TED Talk: The Internet’s Immune System

I really enjoyed this TED Talk on hacktivists the first couple times I watched it a year ago and a few months ago. Not sure why I have not yet posted it.

The beauty of hackers, says cybersecurity expert Keren Elazari, is that they force us to evolve and improve. Yes, some hackers are bad guys, but many are working to fight government corruption and advocate for our rights. By exposing vulnerabilities, they push the Internet to become stronger and healthier, wielding their power to create a better world.

Algorithmic Random

Mac Keyboard
Mac Keyboard

If you are out on the Internet or around academics long enough, then you will run across the rant about random designed by humans not being really random. It might be the iTunes shuffle. It might be random sampling of an experiment. It might be a complaint of you using the word for how you spend your time online.

OK. I took that last one a bit too personal.

If a human is performing the random, then there probably is a pattern. But then in nature, things we call random typically have a pattern too. DNA mutations involve changed molecules at a position and chance that it has no bearing, disables the bearer, or gives the bearer an advantage. The lack of true randomness is a sign of intelligent design to some. And a sign that it is natural to others. Quantum mechanics. Encryption. Stock trading. Prediction. Truly random is unnatural. Well… It just means we have not yet figured out the pattern. Give us time.

Since random is the wrong word, how about algorithmic random or a-random for short. It just means a pattern-based approximation of random that is good enough for the purpose of acting random.

For Want of a Scrollbar

The start of an adventure usually starts when I tweet an annoyance:

Who has two thumbs and regularly disables Sharepoint’s overflow: hidden CSS to re-enable the scrollbar? Me…

A coworker asked a good question, which is, “Any easy/lazy way to make it automatic-like?”

My response was a Greasemonkey script should do the trick. Okay, so, how to make it happen?

Pretty sure like me, my coworker uses Chrome. This is good, because in 2009 Chrome acquired native Greasemonkey script support. They are treated as Extensions. I like this because there is one place to look for the scripts rather than a separate queue like I am familiar in Firefox’s Greasemonkey plug-in.

So I found some pages on writing Greasemonkey scripts. What I wanted to do looked easy enough. Which, of course, meant I spent a few hours stumbling around the Internet confused why it did not work. In the end, I wrote this <filename>.users.js did the trick:

// ==UserScript==
// @name Sharepoint Scrollbar Fix
// @namespace http://sharepoint.oursite.com/
// @description Removes the overflow:hidden which is buggy in WebKit browsers
// @include https://sharepoint.oursite.com/*
// ==/UserScript==
document.body.style.overflow = “scroll”;

From my research WebKit browsers have an issue with overflow:hidden going back years. Chrome and Safari are WebKit browsers. (Guess I could have saved myself time just using Mozilla.) Using either overflow:scroll, overflow:auto, or even removing overflow brings out a second usable scrollbar.

Probably GM_addStyle is a better approach, but this one worked first.

Protocols matter. Most of the time I spent confused was solved by having http in the @include address when the Sharepoint site uses https.

Testing it was interesting as Google does not allow just downloading from anywhere on the Internet. So uploading it to my web site was not a good way to get it into the browser. Just open up Extensions and drag and drop the file in there. It prompts to make sure you are. In the end, it is much more efficient that way.

Conclusion: Pretty easy to create and test. Very lazy fix. The information online about making one is not great.

Any coworkers who want to use it, I added it to the Content area on my site.

Just Get Rid of Java

Apparently there are security flaws in the current version of Java allowing the installation of malicious software through web browsers unknown to the user. The known attacks using this flaw work on Windows, OSX, and Linux. According to Reuters:

Java was responsible for 50 percent of all cyber attacks last year in which hackers broke into computers by exploiting software bugs, according to Kaspersky. That was followed by Adobe Reader, which was involved in 28 percent of all incidents. Microsoft Windows and Internet Explorer were involved in about 3 percent of incidents, according to the survey.

The Department of Homeland Security recently said computer users should disable Java. At first this seems odd. The vulnerability in question is only in Java 7. So why not go back to Java 6? Well, Java 6 has vulnerabilities too, which is why DHS and others have recommended getting to 7. Also, starting in 7, the automatic upgrades are more aggressive. So going backwards is probably not a great idea. (If just happens I had to go backwards to get a tool I needed to work and forgot to go back forward.)

Also, for a similar situation back in August the recommendation was to make the browser prompt before allowing Java to run. The strategy is just stop Java entirely. Apple has removed Java browser plugins. That could work too. Except for bad, bad software like ours (sorry, sarcasm if you could not tell) which makes use of a few applets. In the last week I have gotten a request to add another applet.

A fix to Java 7’s vulnerabilties should be available in a couple days.

TED Talk: The currency of the new economy is trust

How would you describe my reputation in three words? My judgment, knowledge, and behaviors in various situations?

Back in the 1990s, the beauty of the Internet was we could disappear and be whomever we wanted. Wherever we went, almost no one knew who we were. Then web sites started providing accounts to sites and tracking who we were. Then web sites started sharing who we were. Now our reputation is going to follow us around on the Internet?

I guess it already does. I got my current job by doing something similar to the StackOverflow example used in the video. Helping others solve problems with the product developed into people trusting me. Measuring trust though. No existing rating system really works as well as I think it should.

I really dislike the ratings on most web sites because I do not really trust them. Authors don pseudonyms. Publishers make fake accounts. So I prefer something like Goodreads where people I actually know are the raters and whether or not to trust the rater is an easier task. Books that changed other people’s life? Meh. Restaurant I love? Other people find meh.

Guess I should go figure out how to trust the raters so eventually people can trust me trusting them.

If the video below does not work, then try The currency of the new economy is trust.

Why I Love The Internet

Everything is out there. From the most profound to the most mundane, whatever I need to know when I need to know it.

Last week I set my DVR to record a series. I knew it was in re-runs and British. The DVR sucks in the sense it gives an original air date but not an episode number. The first episode I got was not called “Pilot”. At this point I had no idea whether I have the first, the sixth, or the eleventh.

So I toss the show title with episode list into a Google search. It pulls up several sites with episode titles and their dates. I could have just gone to imdb.com. Turns out I had the third. (Plus there are places offering to let me watch the series online.)

Probably I search too much instead of going to specific sites I know first.

There is something rewarding between hitting the button and seeing results. It feels so good.

Smaller Java Cache

One of our campus Blackboard Learning System Vista Enterprise administrators reported to have reduced the number of Java cache related issues (failed sessions) by changing the Disk Space Allotment from the 1,000 MB default down to 100 MB. This is found in the Java Control Panel > General tab > Temporary Internet Files: Settings. I am curious if anyone else has found this to be the case?

The purpose of web browsers having a cache was to speed up use of a web site by not having to download content again. RAM is faster than disk is faster than Internet. (This especially was true in the mid 1990s.) Take a look at this web site. There is the image at the top plus various CSS, and JS files. It looks like there are a good 224 KB in CSS, JS, and their supporting images. Rather than download significant amount of content again, with the appropriate settings a browser will check whether the size changed (assume no changes) or it expired (really that it is stale). If neither are true, then it uses what it already has. This will make my web site load faster for the user. So caching is a very good thing.

Java Plug-in, the client downloading and rendering applets in a web browser, works similarly. It can keep a copy of the applet in a cache. Starting with Java 1.3 there are even parameters placed in the HTML for applet caching. It looks to me like the HTML Creator, really edit-on(R) Pro by RealObjects, JavaScript for instantiating the applet has settings which enable Java to keep it in its cache.

The default cache size of 1,000 MB sounded excessive at first. Do people really reach the point where the whole cached is used? Looking at mine, I have 4 items in Applications from running them on my desktop plus around 2,200 items in Resources. All this takes up only 155 MB. Most of them are tiny files. The largest ones in Resources are from the various Vista  clusters I administrate. Therefore setting this to 100 MB as recommended probably means these getting downloaded more often and waiting on 1MB+ files to download. Glad we have a fast Internet connection at work. Sucks to be the students on DSL who follow this advice and use lots of Java-based applets.

If the Java Plug-in cache was buggy, then I could foresee problems with display of applets. It should download the applet but does not, it should not download the applet but does, the wrong applet is used, a corrupted applet is used. Instead, this seems to be claiming to solve an issue were the web browser lost the session cookie. It seems very unlikely to me that a Java Plug-in could cause a web browser to lose a session cookie much less changing the cache size fix it.

Pneumatic tubes

According to Dan Pink, John Elfreth Watkins, Jr. predicted several things:

Among his calls: Americans will be taller. (True) There will be no C, X, or Q in the alphabet. (False) Photographs will be telegraphed from large distances. (True) Rats and mice will be gone. (False). Pneumatic tubes, instead of store wagons, will deliver packages and bundles. (False, but Amazon is working on it.)

The pneumatic tube one was interesting. Packages and bundles would have included memos, correspondence, and perhaps even books or games. The Internet was so “eloquently” described by Senator Ted Stevens, “The Internet is not something you just dump something on. It is not a truck. It is a series of tubes.” Most memos, and correspondence these days is carried over the Internet. Books are getting there. So maybe this should be a partial?

Am I too generous?