Zaf’s Blog

Recent events have once again highlighted further Cross-site vulnerabilities. These problems are a fundamental problem with how the web exists. Although there are many solutions to protect against them, the only way to remove them altogether would be to alter the very essence of the web itself.

The recent big one to hit the news is Cross-Site Request Forgeries. The general summary is, if the user has logged into a web page (it doesn’t need to be open, just that they have preexisting cookies allowing them to visit the page without logging in), another malicious site can execute things on this page under the users authentication.

Below, I outline the problem in more detail, and outline a solution that does not require PHP session variables (more…)

Members of Parliament are on the clock when they in the House. So if they want to flip the birdie, sleep, or otherwise act improper, they should do it, like the rest of us, in their own homes. The ban on taking photos or television footage showing MPs acting stupid is not only stupid, its just plain wrong.

If my MP decides to sleep during his working day, then not only do I want photos taken of him, I want them blown up to poster size and plastered all over his area and over parliament. I’m not allowed to sleep on the job, nor should he.

I want continuous live coverage of the entire House, streamed over the Internet, available to all New Zealander’s to see what their elected officials are doing when they are suppose to be working.

In my last blog, I outlined why Captchas are pretty much the only way to tell if the comment (or anything else) submitted was done by a machine or by a real person. They are a neat solution, and they work well (for now). There are a couple ways around them, but I’ll explain those in another blog.

Today I’m going to explain why Captchas are bad, and why companies shouldn’t use them. (more…)

There was an article on slashdot recently discussing Captchas (for those who don’t know what these are, pop over to the Wikipedia article on Captchas and have a quick read). The most common post on the article seemed to be along the lines of stop making the people prove they’re human, and instead make the bots prove they are.

Various solutions were put forward, from the extremely ignorant, to the mostly ignorant. I feel compelled to explain a little of why these various solutions won’t work. To do that, first we will need to discuss how spam bots work, and then the reason why these suggested solutions won’t work. (more…)

Well, I just had an interesting experience. A very good friend of mine recently rang me up (being the “computer guy”) and said, my computer is saying that it can’t write to my disk. A long story short, the hard disk he had all his home business and personal data on was dying. Basic analysis said that this problem was beyond my means, and he had no current backup.

The sad thing is the disk itself was only 300MB big (it was a very old disk) and unfortunately he did not do any backups on a regular basis. I personally blame myself as I never thought to ask him about his backups whenever I did any work on his PC. Whenever a friend has a problem with their PC, I always take it personally. Even if I didn’t sell him/her the PC, or do any work on it, or could be anyway responsible for what happened.

So off the disk went to Computer Forensics in Auckland, NZ. I’ve heard good things about them, and they come recommended from some other people. The good news is I just heard back, almost all data recovered (some minor stuff that he actually had (old) backups of was lost). The bad news was the price was around $1700. This is a huge amount of money for a home business.

So now I hold in my hand a 2GB USB flash drive which will hold all of his data, 6 fold. The plan is to store the data on the USB drive and backup to the hard disk in his computer (or vice-versa, he hasn’t decided yet). The danger of using USB as a primary storage is every once and awhile USB flash drives can spontaneously decide to wipe all their data. This usually happens because the user removes the drive without safely stopping it, or the power shuts off.

Now of course, if he had the USB drive last week, he never would have been in this boat.

Time travel would be a very profitable business.

OK, personal gripe time.

I have an iPod nano (no, thats not the problem, it goes a little deeper than that) and I enjoy listening to podcasts and music, all on the same iPod. The problem is that when I want to listen to random music tracks, the iPod will often pick podcasts and play those as well as real music (I’ll admit that the frequency it does it is due to the fact that my iPod is 50% podcasts).

It seems the iPod thinks that everything is music, and that the Podcast and Audiobook sub-menus just display music tagged as such. This means when you say Play All, it plays everything. The real thorn is that iTunes recognises the difference, and its Library -> Music section only has music.

The only workaround I’ve managed to come up with is to create a Smart Playlist that has a filter of “Not flagged Podcast”, and use that for random selection. Its not ideal, but I wish Apple would work out that I don’t want Podcasts mixed with my music.

Someone please tell me if there is a better way (other than buying a separate iPod just for music).

(more…)