No Such Weblog

Apart of the wireless and case problems, I’m actually a reasonably happy Mac user — which is, indeed, somewhat surprising after 10 years of Linux on the desktop.Among the things I like a lot with MacOS 10.5 (Leopard) is the TimeMachine backup program. It follows Kristian’s law: Nobody wants backup, everybody wants restore. And the user interface for restoring data is cheesy enough to actually work. Kudos for that.Well, almost: To be compliant with Norm’s law, there need to be at least two backups, on two different hard drives. And while Time Machine is indeed totally capable of doing that, it involves manually switching backup disks, and a lengthy first pass while the “new” disk is first used. Both of these seem unnecessary — Time Machine should be able to recognize a backup drive, and it should be able to keep track locally of where it’s putting backups, and what has happened since the last one to any given medium.The other surprising gap is a lack of encrypted backups: On the one hand there’s FileVault for encrypted home directories, and ample support for mounting encrypted volumes. There’s even dynamically growing encrypted volumes, and support for easily creating them hidden in the hdiutil command line tool.I’m seriously puzzled why TimeMachine doesn’t make that kind of support available automatically.Let’s hope that things will improve soon, both from the wireless perspective, and in TimeMachine.Later: It appears as though multiple disk mode works reasonably well; in particular, the additional pass through the entire disk stopped occurring after a while. However, there’s still the dance through the preferences whenever the backup disk is changed.

I had ranted before about the occasional trouble that I’m experiencing with the MacBook’s wireless card.The symptoms continue to occur: Typically at home (when the machine is in the same place and sits on my desk for extended amounts of time, sometimes days), typically during work hours, often when somebody else toys around with a network nearby, and only reproducible when I really can’t use them. In other words: At least here, the MacBook isn’t reliable accessing the wireless network during work hours, and I can’t figure out anything in particular that I can do to trigger or avoid the problem.(It’s also clear that the problem isn’t with the access point, as other machines here have no problem. Including a wifi enabled mobile phone and the Thinkpad. This is a genuine client issue, genuinely on the Mac.)Searching around online has been a fool’s errand and a time sink as well: While there are quite a few examples of similar problem (and while discussion threads often have a “yeah, I have the same problem”), none of them yield useful information about either causes or cures for the problem. The only consolation is, maybe, that the trouble seems to be common across the BSDs and Linux, and is certainly not just a Mac problem. (That consolation is rather immaterial, though — we are, after all, talking about a problem with the (Atheros) wireless card that ships in these machines. By default.)From what I’ve seen so far, this could be a Heisenbug anywhere between overheating (a bad fan?), a loose contact, a bit of conducting dust on the motherboard, a buggy driver, neighbors’ secretly building and testing EMP weapons while cooking pancakes, or sun spot activcity — even though some general instability (two panics and a freeze within two hours or so, anyone?) this morning points at hardware troubles close to the motherboard. (Oh, of course all is stable now that I’m sitting in elsewhere and have the laptop balanced on my leg — overheating, after all?)The next step is presumably AppleCare — and I’ll probably have to see how well my environment is back-ported to Linux on the Thinkpad, since travel and work won’t wait for Apple to get it’s act together.PS: A crack that occurs on the right-hand palm rest, toward the front, on about every MacBook I’ve seen, doesn’t count as quality hardware either.PS2: I do like MacOS’s, and the overall machine’s usability. Really. But, please, not in a less stable environment than what Linux on the Thinkpad gave me. Till that machine’s motherboard broke, that is. 2 weeks repair time there.

I’ve gotten a bit curious about geocaching. However, being the lazy type, there is no way that I’ll enter all these waypoints manually on a mobile phone keyboard.Therefore, here’s an XSLT sheet to convert geocaching LOC files to Nokia LMX files. Just store the result in a file with the extension .lmx and drop it on your N95.

It seems like the combination of a somewhat dated Linksys WRT54G and the MacBook wasn’t made in heaven. Every once in a while, I find something like this in my laptop’s log files:

Jan 23 11:04:27 iCoaster kernel[0]: ath_reset: unable to reset hardware; hal status 3Jan 23 11:04:28 iCoaster kernel[0]: ath_chan_set: unable to reset channel 1 (2412 Mhz)Jan 23 11:04:29 iCoaster kernel[0]: ath_chan_set: unable to reset channel 6 (2437 Mhz)Jan 23 11:04:30 iCoaster kernel[0]: ath_chan_set: unable to reset channel 11 (2462 Mhz)Jan 23 11:04:30 iCoaster kernel[0]: ath_chan_set: unable to reset channel 7 (2442 Mhz)Jan 23 11:04:30 iCoaster configd[50]: posting notification com.apple.system.config.network_changeJan 23 11:04:32 iCoaster kernel[0]: ath_chan_set: unable to reset channel 13 (2472 Mhz)Jan 23 11:04:33 iCoaster kernel[0]: ath_chan_set: unable to reset channel 52 (5260 Mhz)Jan 23 11:04:34 iCoaster kernel[0]: ath_chan_set: unable to reset channel 56 (5280 Mhz)Jan 23 11:04:35 iCoaster kernel[0]: ath_chan_set: unable to reset channel 60 (5300 Mhz)

These effects occur once or twice a week, and aren’t really helpful in the middle of trying to work. Overall, this has the stink of a driver issue. Googling around shows that there have been dropped connection issues between Linksys routers and Apple wireless cards for a long time, without Apple coming up with a useful fix.Update, 2008-02-13 — the woes continue on MacOS 10.5.2. They seem strangely correlated to the presence of a “secure” ad-hoc network here which, I believe, is caused by some Philips entertainment electronics. The name is WASC-…..

I’ve been a happy user of my Palm Treo 650 for quite a while, but — let’s face it — it’s starting to be old. Too bad that there doesn’t seem to be a device out there that has quite the edge over that old brick that would make me buy it.Here are the requirements that I’d like to see combined in one device, but can’t seem to find combined:

• Decent full keyboard — anything that uses T9 and similar predictive technologies seems to deal badly with mixing languages. And yes, I type both German and English into my mobile.
• 3G, please. I want to be able to use a single device in Europe, the US, and Japan. That’s not possible with either the Treo or the iPhone.
• GPS and maps, please. I regularly use Google Maps for the Treo; a phone with a built-in GPS receiver would be great.
• Decent web browser — neither Blazer nor Opera Mini really cuts it on the Teo.
• Wi-Fi and Bluetooth, of course.
• Third party applications.
• Not bound to a particular carrier, and certainly not bound to a particular carrier’s more expensive contracts.
• Smaller form factor. The Treo is quite heavy; I wouldn’t want the next one to be as heavy or thick.

Anybody know a device that fits the description?

Robert Harris’ “Ghost” reminded me a lot of the anonymously published “Primary Colors”, at least during the first few chapters: Where Primary Colors is obviously a roman a clef about the Clintons, the Ghost as obviously deals with the Blairs. Where Primary Colors is told from the perspective of a political aide who gets suddenly drawn into the maelstrom of primary politics, the Ghost is told from the perspective of a ghostwriter who is called in to finish the former prime minister’s memoirs (for a premium), after the previous ghost (formerly a political aide to the prime minister) has mysteriously deceased.In both novels, the narrator emerges on a journey that brings him closer to his political couple of choice than he’d ever have dreamed. But where Primary Colors tells of mostly credible abysses and explores personalities, Harris’ thriller takes its reader on a different trip, along with the ghostwriter who tries to understand his “author”: Just how far, you believe, does the special partnership between the US and the UK go? Just how little do you trust that former prime minister to have served his own country’s interests? And, just what kind of motives are you willing to accept for that? In other words, where precisely do you think Harris crosses the line from a fairly plausible roman a clef into pure, James Bond like fiction?Besides being a well-written, captivating, and entertaining thriller, the Ghost also leaves its reader with quite a bit of uneasiness. It’s a book of our times.

My colleagues Ivan Hermann and Richard Ishida are sharing some experiences from the “old time”, when traveling into (and out of) Hungary meant crossing borders and facing guard dogs and Kalashnikovs. Hungary is now a Schengen state, which means that crossing its border toward Austria is as easy as crossing the borders between Luxembourg and Germany, or Luxembourg and France, or France and Germany — in short, the borders that meet around the little village of Schengen that has given its name to the contract, just a few dozen kilometers south of where I now live. I often tell of the marks that remind of past floodings in nearby Sierck-les-Bains, and how they change languages, testimony to just often war ravaged this area, how often borders moved here, and how absurd they are to the people who live on them.While I never crossed the Hungarian part of the iron curtain when it was still up, the most lasting memory of my first time in Berlin – a school trip, in the last week of August in 1989, just weeks before the DDR started collapsing – was our one-day visit to the eastern part of the city. I believe that we took the subway from somewhere in Western Berlin (not the S train from Zoo as we did last week, coming back from chestnuts and Glühwein and a look at Kurfürstendamm). I remember our passing (in 1989) through badly-lit, machine gun and camera infested, but otherwise abandoned, stations on the Eastern side (without even slowing down); finally, the train stopped at Friedrichstrasse, which I once again remember as a fairly colorless affair. What I remember of the border controls that followed are grey and somewhat claustrophobic corridors, and a distinctive sense of fear; the details have all become fuzzy. We were all glad when we finally emerged from Bahnhof Friedrichstrasse. Back then, it was known as the palace of tears: This was where Eastern and Western relatives would kiss good-bye, and where following across the border was suicidal for those from the East. (Needless to say, we were rather happy when we made it back to the West that night.)This New Year’s eve, we passed through Bahnhof Friedrichstrasse many times, by subway, S train, and walking. Going from Friedrichstrasse toward the Reichstag (and further along what’s now known as the street of 17 June), we walked across what was once the deadly strip around the Berlin wall. That night, the Brandenburg gate was off limits only because there were too many people there.

It’s normal like that now, and it has always been like that for those who will first attend an election this year.The accession to Schengen of Hungary and other countries that used to be on the eastern side of the iron curtain means that, soon, not having to show one’s papers when one crosses a border will be normal for them, too. And that’s really great.Yet, it’s important to remember that the world hasn’t always been like this. That there were times when borders were insurmountable, when moving from one country into another meant risking one’s life, for those who had ended up on the wrong side of that border; and that there are indeed borders in this world of which that’s still true.That’s why stories like Richard’s and Ivan’s are so important, and why I dug out that almost 20 year old photo of the Brandenburg gate from a pile of old pictures.

Lessig’s blog entry about Jack Goldsmith’s “Terror Presidency” made me curious enough to get and read the book.Goldsmith – a staunch conservative, who ultimately believes that most of the things that the Bush government actually does are right and appropriate – was propelled from academia first into the Pentagon, then to heading the Office of Legal Counsel, a position in which he was effectively the chief legal arbiter of what the executive branch is allowed to do by law, and what it isn’t. There, he found himself revoking a set of legal opinions (the torture memos) that asserted quasi-absolute presidential power, in order to authorize practices that Goldsmith believes were appropriate under applicable law. This revocation put him at the center of a struggle within the Bush administration, where the fear of the next attack meets arrogance and a desire to not consult.The book, then, has two main threads of discussion: On the one hand, the mentality and working environment within the Bush government; on the other, the comparison of Bush’s political strategy with Roosevelt’s during World War II: In Goldsmith’s view, Roosevelt, like Bush, had to step to the edges of what was legal, and sometimes beyond. But where Bush’s asserted presidential authority is often based on shoddy legal reasoning, Roosevelt’s authority was based on building broad political and public support for his actions. Where Roosevelt strengthened the presidency by building authority, not asserting it, Bush weakens it, by asserting authority, and deliberately not building broad support.Overall, an illuminating (though chilly) read, in particular to this reader who is neither American, nor a lawyer.

My lightning talk from 24c3 this morning, on youtube:

Excuse the widget blogging hiatus, please; I held back on this one till Google had rolled out a fix.

Our topic today, then, is the Gmail dashboard widget — a handy dashboard frontend to Google Mail. As so many other widgets, this one, too, runs with access to the widget.system method. However, the bug in question here does not relate to eval(). Instead, it’s script-injection into the DOM due to a lack of output cleansing in the client-side JavaScript code. It’s, effectively, the same kind of vulnerability that underlies cross-site-scripting vulnerabilities in servers; for a change, however, this is a client-side problem.

Consider this code fragment:

var titleText = MessagesTable           .getTitleTextFromEntryElement(currentEntry);      titleText =          '&nbsp;&nbsp;&nbsp;<span class="title-class">'           + titleText          + '</span>';      if (Prefs.getShowSnippets()) {        var summaryText = MessagesTable.getSummary(currentEntry);        summaryText = '<span class="snippet-class"> - '           + summaryText          + '</span>';        titleText += summaryText;      }      titleText = "<div class='table-overflow-col'>"         + titleText + "</div>";      ...      titleColumn.innerHTML = titleText;

The use of the non-standard innerHTML property to write to the DOM here means that, if we can inject tags into the titleText variable, we can actually write tags into that document object model.

Instead of reading more code, I sent a first message to my GMail account, with this subject:

Subject: <i>italic?</i>

Now, guess how that message came out in the GMail widget… So, we can write tags into the DOM. The simple approach of just dropping some <script> tags into the subject header failed, though: innerHTML doesn’t actually execute scripts right away.

However, this worked:

Subject: hi   there

As soon as the mouse pointer hovered over the subject header of this message, a shell script would be downloaded from my web server, and then executed, with the user’s privileges — the machine was taken over by sending a single e-mail, combined with a likely and innocuous user interaction.

What this example (as the other, earlier ones) demonstrates is that, as Web technologies move to the desktop, bad coding practices move with them. However, what was once a problem that might affect one server-side application now tuns into a way to subvert client computers — easily, quickly, and thoroughly, and with no more tools than the ability to write a simple e-mail.

Possible fixes to this problem include escaping any user-supplied data that is expected to contain text before feeding it to dangerous programming constructs such as .innerHTML, or using safer programming constructs such as createTextNode.

The recent observations about widgets suggest several more general points, though: On the one hand, figuring out useful security models for widgets is an important task (that the W3C Web Application Formats Working Group, which works on a widget format, will have to take on, together with the various widget vendors).

On the other hand, it’s clear that fancy security models are not enough: We need to spread the word about sane programming practices for widgets, and quite likely some code review from those who advertise others’ code as safe to download.

Finally, these kinds of issues are not just a problem with widgets: Just this Wednesday, Orkut was hit by a worm that was exploiting server-side cross-site scripting vulnerabilities. As we see more and more cross-site requests and data flows — either through cross-site XMLHttpRequest, or through deliberate cross-site script inclusion –, we’ll see attacks like these cross site boundaries. We’ll also see combined server and client-side attacks, just enabled by web technologies.

I hope to talk more about this at this year’s Chaos Communication Congress in Berlin, and perhaps at the Web Conference next April in Beijing.