Engadget has a nice piece on some Georgia Tech students who built a digitally assisted pool table using a webcam, an LCD projector, and computer vision techniques. Cool idea. Would have been even cooler if they would have implemented some sort of vision based UI system where you could ask the program to compute a shot for you (targetting how to get a certain ball in the pocket or something). Regardless, good job guys!
Archive for the ‘Technical’ Category
Digitally Assisted Billiards
Saturday, December 13th, 2008Passwords in the Clear
Wednesday, November 19th, 2008I recently made a purchase on MacUpdate and as part of the purchase I was required to setup an account with them (username, password, etc.). Annoying, but all well and good until I received both my username AND PASSWORD in the clear from them in the same confirmation email.
For most people, the reasons that this is very bad should be obvious, but for those for whom it’s not, here are a couple reasons why this is not good.
First, both my username and password were sent unencrypted across unsecured mail relays. At the very least, they should never be included in the same email as this would require a potential attacker to put together several pieces of communication to get all information needed. Regardless, user created passwords should NEVER be sent to a user, as they very well could be used for other things. If you must send the user a password, it should only be a randomly generated password to which the account has been reset. It would be best if this randomly generated password had an automatic expiration if the user did not go in and change it to something personal in the site.
The second, and perhaps less obvious implication, is that the fact that you can send me my own password tells me that you are either storing my password in your database unencrypted or with reversible encryption. Again, this is a bad idea. (I confirmed that they didn’t just send the password from the initial form by requesting my password be sent to me after the initial registration.) You should always store a password using one-way encryption (a hash) and then validate login attempts by taking the supplied password applying the same encryption to it, and comparing the result to the stored, encrypted password. This has the benefit of preventing an attacker from obtaining the actual passwords from your system in the event that you are compromised.
This isn’t even getting in to more advanced ideas for securing pages (not having the username/password fields on the same page for example), but rather just the very basics of not throwing sensitive information out into the network.
Anyway, needless to say, I was very annoyed at all this and sent them an email criticizing their security practices. I also asked them to remove my information from their systems as this is likely an indication of their security practices in general. Anyone who has done business with them in the past may wish to consider doing the same thing.
Determining which Process is Locking a File
Monday, November 3rd, 2008If you’re like me, every so often when working on Windows you get a message similar to the following:
(So the google can index this: “Cannot delete X: It is being used by another person or program. Close any programs that might be using the file and try again”)
You are trying to move or delete a file and some other program has it locked. Of course, Windows isn’t nice enough to tell you which program has it locked, so the process becomes one of experimental elimination. Try closing program after program until the file frees up, or if that doesn’t work, reboot the system and try again before starting any programs.
After this had happened to me several times in the same day, I got fed up and finally did a little research about tools that can give you some more useful information when this happens. This Google groups discussion gave some good resources that can be used to help out. The first option is one of the Sysinternals tools that was acquired by Microsoft. That tool chain can give you all sorts of great information, including which processes are holding which files.
The downside of Sysinternals is it’s a bit like killing a fly with a sledge hammer. Another alternative is the simple and elegant (yet slightly ghetto-sounding moniker) Who Lock Me. This tool adds an entry to the context menu in Windows Explorer that quite literally says “Who Lock Me”, and by clicking this entry it will list program(s) that are locking the file. I can’t vouch for the legitimacy of the tool. The website looks a little sketchy, but I have installed it on one virtual machine with no perceived ill-effects, and it did do what it advertised, so it seems to work. At least it tells you what Windows refuses to.
UPDATE:
I came across a site for an alternative to WhoLockMe, UnLocker that also listed alternatives of similar tools. Below is a list of the tools linked from the aforementioned page.
Creating ISO images from CD in OSX
Sunday, October 14th, 2007The .dmg image format is great. But when you want to play nice with the Windows world, sometimes an ISO is just easier. Here is a quick set of instructions for creating ISOs from the command line using dd. A great quick reference to have.
Outlook Cannot Merge Contacts
Tuesday, October 2nd, 2007Outlook is a professional-grade messaging tool, right? So one might be able to imagine where with the thousands of contacts people accumulate, they might get into a situation where they enter a person’s data into two separate contacts. Now, one might think that there would be an option to merge two contacts into one (I mean, the Microsoft CRM has that feature, Plaxo has that feature, heck event the not “professional” OS X Address Book has that feature built in).
But no.
There are plugins that can help you eliminate duplicates contacts, but nothing that I can find built into Outlook 2007 natively. Oh, to dream…
Scaling down an image? Get rid of the irrelevant stuff
Wednesday, August 22nd, 2007Found this interesting video on College Humor by way of Digg. Not your usual College Humor fodder; this describes a method for re-targetting images by removing the least relevant part. Very interesting.
UPDATE: The creator of this technology has joined Adobe. Good for him (and for the people who will get to use his technology). I really wish it wasn’t Adobe, though, their software is crappy.
Free Desktop Design Programs
Saturday, July 28th, 2007While I’m on the topic of posting links to free software, here is a listing of a bunch of free graphics/design program. Everything from Illustrator alternatives to 3D modeling software. I forget if I found this on Digg or Lifehacker a few days ago.
Keep Your Computer Awake
Friday, July 27th, 2007Found a great little utility today on Lifehacker. This Mac utility just keeps your computer from going to sleep, dimming the screen, starting the screen saver, etc. Useful for when your showing pictures or non-full screen movies and such.
This reminds me, lifehacker also had a link to another mac utility that lets you combine multiple PDFs into one. Sure you could do this with Adobe bloatware, but if you like avoiding crappy products, then this might be a simple, better alternative.
C# Coding Standards
Saturday, April 7th, 2007If your coding C# here is a good listing of coding standards for the language.
Software Registration Keys
Saturday, April 7th, 2007This is really cool. 1Passwd has developed a drag and drop graphical software license key. You receive the key via email or on the web, and then drag it to your application. It avoids having you type in random letters and numbers, and the software developer can put as much information as they want in the key. I haven’t read the details of the technology, but they could be using steganography to encode information in the images. This doesn’t really change the fundamental problems of software license keys (such as forcing them to be only used on one computer), but it does make the process more user friendly.