Tuesday, June 29, 2010

iPhone 4 or iOS 4 features

Three features that I find invaluable - folders, multitasking bar, and strong password. If you don't know how to use them, here is a quickie ...

To create folders, just go into screen edit mode (hold an icon until everything vibrates) and move an icon over another one - they will both be put into a folder. The OS will give the folder a name, but you can rename it. Each folder can hold up to 12 apps, but only the first 9 icons will show. You can remove an app from a folder by dragging it out of the folder. I've heard that some people have put almost everything into folders so they only have one or two home pages.

I had to look up how to get to the multitasking bar -- double-click the home button. A new row of icons will show up at the bottom of the screen. These are your most recently used or currently running apps. Since most apps have not been recompiled to make them pause when you navigate away from them, when you click on an icon, that app will start up just as if you had clicked its icon on one of the home pages. When an app gets recompiled to make it multi-tasking-aware, then when you navigate away from it, it will pause, and then when you click on its icon in the multitasking bar, it will resume right where you left off.

To remove an icon from the list (to to kill it if it is paused), just hold down one of the icons until they all start to shake and click the minus sign to remove it. You can swipe to the left to see more icons. If you are at the beginning of the list and swipe to the RIGHT, you will get quick access to your ipod controls PLUS the hidden orientation lock button.

Finally, if you want more than a four digit passcode, go into Settings, General, Passcode Lock and turn "Simple Passcode" to OFF. It's a bit of a pain, but some of you may want this.

Monday, June 28, 2010

Multiple Home Pages

Here is a little javascript trick [if you use NoScript, click here to skip to that section].

I have been using isc.sans.edu as my home page for some time. But today, I wanted my home page to alternate between isc.sans.edu and also infosecevents.net. So, I used a little javascript:

Open Tools / Options, paste this into "Home Page" and click OK:

javascript:var d=new Date();var h=d.getMinutes()%2;if(h==0){document.location="http://infosecevents.net"}else{document.location="http://isc.sans.edu"}

[It should paste as a single line - if not, you may have to copy/paste in pieces]

Now, click on the home page button in your toolbar and see what comes up. Then wait a minute and do it again. Cool, eh?

There are some tweaks you can make:
1. if you want the home page to change less often, you can use getHours instead of getMinutes (or go the other way with getSeconds).
2. if you want to alternate between more than two pages, try something like this (i tried a switch/case instead of the if/else, but it didn't work):

javascript:var d=new Date();var h=d.getMinutes()%4;if(h==0){document.location="http://infosecevents.net"}else if(h==1){document.location="http://isc.sans.edu"}else if (h==2){document.location="http://iamneurotic.com/"}else if (h==3){document.location="http://starnull.blogspot.com/"}

The NoScript section

Obviously, none of this is going to work if you have disallowed javascript (say, if you're using NoScript in Firefox) on the page you're on (which includes the page that opens in a new window). In that case, you can put the javascript into a local file (say, on your desktop) -- this is the equivalent of the previous example:

<xxript>
var d=new Date();
var h=d.getMinutes()%4;
if (h==0) {document.location="http://infosecevents.net"} else
if (h==1) {document.location="http://isc.sans.edu"} else
if (h==2) {document.location="http://iamneurotic.com/"} else
if (h==3) {document.location="http://starnull.blogspot.com/"}
</script>

Call it something.htm and double-click it. When Firefox opens, it will not recognize the xxript on the first line, but that is a good thing. Open Tools / Options and click "Use Current Page" under "Home Page" and click OK. Now, go back to your file and change "xxript" on the first line to "script".

Test it by starting up Firefox the way you normally do (desktop icon, quick launch icon, whatever). Ta da. The home page comes up. The only caveat here is that if you're on a page on which you have disallowed javascript and you try to hit the home page button, nothing will happen.

Have fun!

Sunday, June 13, 2010

On the BS of Positive Thinking

Barbara Ehrenreich on the BS of "positive thinking" - neat video clip: http://ping.fm/dO0yK. her book "Bright-Sided" is fantastic. (via Twitter @hypatiadotca)

Friday, June 11, 2010

How does Fortinet filter web sites ?

I don't know about you, but I have gotten a lot of really bad results from Fortinet's web filtering service; the most recent is in the picture below. The link mentioned goes to a web site that offers the Google Books Downloader app for Macintosh. Even looking at the upper level domain (from a machine outside the reach of Fortinet), there is nothing there that is even remotely racy, much less pornographic.

I wonder who they hire to look at these web sites and rate them? Maybe this site happened to fall into the hands of a Google-hater or Mac-hater for review? I don't know, but my own experience tells me that I were ever in the position to buy such a service, Fortinet would be at the bottom of the list.

One could argue that maybe the web site was hacked and showed porno for a short time and that's why it was rated the way it was. I would counter back that Fortinet has a responsibility not to slander employees of the organizations that use their service. They are a security firm and could, for porno and other "bad" tags, send the web site to a level 2 person before applying the tag. The analysis would go something like this:

1. Did the web site ever have a different rating? If so, it probably deserves a rating like "Hacked" which means that it temporarily goes somewhere "bad" but the person who went there did not intend to go somewhere "bad".

2. If they never saw the web site before, then can they infer anything by looking at the forensics (whois, archive.org, does anyone link to them, etc).

3. Then, if they do say it was "Hacked", come back regularly to see if the rating should change.

This lets the organization block "hacked" web sites, while not impugning the reputation of those who innocently go to those web sites.

Seems like something a responsible organization would do. I hope that Fortinet would consider such a course of action for themselves since I believe that they want to do the right thing (proactively try to apply responsible ratings) vs doing the make-a-quick-buck thing (report whatever they want and let the users tell them when they make a mistake, or hide behind "the organization is not supposed to take the ratings literally and should do their own investigation" - like that ever happens).





Update: after reporting the problem to Fortinet, they corrected it in less than an hour. That normally does not happen this quickly when I report errors to them, so maybe it was the fact that I publicly tweeted it to their Twitter address @Fortinet that got them to act quickly (hint for others out there who have rating problems). In either case, I appreciate their quick action, but wish that they acted, in my opinion, in a more responsible manner to start with.

Tuesday, June 1, 2010

Moved passwords to 1Password

Finally. I've wanted to do that forever. I moved 333 passwords from work and 530 passwords from home (both Firefox/PC) to 1Password/Mac. How to:

install secure delete on PC (heidi.ie) and Mac - you will be exporting your passwords to the disk (hard drive, USB, whatever), so you want to be able to securely erase the part of the disk that those files were on. i use Eraser (free) on Windows ( here ) and, of course, Secure Empty Trash is part of Leopard on the Mac.

export passwords out of Firefox - there is a free add-on for Firefox ( here ) that allows you to export your passwords to a file. after you install it, go to tools / options / import/export / export. i chose to export as a csv file instead of xml, but either one works.

merge the password files - i brought my work password file home and used the Import feature to merge the two password files ( tools / options / import/export / import ).

check your errors - you will get a number of errors. most of them are duplicates and some are other types of problems. make note of all of them, especially the "duplicates" since they may not be duplicates. huh? well, the web site and username will be the same, but the password may be different -- maybe you changed the password and only accessed it AFTER the change at one location. you will have to check the csv or xml file to see what the two passwords are, and if different, fix things. the easiest way to do that is to log in again, using what firefox thinks is the right password and if it does not work, then use the one from the imported file.

Move profile to Mac
Fix 1Password (false start) - Firefox setting
Import into 1Password
Backup
Copy keychain to USB
Copy into PC area
Bring up 1Password
put iPhone, iPad, Mac on same wireless
Bring up iPhone 1Password
turn on wireless sync
follow instructions for Mac
repeat for iPad

want:
all - option to leave userid out of title (and only in details) in GUI (i know why its needed in the dialog)
iPad - option to sort by domain
PC - auto fill without Ctrl-\

next steps:
go back to Firefox and clean out profile (dups due to formName, fields)
reimport

tests:
powweb

pictures:

Police Offer Home Security Tips

Click here (via @RobertSiciliano).

What your email address says about your computer skills

picture is here.

Monday, May 31, 2010

Wireless settings

Made the jump recently to add wireless to my home network (vs all-wired) due to the arrival of my iPad. Conventional wisdom (SSID) got in the way though.

All you need to set is a LONG & STRONG WPA2 (AES) password. I was telling the router not to broadcast the SSID, but that does little to stop hackers and makes the network almost unusable -- devices (iPad/iPhone) can't see the network, even if they remember the SSID/password. Once I set the SSID to broadcast, the devices automagically saw the network and joined. Just make sure you choose a unique SSID.

One potential problem I have to investigate. What is someone chooses the same name (SSID) and no password -- which one will the device choose?

Security's Top 4 Social Engineers Of All Time

Click here for the article.

On this, Quit Facebook Day, I haven't quit Facebook since there are reasons to have a presence there. However, to protect my privacy, I've removed every shred of profile information, including using a fake birthday (was already doing that). Basically, i treat it like Twitter - I'll read stuff, I'll contribute not-too-personal stuff, you can figure out who I am by my associations, but I won't provide any specific personal information (it's enough that Google is trying to get all of that stuff :-/ ).

Another interesting article here (bit.ly link) or here (direct link to Washington Post).

Sunday, May 30, 2010

What am I up to?

Things on my to-do list:
- transfer passwords being kept by Firefox to 1Password (Mac) and KeePass (PC)
- consolidate data from a dozen 100-200GB (WD & LaCie) external drives into TB drives- set up WD NAS drive
- set up TimeMachine backups for MacBook (to LaCie d2 quadra)
- upgrade MacBook to SnowLeopard
- find a decent multi-account Twitter client for iPad (use Twitterific on iPhone and Seesmic Desktop on PC, nothing on Mac)
- find a decent newsreader for iPhone & iPad (use Google Reader on PC, nothing on Mac)
- finish transferring most of my work from PC to MacBook
- wait for Henge Docks docking station to become available for my 13" MacBook
- try to load OpenBSD on my old PowerPC chip iMac (currently running OS X Tiger)
- wait for the new iPhone coming in June

Lost meets Avatar

click here for the picture (via @jlist").

Steven Fry on "What I wish I'd known when I was 18"

Take 30 minutes out of your day to listen to this (via @chockenberry). If you'd prefer to listen to it offline as an mp4 (instead of streaming it), bring me a USB stick.

Creative minds 'mimic schizophrenia'

Interesting article here (via @samkrishna).

Wednesday, January 20, 2010

Mac & Cheese

If you love soft mac & cheese with lots of cheese, go to Panera. I tried them and Noodles & Co and surprisingly, Panera was far better -- even better than my prior favorite -- Stouffer's frozen (the one I went to was on Lee Hwy in Fairfax, just west of Rt 123 - near the H-Mart).