help

Warnings about invalid security certs are ignored by users

Yahoo Publisher Network Security Cert
Image by rustybrick via Flickr

From Robert McMillan’s “Security certificate warnings don’t work, researchers say” (IDG News Service: 27 July 2009):

In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their users).

The researchers first conducted an online survey of more than 400 Web surfers, to learn what they thought about certificate warnings. They then brought 100 people into a lab and studied how they surf the Web.

They found that people often had a mixed-up understanding of certificate warnings. For example, many thought they could ignore the messages when visiting a site they trust, but that they should be more wary at less-trustworthy sites.

In the Firefox 3 browser, Mozilla tried to use simpler language and better warnings for bad certificates. And the browser makes it harder to ignore a bad certificate warning. In the Carnegie Mellon lab, Firefox 3 users were the least likely to click through after being shown a warning.

The researchers experimented with several redesigned security warnings they’d written themselves, which appeared to be even more effective.…

Still, Sunshine believes that better warnings will help only so much. Instead of warnings, browsers should use systems that can analyze the error messages. “If those systems decide this is likely to be an attack, they should just block the user altogether,” he said.

A fix for Apple Mail’s inability to search Entire Message

Spotlight
Creative Commons License photo credit: Ti.mo

When using Apple Mail, you should be able to search for a term in From, To, Subject, & Entire Message. However, today I could no longer search Entire Message. It was grayed out & completely unavailable.

I found interesting info on the following pages, with the last being the most helpful:

  • http://discussions.apple.com/message.jspa?messageID=6653445#6653445
  • http://www.bronzefinger.com/archives/2006/04/apple_mail_sear.html
  • http://discussions.apple.com/message.jspa?messageID=5934412#5934412
  • http://forums.macworld.com/message/425508
  • http://www.macosxhints.com/article.php?story=20080201111317585

I closed Mail and tried this, which re-indexes the entire hard drive in Spotlight:

sudo mdutil -E /

But it did nothing. Then I did this, which re-indexes just the Mail folders in Spotlight:

mdimport ~/Library/Mail

That fixed it.

Real-life superheroes

From John Harlow’s “Amateur crimefighters are surging in the US” (The Times: 28 December 2008):

There are, according to the recently launched World Superhero Registry, more than 200 men and a few women who are willing to dress up as comic book heroes and patrol the urban streets in search of, if not super-villains, then pickpockets and bullies.

They may look wacky, but the superhero community was born in the embers of the 9/11 terrorist attacks when ordinary people wanted to do something short of enlisting. They were boosted by a glut of Hollywood superhero movies.

In recent weeks, prompted by heady buzz words such as “active citizenry” during the Barack Obama campaign, the pace of enrolment has speeded up. Up to 20 new “Reals”, as they call themselves, have materialised in the past month.

The Real rules are simple. They must stand for unambiguous and unsponsored good. They must create their own Spandex and rubber costumes without infringing Marvel or DC Comics copyrights, but match them with exotic names – Green Scorpion in Arizona, Terrifica in New York, Mr Xtreme in San Diego and Mr Silent in Indianapolis.

They must shun guns or knives to avoid being arrested as vigilantes, even if their nemeses may be armed. Their best weapon is not muscle but the internet – an essential tool in their war on crime is a homepage stating the message of doom for super-villains.

[Citizen] Prime patrols some of the most dangerous streets in Phoenix but, like most Reals, is reluctant to speak about the villains he has dispatched with a blow from his martial arts-honed forearm. He does admit helping a motorist change a flat tyre.

Mac OS X settings to reduce PDF sizes

From Adam Engst’s “Slim down your PDFs” (Macworld: 5 November 2008):

Though few people realize this, you can reduce the size of PDF files using the Leopard version of Preview. To shrink a PDF file, open it in Preview, choose Save As from the File menu, and, in the Save dialog box, choose Reduce File Size from the Quartz Filter pop-up menu. If when you compare the compressed PDF with your original, the images are too fuzzy for your needs (the default settings are pretty severe), you can make your own Quartz filter with different settings.

To do this, launch ColorSync Utility (in Applications/Utilities), choose New Utility Window from the File menu if none is showing, and click on Filters in the toolbar. Click on the arrow to the right of Reduce File Size, choose Duplicate Filter from the drop-down menu, and name your new filter. Enter different values for Image Sampling and Image Compression, switch back to your original PDF in Preview, and save a PDF with your new filter in place of Reduce File Size. With some trial and error, you should be able to arrive at a compromise that satisfies you.

How con artists use psychology to work

From Paul J. Zak’s “How to Run a Con” (Psychology Today: 13 November 2008):

When I was in high school, I took a job at an ARCO gas station on the outskirts of Santa Barbara, California. At the time, I drove a 1967 Mustang hotrod and thought I might pick up some tips and cheap parts by working around cars after school. You see a lot of interesting things working the night shift in a sketchy neighborhood. I constantly saw people making bad decisions: drunk drivers, gang members, unhappy cops, and con men. In fact, I was the victim of a classic con called “The Pigeon Drop.” If we humans have such big brains, how can we get conned?

Here’s what happened to me. One slow Sunday afternoon, a man comes out of the restroom with a pearl necklace in his hand. “Found it on the bathroom floor” he says. He followed with “Geez, looks nice-I wonder who lost it?” Just then, the gas station’s phone rings and a man asked if anyone found a pearl necklace that he had purchased as a gift for his wife. He offers a $200 reward for the necklace’s return. I tell him that a customer found it. “OK” he says, “I’ll be there in 30 minutes.” I give him the ARCO address and he gives me his phone number. The man who found the necklace hears all this but tells me he is running late for a job interview and cannot wait for the other man to arrive.

Huum, what to do? The man with the necklace said “Why don’t I give you the necklace and we split the reward?” The greed-o-meter goes off in my head, suppressing all rational thought. “Yeah, you give me the necklace to hold and I’ll give you $100” I suggest. He agrees. Since high school kids working at gas stations don’t have $100, I take money out of the cash drawer to complete the transaction.

You can guess the rest. The man with the lost necklace doesn’t come and never answers my many calls. After about an hour, I call the police. The “pearl” necklace was a two dollar fake and the number I was calling went to a pay phone nearby. I had to fess up to my boss and pay back the money with my next paycheck.

Why did this con work? Let’s do some neuroscience. While the primary motivator from my perspective was greed, the pigeon drop cleverly engages THOMAS (The Human Oxytocin Mediated Attachment System). … THOMAS is a powerful brain circuit that releases the neurochemical oxytocin when we are trusted and induces a desire to reciprocate the trust we have been shown–even with strangers.

The key to a con is not that you trust the conman, but that he shows he trusts you. Conmen ply their trade by appearing fragile or needing help, by seeming vulnerable. Because of THOMAS, the human brain makes us feel good when we help others–this is the basis for attachment to family and friends and cooperation with strangers. “I need your help” is a potent stimulus for action.

How to run a command repeatedly

You can use the watch command, but it unfortunately isn’t available for Mac OS X. At least, from Apple. Sveinbjorn Thordarson (great name!) has a version of watch that you can download and compile on your OS X box. It’s available at http://www.sveinbjorn.org/watch_macosx.

Or, you can use this shell script:

while true ; do foo ; sleep 1 ; done

This will run foo every second until you press Ctrl-C to cancel the script.

What actions change MAC times on a UNIX box?

From Holt Sorenson’s “Incident Response Tools For Unix, Part Two: File-System Tools” (SecurityFocus: 17 October 2003):

Various commands change the MAC [modify, access, and change] times in different ways. The table below shows the effects that some common commands have on MAC times. These tables were created on Debian 3.0 using an ext2 file system contained in a flat file mounted on a loopback device. … Experimenting with your own system to verify the information in the tables below is encouraged. These tables can serve as a general guide, however.

How common commands change MACtimes for a directory (foo):
Action atime ctime mtime
creation (mkdir foo) X X X
directory move (mv foo bar) X X
file creation (touch foo/foo) X X
file creation (dd if=/dev/zero of=foo/foo count=1) X X
list directory (ls foo) X
change directory (cd foo)
file test (-f foo)
file move/rename (mv foo foo_mvd) X X
permissions change (chmod/chown <some_perm> foo) X
file copy (mv foo_mvd foo) X X
file edit (vim foo) X X
file edit (emacs foo) X X X
file edit (nvi/nano foo)
How common commands change MACtimes for a file (f1):
Action atime ctime mtime
creation (touch foo) X X X
creation (dd if=/dev/zero of=foo count=1) X X X
rename (mv foo bar)
permissions change (chmod <some_perm> foo) X
copy (cp foo bar) X
copy overwrite (cp bar foo) X X
append (cat >> foo) X X
overwrite (cat > foo) X X
truncate (cp /dev/null foo) X X
list file (ls foo)
edit (vim/emacs/xemacs/joe/jed foo) X X X
edit (ed/nvi/vi (sun)/vi (obsd)/nano/pico foo) X1 X1 X1
1 – all times changed, but atime is slightly older than mtime and ctime

The ls command can be used to show the modify, access or change times of files. The following table shows various ls commands that sort in reverse order by mtime, atime, or ctime. This causes ls to list the most recent times last.

displaying MACtimes using ls:
Linux (ls from GNU fileutils) OpenBSD Solaris
mtime ls -latr –full-time ls -latTr ls -latr
atime ls -laur –full-time ls -lauTr ls -laur
ctime ls -lacr –full-time ls -lacTr ls -lacr

Retrieve CD Key from Windows 95 or NT

Start | Settings | Control Panel | System

Under Registered to, you’ll see user name & a 20-digit number. Digits 6 through 15 make up the CD key.

If you’re using an OEM version, the entire number is the CD key.

Ubuntu Edgy changes to fstab

I upgraded my Ubuntu Linux desktop today from Dapper to Edgy. It appears that in /etc/fstab, LABEL= no longer works, and you must now use UUID=.

http://ubuntuforums.org/showthread.php?t=278652

So my fstab now looks like this, for instance (these are all external drives):

UUID=a3d8a126-a7fc-4994-9675-748ed62c3109 /media/music           xfs      rw,user,noauto  0  0
UUID=e6e83a83-7487-4f22-a7ac-42cb100dfe24 /media/music-copy      reiserfs rw,user,noauto  0  0
UUID=99198c52-3f9e-4255-9326-7891a90223ac /media/temp            reiserfs rw,user,noauto  0  0
UUID=e0e73b81-f432-4b9e-918c-595fbfb1ac93 /media/data            ext3     rw,user,noauto  0  0
UUID=2296551a-1d7d-4aff-9aea-873121464c9a /media/data-copy       ext3     rw,user,noauto  0  0
UUID=e04e7b7a-b429-4a0f-a458-6af0c120bb9b /media/music-rock      xfs      rw,user,noauto  0  0
UUID=af39f5e1-1554-4dac-be5c-1f5028ee9503 /media/music-rock-copy xfs      rw,user,noauto  0  0

Edgy also converts any old fstab entries for /dev/hda1 and so on to the new UUID method as well.

For more on labels & uuid in fstab, see: http://ubuntuforums.org/showthread.php?t=283131

1st 2 questions AOL tech support asks

From Spare me the details (The Economist: 28 October 2004):

LISA HOOK, an executive at AOL, one of the biggest providers of traditional (“dial-up”) internet access, has learned amazing things by listening in on the calls to AOL’s help desk. Usually, the problem is that users cannot get online. The help desk’s first question is: “Do you have a computer?” Surprisingly often the answer is no, and the customer was trying to shove the installation CD into the stereo or TV set. The help desk’s next question is: “Do you have a second telephone line?” Again, surprisingly often the answer is no, which means that the customer cannot get on to the internet because he is on the line to the help desk. And so it goes on. …