Category: Internet matters

Posts about the internet

MacWorld 2007 keynote

Peacock near The Trout

Sure Apple gets millions worth of free advertising by releasing its products in their glitzy, spectacular way. At the same time, it is hard for a geeky Mac fan not to comment.

Everyone expected Apple to announce the iPhone at Macworld, though there does seem to be more to this device than most people expected. Everyone expected it to be an iPod and a phone, in this case it has 8GB of storage, and most expected it to be widescreen. The two megapixel camera is probably pretty poor – as telephone cameras universally are – but it could be useful regardless. The biggest surprise is that the thing runs OS X, rather than the proprietary and limited systems generally associated with smartphone and Blackberry type devices. Combined with the embedded sensors (proximity, ambient light, and an accelerometer), I imagine people are going to come up with some pretty amazing hacks for these devices.

The iPhone is a quad-band GSM + EDGE phone with WiFi and Bluetooth 2.0. A lot of people probably expected it to be 3G, but this is a better move for Apple. 3G has pretty much been a disaster for everyone who bet on it. The fact that it seems capable of talking to WiFi networks is also a big plus, especially if it can be used to do VoIP in an elegant way. The fact that it does not is unsurprising, but also a letdown. I am personally looking forward to the days when mobile phones automatically form mesh networks to pass traffic between themselves. That would circumvent the need for network infrastructure for calls within densely populated places and really change the business circumstances in which cellular service providers found themselves.

The mundane issues are more what concerns me: it looks like the starting price is US$499 for a 4GB model and US$599 for the 8GB and they will start shipping in June. Those prices are based on signing up for a two year phone contract, also. There’s no way it makes sense to buy the release version, as there are usually a couple of serious flaws that get sorted out in the next version. (Not that I will be spending $600 on such a device any time in the foreseeable future.) The battery life is supposedly sufficient for five hours of talk time and sixteen hours of audio listening. If true, that is better than my iPod Shuffle, and enormously better than my old 20GB 4th generation iPod.

Like a lot of people, I am curious about whether this device will stand up to everyday abrasion better than the iPod Nanos do. There’s also no way I would even consider buying this platform before Skype or something similar can be run on it.

Outward flowing data

Every time I run iTunes, gigabyte after gigabyte starts flowing out from my computer. In the last two hours, I have send 4.11GB worth of data, and I don’t use any kind of file sharing service. The hard drive gets hot. It clicks, when I am not even using the computer. The only plausible explanation is that people are using software, such as OurTunes, to download my music library. Normally, I would be flattered that they want my music. Unfortunately, two factors complicate things. Firstly, if all the drive activity makes my HD go kaput, I am left with no working computer at a time when having one is critical. Secondly, as a non-St. Antony’s student, I am on their network on a fairly provisional basis.

As such, you now need a password to access my shared music. If you’ve gone to the trouble to find this message and read it, send me an email.

Citable citation

Tree and blue sky

My congratulations go out to my friend Lindi Cassel: the first person who I know personally (as in ‘used to make stick figures out of kneadable eraser while in biology class with’) to get cited on Google Scholar:

Cassel, Lindi and Peter Suedfeld. “Salutogenesis and autobiographical disclosure among Holocaust survivors.” The Journal of Positive Psychology. Volume 1, Number 4 / October 2006. p.212-225.

While the subject matter is certainly sobering, the publication is extremely impressive, like so much else about Lindi. Bravo.

GMail security hole

Path to Marston

As people who read techie news pages like Engadget and Slashdot already know, a somewhat serious security flaw in GMail has recently been uncovered. Specifically, when you are logged into GMail in one browser window or tab, any other site you visit can grab your entire contact list. Whether that is a serious leak or not is a matter of perspective. Certainly, it exposes all of your friends of even more spam than they already receive.

Read the following carefully before you click anything. If you want to see the script that grabs contact lists at work, follow this link. Engadget says it’s “non-malicious,” but the risk is yours. The bug arises from the way in which GMail stores your contacts as a JavaScript file that can be requested by other websites. Google claims they have fixed the bug but, as the link above will prove, they have not.

Plausible attacks

A site that wanted to be really sneaky could exploit this information in many ways. At the very least, it could be used to very easily identify many of the people who are visiting. Knowing someone’s contact list might help in the launching of phishing attacks. It could, for example, make it easier to work out what company someone works for. You could then find out who does their information technology and send spoofed emails that seem to come from the IT department, asking for passwords or other sensitive information.

If it is a site that contains content that many people would not want others to know that they view, it could grab the email addresses for people with the same last name as you and threaten to send them information on your surfing history. A less complicated ploy would be to use emails that seem to come from people who you know to get through spam filters. Because of email spoofing, it is very easy to make messages seem to be coming from someone else.

Implications

As someone with 1037 MB of data in my main GMail account – including 14,410 emails and more than 1500 instant message conversations – I am naturally very concerned about GMail security. There is tons of stuff in there that I would be profoundly opposed to seeing on a public search engine, as has already happened in at least one case with private GMail data.

Contrary to their own assertions, Google had analysed and indexed all e-mails processed through their mail service. Due to a mistake made by an administrator, a database of the highly secret project was mirrored onto the external index servers, and as a result, the private mails of thousands of GMail users could be accessed via the search front-end for at least one hour.

Source

Clearly, it would be preferable if GMail started using durable encryption on their archived messages. This would both protect the messages from hostile outsiders and keep Google from doing anything undesirable with them. Even a passphrase based symmetric-key encryption system (perhaps based on AES) would be an improvement. I bet all the students at Arizona State University, which had turned to GMail to provide all their email services would feel likewise, if they knew.

[Update: 8:30pm] This article by Brad Templeton, the Chairman of the Electronic Frontier Foundation, makes some good general points about GMail and privacy.

[Update: 11:00pm] According to Engadget, this hole has been fixed. It’s good that it was dealt with so quickly, but there are still reasons to be concerned about GMail security in general.

[Update: 2 January 2007] The mainstream media has caught up with the story. CBC News: Teen exposes Google security flaw.

[Update: 18 July 2008] GMail just added a very useful ‘Activity on this account’ feature. It tells you (a) whether any other computers are logged into account and (b) when and where the last five logins took place from. This is excellent.

Foggy day

Fog on Parks Road, Oxford

Along with thunder and lighting, fog is among my favourite atmospheric phenomena. The best thing about it is the way in which it reveals the characteristics of light: the diffusion around omnidirectional sources and the elegant linearity generated by point sources and sharp edges. The fact that it makes trees look atmospheric and intriguing is of considerable benefit.

The fog today is apparently so bad that they are canceling flights out of Heathrow. I find that a bit surprising, as I thought commercial jets had RADAR guidance systems for takeoff and landing, to use under such conditions. They are justified in being concerned about takeoffs and landings. Along with Controlled Flight Into Terrain, approach-and-landing accidents have accounted for 80 percent of fatalities in commercial transport-aircraft accidents from 1979 through 1991. Given how crowded the airspace around London must be, extra caution is probably warranted; I imagine they would not be taking huge financial knocks for canceling flights without good cause.

One unhappy matter photographic is that my Photo.net subscription expires in just over a week. Not to drive anyone too brazenly towards the donation page, but consider yourself gently nudged.

[Update: 22 December 2006] Many thanks to Tristan Laing for setting me up with another year of Photo.net hosting.

New blog for Mica in the works

As an evolving Christmas gift, I am working on a new website for my brother Mica. As of now, there are three big things I mean to do: find and customize a very nice WordPress template, categorize his old posts and make sure the image and video links in them work properly, and try to configure the Broadcast Machine so that people can view and download his videos through iTunes.

I expect that finishing all of that will take me a few days, but I made a good start tonight.

Holiday to-do lists

Academic

  1. Complete first paper for Developing World seminar
  2. Complete second paper for Developing World seminar
  3. Complete masses of thesis reading
  4. Draft thesis introduction
  5. Draft thesis literature review
  6. Draft thesis background to case studies
  7. Finish the two issues of The Economist that arrived while I was in Turkey

Web / Photographic

  1. Post the best photos from Turkey to my Photo.net page (Done on 19 Dec)
  2. Post scanned T-Max images
  3. Post non-“photo of the day” images to blog and link into standard structures
  4. Create a new banner / theme for the blog for the new year?
  5. Help Mica migrate from his Blogger based site to a WordPress site with better capabilities?
  6. Work through some old bugs and feature suggestions.

Employment related

  1. Find a job for after June 16th

Time remaining for completion: 27 days. Probability of having time for another trip this break: low and falling.

Fresh ‘Papa Fly’ offering

My brother Mica has a new video online: Red Light. This one is heavier on the special effects than any of the previous ones, and I find it quite entertaining. Here’s a direct link to Google Video.

The twenty minute filming time would be the envy of major studios.

[Update: 19 December 2006] Mica has been interviewed about his films by one of the people affiliated with Bopsta (formerly Google Idol).

Back in the UK

Istanbul cats

Back in the comparative warmth of Oxford, I am enjoying how it feels to be on a computer with a properly calibrated screen and a keyboard familiar enough to require no peeking. It is gratifying to see how much better my photos look when properly displayed.

Since this is my father’s last night in England, I am not going to spend the three hours or so that it will take to sort through my photos from Turkey, just now. You can expect my previous entries to start getting illustrated as of tomorrow, as well as additional batches on Facebook and Photo.net.

PS. Both my iPod Shuffle and my USB flash drive picked up a few viruses over the course of visiting hostel and internet cafe computers. Thankfully, they are all viruses that only affect Windows machines. Travelers with laptops (or computers running Windows back home) beware. I do feel bad about spreading viruses between all those machines; no wonder they were so slow.

Irksome spammers

My spam problems have become very acute, with five or so spam comments appearing on commonly visited posts each day. In response, I have kicked up the sensitivity of Spam Karma 2 by a couple of notches. My apologies if this makes it more difficult to leave legitimate comments.

Judging by some of the search strings that are leading people to the site, I think blogs that use Spam Karma 2 are being specifically targetted. I may need to adopt a new system once I get back to Oxford on the 16th or 17th.

[Update: 29 December 2006] I am having two spam problems now. One is annoying and one is just odd. The first is that some spam comments are getting through Spam Karma 2, even with the Akismet plugin. They have karma values of over 1000, which I think must be the result of a clever hack. I changed the page footer with the number of spams caught, to make it less obvious that I am running SK2. The odd thing is that the number of spams caught figure just doesn’t go up anymore. I have no idea why, or how to fix it.

[Update: 31 December 2006] For no comprehensible reason, the spams caught count has started rising again: jumping immediately by forty points. The best thing to do seems to leave it alone.

[Update: 2 January 2007] For some reason, today involved a veritable cascade of comment spam. At midnight yesterday, my filters had caught 870 spam comments. 24 hours later, they have caught 1065. That is 22% of all the comments received thus far, all on a single day. I am impressed that my new combination filtering system (details top secret) managed to catch every single one, without catching any real comments by mistake.

[Update: 21 January 2007] Because of aggressive spammers, I had to disable the ability of people in general to register accounts with the WordPress installation for a sibilant intake of breath. People who want one should ask me by email, and I will set one up on their behalf.

[Update: 15 April 2007] I am surprised to see that I thought five spam comments a day was a large number, back in January. Now, I get more like 50. Thankfully, I have some better protections in place. As such, I am allowing user registration again. We will see how it goes.