Articles

(Web) Finger Me

Google has brought back a re-incarnation of the old finger protocol, in the form of WebFinger. It strikes me as a simple to implement solution to identity+discovery on the web. OAuth, OpenID and other systems tackle authentication, but suffer from being less than user friendly (from a UI standpoint) in that the average person does not equate a URL with a person (identity). WebFinger on the other hand utilizes the all to familiar email address format, something that is easily understood by even the most basic internet user.

State of WA 2010 PayDays & Holidays iCal

Updated my previous iCal file with the official 2010 PayDays & Holidays, and those who follow the same calendar, well at least according to DOP and WAC. Maybe next year they will actually provide this in a format that someone can use, until then the ics file below should work with just about any calendar application you might use at this point. It is also available as a Google calendar that you may subscribe to, add or sync. Just search public calendars for it.

PayDaysAndHolidays2010.ics

Better Fonts Through Vista

As with many new versions of Windows, Microsoft has released some new fonts. When installing Vista or Office 2007 (either one) you get the new 'C' fonts. These new fonts are nice updates to the earlier 'Web Core Fonts'
 
While these new fonts look quite alright when printed, I personally don't find them to be compelling on paper compared to the many excellent typefaces in use already. They do look rather nice on the screen, and particularly the new fixed width font Consolas.
 
Here's an article on how to change your console (cmd prompt) font to use Consolas for an easy on the eyes experience. I use the Consolas font for both my Mac OS X and Ubuntu Linux terminals. Simply follow the instructions in the links to install the new Microsoft fonts, then browse to the Control Panel and then the Fonts folder. You can simple highlight the new fonts and drag them over to your desktop for easy copying to your non-Windows systems.
 

OpenID

Last week at IgniteSeattle one of the presenters talked about OpenID. While I have heard of it in the past, I hadn't really followed up on it. Afterward I got on it. The idea behind OpenID is to create a de-centralized identity management system - meaning a way for us to be able to use single login across many websites. Here goes an obligatory reference to Microsoft Passport/.Net Passport/Windows LiveID - sounds similar to that eh? Well, only at the most basic level. OpenID is, well open. There is no central OpenID provider, in fact anyone can run an OpenID server. Currently there are a number of providers such as Technorati, LiveJournal, Verisign and MyOpenID. Once you create an account with one of these providers, you can then use your OpenID to login to any other site that accepts OpenID. In addition, most of the information that you usually enter at each site (nick, zip, age, gender, etc) can follow you. Note that you do have control over which information each site can have access to. After you have an OpenID account, you can even link it to your own domain if you so wish. The advantage there is now in addition to owning your identity, you own your OpenID also. If the provider you chose goes under, you decide that you don't like their recycling policy or really whatever reason - create and OpenID with another provider, change a couple of lines of html on your own site and your login stays the same - just with a new OpenID provider.
 
An excellent explanation and tutorial on OpenID by Simon Willison. Also check out his blog on taking OpenID to your own domain.
 

Java SSH Applet

I often want to be able to access various SSH server from wherever I may be. Often that is from a Windows machine, so the simple answer is carry a USB key with PortablePuTTY or just download it to the machine I am sitting at. That works well enough, but there are the times that I don't have my USB key with me, or I am at a station with limited access. So I did a little exploring and found MindTerm, a Java SSH Applet. MindTerm comes in several versions, including a free one for personal/limited commercial use.
 
Fairly simple matter to download and unpack the zip file, copy the .jar up to a directory on my server and create a simple .html page to launch the applet.
 
Fired up my browser and was immediately able to log into my webserver. Being pleased by this, I then try to connect to a server at home and I am greeted with errors about permissions. A little research and I see that the free version of the applet is not signed. Well a limitation of unsigned applets is that they are unable to communicate with any server other than the one where they came from. Looking further at AppGate's site I see a signed jar is one of the items of note with the paid-for version of MindTerm. They do mention that if you want to connect to other servers with the free version, you could always sign it yourself - though they describe this as a "non-trivial" task and provide a link to some rather convoluted documentation at Sun's website.
 
The document didn't quite seem right to me, so I did a little further looking about and came up with this handy page describing a rather simple looking process to self-sign an application. Went through the steps on my OS-X box, uploaded my handy new signed version of the .jar - and now when I open the applet I am greeted with a dialog that this applet is signed, but that it has an unknown signer. Since I recognize the signer (me) and after clicking the Trust button, the applet launches and now I can connect to any server, create tunnels, and even an SFTP/SCP.
 

Energy Policy Act of 2005 & USA Updates to Daylight Savings Time

Much has been written about the why's of this change already and I will leave you to read that in my references. The short version is that the dates in which daylight savings begins and ends changes this year in the USA (there have been changes for other countries recently also, and expect more due to the US change). Many software applications and OS's have either this information hard coded or an out of date table of timezone & daylight savings data. The small problem here is that many of these systems will have the incorrect time for 3 weeks starting March 11 and 1 week starting October 28 this year. This can range from nearly un-noticeable, to rather troublesome. Systems like building access-controls may not allow people in when they expect, appointments on your calendar may appear at the wrong time, timestamps on everything from voicemail to timeclocks may be wrong. The bigger problem may well be the fact that systems that provide reporting or calculation based upon time, or time comparison will be completely incorrect unless patched. One example is that of running reports based upon usage at different times of day, across the timezone change, such as might be done by a retail outlet or government transportation department.

Luckily, in PC based systems, most applications rely on this information from the underlying operating system. Different OS's handle timezone/daylight savings data differently. Some have a limited ability to allow for differing DST start/stop dates on different years, and therefore are going to have some issues with historical data regardless. Applications may handle this themselves, and the capabilities range widely. I am going to try to address some of the more common OS's, applications & devices and point you toward the fix. Remember that this is coming right quick.

**NOTE: If you are a home/individual user, and you have kept up on your updates for your operating system - you are probably alright. The notable exception is updating your Java, though you probably aren't using any Java apps that will be sensitive to this, but go ahead just to be safe.

Publishing Safe Documents

Many organizations have a library of documents on their websites available to the public. The types of documents range from legal notices, price lists, forms, contact lists and more. Internally these documents are usually created with Microsoft Word or Excel, or other office suites. What people don't realize the amount of unintended information contained in these files. Office document formats are highly complex data files and have many options for tracking changes, embedding other files, storing metadata about the author.

Proximity Cards & Fakes

I have often talked of my liking of proximity cards for access control due to the fact that they aren't a writable format (i.e. you can't buy a writer or blank cards). Well recently a developer (hacker) in Canada (Jonathan Westhues) has built a prox-card emulator. His device is capable of producing similar behavior to an actual prox-card, but is also programmable. He has shown how the signal is encoded, how a clandestine reader and sniffer work and then duplicating that signal with his device.

Network Admission Control

Since I first heard of Network Admission Control (NAC) I have been unable to fathom a workable scenario for the technology. The concept in NAC is that machines wishing to connect to the network (typically laptops and remote clients) should be checked for compliance with security policy. Most implementations rely upon an agent installed on the client wishing access that reports compliance (up to date signatures, patches, configuration) at which point the machine is granted admission to the network proper.

ITIL

 

Documents to download:

ITIL Glossary (updated to v3) 

Syndicate content