Thursday, 12 April 2012

Testing blogger for iPhone

Well, it doesn't appear that you can save drafts which is a bit rubbish, I'd certainly want to review my probably badly types blogs on a bigger screen before posting them.

Let's see how photos works. Obviously being a small screen it doesn't let you position them which is another good reason to be able to post drafts so I can reformat a post.

Saturday, 7 April 2012

Trying out Blogsy on my iPad

I'm looking to see if I can replace, or perhaps abandon, my venerable laptop in favour of my iPad. So I started looking for tools to do all the things I normally do on my laptop.

Me in Canada
So far I've found a supposedly good SSH and VNC/RDP client called iSSH (of course, it would be), a good enough RSS reader with Google Reader integration, an accessory in the Apple store that lets you connect and transfer photos from a USB camera and now a tool for blogging that is highly rated and works with both Blogger and WordPress. So, this is just a simple post to see how The last tool (Blogsy) works. As you can see it supports Flickr, including uploading photos, hence the picture of yours truly in Canada. I stil need to get another USB keyboard and test using that, probably with Blogsy and with something that lets me edit Google Docs content, or Dropbox content. I'm thinking of trying QuickOffice Pro, but at £13.99, unlike Blogsy's £2.99,
Walnut
I will have to think twice before buying it. I think once I've got a document application, I should be pretty much sorted bar having to remote connect to a desktop machine at home for the odd few things here and there, which the aforementioned VNC/RDP client should be good enough for. So, here's hoping that going "all iPad" isn't such a tough nut to crack after all. Add in a half decent "pen", as I have big fingers and most rubber nosed styluses are no better, and I'll be a happy man.

 

Saturday, 18 June 2011

My new Sony camera

Sempervivum by Mr Dale Roberts
Sempervivum, a photo by Mr Dale Roberts on Flickr.

as I think this photo of some Sempervivum shows, the camera does quite a nice job of close up photographs.

Friday, 4 December 2009

First class for free (almost)

Well, for the first time ever I can reveal I have found a way to travel first class on the train for the cost of a standard ticket. I say first class, it’s more like between first class to be honest. On the plus side I have only a very quiet chap reading his paper and two attractive young ladies for company. So even the proximity to the bins, toilet and doors seems acceptable.

I probably wouldn’t recomend it to anyone with a fear of germs (I am sitting on the floor after all) but on a busy train it’s better than standing near the bins and toilet in “cattle class”.

We’ve even had a train official go past so I know I won’t be hastled for a first class ticket.

All in all something of a result for the less descerning traveller.

Monday, 21 January 2008

Encryption software

Data Encryption:

If you don't want to join the numerous government departments in loosing personal data (yours and others ... apparently even just full name and address is considered "worth knowing" to identify thieves) then you will want to start encrypting your data. The simplest way to use your data on a Windows PC with the confidence that when you shut down your PC the data is safe is to use "on the fly" encryption software. One "favorite" product for this in many quarters is TrueCrypt. Which lets you create a strongly encrypted file that you mount as a "virtual hard drive" on your PC. Just put your data there and when you logout the drive is unmounted and then when you login again you start TrueCrypt and mount that "file" to get your drive full of data back.

http://www.truecrypt.org/

E-Mail Encryption:

If you want to send people e-mails with interesting information in it, you should encrypt that information as it goes out over the web. There are many ways of doing this using certificates and keys but the two main ways are GPG/PGP and S/MIME. S/MIME is supported by many mail clients but requires you to get a certificate from somewhere. Go to Thawte (https://www.thawte.com/cgi/personal/contents.exe) to get a free e-mail certificate (read the documentation for you mail client on how to get the certificate and key into the mail client for use - many mail clients support this such as Thunderbird and Outlook). GPG/PGP is an arguably more popular free variety of encryption. To use GPG to do encryption (think of GPG as the free version of PGP). Try something like the popular gpg4win (http://www.gpg4win.org/). With GPG you just create a key pair and send out the public version, you don't have to go get a certificate from a certificate authority like Thawte. This is why, until Thawte starting doing free mail certificate, GPG was far more popular. Also, the way GPG works, you can either integrate it with some mail client, or use it separately which includes the ability to encrypt any file you have on your PC (so it's a sensible choice for encrypting data to put on a CD and send to someone who you have a GPG public key for).

For a detailed explanation and overview of technologies go to the appropriate web page. But basically, you want (for either kind of encryption GPG or S/MIME) a private Key which allows you to decrypt/sign your mails and a a public key or certificate that you send out to people so they can encrypt stuff to send to you safe in the knowledge that only you can decrypt and read it.

Password Storage:

If you want to use good passwords for everything, and not have to worry about remembering them. Then use PasswordSafe. It runs on windows, has some "techy" tools for Linux if every anyone needs to. Several large companies have "verified" it for use via their security departments (VERY BIG companies - in case you worry how safe free software is).

http://passwordsafe.sourceforge.net/

Secure Data Erasure:

If you have an old PC, just use DBAN (http://dban.sourceforge.net/) to create a CD that when you boot a PC with it will give you the ability to completely obliterate all your data using up to military grade erasure. A simple random data overwrite is fairly safe and much quicker, but if you dn't mind leaving the machine running overnight clobbering your data then go for the full guttman wipe.

If you just want to be sure files you delete are actually gone from your hard disk then try Eraser (http://www.heidi.ie/eraser/). This is most likely wanted once you have copied all your data to a TrueCrypy volume and now want to delete the old copies from your computer in a way you can be confident can't be recovered.

Some Hints and Notes:
Apple Mac users
i Just use the FileVault in place of TrueCrypt and store your data in your home directory
ii Just use your KeyChain in place of PasswordSafe
iii Just use the Finder's "Secure Empty Trash" function to safely and securely delete your files from your trash folder.
iv Yes, it is that simple thanks to the apple mantra of "it should just work"
v For GPG check out http://macgpg.sourceforge.net/
DATA INTEGRITY
i BACKUP YOUR DATA - Sounds obvious, but too many people miss it and with Encryption you MUST make sure you know your passwords
ii READ THE MANUAL - Backing up some encrypted data isn't as simple as copying a file so make sure you follow instructions on backing up encrypted data.
iii DID YOU REALLY WANT TO BACKUP THE UN-ENCRYPTED DATA - Bear this in mind, you may want to, or may not, but make sure you know which you have done.
iv HAVE A TRANSITION PHASE - You're data has been un-encrypted for ages and your password have been written on a peice of paper for ages right ?. So don't setup passwordsafe and TrueCrypt and immediately delete all your old records and data. Put the old stuff to one side (or on a CD/DVD) and start using passwordsafe and TrueCrypt with the warm comfy knowledge you have a fallback if things go horribly wrong.
Password Choices
i With both products above, all of your security now relies on the quality of just one or two passwords. So make them good.
ii One suggestion is to use a pass phrase not a password. Pick something memorable that isn't too likely o be though of by someone else (i.e. Quotes from Shakespeare as they are easy to verify if you aren't sure, or song lyrics (e.g "Fat bottomed girls you make the rockin' world go round")
iii Another suggestion is to make thing a little harder to guess by using some kind of quote or enclosure to your pass phrase. For example, actually include the quotes in the above pass phrase. Or maybe put brackets around your pass phrase or some other random placeholder like zeros (e.g 0Fat bottomed girls you make the rockin' world go round0 ). These make any attempt to brute force a pass phrase much harder as you have to get the right quote (there are quote databases available on the web) and the right surrounding place holders.
Chosen Products
i The reason to use the above and not other products, is primarily that they are free open software so if you need to use them on several PCs you don't have to buy more copies. Also, you can encourage friends and colleagues to use them (hey, they're free guys and girls) and then have a common shared pool of experience for using them that's not so dry and boring to use as documentation online or this e-mail (i.e. chat's down the pub or on the golf course).
Mail Encryption
i I actually have and use both S/MIME (Mac supports this out of the box) and GPG via a GPGMail plugin. There is nothing wrong anyone doing this as long as you don't use both S/MIME andn GPG for the same message as it will confuse mail clients and make "signed" e-mails show as "broken". This is because once you have signed the mail with one encryption technology, signing it with the next change the message and so "breaks" the validity o the signature with the first.
ii Some issues can be experienced with problems reading signed mails that are old, and obviously you will need to keep copy of old expired keys to read mails you sent or received in the past. (GPG is slightly better at avoiding this problem than S/MIME is). This is a result of certificates and keys expiring. Generally you can still read the mails but they will show up with an error stating that the certificate or key they were encrypted with is expired.
iii Obviously if you want to mail something to a fellow TrueCrypt user (or old fshioned person if you include the link to the TrueCrypt web site), you could always put the files in a TrueCrypt volume, mail that as an attachment and then phone them with the password (or have an agreed password you "share" for such purposes).


DISCLAIMER

Obviously this is just recommendations of software from the web, use it at your own risk !!!! I don't take responsibility :-).

Monday, 22 May 2006

Why keep a journal

Well, just the other day I was called by a colleague of my fathers and asked to help out with his ailing Mac G5. So, off I went to pay a visit thinking that I would delete a few cache files, run the Mac OS/X maintenance stuff and what not and be on my way.
What in fact happened is that I ended up taking his hobbling, unhappy Mac and euthanizing the poor thing. So what happened. Well, it boils down to it having a jounaled filesystem and yet still having a very sick filesystem, so much for journaling.
When I arrived I was informed that the system had been occasionally showing the bouncing beach ball of death, and with one particular account, was refusing to empty the trash. Apparently an attempt to run the repair permissions utility had resulted in a few repairs and then the program stopping responding with no errors in sight. So, I delete the trash contents for the rogue account by hand from the command line using a power user account, figuring that whatever program though it used those files would, when the account next logged in, complain or more likely create new cache files. I then ran the disk verify tool - oh dear. This reported problems with nodes and the catalogue. Being the boot volume I obviously couldn't run the repair program on it. So, before taking any action on the filesystem it seemed sensible to backup the all important data to. So we popped in a CD and asked the Mac to dump a load of stuff on it. While this was running I went off to do something a little more interesting. What I cam back to a little while later was an error message and a CD which when put back into the Mac couldn't be mounted. Oddly enough, a later attempt at reading the CD in a windows machine showed that not everything was written to the CD but a fair amount had been, so why the Mac wouldn't read it is anyones guess. Anyway, this made me believe trying to backup the dodgy filesystem was a doomed endeavor (200+Gb of doomed endeavor in fact, so I couldn't even "dd" somewhere as I don't have that much storage space anywhere else).
Well, having failed to backup the data I booted from the install CD and tried the repair program from there. Another oh dear moment ensued as I was informed that the repair tool couldn't salvage the disk. Next, I risked using fsck_hfs in a last ditch attempt and was informed by that program that it couldn't fix the disk either. So, having applecare for the system we phoned apple who confirmed I had taken appropriate action, but recommended using the TechTool Delux CD from the applecare pack which has another disk recovery program. The irony here as I found out is that the TechTool Delux program is no better equipped to repair dodgy filesystems than the apple built in tool, but the company that provide it will sell you a "professional" rather than Delux product that is apparently quite good at repairing such problems. Anyway, having done all these things and concluding that I couldn't fix the disk I decided I may as well go back to trying to backup the data to CD, having at this point found that the CD was readable on an NT machine.This is where I discovered I have euthanized the sickly Mac. You see, having tried and failed to repair the disk, the kindly repair programs had marked the disk as "bad". As a result I could no longer boot into a limping version of Mac OS/X because at each boot attempt the OS would notice and try to fix the "bad" disk which would obviously fail sadly resulting in the Mac switching off.
I then had the slightly embarrassing task of explaining to the Mac owner my attempts to fix his problems appeared to have made things worse. The explanation is that as the disk is journaled, the assumption of the OS is that it can't be bad so there is no point checking it at boot which means the system boots and throws odd errors or behaves strangely when it does try to use the bad bits of filesystem, examples of which would including failing on backups. However, as mentioned before the programs that would normally repair problem, as they had failed, marked the disk as bad thus overriding the OS's normally blaze approach to filesystem integrity at boot-up.
Anyway not wanting to leave the guy in a worse state than when I arrived, I invested in a copy of DiskWarrior which I found recommended in several books and favorably compared against other disk repair tools in web reviews. The use of this tool did solve the filesystem integrity problem, including making the disk now pass DiskUtility verification, meaning we could mount the disk as a firewire target and at least recover some data. The disk still wouldn't boot however.
In order to get the disk to actually boot, I had to then boot from the apple install CD and perform a rather time consuming "archive and install" which installs / re-installs the tiger OS around the user data. After this, and the then obligatory software update to get back up to date, voila. We now had a working system again.
So, what is my conclusion from this. Well, it's simple really, I still don't trust journaled filesystems. This is not limited to journaled HFS+, I have had similar issue with journaled filesystems on Solaris machines and it makes me wonder if journaled filesystems don't in fact not protect your data better but rather simply make machine boot-ups quicker while hiding some rather nasty issues away from you. Let's just hope the ZFS (or whatever it's now called) filesystem from Sun is all it's hyped to be rather than just another evolution of the existing journaling technologies I have had problems with. I'd also like to know why it is fsck_hfs doesn't understand journal files, I mean surely a repair program for a filesystem should understand how to repair all the varieties of that filesystem, rather than being likely to cause additional damage. I hope Sun provide a working fsk_zfs or whatever for their ZFS filesystem. If nothing else it makes people like me a little more comfortable to know you can on-line verify a disk, and if the journaling has let you down, repair it safely and simply.

Thursday, 9 February 2006

Services, for better or worse

Having recently installed MySQL on my Mac OS/X Tiger laptop for use with some software I have been testing, I decided to have a look at launchd and get MySQL starting at system startup.
Reading through all the launchd and related documentation I am rather suprised. Why is it that Apple have decided to remove the dependency feature that StartUpItems had. According to Apple:

In the long run, Apple recommends designing daemons to not depend on the order in which they are started. Programs should be robust in the case where a service is unavailable, and in some cases, programs should be automatically spawned when needed instead of requiring programs to wait for them.
Surely only a tiny minority of sysadmins actually write the daemons that they are expected or need to run as a service. So what good is apple encouraging developers to write robust code, when developers are not the main audience for launchd setup.

While I'm expressing my disappointment, why have both Apple and Sun, in pretty close succession, decided to re-implement all the tried and tested *nix service and scheduling stuff in totally different ways. I mean, they both seem to be trying to achieve the same things. And it's not like they haven't both worked towards open systems and on open standards before. Surely if they came together to create something they could both use in their at least partly Open operating systems it would be great for everyone. OK, so Linux might then use the technology, but they could spin that as a "we're so great even Linux uses our code" rather than worrying about it. If everyone does everything differently people are going to try and stick with good old cross-platform daemontools, xinetd, cron and rc.X scripts. After all they still provide fairly configurable and robust services, scheduling and startup too don't they. OK, so they don't use XML to make config verification easy, and they don't provide some things like Apple's WatchPaths but at least everyone knows how to use them and you can use them on any *nix platform. If I wanted to be cynical, I could even suggest that Sun's approach is mostly not for improvement of configurability or reliability, but a way to make it easier for them to bolt their commercial monitoring and "self healing" products onto a system. As to Apple, well you could cynically suggest that they are moving in the same direction, or simply want to be different.

Let's just hope this isn't the start of a massive divergence of *nix platforms. I'm all for improving things, but part of the beauty of *nix is that once you've used one, you've used them all. And if another system does something differently, you can normally just bring your preferred method of doing it with you. After all Solaris didn't used to have xinetd for ages, but you could always install it yourself. And package management on Linux has lots of guises, but most of them can be used on any old Linux distribution without much fuss. Good grief, you can even make your Windows machine look like *nix with cygwin, including running things like SSHD.

Anyway, now that my rant is over, anyone looking to run MySQL as a service on Tiger should look at my Wiki. It has the plist file I use and some general info around my experience.