Computers
Dropbox exposed files with security hole, and an alternative.
Jun 24th
First of all, this might look like a sponsored post in some places, but I assure you it’s not, but backup is something I take very seriously and extol the virtues of to anyone who will listen! Now, that out of the way as some of you may know, Dropbox is a service in use by some 25 million people to backup and sync files which they feel are important and should be looked after, many using the free 2gb account to backup just the absolute essentials. So what then if a flaw in security allowed anyone to log in to any dropbox account they liked, using any mish-mash of random characters typed as a password? Unfortunately this is’t a hypothetical situation I am describing here, this actually happened this week and all 25 million accounts were open for the world to login to due to a fault in a software patch. Though Dropbox state there was less than 1% of accounts accessed during this time, that still means up to 250,000 accounts were potentially compromised. If your account was one of them you should have received a mail by now telling you what happened, which folders were accessed, apologising for it an assuring you that it wont happen again.
For me though, an apology is simply not good enough, people use a backup service so that they can be sure their data is safe and secure, but if the people you entrust to make that backup cant keep it secure then it’s almost pointless to even use the service. This compounded with the change in TOS a few months back which state Dropbox will decrypt your files if requested by law enforcement agencies, and that a previous ‘Staff can’t access your files’ mantra suddenly being changed to ‘Staff are prohibited’ from accessing your files being widely reported on the net, I no longer feel that Dropbox is a service I want to trust important data to, in fact I’m not even sure I want to trust them with unimportant data.
When I was discussing this with a friend, he mentioned that he too had the same concerns, and had gone looking for an alternative, which turned up SpiderOak, a very similar but at the same time altogether different service.
An alternative
First and foremost, SpiderOak encrypts all your files at the client end, they never store your password and therefore are literally unable to provide access to your files to anyone, including their staff or law enforcement agencies. Files are stored on their servers in blocked segments encrypted at the byte level, so not even file names and folder structures are accessible. Even when you log in to the website your password is maintained only in RAM memory, in an encrypted form, only as long as you’re connected, and never put to disc. And that’s just the start of the improvements over Dropbox, some of the other big ones are:
- Faster data upload – compression and de-duplication upload your info much faster
- De-duplication means if you have the same file at home and work, it only takes the space of one copy
- Selective backup, you can opt to backup any folder on you machine (including network shares and external drives)
- Consolidation of backup between all of your devices and machines, you can browse them all through the GUI
- Complete revision history, no old copy is ever removed unless you choose to remove it.
- Sharing can be done on a folder level, like Dropbox’s public links you can share files with anyone, but share a full folder not just single files.
- Open Source transparency means they are actively trying to release their code to help the wider net community as well.
- Great referral system offering much more space for no charge (4x what Dropbox offers)
Though it is a shame the circumstances under which I felt obligated to move to a different backup / sync provider, I am wholly impressed with SpiderOak and glad that I did make the mov. I’ve got much more faith in it and find it to be much more featured than Dropbox.
Sign up & get 6gb free
If you’d like to sign up then I’d suggest you do so with my referall link, which you will find at the end of this post, and also use the promo code ‘worldbackupday’ which will give me 1gb of free space, and instantly start your account with 6gb of free space if you do both.
Let me know what you think of the service, and that referral link is: https://spideroak.com/download/referral/33d3bbe7b656b2c4cf47e479f4409406
~Shepy
FBI seize one of Instapaper’s servers (incorrectly!)
Jun 23rd
In this connected world where people have their data and information spread across a wealth of services, servers and databases we’re all rightly worried about hacking attempts and how safe that data is. Sometimes even the best will in the world cant help though, as Instapaper has been unfortunate enough to have one of their servers confiscated under a warrant that was being served on someone they were just unlucky enough to share data centre space with! Instapaper is a site and mobile app combo that allows it’s users to save interesting or lengthy articles for later reading at home, on the mobile device or simply when it would be more convenient.
Absolute full credit must be given to Instapaper though for immediately making an announcement to it’s users informing them of what had transpired, what this meant to the service, and which data would now be in the hands of the FBI. More credit again to the fact that their passwords are stored as SHA1 hashes, rather than simply being the actual password as has been the problem in far too many recent data breaches.
From the post, outlining what is now in the hands of the FBI:
Possibly most importantly, though, the FBI is now presumably in possession of a complete copy of the Instapaper database as it stood on Tuesday morning, including the complete list of users and any non-deleted bookmarks. (“Archived” bookmarks are not deleted. “Deleted” bookmarks are hard-deleted out of the database immediately.)
Instapaper stores only salted SHA-1 hashes of passwords, so those are relatively safe. But email addresses are stored in the clear, as is the saved content of each bookmark saved by the bookmarklet.
The server also contained a complete copy of the Instapaper website codebase, but not the codebase of the iOS app.
Linked Facebook, Twitter, or Tumblr accounts only store their respective OAuth keys. Linked Evernote accounts only store the Evernote email-in address. Linked Pinboard accounts, however, store plaintext usernames and encrypted passwords, and the encryption keys are present in the website source code on the server.
So the FBI now has illegal possession of nearly all of Instapaper’s data and a moderate portion of its codebase, and as far as I know, this is completely out of my control.
The rest of the post can be read by clicking here, and it certainly makes for interesting reading.
Bravo to Instapaper in how they have handled this, if only more companies would be as transparent and up front with their user base.
~Shepy
Why I have left Twitpic, and why you should too.
May 10th
Well as you can probably tell from the image on the right, this is all to do with a matter of copyright. As a photographer copyright is very important to me, it’s how I make money from photographs and it’s what ensures thatI get credit for my work which brings in more work. It also ensures that I have control over the final look of an image, if it is to be associated with my name, so that I can protect my name or brand.
I saw a retweet of an update frorm @iA this afternoon which pointed me towards the terms of service of Twitpic stating that as of 4th of May they were claiming copyright license on all images uploaded to their service. Understandably annoyed at this, I followed the link and had a read, to find the following paragraph (emphasis mine):
You retain all ownership rights to Content uploaded to Twitpic. However, by submitting Content to Twitpic, you hereby grant Twitpic a worldwide, non-exclusive, royalty-free, sublicenseable and transferable license to use, reproduce, distribute, prepare derivative works of, display, and perform the Content in connection with the Service and Twitpic’s (and its successors’ and affiliates’) business, including without limitation for promoting and redistributing part or all of the Service (and derivative works thereof) in any media formats and through any media channels. You also hereby grant each user of the Service a non-exclusive license to access your Content through the Service, and to use, reproduce, distribute, display and perform such Content as permitted through the functionality of the Service and under these Terms of Service. The above licenses granted by you in media Content you submit to the Service terminate within a commercially reasonable time after you remove or delete your media from the Service provided that any sub-license by Twitpic to use, reproduce or distribute the Content prior to such termination may be perpetual and irrevocable.
What this means
That first bold bit there essentially says they can do whatever they like with the image, at no cost, including selling it or transferring their license to any and all third parties which they chose, including the ability to make derivatives works (which would cover removing any watermark you may happen to have placed on the image).
The second bold bit basically covers them for anyone they like to be able to use their images, you have no say in who can use or license the image.
The third emphasis says that even if you delete the image, if they already have a sublicense in place then there is nothing you can do about it, and that license will still stand.
Imagine these scenarios:
- You happen to be there when something major happens, they can sell your images to the news services.
- You upload images of a friend, they sell those images and they are used without yours or your friends permission to advertise something unsavoury or adult.
- Your image / likeness is used to promote a product or service you feel strongly against (a pregnant mother in anti-abortion ads, when she is pro-choice)
- Those “Meet singles in your area” adverts you see on the right of Facebook, how would your husband feel to see you in one of those?
- A photo you took of a product is used, and the trademark owner decides to sue for that use, you as copyright owner could potentially be dragged in to it.
- An image of yours is used in a negative way, and the stigma of that is associated with you name which could affect business if you are a photographer.
Those are just the uses I can think of off the top of my head, there are bound to be plenty more.
Reaction
I immediately deleted all of the images I had on Twitpic, thankfully none of which had been uploaded since the change of terms on the 4th, and removed Twitpic’s right to access my twitter account. I uploaded one final picture which simply said in huge letters “Bye Twitpic You Bunch Of Thieving Bastards” which I can categorically say I have no qualms about if they wish to sublicense or allow the use of by anyone, anywhere.
One of the main reasons I used Twitpic was because of it’s ubiquitous support in Twitter clients, and the fact I had been using it for so long (813 days according to the oldest picture I deleted), and that it is the only choice for picture service native within the Android version of Tweetdeck which I use.
What to use instead
Thankfully the wonderful @alittlebit recommend Posterous, which I have now signed up for and will be using in the future to post pictures on Twitter, probably as well as a few short video clips and suchlike.
Like Twitpic it automatically sends out the tweet for me (as well as also being able to automatically post to a myriad of other services), and there is a handy app for my Android phone which will upload them for me, so in usability terms I lose nothing, but gain the ability to also upload pics via email and to add extra content or information to the post / pic before it is published and obviously retain the copyright, as it should be.
And just in case you’re wondering what Posterous terms of service have to say on the same matter;
You shall retain all of your ownership rights in your submissions; however, by submitting material to Posterous you grant Posterous fully transferable rights to use, reproduce, distribute, modify, transmit, prepare derivative works of, display and produce the material in connection with Posterous and Posterous’s business, but solely in accordance with these Terms of Use and our Privacy Policy.
The key difference there is that you are granting license only in so far as may be deemed appropriate for the promotion and advertising of the Posterous service (which is likely to cover them for screenshots in news magazines etc), and not that they can sub license the images for any other use.
Final thoughts
You think that Twitpic would have learned from the mistake that Facebook made when they attempted much the same thing last year, and then very quickly withdrew the clause from the terms of service after massive outcry from their userbase. You can bet that Twitpic have something in mind for this, you don’t add something like that to your terms of use without having a reason to do so, but I for one don’t intend to be around to find out what that is, and hopefully neither will you.
If you want to sign up with Posterous you can do so by clicking here
You can follow me on twitter by clicking here.
UPDATE: There is a follow up to this article here: http://www.shepy.co.uk/blog/2011/05/twitpic-why-i-wont-go-back-and-why-you-shouldnt-either-a-follow-up/
~Shepy
Congrats on your new feature, now how do i disable it?
Mar 8th
Sadly there seems to be somewhat the starting of a trend of trying to ladle in new features to applications, and not giving any option to disable the new addition. This becomes especially problematic if your new feature takes up valuable screen space on the already limited display of a mobile device, such as with the new trending bar at the top of Twitter for iOS. Another particularly annoying one recently was the inclusion of Deck.ly support into Tweetdeck (though thankfully this was given a disable option shortly after!)
It’s normally not that much extra work or code to add something in to the options to allow users to disable these new features, and might even help you retain userbase. Sure you dont want your options dialogs to be turning into the spanish inquisition, but there has to be some middle ground here. I’ve personally ditched apps both on desktop and mobile in favour of a competitor product because I couldnt tolerate a new feature, and I’m sure I’m not the only one.
So please, I’m begging you, if you codesoftware (mobile / desktop / web, whatever) then please put the decision back with the user as to which features they do and dont have to use or have displayed?
New browser Rockmelt, first impressions
Nov 23rd
I saw a link a few days ago on twitter to information about a new browser called Rockmelt about to launch, with emphasis on the ever more connected world we live in, and social media. I headed along to the site, and it was invite only beta, so I signed up for an invite, and today that invite arrived so I downloaded it to give it a quick whirl.
I opened the browser after install, and was immediately asked for permission for it to link to my Facebook account, which I provided, and then the browser launched. The first thing you will notice is the two side bars, or edges as they are called in Rockmelt, which you can see in the screen shot:
The two edges allow you to keep more up to date with what is going on with your favourite sites and interact with people as you browse. The two edges are:
Using technology to aid the planet
Nov 16th
Sony and the WWF have teamed up to launche the Open Planet Ideas initiative, which aims to encourage people to think of new and innovative ways in which we can use technology to make better use of our natural resources, aid the planet and help it's inhabitants, organised into a few different concepts. I had a quick spy through the current technologies they have on the site, as suggestions for items which could be used (among others) to see if there was anything I could come up with, and was quite impressed with some of the items there. Things such as facial recognition and presence sensing in a TV so that it could dim the screen if you leave the room, or turn off if you fall asleep (I know i could have used that plenty in the past!)
Another one that struck me as quite interesting was a dye sensitized solar cell, which is a solar panel but not in the sense that most people would recognise one. Rather than being a traditional photo voltaic cell which is usually green or orange, these things can be made in pretty patterns, designs and even transparent, which got me thinking. I came up with:
Self Charging Mobile
What about if the glass on your mobile phone, or any other mobile device was made out of this dye sensitized solar cell material. It would mean the device could be trickle charging all day long, and while this might not mean it could replace the normal charge altogether it might perhaps get you an extra hour or two of use in a normal day, and who wouldn't want that?
Not only would it mean I could go longer without having to worry about getting to a charge point, but for people who don't have regular reliable access to power such as in third world countries, or when travelling etc, it could mean the difference between being able to make that important call, or not.
Most importantly though, every watt of power taken from the sun and solar energy is a watt of power not needed from the national grid, from fossil fuels and other non-renewable resources for it's production and I've no doubt that I don't need to explain the necessity of that to anyone.
What is even more interesting about these dye sensitized solar cells is that they have reduced energy consumption and CO2 emissions during manufacture compared with conventional silicon solar cells so are an even cleaner form of solar energy, and a higher efficiency for light to electricity conversion as well, so potentially would be better at charging your mobile than some of the solar charging options out there. I'd welcome comments and improvements from anyone, so go look at my idea and give me your input,
Crowd sourcing is becoming ever more popular, and used in a plethora of different ways, and I really like it when I see it being used for something like this. I encourage you all to head over to the site and at least find find out more about Open Planet Ideas , read the challenge brief or even better become part of it, try to make a difference and join the challenge.
Comments and suggestions always welcome
~Shepy
Stop telling people where you live!
Nov 10th
With things like Foursquare, and now Facebook Places, people are routinely sharing every moment where they are. Now don’t get me wrong, I use Foursquare and often check in when I’m out at the pub etc and find it a great way to meet up with friends, but when I see check-ins from people on foursquare or facebook places and the location is tagged as “Home” it quite honestly makes me cringe. The internet is full of some sick and twisted people at times, and though you might not have upset anyone so far, there is a fair chance that you might one day, and they just might decide to come and have a ‘gentle word’ at your conveniently tagged home location. As most people tend to also tweet / facebook status update when they go on holiday, you’ve then not only told people where you live, but now that you’re not in the house and it’s prime for burgling.
Likewise, it scares the bejesus out of me that some people leave geotagging enabled on their smart phone, then upload photos to any of a plethora of image hosting services or send them directly. Now this isn’t such a problem most of the time if you’re out and about, but what if you’re at home and sharing a photo of something so obviously at home, like say the meal you just cooked? (I’ve seen plenty of people putting pics of similar up), or even worse, some girl chatting to someone online does a ‘self shot‘ (NSFW Google Image Search) pic to some guy she is flirting with online and doesnt realise it has GPS data logged in the EXIF of the image telling that guy (who could potentially be a not-very-nice kind of bloke) just exactly where she is?
Sometimes technology makes life enriched, entertaining and wonderful, but sometimes it can make it down right dangerous and worrying. Unfortunately the latter seems to come about all to often through people not quite understanding the full ramifications of the technology, or the information it is sharing. Please, think carefully before you chose to enable geotagging / location data in any application or device, and think about who may be able to see that information (and what they may chose to do with it) before you next check in at a location.
~Shepy
Make: A photoshop quick access keypad
Nov 9th
As you can imagine with the amount of photography posts on this blog, I spend a fair amount of time in Photoshop. Like most people using Photoshop, there are a number of tools and actions that I use far more regularly than others, so I thought it would be nice to have quick access to these on a keypad, so I don’t always have to go to the toolbar to activate them. Yes, I know I could use the standard keyboard and shortcut keys, but I just prefer having them on a dedicated and more visual pad than the standard qwerty. Having an old numeric keypad laying about, and having played with AutoHotKey a fair bit recently, I decided to set about reconfiguring the pad to activate my most common used tools when in photoshop. Here is the result:
The icons you don’t recognise at the bottom are just mapped to a few custom photoshop actions. The – and + keys increase and decrease the brush size.
The key tops are just printed on card, ‘lacquered’ with clear nail varnish to protect the ink a bit, and then glued to the numpad keys. At the moment it’s dedicated to Photoshop, but I’m considering re-printing the tops and having them dual use for Photoshop and Bridge. It’s not the most beautiful thing in the world, granted, but it does the job well and it will suffice for now till I feel justified in buying an Optimus OLED keyboard :P
The AHK script and icon for anyone who is interested, can be downloaded here: PS-Pad
~Shepy
Windows Re-installs made easy.
Jul 15th
I have recently built a new PC, so I’ve been planning to format and rebuild the old one to make it into a media server for the lounge to replace the ageing and slow machine already performing that function. One thing I was not looking forward to though was having to find all the drivers for the various parts, its so long since I built that machine that I don’t recall what motherboard, graphics card etc, etc I used when building it.
Now normally when I build a new machine, I’m pretty good with keeping all the driver discs etc together and handy for re-installs, but over time they seem to drift and after 2 years I’d have more chance of finding the Holy Grail that finding those discs.
Luckily a few weeks back I happened across a program that claimed to be able to rip out and backup all of the drivers from a system, ready for import onto a fresh install, so what better opportunity to give it a try.
One swift download and unzip of DriverBackup (which incidentally is free and open source) later, and I’m looking at the main driver backup window. When the program first opens, it doesnt show any hardware, but clicking the ‘Refresh’ button made it go scurrying off and collecting data about all the drivers in my system. A few seconds later there was a complete list of drivers and hardware, including some stuff I had forgotten I had even owned, but obviously still had driver files lingering in the system long after I had stopped using the device! From here you just click the “Start Backup” button, the software asks you where you want it to save the output, so i pointed it to a 4GB usb key and away it went copying driver files merrily. After about 2 minutes it had finished copying all files, and I was left with a nice directory structure of 1 folder per device, with the folder named after the device.
Sceptical about how reliable this was going to be, I formatted the machine and re-installed XP, and then once at the desktop for the first time went to investigate the state of the device manager. As I’d expected, maybe half a dozen items with no drivers, most importantly of which the network card. Not expecting much, I right clicked the offending network card and selected to update driver, then selected the option for “look in this location” for the driver, and sure enough after pointing it at the correct folder on the usb key, it had installed the driver fine and the network card functioned as expected, I was pleasantly surprised! I continued down through every one of the non-functioning items, updated driver and pointed them at the relevant folder on the usb key and they each worked perfectly every time.
I must say I am quite impressed with how effortless this made the whole thing, I half expected to have to spend an hour or so checking what hardware was in the machine and hunting down drivers, but no such pain, all sorted in mere minutes. Installing the sound card driver didn’t only give me basic sound but still installed the correct surround sound management application as well, I can see no difference between having installed this way and doing so from the original CD or downloaded setup file.
If you have a machine you need to format and re-install, you should seriously consider having a look at DriverBackup before you take the final plunge and format it, it could just save you some wasted time when it comes to getting it all back up and running again!
As usual, comments and suggestions welcome.
~Shepy
Multi monitor Youtube full screen solution
Jul 11th
If you use a multi-monitor setup, then you likely already know the pain that is trying to have a Youtube video running full screen on one screen while you work, and the clicking in to any other application only for the youtube video to drop back to normal size.
Now I understand that this is an intentional ‘feature’ of Flash to prevent flash movies from taking over the full screen, pretending to be the desktop or such like (though if its a feature, why not have it configurable in settings?)
Often when I’m sitting working at the computer I like to have a video playing in the background on one of the monitors, usually some documentary or suchlike, so it is annoying not being able to have the video at full screen (as the small window is just too small to keep an eye on in peripheral vision). This has always been a niggling gripe of mine, but it has become more annoying since a move around of the monitors on my desk means its now a bit wider, so I’m relying even more on peripheral vision to see the video. Whilst unfortunately there isn’t a lot I can do about the limitations of Adobe Flash, I can at least make it so that I can easily flick any Youtube video to the maximum size of the browser window, which isn’t far off being full screen.
To that end, I’ve written a little bookmarklet that when clicked whilst viewing a youtube video page, will automatically take you to the flash only view of that video, which is by default maximised to the full size of the browser window. Not a perfect solution, but certainly a lot better than having to stick with the smaller player.
If you would like to use this bookmarklet, then just drag the link at the end of this paragraph to your bookmarks or bookmarks toolbar, and then you can click it on any Youtube video page to test it out. Youtube Max
Any comments and suggestions always welcome.
~Shepy
P.S. – Yes I know there are standalone programs you can drag Youtube links in to, but i really don’t want to have to bother with an external app.