OSX Breaking The Principle Of Least Astonishment

 Computing  No Responses »
Nov 062008
 

Normally OSX is quite good when it comes to useability and not breaking the principle of least astonishment (roughly computers should avoid doing things to ‘surprise’ the user), but I re-encountered one poor area again tonight.

I was burning a CD image to a CD-R – something which is admittedly an action most commonly done by the geekier users. I normally use my Ubuntu workstation for things like that, but I suspect my CD drive is going south.

Anyway, I did the obvious thing – selected the ISO file in Finder and selected “Burn to Ubuntu.iso to Disc”. Yes you chortling OSX experts out there in the back, I did indeed end up with a CD containing a single file named “Ubuntu.ISO” on it. Or in other words I had a CD containing a file with an image of a bootable CD in it – which won’t of course boot.

So what did OSX do that was wrong ? Well there’s two things :-

  1. The message saying what it was doing should have been clearer; something along the lines of “I am about to burn a CD containing one file called Ubuntu.ISO” would have indicated that I was doing something wrong and given me the chance to hit Cancel and avoid yet another drink coaster.
  2. Finder should be capable of realising that something that looks like an ISO image needs to be burnt “as is” rather than making a file system containing that file.

And yes I did eventually realise that I needed to use “Disk Utility” to burn the CD.

UK Data Leaks: Public Sector Vs. Private Sector

 Computing, Media, Politics  No Responses »
Nov 022008
 

Today we woke up to learn of yet another UK government data leak. Apparently a memory stick was left in a pub car park. Of course as always, not is all quite as it seems; the person who actually left the memory stick where it was, actually worked for a private sector company doing contracting work for the government. So was this really a UK government data leak at all ?

Well yes, the data was government data and it does not matter who leaked it. From memory (i.e. I am too lazy to hunt down the links to check) this is not the first time that government data leaks have been caused by private contractors. Perhaps the government should stick to doing their own work when it comes to working with data that contains personal information; if there is anything more aggravating than being slated for your own stupidity it is being criticised for someone else’s stupidity.

Of course most people will be under the impression that data leaks pretty much only occur when the government is involved; somehow data leaks from private sector companies never seem to hit the headlines in quite the same way. For instance the headlines for this morning’s leaks were all about the government role in the data loss and no mention of the private sector firm involved :-

  • “Government memory stick found in pub” – Independent on Sunday.
  • Government passwords left at pub” – Guardian; also “Fears for personal data after government passwords left in pub car park”.
  • Brown says government cannot ensure data safety” – Times.

I have left out a few … I could not find the story on a few websites belonging to the gutter press, and lost interest after one too many pages with lurid colours and half-naked women popping out at me. But it’s all “the government” in those headlines; although they do in the end point out that it was a private contractor who lost the data.

Anyone reading (and trusting!) the media would be under the impression that the Government cannot be trusted with our personal information whereas private sector companies can because they rarely end up as front-page stories for losing data. Well I am not totally convinced that the Government has a monopoly on stupidity; there seems more than enough to go around.

Hunting down stories about private sector data leaks is kind of tedious because there does not appear to be that much out there, but a few stories did show up (not linking to anything before 2007) :-

The last story is particularly interesting – 56 reported data leaks from financial firms in 2008 (who are not required to report data leaks). In a report by Verizon, it is estimated that of all private sector data leaks, only 14% of leaks are from financial firms; doing a little arithmetic indicates that there have been at least 400 data leaks this year.

So is the private sector any better or worse than the public sector ? They are probably just the same – woefully irresponsible. People rarely care about information security of others in their daily lives; in fact they are often also completely naive about their own information security.

So why does the government come in for so much criticism in comparison to the private sector ? Partially it is simply that we do not get a choice in the matter of whether to do business with the government or not. And partially it probably makes for a better media story. Or perhaps the media just wants to attack the government.

Perhaps some journalist can take a proper look at the private sector leaks, do the job properly and just for once the private sector can get some justified criticism. They might also want to take a closer look at the media’s preference for attacking the government on this matter.

Onto another matter; encryption. The government response was that the only personal data leaked in this case was encrypted as though that would protect the data. Well maybe, but only if it was strong encryption. Most people who use encryption are not aware of whether the encryption method is strong or not. For instance a quick google for “Word document password recovery” returns a huge list of choices for applicatiosn which will break the encryption on Word documents – making the encryption built into Word completely pointless. But how many people who use this encryption know that they are getting a false sense of security ?

No Flash?

 Computing, General  No Responses »
Oct 212008
 

So I was trawling the web looking at chairs (one manufacturer in particular – it doesn’t matter who) available at various stockists, when I was suddenly brought up short by a little error message “Your browser does not support Flash files”.

Strangely enough the site I had just visited itself had an annoying Flash-based website … all presentation in full-screen window with non-standard navigation controls. So what was the error about ?

Well obviously my browser does support Flash, but the chances are the developers were checking for a particular version of Flash that does not exist for the operating system I use as yet. So “does not support Flash files”  is not quite appropriate, something more like “Nah! Nah! You aren’t as up to date as we are” would be more accutate.

Not really sensible however as I could have been looking to drop something like £1,000 on a chair (yes they really do cost in that region, and yes they probably are that good). Especially as the Flash site in question probably does not absolutely require all of the features of the latest version.

Ah well, I guess I won’t be buying a chair from that place then.

No More Drupal, Hello WordPress

 Computing  No Responses »
Sep 202008
 

Well it was fun playing with Drupal for a while (looks to be about 2 years), but I was not really using it to the full extent. In fact all I was doing was writing a blog, which something like WordPress can do perfectly well. And it was time I had another look at WordPress given I now have something that allows me to publish entries from my iPhone.

All of the old posts have been kept, but unfortunately the URLs are not the same so old links (or realistically links from search results) will no longer work. Something I personally hate.

iPhone: Changing The Root Password

 Computing  1 Response »
Jul 192008
 

I have just changed the root password on my iPhone from the default (really dumb of Apple to give every iPhone the same root password; it would not be much work to set the default root password from the IMEI or something). Before doing so I googled for appropriate instructions.

Nothing wrong with the technical side of the instructions out there, but none I read made a point of what I would consider basic safety for dealing with changing the root password on a Unix machine. Keep a session open in case things go wrong!

My own instructions for doing the change went along the lines of :-

  1. Open two terminals
  2. Create a new password hash with openssl passwd -crypt -salt "XX" "xyzzy" (obviously change the salt (“XX”) to two characters of your choice, and pick a better password than “xyzzy”!). Keep the output stashed somewhere safe.
  3. In both terminals ssh to the iPhone (ssh root@iphone).
  4. Copy the file /etc/master.passwd to a safe copy /etc/master.passwd.original
  5. Edit /etc/master.passwd and put the stashed has into the second field of root’s entry.
  6. Now exit from the ssh session in one window and try to reconnect with the new password.

If things have gone wrong you will have an open session available to fix things (cp /etc/master.passwd.original /etc/master.passwd would be worth trying) whereas without you are kind of stuck.

 Older Entries  Newer Entries