MacBook, defective by design banner

title:
Put the knife down and take a green herb, dude.

descrip:
One feller's views on the state of everyday computer science & its application (and now, OTHER STUFF) who isn't rich enough to shell out for www.myfreakinfirst-andlast-name.com



FOR ENTERTAINMENT PURPOSES ONLY!!! Back-up your data and always wear white.
URLs I want to remember:
* Atari 2600 programming on your Mac
* joel on software (tip pt)
* resume, mostly for Google * Regular Expression Introduction (copy)
* gpl xbrowser API for dhtml
* JSONLint to pretty-ify JSON
* Using CommonDialog in VB 6 * Free zip utils
* that hardware vendor review site I forget about is here * Javascript 1.5 ref
* Read the bits about the zone * w3c.org index of HTML 4.01 elements
* Giant ASCII Textifier in Stick Figures (in Ivrit) * Quick intro to Javascript
* Editable Firefox Page * Parsing str's in VB6
email if ya gotta, RSS if ya wanna RSS
 
 
Wednesday, May 15, 2013

Last week, I wondered how law enforcement could ask Apple to help them decrypt iOS devices in a quick post called, "Apple doesn't magically decrypt".  Gruber's also confused, which is nice to hear.

Daring Fireball Linked List: Declan McCullagh: 'Apple Deluged by Police Demands to Decrypt iPhones':

I saw this report the other day and it confused me. My understanding is that the entire contents of an iPhone with a passcode (or pass phrase) are encrypted. If Apple can somehow decrypt the contents, then there’s a backdoor, and the possibility exists that someone else will discover the backdoor. (Let alone the problem of Apple being able to do it.)

Charlie Miller, who knows way more about this stuff than I do (and probably as much as anyone outside Apple), is also confused.

 Grubes links to one of Miller's tweets:


I'm still wondering about this: seems to say that apple can forensically examine iPhone 5 which shouldn't be possible

And then...

Thanks followers. Apple probably uses a signed ramdisk and then brute forces from there.

Now we're well beyond my understanding of encryption, which is admittedly pretty weak.  I mean, I know what a ramdisk is, and in theory it makes sense -- it's not like the phone's being hacked by something external, and I guess iOS sees that as less invasive and doesn't break out in a rash.  It's been the concept I've wanted to study in depth next for much too long.  I'd like to argue that Cryptinomicon is the novel of our first world's current generation (insofar as our generation is influenced by the digital), and part of that means, I think, that I should finally understand how encryption keys work.

Still, the implication that the encryption is breakable so easily scares me.  Whatever those keys are need to be longer.  This reminds me of the old saying, "A lock keeps an honest man honest."  If you can make a ramdisk and hack into someone's iOS device relatively quickly, it, like a car or most home locks, isn't really protecting you from someone determined to break in at all.

Labels: , , ,


posted by ruffin at 5/15/2013 07:15:00 AM
0 comments
 
Tuesday, May 14, 2013

customization - How to exclude private members from StyleCop rule SA1600 - Stack Overflow:

Right click on your project node in Visual Studio, select StyleCop Settings. On the Rules tab, select the Documentation Rules node. In the right-hand pane, select the Ignore privates checkbox, and\or unselect the Include fields box. Either of these will achieve the desired effect.

Thab bu berry buch.

Labels: ,


posted by ruffin at 5/14/2013 09:18:00 AM
0 comments
 
Monday, May 13, 2013

Hide the Status Bar - The Ultimate Visual Studio Tips and Tricks Blog - Site Home - MSDN Blogs:

This one falls into the “Huh?” category. If you go to Tools >>> Options >>> Environment >>> General and uncheck the “Show status bar” option. It will remove the status bar from view.

Awesomepants, especially on under-pixeled laptop displays.

Labels: ,


posted by ruffin at 5/13/2013 02:59:00 PM
0 comments
 
Saturday, May 11, 2013

Apple Has Backlog of Requests From Police to Unlock Seized iPhones - Mac Rumors:

Quoting CNET:
The ATF's Maynard said in an affidavit for the Kentucky case that Apple "has the capabilities to bypass the security software" and "download the contents of the phone to an external memory device." Chang, the Apple legal specialist, told him that "once the Apple analyst bypasses the passcode, the data will be downloaded onto a USB external drive" and delivered to the ATF.
It's not clear whether that means Apple has created a backdoor for police -- which has been the topic of speculation in the past -- [or] whether the company has custom hardware that's faster at decryption, or whether it simply is more skilled at using the same procedures available to the government. Apple declined to discuss its law enforcement policies when contacted this week by CNET. [emph mfn]

Let's be clear -- it's almost certainly not custom hardware that's faster at decryption than the ATF.  Right?

Labels: , ,


posted by ruffin at 5/11/2013 11:04:00 PM
0 comments
 
Friday, May 10, 2013

JSON Hijacking:

The website responds with some HTML containing some JavaScript along with a script tag. When the browser sees the script tag, it makes another GET request back to the vulnerable site to load the script, sending the auth cookie along.

This makes more sense.  I'd always wondered why people were concerned about Javascript exploits.  If you have FireBug open, what can't you do with Javascript?  It's essentially a completely open source, open data situation.  The best security you can use is obfuscation, and that's not really security at all.

Turns out people are getting all upset about stuff that should really never happen in apps I [help] write.

1.) You have to be dealing with sensitive information
2.) The user has to succumb to some social engineering.
3.) You allow cross-site access to json that requires sensitive information to access.

It's that "to access" part that's really the kicker.  If you're reading a cookie to produce the JSON, the hole is there, not necessarily in the JSON itself.

So if someone has a cookie to their bank stored on their browser, gets tricked into going to a spoof website (or just hits a website that's spoofing), and you allow cross-site scripting, then and only then are you potentially in trouble.

In a sense, duh.  In another sense, "Oh."  You'd have to go out of your way to create a problem, but apparently, at least briefly, even Twitter did.

Labels: , ,


posted by ruffin at 5/10/2013 11:47:00 AM
0 comments

NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - faq - InformAction:
Q: Can NoScript force some sites to always use HTTPS?
A: Yes, just open NoScript Options|Advanced|HTTPS|Behavior, entering the sites you want to force in the topmost box, and those you want to always leave alone in the bottom one.

I should probably look more closely into this.  I've commented before that, when I had an authenticator attached, that my World of Warcraft account was better protected than my email.  That's not an issue now, but there are other places that'd benefit from forced ssl.

Labels: ,


posted by ruffin at 5/10/2013 11:42:00 AM
0 comments
 
Monday, May 06, 2013

Listening to some horrendously "cleaned" music on Spotify, and it's got me wanting to shell out the cash and remove the censoring.

If the music's not clean, I don't have anything bothering me -- and motivating me to buy.

Labels: ,


posted by ruffin at 5/06/2013 02:39:00 PM
0 comments
 
Thursday, May 02, 2013

Fraser Speirs - Blog - On the Rapid End-Of-Lifing of Android�Devices:

I do, however, hate people yelling "OPEN" and "CLOWWWD" every ten minutes as if they have some kind of Technological Tourette's Syndrome.

Add MONGODB!!11!!! and I'm on board.

posted by ruffin at 5/02/2013 01:12:00 PM
0 comments

For some reason, I'm often forgetting how to set JSLint options in Darren DeRidder's excellent Sublime Text 2 plugin for JSLint.

Here's how:

You can set any of jslint's options under preference -> package settings -> jslint -> advanced built settings. See http://www.jslint.com/lint.html#options for a list of options in JSLint. There's no move_var option (that's just a label for an error condition), but you can use the vars: true option to permit many variable declarations per function.

Now any other random blog would stop there.  Done.  You're on your own.  But not freakinname.  No no, we also clutter up the net with some bonus bytes showing what options I'm currently using.  Why?  To jump start your own JSLinting?  Oh no, no, it's in case I set up a new box again, natch.

 {
    "cmd": [
      "node", 
      "${packages}/JSLint/linter.js",
      // sloppy line breaking?

      // tolerate dangling _ in identifiers
      "--nomen",
      // tolerate ++ and --
      "--plusplus",
      // tolerate missing 'use strict' pragma
      "--sloppy",
      // sloppy whitespace
      "--white",

      // assume a browser,
      "--browser",

      // suggest an indent level of ...
      "--indent", "4",
      // assume node.js to predefine node globals
      "--node",

      // tolerate unfiltered for in
      //"--forin",

      // tolerate stupidity
      "--stupid",

      // tolerate todo
      "--todo",

      // anon whitespace okay 
      //"--anon",

      "--maxerr","6",

      "$file"
    ],
    "file_regex": "^\\/.*\\/([^\\/]*)$",
    "line_regex": ".*\/\/ Line ([0-9]*), Pos ([0-9]*)$",
    "selector": "source.js, source.css, source.json, source.sass, source.less, source.html"
}


You're welcome.  ;^)

Labels: ,


posted by ruffin at 5/02/2013 11:25:00 AM
0 comments

Apple, open and learning from history — Benedict Evans:

In the 1990s, the PC market was mostly a corporate market (roughly 75% of volume). Corporate buyers wanted a commodity. They were buying 500 or 5000 boxes, they wanted them all the same and they wanted to be able to order 500 or 5000 more roughly the same next year. They wanted to compare 4 vendors on price with the same spec sheet. They didn't care what they looked like... and they didn't care how easy it was for non-technical people to set them up because the users would never touch the configuration. Nor did they care much about the user interface, because most of the users were only going to be running 1 or 2 apps anyway.

Meanwhile with no internet, home buyers were mainly interested in a PC that ran the same software they used at work (and all of the games were for PC). They may have known Macs were supposed to be easier, but ... Apple's computers were ultimately beige boxes and not really that much prettier than PCs anyway. And they were significantly more expensive.

Hence, in this market all of Microsoft's advantages were in play, and none of Apple's. Apple, in Steve Blank's phrase, did not have product/market fit. ... Apple's selling points were irrelevant, invisible or both.
Via the Fireball, iirc.

Labels: ,


posted by ruffin at 5/02/2013 09:52:00 AM
0 comments

Support freedom
All posts can be accessed here:


Just the last year o' posts:



Powered by Blogger furthurnet.org