I didn't know what did I start when I took Getting Things Done off my shelf once again... I read about 1/3 of it a few years ago and now starting from the beginning again, maybe because seeing the success other people are having with it...
What is the problem? Well, every day I spend about 6-8 hours (at least!) with computers, so the organization has to include all my "digital pockets". Yeah, right... I have two laptops, one desktop that I use occasionally, one computer at work, an Openmoko (which is also almost like a computer, sweet Linux power), 3-4 usb pens, 2 external hard drives... That's a lot of stuff to keep synchronized and organized...
And it didn't help the cause that I might have jumped into the things pretty deep right away. So, for example, the geeks we are, let's use a version control system (VCS) for our data! Okay, which one? Of the main ones, SVN, CVS are old (to me) so nope, and what's left is Git, Bazaar and Mercurial. The first is very popular, the second is getting popular, and don't know much about the third one (or any other). But if I manage my backup with version control, what about my occasional programming projects? Should it be the same/different version control? Ideally it should be the same, because it will give me less headaches, incomatibilities, less new things to learn.... But then maybe I will want to share my programming with the world, so let's check out the source code hosting sites!
Well, the two biggest ones seem to be Repo.or.cz, GitHub and Launchpad. And of course they use different VCS, Git by the first two, Bazaar by the last one... Okay, let's look at the features. GitHub is social and it has stats, and shiny but only 100MB hosting. Repo.or.cz is very-very simple and unlimited. Launchpad is unlimited, has bug-tracker, forums, feature planning, software translation.... Okay, let's see then what projects that I know uses what: Git by the Linux Kernel (of course, Linus wrote Git exactly for this purpose), Android, Cairo, HAL, D-Bus, Perl5, Samba,VLC, Fedora.... Bazaar by Exaile, MySQL, Ubuntu..... So there are more interesting things on Git (for me at least).... But, but, but....
Ah.... This start to feel like a question like whether we should go to have Japanese or Indian for dinner. Both are great, similar but not compatible, I have fav dishes in both, and they both have major fanbase who will tell you how much better one is then the other. And both of them can stain your shirt if you are careless (I have amazing ability to bork computer things)... ;)
Sooooooooooooo..... From getting organized I ended up being in a philosphical spiral without the possibility of a simple "This/That" answer in the end.... Great. Let's just choose one cuisine and have dinner already.
I started with Git, then because for a bit it looked easy (or easier). Well, very quickly it got confusing. When I modify things on two computers and try to reconcile the data, mor often then not I run into "X would be overwritten by update, cannot merge", and "Y is not uptodate (sic), cannot pull changes" and so on... Damn, I already spent a week reading documentations, and I was writing my own little notes, and still it ends up being a mess and I have to spend time to manually do things. So more learning ahead, with the danger that the more I have to learn now, the more I can potentially forget and bork later...
Also, I don't want to have a single big repository, but thematically shorted smaller ones. To sync them all manually is pretty tedious. Fortunately Google found that as well when making Android (which literally has tens of Git repos) and wrote a new program for it, called Repo. Though I think it relies on an older version of Python, and my Arch Linux is not known to be nice to keep an version but the bleeding edge (sometimes even loosing a lot of blood before getting patched - {bad} pun intended). Thus this requires a little bit more effort in setting up.
This makes Git (and as much as I checked, all current VCS) pretty much unsuitable for the laymen. For example I'd love get my girlfriend to put her SAS programming into version controlling, so she won't lose her data in the way she did a few times. Yeah, show her the Windows Git interface (she's on XP & Vista) and all she's gonna say: "Oh, kill me now..." Too bad.
So now after all this ranting, the way forward is the way back. Going back to the manuals and check the situations that now I know I will encounter, and then to the drawing board again and make up a plan (David Allen would be proud). But I won't give it up, I think having any backup is better then being completely without.
Wednesday 24 December 2008
Monday 28 July 2008
Wow, did Gmail hear me by any chance?
Just the other day I was complaining about web security, and how Gmail is almost good. Secure login but might be insecure browsing afterwards...
Today, checking my email, the Ad Bar (yeah, I actually read ads sometimes there) came up with this: Official Gmail Blog - Making security easier. I don't really think I had anything to do with the change (would be nice, though:) but the important thing is that they seem to try. Me happy.... Now stop checking those emails and get back to work....
Today, checking my email, the Ad Bar (yeah, I actually read ads sometimes there) came up with this: Official Gmail Blog - Making security easier. I don't really think I had anything to do with the change (would be nice, though:) but the important thing is that they seem to try. Me happy.... Now stop checking those emails and get back to work....
Sunday 27 July 2008
Adventures with Windows security
Windows security really drives me nuts... The whole thing. It's not that it should be easier, only it shouldn't be impossible, and this unnerving.
I had to reinstall my Windows XP recently, due to a failed hard drive. I could use a back-up but it was pretty slow recently (but no other problems), so I thought, give it a fresh start. Of course Acer didn't supply any install CDs with my computer, so let's download one from the Web and use that shiny, holographic, temper proof Windows XP(TM) serial number, attached to my laptop case with superglue (i think). Yeah, right, of course the install CD told me that it is an invalid code... So here you go, I have a code but I'm a pirate, forced to use some knock off code again from the web, and we are not at security yet....
Where I was, is a fresh new install, pulling down all he necessary software updates, new Firefox, and let's get started with digging the trenches against the invading forces...
Firewall, I need one for sure... I ended up having COMODO Firewall Pro, which is free for personal use. I had two previous generations of this program (one still on Win98, and one on the previous install), and I was glad to see, that they made some effort and it loos much better now, more logical - even if the amount of possible settings could make your head spin...
One thing was different - included "Proactive Defence". What it does is checking every single operation that any and all running software does, against some malware blocking criteria, or such. In the end, it is just prompting you 10 times a minute, that:
"XYzw.dll" is trying to use "AbCD.com" for an unidentified purpose. If you thing it is a safe operation, click authorise.
Or:
"Blabla_Nice_Program.exe" is modifying the registry entry "HKLM/Software/Run/Currentrun/OMG/BBQ/WTF/", do you authorise? Well, we no longer say, instead we say affirmative...
How would ANYONE really know what to do with EVERY program? Is it alright if "system.exe" uses "explorer"? No, what ends up being is click, to "authorise", "authorise", "authorise".... So, does it protect?
I assume not. One day into the new setup, i was no longer search Google, Yahoo or Altavista. MSN was there (but no, I'm not using that for search). The answer was always "waiting for reply". No direct going to their sites, no using the searchbar in Firefox... Gmail was working and iGoogle was there, so it must be a problem with my machine not with the tubes. Fortunately there's a Terminal Server I can log in at the office, so I can look for info on this strange behaviour. Apparently there's a trojan called Qhost, which would do something similar. Download the Symantec removal tool for Qhost - nope, nothing. Look a little bit further, use carpet bombing instead of precision sniper attack, so let's get a Spyware removal. Yeah, which one? In the end again I settled for Spybot Search&Destroy. It's pretty minimalistic, and in many corners it looks as free software would look (yeah, free once more...), but apparently it does it's job...
After 20 minutes of crunching away, it came back with the diagnosis: you have Virtumonde. "Web access may also be negatively affected. Vundo may cause many websites to be unaccessible; these websites will just hang." Yeah, exactly.... Let's remove... Done.... Wow, everything works again! Great....
So, in the aftermath I just disabled the defence feature of the firewall, as it was proven pretty useless. Kept Spybot and "immunized" my system. It does a few clever-looking tricks that could cause problem sometimes later but might work: e.g. redirecting the DNS queries for known malware websites to 127.0.0.1, which makes them unable to function. We'll see how this would work in practice. And also, I'm looking for an anti-virus program. AVG Free Edition (been there, done that), Moon Secure Antivirus (it was pretty crappy when I tried, and slowed evvvvrrrryytthinng down), Avira Antivir Workstation (going to try this one now. I think I had some years ago, but let's see what it can do nowadays).
But the whole thing is just so annoying. The Windows Registry. The Windows services and system files - when the same file does a dozen different functions, and half a dozen copies are running in the same time. When there's no way to know what's a malicious attempt, and what's a legitimate request from a software.....
If this happens on my parents computer and I have to distance-diagnose it, I'd go nuts and they wouldn't have a working system for quite a while.
Anyway, my feeling is that probably I'm more lame that I thought (come on, getting infected on the first day!!!) and that even if Linux has tens and hundreds of annoying things (subject of many future posts, probably), those annoyances now feel more manageable, more transparent, and more familiar... I'm really looking forward to the day of my complete switch, when I don't have to worry about this many firewalls/spyware/virus/malware things. I'd rather fight software bugs.....
Now, just switching off the Internet, take a book that I wanted to read for a while, and let's go outside.... maybe a computer virus infection does have a positive side....
I had to reinstall my Windows XP recently, due to a failed hard drive. I could use a back-up but it was pretty slow recently (but no other problems), so I thought, give it a fresh start. Of course Acer didn't supply any install CDs with my computer, so let's download one from the Web and use that shiny, holographic, temper proof Windows XP(TM) serial number, attached to my laptop case with superglue (i think). Yeah, right, of course the install CD told me that it is an invalid code... So here you go, I have a code but I'm a pirate, forced to use some knock off code again from the web, and we are not at security yet....
Where I was, is a fresh new install, pulling down all he necessary software updates, new Firefox, and let's get started with digging the trenches against the invading forces...
Firewall, I need one for sure... I ended up having COMODO Firewall Pro, which is free for personal use. I had two previous generations of this program (one still on Win98, and one on the previous install), and I was glad to see, that they made some effort and it loos much better now, more logical - even if the amount of possible settings could make your head spin...
One thing was different - included "Proactive Defence". What it does is checking every single operation that any and all running software does, against some malware blocking criteria, or such. In the end, it is just prompting you 10 times a minute, that:
"XYzw.dll" is trying to use "AbCD.com" for an unidentified purpose. If you thing it is a safe operation, click authorise.
Or:
"Blabla_Nice_Program.exe" is modifying the registry entry "HKLM/Software/Run/Currentrun/OMG/BBQ/WTF/", do you authorise? Well, we no longer say, instead we say affirmative...
How would ANYONE really know what to do with EVERY program? Is it alright if "system.exe" uses "explorer"? No, what ends up being is click, to "authorise", "authorise", "authorise".... So, does it protect?
I assume not. One day into the new setup, i was no longer search Google, Yahoo or Altavista. MSN was there (but no, I'm not using that for search). The answer was always "waiting for reply". No direct going to their sites, no using the searchbar in Firefox... Gmail was working and iGoogle was there, so it must be a problem with my machine not with the tubes. Fortunately there's a Terminal Server I can log in at the office, so I can look for info on this strange behaviour. Apparently there's a trojan called Qhost, which would do something similar. Download the Symantec removal tool for Qhost - nope, nothing. Look a little bit further, use carpet bombing instead of precision sniper attack, so let's get a Spyware removal. Yeah, which one? In the end again I settled for Spybot Search&Destroy. It's pretty minimalistic, and in many corners it looks as free software would look (yeah, free once more...), but apparently it does it's job...
After 20 minutes of crunching away, it came back with the diagnosis: you have Virtumonde. "Web access may also be negatively affected. Vundo may cause many websites to be unaccessible; these websites will just hang." Yeah, exactly.... Let's remove... Done.... Wow, everything works again! Great....
So, in the aftermath I just disabled the defence feature of the firewall, as it was proven pretty useless. Kept Spybot and "immunized" my system. It does a few clever-looking tricks that could cause problem sometimes later but might work: e.g. redirecting the DNS queries for known malware websites to 127.0.0.1, which makes them unable to function. We'll see how this would work in practice. And also, I'm looking for an anti-virus program. AVG Free Edition (been there, done that), Moon Secure Antivirus (it was pretty crappy when I tried, and slowed evvvvrrrryytthinng down), Avira Antivir Workstation (going to try this one now. I think I had some years ago, but let's see what it can do nowadays).
But the whole thing is just so annoying. The Windows Registry. The Windows services and system files - when the same file does a dozen different functions, and half a dozen copies are running in the same time. When there's no way to know what's a malicious attempt, and what's a legitimate request from a software.....
If this happens on my parents computer and I have to distance-diagnose it, I'd go nuts and they wouldn't have a working system for quite a while.
Anyway, my feeling is that probably I'm more lame that I thought (come on, getting infected on the first day!!!) and that even if Linux has tens and hundreds of annoying things (subject of many future posts, probably), those annoyances now feel more manageable, more transparent, and more familiar... I'm really looking forward to the day of my complete switch, when I don't have to worry about this many firewalls/spyware/virus/malware things. I'd rather fight software bugs.....
Now, just switching off the Internet, take a book that I wanted to read for a while, and let's go outside.... maybe a computer virus infection does have a positive side....
Monday 21 July 2008
Why is secure browsing so... nowhere?
Whenever I read about the Black Hat conference or Defcon (which I'd love to see one day), I was always amused, how they tried to see, whether all the participants followed (or not followed, more likely) the best practices of online security....
My favorite was the Wall of Sheep, which is basically scans for unsecured network traffic through the wireless access points, and if it finds an unencrypted login name/password combo, just posts it on a giant screen... If someone spots the info, they can pwn the careless user in a second... Is it rude? I don't think so... On the Interwebs nobody will notify you when you leak information out to people who will take advantage of it. Nobody will take your hand and tell you - hey little boy, you seemed to drop this wallet/login/credit card number.... Oh, noez, you'll only notice when it is too late....
So, since I've read about the Wall of Sheep, I wanted to make sure, I do follow a few easy steps that can make things at least a bit safer. For example using "https" instead of "http", whenever it is possible. That extra "s" stands for security, and all it does is preventing people to read my communication with the website I'm currently using.
Some sites are reasonably good, for example Gmail now seems to default to secure login page - though if I don't want someone to read my emails, i still have to manually change the current URL to "https" after login...
But some sites are pretty useless in this sense... Even take Blogger - the "https" version of the page which has all my settings, all my info, just redirects back to the unsecured page... Or this blog - just try https://clickedyclick.blogspot.com ... why does it redirect to the Google frontpage?? Is it something that the Hypertext Transfer Protocol over Secure Socket Layer cannot handle or the site owners don't care?
Or, the reason of this post, Facebook... You can have all the pages in https version, but every single link on that page will point to http.... No security y'all.... Just let everyone read your juicy messages (well, I don't have any, but those who have...)
Is even a minimal effort such as this, too much to ask? Never mind that, if I can voice my concerns to whom it may concern - but can I challenge anyone to find an appropriate feedback page on Facebook? It's like total robot call centre - Sorry sir, no human operators are in today, take it or leave it....
Well, I take it now, but not sure how long, though...
My favorite was the Wall of Sheep, which is basically scans for unsecured network traffic through the wireless access points, and if it finds an unencrypted login name/password combo, just posts it on a giant screen... If someone spots the info, they can pwn the careless user in a second... Is it rude? I don't think so... On the Interwebs nobody will notify you when you leak information out to people who will take advantage of it. Nobody will take your hand and tell you - hey little boy, you seemed to drop this wallet/login/credit card number.... Oh, noez, you'll only notice when it is too late....
So, since I've read about the Wall of Sheep, I wanted to make sure, I do follow a few easy steps that can make things at least a bit safer. For example using "https" instead of "http", whenever it is possible. That extra "s" stands for security, and all it does is preventing people to read my communication with the website I'm currently using.
Some sites are reasonably good, for example Gmail now seems to default to secure login page - though if I don't want someone to read my emails, i still have to manually change the current URL to "https" after login...
But some sites are pretty useless in this sense... Even take Blogger - the "https" version of the page which has all my settings, all my info, just redirects back to the unsecured page... Or this blog - just try https://clickedyclick.blogspot.com ... why does it redirect to the Google frontpage?? Is it something that the Hypertext Transfer Protocol over Secure Socket Layer cannot handle or the site owners don't care?
Or, the reason of this post, Facebook... You can have all the pages in https version, but every single link on that page will point to http.... No security y'all.... Just let everyone read your juicy messages (well, I don't have any, but those who have...)
Is even a minimal effort such as this, too much to ask? Never mind that, if I can voice my concerns to whom it may concern - but can I challenge anyone to find an appropriate feedback page on Facebook? It's like total robot call centre - Sorry sir, no human operators are in today, take it or leave it....
Well, I take it now, but not sure how long, though...
Thursday 17 July 2008
to start off with
Well, if so many of my friends have technical blogs, then it's maybe time for me as well... Maybe it will work, maybe it will die a fiery death (or more like it a very quiet and frozen-to-silence one). But never going to know unless I give it a try.
Not that I wouldn't have anythings to say. Loads of technologies I'm interested in... Linux, OpenStreetMap, Openmoko, XFCE, EeePC, GPS, Wikipedia... Oh, so much more.... And don't get me started on old computer games.... Mmm the sweetness of accomplished levels in Commander Keen 4 are truly comparable to finished subroutines in a homebrewed software....
Anyway, I'm just going to get my Openmoko in a week or so, that's why I started to write this. It's out for a few weeks (maybe two?) now, and I still couldn't find any proper usability review. I don't care much about the "this is how the box looks, now booting, look: pretty, it's this big, kthxbye..." sort of reviews... Want something that is useful to tell people what does it feel like, how does it behave, what is it like to use it every day as people would use it, and so on... And if I couldn't find a review that I want, better write it myself. And hope it won't suck.... ;)
Well, still a bit of waiting for that, though, and lots of technology to do in the meantime... ;)
Not that I wouldn't have anythings to say. Loads of technologies I'm interested in... Linux, OpenStreetMap, Openmoko, XFCE, EeePC, GPS, Wikipedia... Oh, so much more.... And don't get me started on old computer games.... Mmm the sweetness of accomplished levels in Commander Keen 4 are truly comparable to finished subroutines in a homebrewed software....
Anyway, I'm just going to get my Openmoko in a week or so, that's why I started to write this. It's out for a few weeks (maybe two?) now, and I still couldn't find any proper usability review. I don't care much about the "this is how the box looks, now booting, look: pretty, it's this big, kthxbye..." sort of reviews... Want something that is useful to tell people what does it feel like, how does it behave, what is it like to use it every day as people would use it, and so on... And if I couldn't find a review that I want, better write it myself. And hope it won't suck.... ;)
Well, still a bit of waiting for that, though, and lots of technology to do in the meantime... ;)
Subscribe to:
Posts (Atom)
