February 2009 Archives

To the drivers of West Los Angeles,

Given my past experience sharing the road with you, I'm not sure why I expected you to know this, but when the power goes out, dead stop lights are stop signs. That means you should wait your turn, yielding to the vehicle on your right. It also means that you cannot follow the vehicle in front of you into the intersection!

Earlier today I witnessed dozens of vehicles running a dead light. Were these drivers even looking for a green? Who taught these people to drive? The sane drivers were backed up, confused, and honking.

To be fair, I see someone blatantly run a red light almost weekly here.

I don't think anyone in California understands four-way stops. Most drivers will enter an intersection with the vehicle opposite them. That works fine for simple intersections. In a large intersection with heavy left turn traffic, that system quickly breaks down. If everyone observed clockwise right-of-way, then three directions could share the same intersection simultaneously. It's that much more efficient.

As any user of SSH is aware, the first time you connect to a remote host, OpenSSH caches the server's public key in ~/.ssh/known_hosts. If the server's private key ever changes, SSH will raise an ugly error alerting you of the risk that an untrusted third-party could be intercepting your new connection.

Unfortunately, the known_hosts file represents a small security risk. It contains a convenient list of all servers to which you connect. An attacker who gained access to your password or unencrypted private key would simply need to iterate down the list until your credentials were accepted.

OpenSSH can optionally hash the server names in known_hosts. This renders the file useless to prying eyes without impairing SSH's ability to check hosts against the list. Enabling this feature and hashing your existing known_hosts file is easy!

1. Add the parameter "HashKnownHosts yes" to your ~/.ssh/config.
2. Run "ssh-keygen -H".

Below the fold, I included a handy shell script that accomplishes the same thing.

One final consideration is your shell history storing your ssh commands. It's easy to configure bash to forget these. Just set HISTIGNORE="ssh *:scp *:sftp *" in your ~/.bashrc.

Over the past month, I've had several friends message me on MSN Messenger with something like this:

"check out these awesome pics from the awesome party LOL
http://www.gone-wild-patry-pics.com"

When I follow the link in the message, I'm greeted with a prompt for my MSN account information. The page doesn't look reputable at all, and the "terms of service" are plastered all over the bottom.

By providing MSN account information, a visitor grants this company permission to log into the MSN account and send advertisements to everyone on the buddy list. Among other interesting clauses in the "terms of service," the company also claims the following.

• "... the right to change the terms of use / privacy policy at any time without notice."
• "... this agreement shall prevail if there is any conflict between this agreement and the terms of use you accepted when you signed up with MSN."
• "... TST Management, Inc is NOT agreeing to MSN's terms of use and therefore not bound by them."
• "You expressly consent to the exclusive venue and personal jurisdiction of the courts located in the Republic of panama for any actions arising from or relating to this agreement."

The most entertaining aspect of all this is that I know exactly which friends fell for this trick. I would encourage anyone who provided login credentials to this fradulent web site to change your MSN password immediately! Your friends will thank you.

I'm sure most Mac users encounter situations when they're forced to use a Windows keyboard. In my case, I attach a Mini and ocassionally my MacBook to a KVM switch shared by Vista, Ubuntu, and a Windows keyboard.

Up until now, I've just dealt with the fact that Windows keyboards switch the Option and Command key locations. I've trained my brain to use the Windows key rather than the key immediately adjacent to the space bar when I need Command. Previous versions of Mac OS had a feature that remapped the modifier keys, but this was a global setting that remapped all keyboards whether they be Windows or not.

I was pleasantly surprised when I discovered this dialog under Leopard's keyboard system preferences.

That new drop down list at the top lets me create mappings for all keyboards or specific keyboards, identiifed by their USB device name. Very nice, Apple!

I wanted to do something very simple over the weekend. I wanted to set up my Windows Vista computer to backup automatically to a drive shared on the network by my Mac Mini. In this day and age, digital information has become so important in our everyday lives that one would hope this is now relatively straightforward, right?

First, let me say that I can accomplish this in my sleep on any non-Windows computer. I work, live, and play on unix operating systems. I know how to configure key pairs and schedule a regular cron job to rsync files over a secure ssh connection. These technologies have a significant learning curve, but they work consistently and reliably.

My first hurdle was Leopard's horrible SMB support. Enabling Windows file sharing on Leopard confronts the user with an intimidating dialog box that warns about storing passwords in a less secure manner. The password on my primary account is important, so I decided to create a separate backup user. Unfortunately, Leopard "sharing only" accounts don't appear on the list of accounts available for Windows file sharing. I had to create a full user account, complete with a home directory.

The next hurdle was logging in from Vista. As I discovered after a solid half hour of tinkering, Leopard's SMB support only accepts the account's full name, not the abbreviated short version.

Vista comes with a backup tool that only supports network backups to Windows file shares. Once I had file sharing with the Mac working, I happily pointed the backup tool at that location. Windows complained about not having "full access," and Leopard doesn't have any option for enabling a higher level of privileges beyond "read & write." So there goes that idea. My Vista computer doesn't store anything more valuable than saved games and screenshots. It's not worth the time to hack something together for automatic regular backups.

Microsoft, how about adding support for backing up to SFTP or WebDAV? These are not new file sharing protocols, and they work cross-platform!

And to be fair, Apple's Time Machine is equally frustrating when backing up to non-Apple computers over the network. Time Machine relies on specific features of HFS+, including a hack in Leopard to enable hard links for directories, so network backups must create an HFS+ disk image on the remote computer.

I recently came across an interview with Tim Minchin, and I think he's great! Unfortunately, he isn't on tour in the United States this year.