Because one of our children needs a new computer, I’ve ordered a brand new 15″ MacBook Pro … for myself. Our child will get my current MacBook 13″. Don’t look at me like that! I’m more of a power user than our child is. And I’m older. Also, I’m paying for it. But mainly it’s a totally rational decision that happens to work out in my favor.

I know that setting up the new Mac will be simple. I’ll plug my old one into the new one (I’m getting a firewire cable that’s 400 on one and 800 on the other, and if that doesn’t work, I’ll connect through the ethernet ports) and the new Mac will suck the life force (= my user directories ‘n’ stuff) out of the old one.

What will really take some time is rebuilding my Bootcamp Windows XP partition: Reinstall XP, and reinstall the few apps I use. (I am still using Microsoft Money, waiting for the new version of Quicken for the Mac, which keeps getting postponed.) I’d much rather clone the old Bootcamp partition onto the new machine. So, I looked around and found Bart PE and YouTube instructions for burning a Bart PE boot disk. I believe I now have to make a disk image of my current Windows partition, save it onto a USB hard drive, and then, well, I don’t exactly know, but I’ll figure it out. Maybe.

[Tags: macbook mac windows os_x clone bootcamp ]

5 Comments »

Here’s an except from a message Gary Stock sent to a mailing list (used with permission):

Works:
http://www.tsa.gov/

Fails:

http://tsa.gov/

Network Timeout
The server at tsa.gov is taking too long to respond.

(Don’t you suppose that’s hundreds of people, or more, every day?)

Presumably, because the underlying address is:

http://tsagov.edgesuite.net/

…which seems awfully damn strange to begin with!

I work in server config only infrequently, but there are at least two
very reliable methods to make “http://tsa.gov” function — some one of
which *should* be invoked. Either add a DNS CNAME record, OR use
.htaccess locally for a 301 redirect. (More obscure DNS record or
server conf alternatives are left as an exercise for the reader ;-)

Anyone at the TSA listening (= ego-surfing) and care to make the change? (PS: The TSA blog continues to be a model. Also, fun.)

[Tags: tsa transportation_safety_administration e-gov ]

Be the first to comment »

I just upgraded WordPress (well, BradSucks actually did it for me. Thanks, Brad!) and while I (um, he) was at it, I upgraded to the latest version of Apture. Apture lets you overload a link with whole bunches of information that pop up when a user clicks on it. The new version lets you add the Apture links while you are typing into WordPress’s “Add New Post” edit box, as I’m currently doing. This is more convenient than having to go back through your post to add the Apture links, but, more important, links added while in the edit box get saved locally. So, if Apture should — perish the thought! — someday perish, the links will still work. (If you add more than one destination to an Apture link, as I did for the BradSucks link, only the first one is saved locally, which is a very reasonable solution.)

Apture is free to sites with fewer than 5M page views. The new version also lets you add your own sources of links, in addition to coming loaded with Wikipedia, Flickr, Yahoo search (because Google search doesn’t have the API Apture needs) and a bunch of others.

5 Comments »

E Ink has sold itself to Prime View International, a large Taiwanese display manufacturer, and I don’t understand why.

Now, it’s not surprising I don’t understand why. I have no info about E Ink’s financial state other than this article by Robert Weisman in the Boston Globe, and in any case I’m not a great financial guy (and I have the bank statements to prove it). So, my surprise may well be due to nothing but ignorance. Nevertheless, here’s why I was taken aback by the announcement.
E Ink is on a roll in a market that is about to explode (in the good sense). After ten years of work developing a low-power, highly legible display, it’s got something that works. Thanks to Kindle, it’s proven itself in the mass market and it’s in lots of people’s hands. And the market is about to take off now that we have digital delivery systems, a new generation of hardware, and a huge disruption in the traditional publishing market. So, why would E Ink sell itself?

The price — $215M — seems relatively low for such a hot product. If they need the money to fund R&D or to build manufacturing facilities, surely (= it’s not at all sure) there were other possibilities. Apparently the market crisis made an IPO implausible, although, to tell the truth, I — with my weak financial grasp — am not convinced. Investors are looking for places to invest, and E Ink looks like it’s exactly the sort of company they’d love to back: a proven leader in a market that’s obviously on the verge of explosive growth. It’d be like getting in on the early stage of iPods, only potentially bigger, since everyone who reads eventually will have an e-reader. But, if an IPO was out, why wouldn’t E Ink have preferred other forms of investment, including giving a partnership and equity stake to Prime View?

The most likely explanation by far is that I don’t understand what I’m talking about. Another explanation is that the company and its investors simply wanted to cash in by cashing out; the Globe article suggests this. But, that again raises the question of why they’d want to exit a company with a product in a market that’s about to take off. Perhaps they have reason to think the market is not going to take off , but that seems wrong; note that Google yesterday announced it’s going to enter the online book sales business. Or maybe they have doubts about E Ink technology. Maybe they worry the cost won’t drop fast enough for a commoditized market. Maybe color isn’t on its way fast enough. Maybe they’re worried about the inability (or so I’m presuming) of their tech ever to handle video, since the winning e-reader will eventually be multimedia. Maybe they know about ebooks on the way — Apple iPad or whatever the presumed product will be called — that will make static, black-on-gray pages seem obsolete.

So, I don’t know. But it smells fishy to me…although, as I may have mentioned, my financial sniffer has never been very reliable, and I’ll be happy to be set straight about this.

[Tags: e_ink kindle displays ebooks e-books everything_is_miscellaneous ]

11 Comments »

From Shannon Clark, from a mailing list, with permission (and a very few light edits because of its original mailing list context):

I just got back from Google IO – but couldn’t hangout as long as I wanted to this afternoon, but I did talk with some of the Wave team.

It is not yet released, they have published dev docs and are taking signups for people who are interested and they are working on opening it up as quickly as possible.

From what I’ve seen so far, it indeed looks exceptionally cool – and is very important to the future of the web.

It is also, and this is a key point, tied closely to the release and support of HTML 5 – so watch how that progresses in Chrome & Safari – Version 4 of Safari is in beta and available easily btw (and watch for the release of Firefox 3.5) – when those are released out of dev into prod supporting HTML 5 I’d predict we’ll see Wave (and likely other surprisingly powerful applications) start to get released that take advantage of HTML 5′s features.

In particular the “Web Worker” feature which allows for a web page to do background processing is pretty key – potentially I suspect also a security concern (though I hope this is not the case) but more practically it means that web pages can do even more intensive processing without killing your ability to switch tabs & keep working (some other moves Google is proposing would enhance this capabilities even further)

The other features are also pretty nifty

- a standard data store to allow for offline applications (without a plugin like Google Gears being required),

- standard ways to do geolocation (where the browser/OS chooses which tools to use to calculate it, the web page only gets the data if you give it permission to do so),

- a video tag also removing yet another plugin being needed – it also allows multiple video elements of a page to manipulated by CSS & Javascript – Google demoed a YouTube page where every thumbnail could play on mouseover – all while loading very quickly) – see http://youtube.com/html5 if you have a dev release which is HTML5 compatible

- a canvas tag which is an area that is pixel level addressable by javascript – allows for really smooth applications to be built & developed

– in talking with people at Google they definitely intend to open source the client & eventually probably the server – currently the whole app is over 1M lines of code which they are reviewing to ensure they can in fact open source all of it (my guess is the would rewrite sections they can’t open source currently – stuff that perhaps uses a licensed library etc)

The plan is for companies or organizations to be able to run their own Wave servers – which might then do federation.

That said, from the conversations it sounds like they have found issues and complications with Federation so that may be a feature left out early on (which isn’t a big deal for the initial releases if Google will be hosting all of the first Waves).

Look carefully at some of the posts about Wave – in particular the distinction between Gadgets & Robots. Gadgets being stuff like the existing OpenSocial apps (which will mostly all work directly) – chess games & other rich, usually social applications which will be embedable into a specific wave.

Robots on the other hand are much like old IRC robots – but can do much more than just respond to a chat/hold a conversation – they will also be able to modify a wave much as any other user – so they could do automated spell checking/translation, could modify/enhance content which is posted (making stocktickers links or the like), and can serve as bridges with other systems – so one of the first Google wrote links specific tweets into a Wave.

Very cool stuff

[Tags: google google_wave googlewave ]

2 Comments »

Chris Soghoian is giving a Berkman lunchtime talk called: “Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era,” based on paper he’s just written. In the interest of time, he’s not going to talk about the “miscreants in government” today.

Pew says that “over 69% of Americans use webmail services, store data online, or other use software programs such as word processing applications whose functionality is in the cloud.” Chris’ question: Why have cloud providers failed to provide adequate security for the customers. (“Cloud computing” = users’ data is stored on a company server and the app is delivered through a browser.)

He says that providers are moving to the cloud because they don’t have to worry about privacy. Plus they can lock out troublesome users or countries. It lets them protect patented algorithms. They can do targeted advertising. And they can provide instant updates. Users get cheap/free software, auto revision control, easy collaboration, and worldwide accessibility. Chris refers to “Cloud creep”: the increasing use of cloud computing, its installation on new PCs, etc. Vivek Kundra switched 38,000 DC employees over to Google Docs becore he became Federal CIO. “It’s clear he’s Google-crazy.” Many people may not even know they’ve shifted to the cloud. Many cloud apps now provide offline access as well. HTML 5 (Firefox 3.5) provide offline access without even requiring synchronizers such as Google Gears.

Chris says that using a single browser to access every sort of site — from safe to dangerous — is bad practice. Single-site browsers avoid that. E.g., Mozilla Prism keeps its site in its own space. With Prism, you have an icon on your desktop for, e.g., Google Docs. It opens in a browser that can’t go anywhere else; it doesn’t look like a cloud app. “It’s a really cool technology.” Chris uses it for online banking, etc.

Conclusion of Part 1 of Chris’ talk: Cloud services are being used increasingly, and users don’t always know it.

Part 2

We use encryption routinely. SSl/TLS is used by banks, e-commerce, etc. But the cloud providers don’t use SSL for much other than the login screen. Your documents, your spreadsheets, etc., can easily be packet-sniffed. Your authentication cookies can be intercepted. That lets someone login, modify, delete, or pretend to be you. “This is a big deal.” (The “Cookie Monster” tool lets you hijack authentication cookies. AIMJECT lets you intercept IM sessions; you can even interject your own messages.)

This problem has been wn since August 2007, and all the main cloud providers were notified. It took Google a year to release a fix, and even so it hasn’t been turned on by default. Facebook, Yahoo mail, Microsoft, etc. don’t even offer SSL. Google says it doesn’t turn it on by default because it can slow down your computer, because it has to decrypt your data. But Google does require you to use it for Google Health, because the law requires it. To get SSL for gmail, you have to go 5 levels down to set it.

So, why doesn’t Google provide SSL bu default? Because it takes “vastly more processing power,” and thus is very expensive for Google. SSL isn’t a big deal when done on your computer (the client computer), but for cloud computing, it would all fall on Google’s shoulders. “If 100% of Google’s customers opt to use SSL, it sees no new profits, but higher costs.” “And Google is one of the better ones.” The only better one, in Chris’ view, is Adobe, which turns it on by default for its online image editing service. [Here's a page that tells you how to turn on SSL for a Google Accounts account.]

Chris thinks that cloud computing security may be a type of “shrouded attribute,” i.e. am attribute that isn’t considered when making a buying decision. But, Chris says, defaults matter. E.g., if employees opt employees into a 401K, no one opts out, but if you leave it to employees to opt in, fewer than half do. Facebook, for example, seems to blame the user for not turning privacy features off. “Users should be given safe services by default.”

Part 3: Fixing it

Chris draws analogies to seatbelts and tobacco legislation. He recommends that we go down the cigarette pathway first: Raise publice awareness so that they demand mandatory warnings for insecure apps. E.g., “WARNING: Email messagew that you write can be read, intercepted or stolen. Click here to turn on protection…” [Chris' version was better. Couldn't type fast enough.]

Or, if necessary, we could pass regulations mandating SSL. T he FTC could rule that companies that claim their services are safe are lying.

Q: [me] How much crime does this enable? A: The tools are out there. But there's no data because intercepting packets leaves no traces.

Q: How about OpenID?
A: The issue of authentication cookies is the same.

Q: Should we have a star rating system?
A: Maybe.

Q: The lack of data about the crime is a problem for getting people to act. Maybe you should look at the effect on children: Web sites aimed for children, under 18 year olds using Facebook…
A: Good idea! Although Google’s terms of service don’t allow people under 18 to use any of their services.

Q: People also feel there’s safety in numbers.

Q: How much more processing power would SSL require from Google?
A: Google custom builds its servers. Adding in a new feature would require crypto-co-processor cards. I don’t think they have those. They’d have to deploy them.

Q: There are GreaseMonkey scripts that require FB to use SSL. Worthwhile?
A: FB won’t accept SSL connections.

Q: Google Chrome’s incognito mode? Does it help with anything?
A: It helps with porn. That cleans up your history, but it doesn’t encrypt traffic.

Q: The vast majority of people where I live don’t lock their house doors. And [says someone else] people don’t lock their mailboxes even though they contain confidential docs.
A: Do you walk around with your ATM PIN number on your forehead? Your bank uses SSL because it’s legally responsible for electronic break-ins, whereas Google isn’t.
A: The risk is small if you’re using a wired ethernet connection or a protected wifi connection.

Q: With seatbelts and smoking, your life’s at risk. For Gmail, the risk seems different. There aren’t data, screaming victims, etc. It makes the demand for regulation harder to stimulate.
A: The analogy doesn’t work 100%. But I think the disanalogy works in my favor: It’s hard to have a cigarette that doesn’t harm you, but it’s easy to have a secure SSL connection.

Q: Shouldn’t business care about this?
A: Yes, CIO’s can make that decision and turn on encryption for the entire org. Consumers have to be their own CIOs.

[from the IRC] Maybe the govrnment wants Google to be insecure to enable snooping.
A: Allow me to put on my tin foil hat. Last year the head of DNI said that the gov’t collects vast amounts of traffic. We don’t know how they’re doing it, which networks they’re collecting data from. If Google and AT&T, etc., turned on SSL be default, the gov’t's job would be much harder. Google has other reasons to keep SSL off, but it works out to the gov’t's benefit.

Does Adobe’s online wordprocessor, Buzzword, offer SSL for its docs?
A: Don’t know. [It does] [Tags: security identity_theft google ssl ]

3 Comments »

If you are having the crcdisk.sys hang in Vista, check this forum. You’ll know that you have this problem if your screen goes blank and hangs during startup, and if when you do a Safe Mode startup, it hangs at the line that says it’s doing the crcdisk.sys thang (which does a check on your hard drive).

The hang apparently can be caused by a few different factors, including trying to install Vista 64 with 4 GB of RAM (although this may have been fixed by now). For me, it was a problem with one of the drives that is not the boot drive that has Vista on it; it is probably not a coincidence that this occurred when I was rebooting after a power outage and — to pile it on — when an automatic update was due to be installed upon reboot. I physically unplugged the flaky drive and the system started up.

Yay.

[Tags: visa crcdisk.sys ]

5 Comments »

Last night I installed a new, blank hard drive on my MacBook. I installed from Time Machine, which went quite well. (I physically installed it, booted from a Leopard system disk, partitioned the disk via Tools > Disk Utility, restarted with the Time Machine external disk plugged in, went to Tools > Restore from Backup, chose the latest backup, and came back three hours later.) The process resulted in a painless transfer. Everything was working (as far as I can tell) except for the internal web server; my browser told me that it could not connect to http://127.0.0.1. I tried lots of things, including editing my httpd.conf file, following Webby advice (how could I go wrong?). Despite multiple restarts of apache, via Systems Pref and the terminal, no dice. (BTW, I’m running Leopard 10.5.6)

My friend Billo, diagnosed the problem almost immediately: I had no apache2 directory in /var/log/. So, I made one, changed the permissions, and a minute later, it was all up and running. (Thanks, Billo!)

In case you are feeling adventurous, here are the various commands to use in the terminal. (Note: I’m not good at this stuff. I’m likely to be giving you bad advice here. Most of it is pretty much non-destructive, though. I think.)

To restart the web server (=apache2): apachectl restart (Apachectl is in /usr/sbin/)

To create an apache2 directory in /var/log:

cd /var/log/
mkdir apache2
chown root apache2
chmod 755 apache2

It may take a minute or two for things to start working. If they do, when you go to http://127.0.0.1 in your browser, you should get a default page telling you that apache is working. And you’ll probably have to log in as root in the terminal to get permission to do this stuff.

Good luck. And, most important, don’t blame me!

[Tags: mac os_x apache restore_from_time_machine web_server leopard ]

2 Comments »

Suw Charman-Anderson has started a pledge at PledgeBank that asks 1,000 people to agree to blog about a woman in technology on the birthday of Ada Lovelace, March 24. [Later: Oops. That's not her birthday. March 24 is just a day Suw chose at random because Lovelace's birthday is too far away to wait.] [Tags: ada_lovelace women_in_technology ]

[Note: I've closed the comments on this post because it's become a spam magnet. - May 13, 2009]

Be the first to comment »

Here’s what my Chumby looked like last Channukah when I got it:

It was sort of fun, but priced about three times higher than its worth, at least to me. And, amazingly, the single most obvious widget — the one that might make it price competitive — doesn’t exist: Plug in a USB drive and have it show the photos that are on it. (It does show photos from your Flickr account.)

Anyway, my Chumby died yesterday, almost a year to the day I got it. I performed a Chumbectomy but was unable to resuscitate it. Here are its innards, for those of you who’ve wondered:

[Tags: chumby ]

2 Comments »