Many Pies

Many Pies

Friday, April 27, 2012

Public key encryption poster

Last Friday I tweeted
My Friday afternoon project is to make a poster about Public Key Encryption. I'm tired of forgetting what all the words mean.

I was wrestling with trying to get an encryption key produced by CoreFTP work with my bank. In the end I used ssh-keygen to produce the keys. However every time I have to do something with public key encryption I get frustrated because I don't really understand what's going on.

I understand the basics: you generate two keys somehow and give people your public key. Then when they want to send you something encrypted they lock it with your public key and only you can read it, by unlocking it with your private key. A better analogy is that the public key is a padlock, which can only be unlocked with the private key. Someone puts a message for you in a box, and locks it with your padlock and then only you can unlock it and send it.

However when it comes to things like "certificates" and "thumbprints" and other words like that I got lost. Also, in researching the answer to that question I got confused by things like "RSA" and "SHA". Were they different versions of the same thing or were they different things?

I looked for a poster but couldn't find anything so I drew up my own. It's probably not very clear, but the reason I'm putting it here is in case someone wanted to tidy it up and check for accuracy and so make something useful for other people.


Thursday, April 26, 2012

Visual display of tracking cookies - collusion

Thanks to the Guardian I've come across a Firefox plugin which gives you a visual display of tracking cookies. It's called Collusion. (Update 20 March 2021 It's now Lightbeam. Thanks to someone at Comparitech.com for telling me about this broken link.)

I've been vaguely aware that website were passing information to each other, as I noticed that if I visited crucial.com to look at memory then I'd see more Crucial adverts on other sites. Similarly with Dell. Then one day I found a link on a site next to an advert (unfortunately I didn't note it down) which gave more information on why I was getting these Crucial adverts. It was easy to understand and very upfront about how it used information from other sites to display relevant adverts.

Here's what you get if you visit the following sites:

  • crucial.com
  • dabs.com
  • ebay.co.uk
  • bucksfreepress.co.uk
  • guardian.co.uk
Each circle represents a site that places cookies in your browser and a line means that the site at one end placed a cookies for the site at the other end of the line.

The most circles appeared when I visited bucksfreepress.co.uk (one of the red squares with a yellow i in the middle). I guess it's a sign of a struggling industry that it has to try so hard to be clever with its advertising.

Wednesday, April 25, 2012

Getting rid of cookies on our website - Wordpress, YouTube, AddThis, Google maps

The deadline for complying with the EU Cookie law is 26 May, which is just over a month away.

Rather than get permission to use cookies on our website which would either be intrusive or ignored we've decided to not use cookies. Here's what I've found as I work through the various things that use cookies.

Wordpress Comments

The built in wordpress comments feature sets cookies so that it can remember the commenters details for next time. I commented out (no pun intended) these three lines in wp-comments-post.php. (If you upgrade and this file gets changed you'll have to repeat this.)
// setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
// setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
// setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);

Wordpress Jetpack Stats

The Wordpress jetpack plugin uses quantcast cookies (HT A. Cemal Eki). The wp-donnottrack plugin will stop this.

YouTube

When you get the YouTube embed code you can now tick the "low privacy" option. All this does is use the youtube-nocookie.com domain, so you could use that on existing iframe embed code. The SmartYoutube Wordpress plugin allows you to set an option so that this happens on all your embedded videos.

Addthis.com

For the addthis wordpress plugin go to the Advanced tab and put
{ data_use_cookies: false };
in the addthis_config values field. For an embedded button use this code:

<script type="text/javascript">
var addthis_config = { data_use_cookies: false };
</script>

This won't stop individual services, like twitter, using their own cookies, but it will stop the addthis.com cookies.

Google maps

For google maps use maps.googleapis.com rather than maps.google.com. HT barryhunter.

Tuesday, April 17, 2012

Raspberry Pi in real life and a tiny wireless access point

(Update: some people come to this page because they are searching for a Raspberry Pi which is an access point. There's info on this at the R-Pi blog.)

I went to the Gadget Show Live on Friday. I saw a real Raspberry Pi at the Centre for Computing History Stand. It was a production board, but they were also donated Beta Board #7 by an anonymous donor. More details in the forum. Their stand was near a stand for an radio controlled car company which was popular with my children, so I went over a few times. There was always a small crowd gathered around it.

I saw another neat gadget which a colleague of mine has bought - a tiny wireless access point. It can also operate in "Router, Bridge, Client and Repeater modes". The signal only covers "the average sized room", but for £15 it could easily find a number of uses, like a SAN if you plug in a USB flash drive.