Order of the Bath

Archive for the ‘Technical’ Category

Configuring the Firewall on MacOS X 10.5.1+ (Leopard)

2 Feb 2009 11:23 by Rick

Confession: Until last week, I had it switched off. It didn’t make a lot of difference but I should have been more careful. It was just that when I first switched it on, nothing worked and I didn’t understand how the Mac worked enough to fix it; then I forgot. It ought to be switched on by default then this wouldn’t happen.

Anyway, it is all actually quite straight forward. There are guides available to show you how to do it. The problem is that they are a bit too technical in language and also are not clear on how to decide what to put in the table of allowed programs. The answer is don’t put any in manually, let them ask you first and then decide if you want to allow it.

The sort of programs which will ask and need it are IM/VoIP (iChat, Adium, Skype) and Download/Upload services (µTorrent, iPlayer, CyberDuck). Your browser may also ask, it rather depends on what sites you go to. Some applications ask more than once but eventually they remember. The ones that don’t ask and shouldn’t need it are Mail/RSS/News (Thunderbird, iMail), Text (NeoOffice, TextWrangler, TextEdit, MS-Office) and (to my surprise) Virtual Machines (VMware Fusion, Crossover and probably Parallels). In any case, you ought to run a local firewall in virtual machines.

Posted in Mac, Security, Technical | Comments Off on Configuring the Firewall on MacOS X 10.5.1+ (Leopard)

Lorelle on Church Website Design

21 Jan 2009 20:59 by Rick

Lorelle van Fossen talks to Church web designers—and discovers that she knew nothing about the issues. Good article.

Posted in ChurchTech, Technical, WordPress | 3 Comments »

iTunes-DRM=(not quite) freedom

14 Jan 2009 10:43 by Rick

When Apple announced that it was no longer going to include Digital Rights Management on songs downloaded from the iTunes store, it all looked rosy—but there is a hidden catch. The AAC (.m4a) files still have your iTunes account id embedded in them so it can still be determined who bought them. That is unless you can find a way to edit the file to remove this information. Mediamonkey says it can edit AAC tags but I don’t know if it includes this one.

Posted in Hi-Fi & Music, Technical | Comments Off on iTunes-DRM=(not quite) freedom

Intercept Modernisation Programme

13 Jan 2009 13:53 by Rick

Information is slowly leaking out about what this government initiative will actually mean. The EU Data Retention Directive provides for member states to require Communication Service Providers to collect and retain data for a period of between 6 months and 2 years. There are hints that the Home Office are going to not only specify the maximum period but also to set up a system to record it all centrally.

Some sources suggest that the recording of phone call information (that is source and destination numbers and timestamp, not content) is already being done (but probably not Skype calls).

Extending this to email could be problematic. The source address of an email is known to be highly unreliable (look in your spam box to see examples) and, anyway, if the ISPs are to do it then what about those people who use international web mail services like Hotmail and Google plus there are those (ahem!) who use an off-shore host. But then, other sources suggest that, to make things easier for the smaller ISP, the intercept will be done further upstream on the trunks. To do this they would have to filter on the port numbers (POP, SMTP & IMAP). Even then it wouldn’t catch the web mail services.

Extending it further to monitor other internet traffic such as web sites generates a huge quantity of data. Just viewing one page can easily generate dozens of requests and downloads, a busy portal can require hundreds, so some serious data reduction techniques would have to be used. But as a side effect, the data is unreliable in intent even if comprehensive in actuality. The user is not in control of side content on the web pages they view and not even the main content when the referrer information is vague or misleading.

We already know that the return on investment for video surveillance is very poor to the extent that some authorities are leaving them unmanned. Sifting through the archives looking for incidents retrospectively is enormously time consuming and frequently a waste of police time. I don’t suppose this new idea will be any better.

Posted in email, Security, Technical | 1 Comment »

Bible Verse Plugins

2 Jan 2009 18:01 by Rick

While developing the new church website (which, by the way, is now online) I came across a couple of plugins that automatically link a bible verse reference to the text. I was reminded to write about it today, ironically, by a spam which linked to a very crude online bible using free web space from Blogspot. I am not sure which version has been bootlegged.

eBibleicious

eBibleicious was the first plugin I investigated. It links to eBible.com and seemed to be simple and efficient but for some reason does not work at all if the visitor is on Virgin Broadband. bweaver.net has a review with some screen shots which show what could have been, but the developer blog has been quiet since March 2008 so I think it has all but died.

The Holy Scripturizer

The Holy Scripturizer is a plugin that I found later. It is also not well advertised and the developer blog has not been updated since june 2008 but perhaps there is nothing more to do; it works fine on WP 2.7. There are a lot of the same ideas as eBibleicious using the ESV website as source, but has the added benefit of multiple versions in link only (i.e. not popup) mode. The NRSV comes from Oremus Bible Browser which is the one we normally use. Almost every English language version is covered and a lot of others as well, mostly via the Bible Gateway. It parses most standard bible references and is working brilliantly on the web site with virtually no training needed.

[Update 7 Jul 2017]

Wow, yes, I am still using it!

And all was going well – some time ago I modified it to v1.8.5 to a) support NRSV-UK from bible.oremus.org and b) change target=”_new” to target=”_blank” to conform to current practice. This is ok right up to WordPress v4.8. However we migrated servers recently to one that supports PHP7, though we have downgraded it a bit to v5.6 because of other problems. This plugin started to give us grief—it was blocking login and whenever it was activated it said

The plugin generated 3 characters of unexpected output during activation. If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.

It took a lot of effort to track down what the problem was but it turned out to be the encoding of the main PHP file—it was UTF8 with BOM (Byte Order Mark) and it was the latter which was causing the problem as it was pushing the BOM 3 characters out before the headers and causing the error. So I have removed the BOM from the file and all is well again. I suspect that it was self-inflicted and I had edited it at some time using Windows Textedit which is known to do this sort of thing.

In the process of trying to trace the problem I also created a stripped down version which I have called RJP-BibleRef. This is pure plug and play, it requires no options setting but it ONLY generates NRSV-UK links. You are welcome to give any of them a try.

The Original The Holy Scripturizer v1.8.3
My Modified The Holy Scripturizer v1.8.5
The Stripped Down RJP-BibleRef v1.0

Posted in ChurchTech, WordPress | 1 Comment »

Apple cancels Christmas

17 Dec 2008 11:39 by Rick

That’s all folks!

Posted in Mac, Miscellaneous | Comments Off on Apple cancels Christmas

Verified by Visa

15 Dec 2008 12:05 by Rick

Another attempt at improving the security of online transactions is Verified by Visa (and a very similar system called Mastercard SecureCode). The system is that a password independent of anything written on the card and with much more variability (10-15 characters) is verified with the bank first and then used for transactions. Not all banks nor all retailers are signed up yet but it looks to be a good system, albeit with only one of the factors of authentication in use (Something-you-know). A clever part is the echoing back of a phrase decided by you (“Personal Message”) in advance to give you confidence that it is a genuine transactions (so beware of any Verified-by-Visa popups that don’t contain this phrase).

However the implementation on the ground has not been good. Very little advance information has been sent out to customers and often the first thing they discover is a retailer that is using it, sometimes with no option. You do get an invitation to sign up there and then (called Activation During Shopping) but this is exactly the situation we have all been warned against—an unknown web address (not even the retailer one) asking for personal details and passwords. I recommend that if you come across this, pause the transaction and go to a different window and sign up directly via your known bank web site.

Now when will The Cooperative Bank join in? Ah, they are, slowly, it just doesn’t say so on the Visa site. They have decided not to use Activation During Shopping so they get a gold star from me for having a clue. I will take half of it back though, as they are using a “memorable name” rather than a real password, nor do they seem to be using the echoed personal message. Is this really one system or are people making it up as they go along?

Posted in Security | 2 Comments »

Cardholder Not Present

5 Dec 2008 10:51 by Rick

The key requirements when approving a transaction are authentication, proving that you are the person you say you are, and authority, that you are allowed to perform the transaction. With a typical credit card transaction, these two go together as the authentication shows that you are the owner of the account who automatically has full authority. There is scope to break that link, but that would need to be another article.

The mantra in the security industry regarding authentication is

Something you have—such as a card.
Something you know—such as a PIN or password.
Something you are—much harder and relies on such things as biometrics.

When you go into a shop, you take the card out of your wallet immediately satisfying point one. Presented with a keypad, you type in your PIN satisfying point two. If the card had a photograph then it would (very weakly) satify point three as well, just as the signature used to do before Chip-and-PIN.

Cardholder Not Present transactions have always been weak. These are those done on the phone, by post or over the internet. Point one becomes subverted because there is no way to tell that you actually have the card, you could just have a photo-copy or a note of the number. If point three was ever covered then that is lost as well. So the authentication is reduced just to what you know—the card number. They have tried to improve this recently by adding three extra digits to the back of the card. The theory was that this number was not embossed nor recorded in shop transactions so was less likely to be compromised. In practice it is still visible to anyone who handles the card (which is why I obliterate mine) and an increasing number of face-to-face transactions are asking to know and record the number. Hotel receptionists, for example, who want to be able to process a transaction if you do a runner.

There are a number of initiatives to improve the position, mostly by providing the customer with some sort of device to generate a sequence of one-time passwords which are predictable by the bank but not anyone else. Each device is unique and keyed to your account. This has taken a significant step forward and now it is possible to build such a device directly into the card; a great achievement as the card still has to be capable of passing through an ATM machine and shop chip readers. What this provides is two major improvements: firstly it restores the requirement “Something you have” because you have to have the card to use it and it is locked to your account so there is no using one device with another card number. Secondly, it requires the “secret” number to be entered into the device itself not the online/telephone transaction so there is no risk of it leaking; and this number is now the truly secret PIN not the number printed on the back of the card.

This will surely annoy hotel managers though.

Posted in Security, Technical | Comments Off on Cardholder Not Present

Latency for the Layman

3 Dec 2008 14:19 by Rick

This excellent article by Gustavo Duarte explains what is going on when you are waiting for your computer to do something. If the language is a bit technical for you, a summary is:—

Consider your super-fast computer and compare that with finding information by hand. Getting data from the CPU cache memory is like picking up a paper from your desk—perhaps 3 seconds. Getting it from the second level cache is equivalent to a well indexed book near your desk—say 14 seconds. Getting it from main memory is a four minute stroll down the corridor to the stationary cupboard. Now, wait for it, fetching it from the hard drive is equivalent to sending Stanley to find Dr. Livingstone—One year and three months. If it’s on the internet then you may as well wait for NASA to launch the next Mars Probe and hope it comes back.

Posted in Technical | Comments Off on Latency for the Layman

Analogue vs. Analogue

27 Nov 2008 12:30 by Rick

It looked like there was an interesting article in The Economist a short while ago. In their Science and Technology department the (unnamed) correspondent asks Which is better: analogue or digital?. It is full of good technical stuff like hysteresis and second harmonic distortion. Unfortunately it is apparent in the first paragraph that he has no idea what he is talking about.

…do audio amplifiers and microphones with old-fashioned thermionic valves (“vacuum tubes” to Americans) inherently produce a sound more natural and satisfying than those with transistors and other solid-state devices?

This is not Analogue vs. Digital but Valve vs. Transistor, a completely different and unrelated beast.

Posted in Hi-Fi & Music, Technical | Comments Off on Analogue vs. Analogue

^ Top