Friday, July 27, 2007

Expiring email? no, not really

After reading this article, I feel obligated to point out the total lack of features provided by such services. It's worse than providing people with something useless, it's providing people with a false sense of security.

The sales pitch
Here's a couple of choice quotes from BigString's about page and FAQ:
  1. "BigString’s emails look and feel like any other emails that you get"
  2. "If the sender chooses the non-print/non-save feature, then the email, while looking like every other email, will print nothing when the receiver clicks print on the computer and show nothing if the receiver tries to save the text or image.

How it works
BigString (or maybe we'll just call them BS for short) doesn't just send the words you type, that would leave the recipient with total control (as is the case for regular email). Instead, they make a picture of your words, store that picture on their web server and send an HTML email that has an embedded link to that picture.

Myth #1: BS messages look & feel like other email messages.
Most mail clients (including Outlook 2003+, Thunderbird, Yahoo Mail and Gmail) don't display images unless you ask them to. This is largely due to the prevalence of so called web bugs and the use of linked images in spam. Since the entire content of the message sent from BS is images, most readers will end up with something like this:
As far as BS claim #1, it doesn't look like other email I receive. Even after clicking to show images, it doesn't feel like other email I receive... the text doesn't wrap to my window width (obviously, because it's an image, it can't).

Myth #2: Can't save, print, copy or forward email
Since they're hosting the image on their server, they do have some control. Primarily, they can delete the image from their server so that it won't show up anymore. Does that make it hard to save, print, copy or forward? Well, if you use the buttons in your email client, the way you would for normal email, you'll find that messages do disappear. But due to the initial display as shown in the screenshot above, you've already been tipped off that this isn't a normal message.

There are two one-click methods that anyone receiving such a message can do to preserve the content:
  1. Hit the PrintScreen key - It's been a built-in feature of Windows since Win95... just a single press and the entire contents of your screen are on the clipboard. You can then easily paste that into something like Paint (comes with Windows), a word processor, and even some email clients (e.g. Thunderbird). Tools like ScreenPrint32 and Directory Opus make the task even easier.
  2. When viewing the message in a web browser (using Firefox or IE to check your Gmail or Yahoo mail), you can right-click on the message content and choose Set As Desktop Background.
Those may not be as convenient as saving a regular email, but it shows how easy it is for someone else to permanently save your message before it self destructs.

Looks to me like this message hasn't really expired. Not only that, but I've managed to copy it and post it for the world to see... a bit more wide-spread than forwarding it. You can even print it.


Other problems with BS:
  • I download all my mail before getting on a plane and compose replies that I'll send when I get off. Having messages from someone that show up as broken image icons means they get thrown in the trash... guess that person didn't really want me to see the message.
  • Email messages that are comprised solely of images are typically spam... meaning that spam filters are likely to catch mail from BS.
  • The only text in the messages sent from BS is "This email has been through a Virus, Spam and Spyware email filter." That's really reassuring! I bet no virus author would ever think of including that bit of text in their email. I think I need to re-iterate one of my previous points: BS is doing its customers a dis-service... it's providing them a false sense of security.

Is there a workable solution?
Well, in general, if you can see it on your screen, you can save it. Can a program try to stop you? Sure, but it's a losing battle:

Stopping the right-click menu:
It's possible for JavaScript code to block the right-click menu in web browsers. But browsers have the final say in what they allow. For example, in Firefox, got to Tools->Options->Content and next to "Enable JavaScript", click Advanced... Uncheck the box that allows scripts to "Disable or replace context menus".

Stopping the PrintScreen key:
A message could be delivered as an executable that prevents use of the PrintScreen key. Forgetting for a moment that you've just made the message unreadable to all but one operating system and broken one of the cardinal rules of email: don't attach executables, many mail gateways won't even bother running a virus scan, they'll just delete the message. How would a recipient work around your clever program that breaks the PrintScreen key? The word camera comes to mind here...

My proposal
How do you make messages are easy for a person to read, but hard to save/print/forward/copy? Well, you have to make some sacrifices. In particular, you have to loosen up on the "easy for a person to read" part... how about starting with "possible for a person to read and no more inconvenient than necessary".

If I wanted to prevent people from using the PrintScreen key, then I'd have to make sure that it wasn't just a way of disabling the key on the keyboard... it has to be something that a camera can't capture either. The best way to do that is to make it be interactive.

The simplest interface I can think of is this:
  • You open your inbox and have a message from me. It reads:
"You have been sent a secret message by The Amigo. To read the message, click here."
  • You click the link and it's a web page that uses Flash.
  • The message is black text on a black background. Your mouse works like a flashlight that will only illuminate the text close to the pointer.

It's far from perfect. If someone sent me a long message that way I hope they wouldn't expect me to read the whole thing. Meanwhile, instead of a camera, it would take a camcorder. Instead of PrintScreen, it would take screen recording software. It is harder for the user to capture, and you can easily dress it up with a cloak & dagger theme to add to the experience.

Bottom line: self-destructing email isn't. If you believe in it, your worse case may be similar to Michael Crooker, who believed Compaq when they said even they couldn't decrypt a secure hard drive.

Tuesday, April 10, 2007

Logitech MX1000 mouse locking problem solved

So here's a problem that many people have posted about: "My mouse keeps locking up". The first thing to clear up is that there isn't a single solution to this problem.

Some people have found that they have a loose wire in their cord (mine is cordless).
Others have found viruses on their computer (mine's clean).

My setup: WinXP+SP2, using a Logitech MX1000 mouse. I really like the mouse, although I wish the drivers were more flexible. I'd like to customize what the thumb buttons do to be different based on which application has the focus. AutoHotKey goes a long way toward helping.

Anyway, after about 2 years of working great, it started locking up. Whenever it would happen, I'd have to turn the mouse upside down, flip the switch off, then back on. It didn't require re-syncing with the base station. Sometimes it would go for 2 days without locking, other times it would happen only 30 seconds apart. It was very frustrating.

When I started paying closer attention, I found that it would happen more often while moving faster, and more often when dragging windows from the right monitor to the left. But not all the time. Eventually I figured out that it wasn't where on the screen the mouse was moving, but somewhat related to that, it was dependent on where on the mousepad I was moving the mouse!

Having used the same mousepad for almost 2 years, there's a spot that's lost its texture and become smooth. If I move the mouse too fast over that spot, the mouse will lock... every time.

The solution was simple, yet totally unexpected: replace the mousepad! Since then, it's been working perfectly without locking at all.

Tuesday, February 27, 2007

15% Motorola discount

Here's a coupon code you can use for a 15% discount on some Motorola products:

FRND_59397 (valid through March 21, 2007)

The Motorola store is online here: http://www.store.motorola.com where you can find things like cell phones, headsets, chargers and more. Use the coupon code above for a 15% discount.

You can buy some things there that you can't get from the carriers, such as unlocked GSM phones. If you've already got service with a carrier, you can buy a phone from Motorola without any contract, but the price will be more. The cheapest prices are almost always for new customers who sign contracts with carriers.

Wednesday, July 19, 2006

HOWTO: Remove a Sharpie marker stain from an LCD

There are some solutions for life's little mishaps which you hope you never need. But when one of these unfortunate situations presents itself, it's nice to know that there is an answer.

It all started yesterday.
My girlfriend wrote me a note. At this point, I can't remember the contents of the note, but the circumstances surrounding the delivery are unforgettable. Ensuring prompt delivery, she put it on my computer keyboard. As I approached the computer, I see the note. I pick it up to read it and my other hand instinctively moves the mouse to wake up the computer. That's when I saw it... exactly in the middle of my pristine 20-inch LCD is a 1" long black streak. Staring at it in disbelief, I try to brush it off with my finger. It doesn't budge. That's when I put the scene together: the note was written with a Sharpie. The same Sharpie she reached for a week ago when I told her "this is for labeling CDs, use a pen for writing."

Needless to say, I wasn't happy. Rather than yell at her and get all worked up about it, I did a bit of googling (BTW, that's an official English word now). The Internet's a big place; lucky for me. I'm not the first person to face this problem. Although, a more common example is the intro: "My 2 year old son got hold of a Sharpie and..."

Like having the hiccups, people will give you all manner of advice. The trick is sorting out the people who are just guessing from the people who know. For all the proposals, I didn't see anyone say they'd tried them. Maybe they just wanted to see someone else try. Cross-referencing the list of what gets out Sharpie stains with a list of what not to use on an LCD, it came down to isopropyl alcohol.

The Solution.
A trip to the local drug store and $1.79 later, I had a bottle of 70% isopropyl alcohol. Grabbing a cotton ball and inverting the bottle to wet it, I was ready to test the theory. Turns out it works amazingly well. It's nearly impossible to tell that there was ever a problem.

The remnant of the mark is now much less noticeable than a Trinitron line. In fact, if you were here looking at my screen now and I didn't tell you where it was, you'd be hard-pressed to find it.
Click the image for a full-size closeup.


Kudos to the Internet which has once again helped a soul in need find that hard-to-find tidbit of knowledge.

Thursday, June 01, 2006

How to run a secure wireless network

The Goal: You want your users to have secure remote access to your network.

The Problem: All the existing wireless encryption protocols are insufficient. A quick google search will turn up cracking tools for WEP, LEAP, WPA and WPA2... they've all been broken.

Well, now you're thinking, "If they're all broken, why are they so popular?" They're not completely useless. For the average home user, it's simple to turn on WPA in their access point and on their laptop. They're not completely secure, but it keeps their casual neighbors out (there are plenty of easier targets out there).

But for a corporate network, using any of the encryption built-in to an access point is foolishly insecure. The reason that it's so easy to break those types of encryption is that they're very weak. That's not an accident. They have to be simple, and not require much processing power so as not to over-burden the poor little embedded processor in access points and Wi-Fi cards. Those low-powered chips just can't keep up with a full-strength encryption algorithm.

The Solution: Most corporate networks already have a means of allowing users to login from home (or elsewhere) across the insecure Internet... a VPN. Those VPNs have much stronger encryption because they're making use of a full-powered CPU to do the hard work. Leveraging that existing infrastructure for wireless users is just a short setup away.

Simply isolate all the Wi-Fi access points onto their own subnet. From that subnet, the only thing the wireless clients are allowed to connect to is the VPN server. Rogue wireless users can ping the VPN server, but failing to login, have full-access to nothing.

Such a setup relies on the same encryption for wireless clients as remote Internet users.

I run my home Wi-Fi almost the same way (with the exception that I allow unauthenticated users access to the Internet). After setting up my home network this way, I was pleasantly surprised at a luncheon event hosted by Counterpane when Bruce Schneier described using the same method.

Thursday, May 18, 2006

USB Device Drivers

I just bought a new scanner. It's the same story you've all been through... check the docs because some USB devices say "Install the CD first" while others say "Connect the device to your computer, then install the CD when prompted for drivers". Neither one is the magic "plug it in and it works" that we were promised when USB first came on the scene.

But why can't it be? I can be. There's an obvious solution. Sure, it takes a little bit of programming, but once it's done, the same solution can be re-used by every manufacturer.

Here's how it works: The USB device (printer, scanner, coffee maker, etc) has some flash memory (in today's ad, Fry's is selling 512M for $2). In that flash memory is everything they would have put on the CD. When you connect the device to your computer, the flash memory shows up as a standard USB mass storage device (just like your USB keychain does). At the same time, when your OS sees the new device, it also has the drivers available. Want an update? The files in flash include a URL to check for updates.

How hard is it? On the technical side, in order for the one physical device to show up as two (mass storage and a printer) it has to claim that it's a USB hub with two devices attached. Yes, it's possible, but nobody's bothered to do it (at least not that I've seen).

Just imagine: You buy a new USB toaster, plug it in and the drivers are installed automatically.

Sunday, December 11, 2005

Software Updates

New things to download:
Audacity 1.2.4 is the new stable release. It doesn't include very many new features, most of the new features are in 1.3 which is still in beta.

And of course, Firefox 1.5 is out. But the bigger question is... are your favorite extensions updated to work with Firefox 1.5. Here's a quick rundown of my extensions and their success with FF 1.5.

Extensions that work fine with 1.5: (should auto-update without issue)
  • Adblock
  • Disable Targets For Downloads
  • DOM Inspector
  • EditCSS
  • fireFTP
  • Flashblock
  • Forecastfox
  • FoxyTunes
  • Gmail Notifier
  • Greasemonkey
  • Image Zoom
  • MediaPlayerConnectivity
  • Paste And Go
  • PDF Download
  • SessionSaver
  • Sort Extensions
  • SwitchProxy Tool
  • Tabbrowser Preferences
  • Web Developer

Extensions that can work with FF 1.5: (I had to get updates that are not yet available via addons.mozilla.org)

Extensions that don't yet work with FF 1.5:

Now that nearly all of my FF extensions work with 1.5, it's worth it for me to upgrade. Are there other extensions you like that aren't on my list? Tell me what you like.