chxo internets RSS

A network of memes,
by Chris Snyder

See also
CHXO Internet
twitter.com/64

Archive

Jun
22nd
Mon
permalink

Kindle download policy clarified... mostly

KindleGate: Confusion Abounds Regarding Kindle Download Policy | Gear Diary

The long and short of it seems to be that, as promised, you can download a book as many times as you need to, but it can only be on a certain number of devices at a time. Usually, but not always, six.

As in, “Six readers ought to be enough for any book.”

DRM sucks, but okay, at least they’re playing fair with the unlimited downloads. We can call off the lawyers for now.

Jun
8th
Mon
permalink

Is Internet Voting Safe?

Is Internet Voting Safe? The answer, of course, is not really. And it likely never will be in the way most folks imagine it. Here’s why:

Small-scale fraud is relatively easy with both paper ballots and electronic ballots. Look up any recent federal election for ample evidence of both.

But, as pervasive as it is, physical ballot fraud doesn’t scale well. It’s much harder to stuff ballots statewide than it is in just one county or polling place. Too many people have to be involved there are too many eyes on the system for large-scale fraud to go undetected.

Electronic fraud, because carried out in software, scales easily and automatically as soon as some exploit or security compromise can be found that enables it. Just look at how much spam is unwittingly sent by people’s PCs. Spamming and e-ballot-stuffing are two very different crimes, but the same kinds of client expoloits can be used for both.

Given sufficient motivation and time, an attacker can find one or more exploits in any internet voting system the runs on untrusted hardware, or on any upstream access point or router. He can then use that exploit to deploy programs that generate, alter, or prevent some number of ballots, systemwide.

Yes, properly implemented cryptographic potocols help, as do physical steps in the process (paper trails). The Arizona system discussed in the Wired article is a printable absentee ballot, not an online voting booth.

But no, I don’t think these methods help enough, not when real power is at stake.

At the very least, electronic voting should be limited to low-stakes offices and opinion polls, and even then results should be vetted using independent sampling. Votes should also be, for good measure, cryptographically verifiable by voters.

Jun
7th
Sun
permalink

Amazon Recalling Some Kindle2s?

I got an email from Kindle support the other day, asking me to call them “at your earliest convenience.” Thinking that it was some kind of phishing attempt, I ignored it. But when they left a message on my home phone my curiousity got the better of me and I had them give me a call (via the Call Me feature of Amazon’s site).

The whole thing might be an experiment in how many times they can put a customer on hold before actually getting to the point of why they want to talk to you (note to Amazon: can you please just be up-front about why you’re contacting me?) but I had nothing better to do so I stuck with it.

Turns out they’re sending me a replacement Kindle2, because of something to do with the wireless hardware and planned upgrades they are making to their system. I asked if my first-gen Kindle would be affected and the rep said no. At no point was the word “recall” used, and yet that’s sure what it feels like.

Jun
1st
Mon
permalink

Smart GMail Trick: Mute a Thread

You know those email threads which you don’t really care about, but which someone seems to post to every day for a week? You archive them, but they keep reappearing in your inbox with every new post. 

Google calls this “the thread that just won’t die”, aka thread from hell.

Well, now you can silence them permanently by using GMail’s mute feature. View or select the thread(s) and type ‘m’ to mute. Bliss for compulsive inbox cleaners!

May
10th
Sun
permalink

SSH - How to find remote host fingerprint

With OpenSSH, ssh-keygen is the go-to utility for discovering RSA public key fingerprints, both local and remote, using the -l (lowercase L) switch, and either -f for local keys or -F for keys stored in your known_hosts file.

To find out a remote server’s known-good ssh key fingerprint, use the ssh-keygen command:

ssh-keygen -l -F <hostname>

Normally, ssh shows you the remote RSA key fingerprint when you first connect. But then you never see it again, because the key itself is stored in your .ssh/known_hosts file. Even when connecting in verbose mode, you don’t see it. Ssh compares the key it receives from the remote with the key in known_hosts, skipping the fingerprint step altogether.

So why would you want to see the fingerprint of a known key?

Well let’s say, for example, that you routinely ssh to cloud.example.com from your workstation. Then you get a netbook. The first time you ssh to cloud.example.com on the netbook, using wi-fi, the client shows you what looks like the wrong fingerprint. Is someone in the middle?

You can run ssh-keygen -l -F cloud.example.com on your workstation to see the key fingerprint for aws.example.com. According to the ssh-keygen manual, this looks up cloud.example.com in your known-hosts file, and then shows you the fingerprint of the matching entry:

ssh-keygen -l -F cloud.example.com
# Host cloud.example.com found: line 25 type RSA
2048 c4:63:f2:8b:ca:71:9b:e5:a7:2e:8a:de:49:ef:99:25 cloud.example.com (RSA)

Now you can compare with what the netbook sees, and either continue connecting or go raise hell with the wi-fi operator.

May
9th
Sat
permalink

Friday Java Bashing

“Solr is popular with the enterprise crowd, who love its Java.

“Being a Java program, Solr includes no shortage of technology whose acronyms contain the letters J and X. This tickles the enterprise pink, because these sorts of developers love nothing more than hanging out around a whiteboard drawing boxes and arrows and, from time to time, writing XML to make it look like they’re doing real work.” - Ted Dziuba, in a short feature on Sphinx

Oh, snap!

May
8th
Fri
permalink

Kindle is a Short Tail product

In re The Kindle Lets amazon Make a Lot From the Few (via Daring Fireball), I feel the need to point out two things, which should be of interest to any company or organization pushing intellectual property in our brave new digital world.

First, a $400 book reader is only going to appeal to people who read a lot of books. You don’t spend that kind of money if you only read books on vacation. So of course Kindle purchasers are going to be some of Amazon’s best customers. 

Second, the Kindle provides instant gratification for book lovers. I can buy a book from anywhere with Sprint coverage and be reading it in under 5 minutes. No trip to the bookstore, no sales clerks, no waiting for UPS to redeliver. It’s right there, in my hands, whenever I want it. 

I read a lot of books. 99% of the books I buy are now purchased, electronically, from Amazon, at what I can only assume is an enormous markup for them despite whatever wireless fees they pay to Sprint. 

So what’s the lesson for other sellers-of-media? If you have a lot of content, find your most important customers and give them the shortest possible path to that content. Put it in their hands instantly, anywhere, and give them a capable way to play or read it.

May
5th
Tue
permalink

Two finger scrolling on mini9

When you got your first mouse wheel, it changed your life a little, right?

Two finger scolling in OS X is like that. No clicking, no arrow keys, just a simple repetitive motion anywhere on the trackpad, and you have complete control. It’s difficult to do accidentally, and easy to do otherwise. It feels right to me.

If you have a Dell mini9 with OS X, and you were afraid to install the trackpad driver or couldn’t get it to work, you want to try again. These instructions work, the downloads on the first page are all the latest versions. You need to run the DellEFI Installer before you do anything else, and install the (not recommended, but live a little) touchpad driver. Then follow meklort’s instructions, run the Updater.app, and restart.

Enjoy your slick gesture-enabled trackpad!

May
4th
Mon
permalink
Use two Command keys in OS X when using a PC keyboard. When using OS X with a Dell PC keyboard, the Command modifier maps to the Windows key and Option maps to Alt. But as compared to a Macintosh keyboard, these keys are swapped. Mac users expect the Command key to be next to the spacebar. Because it is the universal modifier key, it needs to be right under your thumb. If you just swap the keys, and use Alt for Command, you may find that you keep hitting the Windows key anyway &#8212; especially on a small keyboard &#8212; because the Windows glyph looks a lot like the Command glyph. On a mini9, even with the keys switched, I hit the wrong one often enough for it to be a problem. It&#8217;s actually astounding how big a difference this makes for me, but since there&#8217;s no option key your mileage may vary. Option is used as a secondary modifier (typically to shortcut more advanced or expert commands) and it initiates old-school (Mac OS 9) special character sequences. I find the Edit &gt; Special Character menu to be more convenient, but that&#8217;s mostly because I never learned the Option codes.

Use two Command keys in OS X when using a PC keyboard.

When using OS X with a Dell PC keyboard, the Command modifier maps to the Windows key and Option maps to Alt. But as compared to a Macintosh keyboard, these keys are swapped. Mac users expect the Command key to be next to the spacebar. Because it is the universal modifier key, it needs to be right under your thumb.

If you just swap the keys, and use Alt for Command, you may find that you keep hitting the Windows key anyway — especially on a small keyboard — because the Windows glyph looks a lot like the Command glyph. On a mini9, even with the keys switched, I hit the wrong one often enough for it to be a problem.

It’s actually astounding how big a difference this makes for me, but since there’s no option key your mileage may vary. Option is used as a secondary modifier (typically to shortcut more advanced or expert commands) and it initiates old-school (Mac OS 9) special character sequences. I find the Edit > Special Character menu to be more convenient, but that’s mostly because I never learned the Option codes.

May
2nd
Sat
permalink

Quick Counseling via SMS

Teenagers Get Sex Education Via Cellphone - NYTimes.com

Great article about a welcome innovation. I’m surprised that it has taken this long, given that texting has been ubiquitous (among teens) for almost a decade.

A few things to note about the North Carolina model:

  1. It’s not automated. If/when it needs to scale it will be *much* more intelligent than a system that is automated from the start. They are building a huge database of real questions and real answers.
  2. It’s not push. They’re not broadcasting messages, intrusively, to people’s phones. The client initiates the conversation. Hallelujah!
  3. It’s shockingly low-tech. The responders should have actual composition and reference tools, as well as fingertips access to the database of all previous q&a. They seem to be using a phone to send and receive the texts, which must get old after a while.

Google’s work with SMS/text services (GOOG) and the experience of being able to Twitter from places without internet access has shown me that texting can be far more useful and powerful than most folks realize. It’s great to see organizations using this power for good.