Last Friday I tweeted
I was wrestling with trying to get an encryption key produced by CoreFTP work with my bank. In the end I used ssh-keygen to produce the keys. However every time I have to do something with public key encryption I get frustrated because I don't really understand what's going on.
I understand the basics: you generate two keys somehow and give people your public key. Then when they want to send you something encrypted they lock it with your public key and only you can read it, by unlocking it with your private key. A better analogy is that the public key is a padlock, which can only be unlocked with the private key. Someone puts a message for you in a box, and locks it with your padlock and then only you can unlock it and send it.
However when it comes to things like "certificates" and "thumbprints" and other words like that I got lost. Also, in researching the answer to that question I got confused by things like "RSA" and "SHA". Were they different versions of the same thing or were they different things?
I looked for a poster but couldn't find anything so I drew up my own. It's probably not very clear, but the reason I'm putting it here is in case someone wanted to tidy it up and check for accuracy and so make something useful for other people.
I have my fingers in many pies: IT/techie/charity/non profit/nptech/mission stuff. Founded 2004
Many Pies
Friday, April 27, 2012
Thursday, April 26, 2012
Visual display of tracking cookies - collusion
Thanks to the Guardian I've come across a Firefox plugin which gives you a visual display of tracking cookies. It's called Collusion. (Update 20 March 2021 It's now Lightbeam. Thanks to someone at Comparitech.com for telling me about this broken link.)
I've been vaguely aware that website were passing information to each other, as I noticed that if I visited crucial.com to look at memory then I'd see more Crucial adverts on other sites. Similarly with Dell. Then one day I found a link on a site next to an advert (unfortunately I didn't note it down) which gave more information on why I was getting these Crucial adverts. It was easy to understand and very upfront about how it used information from other sites to display relevant adverts.
Here's what you get if you visit the following sites:
The most circles appeared when I visited bucksfreepress.co.uk (one of the red squares with a yellow i in the middle). I guess it's a sign of a struggling industry that it has to try so hard to be clever with its advertising.
I've been vaguely aware that website were passing information to each other, as I noticed that if I visited crucial.com to look at memory then I'd see more Crucial adverts on other sites. Similarly with Dell. Then one day I found a link on a site next to an advert (unfortunately I didn't note it down) which gave more information on why I was getting these Crucial adverts. It was easy to understand and very upfront about how it used information from other sites to display relevant adverts.
Here's what you get if you visit the following sites:
- crucial.com
- dabs.com
- ebay.co.uk
- bucksfreepress.co.uk
- guardian.co.uk
The most circles appeared when I visited bucksfreepress.co.uk (one of the red squares with a yellow i in the middle). I guess it's a sign of a struggling industry that it has to try so hard to be clever with its advertising.
Labels:
data protection,
web
Wednesday, April 25, 2012
Getting rid of cookies on our website - Wordpress, YouTube, AddThis, Google maps
The deadline for complying with the EU Cookie law is 26 May, which is just over a month away.
Rather than get permission to use cookies on our website which would either be intrusive or ignored we've decided to not use cookies. Here's what I've found as I work through the various things that use cookies.
{ data_use_cookies: false };
in the addthis_config values field. For an embedded button use this code:
<script type="text/javascript">
var addthis_config = { data_use_cookies: false };
</script>
This won't stop individual services, like twitter, using their own cookies, but it will stop the addthis.com cookies.
Rather than get permission to use cookies on our website which would either be intrusive or ignored we've decided to not use cookies. Here's what I've found as I work through the various things that use cookies.
Wordpress Comments
The built in wordpress comments feature sets cookies so that it can remember the commenters details for next time. I commented out (no pun intended) these three lines in wp-comments-post.php. (If you upgrade and this file gets changed you'll have to repeat this.)
// setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
// setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
// setcookie('comment_author_url_' . COOKIEHASH, esc_url($comment->comment_author_url), time() + $comment_cookie_lifetime, COOKIEPATH, COOKIE_DOMAIN);
Wordpress Jetpack Stats
The Wordpress jetpack plugin uses quantcast cookies (HT A. Cemal Eki). The wp-donnottrack plugin will stop this.YouTube
When you get the YouTube embed code you can now tick the "low privacy" option. All this does is use the youtube-nocookie.com domain, so you could use that on existing iframe embed code. The SmartYoutube Wordpress plugin allows you to set an option so that this happens on all your embedded videos.Addthis.com
For the addthis wordpress plugin go to the Advanced tab and put{ data_use_cookies: false };
in the addthis_config values field. For an embedded button use this code:
<script type="text/javascript">
var addthis_config = { data_use_cookies: false };
</script>
This won't stop individual services, like twitter, using their own cookies, but it will stop the addthis.com cookies.
Google maps
For google maps use maps.googleapis.com rather than maps.google.com. HT barryhunter.
Labels:
data protection,
web
Tuesday, April 17, 2012
Raspberry Pi in real life and a tiny wireless access point
(Update: some people come to this page because they are searching for a Raspberry Pi which is an access point. There's info on this at the R-Pi blog.)
I went to the Gadget Show Live on Friday. I saw a real Raspberry Pi at the Centre for Computing History Stand. It was a production board, but they were also donated Beta Board #7 by an anonymous donor. More details in the forum. Their stand was near a stand for an radio controlled car company which was popular with my children, so I went over a few times. There was always a small crowd gathered around it.
I saw another neat gadget which a colleague of mine has bought - a tiny wireless access point. It can also operate in "Router, Bridge, Client and Repeater modes". The signal only covers "the average sized room", but for £15 it could easily find a number of uses, like a SAN if you plug in a USB flash drive.
I went to the Gadget Show Live on Friday. I saw a real Raspberry Pi at the Centre for Computing History Stand. It was a production board, but they were also donated Beta Board #7 by an anonymous donor. More details in the forum. Their stand was near a stand for an radio controlled car company which was popular with my children, so I went over a few times. There was always a small crowd gathered around it.
I saw another neat gadget which a colleague of mine has bought - a tiny wireless access point. It can also operate in "Router, Bridge, Client and Repeater modes". The signal only covers "the average sized room", but for £15 it could easily find a number of uses, like a SAN if you plug in a USB flash drive.
Labels:
RaspberryPi
Subscribe to:
Posts (Atom)