TidBITS - Create Permanent Links to the New York Times... because the New York Times considers itself as the newspaper of record, back in 2003, they worked out a deal with Dave Winer of UserLand Software to provide permanent links in RSS feeds generated through the Radio UserLand RSS aggregator. That said, it would seem that the New York Times is running its own RSS feeds now, so there's no obvious way to find a permanent link to an article you're reading on the New York Times Web site......use the New York Times Link Generator, written by Aaron Swartz of the social bookmarking site reddit. Just feed it a link to a New York Times and it returns a version of the link that will remain free for the foreseeable future, though of course the Times could always change their policy. There's also a bookmarklet that you can use to generate a permanent link from the current page when you're on the New York Times Web site.
Wednesday, February 21, 2007
The NYT Permalink Generator
I'll start using this in my blog posts:
Monday, February 19, 2007
Hard drives: everything is wrong
I'm used to this sort of reversal from medical science, not computer hardware. Google research says we don't undersand hard drives all that well.
In brief:
1. They're much less heat sensitive than we thought. Once a drive is "mature" heat doesn't have much of an impact on lifespan.
2. After a drive emerges from its infant mortality period, it's not much affected by use. So contrary to everything I've ever written, there's no great need to spin down a USB attached drive.
3. If a drive is found to have any defects on initial testing, it is 10 times as likely to fail as a defect free drive. I'd read that Apple selects server drives by buying conventional drives and tossing out any that have defects. Makes sense. If you buy a new drive, and find a mapped-out defect (may need special software), maybe you should consider returning it ...
In brief:
1. They're much less heat sensitive than we thought. Once a drive is "mature" heat doesn't have much of an impact on lifespan.
2. After a drive emerges from its infant mortality period, it's not much affected by use. So contrary to everything I've ever written, there's no great need to spin down a USB attached drive.
3. If a drive is found to have any defects on initial testing, it is 10 times as likely to fail as a defect free drive. I'd read that Apple selects server drives by buying conventional drives and tossing out any that have defects. Makes sense. If you buy a new drive, and find a mapped-out defect (may need special software), maybe you should consider returning it ...
Friday, February 16, 2007
The router/javascript bug - this feels big
This feels pretty serious to me. In retrospect, of course, the attack is obvious. I suspect many security people have known about this vulnerability.
In the near term browser vendors will be scrambling to see if they can hack in some fix that breaks javascript for this purpose, while not disabling it for every purpose. I'm interested in what Schneier will say.
I don't believe my Airport Router has a web interface, so it's probably immune. Even if it weren't, Apple has a distribution mechanism that allows effective updating of their routers. There's something to be said for that ...
Most browsers, btw, will 'memorize' passwords. I presume that's not exploitable here.
PS. I assume it's obvious to my handful of geeky readers, but a robust WLAN password is of no help here. This is all about the router's admin pw.
Update 2/16/07: I underestimated myself. I did change my mother's router's admin pw.
Update 2/24/07: Schneier has an article. He agrees, it's impressive.
Symantec Security Response Weblog: Drive-By Pharming: How Clicking on a Link Can Cost You DearlySince I'm a geek I have two inline routers from different vendors with different admin passwords (the password you use to connect to an encrypted WLAN is not relevant here) and, I think, usernames. There are probably two other people I know who do this. I'm not even sure I changed the un/pw on my mother's router -- nor would I necessarily know how! Her primary router, which is where her DNS information comes from, was installed by her cable company.
...The attackers create a Web page that includes malicious JavaScript code. When the Web page is viewed, this code, running in the context of your Web browser, uses a technique known as ‘Cross Site Request Forgery’ and logs into your local home broadband router. Now, most such routers require a password for logging in. However, most people never change this password from the original factory default. Upon successful login, the JavaScript code changes the router’s settings. One simple, but devastating, change is to the user’s DNS server settings...
In the near term browser vendors will be scrambling to see if they can hack in some fix that breaks javascript for this purpose, while not disabling it for every purpose. I'm interested in what Schneier will say.
I don't believe my Airport Router has a web interface, so it's probably immune. Even if it weren't, Apple has a distribution mechanism that allows effective updating of their routers. There's something to be said for that ...
Most browsers, btw, will 'memorize' passwords. I presume that's not exploitable here.
PS. I assume it's obvious to my handful of geeky readers, but a robust WLAN password is of no help here. This is all about the router's admin pw.
Update 2/16/07: I underestimated myself. I did change my mother's router's admin pw.
Update 2/24/07: Schneier has an article. He agrees, it's impressive.
Thursday, February 15, 2007
A document management program for OS X
The author of ReceiptWallet has created a general image management package for OS X. The idea is to manage scanned documents.
I did test ReceiptWallet. I imported 200 receipts and discovered there's no way to cancel a mass import. You can only cancel one at a time. I had to kill the app. It's not a big design flaw, but it did tell me the program is still early in its evolution.
Update 2/16/07: I mentioned the problem with canceling imports to ReceiptWallet's developer, and it's been fixed for the next minor release. That's why I love small developer projects. Also, Jacob Reider pointed to Yep in the comments. I'll watch his blog to see if he adds more information there.
DocumentWalletI think he needs to deliver one solution that manages 'receipts' and documents together. Two products is kind of odd.
... DocumentWallet is a Mac OS X program that allows you to scan in and manage your documents. When you scan in each document, you enter a few pieces of information about the document such as the title, category and sub category (as well as fields that you define) and then you can quickly and easily locate your documents. You can view the documents right on the screen, print them, email them, or save them as PDFs. In addition to the powerful search built into DocumentWallet, you can organize your documents into collections. These collections can contain whatever you want and even better than that is the ability to create smart collections that automatically create collections based on whatever criteria you like. For instance, you can create a smart collection that contains all of your manuals for your electronic components or one that contains documents for a certain case...
I did test ReceiptWallet. I imported 200 receipts and discovered there's no way to cancel a mass import. You can only cancel one at a time. I had to kill the app. It's not a big design flaw, but it did tell me the program is still early in its evolution.
Update 2/16/07: I mentioned the problem with canceling imports to ReceiptWallet's developer, and it's been fixed for the next minor release. That's why I love small developer projects. Also, Jacob Reider pointed to Yep in the comments. I'll watch his blog to see if he adds more information there.
Parallels global sharing: now an XP virus can destroy your Mac
By now quite a few people have noticed that OS X Parallels beta allows a non-admin user to read-write-delete anything on the drive. A recent statement on the Parallels blog feels a bit defensive:
The Official Parallels Virtualization Blog: Upgrade your XP virtual machine to Vista with RC3A malign XP process can now destroy an entire OS X system. I don't understand why there's not more of a fuss about this. Of course I'll disable "global sharing", but the affair forces me to recognize how extensively Parallels bypasses OS X. I wish Apple were interested in doing a virtualization layer that respected the primary OS ...
Global Sharing shares the your entire Mac file system. It is important to note that Global Sharing is DISABLED by default.
Dapper - a tool for extracting website data
Jacob Reider used Dapper in a PBX/CallerID applet he built. New to me, so I visited the URL he provided. It looks like a productized version of the tools people build to do mash-ups. It probably creates a DOM-like model of a web page and then provides an API to manipulate that data. Here's an excerpt from the FAQ:
Dapper: Frequently Asked QuestionsIf I get a chance, I may see if I can use it to create an RSS feed for Dyer's archaic web site.
What is Dapper?
Dapper is a service that allows you to extract and use information from any website on the Internet. For those familiar with web services, you can think of Dapper as an API maker. For the rest of you, Dapper allows you to build web applications and mashups using data from any website without any programming.
What is a Dapp?
You can think of a Dapp as a "black box" which represents a specific type of page on a specific website on the Internet. The Dapp provides access to the content of that specific website in XML. This XML can then be used in any way you like, including in your next application. Furthermore, Dapper provides a set of tools to transform this XML into other formats, including RSS, email, and Google Maps...
A revised! AirPort Extreme 802.11n review from Macintouch
[Update: The Macintouch reviewer was measuring performance across a NAT interface. It turns out that NAT translation is slow in consumer devices, and it becomes a real bottleneck for connections. Most of us would never notice this, since we probably use a switch for wired devices and we do NAT translation only to connect to the Internet. In most circumstances Internet connections are so slow NAT translation is not an issue. The revised Macintouch review is favorable, as are most reviewers.]
Macintouch reviewed Apple's new 802.11n router: Review: AirPort Extreme 802.11n. It's pretty negative, though they tried to be kind. Slow, quirky, hot. Bleh.
I'll wait for version two.
One side-comment caught my eye:
[Update: A Google study on hard drive longevity claims spin down has no effect on drive lifespan. Even so, I like spin down just to reduce noise.]
Macintouch reviewed Apple's new 802.11n router: Review: AirPort Extreme 802.11n. It's pretty negative, though they tried to be kind. Slow, quirky, hot. Bleh.
I'll wait for version two.
One side-comment caught my eye:
As a side note, USB disks we attached never spun down when idle. This maximizes AirPort Disk's availability — a client will never have to wait for a disk to spin up — at the cost of increased power consumption.The power consumption is trivial, but this also shortens the life of the drive. Another negative!
[Update: A Google study on hard drive longevity claims spin down has no effect on drive lifespan. Even so, I like spin down just to reduce noise.]
Subscribe to:
Posts (Atom)