Hummer Drivers Get More Tickets. A Lot More

WriteRoom for the iPhone quick review #apple

Just a quick update; I recently picked up WriteRoom for the iPhone, since I wanted a really, really, really basic notepad that could transfer notes back and forth between my iPod Touch and my Desktop. Turns out this was a very cool purchase. It's minimal, which I love, but it also has the ability to (among other ways to export) display your documents in a browser on your Desktop. This is by far not the most secure way to share documents, but on my closed little fortress it's no big deal.

So you turn on the temporary share in WriteRoom for the iPhone, you point your browser at the specified address, and you are presented with this..





Pretty frickin' suave. It will allow you to read documents and write documents from the browser window, so importing isn't a problem. An improvement (perhaps too much to ask) would be to have a drag and drop interface via a tiny Java applet. That could get complex though. Actually on second thought forget it, I like this app as simple as it is!

Technorati Tags: apple, iphone

Watchmen - Journal

Watchmen - Journal:

Watchmen - Journal A complex, multi-layered mystery adventure, the film is set in an alternate 1985 America in which costumed superheroes are part of the fabric of everyday society, and the “Doomsday Clock” – which charts the USA’s tension with the Soviet Union – is permanently set at five minutes to midnight. When one of his former colleagues is murdered, the washed-up but no less determined masked vigilante Rorschach sets out to uncover a plot to kill and discredit all past and present superheroes. As he reconnects with his former crime-fighting legion – a ragtag group of retired superheroes, only one of whom has true powers – Rorschach glimpses a wide-ranging and disturbing conspiracy with links to their shared past and catastrophic consequences for the future. Their mission is to watch over humanity…but who is watching the Watchmen? Directed by: Zack Snyder Starring: Malin Akerman, Billy Crudup, Matthew Goode, Carla Gugino, Jackie Earle Haley

Technorati Tags: movies, watchmen

Quick'n'Dirty: Create your own local podcast in iTunes

I wrote a Quick'n'Dirty script tonight so that I could import a bunch of assorted mp3 audio files on to my iPod in the form of a Podcast.

Why?

Imagine you have a bunch of lectures by a guy at Google recorded at a university. They are available as randomly assorted mp3 audio files. Rather than suffer through trying to listen to them one by one on your iPod, you use this script to create an XML file that fakes a podcast. By creating my own fake podcast in iTunes, I can take a series of mp3 audio files, set them in a specific order, listen to each one, and have the iPod automatically discard the file when I am done.

So here's what you do under Mac OS X 10.5, with this fugly script.. dir2pod.pl

Warning: This script comes with no warranties or licenses. :)

1. Go to Apple -> System Preferences -> Sharing


2. Enable Web Sharing


3. In your Sites directory, create Podcasts


4. Make sure Podcasts has read-only permissions for everyone (use APPL-I if you need to change the permissions)


5. Move dir2pod.pl into Podcasts, make sure it is executable (APPL-I again)


6. Copy your directory of mp3 audio files into Podcasts as a subdirectory (so for example, you'd have Podcasts/Myshow if your mp3 files were in a directory named Myshow)


7. Run the following command from The Shell
   

   $ cd ~/Sites/Podcasts && ./dir2pod.pl Myshow/ > Myshow.xml



8. In iTunes, go to Advanced -> Subscribe to Podcast... And enter;
   

   http://localhost/~YOURUSERNAME/Podcasts/Myshow.xml



9. If everything went well, iTunes will detect the podcast and will try and download the last file. Click on "Get All" to download all the files in that directory.

If you want to try this script out, but it's not working for you, pass me a comment and I'll see if I can tell you where it's going wrong.

RT @guykawasaki Music remixed by fish

No, not a DJ named Fish. Real fish.

Thanks to @guykawasaki for posting to Twitter. Via Make.

Submersed Songs | Canções Submersas from ?LEX on Vimeo.

Twitter attack wave; real site-cracking edition.

The latest round of Twitter attacks took place seemingly last night, and these new ones took advantage of a legitimate site security flaw in Twitter's interface to compromise accounts.

Quoting the Twitter blog:

The issue with these 33 accounts is different from the Phishing scam aimed at Twitter users this weekend. These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck. We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure.

Blah, that's a pretty gloomy thing to come in to work on a Monday morning. I don't feel for the coders at Twitter...

But this highlights a bunch of points that normal people (non IT people!) don't yet appreciate;

Any computer connected to the Internet can be subject to a break in (especially the one you're reading this post from).

Big brand IT shops with big budgets aren't immune, even if they have been as diligent as they can with security.

Security is a cat and mouse game. As smart as security people are, the crooks are just as capable.

tl;dr .. We're back at That Password Thing... Change your twitter password as soon as you can. I doubt the public outside of Twitter will know how deep these guys got into the system before the compromise was noticed.

This blog isn't immune by any stretch of the imagination, so I'm not posting this from some mountaintop of smugness. It's only a matter of time before someone finds a hole in Wordpress, or a plugin I'm using, or in the base operating system of my server, and bam I'm pwnd.

Finally; we, being humans, need to move past our current methods of authentication. Not to some weird draconian Big Brother type system where one central command corporation has the full rights to this data, but an open system based on tried and true methods of cryptography and digital signatures.

Making it easy and portable to prove who you are is the next leap in online communications. Literally establishing trust relationships with real people using digital keys to solidify the trust of others in what is being posted.

Map CAPS-LOCK to Control in Ubuntu and Mac OS X.

I dislike CAPS-LOCK. It is a key that has not made much sense to me since the Commodore 64. It's one of those odd legacy keys from lord knows when in antiquity. One of the most annoying things about CAPS-LOCK is that it has great placement on the keyboard.

One of the most useful keys for a *NIX geek is Control. It's the all purpose key on the command line.

So if you're into Linux or FreeBSD or anything in between, mapping CAPS-LOCK to Control can really speed you up and save your wrists a lot of strain. Your pinky can now reach Control without having to do that funny pivot down and left or right.

If you just dislike the CAPS-LOCK key, as in it gets in your way while you're trying to type, this is also a good option to 86 it as well.


One option you have is to buy a keyboard where CAPS-LOCK is already replaced by a hardware-mapped Control key, like the Happy Hacking series of keyboards (my personal favorite keyboard, just barely inches out the Model-M for best keyboard ever).

So here are two ways to map CAPS-LOCK to Control. One in Ubuntu Linux (7.10 and up) and one in Mac OS X.

Ubuntu Linux with Gnome

1. Click on System -> Preferences -> Keyboard
   
2. Click on the Layouts tab
   
3. Click on Layout Options...
   
   
   
4. Expand Ctrl key position
   
5. Select the Make CapsLock an additional Ctrl. radio button.
   
   
   
6. Close, boom done!
   

Apple Mac OS X 10.5

1. Click on Apple -> System Preferences
   
2. Go to Keyboard & Mouse
   
3. Click on Modifier Keys
   
   
   
4. Select the Caps-Lock Key pulldown
   
   
   
5. Set it to Control
   
   
   
6. Boom! Done.
   

And then if you're a total obsessive like I am, you can do this sort of thing...



A neat feature of FreeBSD 5; it gives you the option to map CAPS-LOCK globally to Control during the install process.

Unrelated Side Note:

THIS was so cool it actually made me a little angry.

C64 USB keyboard

Twitter probably needs an API key generation system to thrive

There's a big bad phish going around on Twitter today. Likely either related to the Twply thing or seriously emboldened by it.

One of the first things I considered when I looked at the Twitter API was that it was wonderfully open, and ripe for abuses. Coupled with a Phishing attack there are a lot of powerful methods to disseminate viruses, malware, and to collect passwords. LOTS of them.

From the Twitter blog:

It looks as though this particular scam sent out emails resembling those you might receive from Twitter if you get email notifications of your Direct Messages. The email said, "hey! check out this funny blog about you..." and then provided a link. That link redirected to a site masquerading as the Twitter front page.

Anyway one thing that might help stem the tide of Phishing attacks, and API-service type attacks (Twply style trust attacks, where they say they're going to do something, and all they really do is take your data), an API key system, or a drastic evolution of the current API method.

It's not like I'm saying anything radical, actually, this is likely in the works at the volcano/skull island that houses Twitter's developers, but it's more the shape of things to come. You'll likely see a slightly more complex and less "impulse buy" friendly API system emerge. Hopefully safer than the seat of the pants insecure method used now.

And as Pete Cashmore says, it might be a sign that Twitter is "for real".

About that password thing...

I re-twitted this alarming post from @JennKim last night regarding a Twitter scam site

@JennKim Think twice before leaving your Twitter password http://tinyurl.com/7wq2gt

From the article linked above...

Twply, the Twitter site that promised to email your replies to your inbox while protecting your password, appears to have tweeted a promotional message for the service on your account even if you opted out of this option. To add insult to injury, the site was sold today on Sitepoint for $1200, just one day after launch. The site, which required you to enter your Twitter password, has now sold that confidential data to the winning bidder - site user worldbuyer.

Sucks! Also I'm sorry if you are reading this and were burned by this service. BUT, yeah, never trust anyone with your passwords.

This is the new face of the electronic security compromise. People don't put the importance of security on their online passwords as they do with, say, the PIN number for their bank cards.

If you spend a lot of time online, you really, really should. Why?

People use the same passwords for multiple sites.

It is unfortunate but it's a reality that won't change as long as we are human. The password system does sort of suck, but it's what we have now until the populace gets comfy with digital keys. You don't have to have a different password for every occasion, but I try to have three or four rotating strong passwords I use at different sites. The bad news on this front is some places (often financial firms) won't let you use strong passwords with characters like @ # $ % or & in them. Dumb but true. So what ends up happening is that people will pick the weakest but most compatible password they can remember and they'll use it everywhere.

We also use the same login for multiple sites.. more on that below.

Fix: Generate 3 good passwords and try to use a password manager with your PDA or phone. You don't have to use the password manager every time, but it can help jog your memory when you forget.

Website security is always much worse than you think.
Take it from an insider; if a website wants your username and password so that it can access another website on your behalf, it is going to store that username and password in a database in PLAIN TEXT, no encryption and with the most basic of protections.

It is only marginally better, often, if you are submitting your username and password to a forum. The passwords might be encrypted, but that encryption can be reversed as well. It's worth it to a hacking group to decrypt a series of passwords, and they always have the horsepower to do it (think Storm Botnet).

Fix:Don't trust any of these places. Even Facebook! I couldn't believe Facebook wants me to input my GMail username and password so that it can scrape my address book for friends. The audacity... Sure it works, but now your GMail account and password are on record in a Facebook database somewhere, for EVAR. When the Badguys get into that database, they have your account and password info.

Badguys will compromise your accounts, even if you think they aren't important.
So now a website is hacked, let's say via SQL injection or a straight buffer overflow. No matter how, the Badguys now have access to your username and password. What can they do with it?

1. Cross-reference your username with a domain-name database to see what you have registered. yourname.com is now a target of domain jacking.
   
2. Try your username and password combo at places like GMail and Hotmail. If you signed up to twitter as exampledude, and your hotmail account is exampledude@hotmail.com.
   
3. They read your e-mail to find out what banks and online financial institutions you use. Paypal, etc. They are now closer to having access to your money.
   
4. They scrape your e-mail accounts for users and send them viruses, personalized, from you. They send you viruses from your friend's addresses. Personalized Phishing may be on the horizon as well.
   
5. If they have access to your e-mail accounts, they can take your domain. If that domain has e-mail accounts associated with it, they now own those too and the cycle repeats.
   

I could keep going like this. tl;dr it's a domino effect. The badguys get one compromise, and they can keep going with that unless you've used good username and password hygiene.

There's a lot of excitement around social networking and mashups right now. There's a great sense of community and optimism towards anything to do with it. It's refreshing, but I think in that atmosphere people drop their guard a bit in the hopes that everyone intends only good.

But, this is still the Internet.