Attempting to chart an USB keyboard controller turned out to be a bigger challenge than expected. The story is simple. I have a dance mat, which uses a PS/2 passthrough connector. I have however been unable to get it to work, and in order to bring it up on its feet, I have killed an old USB keyboard and stripped the controller from it.

Keyboards work by mapping each button to a matrix of inputs, simply put separated in rows and columns, but unrelated to the actual button layout. If you have ever taken apart a keyboard, this mapping is done by the thin plastic film found inside. The controller I have consists of 9 rows and 18 columns, and for the mapping I use my faithful multimeter.

Going through the rows, it started out well as I found the "volume mute" button as well as a few arrow keys and letters. Then, the computer started grinding and hibernated. I scratched my head and restarted it, finding that the button I managed to trigger was the sleep button. Excellent. I went into the power settings and disabled the sleep button (told it to ask me first, so I would at least know when I accidentally trigged it). Moving on, I managed to do the same thing again, however this time triggering the shutdown button.

Seriously, what idiot thought it would be a good idea to have a shutdown button on a keyboard? Stupidity!

The article comments are working again. My apologies if your comments were lost, they still appeared on the site after posting but were never saved to the database

Internet Explorer has according to NetApplications got 77.35% of the browser market. W3Schools puts the same number at 57% of the market, so I think it's safe to assume the actual number is somewhere in between. What we have to keep in mind is that the statistics for this is collected from websites by the means of included images, scripts, etc. and each number will reflect the relevant percentages for the collecting site's user base. W3Schools is a website with lots of information and reference on the current web standards. That is, the official standards.

Being a web developer in these days more or less sucks to be honest. And most of this suckyness can be blamed on Internet Explorer.

Microsoft has always taken its own path, and it's sad to say, but they seem to be avoiding open standards no matter what. They went to ECMA and ISO with their OOXML format and bribed companies in order to decapitate the Open Document standard. In the OOXML standard, they didn't decide to use any of the existing standards for vector graphics, such as SVG, but instead invented not only one but two proprietary formats for the same purpose.

Today, if you are building a website, it's not uncommon to have to build two versions of it. Or rather, to use tweaks and non-standard methods for making it compatible with Internet Explorer. First, you build it according to all the standards. Then, test it out in FireFox and Opera. Your 100% standards compliant code will work to 99.9%. Then, you fire up Internet Explorer and have a look at the same website, and from there on it's tweaking time. Correcting bad measurements, fixing images, and sometimes just rewriting parts of the page to work. That is in Internet Explorer 6.0. Then you realize that Internet Explorer 7.0 is doing things in its own non-standard way. There are some minor hoorays, but in the end you probably have to put in another stylesheet just for IE7.

Just a simple thing as the PNG image format that was introduced around 1997 if I remember correctly is still not handled properly by Internet Explorer 7. The format was intended to take the best parts from the JPG format, which supported around 16.7 million colors, and the GIF format which supported transparency. FireFox handles it perfectly. The same goes for Opera. Internet Explorer 6.0 didn't support the transparency, and furthermore managed to misintepret the simple section of the PNG format specifications relating to gamma correction, thus rendering the colors in the picture wrong. Internet Explorer 7 has not fixed this problem, but on the upside it supports transparency.

So, designing compatible websites is just painful, and I just wish that everyone would simply drop the Internet Explorer tweaking. Make the sites look proper in the browsers that are proper and follows the standards. If it doesn't work in Internet Explorer, so what. At least it is built according to standards, and work in a majority of the browsers, although not in the browser with the apparent majority.

Get FireFox! Besides standards compliance, you also get stability and improved security.

Microsoft does it again. I have been happily unaware of the chevron hell for a long time, only read and heard about it before. But eventually I stumbled upon an application employing this hideous new "revolution" in UI design, and all I can ask myself is WHY?

Googling for a bit reveals that Microsoft invented context-sensitive chevrons because the users found menus to be too complicated. According to one of their surveys it took people too long to find the proper menu option in Microsoft's software, and chevrons was the way to cure that. Well, the big surprise is that every operating system uses menus in one way or another. Menus are convenient; they are categorized, and (if implemented properly) logical to use. If you want to change the font of the text, you go to the Format menu and click the appropriate item. If you want to save, load, print, or edit meta-data you go to the File menu. Want to insert a picture or an object? Just go to the Insert menu. There is nothing that's unlogical or complicated with that. It's part of the learning curve of a graphical operating system.

Microsoft's introduction of chevrons probably makes that learning curve much leaner, but it does that on the expense of the power users and effectively cripples the newbies (that will still have to learn how to use menus when confronted with them). There is a saying that explains this better than I could ever do:

"If you make a system that even an idiot can use, only the idiot will use it."

I suppose that's where Microsoft is going, trying to fluff up things á la Macintosh in order to create a family of operating systems that will only appeal to design-crazed morons that care more about how fancy things look than the actual usability.

Noccy.com is finally back, with a new design (probably like one of my first ever designs featuring darker colors) :) Not everything is in place yet tho. Feel free to poke around, if it doesn't work it will most probably let you know so ;)

Minimal Security Part 1 - it doesn’t have to be hard

This article is available in it's original format at http://lolminimal.wordpress.com/tag/minimal-security - It's only posted here to give some decent formatted text to try out the new design with ;)

Welcome to the first part of Minimal Security. In this series of articles I’m gonna give you some pointers on how to make your system more secure, and also hopefully show that it is no rocket science - It’s just a matter of thinking one step ahead! So, let’s get started!

Passwords - What are they?

A password is basically an authentication token, something that is used to identify you and give you access to something, for example your system, your e-mail, or your Internet banking web page. Normally this token consists of not only a password, but also a user name (or your e-mail address).

So, passwords are secure, right? Well, they can be. Passwords are mostly compromised due to them being easy to guess, too simple, by the use of social engineering or irresponsible users. For example, having the password “fluffy”, after your dog, is probably not a good idea. Neither is your phone number, girlfriends name, birth date etcetera. I think you get the idea here.

So what is a safe password then? Well, for the passwords I use, I tend to settle for no less than 10 characters. They also consist of both uppercase and lowercase letters as well as numbers, and no words that can be found in a dictionary. The easiest way to make the “fluffy” password a little bit more secure is to add something else to it, for example “fluf13fy”. Your dogs name have now been split in two parts and had a number added somewhere in the middle, and, obviously it’s not that easy to guess any more.

You can also use a third party application to keep track of your user name and password, like for example PasswordSafe (passwordsafe.sourceforge.net) which is also able to generate random passwords for you. Your credentials are saved in an encrypted file with a master password, and in order to log in to f.ex. a website you just enter your user name, double-click the entry in password safe, and paste it in the password box. When you close PasswordSafe, the clipboard is automatically wiped.

Irresponsible users

I mentioned social engineering and irresponsible users earlier. These two go hand in hand, and both of these are actually related to the huge amount of credit card and Internet banking frauds lately. Your password should never ever be shared with anyone else. The banks explicitly state this in the security information etcetera, and yet people still hand out this information to “bank employees” over the phone in order to sort out some complications with their checking account. Here comes another part I mentioned, think one step ahead. The bank will never need your password. The bank runs the system. If they need to access your details, they can do so without your password.

The same goes for e-mails received from the bank with the proper bank logotype etcetera, and included is an attachment said to be a “anti-virus software” or similar. You can be pretty certain that your bank will never ever send you an anti-virus program or any other program for that matter via e-mail.

It is just as irresponsible to hand your password over to your friend, your family etc. As a general rule of thumb, don’t give your password to anyone you would not trust with your keys and your wallet.

Saved Passwords

Saved passwords are excellent. I admit that I use them too. You know, that fancy box that pops up when you log on to a web site; “Would you like Firefox to remember this password”. It’s an awesome feature, but these passwords are saved and made accessible to anybody that is using your computer, and not only to you. The simple remedy to this problem is to enable the master password. In Firefox, this can be done in the options dialog in the tab “Security”. Check the box “Use a master password”, and use the command button next to it to change the master password. The next time Firefox feels an urge to auto fill a login box with your user name and password, it will prompt you for your master password (if you haven’t entered it during the session, that is).

Your saved passwords are now available to you, and only you.

Security on your Workstation

All operating systems based on the 2000/XP kernel have got a pretty sophisticated security layer running under the hood. This security layer, or subsystem, validates every request made and ensures that you have access to the object or the function that is requested. These credentials are validated during the login, and are then used every time a file is accessed or another file system or registry operation is taking place.

It also offers the excellent ability to lock the workstation, either by hitting Ctrl-Alt-Delete and selecting “Lock Workstation” (for this to work, you have to disable the “Fast user switching” in the control panel), by hitting Win-L (if you’re using Windows Explorer) or by hitting Win-Space (if you’re using bbLean). Screen savers can also be set to prompt you for your password before allowing you access to your system after the screen saver has closed. This is an excellent feature to keep nosy people away from your system, protecting your sensitive data and making sure things are still the the way you left them when you return.

If you are using NTFS as your file system, you can also encrypt your files in order to make sure that they are safe from curious eyes and nosy people. To protect a file or a folder, right-click it and select “Properties”. Then click “Advanced” on the first property page, and check the box next to “Encrypt”. This file (or folder) is now a little bit more secure if your hard drive would ever be lost or compromised.

You can also use virtual encrypted drives to protect your sensitive data, the best one I have found so far is TrueCrypt (truecrypt.sourceforge.net), which is also open source and 100% free. It works by creating a file on your hard drive of a specific size, and then “mounting” this file as a virtual drive. You could for example create a 2 GB virtual drive as C:\myfiles.tc and have it appear as D: when the password has been properly entered. This file is in turn protected by strong encryption based on your password, and a possible key file (for example an image, a mp3-file, or just a random text file stored on your hard drive or on a USB memory stick).

Virtual Identities

Wow. That’s a fancy word for sure. What is a virtual identity then? Basically, a virtual identity is something that identifies you in the virtual world. Very often this is associated with your e-mail address or similar information, for example your yahoo username “johndoe123? which has a corresponding e-mail address “johndoe123@yahoo.com”. The same is valid for MSN messenger, where your virtual identity actually is your e-mail address.

Here in Sweden it has become more or less of a trend to have fancy web pages where you can win stuff, such as a plasma television or the latest cellphone, if you just recruit enough people to the website. Basically, the one who makes the most friends sign up will win the grand prize.

Who wants to enter all their friends e-mail addresses? Nobody. Instead they offer a box to allow the web page to sign in to your messenger account and automatically inform your friends of the ongoing competition. I am not 100% certain, but I am pretty sure that there are no grand prices in the end. At least not for the users. The thing is that when you share your virtual identity like this, you are first and foremost sharing your password with a third party that you don’t really trust. This is bad. But what’s even worse is that you are also exposing your friends virtual identities to the website. These sites mostly harvest e-mail addresses, that are then sold to spam networks, and what you end up with in the end is not a new fancy big screen television, but instead a flooded inbox. Once again, think one step ahead.

Summary

Security doesn’t have to be hard. It just requires you to think a little extra, just like you do when you swipe your credit card in the store and is about to enter your pin-code. You won’t pound in those magical 4 digits with someone looking over your shoulder. Or in a terminal that’s been glued together with a clerk looking more than suspicious. Yet, most people think it’s okay to recommend contests to their friends by giving up their user names and passwords. And honestly, isn’t your IM password the same as the one for your e-mail? And for your computer?

Think one step further.

Wow. Gotta love this song. It's an old one, but it's great. And the video pwns :)



Testing the flash player :)

-Phil Zimmermann

Okay, the storm of the century is apparently coming this way... In my region, there's only been issued a warning about floods (it's raining outside as we speak, and it's getting worse), but for several other locations in sweden there are risks of heavy wind and lots of rain. This could get interesting :)

So, if we don't make it through this alive, there's always this post to make you smile ;)