The OpenID spec is an interesting thing.
Since you're already logged into say, LiveJournal, you trust and are active on the site. That means that your Livejournal authentication expires rarely. On the other hand, you post here rarely. Authentication would be a big pain in the ass to remember a separate password just to post to this blog three times a year in comments.
Enter OpenID. This will let you use your exisiting (Livejournal) authentication to also authenticate yourself here, or any OpenID enabled* site. It will transfer you to Livejournal for a moment, ask you if you want this site to know who you are on Livejournal and then tell that to this site. But none of your authentication needs to even be transmitted to this site.
Damned convienent, you might say. I agree. Some buddies may have noticed infornography.gotdns.com popping up in their LJ user list. That's me, using it in the reverse. I already have a blog, so why be anonymous or create a livejournal account just for commenting? You could even trust that user if you do a friends only page, as it's still an authenticated user.
What's possible for OpenID's future? Imagine your friends list populated not just with Livejournal friends, but my blog posts just the same. Never having to create accounts on Slashdot, kuro5hin or other forums. Tying together FOAF (Friend of a friend) data, not only with blogs, but with people you regularly communicate (via blog comments, forums, etc).
So, with that in mind, I announce that I've done a bit more work on a WordPress plugin for OpenID. Try it out. Use it, break it, talk to me about it. There's no server (yet), but OpenID servers are easy to come by;
are two existing examples. (And linking them to your current blog is easy, if you're not a Livejournal member)It's Monday the 23rd, so do your Canadian duty and vote! Especially for everyone, but especially for you 18 - 25 year olds.
Last election was Canada's worst voter turnout ever, at 60.5%. And only 22% of first time voters took the task of going to the polls.
So as I head to my own polling booth, whichever candidate you support, make sure your support is heard.
It's been a slight (okay, long) while since I last did a linked list, and I ended up junking half of it, just because of how stale some of the links are. I've been snowboarding, fixing my tooth, writing midterms, papers and even got out to see Body Worlds, Gunther von Hagens' exhibit detailing our internal anatomy. If you're in Toronto in the next few weeks, I strongly suggest checking it out.
So, now I'll just post them, and again continue to refine my methods.
- subverting your homedir, the benifits and perils of keeping all of your belongings in SVN
- a bit about microformats
- and a bit more, with hcard
- a forecast for 2006 web trends
- apparently GStreamer wants to support DRM
- Esoteric programming language 1: HQ9++
- Esoteric programming language 2: Chef
- A way around image slicing, CSS Sprites
- vischeck, a handy tool for checking how your webpage will look to colour blind people
- Kuro5hin on content creation and text processing
- Geo IP Route, a graphical representation of traceroute
- Damn Small Linux, a graphical 50 meg Linux distro
- royal city music, for local bands and concerts
- The Ultimate Showdown of Ultimate Destiny
Random Wikipedia Link:
- PostBar, the method Canada Post uses to encode the information for it's automated delivery system
Edit: fixed vischeck link. [Thanks Cait]
I've always made an effort of keeping the things I deem important around, especially if it's something I've made. Sketches from economics class, code I've written, school projects, every piece of email sent or recieved by me (that wasn't an automated reply for forgetting my password, mailing list or SPAM) since 2001 are prime examples. It's good to have around, old projects I can refer to not just to see progression, but to refactor in new toolkits and such.
I guess I'm just living life as some subspecies of electronic packrat. The evolution of hard drives helps. Backing up data like this has historically been a pain. I don't want to waste space (especially when you have to span it across media) on some piece of data that is more or less derivative of other data, or already backed up somewhere else. My programs never get backed up. They're already on the Ubuntu .deb archives. Anyway, a little while ago, when running Gentoo, I liked the way they showed changes in /etc configuration files to me. Doing a diff between the updated version and mine. The wheels started turning. Why not log my configuration files in CVS? I mean, CVS is a great way for making incremental changes to text files.
Later on, trying to back up my email, I came across the same idea. It wasn't until I had ditched CVS and switched to SVN for my code that I found Keeping your life in Subversion, some time before November. So now, with the prodding of Sarah wanting to do something similar, I've decided to put my life in SVN.
So what's the deciding factor of what goes in or not? This is my only remaning problem. What policy should I come up with? Email, code and personal text is obvious. Important dotfiles are there now too, such as my .vimrc and .bash_profile. But at the same time, it would be a waste of space to throw my ~/tmp or some silly dotfile like ~/.Adobe/Acrobat that I don't care about.
So once that's settled, I have a reasonable way of porting my homedir across as many machines as I need. And the nifty part about this will be the ability to travel back in time, and I can physically log into my system as it was X units of time ago.
So, over the weekend, my bank account was compromised. Interestingly enough, in my circle of friends, I think most would agree I'm the most security concious.
What happened? Without any hint, both my card data and PIN were snooped. I'm still not sure how. This (probably) isn't related to the large CitiBank breach, but most likely just common card snooping. With the fact that I only use ATMs of my home bank, the most common possibility is a fradulent vendor, like a convenience store.
The attacker, created a copy of my card to make a fake deposit (depositing money with an empty envelope) and immediately withdrew the maximum allowed amount of money. The bank, a day later, on the realization of a fradulent deposit, froze my account.
How could such information be snooped? Compromising the magnetic card reader. By making the reader store stripe data one could use that for future card printing. Then, watching or videotaping my PIN input woluld give them the access they need. In terms of security, it's really just promiscuous card activity. Every store I spend money at should be considered a potential security threat. Every time I reach for my bank card, I have to wonder, is this store trustworthy? Is the minimum-wage clerk behind the counter trustworty?
I don't think this is really something I want to constantly think about when spending money. Therefore, to me, this is a simple choice. Immediate withdrawls of money from home-bank ATMs removes the possibility from electronic fraud, and adds to the potential losses from being mugged. I think the increased account security and increase in anonymity is worth it, considering the probability of a mugging is largely a gamble of the contents of your wallet, having a few extra stealable dollars in there won't make me a large target. Being promiscuous with my bank card, however, does.
In wallet-related news, I noticed last thursday, that the Bomber on campus now swipes the drivers license cards of everyone at the door. Not the waterloo student cards, just drivers licenses. Do they realy have a reason for collecting people's licenses? So I think it's time for a BYID, to avoid having such personal information be stored whenever I go to a bar. Getting and using a secondary license could also work, but would voiding the magnetic stripe have unintended legal concequences? Much like the previous story with my bank card, this means that this makes me that much more succeptible to identity theft.
infornography
Function: noun
obsession with, or excessive working with the gathering, storing, creation and manipulation of information
I now am a CIRA member, and have a domain name. The school term is done, and the summer begining. Thanks to Jay for the gift.
So up next for this humble site, is getting a signed ssl certificate (hopefully through a reputable, free certificate authority) to better secure the non-blog areas of the site. After that, I don't know what I want to do with it. Are there web based services that your lives are missing? All I have implemented for friends is a calendaring system, and this blog. I've been toying around with a Digg/Kuro5hin clone, but that idea would only work if it was used by people who weren't me. (> 5 people at least)
A while ago, I bought a USB flash drive. When deciding what to put on it, I went through my information and decided what was important. But then putting it on my keychain I came across a more interesting problem. Partially inspired by my better half who refuses to remove things like a three-years expired outdoorsman card from her wallet that no longer closes, I take a look at what I carry with me.
What are the pieces of data and objects that are useful to have on you, in general?
Sure, you carry a purse/wallet. What's in it? You might carry a keychain. What's on it? What are the other miscellaneous items that you carry with you? Which of these are optional under normal circumsances? In general, I carry my keychain, wallet, notebook and jacket, I thought that was fairly straightforward until I started to scruitinize the contents of it all.
Wallet
Obvious stuff. Cards: bank, waterloo student, health, drivers license, and a movie store membership. I try to have an emergency twenty in it as well, but being a student, it doesn't tend to stick around. I do plan on modifying this slightly: create a second wallet for barhopping. Take out everything but the health card and use a backup license with a corrupted magnetic stripe, to stop bars from gathering data from my entrance.
Keychain
Obviously I have keys (home and car). I also carry my swiss army knife, a de-pinned CPU (for quick identification and "geek cred") and my USB drive.
Coat/Person
Carry my phone around, where appropriate, as well as a linux livecd (for both pranks and a quick working environment for remote work), my notebook, a pencil, and chocolate covered coffee beans. I like the idea of emergency chocolate, useful when you're a few hours away from food, or a few hours away from sleep, like a long drive home while tired or late night assignments.
Information
The most important category to me, for obvious reasons. It'd be nice to be able to have some sort of PDA-like device to integreate the notebook and USB drive, but the notebook/usb drive system works under my current restraints. The USB drive holds various authentication tokens, and miscellaneous files being transported. It's also nice to have a working environment (Firefox, bookmarks, Putty (the SSH Client) and such, but this has become redundant since the aquisition of the laptop). The notebook is good for little and quick lists, assignment due dates, an address book, and writing down thoughts I deemed important at the time.
Backpack
Mostly optional things go here. The backpack has some mainstay items, laptop (and resulting wires), dice, and vi pocket reference -- but these are mostly things required for me to function at school. Overall, it's fairly average as far as backpacks go.
With this, I survive in my environment. My goal is to maximize coverage of probable circumstances while being fairly minimal in what I carry. I've added less than a kilogram or so to my person (backpack excluded). Nearly everything I carry has high utility to me while outside of my home. I'd like to add a LED flashlight. I just came across a battery-free flashlight that I could build that charges by shaking a magnet. What other essentials are there?
Just more of a whats-going-on post in my world. It really has nothing of service.
So, recently, I've finished my term, got a job and moved in Waterloo. This will mark the first time I haven't gone back home after the terms, and I'm excited. I thank my parents for all of the continued support that they give me, but I also really appreciate trying things on my own.
Over the summer I'll be working at RIM putting hardware together. I expect it to be mildly more stimulating than cleaning beef grinders. At least hardware testing is vaugely almost related to things I want to do.
The server has officially moved to infornography.ca, though I'm looking at finding a more permanent solution to these hosting issues. Uptime may be spotty.
And my room rocks. It's literally a cave. I'm tucked away in the corner of an attic of a four-square home. There's about 3 feet of clearance for my bed. It's fun to live in for now, not permanently, and at least the cave remains fairly dark. I should paint wildebeests, penguins and daemons or something like that on the walls with fingerpaints.
Phil Zimmerman once asked 'Why don't you send your paper mail on postcards?' Would you send a love letter or will on a postcard, in an unsealed envelope? It may seem rediculous, sure, but this is exactly what people are doing every day. In fact, with email, this is exactly what we're doing with our everyday communications.
Most people are sending around email on the web that is horribly insecure. You may, incorrectly assume that since you have to log in with a password to read your email, and I have to log in to read the email you sent me, that this is a secure channel. Would you care if someone started reading your email, without your knowledge or consent? This writeup, then, is for you. It is mostly an introduction to cryptographic concepts for non-mathematics enthusiasts.
What's wrong with sending an email from my system to yours if we both log in? The most obvious, people could sniff your password. Shoulder surfing, dictionary attacks or collecting all network traffic are common ways of figuring out someone's mail password. Even if your account was secure, however, that doesn't imply that your message was secure. When you send an email to me, it will traverse through anywhere between 5-30 routers/computers. Any one of these points along the way can read, and store if they wanted, the email in transit. If your traffic goes through a foreign router that logs data and invades your privacy, how would you properly protect your rights in that country, not being a citizen of it?
First, a bit of background. Public/Private keys are asymmetric, whatever is done with one can only be undone with the other. Therefore when you send information to me, you encrypt it with my public key. Only my private key can decrypt it. When I send you something, I do so with your public key. Also, I can sign something with my own private key. Since I am the only one that knows my private key, only I could have signed it, if you check and decrypt it with the public key (which anyone can do). The concept is simple.
So, if I have convinced you, what should you do? A good introduction to installing and setting up GPG on a windows machine is done rather well by Brendan Kidwell, with A Practical Introduction to GNU Privacy Guard. If you use Gmail, or your service provider's email, you can use Thunderbird, with the Enigmail extension. Setting up Thunderbird is the same as any other mail application, and here's help configuring enigmail.
