This is BrainLog, a blog by Dan Sanderson. Older entries, from October 1999 through September 2010, are preserved for posterity, but are no longer maintained. See the front page and newer entries.

October 2006 Archives

October 31, 2006

Schneier on Security: Renew Your Passport Now!

If you have a passport, now is the time to renew it -- even if it's not set to expire anytime soon. If you don't have a passport and think you might need one, now is the time to get it. In many countries, including the United States, passports will soon be equipped with RFID chips. And you don't want one of these chips in your passport.

My DSL provider, Speakeasy.net, called me the other day to let me know that they've had reports of spam being sent from my IP address. We'd been having problems with our Airport (Apple-brand wireless access point) lately, so I had switched to a Linksys WAP temporarily. I haphazardly left the security feature (WEP encryption with a password) for the Linksys turned off, thinking it'd be only a week or two before I got around to troubleshooting the Airport. Two months later, I learned a lesson I already knew: If you don't secure your wifi, someone can use it for bad stuff.

But something else had never occurred to me before. I generally thought that even though someone could use my wifi for bad stuff, they'd have to be within 100 yards of my house to do so, and the odds that my neighbor would be a baddy seemed slim enough that I was comfortable letting him use my network if he wanted. I still believe that to be true: It's unlikely that my neighbor is purposefully hijacking my network to send spam. The new bit is the realization that his computer could be compromised by any manner of Windows malware, and someone else not within 100 yards of my home is probably doing the spamming over my Internet connection.

I don't know for a fact if there is actually any botnet malware that hunts for open wifi and uses it for misdeeds, but it seems damned compelling and definitely possible. And not only could a compromised machine be using my Internet connection, but it could also be snooping traffic. Even if I encrypt my connection, the malware could take its time using my neighbor's computer to collect my packets and crack my keys.

Maybe you trust your neighbor not to snoop your traffic or abuse your Internet connection. But do you trust your neighbor to keep their computer secure and malware-free?

Real wifi security still isn't completely supported by many devices. The most available method is WEP, and WEP has proven to be exceptionally weak, even if the keys are long (128-bit > 40-bit, but still weak for WEP). WEP isn't even sufficient if you configure your access point to only allow certain MAC addresses (ID numbers assigned to your computer's networking hardware at the factory), because with WEP, MAC addresses can be snooped from the wifi traffic itself, then forged with the attacker's hardware. The newer WPA solves many of the problems with WEP, but consumer-grade WPA is still based on a user-selected password, and your security will only be as good as the password you pick, so make it long and complicated, random if possible. Of course, my TiVo uses a wireless Internet connection to get scheduling data, and does not support WPA.

If snooping is your concern (and not just unauthorized use of the connection), be sure to encrypt your traffic at the application layer: Use VPN software, or communicate over "secure connections" like SSL (as used by reputable banking and shopping web sites, with "https://" in the address).

Wikipedia article on wi-fi security. Scary wi-fi cracking how-to. Securing your Airport Extreme network with WPA.

October 30, 2006

Firefox 2.0. Session restore, new tabbed browsing features, and a spell checker for every form field. I love the new tab designs, and not just that each tab has its own close button. (Unlike Safari, the close button does not appear unless the tab is selected. Time will tell if that's really a good idea.)

I'm also trying out the del.icio.us plugin, which replaces the browser's bookmarks facility with a taggable, networked bookmark facility that uses your del.icio.us account. My biggest gripe is that the browser's local bookmark feature is completely unavailable while this plugin is installed, which means I can't bookmark work-related intranet and testing sites without sending potential company secrets to Yahoo. That said, this plugin is likely to replace my own makeshift networked link collection solution for its browser integration.

Consuming Amazon's Web API Directly with Javascript (via JSON and XSLT).

October 25, 2006

Bill Nye the Science Guy on Pluto [YouTube].

October 24, 2006

Introducing Tangerine, a new Mac app that analyzes the music files in your iTunes library and guesses at its Beats Per Minute from the contents of the file.

New Scientist: Imagine Earth without people. Diagram from the article (hosted at TreeHugger.com).

I think about this scenario a lot, for some reason, though with more of an interest in what would happen in the short term. I'd assumed that electricity distribution networks would suffer immediately, and take out most human support infrastructure with it within a couple of days. The article suggests blackouts in 24-48 hours simply from power stations that rely on human effort to load fuel into generators; I was thinking more about cascade failure effects in complex networks. The effect of neglect on nuclear reactors is mentioned, though no timeline is suggested.

October 23, 2006


1999 | 2000 | 2001 | 2002 | 2003 | 2004 | 2005 | 2006

Google office destined to be mashed. APIs for Google Office are essential to its success, as they will be for all major web-based applications.

FreeCulture.org's Down With DRM video contest winners.

October 19, 2006

5 ways to save on your monthly software rental bill in the year 2056.

Mozilla Lightning, a calendar extension for the Mozilla mail client Thunderbird, just released version 0.3. This version includes rudimentary support for Microsoft Exchange meeting invitations. It's still a very early release with a bit of a clunky UI, but the basic mechanisms, like add-to-calendar and alarms, are there.

One notable drawback: Lightning does not put accepted invitations on your Exchange calendar, only your local calendar. Putting meetings on your server-side calendar is essential to prevent people from scheduling conflicting meetings. So the early adopter best practice would have to be to accept the invite in Lightning first to set up the reminder on your Linux desktop, then accept it again in Outlook to make sure it's on your public calendar.

October 17, 2006

The Myth of Prodigy and Why it Matters, an article about Malcolm Gladwell, precocity, and what makes a gifted person.

The Chicago Manual of Style is ramping up their subscription-based online edition. They've removed the free login wall to their search engine, so you can search for entries without registering for an account. However, the search results will merely indicate a paragraph number (that corresponds with the 15th edition). If you subscribe, you can access the full contents of the book. Subscription is $25/year for individuals, with lower per-user rates in groups.

You can also buy the CD-ROM edition for $60, or you can just buy the book and use the index like a normal person for $35. Or get a used copy of a previous edition for $4. Or make up your own style, because nobody can tell you what to do.

Wikipedia entry on "Make Love, Not Warcraft", the recent episode of South Park about World of Warcraft. The episode includes many scenes set and rendered within WoW, built with the assistance of WoW's parent company Blizzard. WoW fans have embraced the episode, and the Wikipedia entry has a great deal of WoW-specific information.

October 16, 2006

RuBot II, the Rubik's cube solving robot (video and caption). Geek panache.

It's too obvious to me what movie the music is from, but I wonder how many kids that boy's age have seen it. Or are we '80s kids making our offspring watch all that stuff?

Macworld: Secrets: Get more from Mail. Includes some I've been dying for but never knew they were possible in Mail, like changing the From address on outgoing messages.

XML.com: Introducing WSGI: Python's Secret Web Weapon. Part II.

October 6, 2006

The 12th Annual Interactive Fiction Competition is now in the downloading-playing-judging phase. Go get an interpreter and try out the latest crop.

Wired lists good movies in the public domain, most of which are freely (and legally) downloadable. Detour (1945) is #1, Night of the Living Dead (1968) is #3.

October 3, 2006

Ben Folds cover of Such Great Heights [YouTube]. (Thanks Jason.)

Higher-Order JavaScript, a JavaScript companion to Mark-Jason Dominus's Higher Order Perl.

October 2, 2006

Ruby Metaprogramming techniques.

The Philadelphia Orchestra does it right. Really. [dive into mark] (Via Gruber; Mark via Boing Boing.) The Philadelphia Orchestra opens its online music store, where you can buy CDs, but also downloadable tracks in a lossless, non-DRM, open format that's CD quality. Burn them to CD to get a full-quality disc, or convert them to your favorite format to play on your favorite player.

Free download of the MP3 version of Beethoven's 5th, limited time only. (Buy the FLAC version for $6.)