Geek On The Mountain

Sometime in the past couple of weeks one of our sites got linked to in a rather bad manner. The site was pretty pathetic actually. It was just a bunch of literally anonymous people (nearly no one was identified by email address or URL) bitching about all kinds of stuff. I almost feel bad for them if that’s what they spend their time doing. At any rate, my first thought was that there was no reason to let these jerks link to us, so I used apache’s wonderful mod_rewrite to block all traffic from that site.

As I was perusing the docs for mod_rewrite I noticed that it now supports cookies and I had a great idea about no only blocking/redirecting traffic from an offending site, but setting a cookie to stop them from coming back by just typing in the URL as well. It was a really good idea. Until it didn’t work. Our version of Apache is too old and our mod_rewrite doesn’t support cookies. So I decided I’d just do it with PHP instead.

The PHP script is really simple. It just checks the referer (the technical term….it’s referrer in english of course ) and if it’s from the banned site it sets a cookie and then redirects the user to someplace else. You can send them to some other website, back to the referring site, or just to a different page on your own site (like a 404 error page for example). Afterwards, even if they type in your URL by hand (so there’s no referer), the script sees their cookie and just redirects them again. You can set how long you want them to be banned for as well.

It probably would have been only slightly simpler to use mod_rewrite instead of PHP. I just generally like the idea of being able to do things to a visitor before they even load a page.

So, if you want to stop stupid people from showing up at your site (or even a specific page) because another stupid person posted a link somewhere, this script’s for you. Of course it won’t stop anyone smart enough to realize what’s going on and just turn off cookies, but it will stop the other 99.8% of people out there.

Instructions are included in the file.
bad_url_block.php
(right click and “save as” and remove the .txt)

Popularity: 7% [?]

Comments(5)

TrueCrypt is an open source, on the fly encryption tool. It supports various encryption algorithms. It can also essentially hide all of your data once it has been encrypted so no one can even tell that you have encrypted data. It is available for Windows and Linux.

TrueCrypt does real-time encryption, meaning that as you work with the data it is immediately encrypted/decrypted for your use. It actually creates a virtual filesystem within a file or on a partition. In practical terms, this means, in windows, that you end up with a drive letter under which all of the encrypted files reside. When mounted, it is accessible just as any other drive is and you can do whatever you want with it. Once unmounted, not only can you not access it, but you can’t even tell what it is. The encrypted file/partition should look pretty much random and it isn’t obvious what it actually is. In the case of a file, it can be named to anything you like, so it can essentially pose as a “normal” file type and be hidden anywhere (you just have to remember where it is). On top of that, you can create a hidden volume within a TrueCrypt volume. A hidden volume is a second TrueCrypt volume that resides within another. The fun part is that it is impossible to tell whether or not a hidden volume exists since both the hidden volume and the one in which it is contained consist of random data. The idea with all of this is that that even if someone obtains/forces you to give them your password, you can still have things be secured.

It supports various algorithms. It can use the government standard AES-256, AES candidate Serpent, the older Tripple-DES, and others as well. It can even combine algorithms (using one after another). When you create a volume, it even lets you run benchmarks between the different algorithms to help you decide which one to use (generally, more secure algorithms are slower).

You can also use a keyfile for the encryption. You specify a file when you create the volume, and then in order to decrypt it, not only do you need the password, but you need to provide the file as well.

It will let you setup hotkeys for various things to perform tasks quickly. For instance, you could setup one to unmount all volumes.

There’s even a traveller mode that allows the program to be run without installing it.

On top of all of this, it’s open source. For security reasons, encryption software is best off being open source, but even if you’re not into the whole thing it does at least mean that you don’t have to shell out any cash to use it.

Popularity: 6% [?]

Comments(0)

I always like to play with new things. As such, I’ve ran across a number of interesting (and sometimes even useful ) programs in the last couple of months. Some of them are web-based (and hence are perhaps more like a service, I suppose) and some of them aren’t. Most all of them are free, but one or two of them are commercial. Some of them are programs I’ve used for a long time that just fit the theme.

What they all have in common is….nothing, I think. Maybe I’ll see a pattern when I’m through with all of this. It seems most likely at any rate.

I’ve never actually written a series of articles, but this will be one. I’d end up writing about everything anyways, even if it weren’t a series, but this way I can have fun making everything link together. Plus it just seems nice from a design standpoint. Never mind me though..

This post will serve as an index, btw. Each item will be listed below as I post. The first one should show up in a day or two (it won’t be 3 weeks from now, I can guarantee
that )

• TrueCrypt - Real-time disk encryption tool.

Popularity: 7% [?]

Comments(1)

I’ve been thinking for a long (long, long…) time that it would be helpful for me to maintain a todo list and to actually schedule my time. I’ve done it for brief periods before, but like so many other things, I’ve never exactly stuck with it for no particular reason (lack of discipline I suppose). I literally mean to schedule all (or at least most) of my time. This seams a bit anal, but I tend to waste so much time that I think it would be helpful to try to commit to accomplishing certain items at certain times.

I’ve been looking through various programs to properly manage these things. I believe I started looking beyond Outlook specially because I was looking for hierarchical tasks (which seem to be rather rare). Plus, I’d rather not have Outlook lock me out again so I can’t actually access any data.

Essentially, I look at the whole thing like this: I’d like to have a todo list that pretty much lists everything that I want to do. I’m likely to forget half of these things if I don’t have them recorded. I’ll then schedule these tasks on the calendar to see that they get done. These tasks really should have some sort of a hierarchy to them. That way, I can list one larger task and then break it up into smaller sub-tasks that are related. Which is to say, some tasks will always rely on others being completed first. A simple example might be painting a room. There might be a task ‘Paint living room.’ But you can break that down into sub-tasks such as ‘buy paint and brushes’ , ‘fill in holes on walls’, ‘wash/prime walls’, ‘paint first coat’, etc. Each task should be able to have a priority, a category, and a percent complete among other things. I’d also like a spot to put the amount of time that the task should take to complete. This could be useful for the calendar, and also if I have say an hour free, then I could just browse through my list and find something that should take about that long. The percent complete field should be there especially so that as you complete sub tasks, the parent task(s) can update how far along they are (this should be weighted based on the planned time for each sub-task as well). The tasks should also be able to be grouped in different ways to simplify what could be a quite large list. These are the most basic things that I was looking for.

Early on I more or less gave up on trying to find a program that would combine both a compelling task manager along with a calendar. There are lots of stand-alone task list programs, but most of the ones that have a calendar as well are fairly simple. Plus, none of them integrate well anyways (including Outlook, though it does better than most).
About the only program I found that had any time of integration was Outlook. Sure, most programs have a task section and a calendar section. Many will even show a task list next to the calendar. But in Outlook, you can drag the task straight to the calendar and it become and it creates a net appointment. This is, of course, very handy. On the down side, although Outlook has a field in which to put time, it won’t automatically make the calendar entry to correct length of time (tried on Outlook 2002, 2003). Since integration was poor in most cases, I didn’t figure it much mattered to have a separate program for the todo list and the calendar.

Still, I really had no luck. To me anyways, there isn’t much of a trick to calendars, so most of them are on fairly even grounds. If I had to choose, Mozilla’s Sunbird ( or Lightning, pretty much the same thing, but integrated into Thunderbird) works fine for me. Naturally, a version of .3 alpha 2 is kind of scary, but it seems fairly capable and reasonably stable none the less. It has a task list, but it’s nothing fancy and thus isn’t part of the program I would use.

The two task list managers that I found that best fit my needs are the open source Task Coach, and the commercial Swift To-Do List. Both are hierarchical. Task Coach is beta, but it has some nice options, including a way to track expenses and such based on the amount of time that you’ve entered. This isn’t something I was looking for, but it is something I didn’t see on any other program I looked at (although I suppose there are programs designed to track that sort of thing that aren’t just task list programs). It offers some colorization, which is handy, but the GUI is somewhat inflexible on the all and all. Swift To-Do List offers up quite a bit of colorization, but it stores very little information about each task, including no planned time field. The full version has “advanced export” options, but these don’t include a way to export to iCal, which is a standard (of course, neither does Outlook, even though it will import from an iCal file).

In the course of things, I found that Outlook can kind of do task hierarchy in that you can create a task folder and store separate tasks under it, but it’s relatively hard to get to the folder (it doesn’t just display with the rest of your tasks so it’s not out in plain sight). Plus, it’s literally a folder, so you can’t check it off as being done or anything like that.

In the end, I’ve chosen….Outlook. Bah. With the way I use the task list, the due date is usually not something I use. This would normally serve as a good way to sort the list. Instead, I can take advantage of Outlook’s ability to group the tasks by a field and then sort within each group. If I group by category, this can be very useful. Other programs really didn’t allow for this. Plus, I can kind of simulate task hierarchy by using groups if I need to. To go with the above example, I could make a category “Paint living room”, and then put all the sub tasks inside of it. It’s not perfect, but it’s something at least. The simulation thing occurred to me as I was looking through things as well. For instance, even if a task list doesn’t allow for something you want, like time planned, you can just throw it into a different field that you won’t ever use, like say, location. As long as you know what’s going on, and nothing else depends on that field for a certain function, it’s a decent application.

It should be noted that I didn’t look at much in the way of commercial software (though I did look at a few things to get a feel for what was out there). Also, I tended to steer clear of web-based systems. I’m not looking to keep everything on someone else’s server, and I’d rather not run my own. Plus, web interfaces tend to be slow and rather clumsy.

I’ve got too many ideas running through my head for how to make a really fancy task list manager though. I should really check out that Sunbird source…

Anyways though, I’d really rather not use Outlook. I’d be much more comfortable with something that I know won’t lock me out after I put in a new hard drive. If anyone has any suggestions, please let me know. Which actually leads me to ask: What do you use? I’m just curious to see what different people do.

Popularity: 6% [?]

Comments(6)

I think this article is getting around various places….I just saw it hit slashdot late last night, though I pulled it out of EFFector myself…

Data Mining 101: Finding Subversives with Amazon Wishlists is an interesting article on pulling information out of Amazon wishlists. Basically, the author downloaded the first page of 260,000 wishlists and then searched through the data to find “dangerous” (That is, if you were a paranoid government.) books and keywords. Included are books like On Liberty, Fahrenheit 451, and 1984. Some of the keywords were Michael Moore, Rush Limgaugh, and Koran. You get the idea. He comes up with a list of what books people seem to be interested in and goes on to demonstrate how he can easily find where many of these people live and even generate a map showing everyone.

And in case you were wondering, it was all fairly simple. It didn’t require any special resources of any kind. Anyone who knows how to program could do the same.

This is all pretty straightforward though. And although it is disturbing as a concept, there are two reasons why it’s even more disturbing as a reality.

First of all, the author links what he’s doing to the whole Patriot Act wiretap thing. This is where the government spies on it’s own citizens even in order to get those terrorists. Bush had said that while there were wiretaps, they were only being used on international calls amongst people who were known to have ties to terrorists. What he didn’t mention was that apparently, data mining such as this was used to determine who should get those wiretaps. So in a way, everyone was being spied on anyways.

Secondly, the Patriot Act can make the whole thing transparent to everyone and the FBI seems to be considering some data mining of their own. From the article:

This is what’s possible with publicly available information, but imagine if one had access to Amazon’s entire database - which still contains every sale dating back to 1999 by the way. Under Section 251 of the Patriot Act, the FBI can require Amazon to turn over its records, without probable cause, for an “authorized investigation . . . to protect against international terrorism or clandestine intelligence activities.” Amazon is forbidden to disclose that they have turned over any records, so that you would never know that the government is keeping records of your book purchases. And obviously it is quite simple to crossreference this info with data available in other databases.

On a final note, the FBI is now hiring computer scientists to implement a project that sounds very similar to what I just did:

“Currently, the FBI is strengthening systems engineering in order to tie new systems together architecturally and ensure that standards for custom and packaged applications are enforced, and it needs engineers to accomplish this goal, the agency said.

“The FBI is also focusing on data warehousing as well as federated search technology, which allows a single search query to be deployed across a number of databases, regardless of whether those databases belong to the same protocol or platform.

“‘Warehousing has been very successful, yet enterprise extraction, translation and loading processes must be fine-tuned,” the FBI said. “Data engineers are needed to model legacy databases for federated search and participate in legacy transition planning.’”(Computerworld)

Popularity: 5% [?]

Comments(0)