A mathematical CAPTCHA

Geekosystem found the captcha above at the signup page for Quantum Random Bit Generator Service.  When I double-checked the source,  I found that not all of the questions are as easy as the one above.  To wit...

I'm going to need some help...

Congratulations to dooce

Yesterday was the tenth birthday of dooce.com. Heather Armstrong is one of the groundbreakers in the field, and her blog has been the recipient of numerous awards (including a Lifetime Achievement award from the Bloggies).  It says something about her blog when she can write a post and get 6000 comments.

Use this post to offer comments re the format of this blog

A couple months ago I changed the design of TYWKIWDBI.  My principal goal was to have a format that presented photos and images in a larger size in the central column - to avoid the need to always "click for bigger." 

The first revision used a template that caused some problems for readers scrolling down the page.  After that I switched to the current one.  I then wanted to give readers (and myself) a while to adjust to a new color scheme for the background, for the highlights, for the hyperlinks.  I'm not sure whether it's optimal or not, but personally I've gotten used to it.  I know there are readers here with skills and experience in the realm of design, including website design, so if anyone wants to offer ideas or suggestions for further amendments or revisions, please feel free to do so.

The second item I'd appreciate feedback on is the embedded YouTube videos, which for some readers were not remaining anchored in the post, and migrated out of position, even covering adjacent text.  This was a problem of hair-pulling intensity which I discussed in a blog post in January.  I'm not the only one to have encountered this; a Blogger forum and several other discussion boards suggest that there is an inherent incompatibility between the Blogger template and the Safari browser.  Later in January YouTube changed its embed code, and the problem seemed to resolve.

This week I got an email from an "avid follower" of the blog who still encounters YouTube embeds covering the nearby text (using MacBook Pro and Safari).  After hearing that, I logged on with Safari (instead of my usual Firefox) and confirmed that some of the embeds were "loose" (and actually moved as I grabbed the corner and resized the window). As far as I know, there's nothing I can do to correct that problem.  My Google Analytics tell me that 16% of TYWKIWDBI readers arrive on Safari, so it is potentially not an inconsequential problem.  I don't know if everyone is experiencing the same problem, or whether some of you found a workaround.  Please feel free to offer me your experience and any relevant advice in the Comments.

Thanks in advance,

stan

A warning for anyone using public Wi-Fi hot spots

Excerpts from an eye-opening article in the New York Times:

Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited...

...while the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account.

More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use.

The only sites that are safe from snoopers are those that employ the cryptographic protocol Transport Layer Security or its predecessor, Secure Sockets Layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “http.”..

Since not all Web sites have “https” capability, Bill Pennington, chief strategy officer with the Web site risk management firm WhiteHat Security in Santa Clara, Calif., said: “I tell people that if you’re doing things with sensitive data, don’t do it at a Wi-Fi hot spot. Do it at home.” ..

A WEP-encrypted password (for wired equivalent privacy) is not as strong as a WPA (or Wi-Fi protected access) password, so it’s best to use a WPA password instead. Even so, hackers can use the same free software programs to get on WPA password-protected networks as well. It just takes much longer (think weeks) and more computer expertise.

Using such programs along with high-powered Wi-Fi antennas that cost less than $90, hackers can pull in signals from home networks two to three miles away...

More at the link.

National broadband map

"The National Broadband Map is a tool to search, analyze and map broadband availability across the United States. Created and maintained by the NTIA, in collaboration with the FCC, and in partnership with 50 states, five territories and the District of Columbia."

The image above is static.  To access the zoomable map, go to this link.

Via The Centered Librarian.

Is your username too unique?

The Telegraph reports how spammers can now target their phishing attacks by cross-correlating usernames from multiple sites...

French security academics... harvested almost 10 million usernames from Google, eBay and MySpace.

Using statistical analysis techniques they showed that it is possible, to a high degree of certainty, to track about half of internet users across the internet based on only their username. They also showed that the more unique - the more entropy it has - the username, the more likely it is that it can be linked to a real person...

The researchers argue that such targeted phishing emails would trick more people into clicking on malicious links that allow criminals to take control of computers...

Passwords, by contrast, need to be totally unique.  But with usernames, it may sometimesbe better to blend into the crowd (or at least not to use the same username at different sites).  The research team presents a site where you can test your username to see how much entropy it has.

Keyloggers found in library computers

From a story in the Manchester (U.K.) Evening News:

There are fears that personal bank details may have been stolen after ‘snooping devices’ were found plugged into public computers at libraries in Wilmslow. Police are investigating after the small gadgets were spotted attached to keyboard sockets at the back of two machines in Wilmslow and Handforth libraries. It is not known how long they had been there.

Two devices were seized by library staff and are being studied by Cheshire police’s hi-tech crime unit. However, a third device disappeared from Wilmslow library before it could be confiscated...

Nathan Evans, manager of Fathom IT in Wilmslow and North Cheshire, said: "These are pretty horrendous things. They are a key logger so they record anything that’s keyed in – passwords, bank details, everything. "So, if someone goes along to the library and decides to book a flight or buy something off Amazon, you’ve got a big problem.

Look how small they are. And how cheap ( < $100).  And how potent (2,000,000,000 keystrokes (over 1,000,000 pages of text), Windows and Mac compatible, undetectable by security software...).  More details here.

A hat tip to Richard Hartmann for alerting me to this story and sending the links.

Internet cutoff in Egypt; implications re a "kill switch" for an American president

Information from various sources re the blocking of internet service in Egypt.   First, from the New York Times:

Autocratic governments often limit phone and Internet access in tense times. But the Internet has never faced anything like what happened in Egypt on Friday, when the government of a country with 80 million people and a modernizing economy cut off nearly all access to the network and shut down cellphone service.

The shutdown caused a 90 percent drop in data traffic to and from Egypt, crippling an important communications tool used by antigovernment protesters and their supporters to organize and to spread their message...

Professor Deibert said that a government that chooses to tamper with the Internet — let alone shut it off — incurs potentially serious diplomatic, political and economic costs. Citizens and businesses, he noted, have become increasingly dependent on Internet communication and transactions, and doubtless are putting pressure on the Egyptian government to relent...

Egypt has only a handful of major Internet access providers, so it would take just a few phone calls to get them to stop the flow of traffic. That would not be possible in countries with more complex networks.

These observations from the BBC:

Earlier this week, Egyptians had reported being unable to access social networks such as Twitter and Facebook. At the time the Egyptian government denied it was behind the block, saying it supported free speech.

Many of the protesters were able to get round those restrictions by using smartphone apps - which had not been blocked - to access those sites. Others used proxy servers - which divert web traffic to its destination via sites that haven't been blocked.

And from Scientific American:

The shutdown does not appear to be a spontaneous event, given that the Telecom Egypt, Raya, Link Egypt, Etisalat Misr and Internet Egypt ISPs each shut down its part of Egypt's Internet in sequence an average of about three minutes apart, according to Manchester, N.H.-based network security firm Renesys Corp. This sequencing indicates that each of the ISPs may have received a phone call telling them to drop Internet access to their subscribers, as opposed to an automated system that kicked in to take down all of the providers at once... If this analysis is correct, it indicates a level of governmental Internet control unseen to this point, not even in China, Iran and Tunisia...

Typically what happens in countries like Tunisia or Iran or China is people exert very surgical control over information, they will block particular domain names, or they'll block particular Web sites or particular small networks that host content that they don't like. When Iran had its problems after its elections, they slowed down their Internet so they could use it more effectively to control protestors but they didn't take it down...

If you look at a complex system such as those in the United States or Canada, you might ask, "How many phone calls would I have to make to shut it down?" It probably wouldn't be possible. Most of the people you would call operate independent of the government and wouldn't even listen to you. In a place like Egypt there's a lot less diversity in that ecosystem. There were just a few key providers, they're all licensed by the government. They have to do what the government says...

There is [currently] no standing legal authority to be exercised and no kill switch [in the United States]... If the laws were changed so that there were a clear-cut legal authority and a plan to control the Internet, then anything is possible. But I certainly don't think that the industry in most countries on Earth would stand to have that kind of power dangled over their heads. It would do incredible violence to the companies economically, and it would do even greater economic violence to the country.

For further discussion on this topic, see the companion piece at Scientific American entitled "Conspiracy theory: Could the president take over the Internet?"

PC World has a relevant post entitled "Get Internet Access When Your Government Shuts It Down".

And finally for now, an observation at Al Jazeera that searches for "Egypt" are not trending in China because the word has been blocked there.

Image via The Daily What.

Some tips about online shopping

Most people who shop online are aware of these things, but a Slate article provides a nice summary:

In its most brazen form, it works like this: Retailers read the cookies kept on your browser or glean information from your past purchase history when you are logged into a site. That gives them a sense of what you search for and buy, how much you paid for it, and whether you might be willing and able to spend more. They alter their prices or offers accordingly...

Sellers of time-sensitive, highly price-variable goods (think airline tickets, hotel rooms, or car rentals) do it all the time, somewhat openly. If you have ever had the annoying experience of buying a plane ticket through a portal like Kayak, then seeing the final price jump $10 or $40 at check out, you have probably found yourself on the receiving end of dynamic pricing...

This August, the Wall Street Journal reported on a company that helps Capital One determine what credit-card deals to offer customers when they land at the site. The deals change depending not on any credit-rating or salary information given to the firm by the customer—just on information skimmed off of their computer before the page loads. More recently, bloggers caught the bank offering different deals to users using different browsers...

Researchers conducted a 1,500-person survey and found about two in three respondents did not know it is legal "for an online store to charge different people different prices at the same time of day." About 70 percent did not realize it is also legal for bricks-and-mortar stores to do so. But yes, as long as stores do not discriminate based on age, sex, location, or a few other characteristics, stores can price as capriciously as they want.

More at the link.

Blogging may be hazardous to your health

The latest findings, published this week in The Journal of the American College of Cardiology, indicate that the amount of leisure time spent sitting in front of a screen can have such an overwhelming, seemingly irreparable impact on one’s health that physical activity doesn’t produce much benefit.

The study followed 4,512 middle-aged Scottish men for a little more than four years on average. It found that those who said they spent two or more leisure hours a day sitting in front of a screen were at double the risk of a heart attack or other cardiac event compared with those who watched less. Those who spent four or more hours of recreational time in front of a screen were 50 percent more likely to die of any cause. It didn’t matter whether the men were physically active for several hours a week — exercise didn’t mitigate the risk associated with the high amount of sedentary screen time...

The study focused on recreational screen time because it’s the easiest to curtail, Dr. Stamatakis said. But he encouraged employees who work at computers all day to get up and take breaks and short walks periodically. 

The rest of the story is in the Health section of the New York Times.

"Play GIF" for control of animated GIFs

A Reddit thread about U.S. population growth 1950-2010 displayed the "baby boom" bubble using a rather slow animated GIF.  The top-rated comment then provided a link to "Play GIF," a website that allows you to control the animation of a GIF.

Here's an example using the Chinese population 1950-2050.

Note that you can pause the animation, speed it, slow it, reverse it, or have it play forward-and-back.

Here's the homepage, where you can plug in an animated GIF of your choice and see what happens.  I suspect those viewing adult GIFs will be early adopters.

SAY GOODBYE TO CAPS LOCK

The news came out last month, so I'm a little late posting this, but I'm finally starting to dig into my archive of old bookmarks.  As illustrated at left, the new Google notebook computer has no Caps Lock key; in its place is a "search" button.

For those who insist on yelling in discussion groups, and for those who need allcaps for specialized text, the key will be programmable back to an allcaps function.  And, at least for the present, the change is occurring on only one device; it is not clear whether Google is setting an industrywide standard or not.  Still, this announcement offers an excuse to review the history of Caps Lock, and an article at Slate offers some perspective:

Caps Lock originated with typewriters... Uppercase letters were typed by holding down a "shift" key that would literally shift the carriage so that a different part of the type bar—the part on which a reverse uppercase letter was printed—would hit the ribbon. The problem was, it was hard to hold down the shift key for more than a few letters. So typewriter manufacturers added a "Shift Lock" button that would keep the carriage elevated until the button was released. It was a useful innovation: Typewriters didn't have options for italics or bold or underlining, so capitalization was the only way to emphasize words. ..

Caps Lock had its uses back in the olden days. Some of the earliest computers were business machines, used to input product keys and other strings of letters and numbers that often included all caps. Some of the first programming languages, like FORTRAN and Basic, were composed entirely in caps...

And, yes, Caps Lock does have its merits. There's no question that capital letters do a better job EMPHASIZING WORDS than bold or italics... Nor is Caps Lock the only key deserving of criticism. The function keys (F1 to F12) are useless to the average user...

As e-mail and texting have become primary forms of communication, expectations of proper spelling and grammar have diminished. Capital letters aren't necessary to get your point across—why bother with Shift, let alone Caps Lock?

"perhaps the day will come when caps will be out of favor and will be mere embellishments," writes former George Mason University technology professor Virginia Montecino in a caps-less e-mail. "i see an overall simplification of text...

e.e. cummings would be pleased.

Blog template changed

My query at the Blogger help board hasn't elicited any replies, so I'm just going to try a new template.  The exact color, the fonts, the highlights etc still need to be optimized.  The only question now is - does this new template eliminate the problems of 1) slow or jerky scrolling, and 2) "wandering" YouTube videos overlapping text?

Still working on the revised format for this blog...

Here's a brief update for those of you having difficulty with the "new look" of TYWKIWDBI.  I've received a variety of comments about the redesign, which is based on the "Picture Window" template from the Blogspot host, using a two-column body layout and a very wide central column.  The goal was to allow images to be large enough not to require a second click for viewing.  The wider column does change the text viewing a bit;  too wide a column necessitates more lateral eye movement (or head movement by those sitting too close to their screens.)  I did get one comment that the embedded text width is easier to read than the main body text, which I think is true.

The first group of serious complaints/concerns came from readers who encountered new difficulties in scrolling down the page.  As best I can understand (and remember I'm an English major trying to do computer thingies...), the problem apparently lies with the "background" image, which is this:

It came with the template, and seemed nice enough at the time (it looks like a rural Midwestern scene as viewed by a drunk driving on the wrong side of the road..), but the reports I received were that for some of you the image didn't scroll properly, so viewing the blog pages became a "jerky" experience.  One reader sent me the following screencap of how the image breaks up on his monitor:

The background image is totally irrelevant to the blog, as far as I'm concerned.  I would be willing to remove it and replace it with a solid color or a pattern, if that will enhance the viewing experience.  It's easy enough to try.

The bigger problem has appeared this past week or two with reports by several readers that the YouTube embeds are causing major problems.  I couldn't see the problem until someone finally told me they were using Safari.  So I shut off my Firefox and opened TYWKIWDBI in Safari, and found posts that looked like these:

For whatever reason, some of the YouTube videos lose their "anchoring" in the post and drift to aberrant locations, sometimes overlapping and obscuring textual elements and links.

Now THAT's a real problem.  I think we can all agree that the reasons people visit this blog (and the reason I compile it) is for the content, not the design, and when the content becomes inaccessible, then changes have to be made.  I'm still studying and trying to research why this is happening.  At first I assumed it was because I was changed the dimensions of the videos; with the wider column I have been able to change the standard width from 480 pixels to 640, and doing that without changing the vertical height specification, and at least in Firefox it seemed to work o.k.  But I just tried fixing the Chrissie Hynde/Pretenders "Creep" embed by putting in only unmodified original embed code - and it still winds up misplaced.

The problem may have arisen because I widened the central column, but you would think the Blogspot template could handle that minor tweak. 

I'm working on it/thinking about it as best I can, in between football bowl games and playoffs and winter household chores.  I'll redo the background image first, and see what happens.  But first I have to watch the Packers' play the Eagles...

Addendum:  A message at the Blogger Help forum suggests that the wandering YouTube problem is being encountered by many bloggers (see replies at the link), in strong association with Safari usage.

Mud horse versus Grass Mud Horse

We start with the "mud horse," which I encountered in a Neatorama post.  It's a sled-like device used by fishermen to transport collection baskets and supplies to their nets staked at the low-tide limits.   The flat bottom distributes the weight, allowing for more efficient movement than carrying materials on one's back.   Such devices have apparently been used since time immemorial on the tidal flats of the English coast.

The top photo shows a mud horse (with basket and nets) from an exhibit at the British Museum.  Below that is Adrian Sellick, reposted by the Telegraph to be the last mudhorse fisherman in England -

Mr Sellick, a father-of-four, fears the mud-horse method will be lost forever when he finally gives up as there is currently no one interested in learning the trade...

'It is difficult work, you lie on your belly on it and push with your feet across the beach, but you sort of pick up techniques from watching.  I don't believe you could do it unless it was in your blood, I am the fifth generation of my family to use the mud-horse and I could never give it up.'' 

A large photoset showing Mr. Sellick at work is posted at grovelinda's Flickr photostream.

While researching that topic, I kept encountering unrelated material about a "grass-mud horse," such as this YouTube video (subtitles NSFW)(content repeats after 0:53):

This rather bizarre entity is explained at China Digital Times, first with these lyrics:

There is a herd of Grass Mud Horses*
In the wild and beautiful Ma Le Desert**
They are lively and intelligent
they are fun-loving and nimble
They live freely in the Ma Le Desert
They are courageous, tenacious, and overcome the difficult environment

Oh lying down Grass Mud Horse
Oh running wild Grass Mud Horse
They defeated river crabs*** in order to protect their grass land
River crabs forever disappeared from Ma Le Desert

and these footnotes:

* Grass Mud Horse (草泥马) is phonetically equivalent to “F**k Your Mother!” in Chinese
** Ma Le Desert (马勒戈壁) is phonetically equivalent to “Your Mother’s C**t”
*** “River Crab (河蟹) ” is phonetically equivalent to “harmony (和谐).” Chinese netizens say their deleted posts have been “harmonized,” or “eaten by the river crab.” So “river crab” became a code name for internet censors. 

So the song and the videos and the phrase "Grass-mud horse" are vehicles used to protest internet censorship in the P.R.C.

“Grass Mud Horse (草泥马)” is not an uncivilized word and is not officially banned, therefore it can be sung publicly. Although many people use “Grass Mud horse” as an alternative curse or just use it randomly, this word and its deviant expression already generated a pattern of discourse and sub-culture. “Grass Mud Horse (草泥马)” represents such information and opinions which cannot be accepted by the mainstream discourse, and “the Song of the Grass Mud Horse” has become a metaphor of the power struggle over Internet expression.

This alpaca-like animal appears to be the representation of a grass mud horse:

and this CNN video from last year summarizes the entire meme:

I expect TYWKIWDBI will now be banned in China...

Here's the "conspiracy theory" view of Wikileaks

The 250,000 pages end up at the desk of Julian Assange, the 39-year-old Australian founder of a supposedly anti-establishment website with the cute name Wikileaks. Assange decides to selectively choose several of the world’s most ultra-establishment news media to exclusively handle the leaking job for him... Indeed a strange choice of media for a person who claims to be anti-establishment. But then Assange also says he believes the US Government version of 9/11 and calls the Bilderberg Group a normal meeting of people, a very establishment view...

Most important, the 250,000 cables are not "top secret" as we might have thought. Between two and three million US Government employees are cleared to see this level of "secret" document, and some 500,000 people around the world have access to the Secret Internet Protocol Network (SIPRnet) where the cables were stored. Siprnet is not recommended for distribution of top-secret information. Only 6% or 15,000 pages of the documents have been classified as even secret, a level below top-secret. Another 40% were the lowest level, "confidential", while the rest were unclassified. In brief, it was not all that secret...

But for anyone who has studied the craft of intelligence and of disinformation, a clear pattern emerges in the Wikileaks drama. The focus is put on select US geopolitical targets, appearing as Hillary Clinton put it “to justify US sanctions against Iran.”

...What is emerging from all the sound and Wikileaks fury in Washington is that the entire scandal is serving to advance a long-standing Obama and Bush agenda of policing the until-now free Internet. Already the US Government has shut the Wikileaks server in the United States though no identifiable US law has been broken...

...the Cybersecurity Act of 2009 (S.773). It would give the President unlimited power to disconnect private-sector computers from the internet. The bill "would allow the president to 'declare a cyber-security emergency' relating to 'non-governmental' computer networks and do what's necessary to respond to the threat." We can expect that now this controversial piece of legislation will get top priority when a new Republican House and the Senate convene in January.

If your home wi-fi is unsecured, stop reading this blog and go fix it!

cnet had an article last month reiterating the dangers of surfing the net via an unsecured wi-fi.

Many of you may have heard this before, but many still seem to not be doing anything about it. You should. Here's why. With a $50 wireless antenna and the right software a criminal hacker located outside your building as far as a mile away can capture passwords, e-mail messages, and any other data being transmitted over your network, and even decrypt data that is supposedly protected...

Someone could also join the network and launch attacks on your computer and any other devices using the network at that time. If file sharing has been left on or the personal firewall is misconfigured it's relatively easy to access the computer via an open Wi-Fi network. Someone could upload an executable program to a file on your hard drive that steals data or just leaves a back door for future access...

Even though many Wi-Fi routers come with WPA (Wi-Fi Protected Access) enabled by default, a lot of people don't want to be bothered with setting up a password, despite the fact that you don't have to type it in every time you log on. The Wigle.net (Wireless Geographic Logging Engine) site shows that of 26.8 million Wi-Fi networks logged by volunteers who were "war driving"--driving around in cars and using laptops or PDAs to find wireless networks--49 percent were listed as secured with encryption and nearly 28 percent were shown to be not using encryption. (On the remaining 23 percent the security level was unknown.)

The article provides a link to an interactive map at Wigle.net.  I navigated it to get the screen shot embedded above showing wi-fi networks in my part of the country.   You can zoom in to street level.  Shown here is an area in the central Chicago area:

You can use the map to find your own street and perhaps your own house or apartment.  If you're sitting there now and your wi-fi isn't secured, you are taking a major risk for no good reason.

Blogging delayed by prolate spheroids

Defined and illustrated at Wikipedia, clarified at Physics Buzz.

TYWKIWDBI passes milestone

This morning the Technorati Authority for this blog reached an all-time high of 624, thanks to a series of "influential reactions" (links) from other bloggers.  That gives TYWKIWDBI a rank of 826 (out of about 1.2 million blogs), in a tie with an ESPN blog and a Hollywood-reporting blog.  None of this has any practical significance, but it does encourage me to keep going on those mornings when it's hard to chew through the leather straps.  My sincere thanks to everyone who links to my posts.

(p.s. re the title, I am ever mindful of Michael Kinsley's admonition that "you don't hit a milestone if you hope to reach the next one.")

TYWKIWDBI supports Wikipedia again

This is my third fall season as a blogger, and my third time contributing to the support of Wikipedia.  The last two times I've done so, one malcontent has entered comments reprimanding me for my decision, offering what I consider spurious arguments not to make a donation.

I don't feel like repeating my rebuttal now.  Those interested can read my post last year and the relevant comments.

If you would like to contribute a few bucks to a site that probably saves you many hours of your precious time, just click on the button below...