29 Jun

Schneier on Security – Yet Another “People Plug in Strange USB Sticks” Story

Maybe it would be if the response if 60% of people tried to play the USB sticks like ocarinas, or tried to make omelettes out of the computer disks. But not if they plugged them into their computers. That’s what they’re for.

People get USB sticks all the time. The problem isn’t that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick. The problem is that it isn’t safe to plug a USB stick into a computer.

Quit blaming the victim. They’re just trying to get by.

via Schneier on Security – Yet Another “People Plug in Strange USB Sticks” Story. Have to agree with Bruce Schneier, the problem isn’t people plugging a device into their computer for which they have no reason to suspect harm from.

28 Jun

Utoxin’s Random Insanity – CakePHP + Symlinks = Pain

Now that I’ve had a day or so to recover, I’m going to tell you about what I just spent 2-3 weeks trying to resolve. By way of explanation, our main product at work is a CakePHP based CMS application. It has a lot of neat features, including the ability for users to upgrade to newer versions any time they choose. We keep all versions present in /etc/precious_core/<version_number>/, and each user has a symlink to the relevant directory in their webroot.

When they upgrade, part of the process is to replace that symlink with a new on that points at their new version. For a long time we’ve known there was a problem of some kind related to CakePHP’s cache that developed after upgrades, but it was never a huge problem, so we mostly just ignored it. However, in a recent release, it started causing major problems, and I got tasked with finding and fixing the actual bug. I figured it would take a day or two, and I’d be done with it. Little did I know just how painful this was going to be.

I initially tried several ways of forcing the cache to get cleared when the app was upgraded. That worked well, as far as it went, but then a new problem surfaced. At least half the time, the cache would re-populate with bad data after an upgrade. Some of the cached file paths would be for the wrong version of the central app, for no apparent reason. I tried throwing even more thorough cache clearing at it. Things got a little better, but it still wasn’t working.

Finally, I fully duplicated our production setup on my local dev machine, parallel version directories included, and installed a PHP debugger, so I could step through the code and figure out what exactly was going on.

via Utoxin’s Random Insanity – CakePHP + Symlinks = Pain. Debugging oh what a joy it is.

28 Jun

Pastebin.com – Ok, I came up with an example. Programming is like doing a massive sudoku.

Ok, I came up with an example.

Programming is like doing a massive sudoku. But you’re not just doing you’re own square, you have to line up the edges with squares that you’ve already done, or squares other people in your team are working on.

And it’s not just squares that you’ve done, you have to anticipate the sudoku’s you’ll be doing days, weeks or months from now, and leave easy numbers at the edges so it isn’t impossible to do those squares.

And that’s why some programmers are so engrossed in it, and get all worked up, because they’re like "You left a 5 in the middle of the square, what kind of asshole does that, now I’m gonna have to line all my square up with that".

And then someone points out a bug, an you have to trace it back to the square it came from, and then redo that square without screwing up all the other ones.

And after a few hours of that, you either surf facebook and go on IM, or you start growing a beard and forgetting to wash and getting weirdly obsessed with star wars, and people look at you weird and they’re like why do you care about it so much, and through the bleary screen-burnt eyes of your insanity you reply "The squares, can’t you see, the squares, they’re so beautiful"

And that’s why programmers don’t get invited to parties.

What was your question again?

via Pastebin.com – Ok, I came up with an example. Programming is like doing a massive sudoku.. Just a little to close to home.

28 Jun

Tapbots Blog – Tweetbot 1.2.1, 1.3 and the State of Push Notifications

Still not going to happen. It’s just not what Twitter is about and we don’t really want it in our app. But the beauty of the app store is if you really want it, there are 50+ Twitter clients that already have that feature. Take your pick! And no, we aren’t trying to be mean here. We are trying to build the best client experience we can for the majority of our users. We can’t and won’t even try to please everyone.

via Tapbots Blog – Tweetbot 1.2.1, 1.3 and the State of Push Notifications. Following the footsteps of the awesome team at 37Signals, have an opinion, which helps explain why Tweetbot is #winning in my opinion.

28 Jun

Grist – The American suburbs are a giant Ponzi scheme

What we have found is that the underlying financing mechanisms of the suburban era — our post-World War II pattern of development — operates like a classic Ponzi scheme, with ever-increasing rates of growth necessary to sustain long-term liabilities.

via Grist – The American suburbs are a giant Ponzi scheme. I can’t say I agree with this, but it fits my perception of America’s infrastructure.

28 Jun

GitHub – Linguist

From time to time we get requests asking us to add support for new highlighting lexers, recognize additional extensions as certain languages, or ignore a directory from a repo’s stats graph.

The code for these concerns was scattered around the app. I decided to unify and package them all up into a single library. Now it’s open source.

So if you notice an unrecognized extension or you’re really into some obscure language that isn’t supported yet, now is your chance to help contribute back.

via GitHub – Linguist. Awesome job GitHub, nice to let the community help build out detection for specific languages and frameworks.

27 Jun

Electronic Frontier Foundation – Know Your Rights!

Your computer, your phone, and your other digital devices hold vast amounts of personal information about you and your family. This is sensitive data that’s worth protecting from prying eyes – including those of the government.

The Fourth Amendment to the Constitution protects you from unreasonable government searches and seizures, and this protection extends to your computer and portable devices. But how does this work in the real world? What should you do if the police or other law enforcement officers show up at your door and want to search your computer?

EFF has designed this guide to help you understand your rights if officers try to search the data stored on your computer or portable electronic device, or seize it for further examination somewhere else.

Because anything you say can be used against you in a criminal or civil case, before speaking to any law enforcement official, you should consult with an attorney.

via Electronic Frontier Foundation – Know Your Rights!. EFF has a brief overview of rights that you have with your technology.

23 Jun

BBC News – Netherlands makes net neutrality a law

The Dutch may become the first in Europe to use Skype and other web-based services on smartphones for no extra charge.

On 22 June, the Dutch Parliament passed a law stopping mobile operators from blocking or charging extra for voice calling done via the net.

The bill must now pass through the Dutch senate, but its passage is expected to be a formality.

The move may prove crucial in Europe’s on-going debate over net neutrality.

Net neutrality is controversial around the world, with heated discussions on the subject taking place in the United States, Europe and many other regions.

The idea it enshrines is that all internet traffic should be treated equally, regardless of its type – be it video, audio, e-mail, or the text of a web page.

via BBC News – Netherlands makes net neutrality a law. The Netherlands of course makes the right call.

23 Jun

Should I Change My Password?

ShouldIChangeMyPassword.com has been created to help the average person check if their password(s) may have been compromised and need to be changed.

This site uses a number of databases that have been released by hackers to the public. No passwords are stored in the ShouldIChangeMyPassword.com database.

via Should I Change My Password?. I’m safe at least at the moment, how about you?

22 Jun

NYTimes.com – Capital One’s Response to Outrage Over ING Direct Purchase

We here at Bucks wondered if this outpouring of emotion gave the folks at Capital One pause, so we asked them some questions that seem to be on customers’ minds. The bank declined to provide “yes or no” answers to queries about specific changes, saying it was too soon to do so. But the spokeswoman Tatiana Stead did offer the following responses via e-mail.

To us, it looks like they’re at least leaving open the option of adding fees and minimum balances and subsuming the ING Direct brand altogether. Do you feel reassured by the responses below?

via NYTimes.com – Capital One’s Response to Outrage Over ING Direct Purchase. Not much here to read, but it interests me. Capital One dances around answering any real questions beyond acknowledging that ING Direct generates strong feelings from customers.