Stimulating Pixels

When I first started using gmail, there wasn’t a setting to secure it, but you could do it manually by changing the first “http://” part of an address to “https://”. Now, Google has a setting that you can do this with and enforce it. Under “Settings” look for “Browser connection:” and make sure it’s set to “Always use https”.

If you use Gmail, you should check this now. Like, right now.

It’s always been possible for people to easily get into your account if you don’t use the encryption, but now someone is about to release a tool to the public that does it automatically.

Computer security can be complicated, but this is a VERY easy fix now that google has provided the setting. Make sure you take advantage of it.

George Orwell’s diary is being transposed to a blog with each entry being posted seventy years after the original. That’s just cool.

Here’s the internal entry about what’s going on and here’s the blog itself to follow. A few days ago, it seems the men caught a snake.

Several people I know use e-mail like it is instant messenger. They keep it open all day and read every e-mail as it comes in. For me, this is horrible for productivity. Constantly changing gears from working on something to dealing with other things means I’m unlikely to make any real progress on a project. So, I only check e-mail a few times a day. People I work with know this so I’ve set the expectation. With a follow-up point that if there is something that needs to be dealt with urgently, they shouldn’t e-mail me. Shoot me an instant message or call me.

One of the key reasons I treat e-mail like this is that in order to make progress on anything other than the smallest of projects, I need blocks of uninterrupted time. There is a nice three part entry over at 43 Folders that is right in line with my thinking on this type of stuff. From the introduction:

“Making Time to Make” is a 3-part series about attention management for people who do creative work. It’s designed to help you firewall the time and attention you need to get out of the lite communication business and into your studio.

For me, one long block of time is much better than two or more smaller blocks even if they add up to the same (or possibly greater) amount of time. The first part of the series has a quote from Neal Stephenson who shares the idea:

Writing novels is hard, and requires vast, unbroken slabs of time. Four quiet hours is a resource that I can put to good use. Two slabs of time, each two hours long, might add up to the same four hours, but are not nearly as productive as an unbroken four. If I know that I am going to be interrupted, I can’t concentrate, and if I suspect that I might be interrupted, I can’t do anything at all. Likewise, several consecutive days with four-hour time-slabs in them give me a stretch of time in which I can write a decent book chapter, but the same number of hours spread out across a few weeks, with interruptions in between them, are nearly useless.

My favorite quote comes from the second part. “Put plainer, my sense is that western culture would be a damn sight poorer today if John Lennon had been forced to carry a goddamn BlackBerry.” If you create things, it’s well worth the read.

Making Time to Make – Part 1
Making Time to Make – Part 2
Making Time to Make – Part 3

This is an amazing use of software and public images to create something new in the world. I saw a video with the original version of this some time ago and was very impressed then, but the secondary controls they have added now are even better.

Very Cool

Two web tools that can help things out:

Fiddler – a web debugging proxy for Windows. It’s one of the Microsoft “PowerToys”. You can read more about it here.

I.E. Developer Toolbar – adds developer functions to I.E.

I haven’t had a chance to check these out yet, but both look very useful if you do web development and need to see how things go on a windows box.

As more and more of us become electronic cyborgs (via pacemakers, internal drug delivery systems, etc…) the potential for detrimental hacking of those devices increases as well. See, for example, this story found via boingboing about researchers who have figured out how to hack into a pacemaker and shut it down via remote control.

I can see this being part of a plot to a movie. Some political leader dies and they think his pacemaker just gave out, but it was really an assassination. Of course, there is frightening real world potential for this.

An excellent friend, who happens to be in Japan right now, was the first one to tell me that you can generally tell how good a book is going to be simply by reading the first sentence. I just picked up “Ender’s Game” by Orson Scott Card, which starts:

“I’ve watched through his eyes, I’ve listened through his ears, and I tell you he’s the one. Or at least as close as we’re going to get.”

Solid first by itself. Taken along with the tension created by the second (and I think it’s fair to take the two together) I judge it a strong open.

(Incidentally, I haven’t actually read the Wikipedia page on the book. Since I’m starting the book, that would seem to be self defeating. I’ll the Wiki entry out after I’m finished with the original text.)

I’ve written before about how WordPress doesn’t really have a way to allow you to put administration tools in a secure location unless you do the same thing with the entire blog. This concerns me since I’m often on a wireless network that is open and not mine. Say, for example, at a book store with free wireless. While surfing on an open wireless network is generally pretty benign, sending any username/password across it without them being secure/encrypted makes it very easy to steal them.

I’ve hunted around a few times before, but had never really found a good solution. While doing some work on my site, I decided to try again and this time came up with “Admin-SSL“. It’s a plug-in someone wrote for WordPress that allows you to move all the “admin” stuff to a secure location. Something that isn’t possible with the default install of WordPress (where you are either all secure or all open).

There are two examples of the power and benefit of open-source software with this plug-in. First off is the basic fact that WordPress is open which allowed for the plug-in to be created in the first place. While this isn’t limited to open source software, it’s a big help.

Second, when I installed the plug-in on my site, it didn’t work properly. Some of the software that runs my site is different where the plug-in was originally created. However, since I could look at the source code, I was able to find a fix that works and allows me to use the it. To contribute back to the overall community a little, I’ve sent a note back to the original author explaining what I ran into and how I fixed it. This gives him the opportunity to let other people know about the issue and a way to fix it. Possibly even creating a specific fix for the issue in the next version.

Stop reading…. unless you are a web geek and/or are specifically looking for a fix for Admin-SSL on version 1.3 of the Apache web server. Below are the details of the fix that works for me. YMMV.

First, the short and sweet fix to try:

When you configure Admin-SSL (at least version 1.1) on a server running Apache 1.3, under the “Other Settings” category and the “HTTPS Detection” section

change: “The name of the HTTPS $_SERVER variable”
to: “SERVER_PORT” (without the quotes)

and change: “The value of the HTTPS $_SERVER variable when HTTPS is ON”
to: “443″ (again, without the quotes)

Now some details. Admin-SSL uses the predefined $_SERVER['HTTPS'] php variable to check for secure connections while pattern matching to see if it should redirect a page to a protected URL. While this variable is available in Apache 2.x it is not in the Apache 1.3.x versions of the server.

See the list of “specials” under the “RewriteCond Directive” for reference:
Apache 2.x – http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond
Apache 1.3 – http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html#RewriteCond

You can use an existing feature in the Admin-SSL configuration (described above) to get around this limitation assuming the port that your host uses for SSL is different from. Usually, SSL is set to run on port “443″. If your provider uses a different port, you can simply use that instead. The only exception to this is if you have a host that runs both HTTP and HTTPS over the same port. In that case, there is no way to tell the difference in the script using the above method.

All this, of course, assumes that your host provides you with a way to access your site via HTTPS with either a private or shared cert. A general practice is for them to setup URLS like:

“https://www.your-site.com/~your-username/” that would simply give you a secure version of “http://www.your-side.com/”. If you don’t see a colon followed by a number after the .com, you should be running on 443. If you see something like “https://www.your-site.com:1234/~your-username/”, that means that your host is running HTTPS on port “1234″, or whatever the number there is. That’s the number you would want to configure.

If, for some strange reason, that number is “80″, you’re going to have to fins another solution, because that’s the standard port for web traffic which means the script wouldn’t be able to tell the difference.

If you have CD audio books that you want to convert over to play on your iPod, this page has instructions for doing just that.

I haven’t tried it yet, but want to make sure I’ve got the link ready to go when I do. In the past, I have just made MP3s and done a play list. This is fine as long as you listen straight through, but if you stop and listen to something else, you loose your place and have to find it again which can be really tricky. When the files are identified as being part of an audiobook, they are speced to maintain internal bookmarks. So, even if you leave it and listen to something else, when you come back, it’ll pick up where you left off.

Here’s a page that has notes on importing directly from a CD instead of from existing MP3s.

So, the theory behind “permalinks” is that they are supposed to stay the same. I’m breaking the rules and changing mine. The good news is that because of the way Wordpress is built, links to the old addresses won’t break.

Originally, when I set them up, the format was: /blog/[year]/[month]/[day]/[post-title]. I’m removing the [day] because it’s overkill. When looking at a web page address, it’s nice to see the year and month the page was created, but there isn’t a whole lot of reason to for the day to be there.

The developers who built WordPress included a very nice feature that handles these changes smoothly. Bacially, if it sees requests for the old style address (which would potentially be coming in from other sites), it automatically redirects them to the new location. So, if an incoming link is pointing to something like this:

http://www.stimulatingpixels.com/blog/2008/07/29/no-idea/

WordPress will see it and automatically change it to remove the now extranious “/29″ part. This is a great example of a good software design. If this wasn’t handled and the format for the permalinks was changed, any links to the old format would immediately be broken. The user of the software shouldn’t have to worry about stuff like that, and because WordPress developers thought about and designed for this, the user doesn’t have to. It just works without really thinking about it.

Another nice example of good software design is that if you remove the post-title from the address (e.g. http://www.stimulatingpixels.com/blog/2008/07/) you’ll get a list of all the articles that were posted in the corresponding month. Once again, very well thought out.

Kudos to the WordPress team.