We all agree that security is necessary for our data, but we all fall down when it comes to implementation. An example that I keep returning to is the need for encryption. I posted a few days ago about how Yahoo! doesn't encrypt their email, allowing a sophisticated hacker to intercept any message to or from your account.

Today, I encountered my password in plain text in a configuration file that is easily accessible to anybody that gains physical access to my computer. The guilty program is the Pidgin IM client (bug filed here), which stores login and password information in an XML file in your home directory. I've seen files of this sort a number of times, and for some reason programmers keep using this technique.

Most people believe that if they have confidential information in their computers, and if they use a password on their computer, they'll be OK. Nobody will be able to get past the password. While that isn't entirely true (most passwords are easily broken), the thing to remember is that once a hard drive is removed from a computer, any of the data on it can be accessed — without the password. So, so long as programmers keep using this technique, sensitive data will still be out there.

The easiest solution to this problem is to encrypt your entire hard disk at all times. That way, even if your hard disk is removed from your computer, all the data is jumbled anyway. Ubuntu released this feature back in April, and Microsoft released this feature with the release of Vista. Unfortunately though, to receive encryption on your Vista installation, you have to buy Vista Ultimate, which costs $120 more than the Home version (at a cool $320!).

As we trust more and more data on our computers, is this irresponsible product engineering? Absolutely. It costs Microsoft no more money to put encryption on all versions. Unfortunately though, they make more money by charging for it.

I just read an interesting paper written by some Microsoft engineers on the subject of the futures of darknets and illicit file sharing on the Internet.

Pretty interesting stuff:

...the darknet will be a competitor to legal commerce. From the point of view of economic theory, this has profound implications for business strategy: for example, increased security (e.g. stronger DRM systems) may act as a disincentive to legal commerce. Consider an MP3 file sold on a web site: this costs money, but the purchased object is as useful as a version acquired from the darknet. However, a securely DRM-wrapped song is strictly less attractive: although the industry is striving for flexible licensing rules, customers will be restricted in their actions if the system is to provide meaningful security.

It seems so obvious, yet...this paper was written several years ago.

This picture made me laugh. I'm coming to the end of my days with my work before school starts, and I was thinking about buying and actually installing MS Office, since Open Office works, but not always that well.

I think after seeing this picture I will wait for another time to buy office.

Thanks Microsoft. A picture does tell a thousand words.

I have begun training a replacement at work, and I need to teach him all of the excel formulas that we use in our department documents. I started making a list of all the formulas, but my mind quickly went blank, and I decided I needed a way to automate it.

Here's the technique I figured out. Open each of the files that you believe has useful formulas in it, and go to File > Save as... Save each document into an empty directory as xml spreadsheets (.xml). If you open one of these documents in a text editor, you are likely to see a line something like the following:

<Cell ss:Formula="=SUM(C:C[1])"><Data ss:Type="Number">0</Data></Cell>

The key is that each row in your new xml documents that contains a formula will have the formula keyword, so to isolate these, run the following on a Unix computer in the directory where you saved all the xml documents.

grep 'Formula=' *.xml | sort | uniq > uniqLinesWithFormulas.txt

That will create a file called uniqLinesWithFormulas.txt that will contain each line from all of your .xml files that contains a formula. From there, you can skim them visually for useful formulas, or put the file into Excel again and play with it there. This was as far as I needed to go in my analysis. Once I had this done, it was pretty easy to see the 30 or so formulas I regularly use.

A while back my wrist started hurting from reaching for the cursed backspace key. I was making too many mistakes. My solution was to remap the caps lock key on all the computers I use to act as an additional backspace key. How did I do it? Well, I'm glad you asked. I'll tell you.

In Windows
EDIT: I noticed that the picture doesn't have all the detail you need. The easier way to do this, is to download the registry key attached to this post, and to right click it, selecting merge. After that, restart the computer, and you should be all set.

To remap the caps lock to function as a backspace key in Windows, one must edit the registry keys. To do that, go to Start > Run..., and type in regedit. In the editor that opens up, navigate to the key shown in the picture below, and create a new key named Scancode Map of the type REG_BINARY. Give it the value shown in the picture, restart, and you're set. If things get wacky, delete the key and try again.

In Linux
I have tested the following in Ubuntu 7.04, 7.10 and 8.04. Start by opening a terminal, and running the xev program. Once that is running, press the caps lock key, and it will tell you the numerical value of that key. For example, my output from that command looks like this:

mlissner@opal2% xev
KeyPress event, serial 28, synthetic NO, window 0x4800001,
    root 0x59, subw 0x0, time 2775892, (373,636), root:(376,685),
    state 0x0, keycode 66 (keysym 0xff08, Caps_Lock), same_screen YES,
    XKeysymToKeycode returns keycode: 22
    XLookupString gives 1 bytes: (08) "
    XmbLookupString gives 1 bytes: (08) "
    XFilterEvent returns: False

In there, you will see the keycode for the capslock key, in my case, number 66. Using that, create a file in your home directory called .Xmodmap, and put the following in it:

!
! Make the caps lock button a backspace button
!
remove Lock = Caps_Lock
keycode 66 = BackSpace

Once that is done, the next time you log in, your caps lock will function as a backspace. The only remaining problem is that it still does not have the auto-repeat function that backspace should have. To fix that, run:

xset r 66

That will make things work properly, but you need to run that every time you log in, or else it won't work properly. To fix that run:

sudo gedit /etc/X11/Xsession.d/50x11-common_determine-startup

And add xset r 66 to the bottom.

That should do it.

Source: http://ubuntuforums.org/showthread.php?t=369402

I recently had the occasion to need to get around the form protection in an MS Word file. Turns out it’s a pretty easy exploit, but the directions I found elsewhere on the internet didn’t quite do the job.

Here’s the trick:

1. Open the protected document, and save it as an .html file.
2. Close the .doc file, and open the .html file in a text editor such as notepad or GVIM
3. In the .html file, find a tag that says something like: "<w:UnprotectPassword>ABCDEF01</w:UnprotectPassword>"
4. Replace each of the characters in the tag with zeroes so it reads: "<w:UnprotectPassword>00000000</w:UnprotectPassword>"
5. Open the .html file in Word, and save it as a .doc. Go to Tools > Unprotect Document

That should do it. I’d love to hear any evidence to the contrary.

I have been playing with virtualization these past few days, and I installed Windows XP, Windows 98 and Fedora 6. It's been an interesting experience, but I am shocked at the size of XP. After installing it, updating it, installing Firefox and AVG antivirus, it is 5.13GB in size! Incredible.

Compare that to Fedora 6, which weighs in at 2.57GB (with server and programming software), or - hilariously - with Windows 98 at 230MB (roughly a 20th of XP).

I knew XP was big, but that's quite something. Something else that was quite interesting is that it took nearly as long to install 98 despite its puny size. I'm baffled as to how it took so long, but I'm guessing it had something to do with multiple processors, which I'm sure it doesn't support.