Archive for March, 2009

Spammers

Thursday, March 26th, 2009

In the beginning of the internet (now I sound like an old guy), its users behaved in ways prescribed by netiquette; a term that Wikipedia defines as a set of social conventions that facilitate interaction over networks. You would for instance be flamed for sending unsolicited mail to a bunch people, and if you did it again, your sysadmin would hear about it and block your account for a while…

Since internet became common and commercial, netiquette faded into oblivion and gave way to the dark side ;-) . Ah well, common sense get’s you a long way and the internet became a lot more fun too, so you don’t hear me complaining (or at least not that much though).

One thing that annoys me though is the continuing spam in my mailbox; an unthinkable thing if the guys sending this stuff had ever glanced over the netiquette guidelines. Today we have to block and filter instead of relying on the naive behavioral constraints posed by netiquette. It’s a rat race where spammers come up with new ways of slipping through spam filters every day. Spam filters ‘read’ the text? The spammers put theirs ads in pdf attachments! These mails get blocked too? Let’s hide our message in images… And so the story continues.

One method I hadn’t seen before is HTML table-based characters, where a table cell represents a pixel in the message. I have to give them credit; it’s an original avoidance strategy. The spamfilter just sees HTML codes like:

<table border="1" cellpadding="2" cellspacing="2" width="100%">
  <tbody>
    <tr>
      <td bgcolor="navy" valign="top"><br>
      </td>
      <td valign="top"><br>
      </td>
      <td valign="top"><br>
      </td>

But the browser renders:

Anyway, if you ever feel like finding out how ‘the elders of the internet’ intended us all to behave, read the officially defined Netiquette Guidelines. Be warned though; the latest update was in 1995, which is light years in internet time :D

Posted in Computer | No Comments »

XML

Saturday, March 21st, 2009
I once heard someone claim that XML has the efficiency of a plain text file combined with the readability of a binary. Every time I have to type XML by hand, I tend to agree! XSLT for instance seems nice… until you actually have to program and maintain logic/functionality encoded in it for a while: it is verbose, it forces you to express constructs in hierarchical XML structures and it becomes a bit frustrating….

XML is great for tools and communication between programs, but it’s verboseness and forced hierarchical structure makes most XML documents not as readable as promised. The problem I observe is caused by the accidental complexity (the difference between intention and result) inherent to the language. You have to close each tag (type it twice), parameters are passed by attributes or subnodes (a lot of text) and there’s only hierarchical structures instead of more shortly expressed ways. There’s a lot ‘ceremony’ to express simple intent.

Therefore, I’d advice people to use XML for it’s strong points, but not overestimate it’s power for purposes it’s just not intended for. For many purposes I’d rather create an (e.g. oaw-based) Domain Specific language that let’s me express more things more easily and gives me context support in my favorite editor while doing so.

Posted in Computer | No Comments »

Hack-a-lock

Friday, March 20th, 2009

Many software systems used to be shipped with simple default security settings, like no security at all. This open by default strategy is very usable; you can use every feature without hassle. However, if you want other people to stay out of your business and therefore need some protection, you’re supposed to change these default settings into something that fits your environment (like being connected to the internet or having curious neighbours/coworkers/friends with access to your system). As most people don’t read the manuals of the systems they install (I don’t), this strategy leaves us with a lot of open and insecure systems.

Nowadays, the closed by default strategy seems to be favoured by vendors. Only if you specifically allow features (like services) to be accessible, you can access them. This tends to make the world a little bit more safe.

Having default passwords for a system is slightly related. Without any effort or provisioning, you can have a default admin password in case you’ve locked yourself out. It aleviates the lifes of many help desk workers. You can just read the documentation or google a bit to regain access. You don’t remember the password for your MySQL installation? Just google it! On the other hand, if you’re forced to always define your own password at installation time, or the system generates a random one and informs you about it, it is more secure, but you can lock yourself out if you forget about this password.

Like always, there’s a balance between accessibility and usability.

The reason I write about this is that the vendor of the key-pad locker locks in my gym delivers locks with pre-defined master keys. Nice, because without any effort, the trainers are able to open locks for people that forgot about their user-defined code. However, it just takes one google query to find the manual that tells us that: the factory code is 1,2,3,4,5,6!

Naturally, my gym hasn’t read this manual or isn’t aware the manual is this easy to find. It’s very accessible for the support staff in case a user has lost it’s security code again, but sadly doesn’t provide me with a lot of security for my clothes and stuff either… :(

Posted in General, Work | No Comments »

Groningen with Streetview

Thursday, March 19th, 2009

Groningen is now available on Streetview :D


View Larger Map

Posted in General | No Comments »

Will IBM buy Sun?

Thursday, March 19th, 2009
Today’s rumors say that IBM will buy Sun. For a long time, I haven’t understood how Sun makes money (my main interest in Sun is Java), so a merge with a profitable company might guarantee a safe future for the Java platform…. for as long as it doesn’t become obsolete by all the new stuff :D

It’s back to Microsoft versus Big blue again ;)

Posted in General | No Comments »