Uncle Sam Needs You!

We need your help prevent United States Senate Bill 968 (PIPA) and HR 3261 (SOPA) from becoming U.S. law. These bills are essentially a technical solution (a flawed one) for a business problem.  These laws would short-circuit due process of existing laws and provide a sledge hammer for businesses to take down their competitors.  These laws are the wrong solution for the described problem.  A group of Internet inventors and engineers have voiced their opinion in an open letter to Congress stating their opposition to the SOPA and PIPA bills.  Ironically some provisions in these bills would attack Free Speech in ways we condemn in China and Iran.

Uncle Sam needs youWe need you to help over come the well funded lobbying effort to create these laws!  Some opponents of PIPA and SOPA: Google, Yahoo, Wikipedia, craigslist, Facebook, Twitter, LinkedIn, eBay, AOL, Mozilla, Reddit, Tumblr, Etsy, Zynga, EFF, ACLU, Human Rights Watch, Darrell Issa (R-CA), Ron Wyden (D-OR), Nancy Pelosi (D-CA), Ron Paul (R-TX), Tim O’Reilly.

To find out how you representative is voting go to SOPA Opera to find out.  Then contact them and tell them how you feel about keeping the Internet a fair and open place to socialize and work.

Here are some of the people and companies that are working against your interests and for their own profit: RIAA, MPAA, News Corp, Time Warner, Walmart, Nike, Tiffany, Chanel, Rolex, Sony, Juicy Couture, Ralph Lauren, VISA, Mastercard, Comcast, ABC, Dow Chemical, Monster Cable, Teamsters, Rupert Murdoch, Lamar Smith (R-TX), John Conyers (D-MI), Michael F. Bennet (D-CO).

Simple Intrusion Detection

Sometimes I want to have a simple way to determine if a file has been changed or has been compromised without the configuration required of a full feature IDS such as AIDE or Tripwire.  This technique uses CFV, a free and open-source program written in Python and “has been verified to work on linux, freebsd, openbsd, netbsd, solaris, macosx, and windows.”  This program can generate a variety of checksum formats including the SHA1 used in this example.

To create the signature file for a directory’s and sub-directories’ files use the following commands in a Linux or Mac OS X command window:

cd /usr/local/bin
cfv -C -rr -f bin.sha1 -t sha1
gpg -sab bin.sha1

To verify the file signatures use the following commands:

cd /usr/local/bin
gpg --verify bin.sha1.asc
cfv -M -f bin.sha1

The gpg command verifies the integrity of the signature file (bin.sha1).  The cfv command then verifies all the files originally tested when creating the signature file.

Amazon Simple Storage Service (S3)

I have been using Amazon Simple Storage Service (S3) for several years to provide off-site backup and synchronizing files on my numerous systems.  It is a cloud-based service that provides storage for a very reasonable cost ($0.14 per GB/Month as of 7/19/2011).  Access to files on S3 are through web service interfaces (REST, SOAP, and BitTorrent) that are not for general use.  So most access is through some end-user program or service.  Many services have been built that use S3 including Netflix, Tumblr, reddit, and SmugMug with the list growing rapidly.

To use this service, I use a variety of tools including command-line utility called s3cmd, on my Linux systems to synchronize directories and upload/download files.  Synchronizing a directory is as simple as:

s3cmd sync /home/dirk/data s3://bta-bucket/dirk/

This will create a “directory” data in the S3 “directory” bta-bucket/dirk; upload the files that have changed or do not exist on S3 and store file metadata date/time information to make all this possible.  The only problem I have run into is s3cmd’s get and put commands do not use this file metadata to set the file modification time.  This prevents using get and put where you have used the sync command, because the file modification time will not be saved (in S3 headers) or set (on local PC) with get and put.  So to restore one file to a directory AND set the file modification time set during the sync upload use the following command:

s3cmd sync s3://bta-bucket/dirk/data/somefile.ods /home/dirk/data/somefile.ods

The local file date should match the original file’s modification date/time.  Note: the date/time shown by the s3cmd ls command is the upload date/time, NOT the file modification date/time.  The file metadata is stored in the S3 metadata headers with the Key  = “x-amz-meta-s3cmd-attrs” with a Value similar to: “uid:1000/gname:dirk/uname:dirk/gid:1000/mode:33188/mtime:1302623148/atime:1311007748/ctime:1302627027” to hold the file information.

Other S3 utilities save file metadata in different and incompatible ways, so be careful in choosing your S3 backup software and remember that changing to another utility may cause problems with synchronization based on the file modification date/time.

For Windows users, there is a free client called DragonDisk that uses S3 for file storage.  I have not used it, so this is not a recommendation.

MySQL and UTF-8

I recently had a problem in a web application that I created where the UTF-8 characters were not interpreted correctly by browsers.  The biggest issue was this did not happen in all instances of presenting these UTF-8 strings.

After tracing the strings through several libraries, I found the culprit.  The following SQL statement was the source of the text.

SELECT ID, CONCAT(sDescription, ' (', ID, ')') FROM ProdFamily;

Where ID is a integer key for the table and sDescription is a varchar column.  The result of the CONCAT function is a “binary string” because of the integer column as one of the operands.  The end result is that this “binary string” was treated differently than a regular UTF-8 string and characters outside the normal ASCII ones were not display correctly.  To fix this issue the CAST function must be added to set the type of the ID column to string as follows.

SELECT ID, CONCAT(sDescription, ' (', CAST(ID AS CHAR), ')') FROM ProdFamily

See MySQL CONCAT or CAST function documentation for more information.

MySQL: Setting date field default to current date

In MySQL, creating a date/time stamp field that defaults to the current date/time has been a problem in the past.  MySQL restricted you to one timestamp field per table that is automatically updated with the current date/time.  Early versions of MySQL allowed multiple updating timestamp fields contrary to the specification, but this was “fixed” in later versions.  Then triggers were added to MySQL v5.0.2 and can be used as a solution for this common issue.

CREATE TRIGGER `TableName_dtColumn_default` BEFORE INSERT ON `TableName`  FOR EACH ROW SET NEW.dtColumn = CURRENT_TIMESTAMP;

Replace “TableName” with your table’s name and “dtColumn” with your date/time column’s name.  Also the trigger name, “TableName_dtColumn_default” in this example, must be unique within a schema.

MySQL triggers are a very versatile feature.  For more details about creating and using triggers see the MySQL documentation for CREATE TRIGGER syntax.

Internet Everywhere

If you do business using the Internet, there are fewer and fewer places that you cannot get an Internet connection.  As an experiment I took my laptop on my lastest vacation (really geeky, I know) to see how good Internet connections were from Cozumel and Akumal, Mexico.  In both the condos I stayed in provided Internet connections (DSL in these cases) with wireless access.  The connections were good and never went down while I was using them, mostly to upload my vacation pictures.

I am currently writing this post on my Delta flight from 36,000 feet, flying at 500 mph over Missouri using a service called GoGo Inflight Internet.  The service is a little pricey at $12.95 per flight, but other options are available and would be worth it if you fly alot and need to use the Internet.

Also Internet access was available for free at many restaurants that I frequented on my vacation, usually requiring a pass code, but in most cases free.  Denver International Airport (DIA, DEN) has provided free wireless Internet access for several years.  I was kind of surprised while waiting for a connection in Atlanta that they do not provide free Internet access.  The Atlanta airport does have several wireless access services available that will charge your credit card for 24 hours of access, but I only needed it for an hour or two between flights.  If the Turtle Bakery in Akumal, Mexico can provide free wireless Internet, why can’t Atlanta.  Come on Atlanta, try to keep up with Denver and Akumal!

So, from 38,000 feet over Grand Island, Nebraska, adiós for now.

AC Adapter Hell!

Box of AC adapters
I have several boxes of orphaned AC adapters, at least I think they are orphaned.  Many of the AC adapters that come with computer or electronic accessories are not marked with any identifying marks that indicate to what product they belong.  Most manufacturers purchase AC adapters for their products off-the-shelf, so even the manufacturers name of the adapter does not help identify the device with which it belongs.

I have tried several solutions to this device/adapter linking problem. First, I tried putting labels on the adapters and writing the device on the label. Just a month or two later the label would come off, mostly due to the heat of the adapter.

Picture of AC adapter transformer block with lable
Well my most recent solution seems to work pretty well.  I found an Artline Paint Marker in white that I use to write the device on the AC adapter transformer block.  These markers are similar to a Sharpie marking pen, except they contain paint instead of ink and come in light opaque colors that contrast nicely with mostly black AC adapter transformer blocks.

Another benefit to this labeling, is when unplugging a device from a power strip, I do not have to guess or trace wire through a rat’s nest of wires to find the correct AC adapter to unplug.

I still have a box of orphaned AC adapters from devices that are obsolete or broken. At least now I have a chance to pair it up with a new device without hours of research.

Keeping track of passwords

If you have run out of pets’ or children’s names to use for passwords.  Or you have ever misplaced that scrap of paper with your bank PINs and passwords.  Or if you have trouble remembering the contrived “passwords” that banks are now asking like “What was your first girl friend’s name?”, then maybe you are ready for a password safe program.  These programs usually keep track of your user names, web addresses, and passwords in a file format the is encrypted that only allows access using a particular software program and a single password.  This keeps your passwords safe if you laptop gets stolen or someone copies the files on your computer or backup disks.

I wrote a program for MS Windows for this purpose years ago, but since I mostly work on Linux and Macintosh computers today, it quickly became obsolete.  Today I use a program called KeePassX (www.keepassx.org) to keep track of my passwords.  I use it to keep track of hundreds of passwords that I have accumulated over the years.  Another great benefit is since I do not need to rely on my memory or have to write or type the passwords, because I can copy and paste them into the password prompts.   I can create long random character/number combination passwords that are very secure compared to your wife’s birthday or your dog’s name.  Even better, KeePassX will generate new passwords for me!

I can copy the encrypted file to a USB thumb drive and access it from my Linux, Macintosh, and even MS Windows computers.  You can even put the software on the thumb drive and access your passwords on systems that do not have the software installed.

KeePassX was originally a Linux clone of a similar software program called KeePass Password Safe (keepass.info).  KeePass Password Safe is for MS Windows only, but KeePassX currently uses the KeePass version 1.x (Classic) password database format as the native format.  So as long as you stay with KeePass v1.x then your encrypted password file can be opened with KeePassX on other platforms (Linux and Macintosh).

Both programs (KeePassX and KeePass) use either the AES (alias Rijndael) or Twofish encryption algorithm using a 256 bit key.  The AES encryption algorithm is currently used by the U.S. government for protecting it’s top secrets.

No password safe software program will protect you from every threat to someone getting your passwords, but they eliminate the greatest threats of weak easily guessed passwords and passwords written on paper that is easily obtained.

Enable spell checking in all text entry in Firefox

Firefox has in-built spell check, but by default, this spell check is available only in Text area (usually multiple lines with scroll bar) entry fields. Text entry boxes (usually 1 line) will not show spelling mistakes. To activate spell check in text fields, open the configuration page of Firefox. Type about:config in address bar and press enter.  In the filter text-box, type:  layout.spellcheckDefault

Firefox Spellcheck Configuration

The default value of this preference is 1. Double click on this parameter and change the value to 2. Close configuration page and now open any page which has a text-box and check for wrong spelling.  In case the spell check is still not enabled, right click on the text-box to pop-up the menu and check the Check Spelling menu item.