Later On

A blog written for those whose interests more or less match mine.

Archive for the ‘Software’ Category

The U.S. Government: Paying to Undermine Internet Security, Not to Fix It

with one comment

Excellent article in ProPublica by Julia Angwin:

The Heartbleed computer security bug is many things: a catastrophic tech failure, an open invitation to criminal hackers and yet another reason to upgrade our passwords ondozens of websites. But more than anything else, Heartbleed reveals our neglect of Internet security.

The United States spends more than $50 billion a year on spying and intelligence, while the folks who build important defense software — in this case a program called OpenSSL that ensures that your connection to a website is encrypted — are four core programmers, only one of who calls it a full-time job.

In a typical year, the foundation that supports OpenSSL receives just $2,000 in donations. The programmers have to rely on consulting gigs to pay for their work. “There should be at least a half dozen full time OpenSSL team members, not just one, able to concentrate on the care and feeding of OpenSSL without having to hustle commercial work,” says Steve Marquess, who raises money for the project.

Is it any wonder that this Heartbleed bug slipped through the cracks? . . .

Continue reading.

Written by LeisureGuy

15 April 2014 at 11:13 am

Interesting psychological effect used by weight loss software

with one comment

I blogged earlier about the $5 OS X program Diet Controller, which I bought from the App Store. Most people nowadays have diet programs for their smartphones, but I still use dumb phones, so I wanted something on my computer.

The backstory: I lost a lot of weight, kept it off for a while but when I discontinued Pilates—which I liked a lot but finally realized I could not really afford—my weight gradually started creeping up over the months. Finally, I realized I had to Take Steps.

My main weakness is eating between meals—little snacks plus a bite here and a bit there—so my initial thought in getting the software was twofold: first, I would get a better idea of my caloric intake, and second, that writing down snacks and bites (and I’m very good at recording this: skipping entries distorts the data, and I’m the only one looking at it, so why not enter all food?) would make me conscious of what I was doing, and if I ate the snack anyway, at least I would know the caloric impact.

But Diet controller turned out to be a much better program than I expected. First, the user interface is very nice. Second, it has an interesting psychological aspect. Looking at the calories has helped it itself, but the program also has graphs of the “calorie balance” (which I tend to call the calorie deficit). The calorie deficit is the difference between the number of calories required in a day and the number of calories consumed that day.

The number of calories required per day is computer from a basic metabolism rate computer from weight, age, and general activity level (sedentary, for me) and the number of calories expended in exercise, which is entered in the exercise log. (No entries yet for me.)

Obviously, a positive calorie deficit is good—you’re burning more calories than you’re consuming, so body fat is burned to make up the deficit—and a negative calorie deficit is bad. When you see the deficit chart day to day, somehow one becomes motivated to increase the deficit, and increasing something is more psychologically satisfying than decreasing something. So although the only way to increase the calorie deficit is to cut back on calories consumed, by focusing on increasing something (or at least maintaining what has been achieved) is psychologically more appealing than trying to make something smaller (calories consumed). Here’s one such graph (the program has several ways of viewing the deficit). It’s for 20 days (you can select number of days), and I started using the program on 30 March. You’ll notice the deficit went negative (i.e., I consumed more calories than I burned) at first, but then I start to figure it out.

Screen Shot 2014-04-13 at 7.34.46 PM

It really is an excellent little program, and very nicely done. $5. Amazing.

That blowout on 3 April was because I made myself a big batch of oyster stew, which included 12 oz shucked oysters (555 calories) along with butter, flour, and whole milk. Delicious, but… But you will notice I’m catching on.

Written by LeisureGuy

13 April 2014 at 7:37 pm

NSA: Did it know about Heartbleed? Wrong question…

with one comment

Julian Sanchex has an excellent article in The Guardian. Thanks to CrankyObserver for the link. The article begins:

The American intelligence community is forcefully denying reports that the National Security Agency has long known about the Heartbleed bug, a catastrophic vulnerability inside one of the most widely-used encryption protocols upon which we rely every day to secure our web communications. But the denial itself serves as a reminder that NSA’s two fundamental missions – one defensive, one offensive – are fundamentally incompatible, and that they can’t both be handled credibly by the same government agency.

In case you’ve spent the past week under a rock, Heartbleed is the name security researchers have given to a subtle but serious bug in OpenSSL, a popular version of the Transport Layer Security (TLS) protocol – successor to the earlier Secore Sockets Layer (SSL) – that safeguards Internet traffic from prying eyes. When you log in to your online banking account or webmail service, the little lock icon that appears in your browser means SSL/TLS is scrambling the data to keep aspiring eavesdroppers away from your personal information. But an update to OpenSSL rolled out over two years ago contained a bug that would allow a hacker to trick sites into leaking information – including not only user passwords, but the master encryption keys used to secure all the site’s traffic and verify that you’re actually connected to MyBank.com rather than an impostor.

It’s exactly the kind of bug you’d expect NSA to be on the lookout for, since documents leaked by Edward Snowden confirm that the agency has long been engaged in an “aggressive, multi-pronged effort to break widely used Internet encryption technologies”. In fact, that effort appears to have yielded a major breakthrough against SSL/TLS way back in 2010, two years before the Heartbleed bug was introduced – a revelation that sparked a flurry of speculation among encryption experts, who wondered what hidden flaw the agency had found in the protocol so essential to the Internet’s security.

On Friday, . . .

Continue reading.

Written by LeisureGuy

12 April 2014 at 3:58 pm

Posted in Business, NSA, Software

Heartbleed update: Sites that tell which passwords to change

with one comment

James Fallows has another very useful post on responding to the Heartbleed situation

Written by LeisureGuy

11 April 2014 at 1:47 pm

Posted in Business, Software

Steps to take in view of the Heartbleed bug

leave a comment »

James Fallows has some very useful tips, particularly on how to check whether a site is safe from the Heartbleed bug.

Written by LeisureGuy

9 April 2014 at 12:43 pm

Posted in Daily life, Software

The Heartbleed Bug: Extreme security risk

leave a comment »

Take a look. The article at the link begins:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

What leaks in practice?

We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.

How to stop the leak? . . .

Nowadays one has to wonder what is the likelihood that this security leak is due to NSA intervention in the development process (cf. the flawed encryption algorithm that NSA paid RSA to implement—an algorithm that RSA now recommends you do not use.)

However, the article at the link given above is pretty exhaustive and it attributes the problem to a programming error.

Written by LeisureGuy

8 April 2014 at 10:37 am

The mother of Apple’s icons

leave a comment »

Very interesting profile of the artist who first created the icons for the new Apple Macintosh. It begins:

Thirty years ago, as tech titans battled for real estate in the personal computer market, an inconspicuous young artist gave the Macintosh a smile.

Susan Kare “was the type of kid who always loved art.” As a child, she lost herself in drawings, paintings, and crafts; as a young woman, she dove into art history and dreamed of being a world-renowned fine artist.

But when a chance encounter in 1982 reconnected her with an old friend and Apple employee, Kare found herself working in a different medium, with a much smaller canvas — about 1,024 pixels. Equipped with few computer skills and lacking any prior experience with digital design, Kare proceeded to revolutionize pixel art.

For many, Susan Kare’s icons were a first taste of human-computer interaction: they were approachable, friendly, and simple, much like the designer herself. Today, we recognize the little images — system-failure bomb, paintbrush, mini-stopwatch, dogcow — as old, pixelated friends.

But Kare, who has subsequently done design work for Microsoft, Facebook, and Paypal, has also become her own icon, immortalized in the annals of pixel art. We had a chance to interview her; this is her story. . .

Continue reading.

Written by LeisureGuy

6 April 2014 at 8:10 am

Very cool food-exercise-weight log for OS X

with one comment

Diet Controller, $5 from the Apple Store, is really quite good. I just got it yesterday. The weight has crept up, and it’s time to Take Steps. I have had such excellent luck with tracking grocery costs (that is, it painlessly reduced the amount I spent on groceries, just from seeing what I was spending) and tracking charge card expenses as I made them (which makes you conscious of which expenses are—not to put too fine a point on  it—foolish and thus painlessly reduces charging), that I decided that keeping a food log would be the most effective route—plus that’s common knowledge anyway.

So I bought the program and started using it. It’s quite similar to FitDay, which I used in Windows, and much easier to use: better layout, more obvious choices, and so on.

So today is my first full day, and I made an excellent dinner:

4 chicken thighs

Cut out the bone and strip off the skin and put that into a pot with:

2 c water
pinch of salt
a dozen grindings of black pepper
juice of two lemons
1 onion, cut into chunks
1 carrot, cut into chunks
1 stalk of celery, cut into chunks
2 Tbsp Bristol Cream Sherry

Bring to boil, reduce heat, cover, and simmer for 40 minutes. Add:

fresh tarragon leaves, chopped — about 1-2 Tbsp

Simmer 5 minutes, strain into pot. I gnaw on the bones, and discard bones and vegetables.

Add 1 cup Cal-Rose medium grain rice, cover, and simmer about 20 minutes until all liquid absorbed.

That’s the rice part. Here’s the chicken part, and I actually started this first, got it simmering, and then started the rice:

Trim, peel, and chop about 1 dozen shallots, but do it in parallel rather than in series—that is trim them all as a first step, peel them all as a second, and then chop.

Heat 1/4 c olive oil in large sauté pan, add the shallots, a pinch of salt, and a dozen grindings of black pepper, and sauté over medium-high heat for around 10 minutes, stirring from time to time. Continue cooking until the shallots are beginning to brown slightly.

Add:

12 cloves garlic, minced coarsely
the meat from the chicken thighs, cut into chunks

Sauté over medium-high heat for 10-15 minutes, until chicken is somewhat browned. Then add

1 26-oz can Italian plum tomatoes (I had whole tomatoes, so cut them up with scissors)
1 16-oz diced plum tomatoes
2 Tbsp chopped fresh Tarragon leaves
1/2 c (or more) pitted Kalamata olives, chopped coarsely
6 oz paneer cheese, cubed in 1/2″ cubes

Cover the pan and simmer for around 30 minutes or more.

I initially was going to use just the 26 oz can of tomatoes, but it didn’t seem enough. I didn’t have another can, so I used the 16-oz can of diced tomatoes. That total amount seemed about right. As you can see, I was using up the tarragon I had on hand.

The paneer cheese was an experiment. It wasn’t bad at all.

So that’s what we had for dinner. It turned out to be very tasty indeed, especially the rice. Well, and the tomato stuff, too.

After I finished it, I was thinking about getting a little more rice and tomato chicken, when I remembered that then I would have to enter the food, and then I suddenly recalled I was back on the “no bites” rule: no food to enter my mouth except at mealtimes. Somehow that had already slipped my mind.

Well, that’s easy enough. No more food tonight. Already a benefit from using the food log. But then I became aware that I was thinking about the additional bowl of rice and tomato chicken—obsessively so. And I think of it from various angles. something is going on in my unconscious, because I continue to be driven toward having another bowl, and it’s certainly not conscious. Sometimes I think of the taste and the texture as I eat it, sometimes I sort of rehearse getting up and going into the kitchen and dishing it up, and so on. And I catch myself, think of something else, and then suddenly I’m thinking of having more. It’s as though I’m driven toward it.

Something is definitely afoot in my unconscious, because I feel pushed toward having another bowl, and the obsessive thinking and the impulse to eat is certainly not something I’m consciously doing. That is, I’m conscious of it, but it’s like an earworm. A mouthworm.

It’s interesting to me to experience it. And already I can see the Diet Controller being helpful.

I need to get out the measuring cups.

 

 

Written by LeisureGuy

31 March 2014 at 7:40 pm

Trying an offline blog editor

leave a comment »

And this is the first post. Someone the native WordPress visual editor has developed a problem in how it filters out extraneous HTML, so I thought I’d go for something a little different.

We’re having a quiet day, semi-rainy, sleepy kitties, and good books. Things could be worse.

UPDATE: It worked. The one I’m trying: Ecto, which has a 21-day free-trial period.

Written by LeisureGuy

29 March 2014 at 6:01 pm

Posted in Daily life, Software

Cloud-based flashcard system

leave a comment »

Quizlet looks very cool. Check out this Cool Tools write-up. You can use decks that have been already made, though Anki (another excellent flashcard system) strongly suggests that it’s better to build your own decks from materials that you are studying.

Written by LeisureGuy

29 March 2014 at 12:20 pm

Posted in Education, Software

Microsoft OneNote app available for Mac: Free!

leave a comment »

It’s in the App Store now, and I just downloaded it and tried it out. I am more accustomed to the Windows OneNote interface, but this one seems to be good. Story at the Verge includes a link to the App Store entry. (I couldn’t find it using the App Store search.)

Recommended.

Written by LeisureGuy

17 March 2014 at 9:38 am

Posted in Software

Best virtual piano, says Cool Tools

with 3 comments

I didn’t even know virtual pianos existed, but this one looks pretty cool [Link fixed - LG]:

pianoteq

Written by LeisureGuy

14 March 2014 at 11:44 am

Posted in Music, Software

A great recipe-generator by IBM

leave a comment »

Written by LeisureGuy

27 February 2014 at 11:34 am

Posted in Food, Software, Video

Mac’s weak security

leave a comment »

Andrea Peterson reports in the Washington Post:

“You’re lucky you don’t have to deal with this stuff, Mac,” a biohazard suit-clad PC played by John Hodgman said about viruses to Justin Long’s Mac in one of the ads in an iconic line of commercials that started airing in 2006. For years, Mac users have enjoyed a smug sense of superiority on this front. But a new vulnerability is the latest sign that the security of Apple products doesn’t actually live up to the hype.

When you see a lock icon next to the URL in your browser, that’s a sign that your communications are protected with the SSL encryption technology. But on Friday, Apple admitted that its version of SSL had a fatal flaw that could allow hackers to intercept and modify users’ secure communications. The situation became even worse over the weekend as researchers reported that the issue affected not only mobile devices running Apple’s iOS operating system but also many applications within theMac OS X laptop and desktop suite, including Mail and Safari. Apple told Reuters that the company was working on an OS X patch Sunday night.

The SSL bug is just the most recent of the company’s security woes. The company’s “Buy A Mac” Web page once proudly declared that OS X “defends against viruses and other malicious applications, or malware” with “virtually no” user effort. But that changed in June 2012, after up to over half a million OS X users were reportedlyinfected with a trojan malware called “Flashback.” Some computers on Apple’s own network were hacked in a 2013 breach that reportedly was similarly related to Java.

Apple’s tiny market share has always given the Cupertino, Calif., company an unfair advantage. Since the dawn of the Internet age, Macs have been far outnumbered by PCs, leading hackers to devote a disproportionate share of their resources to Windows malware. The payoff for discovering or exploiting a security vulnerability was much greater if you targeted the more popular operating system. So, as technology became networked like never before, Windows and its programs were put through a more rigorous gauntlet than Apple’s products.

While Apple products have risen to prominence again thanks to the success of mobile devices, Android controls the majority of that market – and attracts the vast majorityof the malware. The more rigorous app approval process for iOS devices is part of the reason for that, but it’s also likely that Apple is just not as juicy of a target as some of its competitors.

The latest revelations are hardly the first time Apple has faced security issues. . .

Continue reading.

Written by LeisureGuy

24 February 2014 at 3:37 pm

Posted in Software, Technology

Kevin Drum likes Windows 8.1

leave a comment »

And look at the comments on his post.

Written by LeisureGuy

24 February 2014 at 11:44 am

Posted in Software

The bot guardians of Wikipedia

leave a comment »

Crowd-sourced enterprises must deal somehow with the certainty that some in a crowd will be malicious and unprincipled and find ways to mitigate willful damage and outright sabotage. (The psychology of such persons is an interesting study.) Wikipedia uses very clever bots, whose evolution is described in this interesting article.

Written by LeisureGuy

18 February 2014 at 9:52 am

Posted in Software

OneNote available as free Web service

leave a comment »

One of the drawbacks of moving from Windows to the Mac is that the invaluable Microsoft Office program OneNote was not available on the Mac. But now the application is available for free on the Web. Check out OneNote.com. It’s not quite as slick as the computer-resident program, but it does offer much of the capability. For example, you can start typing anywhere on the page. It’s also free.

Written by LeisureGuy

31 January 2014 at 10:42 am

Posted in Software

When a solution exacerbates the problem: Tab manager

leave a comment »

I have a LOT of tabs open at a time as I browse—currently 34 tabs open in WhiteHat Aviator. That seemed to cause problems with Chrome (which has much the same interface as Aviator, both being built on the open-source browser Chromium), but so far no problems with Aviator.

But as tab size diminishes, I find that it hard to locate tabs, so this morning I tried three different open-tab-manager extensions. The best of the lot, so far as I’m concerned, is Tab Manager. It’s free, works well, and so far has only one drawback: it doesn’t show in the icon the total number of tabs currently open, a minor inconvenience. It’s an open source product, and you can see the listing at GitHub.

Once I installed it and found I could easily review what was in each tab, I immediately found myself opening more. After all, they’re now easy to find. So the number of open tabs increased, but I do find them easier to locate.

Written by LeisureGuy

30 January 2014 at 10:53 am

Posted in Software

Chrome v. Aviator

with 2 comments

Both Google Chrome and WhiteHat Aviator are browsers based on the open-source browser software Chromium. Aviator, however, comes with all sorts of protections, while Chrome more or less harvests information about you as you use it.

I used Chrome for quite a while, but over the past year or so I have been plagued with a problem in which my MacBook seizes up and will do nothing—it requires a hard reboot (holding down the power key until the computer is forced to power down) since even the OS stops responding. It was an irritant, but Chrome and my other programs have good recovery so I seldom lost anything. Sometimes I would have to repair files (i.e., a program would automatically run through its data files and rebuild indexes or the like), but mainly it was just a royal pain, since the freeze up always happened when I was busy—and since I keep a lot of tabs open (probably part of the problem), it took a while to reload all the pages.

The news: I have not had a problem with this since I switched to WhiteHat Aviator. It may well be that the maze of cookies and the passing of data back and forth about my browser activity was what triggered the problem: Aviator doesn’t allow cookies and it uses Disconnect to keep my sessions private.

In any event, WhiteHat Aviator has been remarkably stable. It does have its quirks: if I want to make a comment using Disqus, for example, I’ve found it easier to do that in Firefox. But almost all of my browser activity is now on Aviator. Firefox I mainly use to write blog posts.

Written by LeisureGuy

28 January 2014 at 11:08 am

Posted in Software

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates

leave a comment »

I am happier and happier with my switch to WhiteHat Aviator. Take a look at this Ars Technica article by Ron Amadeo:

One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome’s extensions, which are updated by the extension owners. This means that it’s up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.

To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome’s update service, which sends the adware out to every user of that extension.

We ought to clarify here that Google isn’t explicitly responsible for such unwanted adware, but vendors are exploiting Google’s extension system to create a subpar—and possibly dangerous—browsing experience. Ars has contacted Google for comment, but we haven’t heard back yet. We’ll update this article if we do.

first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the “Add to Feedly” extension. One morning, Agarwal got an e-mail offering “4 figures” for the sale of his Chrome extension. The extension was only about an hour’s worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account. A month later, the new extension owners released their first (and so far only) update, which injected adware on all webpages and started redirecting links. Chrome’s extension auto-update mechanism silently pushed out the update to all 30,000 Add to Feedly users, and the ad revenue likely started rolling in. While Agarwal had no idea what the buyer’s intention was when the deal was made, he later learned that he ended up selling his users to the wolves. The buyer was not after the Chrome extension, they were just looking for an easy attack vector in the extension’s user base.

This isn’t a one-time event, either. About a month ago, I had a very simple Chrome extension called “Tweet This Page” suddenly transform into an ad-injecting machine and start hijacking Google searches. A quick search for the Chrome Web Store reveals several other extensions that reviewers say suddenly made a U-turn from useful extension to ad-injector. There is even an extension that purports to stop other extensions from injecting ads. Injected ads are allowed in Chrome extensions, but Google’s policy states that which app the ads are coming from must be clearly disclosed to the user, and they cannot interfere with any native ads or the functionality of the website. . . .

Continue reading.

Written by LeisureGuy

19 January 2014 at 9:29 am

Posted in Business, Software

Follow

Get every new post delivered to your Inbox.

Join 1,077 other followers

%d bloggers like this: