find the sender’s address, and look at what’s after the @ symbol.  Occasionally, you’ll find emails coming from subdomains as well, such as mail.pseudomail.com, but for the purpose of filtering, subdomains can be used the same way as domains.

Now you can choose what happens to the emails that match your criteria.  This is where you’ll use the label that you just created.  From the Apply the label drop-down list, select your label.  The check box should check itself off automatically.

Creating a Filter

Filter creation (click to view full)

There are also a few other options available, such as marking the mail as important, or making it immune to the spam filter.  An option I like is Skip the Inbox (Archive it).  With this checked, the filtered emails will only show up under the new label, and not under the inbox.  I use this on my filters because it keeps my inbox that much cleaner, and since I recommend archiving emails that you intend to keep anyway, this option saves you a step when reading your mail.  Check off the option to apply the filter to any matching emails that it has already found, then click the Create filter button, and you’re pretty much done.  The inbox now looks like this:

Inbox After Filter

Inbox, after one filter (click to view full)

The email that was filtered remains in an unread state, but no longer appears in the inbox.  Instead, the new label is displayed in boldface and indicates the number of unread messages (1) to which it has been applied.  If I hadn’t checked off Skip the Inbox, I’d see this:

Without Skipping the Inbox

Without skipping the inbox (click to view full)

The email is displayed in the inbox with its label visible, but the corresponding label in the list also indicates that there is an unread message.  This can be a bit confusing, because at first glance it looks as though there are three new messages when, in fact, there are only two.  That’s one reason I prefer to skip the inbox.  You can also color code your label, or choose to have it hidden from view if it has no unread messages. To view these options, click the down arrow that appears when you place the cursor over the label. I encourage you to play around with the label settings to find the setup that looks and works best for you.

A few filters and labels can dramatically clean up your email workspace.  That, combined with more liberal deletion of messages, can even leave you with an empty inbox, at which time you’ll see a little cheerful word from Google.

Empty Inbox

Empty inbox (click to view full)

As I said earlier, there are many other options available to promote inbox cleanliness.  To find out how to use things like stars, importance markers, inbox styles, nested labelling, etc., you can either check out Gmail Help, or just experiment with your settings.

If you missed part one (A Brief Overview of the New Gmail Interface), it can be found here.

Read Full Post »

Part one of a two-part focus on Gmail.

Google has quietly introduced an updated interface for their Gmail service.  In their paradigmatic try-out-before-roll-out procedure, the new interface is currently available as an optional upgrade, but will become the standard for all Gmail accounts at some point in the near future.

An immediately noticeable aspect of the upgrade is conservation and improved management of screen real estate.  Elements of the interface have been changed to either free up space on the screen or make better use of the space you’ve got—a sure benefit for those who aren’t yet surfing on 23-inch LCDs.

The toolbar above the inbox is now dynamic.  For example, if you don’t have any mail selected, you won’t have the Delete option (among others).  The end result is an interface that looks a lot cleaner and less cluttered.

Gmail toolbar, reduced options

Gmail toolbar, reduced options (click to view full)
Gmail toolbar, full options

Gmail toolbar, full options (click to view full)

In the same space-saving vein, there are three new options available that affect the structure of the Gmail screen as a whole.  The options have been trendily named Comfortable, Cozy, and Compact.  As you can probably guess from the names, they give users a choice as to how much spacing is provided between elements on the screen, almost like a predefined zoom value.  Comfortable is the most spacious of the three, while Compact keeps everything small and tightly knit, leaving Cozy as the happy medium.  The spacing, in turn, affects how many emails you can see at one time in your inbox.  I prefer the Compact option, myself, because with a service like email, I like being able to see a lot of information at once without having to scroll.  Switching between the three options is effortless, so it’s easy to decide which one works for you.

Labels and Chat/Gadgets

Movable Chat/Gadgets module

A feature that I was happy to finally have is the movable separator between the labels area and the chat module (which has been merged with the gadgets module).  I never chat while logged into my Gmail account, so I always found it annoying that the chat module took up space that could have been devoted to my rather extensive list of labels.  I was frequently clicking the “More” option to view the rest of my labels in a little pop-up menu.  Blech.  Now, there’s no problem.  I can simply drag the chat module to where it belongs: neglected, in the bottom corner of the screen.

My one real gripe is Google’s removal of “create your own theme”.  There are still plenty of premade themes to choose from, many of them sleek and attractive, but I’m the type of person who always likes to modify layouts and colors, especially for a service that I use often.  I tweak layouts wherever I’ve got them, from my operating systems to my blog, and, until recently, my Gmail account.  Although the choice of colors (or lack thereof) doesn’t really detract from Gmail’s usability, it was still a nice option to have.  As I stated in a feedback response to Google, the inability to customize the theme isn’t a deal-breaker for me—I’ll still continue to use the service.  But boy, does it bug me.

"Try out" option

“Try out” option

Overall, the interface has changed for the better.  It’s more polished, and the usability has become further streamlined.  Unless you’re intent on keeping your customized theme for as long as humanly possible, I recommend giving the new look a go.  Just click the little floating label in the bottom right corner of your Gmail screen.

If you don’t like it, you can revert to the old one—at least until Google decides to make the change final.  For more information and a full list of details regarding the changes to the interface, check out Google’s About page for the new look.

Coming up soon: part two of my focus on Gmail.  I’ll be talking about simple ways to keep your email organized, and why a clean inbox is pleasant to use.

Read Full Post »

You might have seen a certain Microsoft ad on TV recently.  It stars Cheryl, who is surprised to find a PC store in her living room when she gets home.

There is something very wrong with this commercial.  Can you tell what it is?  Here’s a hint: it’s not Cheryl’s acting.  We’re told that “this is her four year old computer she doesn’t think she needs to update.”  Four years?  Are you kidding me?

I was lucky to have been introduced to the tech world when computers were still geeky, not trendy and a pivotal part of the market—back before it was commonplace to have an Internet hookup (or even a computer, for that matter) in every home.  We would upgrade our PCs when it was necessary, i.e., they could no longer perform the tasks for which we used them.  And even then, upgrading didn’t mean buying a whole new machine.  It meant buying only the components you needed to make the computer faster, or more powerful, or to give it more storage space.

PC Exploded

Today, computers are marketed a little differently.  They are treated only as the aggregates of their components.  It’s a false premise (likely the result of advertising), but it brings in more money, so that’s the way it is.  New is good.  New is fast.  New is cool.  If you want to keep up with the trends, it has to be new and cutting edge.

Running out of space for your photos and videos?  This PC comes with 500 gigs of storage!

A hard drive upgrade is very simple.  You replace your current drive with a bigger one, or add a second drive to your system.  External/portable hard drives are also a handy option.  The need for space alone doesn’t warrant a new PC.

Your computer isn’t fast enough?  This one has four gigs of memory!

Memory, or RAM, will certainly affect how fast you can get things done on your computer.  But like a hard drive, it can be easily added to an existing system, and it’s certainly less expensive than a new machine.  Here’s a great article by Worth Godwin that explains the function of RAM using non-geek terminology.

Want the latest operating system?  You’re in luck.  This shiny new PC has Windows 7 pre-installed!  (Along with a boat-load of useless junk.)

A new OS is often pushed because of its security, usability and speed, along with hosts of new widgets and baubles.  But remember: an OS is software.  You can buy it on its own and install it.  All you have to do is make sure your PC meets the minimum requirements.  However, since the cost of new OS software can sometimes run over a hundred (depending on whether it’s Home, Pro, etc.), this particular dilemma remains a judgement call on the part of the user.  Some do prefer to shell out an extra few hundred for a new machine if they’ve got it to spare, but it’s not a necessity.  Plus, installing an OS yourself will keep your PC free of bloatware (junk that PC manufacturers install, like free 30-day trials of software).

A couple of years ago I bought a new PC.  My reason for the purchase was strictly portability.  I wanted a laptop because I was moving around a lot.  If it hadn’t been for that, I’d have kept my now eleven-year-old desktop computer.  Why?  Because as far as everyday computing tasks go, there was nothing wrong with it.  Email, web browsing, watching movies, listening to music, banking, organizing digital photos—it could easily handle it all.

Let’s take a look at the operating system example. Imagine that I wanted to install Windows 7 on my eleven-year-old PC.  The minimum requirements specified by Microsoft are as follows:

Required 11-Year-Old PC  
1 GHz 32-bit 1.1 GHz 32-bit Yes
1 GB RAM 512 MB RAM No
16 GB space 220 GB space Yes
DX 9 capable graphics w/ WDDM 1.0 DX 9 capable graphics Yes*

* WDDM is apparently only required for the Aero theme.

I could potentially run the latest Windows OS on my old PC and all it would cost me is about $25 to double my RAM, netting me a few hundred dollars in savings (hardware-wise) versus the cost of a completely new computer.  If your computer is only four years old, like Cheryl’s, chances are it’s much more powerful than my beige, steam-powered antique PC.

There are those who do need to buy new computers more often, but they’re usually either hardcore gamers who need the fastest everything, or people who do resource-intensive audio/video work.  You might also need a top-notch rig if you’re mining Bitcoins.

If you moved north where it’s snowy, would you buy a new car because it had snow tires on it?  Or would you just buy the tires and have them installed on the car you already own?  The notion of buying a car for the tires is, of course, ridiculous.  So why is it any less ridiculous to completely replace your PC when only part of it may need upgrading?

 
Video: Microsoft via WindowsVideos on YouTube
Image: Gustavb via Wikimedia Commons under CC BY-SA 3.0

Read Full Post »

Automattic needs to draw more attention to the secure login page on WordPress.com.  It exists, so why not direct users to it? There are support pages on configuring your dashboard to run through HTTPS, which is fine, but as long as the login process remains unencrypted, some information is still left exposed.

ADSL router with Wi-Fi (802.11_b-g)If a user blogs through an unsecured Wi-Fi hotspot (as many travelling bloggers might do), all it takes is someone sniffing while the user logs in for his or her account to be potentially compromised.

Many popular online services offer links to their secure login pages right from their home pages.  Some email services, such as Gmail and Hotmail, have even defaulted to HTTPS.

Until Automattic provides a link to make the secure login page more obvious to users, you can navigate to https://wordpress.com/.  And don’t forget to update your bookmarks.

On a related note, Twitter seems to be in the same boat.  You can navigate to https://twitter.com/ to get their secure login.

 
Image: Asim18 via Wikimedia Commons under GFDL

Read Full Post »

People have been saying it for a while. The film and music industries have not crumbled due to piracy. They continue to flourish.

An interesting article on Geek.com talks about a report that was created by research company GfK Group for an undisclosed client. The report was initially intended to further the negative view of media pirates but, in fact, showed that pirates are generally better customers than their straight-and-narrow cousins.

The gist (although I encourage any readers to check out the original article) is that movie pirates don’t just download. They spend a lot on DVDs, Blu-rays and cinema tickets. Likewise, music pirates spend money on music because they like music.

From the article:

The conclusion of the study is that movie pirates are generally more interested in film and therefore spend more money and invest more time in it. In other words, they make up some of the movie industries best customers.

This makes perfect sense to me. If a person downloads a certain form of media, it’s probably because they’re keen on it. I’d be lying if I said I haven’t downloaded a few movies and television shows, but I also consider my hard copy DVD collection to be quite large and my cinema attendances common.

Now, the question is . . . who commissioned the report. I think we all have a pretty good idea.

Also from the article:

The reason given for shelving [the report] was that the contents proved “unpleasant.”

 
Original article: Geek.com

Read Full Post »

Older Posts »

%d bloggers like this: